Active Directory Configuration Quiz

Questions and Answers

The directory partition holds configuration information that can affect the entire forest, such as details on how domain controllers should replicate with one another. Which of the following choices is one of the two forest-wide FSMO roles?

• Infrastructure Master
• Domain Naming Master (correct)
• RID Master
• Schema Master (correct)

You should choose a Windows Server 2019 Server Core installation when you absolutely cannot live without the Windows GUI running on your server.

False (B)

Schema attributes define what type of information is stored in each object, such as first name, last name, and password for a user account object. What folder under Policies within the Computer Configuration Node of a GPO contains the Control Panel, Network, Printers, System, and Windows Component folders?

Administrative Templates

Security Principals define which resources users can access and what level of access they have. Windows creates two built-in user accounts automatically: Administrator and User.

True (A)

Active Directory's use of multimaster replication ensures that changes to AD objects are automatically replicated to all domain controllers. The best method for configuring updates in Server Core and all computers in a Windows domain is via group policy.

True (A)

The Knowledge Consistency Checker (KCC) runs on every DC to determine the replication topology. The second DC is always configured as a GC server.

False (B)

The first server in a Windows domain network is an ideal candidate for a Server Core installation. The Active Directory Recycle Bin is disabled by default and can be enabled in the Active Directory Administrative Center (ADAC).

False (B)

The dcpromo.exe command is the preferred method for installing Active Directory on Server Core. By default, Windows installs only TCP/IPv4 in Windows Server 2019.

True (A)

By default, the Windows Server 2019 firewall does not block incoming ICMP Echo Request packets. If the wrong server edition is installed, what command can be used to change to a different server edition?

False (B)

What Active Directory partition contains the information needed to define objects and object attributes for all domains in the forest?

Schema

Which of the following choices is one of the two forest-wide FSMO roles?

Infrastructure Master (A), RID Master (B)

What is the term used by Microsoft to describe a collection of bug fixes and security updates made since an OS release?

Service Pack

Which of the following is not one of the five folder objects that are created when Active Directory is installed?

Shared Folders (B)

When you are adding a server to an existing network, which of the following selections would you choose if you want the server to belong to the domain, but not run Active Directory or participate in managing directory services?

Member Server (B)

When you are adding a server to an existing network, which of the following selections would you choose if you want the server to belong to the domain, but not run Active Directory or participate in managing directory services? Which of the following statements is true regarding an RODC?

True (A)

What defines the objects that a Group Policy Object affects?

Scope

What server role is installed along with Active Directory Domain Services if no other servers with this role are available?

DNS

Which of the following scenarios is not ideal for the deployment of a single domain structure?

A large organization with multiple locations (D)

An administrator has decided they should remove the DNS Server role from a server. What PowerShell cmdlet should the administrator use?

Remove-ADDSDnsServer

Which of the following choices is not one of the three user account types defined in Windows Server 2019?

Power User (C)

Select the type of Windows Server 2019 OS installation that is installed on a new disk partition and is not an upgrade from any previous version of Windows.

Clean Install

An administrator has discovered that several critical parts of Active Directory have been deleted. What boot mode can be used to perform restoration?

Directory Services Restore Mode (DSRM)

What Windows servers are the only domain controllers that hold universal group membership information?

Global Catalog Servers

What particular command syntax will allow you to rename a computer currently named Pittsburgh, to the new name of Chicago?

Rename-Computer Pittsburgh -NewName Chicago

Under what circumstances would a multi-domain structure not be an ideal choice?

When the organization has a small number of users and computers (C)

What is the primary container object for organizing and managing resources in a domain?

Organizational Unit (OU)

Select the operations master role that is responsible for providing backward compatibility with Windows NT servers configured as Windows NT backup domain controllers or member servers.

PDC Emulator

Which of the following stores information about a computer network and offers features for retrieving and managing that information?

Active Directory Domain Services (AD DS)

A network administrator can join a computer to a domain using which PowerShell cmdlet?

Add-Computer

What PowerShell cmdlet below will install the Active Directory Domain Services role?

Install-ADDSForest

Which of the following is the primary identifying and administrative unit in Active Directory?

Organizational Unit (OU)

What type of application is made available via Group Policy for a user to install by using Programs and Features in Control Panel?

MSI package

Select the specific Windows folder that is a shared folder containing file-based information that is replicated to other domain controllers.

SYSVOL

What type of Active Directory replication takes place between domain controllers in the same site?

Intrasite replication

Which of the following choices is not an example of a typical post installation task?

Installing Active Directory Domain Services (A)

How long does it take for a change made on a domain controller to trigger intrasite replication?

It depends on several factors, including the size of the change and the network traffic.

In what order are group policy settings applied?

They are applied in the order that they are listed in the Group Policy Object (GPO).

Which of the following defines Active Directory objects and their attributes and can be changed by an administrator or an application to best suit the organization's needs?

Schema (C)

Which statement is true regarding the global catalog? The global catalog is a special type of Domain Controller that replicates a complete copy of the Active Directory database.

True (A)

Which type of DNS record is used to map a domain name to an IP address?

A record

What does the TTL (Time to Live) value in a DNS record represent?

It specifies the amount of time that a DNS server should cache the information about an IP address.

Which zone file is responsible for resolving names to IP addresses.

Forward Lookup Zone

What is the default path to the DNS files in your server?

C:\Windows\System32\dns

Which resource record stores zone transfer settings?

SOA (Start of Authority) record

You are the network administrator for a Windows Server network. You have multiple remote locations connected to your main office by slow satellite links. you want to install DNS into these offices so that clients can locate authoritative DNS servers in the main location. What type of DNS servers should be installed in the remote locations?

Secondary DNS servers (B)

DNS is automatically installed with Active Directory as the Global Catalogue server for the forest and domain.

True (A)

To install a new forest, you must be ...

A primary domain controller (D)

A boot mode used to perform restore operations on Active Directory if it becomes corrupted or parts of it are deleted accidentally

Directory Services Restore Mode (DSRM)

Which statement is true regarding the global catalog?

It stores partial data of Active Directory objects across all domains. (C)

What type of DNS servers should be installed in remote locations with slow satellite links?

Caching DNS servers for quicker access to recent queries. (B)

Which PowerShell cmdlet should an administrator use to remove the DNS Server role from a server?

Remove-WindowsFeature (B)

What type of Windows Server 2019 installation is created on a new disk partition without an upgrade path from previous versions?

Clean Installation (A)

Which Active Directory replication occurs between domain controllers located within the same site?

Multimaster replication (B)

Which folder under Policies in the Computer Configuration Node of a GPO contains system-related settings?

Windows Components (A)

What type of Active Directory object serves as the primary administrative unit?

Organizational Unit (B)

What is the role of the operations master responsible for compatibility with Windows NT servers?

Infrastructure Master (C)

Which command syntax would allow renaming a computer from Pittsburgh to Chicago?

Rename-Computer -NewName Chicago (D)

Which type of application can be made available for installation via Group Policy using Programs and Features in Control Panel?

Assigned Applications (B)

What is the primary purpose of the Knowledge Consistency Checker (KCC) in Active Directory?

To establish the replication topology for domain controllers (A)

How is the Active Directory Recycle Bin initially configured upon installation?

Disabled by default and needs to be enabled (D)

Which command is preferred for installing Active Directory on a Server Core installation?

dcpromo.exe (D)

What type of replication occurs between domain controllers located within the same site?

Multi-master replication (B)

Which server role is installed when Active Directory Domain Services is set up without pre-existing servers?

Global Catalog role (B)

Which command can be used to change from one server edition to another in Windows Server 2019?

DISM /Online /Set-Edition (B)

What characteristic is true regarding a Read-Only Domain Controller (RODC)?

It is primarily used in remote locations for security reasons (B)

Which of the following attributes is defined within schema attributes of an Active Directory object?

User's first name (C)

Flashcards

Directory Partition

Holds configuration info like domain controller replication details.

Server Core Installation

Windows Server installation without the GUI.

Schema Attributes

Define data types (like first name, last name) in AD objects.

Security Principals

Define user access levels and resources.

Built-in User Accounts

Administrator and User accounts created by Windows.

Multimaster Replication

Ensures AD object changes are replicated to all DCs automatically

Group Policy

Best way to update servers and clients in Windows Domain

Knowledge Consistency Checker (KCC)

Determines replication topology on every domain controller

Global Catalog Server

A server that has a copy of basic information for all AD objects

Active Directory Recycle Bin

Disabled by default; lets you recover deleted AD objects

dcpromo.exe

Preferred tool to install AD on Server Core.

TCP/IPv4

The default protocol suite in Windows Server 2019.

Windows Firewall (Default)

Doesn't block ICMP Echo Request.

Forest

Collection of multiple domains.

Domain

An organizational unit within a forest.

RODC

A read-only domain controller that can log on.

Group Policy Object (GPO)

Defines which users/computers Group Policy affects

Domain Controller

Serves as a central repository for information.

Patch

A collection of bug fixes and updates in an OS.

OU (Organizational Unit)

Organizing elements in AD

Join Server to Domain

Joining a server to an existing network without running AD

First DC

First computer with Active Directory

DNS Record

Mapping Domain Name to IP Address

DNS Record TTL

Time a DNS record is cached

What is a typical post-installation task?

Tasks executed after software installation, like configuring services, applying security settings, or testing functionality.

How long does intrasite replication take?

Intrasite replication within a domain typically occurs very quickly, usually within seconds or minutes.

Order of Group Policy application

Group Policy settings are applied in a specific order, starting with local settings and progressing to domain and site settings.

What defines Active Directory objects?

The Active Directory Schema defines the objects and attributes within a directory.

What is the global catalog?

A special directory server that contains basic information about all objects in the Active Directory forest.

Forest-wide FSMO role

A special role that affects the entire Active Directory forest, such as the Schema Master or Domain Naming Master.

What command changes a server edition?

The dism.exe command can be used to change the edition of a Windows Server installation without reinstalling the entire operating system.

Schema Partition

This Active Directory partition contains information about object types and attributes for all domains within the forest.

Why use a Server Core Installation?

Server Core installations are ideal for situations where minimizing resource usage and attack surface is crucial.

What is the Active Directory Recycle Bin?

A feature that allows recovering deleted Active Directory objects within a specific time frame.

What are the 5 folder objects created during Active Directory installation?

These objects are automatically created: Users, Computers, Shared Folders, Groups, and Organizational Units.

What is the best method for configuring updates?

Group Policy offers centralized control over updates for all computers in a Windows domain.

What is an RODC?

A Read-Only Domain Controller that can authenticate users but cannot make changes to Active Directory objects.

What defines the objects a GPO affects?

Group Policy Objects (GPOs) use security filtering to determine which users and computers they apply to. This filtering is based on security groups, which are defined in Active Directory. For example, a GPO could be specifically targeted to members of the 'Administrators' group, or to all users within a particular organizational unit. This enables granular control over policy application, impacting only the intended users and machines.

What server role is installed with AD DS if no others are available?

If you install Active Directory Domain Services (AD DS) on a server without any other domain controllers, it automatically installs the DNS Server role. This is because AD DS relies heavily on DNS for name resolution and communication within the domain.

Single Domain Scenario: When is it not ideal?

A single domain structure can be challenging when you have multiple geographically dispersed locations or need to isolate certain departments or resources. This is because a single domain structure can become complex and difficult to manage as the organization grows.

PowerShell Command to Remove DNS Server Role

To remove the DNS Server role from a server, the administrator should use the PowerShell cmdlet: Remove-WindowsFeature DNS. This command directly targets the DNS Server role, allowing for efficient removal.

What kind of OS installation is on a new partition?

A new operating system installation on a disk without upgrading from a previous version is known as a Clean Installation. This means you're starting from scratch on a fresh partition.

Boot Mode used to restore Active Directory

If critical Active Directory components are deleted, you can use Directory Services Restore Mode (DSRM). This special boot mode provides access to restore tools necessary to recover your domain.

Which GPO folder holds Control Panel, Network, etc?

The Administrative Templates folder within the Computer Configuration Node of a GPO contains the Control Panel, Network, Printers, System, and Windows Component folders. These folders are where you'll find pre-configured policy settings that can be applied to users and computers.

What servers hold universal group membership?

Only domain controllers in a domain can hold universal group membership information. This is because universal groups provide access to resources across the entire Active Directory forest, and these domain controllers have the authoritative data on these groups.

Study Notes

Directory Partition Configuration

• Directory partition holds configuration affecting the entire forest, including domain controller replication details.
• Windows Server 2019 Server Core installation suitable for environments without graphical user interface needs.
• Schema attributes define object data types (e.g., user information).
• Security Principals determine user access rights to resources.
• Windows automatically creates Administrator and User accounts.
• Active Directory uses multimaster replication for automatic object change replication to all domain controllers.
• Group Policy is the recommended method for configuring updates on domain controllers and other computers in Windows domains.
• Knowledge Consistency Checker (KCC) runs on domain controllers to determine replication topology.
• Second domain controller is typically a Global Catalog (GC) server.
• Server Core installation recommended as first server in a Windows domain network.
• Active Directory Recycle Bin can be enabled in the Active Directory Administrative Center (ADAC).
• dcpromo.exe is the recommended command-line tool for installing Active Directory on Server Core.
• Windows Server 2019 defaults to TCP/IPv4 and allows incoming ICMP Echo Requests by default.
• Incorrect server edition changes require a specific command.

Active Directory Partitions

• Active Directory partition stores info about objects and attributes for all domain in a forest.
• One of the two forest-wide Flexible Single Master Operations (FSMO) roles.
• Microsoft term for bug fixes and security updates since an OS release: Service Pack or Update.
• Folder objects created when Active Directory is installed (list not provided).

Server Roles and Configurations

• Server addition to a domain with no Active Directory or directory service involvement selection.
• Role of Read-Only Domain Controllers (RODCs); further descriptions missing.
• Group Policy Object (GPO) definition and what objects it affects (list not provided).
• Server role installed along with Active Directory Domain Services when no others are available.
• Scenarios where single domain structure is not suitable (list not provided).
• PowerShell cmdlet to remove the DNS Server role from a server (cmdlet not specified).

Additional Information

• Necessary components for installing a new forest, including Boot Mode operations if needed.
• Active Directory corruption or accidental deletion recovery procedures.