Lesson 15: Creating and Managing Active Directory Group and OUs Flashcards
Within a domain, what is the primary hierarchical building block?
OU - Organizational Unit
Unlike Domains, it’s easy to ____ an OU
Rename
Move them from one domain to anither
Create new ones
When you assign group policy settings to a domain, subdomains ____
Do not inherit
When you assign group policy settings to an OU, leaf objects _____
Inherit
Only 3 reasons you should create an OU
Duplicating organizational divisions
Assigning Group Policy Settings
Delegating administration
OU hierarchy should be an extension of ___
The hierarchy you selected for the domain structure.
Example: If you have domains and subdomains based on geographic region, the OUs should exist for offices within the region, or depts within offices.
Reason for an OU: Assigning Group Policy Settings
Easy way to assign group policy to a single demographic
Reason for an OU: Delegating Administration
Giving single individuals admin responsibility of a single OU without granting admin access to the entire domain
Every OU should have at least ____ administrators
- In case one person gets locked out
MSFT recommends no more than ___ layers of OUs
10
Use ____ to grant permission to a network resource
Group objects
Group objects aren’t like OUs in that
Any user / PC can be added to a group, spanning OUs and even domains
Strategy for using groups to assign permissions
Create a network resource group with all the permissions required for a resource.
Create a network user group will all the members.
Make the user group a member of the resource group.
Global Groups versus Universal Groups
Universal groups add more data to the global catalog, increasing the amount of replication traffic between sites.
Single site domains can get away with using all universal groups
What is a downside of multiple OU levels
Too many levels can slow response time to resource requests and complicate the application of Group Policy settings.
What is the only OU that exists immediately after installing server 2012?
The Domain Controller’s OU
Groups are used for assigning _____, whereas OUs are used for organizing resources and delegating ____
access permissions
permissions
the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority is ___
OUs
Two advantages of delegating authority via OUs
Minimum umber of admins with global permissions
Limited scope of errors – if something goes wrong, it goes wrong for just that OU