Active Directory Overview

Questions and Answers

What can you manage using the Active Directory Administrative Center (ADAC)?

Network protocols

Users, groups, and computer accounts (correct)

Physical server hardware

Firewalls

The Active Directory schema defines the physical layout of a network.

False

What is one function of the Active Directory Recycle Bin?

To recover deleted objects in Active Directory

The schema defines the type, organization, and structure of data stored in the _____ database.

AD

Match the following Active Directory components with their descriptions:

Users = Individual accounts representing people or services OUs = Organizational units for managing groups of objects Domain Controllers = Servers that host Active Directory Schema Classes = Define types of objects stored in Active Directory

What is one reason small and medium businesses often choose a single domain?

Easier management

Container objects and leaf objects are the only types of objects in Active Directory.

True

What does the first Domain Controller (DC) create in a network?

A new forest

A directory service is a database that stores __________ resource information.

network

Match the following Active Directory components with their definitions:

Domain = Primary identifying unit of Active Directory Forest = Broadest logical Active Directory component Leaf object = Represents security accounts and resources Container object = Can hold other objects within Active Directory

Which tool is used to install the Active Directory Domain Services role?

Server Manager

What is the primary function of Active Directory?

Centralized authentication and authorization

Active Directory is only used for storing user information.

False

Active Directory objects can be managed only through command-line tools.

False

Name two features of Active Directory.

Scalability and security

What do directory partitions hold in the Active Directory database?

Varied types of data

Active Directory uses a ________ database model that is both centralized and distributed.

distributed

Which of the following terms is associated with the physical structure of Active Directory?

Sites

Policy-based administration is a feature of Active Directory.

True

What are the two main structures of Active Directory?

Physical structure and logical structure

Match the Active Directory feature with its description:

Hierarchical organization = Structured arrangement of objects Centralized database = Single source of truth for authentication Scalability = Ability to grow with organization needs Flexibility = Adaptable to various environments

Which of the following is not a type of container object found in Active Directory?

Group Objects

Attribute values define what type of information is stored in each object.

False

What is the primary function of Organizational Units (OUs) in Active Directory?

To organize and manage resources in a domain.

A container object may also act as __________________ and security boundaries.

administrative

Match the following Active Directory concepts with their descriptions:

Organizational Units = Primary container for organizing resources Folder Objects = Used to group related objects Domain objects = Define a security boundary Schema attributes = Describe types of information stored in objects

What is created when the first domain controller is installed in a forest?

A new domain, tree, and forest

Replication is only necessary within a single domain.

False

What is the primary function of the Global Catalog server?

Facilitates domain and forest-wide searches.

Intrasite replication occurs between domain controllers in the same ______.

site

Which statement about the Knowledge Consistency Checker (KCC) is true?

It determines the replication topology for AD.

Match the type of replication with its correct description:

Intrasite replication = Replication within the same site Intersite replication = Replication between different sites Multimaster replication = Used for replacing AD objects Global Catalog server = Facilitates domain-wide searches

Users can log on to computers in any domain using their user principal name (UPN).

True

What is a significant characteristic of larger organizations in terms of Active Directory?

They may require an AD structure composed of several domains and multiple trees.

What is the main responsibility of a domain controller in Active Directory?

To store a copy of the domain data and replicate changes

An Active Directory site refers to a logical grouping of users and resources.

False

List two types of objects that can be contained in an Organizational Unit (OU).

User accounts, Computer accounts

In Active Directory, a _______ represents administrative, security, and policy boundaries.

Domain

Match the following Active Directory components with their descriptions:

Organizational Units (OUs) = Logical administrative divisions Domains = Administrative and security boundaries Trees = Collection of one or more domains Forests = Collection of multiple trees sharing a common schema

Which component of Active Directory allows for the organization of directories for easier management?

Organizational Units (OUs)

Larger organizations typically use a single domain to manage their Active Directory resources.

False

What is the role of the Global Catalog server in an Active Directory environment?

To provide a searchable, partial representation of every object in the directory

What is the primary purpose of a forest in Active Directory?

To collect multiple Active Directory trees

A tree can consist of multiple parent domains without any child domains.

False

What is an FQDN?

Fully Qualified Domain Name

To install Active Directory Domain Services, you must use _________.

Server Manager

Match the following Active Directory installation options with their descriptions:

Add a domain controller = Integrate into an existing domain Add a new domain = Create a domain within an existing forest Add a new forest = Establish a new Active Directory environment Install DNS Server Role = Required if DNS is not already present

What action must be taken if DNS is not already present on the network before installing AD DS?

Install the DNS Server Role

All domains in a tree cannot communicate with each other.

False

What is the role of Active Directory Domain Services (AD DS)?

To manage and authenticate network resources.

What is one primary advantage of using a single domain in small and medium businesses?

Easier management

A forest in Active Directory is the smallest unit of organization.

False

Name the two types of objects in Active Directory.

Container objects and leaf objects

A directory service is a database that stores network __________ information.

resource

Match the following Active Directory components with their functions:

Domain = Primary identifying and administrative unit Forest = Broadest logical component Leaf Object = Represents security accounts and resources Container Object = Used to organize other objects

Which tool is used to search for Active Directory objects?

Windows Explorer

Large organizations often use a single domain structure for easier management.

False

What does the installation of the first Domain Controller create in a network?

A new forest and the forest root domain

What does a User Account object NOT contain?

IP address of the computer

A domain user account allows access to resources on a single computer only.

False

What is the primary purpose of groups in Active Directory?

To represent a collection of users with common permissions or rights

A _____ represents a shared printer in the domain.

printer

Match the following user account types with their characteristics:

Local user account = Authorized to access resources only on one computer Domain user account = Single logon for accessing resources in the domain Administrator account = Built-in account with full control Guest account = Limited access for temporary users

Which of the following statements about computer accounts in Active Directory is true?

They represent domain member computers and help in management.

Authentication in Active Directory checks a user's identity before assigning permissions.

True

Name one advantage of using groups for permissions in Active Directory.

Efficiency in managing user permissions

What does replication in Active Directory ensure?

Consistency of the database across locations

The first domain controller in a forest creates additional trees and domains.

True

What is the role of the Global Catalog server in Active Directory?

Facilitates domain and forest-wide searches and logon across domains.

Intrasite replication occurs between domain controllers in the same __________.

site

Match the replication types with their descriptions:

Intrasite replication = Occurs between domain controllers in the same site Intersite replication = Occurs between two or more sites Multimaster replication = Used for replacing AD objects Knowledge Consistency Checker (KCC) = Determines the replication topology

What is a key function of the Knowledge Consistency Checker (KCC)?

Determine the replication topology

Active Directory replication can only occur within a single domain.

False

What is the main advantage of having multiple domains in larger organizations?

It allows for better management of resources and security across different corporate divisions.

Study Notes

Active Directory Domain Services

• Active Directory is a Microsoft service that provides centralized authentication and authorization to network resources.
• Active Directory is used in business environments to simplify user management, control access to data and enforce company security policies.

The Role of a Directory Service

• A network directory service stores information about a computer network and offers features for retrieving and managing that information.
• Directory services can be used to find resources.

Windows Active Directory

• Active Directory features:
  • Hierarchical organization.
  • Centralized but distributed database.
  • Scalability
  • Security
  • Flexibility
  • Policy-based administration

Active Directory Structure

• Physical structure: Consists of sites and servers configured as domain controllers
• Logical structure: The directory service’s look and feel after the running organization.

What's Inside Active Directory

• Explore Active Directory using the Active Directory Administrative Center (ADAC) and Active Directory Users and Computers management console
• ADAC allows you to perform the following tasks:
  • Create and manage users, group, and computer accounts.
  • Manage OUs.
  • Connect to other domain controllers in the same or a different domain.
  • Change the domain’s functional level and enable the AD Recycle Bin.

The Active Directory Schema

• Object: A grouping of information that describes a network resource.
• Schema: Defines the type, organization, and structure of data stored in the AD database.
• Schema Classes: Define the types of objects that can be stored in Active Directory.
• Schema Attributes: Define the type of information stored in each object
• Attribute value: Information stored in each attribute.

Active Directory Container Objects

• A container object contains other objects.
• Container objects are used to organize and manage users and resources on the network.
• Container Objects can also act as administrative and security boundaries.
• Three types of container objects:
  • Organizational Units
  • Folder objects
  • Domain objects

Organizational Units

• OUs are a primary container object for organising and managing resources in a domain
• OUs can organise multiple objects into logical administrative groups that can be configured with specific policies relevant to that group
• Authority of an OU can be delegated.

Working with Forests, Trees, and Domains

• Smaller organizations most likely focus on OUs and their child objects, whereas larger organizations might require an AD structure composed of several domains, multiple trees, and even a few forests
• The first domain controller creates more than just a new domain, it also creates a new tree and the root of a new forest.

Active Directory Replication

• Replication is the process of maintaining a consistent database of information when it is distributed among several locations.
• Replication is used for updating Active Directories among domain controllers.

Active Directory Replication Cont.

• Intrasite replication: Replication between domain controllers in the same site
• Intersite replication: Occurs between two or more sites
• Multimaster replication: Used by AD for replacing AD objects
• Knowledge Consistency Checker (KCC): Runs on all DCs to determine the replication topology

The Importance of the Global Catalog Server

• The first domain controller installed in a forest is automatically designated as a Global Catalog server.
• Global Catalog servers perform the following vital functions:
  • Facilitates domain and forest-wide searches.
  • Facilitates logon across domains (Users can log on to computers in any domain by using their user principal name (UPN)).

Designing the Domain Structure

• Most small and medium businesses choose a single domain for the following reasons:
  • Simplicity
  • Lower costs
  • Easier management
  • Easier access to resources
• A single-domain structure is usually easier and less expensive than a multidomain structure.

Summary

• A Directory service is a database that stores network resource information used to manage users, computers, and resources throughout the network.
• Use server Manager to install Active Directory Domain Services (AD DS).
• Installing the first DC in a network creates a new forest and the domain is called the forest root domain.
• Active Directory data is organized as objects.
• There are two types of objects in Active Directory: container objects and leaf objects.
• Leaf objects generally represent security accounts, network resources, and GPOs
• Active Directory objects can be easily located with search functions in Active Directory Users and Computers and Windows Explorer.
• Large organizations might require multiple domains, trees, and forests.
• Directory partitions are sections of the Active Directory database that hold varied types of data and are managed by different processes
• The forest is the broadest logical Active Directory component.
• A domain is a primary identifying and administrative unit of Active Directory.

Active Directory Physical Structure

• An Active Directory site is a physical location where domain controllers communicate and replicate information.
• Domain controllers store a copy of the domain data and replicate changes to all other domain controllers.
• Domain controllers provide data search and retrieval functions for users attempting to locate objects within the directory.
• Domain controllers provide authentication and authorization services for users who log on to the domain and attempt to access network resources.

Active Directory’s Logical Structure

• Four main logical components in Active Directory:
  • Organizational Units (OUs)
  • Domains
  • Trees
  • Forests

Organizational Units (OUs)

• An OU is a container used to organize users, resources, and computers into logical administrative units
• OUs contain these Active Directory objects:
  • User accounts
  • Groups
  • Computer accounts
  • Printers
  • Shared folders
  • Applications
  • Servers
  • Domain controllers

Domains

• A domain represents administrative, security, and policy boundaries.
• Small to medium companies usually have one domain.
• Larger companies might have multiple domains.

Trees

• A tree is a grouping of domains that share a common naming structure.
• A tree can consist of a parent domain and one or more child domains.

Forests

• A forest is a collection of one or more Active Directory trees that provide a common Active Directory environment.
• All domains within a forest can communicate and share information.
• A forest can contain a single tree with a single domain, or several trees, each with a hierarchy of parent and child domains.

Installing Active Directory

• The Windows Active Directory service is typically referred to as Active Directory Domain Services (AD DS).
• To install AD DS, use Server Manager.
• If DNS is not present on the network, the DNS Server Role needs to be installed.

Installing Active Directory - Deployment Configuration

• Select one of these options in the Deployment Configuration window:
  • Add a domain controller to an existing domain
  • Add a new domain to an existing forest
  • Add a new forest (choose this option if it is the first DC in the network)
• You will be prompted for the fully qualified domain name (FQDN) for the new forest root.

Designing the Domain Structure

• Most small and medium businesses choose a single domain for these reasons:

  • Simplicity
  • Lower costs
  • Easier management
  • Easier access to resources

• A single-domain structure is generally simpler and less expensive than a multidomain structure.

Other Leaf Objects

• Other leaf objects commonly created in Active Directory:
  • Contact - represents a person associated with the company but not a network user
  • Printer - represents a shared printer in the domain
  • Shared folder - represents a shared folder on a computer in the network

User Accounts

• A user account object contains information such as group memberships, account restrictions, profile path, and dial-in permissions.
• Authentication confirms a user’s identity and assigns permissions and rights.
• A local user account is authorized to access resources only on that computer.
• domain user account provides a single logon for users to access resources throughout the domain.
• Windows creates two built-in user accounts:
  • Administrator
  • Guest

Groups

• A group object represents a collection of users with common permissions or rights.
• Permissions define which resources users can access and what level of access they have.
• Rights specify what types of actions a user can perform on a computer or network.
• Groups are used to assign members permissions and rights which is more efficient than assigning permissions and rights to each user separately.

Computer Accounts

• A computer account object represents a computer that's a domain controller or domain member.
• Computer accounts are used to identify, authenticate, and manage computers in the domain.

Working with Forests, Trees, and Domains

• Smaller organizations most likely focus on OUs and their child objects.
• Larger organizations might require an Active Directory structure with several domains, multiple trees, and even multiple forests.
• The first domain controller creates a new domain, tree, and the root of a new forest.

Active Directory Replication

• Replication is the process of maintaining a consistent database of information when the database is distributed across multiple locations.
• Intrasite replication occurs between domain controllers in the same site.
• Intersite replication occurs between two or more sites.
• Multimaster replication is used by Active Directory for replacing Active Directory objects.
• Knowledge Consistency Checker (KCC) runs on all DCs to determine the replication topology

The Importance of the Global Catalog Server

• The first domain controller installed in a forest is automatically designated as a Global Catalog server.
• Global Catalog servers performs the following vital functions:
  • Facilitates domain and forest-wide searches
  • Facilitates logon across domains (Users can log on to computers in any domain by using their user principal name (UPN).

Description

This quiz explores the fundamental concepts of Active Directory Domain Services, including its purpose, structure, and features. Learn about the hierarchical organization, centralized database, and the role of a directory service in managing network resources effectively.