Active Directory Basics Quiz

Questions and Answers

What is one task you can perform using the Active Directory Administrative Center (ADAC)?

Change the computer's operating system

Configure network routers

Install new hardware components

Create and manage users, groups, and computer accounts (correct)

A read-only domain controller (RODC) can write data to the Active Directory.

False

What are the two variations for adding a domain to an existing forest?

Add a child domain and add a new tree.

The Active Directory Administrative Center (ADAC) is built on _____.

PowerShell

Match the following Active Directory tasks with their described actions:

Create users = Manage user accounts in the directory Change Domain Functional Level = Adjust feature sets available in Active Directory Connect to other DCs = Establish connections with domain controllers in the same or different domains Enable AD Recycle Bin = Allow recovery of deleted objects in Active Directory

Which protocol is the basis for integrating other operating systems into an Active Directory network?

Lightweight Directory Access Protocol (LDAP)

Active Directory is solely an administrative tool and users do not utilize it.

False

What role does a domain controller serve in an Active Directory environment?

It stores a copy of the domain data and provides authentication and authorization services.

An Active Directory ______ is a collection of one or more Active Directory trees.

forest

What is the core structural unit of an Active Directory?

Domain

Match the following components of Active Directory with their descriptions:

Organizational Units (OUs) = Used to organize a network's users and resources Domains = Core structural unit representing policy boundaries Trees = Grouping of domains that share a naming structure Forests = Collection of one or more Active Directory trees

Active Directory was first introduced with Windows 2000 Server.

True

The ______ protocol is based on X.500 and uses TCP/IP for directory access.

Lightweight Directory Access Protocol (LDAP)

What does the term 'scalability' refer to in the context of Active Directory?

The ability to expand and accommodate more users and resources as needed.

Which of the following is NOT a feature of Active Directory?

Internet browsing

What should you select if you want to add a domain controller to an existing domain?

Add a domain controller to an existing domain

The fully qualified domain name (FQDN) includes only the root domain.

False

What mode must the password be entered for when configuring Directory Services Restore Mode (DSRM)?

Restore operations

To create the necessary records on the DNS server for the new domain, you must create the ______.

DNS delegation

Match the following Active Directory components with their functions:

DNS server = Resolving domain names Global Catalog = Centralized information repository Read only domain controller (RODC) = Provides read-only access to AD Active Directory database = Stores directory information

Which of the following is a recommended practice for domain controllers (DC)?

Install at least two DCs in every domain

In the Paths window, you specify the location of Active Directory database, log files, and SYSVOL folder.

True

What should be done before starting the Active Directory installation?

Prerequisite check

What defines the type, organization, and structure of data stored in Active Directory?

Active Directory Schema

An OU can organize multiple objects but cannot have specific policies relevant to that group.

False

Name one of the three container objects found in Active Directory.

Organizational Unit, Folder Object, or Domain object.

A container object in Active Directory is used to __________ and manage users and resources on the network.

organize

Match the following folder objects with their functions:

Builtin = Houses default groups created by Windows Computers = Default location for computer accounts Foreign Security Principals = Contains user accounts from other domains Users = Stores two default users (Administrator and Guest)

What type of object does not contain other objects and typically represents a user or a network resource?

Leaf Object

The domain object in Active Directory is represented by an icon with two tower computers.

False

What is the primary purpose of Organizational Units (OUs) in Active Directory?

To organize and manage resources in a domain.

A __________ object can have its authority delegated in Active Directory.

Organizational Unit

Which of the following can represent the core logical structure in Active Directory?

Domain Object

Which of the following policies are defined in the User Configuration node?

Software Settings

The policies defined in the Computer Configuration node only affect domain users.

False

What is the broadest logical component of Active Directory?

forest

The Active Directory Recycle Bin can be enabled in ____, but it cannot be disabled once enabled.

ADAC

Match the following Active Directory objects with their descriptions:

Container objects = Used to organize and hold other objects Leaf objects = Represent individual accounts and resources Directory partitions = Sections of the Active Directory database Domain = The primary administrative unit in Active Directory

Which statement accurately describes how Group Policies are applied?

Policies are applied in Local Computer, Site, Domain, and Organizational Unit order.

The last policy defined in Group Policies will take precedence over previously defined policies.

True

How can Active Directory objects be located?

Using search functions in Active Directory Users and Computers and Windows Explorer.

The __________ component in Active Directory is primarily responsible for user and computer management.

Domain

What do Administrative templates in the User Configuration node allow administrators to manage?

Settings for controlling user environments

What type of user account is authorized to access resources only on that specific computer?

Local user account

A Stub zone contains a read/write copy of all resource records for its zone.

False

Name one role that is part of the Flexible Single Master Operation (FSMO) roles.

Schema Master

The account created by Windows that has broader access to resources is called the ______ account.

Administrator

Which command is used in PowerShell to view the holder of the three domain-wide roles?

Get-AD Domain

Trust relationships in Active Directory allow access to resources across domains without needing permissions.

False

What is the main function of a Global Catalog server?

Facilitates domain and forest-wide searches

Replication occurs between domain controllers in the same site, known as ______ replication.

intrasite

Match the following directory partition types with their descriptions:

Domain directory = Contains all objects in a domain Schema directory = Defines AD objects and attributes Global catalog = Partial replica of all objects in the forest Configuration partition = Contains information affecting the entire forest

What is the purpose of the Knowledge Consistency Checker (KCC)?

To determine the replication topology

Computer account objects represent users that are managed in the domain.

False

What two default Group Policy Objects (GPOs) are created upon installing Active Directory?

Default Domain Policy and Default Domain Controllers Policy

A ______ zone contains a read-only copy of the necessary A records to resolve NS records.

Stub

Which type of user account allows a single logon for users to access resources in the domain?

Domain user account

Study Notes

Windows Domain Administration

• CST8200 course, taught by Denis Latremouille
• Week 3 material

Role of a Directory Service

• Stores information about a computer network
• Provides features to retrieve and manage network information
• Primarily used as an administrative tool, but users utilize it for resource discovery
• Requires careful planning before implementation due to complexity

Windows Active Directory

• A directory service based on industry standards
• Defines, stores, and accesses directory service objects
• Hierarchical structure based on the X.500 standard
• Employs Lightweight Directory Access Protocol (LDAP), built on the X.500 protocol
• Uses the more efficient TCP/IP protocol
• Allows integration of other operating systems like Linux using LDAP
• First implemented in Windows 2000 Server

Active Directory Features

• Hierarchical organization
• Centralized but distributed database
• Scalable
• Secure
• Flexible
• Policy-based administration

Active Directory Structure

• Physical structure: Consists of sites and servers configured as domain controllers.
• Logical structure: Creates a directory service that reflects the company's structure. Enables users to easily find resources in accordance with organizational structure.

Active Directory's Physical Structure

• An Active Directory site is a physical location where domain controllers communicate and replicate information periodically.
• Domain Controllers (DCs) – A computer running Windows Server 2016 with the Active Directory Domain Services role installed.
• One domain controller has a full replica of all the objects in the corresponding domain.
• Domain controllers are responsible for storing a copy of the domain data and regularly replicating those changes to other domain controllers.
• DCs provide data searches for users, facilitate authentication and authorization for users accessing network resources in the domain.

Active Directory's Logical Structure

• This structure is based on 4 components: organizational Units (OUs), domains, trees, and forests.
• Organizational Unit (OU): A container in Active Directory for organizing users and resources into logical administrative units.
• OUs contain various objects within the network like user accounts, groups, applications, servers, and domain controllers.
• Domains: The core logical unit of Active Directory. Small to medium businesses typically have only one domain while larger companies may have several domains for geographic or administrative reasons. A domain contains OUs and represents administrative, security, and policy boundaries.
• Trees: A grouping of domains with a shared naming structure. A tree may have a parent domain and 0 or more child domains.
• Forests: A grouping of one or more trees that create a common Active Directory environment, in which all domains can communicate and share information. A forest may consist of a single tree with a domain or multiple trees and respective parent-child domains

Installing Active Directory

• Use Server Manager to install ADDS.
• If DNS is not already present, install the DNS Server Role.
• After installation, configure Active Directory by promoting a server to a domain controller.
• Choose whether to add to an existing domain, a new domain to an existing forest, or a new forest (first DC) from the Deployment Configuration window.
• Provide the fully qualified domain name (FQDN) for the new forest root.
• Choose forest and domain functional levels and required domain controller capabilities
• Specify the location for the Active Directory database, log files, and SYSVOL folder
• Complete the prerequisite check

Installing Additional Domain Controllers

• Microsoft recommends at least two domain controllers (DCs) for fault tolerance and load balancing.
• Installing an additional DC within an existing domain is similar to installing the first DC.
• The key difference is selecting "Add a domain controller to an existing domain" instead of "Add a new forest".
• Important considerations when adding a new DC include whether to install DNS, if the DC should be a global catalog (GC) server or a read-only domain controller (RODC), and in which site the new controller should be located.

Installing a New Domain into an Existing Forest

• Two main variations for adding a new domain:
• Adding a child domain: The new domain shares at least the top-level and second-level domain naming structure.
• Adding a new tree: The new domain has a separate naming structure from existing domains.

What's Inside Active Directory

• Active Directory Administrative Center (ADAC) or Active Directory Users and Computers MMC are used for viewing and managing Active Directory.
• AD tasks include creating and managing users, groups, and computer accounts. Managing organizational units. Connecting to other domain controllers. Changing domain functional levels. Enabling the AD Recycle Bin.

Active Directory Schema

• An object represents a group of information that defines a network resource.
• The schema defines the types, organization, and structure of data in the AD database.
• Schema classes define object types.
• Schema attributes define data types within objects.
• Information stored in each attribute is called the attribute value.

Active Directory Container Objects

• Container objects hold other objects within a network. These objects are used to organize and manage users and network resources.
• Common container objects are organizational units (OUs), folder objects, and domain objects.

Organizational Units (OUs)

• OUs act as primary containers for organizing and managing network resources within a domain.
• OUs group objects into administrative groups with associated policies.
• OUs can have multiple levels, creating a hierarchical structure mimicking the organizational structure of the company.

Folder Objects

• Default folders are created by Windows.
• The Computers folder contains computer accounts, created when a new computer or server becomes a domain member.
• The Foreign Security Principals folder holds user accounts from other domains.
• The Managed Service Accounts folder is used for accessing domain resources by services.
• The Users folder contains two default users—Administrator and Guest—along with several default groups.

Domain Objects

• The domain is the core logical structure of Active Directory.
• The domain contains organizational units (OUs) and folder objects.
• Larger companies use multiple domains to enhance administration and isolate security boundaries or to facilitate distinct administrative responsibilities.
• A domain object in Active Directory is represented as an icon with three tower computers.

Active Directory Leaf Objects

• Leaf objects contain no other objects
• Common leaf objects are security accounts, network resources, and group policies.

User Accounts

• User account objects provide information like group memberships, restrictions, profile paths, and dial-in permissions.
• Authentication verifies a user's identity, enabling access rights based on account type (local or domain).
• Local User accounts are confined to one computer; Domain user accounts provide access to multiple resources within a domain.

Zone Types

• Primary Zone: Contains read/write master copy of all resource records. Authoritative for the zone.
• Secondary Zone: Contains a read-only copy of all records. Authoritative for the zone.
• Stub Zone: Contains read-only copy of SOA and NS records for a zone. Not authoritative, but helps resolve NS records.

Groups

• A group object is a collection of users with common permissions or rights.
• Permissions define which resources users can access and what level of access they have.
• Rights define actions users can execute on a network or computer.
• Groups are more efficient than individually assigning rights.

Computer Accounts

• A computer account represents a domain controller or domain member.
• Used for identifying, authenticating, and managing computers within a domain.
• Computer accounts are automatically created when Active Directory is installed on a server.
• A computer account name must match the computer it represents.

Locating Active Directory Objects

• Objects are searchable from the Find Users, Contacts, and Groups dialog box.
• Searches can involve a single domain or the entire directory (all domains).
• Availability to users depends on security settings and the object's container.

Active Directory Terminology

• Concepts associated with replication, directory partitions, operation masters, and trust relationships.

Active Directory Replication

• Replication: process of maintaining consistent data across multiple locations, particularly important in distributed computing environments.
• Intrasite Replication: data replication among servers within the same site.
• Intersite Replication: data replication between servers in different physical sites.
• Multimaster Replication: a type of replication where multiple servers have the rights to modify the data, which is frequently used by Active Directory.
• KCC (Knowledge Consistency Checker) runs on all domain controllers to determine the replication topology. The process defines replication paths and limits the number of hops between any two domain controllers.

###Directory partitions

• These partitions organize the Active Directory database
• Five types of partitions:
• Domain directory partition: Contains all objects within a domain.
• Schema directory partition: Defines the elements (attributes and classes) used within Active Directory.
• Global catalog partition: Stores a replica of objects in the forest, so users can seek access to resources across the domain.
• Application directory partition: Used by applications and services.
• Configuration partition: Stores Active Directory configuration information that affects the entire forest.

Operations Master Roles

• Operations masters are domain controllers that perform certain functions in a domain or forest.
• Roles include Schema Master, Infrastructure Master, Domain Naming Master, RID Master, PDC Emulator Master; these are also known as Flexible Single Master Operation (FSMO) roles. Certain functions require a single controller within the domain or forest.

Trust Relationships

• Active Directory trust relationships define whether and how security principals from one domain can access resources in another domain.
• Trusts enhance access and data sharing, making it easier for users to interact across domains.
• Trust relationships are often established automatically, but they don't equal permission; users still need permissions to access resources. When a trust relationship does not exist between domains, no access is possible.

Role of Forests

• Domains in a forest share a common schema, administrative accounts, operations masters, global catalogs, trusts between domains, and replication between domains for improved interoperability, data sharing, and administration.

Importance of the Global Catalog Server

• A Global Catalog (GC) server stores partial copies of all objects, which aids in searching for objects and facilitating log-ons across domains.
• The first domain controller (DC) installed in a forest is automatically designated as a GC.
• Additional GC servers can be added for performance and greater search capabilities (and to distribute the load in large domains).

Introducing Group Policies

• Group Policy Objects (GPOs) are configurations used remotely to configure user and computer environments in a central organization.
• GPOs define the targets (users, computers) and policies they apply to.
• Installing Active Directory creates two GPOs as defaults: Default Domain Policy and Default Domain Controllers Policy.
• The Group Policy Management Console (GPMC) is used to manage the GPOs.

Computer Configuration Node and User Configuration Node

• Computer Configuration node: Contains settings for computers. Subfolders include Software Settings (managing applications remotely), Windows Settings (various configuration settings), and Administrative Templates (pre-defined configuration).
• User Configuration node: Contains settings for users. Subfolders include Software Settings (managing applications), Windows Settings (user preferences), and Administrative Templates (pre-defined settings).

How Group Policies Are Applied

• GPOs are applied in a specific order: Local Computer, Site, Domain, Organizational Unit.
• The last defined policy takes precedence.
• Policies not explicitly defined are not applied.

Chapter Summary

• Directory service stores network resource information, facilitating user, computer, and resource management throughout the network.
• Active Directory is built on the X.500 standard and LDAP.
• The first domain controller creates the forest and the root domain.
• Active Directory data is structured into objects (containers and leaf objects).
• Leaf objects represent security accounts, network resources, and GPOs.
• The Active Directory Recycle Bin can be enabled in Active Directory Administrative Center (ADAC).

Description

Test your knowledge of Active Directory concepts and functionalities. This quiz covers key components, roles, and protocols associated with Active Directory. It's perfect for IT professionals and students alike!