Lesson 15: Creating and Managing Active Directory Group and OUs

Question 1

Within a domain, what is the primary hierarchical building block?

Answer 1

OU - Organizational Unit

Question 2

Unlike Domains, it’s easy to ____ an OU

Answer 2

Rename
Move them from one domain to anither
Create new ones

Question 3

When you assign group policy settings to a domain, subdomains ____

Answer 3

Do not inherit

Question 4

When you assign group policy settings to an OU, leaf objects _____

Answer 4

Inherit

Question 5

Only 3 reasons you should create an OU

Answer 5

Duplicating organizational divisions
Assigning Group Policy Settings
Delegating administration

Question 6

OU hierarchy should be an extension of ___

Answer 6

The hierarchy you selected for the domain structure.
Example: If you have domains and subdomains based on geographic region, the OUs should exist for offices within the region, or depts within offices.

Question 7

Reason for an OU: Assigning Group Policy Settings

Answer 7

Easy way to assign group policy to a single demographic

Question 8

Reason for an OU: Delegating Administration

Answer 8

Giving single individuals admin responsibility of a single OU without granting admin access to the entire domain

Question 9

Every OU should have at least ____ administrators

Answer 9

2. In case one person gets locked out

Question 10

MSFT recommends no more than ___ layers of OUs

Answer 10

10

Question 11

Use ____ to grant permission to a network resource

Answer 11

Group objects

Question 12

Group objects aren’t like OUs in that

Answer 12

Any user / PC can be added to a group, spanning OUs and even domains

Question 13

Strategy for using groups to assign permissions

Answer 13

Create a network resource group with all the permissions required for a resource.

Create a network user group will all the members.

Make the user group a member of the resource group.

Question 14

Global Groups versus Universal Groups

Answer 14

Universal groups add more data to the global catalog, increasing the amount of replication traffic between sites.

Single site domains can get away with using all universal groups

Question 15

What is a downside of multiple OU levels

Answer 15

Too many levels can slow response time to resource requests and complicate the application of Group Policy settings.

Question 16

What is the only OU that exists immediately after installing server 2012?

Answer 16

The Domain Controller’s OU

Question 17

Groups are used for assigning _____, whereas OUs are used for organizing resources and delegating ____

Answer 17

access permissions

permissions

Question 18

the smallest scope or unit to which you can assign Group Policy settings or delegate administrative authority is ___

Answer 18

OUs

Question 19

Two advantages of delegating authority via OUs

Answer 19

Minimum umber of admins with global permissions

Limited scope of errors – if something goes wrong, it goes wrong for just that OU

Question 20

When a user logs on to a network, an ____ is created that identifies the user and all the user’s group memberships

Answer 20

Access Token

Question 21

What does a user need to do for new settings to apply after you add her to a group? Why?

Answer 21

Log off and log back in.

The access token that defines rights is created when you log in

Question 22

Group Nesting

Answer 22

Making groups members of other groups

Question 23

2 group types

Answer 23

distribution

security

Question 24

Distribution groups

Answer 24

Nonsecurity-related groups created for the distribution of info (email) to one or more folks

Question 25

Security groups

Answer 25

Security-related created for granting resource access permissions to multiple users

Question 26

3 group scopes

Answer 26

Domain Local
Global
Universal

Question 27

Domain Local scope can have what as members?

Answer 27

User accounts
computer accounts
global groups from any domain in the forest
Universal groups
Domain local groups from the same domain

Question 28

Domain local groups

Answer 28

Used to assign permissions to resources in the same domain as the domain local group

Question 29

Global groups

Answer 29

Used to grant or deny permisions to any resource located in any domain in that forest.

Question 30

What objects can be contained in a global group?

Answer 30

User accounts
computer accounts
other global groups from the same domain

Question 31

Universal Groups

Answer 31

Used to grant or deny permissions to users or groups that span multiple domains or span an entire forest.

Question 32

What objects can be contained in a universal group

Answer 32

User accounts
computer accounts
global groups from any domain in the forest
other universal groups

Question 33

Special Identities

Answer 33

Dynamic placeholders on an ACL that change depending on who’s logged in.

Question 34

Special Identity: Anonymous Logon

Answer 34

Users who connected to the computer without authenticating

Question 35

Special Identity: Authenticated Users

Answer 35

All users with a valid local or domain user account. Does not include the guest user.

Question 36

Special Identity: Batch

Answer 36

Includes all users who are currently logged on through a batch facility like a task scheduler job

Question 37

Special Identity: Creater Group

Answer 37

Includes the users who created or took ownership of the resource in question

Question 38

Special Identity: Creator Owner

Answer 38

Includes the users who created or took ownership of a user

Question 39

Special Identity: Dialup

Answer 39

Users who are currently logged on through a dial-up connection

Question 40

Special Identity: Digest Authentication

Answer 40

All users who have authenticated using digest authentication

Question 41

Special Identity: Enterprise Domain Controllers

Answer 41

All domain controllers in the forest

Question 42

Special Identity: Everyone

Answer 42

All authenticated users plus the guest user account. Does not include anonymous login

Question 43

Special Identity: Interactive

Answer 43

Includes all users who are currently logged on locally or through RDP

Question 44

Special Identity: Network

Answer 44

Includes users who are logged on through a network connection (as oppose to Special Identity: Interactive)

Question 45

Special Identity: Remote Desktop Users

Answer 45

All users who are currently logged on to the system using an RDS terminal server

Question 46

Special Identity: Remote Interactive Logon

Answer 46

All users who log onto a computer using a Remote Desktop connection session.

Question 47

Special Identity: Self

Answer 47

Current user

Question 48

Special Identity: Service

Answer 48

All security principal that have logged on as a service