Section 2 - Power Shell Flashcards
What are powershells main verbs?
get
set
copy
move
new
add (like adding user to group)
How to go forwards and backwards through commands that powershell tries to auto compete?
tab
shift
This is done through intelisense
Get services then start and stop the Remote Management service
What would this service be known as in terms of powershell
Show the man page for stop-service
get-service
WinRM
stop-service -name “winrm”
start-service -name “winrm”
-name would be a parameter
winrm is a parameter
get-help stop-service
Show running processes
show the 5 newest system event logs
Change the formatting of this so you can see more information
Send this info to a text file
get-process
get-eventlog -logname system -newest 5 | format-list | out-file c:\log.txt
(this is normally formatted as a table)
Show all commands
Show a command that contains the word “net” and also the word “reset”
get-commands -noun net* -verb reset (use a wildcard)
Show current modules
What are they?
import activedirectory module
Where would you find downloadable modules?
download a command
They contain tons of commands
get-module
import-module -name activedirectory
powershellgallery.com
search what you want, click on it, copy the command that will download it
What is a forest, tree, and a forest?
Every Active Directory Domain must be part of a forest and a tree.
Tree - every child domain that contains the parents name
Forest - Domains in forest contain same schema. Schema makes up all objects and attributes. Multiple forests can be linked, but they won’t have the same schema, you can add a trust though
Why have multiple domains?
Big company over different countries
What would your child domain called UK be called in AD if your first domain was examlabpractice.com
What about if UK has a child domain?
uk.examlabpractice.com
scotland.uk.examlabpractice.com
What is a trust relationship
Domains can share resources
Why go to multiple trees?
If a different naming convention needs to be used.
What can domains part of the same forest share?
Resources - files, folders, printers
Scheme - Object templates and attributes (like you can look up a user in a different county in a same forest)
Where is the Active Directory database stored?
What partitions does this consist of?
NTDS.dir
Configuration - Replicates to every DC in Forest. Has info how forest is configured.
Schema - Makes all object and attributes for entire forest. IE: Has info on how to build users, groups, etc. It has a bunch of templates/blueprints basically. Replicates forest wide.
Domain - Unique per domain. Users, passwords, groups, etc. all stored here for your unique Domain. Replicates to only DCs in this domain.
Application (custom) - You can create this and choose what is stored here. For custom made objects and you can choose which DCs replicate this.
These two are actually in here:
-ForestDNSZone
-DomainDNSZone
What is the Global Catalog
Special job you can assign to a DC that replicates a subset of all objects in every domain’s “Domain” partition.
Purpose - Different computers can locate object in different domain.
I can look up a user if I’m in Australia for a domain in the US, but it won’t have all attributes about the object, just the subsets of objects.
IMPORTANT
Just to be safe, create a domain name that is unique. If you copy someone else’s and integrate to the cloud this could cause problems
Change hostname
Disable ipv6
give a unique ipv4 address and put it’s loopback as it’s DNS server
Install ADDS and add a new forest
Server Manager > local host > click name > yada yada
Roles and Features
After it’s done promote your server to a domain controller.
What is the functional level of a DC
Highest functional level you can use according to your newest server.
This just says how up to date with features you can get.
Remember Global Catalog
NETBios name?
For older devices. Legacy name.
Older devices = 1990s devices
What is SYSVOL?
C:\Windows\SYSVOL
Group policy info and logon scripts are stored.
C:\Windows\NTDS
Change hostname of your second server and add to domain
Confirm server is on the domain
Local server > click name > configure > also change domain to GameSharks.com
REMEMBER TO ADD DC1 AS YOUR DNS
Server Manager > AD users and computers > computers > you’ll see it here.
Create a VM on Azure
Azuer > resource groups (area to add azure objects) >resource group “vmtest” > review > create > Go into it. > create > search for windows server 2022 > click it > search for 2022 in drop down box > create > AzureDC1 (for the name) > anyway, just go through the options until you pay for it.
To stop is:
Click on the AzureDC1 object and click Stop
Click the azuerdc1 object, copy the ip > click connect > open the file.
Azure pricing calculator < - if you want to know how much this will cost.
What is RODC?
Read only domain controller
This can be useful if you have a small office somewhere where they don’t have a full time IT person. We can add a RODC here that can authenticate users. This is so something doesn’t mess up the whole Forest. This won’t replicate out, only things outside replicate in.
If it doesn’t have a password, it will request it to login from the rw DC.
It can actually have DNS.
Set up a RODC server:
pre-stage
Add user to RODC group for fast authentication caching
pre-stage - you plan to set up a RODC server in the future. Like you have a server shipped to a location and you want it to be ready for it.
You can make this faster by disabling the NIC
Server Manager > tools > AD Users and Computers > Domain Controllers OU > Right click pre-create… > Group or user (you can give this to someone down at the location that I can help to configure there server) >
To specify what accounts will be cached for passwords
Right click RODC server > properties > Password Replication Policy > Deny all but one group, the employees will go into that allowed group.
Create a user and put them in that group
Create a RODC server from the server itself
Install AD > promote to DC > add to domain >
If you have an error during this it needs to have the DC as the DNS
