Maintaining AD DS - PowerShell Flashcards
Implementing Virtualized Domain Controllers Implementing Read Only Domain Controllers Administering AD DS Managing the AD DS Database
Ntdsutil
a command-line tool that provides management facilities for Active Directory Domain Services (AD DS)
How would you create a snapshot and mount it?
Snapshot:
- Ntdsutil
- Snapshot
- activate instance ntds
- Create
- quit x2
Mount Snapshot:
- Ntdsutil
- Snapshot
- activate instance ntds
- list all
- GUID from Snapshot
- quit x2
Connecting to Snapshot:
dsamain /dbpath C:$SNAP_(DateTime)_volumeC$\windows\ntds\ntds.dit /ldapport 5000
How do you unmount a snapshot?
UnMount:
- ntdsutil
- snapshot
- activate instance ntds
- list all
- unmount guid
- list all
- quit
- Quit
How do you reset the DSRM Admin Password?
To Reset the DSRM Administrator Password
- Click, Start, click Run, type ntdsutil, and then click OK.
- At the Ntdsutil command prompt, type set dsrm
- password.
- At the DSRM command prompt, type one of the following
- lines:
- To reset the password on the server on which you are working, type reset password on server null. The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.
- To reset the password for another server, type reset password on server servername, where servername is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.
- At the DSRM command prompt, type q.
- At the Ntdsutil command prompt, type q to exit.
How do you create install media for a DC?
ntdsutil
activate instance ntds
ifm
create sysvol full <drive>:\<installationmediafolder></installationmediafolder></drive>
What does the following PowerShell CmdLet Do?
Add-ADCentralAccessPolicyMember
Adds central access rules to a central access policy in Active Directory.
What does the following PowerShell CmdLet Do?
Add-ADComputerServiceAccount
Adds one or more service accounts to an Active Directory computer.
What does the following PowerShell CmdLet Do?
Add-ADDomainControllerPasswordReplicationPolicy
Adds users, computers, and groups to the allowed or denied list of a read-only domain controller password replication policy.
What does the following PowerShell CmdLet Do?
Add-ADFineGrainedPasswordPolicySubject
Applies a fine-grained password policy to one more users and groups.
What does the following PowerShell CmdLet Do?
Add-ADGroupMember
Adds one or more members to an Active Directory group.
What does the following PowerShell CmdLet Do?
Add-ADPrincipalGroupMembership
Adds a member to one or more Active Directory groups.
What does the following PowerShell CmdLet Do?
Add-ADResourcePropertyListMember
Adds one or more resource properties to a resource property list in Active Directory.
What does the following PowerShell CmdLet Do?
Clear-ADAccountExpiration
Clears the expiration date for an Active Directory account.
What does the following PowerShell CmdLet Do?
Clear-ADClaimTransformLink
Removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory.
What does the following PowerShell CmdLet Do?
Disable-ADAccount
Disables an Active Directory account.
What does the following PowerShell CmdLet Do?
Disable-ADOptionalFeature
Disables an Active Directory optional feature.
What does the following PowerShell CmdLet Do?
Enable-ADAccount
Enables an Active Directory account.
What does the following PowerShell CmdLet Do?
Enable-ADOptionalFeature
Enables an Active Directory optional feature.
What does the following PowerShell CmdLet Do?
Get-ADAccountAuthorizationGroup
Gets the accounts token group information.
What does the following PowerShell CmdLet Do?
Get-ADAccountResultantPasswordReplicationPolicy
Gets the resultant password replication policy for an Active Directory account.
What does the following PowerShell CmdLet Do?
Get-ADAuthenticationPolicy
Gets one or more Active Directory Domain Services authentication policies.
What does the following PowerShell CmdLet Do?
Get-ADAuthenticationPolicySilo
Gets one or more Active Directory Domain Services authentication policy silos.
What does the following PowerShell CmdLet Do?
Get-ADCentralAccessPolicy
Retrieves central access policies from Active Directory.
What does the following PowerShell CmdLet Do?
Get-ADCentralAccessRule
Retrieves central access rules from Active Directory.
What does the following PowerShell CmdLet Do?
Get-ADClaimTransformPolicy
Returns one or more Active Directory claim transform objects based on a specified filter.
What does the following PowerShell CmdLet Do?
Get-ADClaimType
Returns a claim type from Active Directory.
What does the following PowerShell CmdLet Do?
Get-ADComputer
Gets one or more Active Directory computers.
What does the following PowerShell CmdLet Do?
Get-ADComputerServiceAccount
Gets the service accounts hosted by a computer.
What does the following PowerShell CmdLet Do?
Get-ADDCCloningExcludedApplicationList
Gets a list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list.
What does the following PowerShell CmdLet Do?
Get-ADDefaultDomainPasswordPolicy
Gets the default password policy for an Active Directory domain.
What does the following PowerShell CmdLet Do?
Get-ADDomain
Gets an Active Directory domain.
What does the following PowerShell CmdLet Do?
Get-ADDomainController
Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name.
What does the following PowerShell CmdLet Do?
Get-ADDomainControllerPasswordReplicationPolicy
Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy.
What does the following PowerShell CmdLet Do?
Get-ADDomainControllerPasswordReplicationPolicyUsage
Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.
What does the following PowerShell CmdLet Do?
Get-ADFineGrainedPasswordPolicy
Gets one or more Active Directory fine-grained password policies.
What does the following PowerShell CmdLet Do?
Get-ADFineGrainedPasswordPolicySubject
Gets the users and groups to which a fine-grained password policy is applied.
What does the following PowerShell CmdLet Do?
Get-ADForest
Gets an Active Directory forest.
What does the following PowerShell CmdLet Do?
Get-ADGroup
Gets one or more Active Directory groups.
What does the following PowerShell CmdLet Do?
Get-ADGroupMember
Gets the members of an Active Directory group.
What does the following PowerShell CmdLet Do?
Get-ADObject
Gets one or more Active Directory objects.
What does the following PowerShell CmdLet Do?
Get-ADOptionalFeature
Gets one or more Active Directory optional features.
What does the following PowerShell CmdLet Do?
Get-ADOrganizationalUnit
Gets one or more Active Directory organizational units.
What does the following PowerShell CmdLet Do?
Get-ADPrincipalGroupMembership
Gets the Active Directory groups that have a specified user, computer, group, or service account.
What does the following PowerShell CmdLet Do?
Get-ADReplicationAttributeMetadata
Gets the replication metadata for one or more Active Directory replication partners.
What does the following PowerShell CmdLet Do?
Get-ADReplicationConnection
Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter.
What does the following PowerShell CmdLet Do?
Get-ADReplicationFailure
Returns a collection of data describing an Active Directory replication failure.
What does the following PowerShell CmdLet Do?
Get-ADReplicationPartnerMetadata
Returns the replication metadata for a set of one or more replication partners.
What does the following PowerShell CmdLet Do?
Get-ADReplicationQueueOperation
Returns the contents of the replication queue for a specified server.
What does the following PowerShell CmdLet Do?
Get-ADReplicationSite
Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter.
What does the following PowerShell CmdLet Do?
Get-ADReplicationSiteLink
Returns a specific Active Directory site link or a set of site links based on a specified filter.
What does the following PowerShell CmdLet Do?
Get-ADReplicationSiteLinkBridge
Gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter.
What does the following PowerShell CmdLet Do?
Get-ADReplicationSubnet
Gets one or more Active Directory subnets.
What does the following PowerShell CmdLet Do?
Get-ADReplicationUpToDatenessVectorTable
Displays the highest Update Sequence Number (USN) for the specified domain controller.
What does the following PowerShell CmdLet Do?
Get-ADResourceProperty
Gets one or more resource properties.
What does the following PowerShell CmdLet Do?
Get-ADResourcePropertyList
Gets resource property lists from Active Directory.
What does the following PowerShell CmdLet Do?
Get-ADResourcePropertyValueType
Gets a resource property value type from Active Directory.
What does the following PowerShell CmdLet Do?
Get-ADRootDSE
Gets the root of a directory server information tree.
What does the following PowerShell CmdLet Do?
Get-ADServiceAccount
Gets one or more Active Directory managed service accounts or group managed service accounts.
What does the following PowerShell CmdLet Do?
Get-ADTrust
Gets all trusted domain objects in the directory.
What does the following PowerShell CmdLet Do?
Get-ADUser
Gets one or more Active Directory users.
What does the following PowerShell CmdLet Do?
Get-ADUserResultantPasswordPolicy
Gets the resultant password policy for a user.
What does the following PowerShell CmdLet Do?
Grant-ADAuthenticationPolicySiloAccess
Grants permission to join an authentication policy silo.