Podcast
Questions and Answers
What is one of the tasks you can perform using the Active Directory Administrative Center (ADAC)?
What is one of the tasks you can perform using the Active Directory Administrative Center (ADAC)?
A read-only domain controller (RODC) can accept write operations from clients.
A read-only domain controller (RODC) can accept write operations from clients.
False
What are the two variations to adding a domain to an existing forest?
What are the two variations to adding a domain to an existing forest?
Add a child domain and add a new tree.
Active Directory Administrative Center (ADAC) is built on __________.
Active Directory Administrative Center (ADAC) is built on __________.
Signup and view all the answers
Match the following tasks with their corresponding descriptions:
Match the following tasks with their corresponding descriptions:
Signup and view all the answers
Which of the following is NOT a feature of Active Directory?
Which of the following is NOT a feature of Active Directory?
Signup and view all the answers
Active Directory is based on the LDAP protocol.
Active Directory is based on the LDAP protocol.
Signup and view all the answers
What are the four organizing components of Active Directory?
What are the four organizing components of Active Directory?
Signup and view all the answers
An Active Directory tree consists of a grouping of domains that share a common ________ structure.
An Active Directory tree consists of a grouping of domains that share a common ________ structure.
Signup and view all the answers
Match the following Active Directory components with their descriptions:
Match the following Active Directory components with their descriptions:
Signup and view all the answers
What is the primary role of a domain controller (DC) in Active Directory?
What is the primary role of a domain controller (DC) in Active Directory?
Signup and view all the answers
A single Active Directory forest can contain multiple domains.
A single Active Directory forest can contain multiple domains.
Signup and view all the answers
When was Windows Active Directory first introduced?
When was Windows Active Directory first introduced?
Signup and view all the answers
The Lightweight Directory Access Protocol (LDAP) utilizes the more efficient _______ protocol.
The Lightweight Directory Access Protocol (LDAP) utilizes the more efficient _______ protocol.
Signup and view all the answers
What is the purpose of the Active Directory Domain Services (ADDS)?
What is the purpose of the Active Directory Domain Services (ADDS)?
Signup and view all the answers
What is the first step after installing Active Directory?
What is the first step after installing Active Directory?
Signup and view all the answers
Choosing the option 'Add a new domain to an existing forest' is necessary when installing the first domain controller in the network.
Choosing the option 'Add a new domain to an existing forest' is necessary when installing the first domain controller in the network.
Signup and view all the answers
What does FQDN stand for?
What does FQDN stand for?
Signup and view all the answers
A boot mode used to perform restore operations on Active Directory is known as ___
A boot mode used to perform restore operations on Active Directory is known as ___
Signup and view all the answers
Which of the following is NOT one of the options to select in the Domain Controller Options window?
Which of the following is NOT one of the options to select in the Domain Controller Options window?
Signup and view all the answers
It is recommended by Microsoft to have at least one domain controller in every domain for fault tolerance.
It is recommended by Microsoft to have at least one domain controller in every domain for fault tolerance.
Signup and view all the answers
What is the purpose of creating DNS delegation during Active Directory installation?
What is the purpose of creating DNS delegation during Active Directory installation?
Signup and view all the answers
What is the primary purpose of the Active Directory schema?
What is the primary purpose of the Active Directory schema?
Signup and view all the answers
A leaf object in Active Directory can contain other objects.
A leaf object in Active Directory can contain other objects.
Signup and view all the answers
Name one type of container object found in Active Directory.
Name one type of container object found in Active Directory.
Signup and view all the answers
The __________ contains user accounts from other domains added as members of the local domain’s groups.
The __________ contains user accounts from other domains added as members of the local domain’s groups.
Signup and view all the answers
Match the following container objects to their descriptions:
Match the following container objects to their descriptions:
Signup and view all the answers
Which type of object can be nested to create a hierarchical structure in Active Directory?
Which type of object can be nested to create a hierarchical structure in Active Directory?
Signup and view all the answers
A container object can also act as an administrative boundary.
A container object can also act as an administrative boundary.
Signup and view all the answers
What is one example of a default folder object in Active Directory?
What is one example of a default folder object in Active Directory?
Signup and view all the answers
The information stored in each attribute is called the __________ value.
The information stored in each attribute is called the __________ value.
Signup and view all the answers
Which of the following is NOT a function of a domain object in Active Directory?
Which of the following is NOT a function of a domain object in Active Directory?
Signup and view all the answers
Which of the following best describes where Group Policies can be applied?
Which of the following best describes where Group Policies can be applied?
Signup and view all the answers
Policies defined in the User Configuration node affect all computers in the Active Directory.
Policies defined in the User Configuration node affect all computers in the Active Directory.
Signup and view all the answers
The broadest logical Active Directory component is called the __________.
The broadest logical Active Directory component is called the __________.
Signup and view all the answers
Match the following types of Active Directory objects with their descriptions:
Match the following types of Active Directory objects with their descriptions:
Signup and view all the answers
Which setting is NOT found under the User Configuration node?
Which setting is NOT found under the User Configuration node?
Signup and view all the answers
Once the Active Directory Recycle Bin is enabled, it can be disabled again at any time.
Once the Active Directory Recycle Bin is enabled, it can be disabled again at any time.
Signup and view all the answers
How are policies applied in Active Directory?
How are policies applied in Active Directory?
Signup and view all the answers
The settings in the __________ node allow administrators to control user environments remotely.
The settings in the __________ node allow administrators to control user environments remotely.
Signup and view all the answers
What type of data is stored in directory partitions of Active Directory?
What type of data is stored in directory partitions of Active Directory?
Signup and view all the answers
Which type of zone in Active Directory contains a read-only copy of all resource records for the zone?
Which type of zone in Active Directory contains a read-only copy of all resource records for the zone?
Signup and view all the answers
A local user account can access resources on any computer in the domain.
A local user account can access resources on any computer in the domain.
Signup and view all the answers
What is the main function of a trust relationship in Active Directory?
What is the main function of a trust relationship in Active Directory?
Signup and view all the answers
A __________ contains all objects in a domain, including users and groups.
A __________ contains all objects in a domain, including users and groups.
Signup and view all the answers
Match the following Active Directory terms with their definitions:
Match the following Active Directory terms with their definitions:
Signup and view all the answers
Which command in PowerShell is used to view domain-wide FSMO roles?
Which command in PowerShell is used to view domain-wide FSMO roles?
Signup and view all the answers
Each GPO can be overridden by users if they have sufficient permissions.
Each GPO can be overridden by users if they have sufficient permissions.
Signup and view all the answers
What are the two built-in user accounts created by Windows?
What are the two built-in user accounts created by Windows?
Signup and view all the answers
The __________ role is responsible for managing the schema in Active Directory.
The __________ role is responsible for managing the schema in Active Directory.
Signup and view all the answers
What best describes a computer account object in Active Directory?
What best describes a computer account object in Active Directory?
Signup and view all the answers
Intrasite replication occurs between domain controllers in different sites.
Intrasite replication occurs between domain controllers in different sites.
Signup and view all the answers
Name the main node types within a Group Policy Object.
Name the main node types within a Group Policy Object.
Signup and view all the answers
Each domain in a forest shares a single __________.
Each domain in a forest shares a single __________.
Signup and view all the answers
Match the following directory partition types with their descriptions:
Match the following directory partition types with their descriptions:
Signup and view all the answers
Study Notes
Windows Domain Administration - Overview
- Windows Domain Administration is a course focusing on managing computer networks.
- The course is taught by Professor Denis Latremouille.
- Week 03 focuses on the role of directory services and Windows Active Directory.
The Role of a Directory Service
- A network directory service manages computer network information.
- It facilitates retrieval and management of this information.
- Often serves as an administrative tool, though users also access it for resource locating.
- Directory services require careful planning before implementation due to their complexity.
Windows Active Directory
- Active Directory is a directory service based on standards.
- It defines, stores, and accesses directory service objects.
- Its structure is hierarchical, based on the X.500 system.
- It uses LDAP, a lightweight protocol, built on X.500.
- It utilizes a more efficient TCP/IP protocol.
- Integrating other operating systems (like Linux) into an Active Directory network requires LDAP.
- Initially implemented in Windows 2000 Server.
Windows Active Directory Features
- Features a hierarchical organization.
- Stores data in a centralized but distributed database.
- Supports scalability.
- Offers security measures.
- Provides flexibility in configuration.
- Enables policy-based administration.
Overview of the Active Directory Structure
- Physical structure comprises sites and servers configured as domain controllers.
- Logical structure mirrors the organizational structure for a user-friendly experience.
Active Directory's Physical Structure
- An Active Directory site is a physical location where domain controllers communicate and replicate periodically.
- A domain controller (DC) is a computer running Windows Server 2016 with the Active Directory Domain Services role installed.
- Each DC contains a full replica of domain objects and handles replicating changes.
- These controllers provide data searching and retrieval.
- They also provide authentication and authorization services to users accessing network resources.
Active Directory's Logical Structure
- Active Directory components include Organizational Units (OUs), domains, trees, and forests.
- OUs organize users and resources into logical administrative units.
- Examples of objects found within OUs include user accounts, groups, computer accounts, printers, shared folders, applications, servers, and domain controllers.
- Domains are the core structural units of Active Directory.
- They contain OUs and represent administrative, security and policy boundaries.
- Small to medium companies typically have a single domain.
- Larger companies often have multiple domains to manage geographically dispersed or functionally distinct parts of the company.
- Trees group related domains into a hierarchical structure.
- Forests are a collection of one or more trees that support communication and sharing of information between domains within the trees.
Installing Active Directory
- Installing ADDS (Active Directory Domain Services) often requires Server Manager.
- Installing DNS Server is sometimes necessary if it is not already present on the network.
- A new Active Directory configuration on a server requires selecting certain options.
- These options include adding a domain controller to an existing domain, adding new domains to an existing forest or starting a new forest entirely.
- Users will be prompted for specific domain names, including FQDN (fully qualified domain name)
- Appropriate functional levels for forest, and domain must be set
- The DSRM (Directory Services Restore Mode) password needs to be entered.
- Windows does a prerequisite check before starting the installation.
Installing Additional Domain Controllers
- Microsoft recommends at least two domain controllers (DCs) for fault tolerance and load balancing.
- Installing additional DCs in an existing domain involves selecting "Add a domain controller to an existing domain" rather than "Add a new forest."
Installing a New Domain in an Existing Forest
- Adding a new domain involves either adding a child domain or a new tree.
- Child domains share top-level and second-level naming structure with existing domains.
- New trees have separate naming structures from existing domains.
What's Inside Active Directory
- Active Directory can be accessed through Active Directory Administrative Center (ADAC) or Active Directory Users and Computers MMC.
- ADAC is based on PowerShell.
- ADAC provides tools for managing users, groups, and computer accounts.
- Managing OUs (organizational units).
- Connecting with other domain controllers in the same or different domains.
- Changing the domain's functional level and enabling the AD Recycle Bin.
The Active Directory Schema
- Objects are collections of network resource information.
- Schema defines type, organization, and structure of data in the Active Directory database.
- Schema classes outline the types of objects in Active Directory.
- Schema attributes specify the information stored in each object.
- Attribute values are the information stored in each attribute.
Active Directory Container Objects
- Container objects hold other objects, used for organizing and managing resources on a network..
- Organizational units (OUs), folder objects, and domain objects are container objects within Active Directory.
Organizational Units
- OUs are primary container objects for organizing resources in a domain.
- OUs organize multiple objects into logical administrative groups for policy configuration.
- OU authority can be delegated.
- Nesting OUs in Active Directory creates a hierarchical structure that resembles corporate structures.
Folder Objects
- Default folder objects (builtin, computers, etc.) are created in a domain.
- Foreign Security Principals folder holds users from different domains that are included in a local domain's groups.
- Managed Service Accounts store accounts assigned for specific services needing to access resources on a domain.
- The Users folder stores default users (Administrator and Guest).
Domain Objects
- The domain is Active Directory's core logical structure.
- It includes OUs, folder objects as well as leaf objects.
- Larger companies use multiple domains to define areas of administrative control.
- Each domain generally has a default GPO (Group Policy Object)
- Domains in Active Directory are depicted by an icon with 3 towers in Active Directory Users and Computers (ADUC).
Active Directory Leaf Objects
- Leaf objects do not contain other objects.
- They represent security accounts, network resources, or GPOs.
User Accounts
- User account objects contain information such as group memberships, account restrictions, profile path, and dial-in permissions.
- User authentication confirms a user's identity and appropriate rights
- Local user accounts are authorized to access resources on the single computer where they are logged on.
- Domain user accounts allow access to resources throughout entire domain.
- Windows creates two built-in accounts: Administrator and Guest.
Zone Type
- Primary zone contains read/write master copy of all resource records for the zone, authoritative.
- Secondary zone contains read-only copy of all the resource records and is authoritative.
- Stub zone contains read-only copy of just the SOA (Start of Authority) and NS (Name Server) records, and A records, not authoritative.
Groups
- Group objects represent collections of users with shared permissions or rights.
- Permissions specify resources users can access and what level of access they have.
- Rights specify actions users can perform on a computer or network.
- Groups streamline permission assignment compared to assigning individual users..
Computer Accounts
- A computer account object represents a domain member computer (or domain controller).
- Used for identifying, authenticating, and managing domain computers.
- Created automatically upon AD installation on a server.
- The computer account's name must match the physical computer's name.
Locating Active Directory Objects
- Objects can be searched (via the Find Users, Contacts, and Groups dialog box) within a specified domain or across all domains in the directory.
- Results depend on users' container and security settings.
Active Directory Terminology
- Replication is the process that consistently maintains information in a distributed database.
- Directory partitions are the segments of an Active Directory database.
- Operations masters manage Active Directory functions.
- Trust relationships determine access from other domains.
Active Directory Replication
- Maintains a consistent database distributed across various locations.
- Intrasite replication happens between controllers in the same site.
- Intersite replication occurs between multiple sites.
- Multimaster replication enables replacing Active Directory objects.
- Knowledge Consistency Checker runs on all domain controllers to establish an appropriate replication topology ensuring that no more than 3 hops are involved in the replication process.
Directory Partitions
- Sections of the Active Directory database.
- Domain partition contains all objects within a domain.
- Schema partition contains information required to define Active Directory objects and attributes.
- Global catalog partition is a partial replica of all objects in the forest.
- Application partition stores application-specific information.
- Configuration partition holds Active Directory configuration information affecting all the objects in a forest.
Operations Master Roles
- Designated servers manage specific activities.
- Flexible Single Master Operation (FSMO) roles may include Schema Master, Infrastructure master, Domain Naming master, RID master, and PDC Emulator master.
- Responsibility for these roles can be transferred to different controllers as required.
Trust Relationships
- Trust relationships determine a domain's access to resources in other domain environments.
- Active Directory automatically establishes trust relationships among domains within a forest.
The Role of Forests
- All domains in a forest share common schema, admin accounts, global catalog, trusts, and replication.
The Importance of the Global Catalog Server
- The first domain controller automatically becomes the Global Catalog server.
- Additional global catalog servers can be configured.
- Global Catalog servers provide fast searches across the entire domain or forest.
- Users can log in to computers from various domains using their user principal names (UPNs).
- Facilitates access to universal groups membership information.
Introducing Group Policies
- Group Policy Objects (GPO) are lists of configuration settings for users and computer configurations.
- GPOs are applied to computers or containers of similar function within an organization.
- Installing Active Directory creates two default GPOs: Default Domain Policy and Default Domain Controllers Policy.
- GPOs can be viewed, created and managed via the Group Policy Management console.
The Computer Configuration Node
- Three folders within the Policies folder for computer configurations:
- Software Settings: installs and remotely manages applications.
- Windows Settings: contains various settings such as Name Resolution Policy, Security Settings, Scripts extension, Policy-based QoS.
- Administrative Templates: configures control panel, network, printer, system and component settings.
The User Configuration Node
- Policies folder contains similar configuration options affecting domain users:
- Software Settings manages application packages.
- Windows Settings can include scripts, security and security settings, folder redirection.
- Policy-based QoS: controls quality of service associated with network traffic.
- Administrative Templates: allow admins to configure users' and their computer environment configurations .
How Group Policies Are Applied
- GPOs apply in a specific order: Local Computer, Site, Domain, and Organizational Unit.
- Policies not explicitly defined are not applied
- The last applicable policy takes precedence.
Chapter Summary
- Directory service stores information about network resources and is used for managing users, computers, and resources.
- Active Directory is based on X.500 Standard and LDAP.
- Server Manager is used to install and set up an Active Directory infrastructure.
- A new Active Directory installation in a network creates a root domain in a new forest.
- Objects are the fundamental components in Active Directory. Objects are categorized into container and leaf categories.
- Leaf objects represent security accounts, network resources, and GPOs.
- The Active Directory Recycle Bin is a feature that can be enabled but after enabling it, it can't be disabled.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Related Documents
Description
Test your knowledge on Active Directory concepts, features, and components with this quiz. Learn about tasks performed using the Active Directory Administrative Center and the structure of domains and forests. Perfect for IT professionals seeking to strengthen their understanding of directory services.