Week 4 - Active Directory Flashcards

1
Q

What does GPO stand for?

A

Group Policy Objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do GPO do?

A

ways to manage the configuration of Windows machines

(Active Directory is the central repository of GPOs)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is the Active Directory tool ADAC stand for?

A

Active Directory Administrative Center

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What kind of tool is ADAC?

A

It’s a tool that we’ll use for lots of the everyday tasks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Much like file systems, directory services are ________

A

hierarchical

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What’s an OU?

A

A folder or directory for organizing objects within a centralized management system

an organizational unit is the actual folder that organizes objects

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can ordinary containers contain other containers?

A

No, only OUs can contain other OUs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a forest and what does it contain?

A

a forest is a level of hierarchy that is above a domain in tree view, a forest contains one or more domains

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What’s the very first node in the AD tree? What are 2 things it contains? (3 total)

A

the domain

contains a short name, like example
, and the DNS name, like example.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

In which container are new AD computer accounts created?

A

In the Computers container under the domain tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When are computer accounts created?

A

when a computer is joined to the AD domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are domain controllers?

A

they are servers that host the copies of the Active Directory database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which container contains the domain controllers that are created by default?

A

the “Domain Controllers” container under the domain tree

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are 5 services that domain controllers provide on the network?

A
  1. host a replica of AD database and GPOs
  2. serve as DNS service, provides name resolution and service discovery to clients
  3. provides central authentication via Kerberos
  4. Decide when computers/users can log into the domain
  5. Decide whether the computers/users have access to shared resources (file systems, printers, etc.)

(this is how sys admins can create a system-wide user account that recognizes a new user on every device almost immediately)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

It’s common for most domain controllers in AD network to be what 3 things?

A
  1. read
  2. write
  3. replicas

(each have a copy of the database and can make changes to it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does FSMO stand for?

A

Flexible single master operations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What does FSMO do?

A

Changes to the AD database that can only be safely made by 1 DC at a time are tasked to a single domain controller that’s granted FSMO (flexible single master operations)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

For computers to take advantage of the central authentication service of AD, what needs to happen?

A

they need to be joined/bound to Active Directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What does it mean when you join a computer to AD? (2)

A
  1. AD knows about the computer and provisions a computer account for it
  2. The computer knows about the AD domain and authenticates it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What does SAM stand for?

A

Security Account Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What does SAM do?

A

A database in Windows that stores usernames and passwords

(also a field in the create a new user window that means username)

22
Q

How many categories of group are there in active directory?

A

2

Security Group
Distribution Group

23
Q

What’s the most common category of group?

A

security group

24
Q

What do security groups contain? (3)

A

user accounts, computer accounts, or other security groups

25
Q

What are 2 examples of security groups?

A
  1. Domain users
  2. Domain admins
26
Q

What is a distribution group?

A

Only designed to group accounts and contacts for email communication

(not used to grant permissions to resources)

27
Q

What is group scope?

A

identifies the extent to which the group is applied in the domain tree or forest

28
Q

What is domain local used for? [group scope]

A

used to assign permission to a resource

29
Q

What’s an example of using domain local?

A

creating a domain local group that has read access to a network share (called Research Share Readers) and another with write access called Research Share Writers

30
Q

What is Global used for? [group scope]

A

used to group accounts into a role

31
Q

What are the 3 group scopes?

A
  1. Univeral
  2. Global
  3. Domain Local
32
Q

Does AD store a user’s password?

A

No it stores a one way cryptographic hash of the password

33
Q

What is a workgroup computer?

A

a Windows computer that isn’t joined to a domain

34
Q

How do you join a computer to AD via CLI?

A

Add-Computer -DomainName ‘example.com’ -Server ‘dcl’

35
Q

How do you get the AD version via CLI?

A

Get-AdForest

then

Get-AdDomain

36
Q

What are functional levels?

A

The several versions of active directory

37
Q

How do you join a computer to AD via GUI? Windows

A

This PC > Computer > System Properties > Change Settings > Change > Select Domain > Enter domain name (example.com)

38
Q

What is a forest?

A

A forest contains one or more domains

39
Q

What is tree view?

A

Tree view is the individual branches of the forest [domain (example (local), DAC, Authentication containers]

40
Q

Who can access files encrypted by the Encrypting File System (EFS)?

Besides

A

Besides the user who encrypts a file, only designated recovery agent personnel can decrypt it

41
Q

What makes EFS secure?

prevents

A

Prevents techniques that circumvent the restrictions of access control lists (ACLs) for sensitive files on computers shared by several users and on portable computers.

42
Q

How do you simply define a directory service?

A

they are services that are used to store information about objects

43
Q

What are “objects”?

A

things in your network that you want to be able to reference or manage

44
Q

What does GPO stand for?

A

Group Policy Objects

45
Q

What are GPOs?

A

a Group Policy Object is a set of policies and preferences that can be applied to a group of objects in the directory

46
Q

What can a GPO contain? (3)

A
  1. computer configuration
  2. user configuration
  3. both
47
Q

When is computer and user configuration applied? (2)

A

Computer configuration = when the computer starts and signs into AD domain
User configuration = when the user logs onto the computer

48
Q

How is the GPO enforced when it’s in effect?

A

It’s enforced and checked every few minutes

49
Q

What’s the difference between policies and group policy preferences, which are what make up GPOs? (2)

A
  1. Policies - Aren’t changed, settings are reapplied every set amount of minutes (by default every 90 minutes)
  2. Preferences - Settings that are meant to be a template for settings
50
Q

How do domain-joined computers get the GPOs?

A

the domain controller gives the computer a list of group policies that it should apply

51
Q

What does the special folder SYSVOL contain?

A

It contains the GPO policies that should be applied to the computer (the computer downloads it from this folder)

52
Q

What does the Windows registry contain?

(use to store ___data)

A

a hierarchical database of settings that Windows and apps use for storing configuration data