Lesson 13: Installing Domain Controllers Flashcards
AD DS
Active Directory Domain Services
Enables you to create organizational divisions called domains.
Domain
Logical container of network componenets, hosted by at least one server
Domain controller
Hosts a container of network componenets. Replicate data among other DCs for fault tolerance and load-balancing purposes.
Authentication
Process of verifying a user’s identity
Authorization
Process of granting users access only to the resources they are permitted to use
AD DS domain is ____
Hierarchical
Domains consist of ____, which represent
Objects, which represent logical or physical resources
Two classes of objects
Container
Leaf
Container objects
Has objects subordinate to it
Leaf Objects
No subordinate objects
What type of object is the domain itself?
A container object
Examples of a leaf object
Users
computers
groups
applications
Examples of a container object
domain
organizational units
Directory Schema
Defines an object’s place in the directory tree, the type of data that each attribute an store
AD DS scheme elements are extensible, meaning ___
Applications can add their own object types to the directory or add attributes to existing object types
Organizational Unit (OU)
Container unit that functions in a subordinate capacity to a domain, like subdomain without a complete separation of security policies
OUs can contain ___
Other OUs as well as leaf objects
Groups versus OUs
Group membership can span organizational units and, sometimes, domains
What is above a domain in a domain tree?
Forests.
Also you can have multiple subdomains within a single domain. Those subdomains are treated separately in AD DS
Inheritence differences between subdomains and OUs
OUs inherit permissions and policies from their parent domains.
Subdomains do not
How do you join together two non-contiguous domains?
Non-contiguous domains cannot be two branches of the same tree, but they can be two trees in the same forest.
Forest
One or more separate domain trees with the same two-way trust relationships as two domains in the same tree
Global Catalog
Lists all objects in the forest with a subset of their attributes, so that domain controllers that may administrate a small section of the forest can still locate other objects
Why is it important to be able to specify a functional level of a DC forest
Each AD DS version has features not supported by the previous version. Since you may mix old and new features, it’s important to tell newer versions not to enable newer features
