Active Directory Basics Quiz

Questions and Answers

What is one task you can perform using the Active Directory Administrative Center (ADAC)?

• Change the computer's operating system
• Configure network routers
• Install new hardware components
• Create and manage users, groups, and computer accounts (correct)

A read-only domain controller (RODC) can write data to the Active Directory.

False (B)

What are the two variations for adding a domain to an existing forest?

Add a child domain and add a new tree.

The Active Directory Administrative Center (ADAC) is built on _____.

PowerShell

Match the following Active Directory tasks with their described actions:

Create users = Manage user accounts in the directory Change Domain Functional Level = Adjust feature sets available in Active Directory Connect to other DCs = Establish connections with domain controllers in the same or different domains Enable AD Recycle Bin = Allow recovery of deleted objects in Active Directory

Which protocol is the basis for integrating other operating systems into an Active Directory network?

Lightweight Directory Access Protocol (LDAP) (A)

Active Directory is solely an administrative tool and users do not utilize it.

False (B)

What role does a domain controller serve in an Active Directory environment?

It stores a copy of the domain data and provides authentication and authorization services.

An Active Directory ______ is a collection of one or more Active Directory trees.

forest

What is the core structural unit of an Active Directory?

Domain (A)

Match the following components of Active Directory with their descriptions:

Organizational Units (OUs) = Used to organize a network's users and resources Domains = Core structural unit representing policy boundaries Trees = Grouping of domains that share a naming structure Forests = Collection of one or more Active Directory trees

Active Directory was first introduced with Windows 2000 Server.

True (A)

The ______ protocol is based on X.500 and uses TCP/IP for directory access.

Lightweight Directory Access Protocol (LDAP)

What does the term 'scalability' refer to in the context of Active Directory?

The ability to expand and accommodate more users and resources as needed.

Which of the following is NOT a feature of Active Directory?

Internet browsing (A)

What should you select if you want to add a domain controller to an existing domain?

Add a domain controller to an existing domain (D)

The fully qualified domain name (FQDN) includes only the root domain.

False (B)

What mode must the password be entered for when configuring Directory Services Restore Mode (DSRM)?

Restore operations

To create the necessary records on the DNS server for the new domain, you must create the ______.

DNS delegation

Match the following Active Directory components with their functions:

DNS server = Resolving domain names Global Catalog = Centralized information repository Read only domain controller (RODC) = Provides read-only access to AD Active Directory database = Stores directory information

Which of the following is a recommended practice for domain controllers (DC)?

Install at least two DCs in every domain (C)

In the Paths window, you specify the location of Active Directory database, log files, and SYSVOL folder.

True (A)

What should be done before starting the Active Directory installation?

Prerequisite check

What defines the type, organization, and structure of data stored in Active Directory?

Active Directory Schema (A)

An OU can organize multiple objects but cannot have specific policies relevant to that group.

False (B)

Name one of the three container objects found in Active Directory.

Organizational Unit, Folder Object, or Domain object.

A container object in Active Directory is used to __________ and manage users and resources on the network.

organize

Match the following folder objects with their functions:

Builtin = Houses default groups created by Windows Computers = Default location for computer accounts Foreign Security Principals = Contains user accounts from other domains Users = Stores two default users (Administrator and Guest)

What type of object does not contain other objects and typically represents a user or a network resource?

Leaf Object (B)

The domain object in Active Directory is represented by an icon with two tower computers.

False (B)

What is the primary purpose of Organizational Units (OUs) in Active Directory?

To organize and manage resources in a domain.

A __________ object can have its authority delegated in Active Directory.

Organizational Unit

Which of the following can represent the core logical structure in Active Directory?

Domain Object (D)

Which of the following policies are defined in the User Configuration node?

Software Settings (A)

The policies defined in the Computer Configuration node only affect domain users.

False (B)

What is the broadest logical component of Active Directory?

forest

The Active Directory Recycle Bin can be enabled in ____, but it cannot be disabled once enabled.

ADAC

Match the following Active Directory objects with their descriptions:

Container objects = Used to organize and hold other objects Leaf objects = Represent individual accounts and resources Directory partitions = Sections of the Active Directory database Domain = The primary administrative unit in Active Directory

Which statement accurately describes how Group Policies are applied?

Policies are applied in Local Computer, Site, Domain, and Organizational Unit order. (C)

The last policy defined in Group Policies will take precedence over previously defined policies.

True (A)

How can Active Directory objects be located?

Using search functions in Active Directory Users and Computers and Windows Explorer.

The __________ component in Active Directory is primarily responsible for user and computer management.

Domain

What do Administrative templates in the User Configuration node allow administrators to manage?

Settings for controlling user environments (C)

What type of user account is authorized to access resources only on that specific computer?

Local user account (B)

A Stub zone contains a read/write copy of all resource records for its zone.

False (B)

Name one role that is part of the Flexible Single Master Operation (FSMO) roles.

Schema Master

The account created by Windows that has broader access to resources is called the ______ account.

Administrator

Which command is used in PowerShell to view the holder of the three domain-wide roles?

Get-AD Domain (D)

Trust relationships in Active Directory allow access to resources across domains without needing permissions.

False (B)

What is the main function of a Global Catalog server?

Facilitates domain and forest-wide searches

Replication occurs between domain controllers in the same site, known as ______ replication.

intrasite

Match the following directory partition types with their descriptions:

Domain directory = Contains all objects in a domain Schema directory = Defines AD objects and attributes Global catalog = Partial replica of all objects in the forest Configuration partition = Contains information affecting the entire forest

What is the purpose of the Knowledge Consistency Checker (KCC)?

To determine the replication topology (D)

Computer account objects represent users that are managed in the domain.

False (B)

What two default Group Policy Objects (GPOs) are created upon installing Active Directory?

Default Domain Policy and Default Domain Controllers Policy

A ______ zone contains a read-only copy of the necessary A records to resolve NS records.

Stub

Which type of user account allows a single logon for users to access resources in the domain?

Domain user account (A)

Flashcards

Active Directory Configuration

Setting up Active Directory on a server after installation.

Promote Server to DC

Making a server an Active Directory Domain Controller (DC).

Deployment Configuration Options

Choosing how to add a new domain controller; options include adding to an existing domain/forest or creating a new forest root.

Fully Qualified Domain Name (FQDN)

Complete domain name including all levels (e.g., example.com).

Domain Controller Options

Configuring functional levels and capabilities (e.g., DNS, Global Catalog, RODC) for a domain controller.

Directory Services Restore Mode (DSRM)

Boot mode for restoring Active Directory in case of corruption or accidental deletion.

DNS Delegation

Setting up DNS records for the new domain on the DNS server.

Additional Domain Controllers

Installing more domain controllers in an existing domain for better performance and fault tolerance.

Active Directory

A directory service for managing computer network information.

Directory Service

A system for storing and retrieving information about a network.

Domain Controller (DC)

A computer running Windows Server with Active Directory services installed.

Organizational Unit (OU)

A logical container for organizing users, computers, and resources in Active Directory.

Domain

A core structural unit in Active Directory, containing OUs and representing administrative boundaries.

Tree

A grouping of domains sharing a common naming structure.

Forest

A collection of one or more Active Directory trees within a common environment.

LDAP

Lightweight Directory Access Protocol; a protocol for accessing directory services.

Active Directory Site

A physical location where domain controllers communicate and replicate information.

Installing ADDS

The process of setting up Active Directory Domain Services on a Windows Server.

Adding a child domain

Adding a domain that shares the top-level and second-level domain name structure with an existing domain in the forest.

Adding a new tree

Adding a new domain with a separate naming structure from any existing domains in the forest.

Active Directory Administrative Center (ADAC)

A tool used to explore and manage Active Directory, including creating and managing users, groups, computer accounts, and organizational units (OUs).

Active Directory Users and Computers MMC

Another tool for managing Active Directory objects like users, groups, and computers.

Functional Level

A setting that determines the features and capabilities available within Active Directory.

What is an Active Directory Object?

An object is a collection of data that describes a network resource, such as a user, computer, or printer. It's like a digital profile with specific information about the resource.

What does the AD Schema Define?

The schema defines the structure and organization of the data stored in the Active Directory database. It determines the types of objects allowed and the information stored within them.

What are Schema Classes?

Schema classes define the different types of objects that can be stored in Active Directory. For example, there are classes for users, groups, computers, and printers.

What are Schema Attributes?

Schema attributes specify the types of information stored in each object. Examples include user names, passwords, or printer location.

What are Container Objects?

Container objects hold other objects within them, like folders in a file system. They help organize and manage resources in a domain.

What are Organizational Units (OUs)?

OUs are primary container objects for organizing and managing resources in a domain. They allow grouping objects based on administrative needs and applying specific policies to them.

How are Folder Objects used?

Folder objects are containers for specific types of objects. They are organized into different categories like 'Builtin' (for default Windows groups), 'Computers' (for computer accounts), and 'Users' (for user accounts).

What is the Domain Object?

The domain is the core of Active Directory, containing all other objects. It's like the main folder for the entire domain.

What are Leaf Objects?

Leaf objects are individual resources that don't contain other objects. They represent things like users, computers, groups, printers, or file shares.

What are the Different Types of Leaf Objects?

Leaf objects include security accounts (users, groups, computers) and network resources like servers, domain controllers, file shares, and printers.

Computer Configuration Node

A section within a Group Policy Object (GPO) that applies settings to all computers in the GPO's scope. These settings affect the operating system, software, and network configurations.

User Configuration Node

A section within a Group Policy Object (GPO) that applies settings to all users within the GPO's scope. It manages settings like application access, security, and folder redirection.

What are policies?

A set of rules or guidelines that govern how systems and users behave within a network.

Local Computer

The first place Group Policy settings are applied. These settings are only for the specific computer they're applied to.

GPO Application Order

Group Policy settings are applied in a specific order: Local Computer, Site, Domain, and Organizational Unit.

Last Policy Takes Precedence

If multiple GPOs apply to the same computer, the last one applied takes precedence.

Precedence of Policies

Policies that are higher in the application order take precedence over lower ones.

GPO

A list of settings used by administrators to configure user and computer environments remotely.

Local User Account

A user account that is authorized to access resources only on a specific computer.

Domain User Account

A user account that provides a single logon for users to access resources in the entire domain.

Primary Zone

A zone containing a read/write master copy of all resource records. It's the authoritative source.

Secondary Zone

A zone containing a read-only copy of all resource records. It's a backup, not the primary source.

Stub Zone

A zone containing a read-only copy of essential records, like the SOA and NS records.

Group

A collection of users with common permissions or rights.

Permission

What users can access and the level of access they have to a resource.

Right

Types of actions a user can perform on a computer or network.

Computer Account

An object representing a computer that's a domain controller or member, used for identification and management.

Replication

The process of making sure Active Directory information is copied to all domain controllers to maintain consistency.

Domain Directory Partition

A section of the Active Directory database containing all objects within a specific domain.

Schema Directory Partition

A section of the Active Directory database containing information about object types and attributes.

Global Catalog Partition

A section of the Active Directory database containing a partial replica of all objects in the forest.

Operations Master

A domain controller solely responsible for specific operations within a forest.

Study Notes

Windows Domain Administration

• CST8200 course, taught by Denis Latremouille
• Week 3 material

Role of a Directory Service

• Stores information about a computer network
• Provides features to retrieve and manage network information
• Primarily used as an administrative tool, but users utilize it for resource discovery
• Requires careful planning before implementation due to complexity

Windows Active Directory

• A directory service based on industry standards
• Defines, stores, and accesses directory service objects
• Hierarchical structure based on the X.500 standard
• Employs Lightweight Directory Access Protocol (LDAP), built on the X.500 protocol
• Uses the more efficient TCP/IP protocol
• Allows integration of other operating systems like Linux using LDAP
• First implemented in Windows 2000 Server

Active Directory Features

• Hierarchical organization
• Centralized but distributed database
• Scalable
• Secure
• Flexible
• Policy-based administration

Active Directory Structure

• Physical structure: Consists of sites and servers configured as domain controllers.
• Logical structure: Creates a directory service that reflects the company's structure. Enables users to easily find resources in accordance with organizational structure.

Active Directory's Physical Structure

• An Active Directory site is a physical location where domain controllers communicate and replicate information periodically.
• Domain Controllers (DCs) – A computer running Windows Server 2016 with the Active Directory Domain Services role installed.
• One domain controller has a full replica of all the objects in the corresponding domain.
• Domain controllers are responsible for storing a copy of the domain data and regularly replicating those changes to other domain controllers.
• DCs provide data searches for users, facilitate authentication and authorization for users accessing network resources in the domain.

Active Directory's Logical Structure

• This structure is based on 4 components: organizational Units (OUs), domains, trees, and forests.
• Organizational Unit (OU): A container in Active Directory for organizing users and resources into logical administrative units.
• OUs contain various objects within the network like user accounts, groups, applications, servers, and domain controllers.
• Domains: The core logical unit of Active Directory. Small to medium businesses typically have only one domain while larger companies may have several domains for geographic or administrative reasons. A domain contains OUs and represents administrative, security, and policy boundaries.
• Trees: A grouping of domains with a shared naming structure. A tree may have a parent domain and 0 or more child domains.
• Forests: A grouping of one or more trees that create a common Active Directory environment, in which all domains can communicate and share information. A forest may consist of a single tree with a domain or multiple trees and respective parent-child domains

Installing Active Directory

• Use Server Manager to install ADDS.
• If DNS is not already present, install the DNS Server Role.
• After installation, configure Active Directory by promoting a server to a domain controller.
• Choose whether to add to an existing domain, a new domain to an existing forest, or a new forest (first DC) from the Deployment Configuration window.
• Provide the fully qualified domain name (FQDN) for the new forest root.
• Choose forest and domain functional levels and required domain controller capabilities
• Specify the location for the Active Directory database, log files, and SYSVOL folder
• Complete the prerequisite check

Installing Additional Domain Controllers

• Microsoft recommends at least two domain controllers (DCs) for fault tolerance and load balancing.
• Installing an additional DC within an existing domain is similar to installing the first DC.
• The key difference is selecting "Add a domain controller to an existing domain" instead of "Add a new forest".
• Important considerations when adding a new DC include whether to install DNS, if the DC should be a global catalog (GC) server or a read-only domain controller (RODC), and in which site the new controller should be located.

Installing a New Domain into an Existing Forest

• Two main variations for adding a new domain:
• Adding a child domain: The new domain shares at least the top-level and second-level domain naming structure.
• Adding a new tree: The new domain has a separate naming structure from existing domains.

What's Inside Active Directory

• Active Directory Administrative Center (ADAC) or Active Directory Users and Computers MMC are used for viewing and managing Active Directory.
• AD tasks include creating and managing users, groups, and computer accounts. Managing organizational units. Connecting to other domain controllers. Changing domain functional levels. Enabling the AD Recycle Bin.

Active Directory Schema

• An object represents a group of information that defines a network resource.
• The schema defines the types, organization, and structure of data in the AD database.
• Schema classes define object types.
• Schema attributes define data types within objects.
• Information stored in each attribute is called the attribute value.

Active Directory Container Objects

• Container objects hold other objects within a network. These objects are used to organize and manage users and network resources.
• Common container objects are organizational units (OUs), folder objects, and domain objects.

Organizational Units (OUs)

• OUs act as primary containers for organizing and managing network resources within a domain.
• OUs group objects into administrative groups with associated policies.
• OUs can have multiple levels, creating a hierarchical structure mimicking the organizational structure of the company.

Folder Objects

• Default folders are created by Windows.
• The Computers folder contains computer accounts, created when a new computer or server becomes a domain member.
• The Foreign Security Principals folder holds user accounts from other domains.
• The Managed Service Accounts folder is used for accessing domain resources by services.
• The Users folder contains two default users—Administrator and Guest—along with several default groups.

Domain Objects

• The domain is the core logical structure of Active Directory.
• The domain contains organizational units (OUs) and folder objects.
• Larger companies use multiple domains to enhance administration and isolate security boundaries or to facilitate distinct administrative responsibilities.
• A domain object in Active Directory is represented as an icon with three tower computers.

Active Directory Leaf Objects

• Leaf objects contain no other objects
• Common leaf objects are security accounts, network resources, and group policies.

User Accounts

• User account objects provide information like group memberships, restrictions, profile paths, and dial-in permissions.
• Authentication verifies a user's identity, enabling access rights based on account type (local or domain).
• Local User accounts are confined to one computer; Domain user accounts provide access to multiple resources within a domain.

Zone Types

• Primary Zone: Contains read/write master copy of all resource records. Authoritative for the zone.
• Secondary Zone: Contains a read-only copy of all records. Authoritative for the zone.
• Stub Zone: Contains read-only copy of SOA and NS records for a zone. Not authoritative, but helps resolve NS records.

Groups

• A group object is a collection of users with common permissions or rights.
• Permissions define which resources users can access and what level of access they have.
• Rights define actions users can execute on a network or computer.
• Groups are more efficient than individually assigning rights.

Computer Accounts

• A computer account represents a domain controller or domain member.
• Used for identifying, authenticating, and managing computers within a domain.
• Computer accounts are automatically created when Active Directory is installed on a server.
• A computer account name must match the computer it represents.

Locating Active Directory Objects

• Objects are searchable from the Find Users, Contacts, and Groups dialog box.
• Searches can involve a single domain or the entire directory (all domains).
• Availability to users depends on security settings and the object's container.

Active Directory Terminology

• Concepts associated with replication, directory partitions, operation masters, and trust relationships.

Active Directory Replication

• Replication: process of maintaining consistent data across multiple locations, particularly important in distributed computing environments.
• Intrasite Replication: data replication among servers within the same site.
• Intersite Replication: data replication between servers in different physical sites.
• Multimaster Replication: a type of replication where multiple servers have the rights to modify the data, which is frequently used by Active Directory.
• KCC (Knowledge Consistency Checker) runs on all domain controllers to determine the replication topology. The process defines replication paths and limits the number of hops between any two domain controllers.

###Directory partitions

• These partitions organize the Active Directory database
• Five types of partitions:
• Domain directory partition: Contains all objects within a domain.
• Schema directory partition: Defines the elements (attributes and classes) used within Active Directory.
• Global catalog partition: Stores a replica of objects in the forest, so users can seek access to resources across the domain.
• Application directory partition: Used by applications and services.
• Configuration partition: Stores Active Directory configuration information that affects the entire forest.

Operations Master Roles

• Operations masters are domain controllers that perform certain functions in a domain or forest.
• Roles include Schema Master, Infrastructure Master, Domain Naming Master, RID Master, PDC Emulator Master; these are also known as Flexible Single Master Operation (FSMO) roles. Certain functions require a single controller within the domain or forest.

Trust Relationships

• Active Directory trust relationships define whether and how security principals from one domain can access resources in another domain.
• Trusts enhance access and data sharing, making it easier for users to interact across domains.
• Trust relationships are often established automatically, but they don't equal permission; users still need permissions to access resources. When a trust relationship does not exist between domains, no access is possible.

Role of Forests

• Domains in a forest share a common schema, administrative accounts, operations masters, global catalogs, trusts between domains, and replication between domains for improved interoperability, data sharing, and administration.

Importance of the Global Catalog Server

• A Global Catalog (GC) server stores partial copies of all objects, which aids in searching for objects and facilitating log-ons across domains.
• The first domain controller (DC) installed in a forest is automatically designated as a GC.
• Additional GC servers can be added for performance and greater search capabilities (and to distribute the load in large domains).

Introducing Group Policies

• Group Policy Objects (GPOs) are configurations used remotely to configure user and computer environments in a central organization.
• GPOs define the targets (users, computers) and policies they apply to.
• Installing Active Directory creates two GPOs as defaults: Default Domain Policy and Default Domain Controllers Policy.
• The Group Policy Management Console (GPMC) is used to manage the GPOs.

Computer Configuration Node and User Configuration Node

• Computer Configuration node: Contains settings for computers. Subfolders include Software Settings (managing applications remotely), Windows Settings (various configuration settings), and Administrative Templates (pre-defined configuration).
• User Configuration node: Contains settings for users. Subfolders include Software Settings (managing applications), Windows Settings (user preferences), and Administrative Templates (pre-defined settings).

How Group Policies Are Applied

• GPOs are applied in a specific order: Local Computer, Site, Domain, Organizational Unit.
• The last defined policy takes precedence.
• Policies not explicitly defined are not applied.

Chapter Summary

• Directory service stores network resource information, facilitating user, computer, and resource management throughout the network.
• Active Directory is built on the X.500 standard and LDAP.
• The first domain controller creates the forest and the root domain.
• Active Directory data is structured into objects (containers and leaf objects).
• Leaf objects represent security accounts, network resources, and GPOs.
• The Active Directory Recycle Bin can be enabled in Active Directory Administrative Center (ADAC).

Description

Test your knowledge of Active Directory concepts and functionalities. This quiz covers key components, roles, and protocols associated with Active Directory. It's perfect for IT professionals and students alike!