Maintaining AD DS - PowerShell Flashcards

Implementing Virtualized Domain Controllers Implementing Read Only Domain Controllers Administering AD DS Managing the AD DS Database

1
Q

Ntdsutil

A

a command-line tool that provides management facilities for Active Directory Domain Services (AD DS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

How would you create a snapshot and mount it?

A

Snapshot:

  • Ntdsutil
  • Snapshot
  • activate instance ntds
  • Create
  • quit x2

Mount Snapshot:

  • Ntdsutil
  • Snapshot
  • activate instance ntds
  • list all
  • GUID from Snapshot
  • quit x2

Connecting to Snapshot:

dsamain /dbpath C:$SNAP_(DateTime)_volumeC$\windows\ntds\ntds.dit /ldapport 5000

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do you unmount a snapshot?

A

UnMount:

  • ntdsutil
  • snapshot
  • activate instance ntds
  • list all
  • unmount guid
  • list all
  • quit
  • Quit
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

How do you reset the DSRM Admin Password?

A

To Reset the DSRM Administrator Password

  • Click, Start, click Run, type ntdsutil, and then click OK.
  • At the Ntdsutil command prompt, type set dsrm
  • password.
  • At the DSRM command prompt, type one of the following
  • lines:
    • To reset the password on the server on which you are working, type reset password on server null. The null variable assumes that the DSRM password is being reset on the local computer. Type the new password when you are prompted. Note that no characters appear while you type the password.
    • To reset the password for another server, type reset password on server servername, where servername is the DNS name for the server on which you are resetting the DSRM password. Type the new password when you are prompted. Note that no characters appear while you type the password.
  • At the DSRM command prompt, type q.
  • At the Ntdsutil command prompt, type q to exit.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How do you create install media for a DC?

A

ntdsutil

activate instance ntds

ifm

create sysvol full <drive>:\<installationmediafolder></installationmediafolder></drive>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does the following PowerShell CmdLet Do?

Add-ADCentralAccessPolicyMember

A

Adds central access rules to a central access policy in Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does the following PowerShell CmdLet Do?

Add-ADComputerServiceAccount

A

Adds one or more service accounts to an Active Directory computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the following PowerShell CmdLet Do?

Add-ADDomainControllerPasswordReplicationPolicy

A

Adds users, computers, and groups to the allowed or denied list of a read-only domain controller password replication policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does the following PowerShell CmdLet Do?

Add-ADFineGrainedPasswordPolicySubject

A

Applies a fine-grained password policy to one more users and groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does the following PowerShell CmdLet Do?

Add-ADGroupMember

A

Adds one or more members to an Active Directory group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does the following PowerShell CmdLet Do?

Add-ADPrincipalGroupMembership

A

Adds a member to one or more Active Directory groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does the following PowerShell CmdLet Do?

Add-ADResourcePropertyListMember

A

Adds one or more resource properties to a resource property list in Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does the following PowerShell CmdLet Do?

Clear-ADAccountExpiration

A

Clears the expiration date for an Active Directory account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does the following PowerShell CmdLet Do?

Clear-ADClaimTransformLink

A

Removes a claims transformation from being applied to one or more cross-forest trust relationships in Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the following PowerShell CmdLet Do?

Disable-ADAccount

A

Disables an Active Directory account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does the following PowerShell CmdLet Do?

Disable-ADOptionalFeature

A

Disables an Active Directory optional feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does the following PowerShell CmdLet Do?

Enable-ADAccount

A

Enables an Active Directory account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What does the following PowerShell CmdLet Do?

Enable-ADOptionalFeature

A

Enables an Active Directory optional feature.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does the following PowerShell CmdLet Do?

Get-ADAccountAuthorizationGroup

A

Gets the accounts token group information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does the following PowerShell CmdLet Do?

Get-ADAccountResultantPasswordReplicationPolicy

A

Gets the resultant password replication policy for an Active Directory account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does the following PowerShell CmdLet Do?

Get-ADAuthenticationPolicy

A

Gets one or more Active Directory Domain Services authentication policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What does the following PowerShell CmdLet Do?

Get-ADAuthenticationPolicySilo

A

Gets one or more Active Directory Domain Services authentication policy silos.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

What does the following PowerShell CmdLet Do?

Get-ADCentralAccessPolicy

A

Retrieves central access policies from Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

What does the following PowerShell CmdLet Do?

Get-ADCentralAccessRule

A

Retrieves central access rules from Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

What does the following PowerShell CmdLet Do?

Get-ADClaimTransformPolicy

A

Returns one or more Active Directory claim transform objects based on a specified filter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What does the following PowerShell CmdLet Do?

Get-ADClaimType

A

Returns a claim type from Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

What does the following PowerShell CmdLet Do?

Get-ADComputer

A

Gets one or more Active Directory computers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What does the following PowerShell CmdLet Do?

Get-ADComputerServiceAccount

A

Gets the service accounts hosted by a computer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What does the following PowerShell CmdLet Do?

Get-ADDCCloningExcludedApplicationList

A

Gets a list of installed programs and services present on this domain controller that are not in the default or user defined inclusion list.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What does the following PowerShell CmdLet Do?

Get-ADDefaultDomainPasswordPolicy

A

Gets the default password policy for an Active Directory domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What does the following PowerShell CmdLet Do?

Get-ADDomain

A

Gets an Active Directory domain.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What does the following PowerShell CmdLet Do?

Get-ADDomainController

A

Gets one or more Active Directory domain controllers based on discoverable services criteria, search parameters or by providing a domain controller identifier, such as the NetBIOS name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What does the following PowerShell CmdLet Do?

Get-ADDomainControllerPasswordReplicationPolicy

A

Gets the members of the allowed list or denied list of a read-only domain controller’s password replication policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What does the following PowerShell CmdLet Do?

Get-ADDomainControllerPasswordReplicationPolicyUsage

A

Gets the Active Directory accounts that are authenticated by a read-only domain controller or that are in the revealed list of the domain controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What does the following PowerShell CmdLet Do?

Get-ADFineGrainedPasswordPolicy

A

Gets one or more Active Directory fine-grained password policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

What does the following PowerShell CmdLet Do?

Get-ADFineGrainedPasswordPolicySubject

A

Gets the users and groups to which a fine-grained password policy is applied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What does the following PowerShell CmdLet Do?

Get-ADForest

A

Gets an Active Directory forest.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What does the following PowerShell CmdLet Do?

Get-ADGroup

A

Gets one or more Active Directory groups.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What does the following PowerShell CmdLet Do?

Get-ADGroupMember

A

Gets the members of an Active Directory group.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

What does the following PowerShell CmdLet Do?

Get-ADObject

A

Gets one or more Active Directory objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What does the following PowerShell CmdLet Do?

Get-ADOptionalFeature

A

Gets one or more Active Directory optional features.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What does the following PowerShell CmdLet Do?

Get-ADOrganizationalUnit

A

Gets one or more Active Directory organizational units.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What does the following PowerShell CmdLet Do?

Get-ADPrincipalGroupMembership

A

Gets the Active Directory groups that have a specified user, computer, group, or service account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
44
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationAttributeMetadata

A

Gets the replication metadata for one or more Active Directory replication partners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
45
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationConnection

A

Returns a specific Active Directory replication connection or a set of AD replication connection objects based on a specified filter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
46
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationFailure

A

Returns a collection of data describing an Active Directory replication failure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
47
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationPartnerMetadata

A

Returns the replication metadata for a set of one or more replication partners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
48
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationQueueOperation

A

Returns the contents of the replication queue for a specified server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
49
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationSite

A

Returns a specific Active Directory replication site or a set of replication site objects based on a specified filter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
50
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationSiteLink

A

Returns a specific Active Directory site link or a set of site links based on a specified filter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
51
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationSiteLinkBridge

A

Gets a specific Active Directory site link bridge or a set of site link bridge objects based on a specified filter.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
52
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationSubnet

A

Gets one or more Active Directory subnets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
53
Q

What does the following PowerShell CmdLet Do?

Get-ADReplicationUpToDatenessVectorTable

A

Displays the highest Update Sequence Number (USN) for the specified domain controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
54
Q

What does the following PowerShell CmdLet Do?

Get-ADResourceProperty

A

Gets one or more resource properties.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
55
Q

What does the following PowerShell CmdLet Do?

Get-ADResourcePropertyList

A

Gets resource property lists from Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
56
Q

What does the following PowerShell CmdLet Do?

Get-ADResourcePropertyValueType

A

Gets a resource property value type from Active Directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
57
Q

What does the following PowerShell CmdLet Do?

Get-ADRootDSE

A

Gets the root of a directory server information tree.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
58
Q

What does the following PowerShell CmdLet Do?

Get-ADServiceAccount

A

Gets one or more Active Directory managed service accounts or group managed service accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
59
Q

What does the following PowerShell CmdLet Do?

Get-ADTrust

A

Gets all trusted domain objects in the directory.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
60
Q

What does the following PowerShell CmdLet Do?

Get-ADUser

A

Gets one or more Active Directory users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
61
Q

What does the following PowerShell CmdLet Do?

Get-ADUserResultantPasswordPolicy

A

Gets the resultant password policy for a user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
62
Q

What does the following PowerShell CmdLet Do?

Grant-ADAuthenticationPolicySiloAccess

A

Grants permission to join an authentication policy silo.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
63
Q

What does the following PowerShell CmdLet Do?

Install-ADServiceAccount

A

Installs an Active Directory managed service account on a computer or caches a group managed service account on a computer.

64
Q

What does the following PowerShell CmdLet Do?

Move-ADDirectoryServer

A

Moves a directory server in Active Directory to a new site.

65
Q

What does the following PowerShell CmdLet Do?

Move-ADDirectoryServerOperationMasterRole

A

Moves operation master roles to an Active Directory directory server.

66
Q

What does the following PowerShell CmdLet Do?

Move-ADObject

A

Moves an Active Directory object or a container of objects to a different container or domain.

67
Q

What does the following PowerShell CmdLet Do?

New-ADAuthenticationPolicy

A

Creates an Active Directory Domain Services authentication policy object.

68
Q

What does the following PowerShell CmdLet Do?

New-ADAuthenticationPolicySilo

A

Creates an Active Directory Domain Services authentication policy silo object.

69
Q

What does the following PowerShell CmdLet Do?

New-ADCentralAccessPolicy

A

Creates a new central access policy in Active Directory containing a set of central access rules.

70
Q

What does the following PowerShell CmdLet Do?

New-ADCentralAccessRule

A

Creates a central access rule in Active Directory.

71
Q

What does the following PowerShell CmdLet Do?

New-ADClaimTransformPolicy

A

Creates a new claim transformation policy object in Active Directory.

72
Q

What does the following PowerShell CmdLet Do?

New-ADClaimType

A

Creates a new claim type in Active Directory.

73
Q

What does the following PowerShell CmdLet Do?

New-ADComputer

A

Creates a new Active Directory computer object.

74
Q

What does the following PowerShell CmdLet Do?

New-ADDCCloneConfigFile

A

Performs prerequisite checks for cloning a domain controller and generates a clone configuration file if all checks succeed.

75
Q

What does the following PowerShell CmdLet Do?

New-ADFineGrainedPasswordPolicy

A

Creates a new Active Directory fine-grained password policy.

76
Q

What does the following PowerShell CmdLet Do?

New-ADGroup

A

Creates an Active Directory group.

77
Q

What does the following PowerShell CmdLet Do?

New-ADObject

A

Creates an Active Directory object.

78
Q

What does the following PowerShell CmdLet Do?

New-ADOrganizationalUnit

A

Creates an Active Directory organizational unit.

79
Q

What does the following PowerShell CmdLet Do?

New-ADReplicationSite

A

Creates an Active Directory replication site in the directory.

80
Q

What does the following PowerShell CmdLet Do?

New-ADReplicationSiteLink

A

Creates a new Active Directory site link for in managing replication.

81
Q

What does the following PowerShell CmdLet Do?

New-ADReplicationSiteLinkBridge

A

Creates a site link bridge in Active Directory for replication.

82
Q

What does the following PowerShell CmdLet Do?

New-ADReplicationSubnet

A

Creates an Active Directory replication subnet object.

83
Q

What does the following PowerShell CmdLet Do?

New-ADResourceProperty

A

Creates a resource property in Active Directory.

84
Q

What does the following PowerShell CmdLet Do?

New-ADResourcePropertyList

A

Creates a resource property list in Active Directory.

85
Q

What does the following PowerShell CmdLet Do?

New-ADServiceAccount

A

Creates a new Active Directory managed service account or group managed service account object.

86
Q

What does the following PowerShell CmdLet Do?

New-ADUser

A

Creates an Active Directory user.

87
Q

What does the following PowerShell CmdLet Do?

Remove-ADAuthenticationPolicy

A

Removes an Active Directory Domain Services authentication policy object.

88
Q

What does the following PowerShell CmdLet Do?

Remove-ADAuthenticationPolicySilo

A

Removes an Active Directory Domain Services authentication policy silo object.

89
Q

What does the following PowerShell CmdLet Do?

Remove-ADCentralAccessPolicy

A

Removes a central access policy from Active Directory.

90
Q

What does the following PowerShell CmdLet Do?

Remove-ADCentralAccessPolicyMember

A

Removes central access rules from a central access policy in Active Directory.

91
Q

What does the following PowerShell CmdLet Do?

Remove-ADCentralAccessRule

A

Removes a central access rule from Active Directory.

92
Q

What does the following PowerShell CmdLet Do?

Remove-ADClaimTransformPolicy

A

Removes a claim transformation policy object from Active Directory.

93
Q

What does the following PowerShell CmdLet Do?

Remove-ADClaimType

A

Removes a claim type from Active Directory.

94
Q

What does the following PowerShell CmdLet Do?

Remove-ADComputer

A

Removes an Active Directory computer.

95
Q

What does the following PowerShell CmdLet Do?

Remove-ADComputerServiceAccount

A

Removes one or more service accounts from a computer.

96
Q

What does the following PowerShell CmdLet Do?

Remove-ADDomainControllerPasswordReplicationPolicy

A

Removes users, computers, and groups from the allowed or denied list of a read-only domain controller password replication policy.

97
Q

What does the following PowerShell CmdLet Do?

Remove-ADFineGrainedPasswordPolicy

A

Removes an Active Directory fine-grained password policy.

98
Q

What does the following PowerShell CmdLet Do?

Remove-ADFineGrainedPasswordPolicySubject

A

Removes one or more users from a fine-grained password policy.

99
Q

What does the following PowerShell CmdLet Do?

Remove-ADGroup

A

Removes an Active Directory group.

100
Q

What does the following PowerShell CmdLet Do?

Remove-ADGroupMember

A

Removes one or more members from an Active Directory group.

101
Q

What does the following PowerShell CmdLet Do?

Remove-ADObject

A

Removes an Active Directory object.

102
Q

What does the following PowerShell CmdLet Do?

Remove-ADOrganizationalUnit

A

Removes an Active Directory organizational unit.

103
Q

What does the following PowerShell CmdLet Do?

Remove-ADPrincipalGroupMembership

A

Removes a member from one or more Active Directory groups.

104
Q

What does the following PowerShell CmdLet Do?

Remove-ADReplicationSite

A

Deletes the specified replication site object from Active Directory.

105
Q

What does the following PowerShell CmdLet Do?

Remove-ADReplicationSiteLink

A

Deletes an Active Directory site link used to manage replication.

106
Q

What does the following PowerShell CmdLet Do?

Remove-ADReplicationSiteLinkBridge

A

Deletes a replication site link bridge from Active Directory.

107
Q

What does the following PowerShell CmdLet Do?

Remove-ADReplicationSubnet

A

Deletes the specified Active Directory replication subnet object from the directory.

108
Q

What does the following PowerShell CmdLet Do?

Remove-ADResourceProperty

A

Removes a resource property from Active Directory.

109
Q

What does the following PowerShell CmdLet Do?

Remove-ADResourcePropertyList

A

Removes one or more resource property lists from Active Directory.

110
Q

What does the following PowerShell CmdLet Do?

Remove-ADResourcePropertyListMember

A

Removes one or more resource properties from a resource property list in Active Directory.

111
Q

What does the following PowerShell CmdLet Do?

Remove-ADServiceAccount

A

Removes an Active Directory managed service account or group managed service account object.

112
Q

What does the following PowerShell CmdLet Do?

Remove-ADUser

A

Removes an Active Directory user.

113
Q

What does the following PowerShell CmdLet Do?

Rename-ADObject

A

Changes the name of an Active Directory object.

114
Q

What does the following PowerShell CmdLet Do?

Reset-ADServiceAccountPassword

A

Resets the password for a standalone managed service account.

115
Q

What does the following PowerShell CmdLet Do?

Restore-ADObject

A

Restores an Active Directory object.

116
Q

What does the following PowerShell CmdLet Do?

Revoke-ADAuthenticationPolicySiloAccess

A

Revokes membership in an authentication policy silo for the specified account.

117
Q

What does the following PowerShell CmdLet Do?

Search-ADAccount

A

Gets Active Directory user, computer, or service accounts.

118
Q

What does the following PowerShell CmdLet Do?

Set-ADAccountAuthenticationPolicySilo

A

Modifies the authentication policy or authentication policy silo of an account.

119
Q

What does the following PowerShell CmdLet Do?

Set-ADAccountControl

A

Modifies user account control (UAC) values for an Active Directory account.

120
Q

What does the following PowerShell CmdLet Do?

Set-ADAccountExpiration

A

Sets the expiration date for an Active Directory account.

121
Q

What does the following PowerShell CmdLet Do?

Set-ADAccountPassword

A

Modifies the password of an Active Directory account.

122
Q

What does the following PowerShell CmdLet Do?

Set-ADAuthenticationPolicy

A

Modifies an Active Directory Domain Services authentication policy object.

123
Q

What does the following PowerShell CmdLet Do?

Set-ADAuthenticationPolicySilo

A

Modifies an Active Directory Domain Services authentication policy silo object.

124
Q

What does the following PowerShell CmdLet Do?

Set-ADCentralAccessPolicy

A

Modifies a central access policy in Active Directory.

125
Q

What does the following PowerShell CmdLet Do?

Set-ADCentralAccessRule

A

Modifies a central access rule in Active Directory.

126
Q

What does the following PowerShell CmdLet Do?

Set-ADClaimTransformLink

A

Applies a claims transformation to one or more cross-forest trust relationships in Active Directory.

127
Q

What does the following PowerShell CmdLet Do?

Set-ADClaimTransformPolicy

A

Sets the properties of a claims transformation policy in Active Directory.

128
Q

What does the following PowerShell CmdLet Do?

Set-ADClaimType

A

Modify a claim type in Active Directory.

129
Q

What does the following PowerShell CmdLet Do?

Set-ADComputer

A

Modifies an Active Directory computer object.

130
Q

What does the following PowerShell CmdLet Do?

Set-ADDefaultDomainPasswordPolicy

A

Modifies the default password policy for an Active Directory domain.

131
Q

What does the following PowerShell CmdLet Do?

Set-ADDomain

A

Modifies an Active Directory domain.

132
Q

What does the following PowerShell CmdLet Do?

Set-ADDomainMode

A

Sets the domain mode for an Active Directory domain.

133
Q

What does the following PowerShell CmdLet Do?

Set-ADFineGrainedPasswordPolicy

A

Modifies an Active Directory fine-grained password policy.

134
Q

What does the following PowerShell CmdLet Do?

Set-ADForest

A

Modifies an Active Directory forest.

135
Q

What does the following PowerShell CmdLet Do?

Set-ADForestMode

A

Sets the forest mode for an Active Directory forest.

136
Q

What does the following PowerShell CmdLet Do?

Set-ADGroup

A

Modifies an Active Directory group.

137
Q

What does the following PowerShell CmdLet Do?

Set-ADObject

A

Modifies an Active Directory object.

138
Q

What does the following PowerShell CmdLet Do?

Set-ADOrganizationalUnit

A

Modifies an Active Directory organizational unit.

139
Q

What does the following PowerShell CmdLet Do?

Set-ADReplicationConnection

A

Sets properties on Active Directory replication connections.

140
Q

What does the following PowerShell CmdLet Do?

Set-ADReplicationSite

A

Sets the replication properties for an Active Directory site.

141
Q

What does the following PowerShell CmdLet Do?

Set-ADReplicationSiteLink

A

Sets the properties for an Active Directory site link.

142
Q

What does the following PowerShell CmdLet Do?

Set-ADReplicationSiteLinkBridge

A

Sets the properties of a replication site link bridge in Active Directory.

143
Q

What does the following PowerShell CmdLet Do?

Set-ADReplicationSubnet

A

Sets the properties of an Active Directory replication subnet object.

144
Q

What does the following PowerShell CmdLet Do?

Set-ADResourceProperty

A

Modifies a resource property in Active Directory.

145
Q

What does the following PowerShell CmdLet Do?

Set-ADResourcePropertyList

A

Modifies a resource property list in Active Directory.

146
Q

What does the following PowerShell CmdLet Do?

Set-ADServiceAccount

A

Modifies an Active Directory managed service account or group managed service account object.

147
Q

What does the following PowerShell CmdLet Do?

Set-ADUser

A

Modifies an Active Directory user.

148
Q

What does the following PowerShell CmdLet Do?

Show-ADAuthenticationPolicyExpression

A

Displays the Edit Access Control Conditions window update or create security descriptor definition language (SDDL) security descriptors.

149
Q

What does the following PowerShell CmdLet Do?

Sync-ADObject

A

Replicates a single object between any two domain controllers that have partitions in common.

150
Q

What does the following PowerShell CmdLet Do?

Test-ADServiceAccount

A

Tests a managed service account from a computer.

151
Q

What does the following PowerShell CmdLet Do?

Uninstall-ADServiceAccount

A

Uninstalls an Active Directory managed service account from a computer or removes a cached group managed service account from a computer.

152
Q

What does the following PowerShell CmdLet Do?

Unlock-ADAccount

A

Unlocks an Active Directory account.

153
Q

For PSO prciedence what applies?

A

The lowest number

i.e. 1 will always apply over 10

154
Q

What are the 2 Forest Wide FSMO Roles?

What are the 3 Domain Wide FSMO Roles?

A
  1. Forest Wide FSMO Roles
    1. Schema Master
    2. Domain Naming Master
  2. Domain Wide FSMO Roles
    1. PDC Emulator
    2. RID Master
    3. Infrastructure Master
155
Q

What does the 2 Forest Wide FSMO Roles do?

What does the 3 Domain Wide FSMO Roles do?

A
  1. Forest Wide FSMO Roles
    1. Schema Master
      1. Editable copy of the Active Directory Schema
    2. Domain Naming Master
      1. Responsible for adding/removing namespaces to the forest tree
  2. Domain Wide FSMO Roles
    1. PDC Emulator
      1. Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator
      2. Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator
      3. Account lockout is processed on the PDC emulator
      4. Acts as PDC for older systems
    2. RID Master
      1. Responsible for process RID Pools. Each DC will request RIDs when it falls below a certain threshold. (Requests when at 250 and given another 500)
    3. Infrastructure Master
      1. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference.
      2. Note: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest
156
Q

What are the three states of Active Directory Domain Services?

A
  1. Started
  2. Stopped
  3. DSRM
157
Q
A