Active Directory Domains and Trusts Quiz

Questions and Answers

Which domain remains the forest root domain for the life cycle of the AD DS deployment?

SergeT.Local

YourLastname.com (correct)

Sales.YourLastname.com

Admin.YourLastname.com

What are the two service administrator groups used to manage forest-level operations in the forest root domain?

Enterprise Admins and Schema Admins (correct)

Enterprise Admins and Forest Admins

Schema Admins and Domain Admins

Enterprise Admins and Domain Admins

What is the name of the forest root domain?

Admin.YourLastname.com

Sales.YourLastname.com

SergeT.Local

YourLastname.com (correct)

What is the key item shared by domains in a forest?

Access to resources

What is the benefit of using multiple forests?

Autonomy and segregation

What are trusts in Active Directory used for?

Sharing information and resources between domains

How can trusts be classified based on transitivity?

Transitive and non-transitive

What is the default trust relationship between a new domain and its parent domain in a forest?

Two-way and transitive

What type of trust is automatically established when a child domain is added to a tree or a new tree is added to a forest?

Parent-Child trust

What type of trust allows all objects of one forest to trust another forest?

Forest trust

Which of the following is a correct definition of a domain?

A network of objects registered to a central database

What is the main purpose of a tree in Active Directory?

To create a collection of subdomains

What is the relationship between a forest and a tree in Active Directory?

A forest is a collection of trees that share a schema

Which of the following is true about trust relationships in Active Directory?

Trust relationships are created between domains

What is the purpose of a forest in Active Directory?

To house a collection of trees that share the same schema

Which of the following is a correct definition of a tree?

A collection of domains that share a namespace

What is the main purpose of a domain in Active Directory?

To share a namespace with other domains

What is the relationship between a domain and a tree in Active Directory?

A domain is a collection of subdomains within a tree

What is the main purpose of a forest in Active Directory?

To house a collection of trees that share the same schema

Which of the following is true about trust relationships in Active Directory?

Trust relationships are created between domains

Which of the following is true about shortcut trusts in Active Directory?

Shortcut trusts bypass any other trust-paths like parent-child or forest trusts.

What is the purpose of functionality levels in Active Directory?

Functionality levels determine the available AD DS domain or forest capabilities.

What is the highest functional level that can be set for a forest or domain in Active Directory?

Server 2016

What does the Active Directory schema contain?

Formal definitions of every object class and attribute in an Active Directory forest.

What is the purpose of editing the Active Directory schema?

To add custom attributes to objects in Active Directory.

What is the most common reason for making changes to the Active Directory schema?

To add mail-specific attributes for Exchange Server installation.

What is the recommended approach for setting the functional level of a new forest in Active Directory?

Set the forest functional level first, then set the domain functional level.

What is the recommended approach for setting the functional level of an existing domain in Active Directory?

Set the domain functional level first, then set the forest functional level.

What is the recommended action for domain controllers running Windows Server 2008 R2 and older in Active Directory?

Remove them from the domain and replace them with new domain controllers.

What is the purpose of trust relationships in Active Directory?

To control access to resources across domains.

Study Notes

Active Directory Domain Services (AD DS)

• The forest root domain remains the forest root domain for the life cycle of the AD DS deployment.
• The two service administrator groups used to manage forest-level operations in the forest root domain are:
• Enterprise Admins
• Schema Admins

Forest and Domain Concepts

• The name of the forest root domain is the same as the first domain created in the forest.
• The key item shared by domains in a forest is the schema.
• The benefit of using multiple forests is to provide isolation and separation of resources and security policies.

Trust Relationships

• Trusts are used to allow access to resources across domains.
• Trusts can be classified based on transitivity as:
• Transitive trusts
• Non-transitive trusts
• The default trust relationship between a new domain and its parent domain in a forest is transitive.
• A tree-root trust is automatically established when a child domain is added to a tree or a new tree is added to a forest.
• A forest trust allows all objects of one forest to trust another forest.

Domain and Tree Concepts

• A domain is a logical group of computers and users that share a common directory database.
• The main purpose of a tree in Active Directory is to provide a hierarchical structure for domains.
• A forest is a collection of trees, and a tree is a collection of domains.
• The main purpose of a domain in Active Directory is to provide a logical group of computers and users that share a common directory database.
• A domain is a part of a tree, and a tree is a part of a forest.

Functional Levels and Schema

• The purpose of functionality levels is to enable new features and improve performance.
• The highest functional level that can be set for a forest or domain in Active Directory is Windows Server 2016.
• The Active Directory schema contains a definition of all objects and attributes in the directory.
• The purpose of editing the Active Directory schema is to extend or modify the schema to support new applications or services.
• The most common reason for making changes to the Active Directory schema is to support new applications or services.
• The recommended approach for setting the functional level of a new forest in Active Directory is to set it to the highest available level.
• The recommended approach for setting the functional level of an existing domain in Active Directory is to upgrade the domain controllers to the highest available level.
• The recommended action for domain controllers running Windows Server 2008 R2 and older in Active Directory is to upgrade or replace them with newer versions.
• The purpose of trust relationships in Active Directory is to provide access to resources across domains.

Description

Test your knowledge on Active Directory Domains and Trusts, Schema, and Forest Functionality Levels in this quiz. Assess your understanding of domains, trust relationships, and the role of the schema in Active Directory.