Lesson 15: Creating and Managing Active Directory Group and OUs Flashcards

1
Q

Within a domain, what is the primary hierarchical building block?

A

OU - Organizational Unit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Unlike Domains, it’s easy to ____ an OU

A

Rename
Move them from one domain to anither
Create new ones

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

When you assign group policy settings to a domain, subdomains ____

A

Do not inherit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

When you assign group policy settings to an OU, leaf objects _____

A

Inherit

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Only 3 reasons you should create an OU

A

Duplicating organizational divisions
Assigning Group Policy Settings
Delegating administration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

OU hierarchy should be an extension of ___

A

The hierarchy you selected for the domain structure.
Example: If you have domains and subdomains based on geographic region, the OUs should exist for offices within the region, or depts within offices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Reason for an OU: Assigning Group Policy Settings

A

Easy way to assign group policy to a single demographic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Reason for an OU: Delegating Administration

A

Giving single individuals admin responsibility of a single OU without granting admin access to the entire domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Every OU should have at least ____ administrators

A
  1. In case one person gets locked out
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

MSFT recommends no more than ___ layers of OUs

A

10

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Use ____ to grant permission to a network resource

A

Group objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Group objects aren’t like OUs in that

A

Any user / PC can be added to a group, spanning OUs and even domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Strategy for using groups to assign permissions

A

Create a network resource group with all the permissions required for a resource.

Create a network user group will all the members.

Make the user group a member of the resource group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Global Groups versus Universal Groups

A

Universal groups add more data to the global catalog, increasing the amount of replication traffic between sites.

Single site domains can get away with using all universal groups

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a downside of multiple OU levels

A

Too many levels can slow response time to resource requests and complicate the application of Group Policy settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the only OU that exists immediately after installing server 2012?

A

The Domain Controller’s OU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Groups are used for assigning _____, whereas OUs are used for organizing resources and delegating ____

A

access permissions

permissions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority is ___

A

OUs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Two advantages of delegating authority via OUs

A

Minimum umber of admins with global permissions

Limited scope of errors – if something goes wrong, it goes wrong for just that OU

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

When a user logs on to a network, an ____ is created that identifies the user and all the user’s group memberships

A

Access Token

21
Q

What does a user need to do for new settings to apply after you add her to a group? Why?

A

Log off and log back in.

The access token that defines rights is created when you log in

22
Q

Group Nesting

A

Making groups members of other groups

23
Q

2 group types

A

distribution

security

24
Q

Distribution groups

A

Nonsecurity-related groups created for the distribution of info (email) to one or more folks

25
Q

Security groups

A

Security-related created for granting resource access permissions to multiple users

26
Q

3 group scopes

A

Domain Local
Global
Universal

27
Q

Domain Local scope can have what as members?

A
User accounts
computer accounts
global groups from any domain in the forest
Universal groups
Domain local groups from the same domain
28
Q

Domain local groups

A

Used to assign permissions to resources in the same domain as the domain local group

29
Q

Global groups

A

Used to grant or deny permisions to any resource located in any domain in that forest.

30
Q

What objects can be contained in a global group?

A

User accounts
computer accounts
other global groups from the same domain

31
Q

Universal Groups

A

Used to grant or deny permissions to users or groups that span multiple domains or span an entire forest.

32
Q

What objects can be contained in a universal group

A

User accounts
computer accounts
global groups from any domain in the forest
other universal groups

33
Q

Special Identities

A

Dynamic placeholders on an ACL that change depending on who’s logged in.

34
Q

Special Identity: Anonymous Logon

A

Users who connected to the computer without authenticating

35
Q

Special Identity: Authenticated Users

A

All users with a valid local or domain user account. Does not include the guest user.

36
Q

Special Identity: Batch

A

Includes all users who are currently logged on through a batch facility like a task scheduler job

37
Q

Special Identity: Creater Group

A

Includes the users who created or took ownership of the resource in question

38
Q

Special Identity: Creator Owner

A

Includes the users who created or took ownership of a user

39
Q

Special Identity: Dialup

A

Users who are currently logged on through a dial-up connection

40
Q

Special Identity: Digest Authentication

A

All users who have authenticated using digest authentication

41
Q

Special Identity: Enterprise Domain Controllers

A

All domain controllers in the forest

42
Q

Special Identity: Everyone

A

All authenticated users plus the guest user account. Does not include anonymous login

43
Q

Special Identity: Interactive

A

Includes all users who are currently logged on locally or through RDP

44
Q

Special Identity: Network

A

Includes users who are logged on through a network connection (as oppose to Special Identity: Interactive)

45
Q

Special Identity: Remote Desktop Users

A

All users who are currently logged on to the system using an RDS terminal server

46
Q

Special Identity: Remote Interactive Logon

A

All users who log onto a computer using a Remote Desktop connection session.

47
Q

Special Identity: Self

A

Current user

48
Q

Special Identity: Service

A

All security principal that have logged on as a service