Active Directory Overview and Management

Questions and Answers

What is the primary function of a Domain Local Group in Active Directory?

It assigns permissions to shared network resources. (correct)

It includes accounts and groups from any domain within the forest.

It includes only the accounts from external domains.

It contains user accounts from multiple forests.

In AGDLP, what is the first step for assigning permissions?

Add user accounts to a Global Group. (correct)

Add user accounts to a Universal Group.

Add the Domain Local Group to a Global Group.

Assign permissions to the Domain Local Group.

Which of the following statements about Global Groups is true?

Global Groups can contain accounts and groups from any domain in the forest.

Global Groups are used solely for email distribution.

Global Groups can only exist in standalone modes.

Global Groups include accounts and groups only from the same domain. (correct)

What role does group nesting play in permission management?

It simplifies assigning individual permissions by combining groups.

What is the purpose of a Universal Group in Active Directory?

To contain accounts and groups from any domain within the forest.

What does the Domain Functional Level (DFL) control?

Server versions and capabilities within a specific domain

What is the primary purpose of the Schema in Active Directory (AD)?

To define objects, classes, and attributes in AD

What is a characteristic of a Primary DNS Zone?

It stores the primary DNS database with all records

How does Microsoft Passport enhance authentication?

Using two-factor authentication based on FIDO standards

What does a Stub Zone do in DNS management?

Helps locate authoritative DNS without an editable database

Which statement about Windows Internet Name Service (WINS) is accurate?

It maps IP addresses to NetBIOS names automatically.

What role do lmhosts and hosts files play in network management?

They map IP addresses to hostnames and computer names, respectively.

What is a key feature of the Forest Functional Level (FFL)?

It determines the minimum Windows Server version across the forest.

What protocol is used to access directory service data in Active Directory?

LDAP

What role is primarily responsible for managing schema updates in Active Directory?

Schema Master

Which of the following best describes a 'Domain' in Active Directory?

A logical grouping of objects managed by a Domain Controller

Which tool is used for managing users and computers within Active Directory?

Active Directory Users and Computers

In the context of Active Directory, what is a 'Forest'?

A collection of tree domains

Which of the following correctly describes the relationship between domains in a tree?

New domains automatically trust existing domains.

What distinguishes a Domain from a Workgroup?

A Domain offers centralized resource management through a server.

Which command-line interface tool is used for managing Active Directory services?

Active Directory Module for PowerShell

What is the primary purpose of Organizational Units (OUs) in Active Directory?

To organize AD objects for easier administration

What is a key feature of default containers in a Domain Controller?

They cannot be deleted or renamed

Which type of user profile reverts to a default state upon logoff?

Mandatory User Profile

What is the format used to define a Universal Naming Convention (UNC)?

servername\folder

What do domain accounts rely on for access to services?

Assigned permissions or group memberships

Which of the following statements about local accounts is true?

Local accounts can access local services and shared resources

When assigning permissions to an OU, what must occur first?

Users or groups must be moved into the appropriate OU

What characteristic distinguishes a Roaming User Profile?

It can be accessed from different devices via a network share

Study Notes

Active Directory Overview

• Active Directory (AD) is a hierarchical and secure database that stores information about network objects like users, computers, and services. 
• Objects are identified by names and attributes.
• AD is organized into domains, trees, and forests.
• LDAP (Lightweight Directory Access Protocol) is used to access data within AD.
• Kerberos provides secure authentication between users and servers.
• DNS (Domain Name System) translates domain names into IP addresses.

Active Directory Management

• Active Directory Administrative Center (ADAC) is a graphical user interface (GUI) tool used to manage AD.
• Active Directory Users and Computers (ADUC) is a tool for managing user and computer accounts.
• Active Directory Domains and Trusts is used for managing domain and trust information.
• Active Directory Sites and Services manages replication between different sites.
• Active Directory Module for PowerShell uses cmdlets to manage AD.

Domain Controllers (DC)

• Domain Controllers authenticate users within a domain.
• All DCs are prioritized (e.g., DC1, DC2) and function similarly.
• These servers host the Active Directory Domain Services (AD DS) role.

Domain, Tree, and Forest

• A domain is a logical group of users, computers, and services managed by a DC. 
• A tree comprises one or more domains linked through transitive trust relationships.
• A forest is a collection of tree domains with a root domain.
• Child domains are subdomains of a tree, inheriting the structure of the parent domain.

Operations Master Roles

• Five master roles exist in AD:
  • Forest-wide roles:
    • Schema Master: Manages the schema, which defines object types and attributes.
    • Domain Naming Master: Manages the naming context for the forest.
  • Tree domain-wide roles:
    • RID Master: Manages security identifiers (SIDs) within a domain.
    • PDC Emulator: Emulates the functionality of a PDC (Primary Domain Controller) for compatibility with older Windows clients.
    • Infrastructure Master: Manages object updates and attribute changes across different domains.

Domain vs. Workgroup

• Domain: A centralized network environment with a dedicated server managing resources.
• Workgroup: A peer-to-peer network without a dedicated server, devices share resources equally.

Trust Relationships

• DCs and computers in AD are linked via trust relationships established through Kerberos authentication. 

Functional Levels

• Forest Functional Level (FFL): Determines which Windows Server versions can be used across the entire forest.
• Domain Functional Level (DFL): Controls server versions and features within a specific domain.
• Windows Server 2019 requires at least Windows Server 2008 for both DFL and FFL.

Namespace

• Domains and child domains share a contiguous namespace, for example, programming.dautti.local.

Sites

• Sites define the physical network topology, while domains represent the logical structure.

Replication

• Directory partitions are synchronized across all DCs in a forest through replication, ensuring data consistency.

Schema

• The AD schema defines objects, classes, and attributes.
• Schema changes are replicated across all DCs. 

Microsoft Passport

• A password-free authentication system based on FIDO standards.
• Uses two-factor authentication for secure service access.

DNS (Domain Name System)

• A hierarchical system that organizes domain names and IP addresses.
• Zones and resource records manage name resolution. 

Hosts and lmhosts Files

• Hosts files map IP addresses to hostnames (DNS resolution).
• lmhosts files map IP addresses to computer names (NetBIOS resolution), allowing network communication.

Hostnames

• A hostname uniquely identifies a device in a network.
• Also referred to as a domain name.

DNS Zones

• Primary Zone: Holds the main DNS database, containing all domain records.
• Secondary Zone: Acts as a backup for the primary zone, used when the primary is unavailable.
• Stub Zone: A secondary zone without an editable database, helping to find authoritative DNS servers.
• Authoritative DNS: Holds the authoritative DNS records for a domain, configured manually or dynamically.
• Non-Authoritative DNS: Contains cached DNS lookup information for quicker resolution. 

Windows Internet Name Service (WINS)

• Automates NetBIOS name resolution by mapping IP addresses to NetBIOS names.

Universal Naming Convention (UNC)

• A standard format for identifying shared network resources, originally used in Unix.
• Example: \servername\folder.

Organizational Units (OUs)

• OUs help organize AD objects for easier management.
• They are default containers created when a server is promoted to a DC.
• These containers cannot be renamed, deleted, or associated with Group Policy Objects (GPOs).

Hidden Containers

• Hidden containers are not visible by default to maintain a cleaner interface and improve security. 

Default Containers

• Default containers can be viewed by enabling Advanced Features in the AD console's View menu.

Description

This quiz covers the fundamentals of Active Directory, including its structure, key protocols, and management tools. Understand the role of objects in AD, the use of LDAP and Kerberos, and the graphical interfaces available for administration. Test your knowledge on domain controllers and replication management.