Module1 Intro Active Directory Domain Services Flashcards
What does AAA stand for?
Authentication
Authorization
Accounting
What does IDA stand for?
Identity and access
What does CIA stand for?
Confidentiality
Integrity
Availability
Authenticity
What is another name for identity store?
Directory database
Another word for Identity in AD.
Security principal
What does SID stand for?
Security identifier
What does DACL stand for?
Discretionary access control list
What Does ACE stand for?
Access control entry (allow or deny)
What does LSA stand for?
Local security authority
User’s access token require?
User SID
Member Group SIDs
Privileges “user rights”
Other access info
Are access tokens ever transmitted over a network?
No LSAs generate local tokens for local access and server side tokens for file access
Another name for Privileges in AD.
User Rights
What is SACL?
System access control list
What is authorization?
The process that determines whether to grant or deny a user access to a requested level of access to a resource
What does SAM stand for?
Security Accounts Manager database
3 components of authorization are?
Resource
Access Request
Security token
What is pass through authentication?
Transparent authentication, when the local workgroup user name and password are I debit all to the server or machine being accessed remotely
Kerberos is?
The AD Authenticator and TGT issuer
What is TGT?
Ticket Granting Ticket
What is AD LDS?
AD LIGHTWEIGHT DS
A standalone version of AD used with LDAP AND REPLACED ADAM
What is AD CS?
AD CERTIFICATE SERVICE
What is AD RMS?
AD RIGHTS MANAGEMENT SERVICES
What is inetOrgPerson?
An object class used to support interoperability with a handful of third-party DSs, it is a security principal and is similar to a user account.
What is AD FS?
AD FEDERATION SERVICES
What is API?
Application Programming Interfaces aka LDAP
NTDS.DIT databases are?
Schematic Configuration Domains DNS PAS
What is Ntds.dit?
Where AD DS stored it’s identities. Usually in C:\ntds\
What is Schema?
Defines the attributes and types of objects that can be stored in the directory.
What is a Domain naming context (domain NC)?
Contains the data about the objects within a domain. Users groups and computers.
What is Configuration (ntds.dit) in AD?
Contains info about domains, services and topology.
What is DNS in (AD)?
In AD integrated DNS, the DNS zones and resource records are stored in a partition.
What is PAS (Partial Attribute Set)?
This partition is used by global catalog,
What is SYSVOL?
In c:\windows used by AD to store info such as login scripts and files related to GPOs
What is KDC SERVICE?
Kerberos Key Distribution Center
What is a Server core?
Command Prompt version of Windows Server 2008 r2 with no Windows Explorer.
What is RODCs?
Read-only DC that caches credentials only, no changes to AD, no passwords are replicated to it
What is ObjectSID (Schema)?
Security identifier
What is sAMAccountName (Schema)?
The pre-windows 2000 server login name aka Username
What is unicodePwd (Schema)?
This attribute stores a password as a hashtag code, only a brute force dictionary attack can derive the password.
What is member (Schema?
The attribute that stores the membership list for a group object.
What is Classes (Schema)?
This container defines the type of objects that can be created in the directory, including user and group.
What is a Forrest?
Is a collection of one or more AD domains. The first is called the Forrest root domain. Only one Schema for all other domains.
What is DNS?
Domain Name System
What is Replication?
Replication services distribute directory data across a network
What is Multimaster Replication?
No DC is a single master, the replicate to each other
A zone in AD DS is?
DNS data stored in AD
What is Sites in (AD)?
An AD site is an object that represents a portion of the enterprise within which network connectivity is good, it creates a boundary of replication and service utilization
What is Global catalog?
A partition of the data store also known as PAS contains info about every object in the directory.
What is an INTEGRATED ZONE?
A database within AD used to store data from other applications and replicated using AD replication services.
Where do you edit GPO settings?
Group Policy Manager
What are Trust Relationships?
When a trusting domain extends it’s realm of trust so that it trusts the identity store and authentication services of the trusting domain
Where do you install AD DS roles?
In Server Manager
What are the steps for Installing and Configuring a DC
Configure Time Zone
Install AD DS role in Server Manager
Run the ADDS Install Wizard
Choose Deployment Configuration
Select the additional domain controller Features
Select the location for database, log files and Sysvol
Configure the DS Restore Mode Administrator Password
Information need to create a Domain Controller.
Domain Name DNS Name NetrBios Name (Short Name) Function Level (OS Functionality Level) DNS Implementation for SD Support IP Configuration for Domain Controller (Static IP) DNS Server Address for name resolution Admin Username and Password for Admin Group Data Store Location
What must the first domain controller in a forest be?
A Global Catalog Server, and cannot be an RODC
