Active Directory Domains and Trusts Quiz

Questions and Answers

When setting up domains and forests, what is the highest functional level available?

Server 2012

Server 2019 (correct)

Server 2016

Server 2012R2

What is the relationship between forest functional level and domain functional level?

Domain functional level must be the same as forest functional level

Forest functional level can be set higher than domain functional level

Domain functional level cannot be changed

Domain functional level can be set higher than forest functional level (correct)

What happens to domain controllers running Windows Server 2008 R2 and older?

They should be updated to Windows Server 2019

They should be updated to Windows Server 2016

They should be removed from the domain (correct)

They should be demoted to member servers

What is the purpose of the Microsoft Active Directory schema?

Contains formal definitions of object classes and attributes

What is the implication of making changes to the Active Directory Schema?

Changes are permanent and irreversible without significant effort

When is the most common scenario for making Schema changes observed?

Installation of Exchange Server

What is the purpose of specifying a functionality level when setting up domains and forests?

To define the available features and capabilities

What is the highest Windows Server version that can be used for domain controllers?

Windows Server 2019

What is the implication of setting the domain functional level to a value lower than the forest functional level?

It is not possible to set the domain functional level lower than the forest functional level

What is the purpose of adding custom attributes to the Schema?

To extend an object for custom application or other reasons

What is a forest in the context of Active Directory?

A collection of trees that share a schema

What best describes a tree in Active Directory?

A collection of domains that share a namespace

In the context of Active Directory, what is a domain?

A logical group of objects that share the same database

What is the primary function of a tree in Active Directory?

To contain subdomains as member domains of a main parent domain

What is the relationship between a forest and a tree in Active Directory?

A forest is a collection of trees that share a schema

What does a domain represent in Active Directory?

A logical group of objects that share the same database

What distinguishes a forest from a domain in Active Directory?

A forest is a collection of trees that share a schema

In the context of Active Directory, what is the primary purpose of a forest?

To enable shared schema definitions and configurations across multiple trees

What makes a tree unique in Active Directory?

Containing subdomains as member domains of a main parent domain

How does a forest differ from a tree in Active Directory?

A forest is a collection of trees that share a schema

What is the function of trusts in Active Directory?

To share information and resources between domains

What determines whether trusts can be extended outside the two domains with which they were formed?

Transitivity

Which type of trust allows one domain to trust another domain across different forests, bypassing other trust paths?

Shortcut trust

What are the Enterprise Admins and Schema Admins groups associated with in Active Directory?

Forest root domain

What is the purpose of creating multiple forests in Active Directory?

To offer autonomy and segregation

Which type of trust is manually created and can be one-way or two-way transitive trusts?

Forest trust

What is the role of functional levels in Active Directory?

To determine the available domain or forest capabilities

What is the relationship between the creation of the 'FirstDomain.local' domain and the creation of a tree and a forest?

The creation of the domain also creates a tree and a forest to house the first tree

What are Parent-Child and Tree-Root trusts automatically established as?

Two-way transitive trusts

What is the characteristic that determines the flow and reciprocity of trust in Active Directory?

Direction

In Active Directory, it is possible to set the domain functional level to a value lower than the forest functional level.

False

The Schema in Microsoft Active Directory contains formal definitions of every object class and attribute that can exist in an Active Directory forest.

True

Making changes to the Active Directory Schema is a reversible process that can be easily undone.

False

The installation of Exchange Server is a common scenario for making Schema changes in Active Directory.

True

The forest functional level determines the highest Windows Server version that can be used for domain controllers.

True

A domain controller running Windows Server 2008 R2 and older should be updated to Windows Server 2012, 2012 R2, 2016, or 2019.

True

A forest in Active Directory can be lower than the domain functional level.

False

The Schema governs the database and all the objects in Active Directory, making it possible to add custom attributes to the Schema.

True

The forest functional level and domain functional level have no impact on the version of Windows Server that can be used for domain controllers.

False

The domain functional level can be set to a value higher than the forest functional level.

True

Active Directory can have only one domain per forest

False

The forest root domain contains the Enterprise Admins and Schema Admins groups

True

Multiple forests offer autonomy and segregation without requiring significant overhead

False

Transitivity of trusts determines whether they can be extended outside the two domains with which they were formed

True

Parent-Child and Tree-Root trusts are one-way transitive trusts

False

Shortcut trusts allow one domain to trust another domain across different forests, bypassing other trust paths

True

Functional levels in Active Directory only determine the available domain capabilities

False

Forest trusts are manually created and can only be one-way transitive trusts

False

Domain controllers running Windows Server 2008 R2 and older can no longer be used after making changes to the Active Directory Schema

False

The creation of the 'FirstDomain.local' domain in Active Directory also creates a tree, with the first domain as its only member

True

Active Directory Schema is a collection of trees that share the same schema.

False

A tree in Active Directory typically contains subdomains and is a collection of domains that share a namespace.

True

A forest in Active Directory is a collection of trees that share the same schema.

True

When creating the first domain, a forest and a tree are also created.

True

A domain in Active Directory is a logical group of objects that share the same database.

True

A forest in Active Directory is essentially a 'common management zone' that all objects are part of.

False

A tree in Active Directory is a collection of domains that share the same schema.

False

Trusts can be manually created and can be one-way or two-way transitive trusts.

False

The Schema in Active Directory is a logical group of objects that share the same database.

False

A forest in Active Directory is a logical group of objects that share the same database.

False

What are the available domain functional levels in Windows Server?

Server 2000, Server 2003, Server 2008, Server 2008R2, Server 2012, Server 2012R2, Server 2016

Can the domain functional level be set to a value lower than the forest functional level?

No

What is the purpose of the Microsoft Active Directory schema?

The schema contains formal definitions of every object class and attribute in an Active Directory forest.

Is it possible to add custom attributes to the Schema in Active Directory? If so, why?

Yes, to extend an object for custom application or other reasons.

When is the most common scenario for making Schema changes observed in Active Directory?

The most common scenario for Schema changes is with the installation of Exchange Server.

What is the implication of making changes to the Active Directory Schema?

Schema changes are permanent and cannot be undone without significant effort.

What is the relationship between forest functional level and domain functional level in Active Directory?

The forest functional level can be set lower than the domain functional level.

What are the implications of domain controllers running Windows Server 2008 R2 and older?

They need to be updated to Windows Server 2012, 2012 R2, 2016, or 2019, and should be removed from the domain.

What is the primary function of a forest in the context of Active Directory?

A forest provides a common management zone for all objects.

What is the purpose of specifying a functionality level when setting up domains and forests in Windows Server?

To determine the available domain capabilities and features.

What are the default transitivity and direction for Parent-Child and Tree-Root trusts in Active Directory?

They are automatically established as two-way transitive trusts.

What is the purpose of forest trusts in Active Directory?

To allow trust relationships between different forests, which can be one-way or two-way transitive trusts.

What is the purpose of shortcut trusts in Active Directory?

To allow one-way transitive trusts between domains in different forests, bypassing other trust paths.

What determines whether trusts can be extended outside the two domains with which they were formed in Active Directory?

The transitivity of trusts.

What is the role of functional levels in Active Directory?

To determine the available domain or forest capabilities and the Windows Server operating systems that can be run as domain controllers.

What are Enterprise Admins and Schema Admins associated with in Active Directory?

They are associated with the forest root domain.

What distinguishes forest trusts from Parent-Child and Tree-Root trusts in Active Directory?

Forest trusts are manually created and can be one-way or two-way transitive trusts, while Parent-Child and Tree-Root trusts are automatically established and are two-way transitive trusts.

What is the relationship between domains and forests in Active Directory?

Domains are part of a forest, and multiple forests offer autonomy and segregation.

What is the purpose of trust relationships in Active Directory?

To allow domains to share information and resources, classified based on characteristics such as transitivity and direction.

What are the characteristics used to classify trust relationships in Active Directory?

Characteristics such as transitivity and direction.

Explain the relationship between a domain, a tree, and a forest in the context of Active Directory.

A domain is a logical group of objects that share the same database, a tree is a collection of domains that share a namespace, and a forest is a collection of trees that share the same schema.

What is the purpose of trusts in Active Directory and how do they function?

Trusts in Active Directory allow one domain to trust another domain, enabling secure communication and resource access. They function by establishing a secure authentication and authorization path between domains.

Describe the characteristics and functionality of a forest in Active Directory.

A forest in Active Directory is a collection of trees that share the same schema. It provides a logical grouping of objects that share the same database and allows for centralized management and security.

What is the significance of the creation of the 'FirstDomain.local' domain in Active Directory?

The creation of the 'FirstDomain.local' domain also creates a tree, with the first domain as its only member, and a forest, as it is the first domain being created.

Explain the impact of setting the domain functional level to a value lower than the forest functional level in Active Directory.

Setting the domain functional level to a value lower than the forest functional level can limit the use of certain domain features and capabilities, as the domain functional level cannot exceed the forest functional level.

What is the role of the Schema in Active Directory and how does it relate to the database?

The Schema in Active Directory governs the database and all the objects, making it possible to add custom attributes to the Schema. It contains formal definitions of every object class and attribute that can exist in an Active Directory forest.

Explain the function and characteristics of a tree in Active Directory.

A tree in Active Directory is a collection of domains that share a namespace. It typically contains subdomains and allows for hierarchical organization of domains.

What is the relationship between forest functional level and domain functional level in Active Directory?

The forest functional level determines the highest Windows Server version that can be used for domain controllers, while the domain functional level determines the available domain capabilities.

What are the Enterprise Admins and Schema Admins groups associated with in Active Directory?

The Enterprise Admins group is associated with the entire forest, and the Schema Admins group is associated with the Schema and forest-wide operations in Active Directory.

What distinguishes a forest from a domain in Active Directory?

A forest is a collection of trees that share the same schema, while a domain is a logical group of objects that share the same database and are part of a tree in Active Directory.

Active Directory is a collection of trees that share a _______

schema

Active Directory domain is a logical group of objects that share the same ________

database

A tree is a collection of domains that share a ________

namespace

A forest is a collection of trees that share a ________

schema

When creating the first domain in Active Directory, a forest and a tree are also ________

created

A tree typically contains ________ - member domains of a main parent domain

subdomains

The Schema in Active Directory contains formal definitions of every object class and attribute that can exist in an Active Directory ________

forest

Enterprise Admins and Schema Admins are associated with ________ in Active Directory

roles

Shortcut trusts allow one domain to trust another domain across different forests, bypassing other trust ________

paths

The forest functional level determines the highest Windows Server version that can be used for ________

domain controllers

Active Directory ______ are a way for domains to share information and resources, classified based on characteristics such as transitivity and direction. Transitivity of ______ determines whether they can be extended outside the two domains with which they were formed, while direction determines the flow and reciprocity of trust. Parent-Child and Tree-Root ______ are automatically established and are two-way transitive ______, while forest ______ are manually created and can be one-way or two-way transitive ______. Shortcut ______ are manually created one-way transitive ______ that directly allow one domain to trust another domain across different forests, bypassing other trust paths.

trusts

Functional levels in Active Directory determine the available domain or forest capabilities and the Windows Server operating systems that can be run as domain controllers.

functional levels

The creation of the 'FirstDomain.local' domain in Active Directory also creates a ______, with the first domain as its only member, and a forest to house the first ______.

tree

The forest root domain, which contains the ______, remains the forest root domain throughout the Active Directory Domain Services (AD DS) deployment.

Enterprise Admins and Schema Admins groups

Multiple forests offer ______ and segregation, but require significant overhead and can be complex, with trust relationships allowing limited access to resources.

autonomy

Transitivity of trusts determines whether they can be extended outside the two domains with which they were formed, while direction determines the flow and reciprocity of trust. Parent-Child and Tree-Root trusts are automatically established and are two-way transitive trusts, while forest trusts are manually created and can be one-way or two-way transitive trusts. Shortcut trusts are manually created one-way transitive trusts that directly allow one domain to trust another domain across different forests, bypassing other trust paths.

transitivity

The ______, which contains the Enterprise Admins and Schema Admins groups, remains the ______ throughout the Active Directory Domain Services (AD DS) deployment.

forest root domain

Multiple forests offer autonomy and ______, but require significant overhead and can be complex, with trust relationships allowing limited access to resources.

segregation

Transitivity of trusts determines whether they can be extended outside the two domains with which they were formed, while ______ determines the flow and reciprocity of trust. Parent-Child and Tree-Root trusts are automatically established and are two-way transitive trusts, while forest trusts are manually created and can be one-way or two-way transitive trusts. Shortcut trusts are manually created one-way transitive trusts that directly allow one domain to trust another domain across different forests, bypassing other trust paths.

direction

Every object in Active Directory is created with a certain ______. A ______ contains all the required attributes of the object. For example, a User object contains ______ is the login name of a user. This attribute is defined in the Schema.

blueprint

As Active Directory is essentially a database, and the Schema governs the Database and all the objects (and structures) – it is entirely possible to add custom attributes to the Schema. This is done to “extend” an object, ether for custom application, or other reasons. For better or worse, Schema changes are ______, and can’t be undone without significant effort (reverting to a backup, having to shut down all your servers in the process)

permanent

The most frequently observed case for Schema changes is with the installation of Exchange Server (main server). The Exchange Server installation modifies the Schema to add a number of attributes that are ______.

mail-specific

When you deploy a new forest, you are prompted to set the forest functional level and then set the domain functional level. You can set the domain functional level to a value that is higher than the forest functional level, but you cannot set the domain functional level to a value that is lower than the forest ______.

functional level

When setting up domains and forests, you have the option of specifying a functionality level. The Functionality Levels are: Server 2000 Server 2003 Server 2008 Server 2008R2 Server 2012 Server 2012R2 Server 2016 There have been no new forest or domain functional levels added since Windows Server ______.

2016

The Microsoft Active Directory schema contains formal definitions of every object class (i.e. User, Computer) that can be created in an Active Directory forest. The schema also contains formal definitions of every attribute (First Name, Last Name, etc) that can exist in an Active Directory ______.

object

The Schema in Active Directory is a logical group of objects that share the same ______.

database

The installation of Exchange Server is a common scenario for making Schema changes in Active ______.

Directory

Your lab this week will have you go over domains and ______. At the end of this class, you will have time to watch some required preparation to get you familiar with Domains and Trusts. End of Lecture, Questions.

trusts

With the end of life of Windows Server 2003, 2008, and 2008 R2, these domain controllers (DCs) need to be updated to Windows Server 2012, 2012 R2, 2016, or 2019. As a result, any domain controller that runs Windows Server 2008 R2 and older should be removed from the ______.

domain

Study Notes

Active Directory Domains, Trees, Forests, and Trusts Overview

• The creation of the "FirstDomain.local" domain in Active Directory also creates a tree, with the first domain as its only member, and a forest to house the first tree.
• The forest root domain, which contains the Enterprise Admins and Schema Admins groups, remains the forest root domain throughout the Active Directory Domain Services (AD DS) deployment.
• Multiple forests offer autonomy and segregation, but require significant overhead and can be complex, with trust relationships allowing limited access to resources.
• Trusts are a way for domains to share information and resources, classified based on characteristics such as transitivity and direction.
• Transitivity of trusts determines whether they can be extended outside the two domains with which they were formed, while direction determines the flow and reciprocity of trust.
• Parent-Child and Tree-Root trusts are automatically established and are two-way transitive trusts, while forest trusts are manually created and can be one-way or two-way transitive trusts.
• Shortcut trusts are manually created one-way transitive trusts that directly allow one domain to trust another domain across different forests, bypassing other trust paths.
• Functional levels in Active Directory determine the available domain or forest capabilities and the Windows Server operating systems that can be run as domain controllers.

Active Directory Domains, Trees, Forests, and Trusts Overview

• The creation of the "FirstDomain.local" domain in Active Directory also creates a tree, with the first domain as its only member, and a forest to house the first tree.
• The forest root domain, which contains the Enterprise Admins and Schema Admins groups, remains the forest root domain throughout the Active Directory Domain Services (AD DS) deployment.
• Multiple forests offer autonomy and segregation, but require significant overhead and can be complex, with trust relationships allowing limited access to resources.
• Trusts are a way for domains to share information and resources, classified based on characteristics such as transitivity and direction.
• Transitivity of trusts determines whether they can be extended outside the two domains with which they were formed, while direction determines the flow and reciprocity of trust.
• Parent-Child and Tree-Root trusts are automatically established and are two-way transitive trusts, while forest trusts are manually created and can be one-way or two-way transitive trusts.
• Shortcut trusts are manually created one-way transitive trusts that directly allow one domain to trust another domain across different forests, bypassing other trust paths.
• Functional levels in Active Directory determine the available domain or forest capabilities and the Windows Server operating systems that can be run as domain controllers.

Active Directory Domains, Trees, Forests, and Trusts Overview

• The creation of the "FirstDomain.local" domain in Active Directory also creates a tree, with the first domain as its only member, and a forest to house the first tree.
• The forest root domain, which contains the Enterprise Admins and Schema Admins groups, remains the forest root domain throughout the Active Directory Domain Services (AD DS) deployment.
• Multiple forests offer autonomy and segregation, but require significant overhead and can be complex, with trust relationships allowing limited access to resources.
• Trusts are a way for domains to share information and resources, classified based on characteristics such as transitivity and direction.
• Transitivity of trusts determines whether they can be extended outside the two domains with which they were formed, while direction determines the flow and reciprocity of trust.
• Parent-Child and Tree-Root trusts are automatically established and are two-way transitive trusts, while forest trusts are manually created and can be one-way or two-way transitive trusts.
• Shortcut trusts are manually created one-way transitive trusts that directly allow one domain to trust another domain across different forests, bypassing other trust paths.
• Functional levels in Active Directory determine the available domain or forest capabilities and the Windows Server operating systems that can be run as domain controllers.

Active Directory Domains, Trees, Forests, and Trusts Overview

• The creation of the "FirstDomain.local" domain in Active Directory also creates a tree, with the first domain as its only member, and a forest to house the first tree.
• The forest root domain, which contains the Enterprise Admins and Schema Admins groups, remains the forest root domain throughout the Active Directory Domain Services (AD DS) deployment.
• Multiple forests offer autonomy and segregation, but require significant overhead and can be complex, with trust relationships allowing limited access to resources.
• Trusts are a way for domains to share information and resources, classified based on characteristics such as transitivity and direction.
• Transitivity of trusts determines whether they can be extended outside the two domains with which they were formed, while direction determines the flow and reciprocity of trust.
• Parent-Child and Tree-Root trusts are automatically established and are two-way transitive trusts, while forest trusts are manually created and can be one-way or two-way transitive trusts.
• Shortcut trusts are manually created one-way transitive trusts that directly allow one domain to trust another domain across different forests, bypassing other trust paths.
• Functional levels in Active Directory determine the available domain or forest capabilities and the Windows Server operating systems that can be run as domain controllers.

Description

Test your knowledge of Active Directory domains, trees, forests, and trusts with this overview quiz. Explore the creation and structure of domains, trees, and forests, as well as the complexities of trust relationships and the impact of functional levels on domain and forest capabilities.