Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

MCSA 70-411 - Global Knowledge > Maintaining AD DS > Flashcards

Maintaining AD DS Flashcards

1
Q

What are the two ways to enable the Active Directory Recycle Bin?

A
  1. ADAC (Active Directory Administrative Center)
    • Select the Domain
    • Click Enable Recycle Bin
    • Click Okay
  2. PowerShell
    • Enable-ADOptionalFeature -Identity ‘CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=contoso,DC=com’ -Scope ForestOrConfigurationSet -Target <domain>
      </domain><p> </p></domain>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where do Password Setting Objects Live?

A

System -> Password Settings Container

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q
  1. Can you view PSO (Password Setting Objects) in Active Directory Users and Computers?
  2. Where can you create a PSO?
A
  1. Yes
  2. ADSI Edit and ADAC (Active Directory Administrative Center)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do PSO apply?

What happens if there are no PSOs?

A
  • A PSO that is linked directly to the user object takes predence
  • If no PSO is linked directly to the user object, then PSO linked via gloabl group membership are evaluated. The PSO with the lowest precedence value is applied.
  • If no PSO is obtained from conditions (1) and (2), the Default Domain Policy is applied.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What two PowerShell cmdlets do you need to run to create a PSO and apply it to a group?

(Note: You do not need to give the parameters just the cmdlets)

A
  1. New-ADFineGrainedPasswordPolicy
  2. Add-ADFineGrainedPasswordPolicySubject

Example:

  • New-ADFineGrainedPasswordPolicy TestPswd -ComplexityEnabled:$true -LockoutDuration:”00:30:00” -LockoutObservationWindow:”00:30:00” -LockoutThreshold:”0” -MaxPasswordAge:”42.00:00:00” -MinPasswordAge:”1.00:00:00” -MinPasswordLength:”7” -PasswordHistoryCount:”24” -Precedence:”1” -ReversibleEncryptionEnabled:$false -ProtectedFromAccidentalDeletion:$true
  • Add-ADFineGrainedPasswordPolicySubject TestPswd -Subjects group1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How do you set up a RODC?

A
  1. Open ADUC (AD Users and Computers) or ADAC (Active Directory Administrative Center)
  2. Select the Domain Controller OU
  3. Right-Click, Select Pre-Create Read-only Domain Controller Account..
  4. Enter the Computer Name
  5. Select Additional Options
    1. DNS Server
    2. Global catalog
  6. Select a Group or user for administration (if desired)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
  1. How would you change who the user or group Administer of an RODC Server?
  2. How do you set up a password to be replicated to an RODC?
  3. How do you block a password from being replicated to an RODC?
A
  1. Right-Click the computer policy, Select Properties
    • On the Managed By tab
    • Click Change and select a new user or group
  2. Right-Click the computer policy, Select Properties
    • On the Password Replication Policy tab
    • Click Add, Select to allow passwords for the account to replicate to this RODC, click ok
    • Select a user or group
  3. Right-Click the computer policy, Select Properties
    • On the Password Replication Policy tab
    • Click Add, Select to deny passwords for the account to replicate to this RODC, click ok
    • Select a user or group
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do users passwords get replicated/cached to the RODC ?

A

They are apart of a group that is replicating their password to the RODC and are not in a Deny group.

The groups that allow and deny password replication is on the Read-Only DC Computer Object on the Password Replication Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the requirements for Cloning a DC?

A
  • PDC emulator FSMO role hosted on a Windows Server 2012 DC
  • PDC emulator available during cloning operations
  • Virtualization host platform supports VM-Generation ID (VMGID)
  • at least Windows Server 2012 Server to clone from
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How do you create a Clone fo a DC?

A
  1. Add the Server 2012 DC to the Cloneable Domain Controllers group
  2. Run: Get-ADDCCloningExcludedApplicationList
    • Any programs or services previously returned by Get-ADDCCloningExcludedApplicationList - and not added to the CustomDCCloneAllowList.xml - must be removed prior to cloning. Uninstalling the application or service is the recommended method.
    • Warning: Any incompatible program or service not uninstalled or added to the CustomDCCloneAllowList.xml prevents cloning.
  3. Run Get-ADDCCloningExcludedApplicationList -GenerateXml -Path C:\Windows\NTDS -force
    • Generates the excluded application list as a file named CustomDCCloneAllowList.xml at the specified folder path (C:\Windows\NTDS) and forces overwrite if a file by that name is found to already exist at that path location.
  4. Run New-ADDCCloneConfigFile
  5. Shut down the DC
  6. Run Export-VM -Name <name> -Path <path> (on the host)</path></name>
  7. Run: $<somevariable> = Import-VM -path <path> -VhdDestinationPath <path> -Copy -GenerateNewId</path></path></somevariable>
  8. Rename-VM $<somevariable> -NewName <new></new></somevariable>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How can you Transfer FSMO Roles?

  1. PowerShell
  2. CMD
A
  1. PowerShell
    • Move-ADDirectoryServerOperationMasterRole -Identity < Name of DC/Server > -OperationMasterRole < FSMO Role seperated by comma>
  2. CMD
    • ntdsutil
    • roles
    • connections
    • connect to server
    • q
    • Transfer < FSMO Role seperated by comma>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How do you seize a FSMO Role via

  • PowerShell
  • CMD
A
  1. PowerShell
    • Move-ADDirectoryServerOperationMasterRole -Identity < Name of DC/Server > -OperationMasterRole < FSMO Role seperated by comma> -Force
  2. CMD
    • ntdsutil
    • roles
    • connections
    • connect to server
    • q
    • seize < FSMO Role seperated by comma>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How would you restore a user that has been deleted? Active Directory Recycle Bin is Enabled.

2 ways

A
  • By finding the user in the AD recycle bin and restoring the object
  • PowerShell
    • Restore-ADOject -Identity
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How do you create an Active Directory SnapShot?

A
  • ntdsutil
  • activate instance ntds
  • snapshot
  • create
  • (q or quit) x2
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

How do you mount an Active Directory Snapshot?

A
  • ntdsutil
  • activate instance ntds
  • snapshot
  • mount <guid></guid>
  • dsamain -dbpath <path> -ldaport 50000</path>
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the three states AD DS can be in?

A
  • Started
  • Stopped
  • DSRM
17
Q

How do you revover data from a snapshot?

(What is the downside to this?)

A

You can use LDIFDE

**It does not keep everything in object

18
Q

How do you an offline defrag of the Active Directory Database?

A
  • Stop the Service: Active Directory Domain Services
  • ntdsutil
  • activate instance ntds
  • files
  • compact to C:\
  • copy files to C:windows\NTDS\ntds.dit
  • and delete old log files from C:\windows\NTDS*.log
  • once Completed: run integrity
  • then (q or quit) x2
19
Q

How do you do a metadata clean up on Active Directory?

A
  1. ntdsutil
  2. metadata cleanup
  3. remove selected server <servername> or remove selected server <servername1> on <servername2></servername2></servername1></servername>
  4. quit or q twice
20
Q

How would you optomize an Active Directory database?

A

perform an Offline defrag

21
Q

What are the different back Server backups?

A
  • Normal
  • Copy
  • Incremental
  • Differential
  • Daily
22
Q

What is the difference between incremental and differential back ups?

A

Incremental backups: copies all changed or new files and marked them as backed up

Differential backups: opies all changed or new files but does not mark the files as backed up

23
Q

How would you do a system state back up of a server using the following tools:

  1. GUI
  2. wbadmin
  3. PowerShell
A
  • GUI:
    • Open the Windows Server Backup
    • Select local backup
    • Select backup once or backup schedule
    • In Select items for back up: click add items
    • Select System State
    • Select the location
    • click backup
  • wbadmin:
    • wbadmin start systemstatebackup -backupTarget:
  • PowerShell
    • $Policy = New-WBPolicy
    • Add-WBSystemState -Policy $Policy
    • $BackupLocation = New-WBBackupTarget -VolumePath “D:”
    • Add-WBBackupTarget -Policy $Policy -Target $BackupLocation
    • Start-WBBackup -Policy $Policy
24
Q

How would you restore a user object using Tombstone?

A

You would use LDP

  • Connect to the Domain
  • Bind with the User Account
  • Click View, Select Tree View
  • Select the Base of the Domain
  • Select Deleted Objects
  • Select the object you want to restore
  • Right-Click, Select Modify
  • Delete the Attribute “isDeleted”
  • Replace the DN (DistinguishedName) with where you would like the object to live
  • Click Run

MCSA 70-411 - Global Knowledge (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions