Active Directory Quiz

Questions and Answers

What is one of the tasks you can perform using the Active Directory Administrative Center (ADAC)?

• Install new software applications
• Create and manage users, groups, and computer accounts (correct)
• Change the internet connection settings
• Defragment hard drives

A read-only domain controller (RODC) can accept write operations from clients.

False (B)

What are the two variations to adding a domain to an existing forest?

Add a child domain and add a new tree.

Active Directory Administrative Center (ADAC) is built on __________.

PowerShell

Match the following tasks with their corresponding descriptions:

Create users = Establish identities for individuals in a domain Manage OUs = Organize and structure object hierarchy in Active Directory Change domain functional level = Adjust the capabilities of the domain features Enable AD Recycle Bin = Restore deleted objects in Active Directory

Which of the following is NOT a feature of Active Directory?

Cloud storage integration (C)

Active Directory is based on the LDAP protocol.

True (A)

What are the four organizing components of Active Directory?

Organizational Units (OUs), Domains, Trees, Forests

An Active Directory tree consists of a grouping of domains that share a common ________ structure.

naming

Match the following Active Directory components with their descriptions:

Organizational Units (OUs) = Container for organizing resources Domains = Core structural unit of Active Directory Trees = Grouping of domains with a common naming structure Forests = Collection of one or more Active Directory trees

What is the primary role of a domain controller (DC) in Active Directory?

Managing Active Directory objects and user authentication (C)

A single Active Directory forest can contain multiple domains.

True (A)

When was Windows Active Directory first introduced?

Windows 2000 Server

The Lightweight Directory Access Protocol (LDAP) utilizes the more efficient _______ protocol.

TCP/IP

What is the purpose of the Active Directory Domain Services (ADDS)?

Directory service for network resource management (A)

What is the first step after installing Active Directory?

Configure Active Directory (C)

Choosing the option 'Add a new domain to an existing forest' is necessary when installing the first domain controller in the network.

False (B)

What does FQDN stand for?

Fully Qualified Domain Name

A boot mode used to perform restore operations on Active Directory is known as ___

Directory Services Restore Mode

Which of the following is NOT one of the options to select in the Domain Controller Options window?

Primary Domain Controller (PDC) (C)

It is recommended by Microsoft to have at least one domain controller in every domain for fault tolerance.

False (B)

What is the purpose of creating DNS delegation during Active Directory installation?

To allow Windows to create necessary records on the DNS server for the new domain.

What is the primary purpose of the Active Directory schema?

To define the structure and organization of data (B)

A leaf object in Active Directory can contain other objects.

False (B)

Name one type of container object found in Active Directory.

Organizational Unit (OU)

The __________ contains user accounts from other domains added as members of the local domain’s groups.

Foreign Security Principals

Match the following container objects to their descriptions:

Organizational Units = Group of objects organized for management Folder Objects = Default locations for specific types of accounts Domain Objects = Core logical structure containing other objects Leaf Objects = Single instances representing accounts or resources

Which type of object can be nested to create a hierarchical structure in Active Directory?

Organizational Units (D)

A container object can also act as an administrative boundary.

True (A)

What is one example of a default folder object in Active Directory?

Users

The information stored in each attribute is called the __________ value.

attribute

Which of the following is NOT a function of a domain object in Active Directory?

Storing file shares (D)

Which of the following best describes where Group Policies can be applied?

Local Computer, Site, Domain, Organizational Unit (C)

Policies defined in the User Configuration node affect all computers in the Active Directory.

False (B)

The broadest logical Active Directory component is called the __________.

forest

Match the following types of Active Directory objects with their descriptions:

Container objects = Holds groups and organizational units Leaf objects = Represents security accounts and resources Domains = Primary administrative units Forests = Broadest logical component of Active Directory

Which setting is NOT found under the User Configuration node?

User Accounts (D)

Once the Active Directory Recycle Bin is enabled, it can be disabled again at any time.

False (B)

How are policies applied in Active Directory?

In a specific order: Local Computer, Site, Domain, Organizational Unit.

The settings in the __________ node allow administrators to control user environments remotely.

Computer Configuration

What type of data is stored in directory partitions of Active Directory?

Varied types of data managed by different processes (A)

Which type of zone in Active Directory contains a read-only copy of all resource records for the zone?

Secondary zone (A)

A local user account can access resources on any computer in the domain.

False (B)

What is the main function of a trust relationship in Active Directory?

Defines access to resources across domains.

A __________ contains all objects in a domain, including users and groups.

domain directory partition

Match the following Active Directory terms with their definitions:

GPO = List of settings for user and computer configuration FSMO roles = Special roles for domain controllers KCC = Tool for determining replication topology Global Catalog = Facilitates forest-wide searches

Which command in PowerShell is used to view domain-wide FSMO roles?

Get-AD Domain (C)

Each GPO can be overridden by users if they have sufficient permissions.

False (B)

What are the two built-in user accounts created by Windows?

Administrator and Guest

The __________ role is responsible for managing the schema in Active Directory.

Schema Master

What best describes a computer account object in Active Directory?

A representation of a computer in a domain. (B)

Intrasite replication occurs between domain controllers in different sites.

False (B)

Name the main node types within a Group Policy Object.

Computer Configuration and User Configuration

Each domain in a forest shares a single __________.

schema

Match the following directory partition types with their descriptions:

Schema directory partition = Contains information needed to define AD objects Configuration partition = Holds configuration information for the entire forest Global catalog partition = Partial replica of all objects in the forest Application directory partition = Used by applications to hold beneficial information

Flashcards

Directory Service

A network service that stores information about computers and resources, allowing retrieval and management.

Active Directory

A directory service used in Windows, based on standards for managing network objects.

Domain Controller

A Windows Server role that stores and manages domain data, providing authentication and authorization.

Organizational Unit (OU)

A container in Active Directory used to logically organize users and resources for easier administration.

Domain

The core structural part of Active Directory, defining security, policy and administrative boundary.

Active Directory Site

A physical location where domain controllers communicate and replicate data.

Tree

A collection of domains sharing a common naming structure.

Forest

A collection of Active Directory trees providing a common Active Directory environment.

LDAP

Lightweight Directory Access Protocol - a protocol used to access and manage Active Directory.

Windows Active Directory Domain Services (ADDS)

The service used for managing Active Directory.

Promote server to DC

Converting a server into a domain controller in Active Directory.

Deployment Configuration Options

Choices for adding a domain controller, including joining existing domains or creating new ones.

Fully Qualified Domain Name (FQDN)

A complete domain name, including all parts (e.g., example.com).

Forest and Domain Functional Levels

Set standards for the features and compatibility supported by the Active Directory domain.

Domain Controller Capabilities

Features a domain controller can provide, like DNS, Global Catalog, and Read-Only Domain Controllers.

Directory Services Restore Mode (DSRM)

A boot mode for recovering Active Directory in case of corruption or accidental deletion.

DNS Delegation

Configuring DNS to recognize the new domain.

NetBIOS Domain Name

A legacy name for a domain, used for compatibility with older systems.

Child Domain

A domain added to an existing forest that shares the same top-level and second-level domain name structure as a domain already present.

New Tree Domain

A domain added to an existing forest with an entirely different naming structure from all existing domains in the forest.

What can ADAC be used for?

Creating and managing user, group, and computer accounts, managing organizational units, connecting to other domain controllers within or outside the domain, managing the functional level of the domain, and enabling the Active Directory Recycle Bin.

How is ADAC Built?

ADAC is based on PowerShell, running PowerShell commands behind the scenes for each operation.

What does the Active Directory Schema define?

The schema defines the structure, organization, and types of data stored in the Active Directory database. Think of it as the blueprint for the directory.

What do schema classes define?

Schema classes specify the different types of objects that can be stored in Active Directory, like users, groups, computers, or printers.

What are schema attributes?

Schema attributes define the specific information stored within each object, like name, username, password, or location.

What is an Active Directory container object?

A container object holds other objects, allowing for organization and management of resources on the network.

What's a common container object?

Organizational Units (OUs) are primary container objects used to group users and resources based on specific policies and administration.

What are Folder Objects?

Folder Objects are default containers that store various types of objects, like built-in groups, computer accounts, and users.

What defines the core logical structure of AD?

The domain is the fundamental structural unit in Active Directory, containing other objects, defining security and policy boundaries.

What are Active Directory leaf objects?

Leaf objects, like users, groups, computers, or printers, represent individual network resources and don't hold other objects.

What are security account objects?

These are objects representing accounts used for authentication and authorization, such as users, groups, and computers.

What are network resource objects?

These represent actual network resources, such as servers, file shares, printers, etc.

Computer Configuration Node

A section in Group Policy that applies settings to all computers in a specific Active Directory container.

User Configuration Node

A section in Group Policy that applies settings to all users in a specific Active Directory container.

Software Settings (User)

Allows administrators to assign or publish applications to users within a specific Active Directory container.

Scripts Extension (User)

Manages scripts that run for users when they log in or log out.

Security Settings (User)

Configures security policies that affect user access to network resources and applications.

Folder Redirection (User)

Allows administrators to redirect user folders like 'My Documents' to network locations for centralized storage.

Policy based QoS (User)

This section allows administrators to prioritize network traffic for specific users.

Administrative Templates (User)

Provides settings that allow administrators to control user computer and network environments.

Group Policy Application Order

Group Policies are applied in a specific order: Local Computer, Site, Domain, Organizational Unit.

Precedence Rule in GPO Application

The last policy defined in the application order takes precedence over the previous ones.

What are Group Policy Objects (GPOs)?

GPOs are lists of settings administrators use to configure user and computer operating environments remotely.

What is the scope of a GPO?

The GPO scope defines which objects a GPO affects.

What are the two main nodes in GPMC?

Computer Configuration (for computers) and User Configuration (for users).

What is the difference between Policies and Preferences folders in a GPO node?

Policies folder settings apply to users or computers and cannot be overridden by users, Preferences folder settings overrideable by users.

What is the Group Policy Management Editor (GPME)?

The GPME is used to change GPO settings.

Where are applications installed and managed in a GPO?

In the Software Settings folder under Computer Configuration node.

What is the Windows Settings folder?

The Windows Settings folder contains various settings like Name Resolution Policies, Scripts extension, Security settings, and Policy-based QoS.

What is the Administrative Templates folder?

The Administrative Templates folder contains folders for controlling various Windows components like Control Panel, Network, System, and Printers.

What is the purpose of Active Directory replication?

Replication maintains a consistent database of information across multiple locations.

What is intrasite replication?

Replication between domain controllers within the same site.

What is intersite replication?

Replication between two or more sites.

What is multimaster replication?

Used by Active Directory for replacing AD objects.

What is the purpose of the Knowledge Consistency Checker (KCC)?

The KCC runs on all domain controllers to determine the replication topology, defining the flow of changes and ensuring efficient communication.

What is a directory partition?

A section of an Active Directory database, containing different types of information.

What are the five types of directory partitions?

Domain, Schema, Global Catalog, Application, and Configuration.

Study Notes

Windows Domain Administration - Overview

• Windows Domain Administration is a course focusing on managing computer networks.
• The course is taught by Professor Denis Latremouille.
• Week 03 focuses on the role of directory services and Windows Active Directory.

The Role of a Directory Service

• A network directory service manages computer network information.
• It facilitates retrieval and management of this information.
• Often serves as an administrative tool, though users also access it for resource locating.
• Directory services require careful planning before implementation due to their complexity.

Windows Active Directory

• Active Directory is a directory service based on standards.
• It defines, stores, and accesses directory service objects.
• Its structure is hierarchical, based on the X.500 system.
• It uses LDAP, a lightweight protocol, built on X.500.
• It utilizes a more efficient TCP/IP protocol.
• Integrating other operating systems (like Linux) into an Active Directory network requires LDAP.
• Initially implemented in Windows 2000 Server.

Windows Active Directory Features

• Features a hierarchical organization.
• Stores data in a centralized but distributed database.
• Supports scalability.
• Offers security measures.
• Provides flexibility in configuration.
• Enables policy-based administration.

Overview of the Active Directory Structure

• Physical structure comprises sites and servers configured as domain controllers.
• Logical structure mirrors the organizational structure for a user-friendly experience.

Active Directory's Physical Structure

• An Active Directory site is a physical location where domain controllers communicate and replicate periodically.
• A domain controller (DC) is a computer running Windows Server 2016 with the Active Directory Domain Services role installed.
• Each DC contains a full replica of domain objects and handles replicating changes.
• These controllers provide data searching and retrieval.
• They also provide authentication and authorization services to users accessing network resources.

Active Directory's Logical Structure

• Active Directory components include Organizational Units (OUs), domains, trees, and forests.
• OUs organize users and resources into logical administrative units.
• Examples of objects found within OUs include user accounts, groups, computer accounts, printers, shared folders, applications, servers, and domain controllers.
• Domains are the core structural units of Active Directory.
• They contain OUs and represent administrative, security and policy boundaries.
• Small to medium companies typically have a single domain.
• Larger companies often have multiple domains to manage geographically dispersed or functionally distinct parts of the company.
• Trees group related domains into a hierarchical structure.
• Forests are a collection of one or more trees that support communication and sharing of information between domains within the trees.

Installing Active Directory

• Installing ADDS (Active Directory Domain Services) often requires Server Manager.
• Installing DNS Server is sometimes necessary if it is not already present on the network.
• A new Active Directory configuration on a server requires selecting certain options.
• These options include adding a domain controller to an existing domain, adding new domains to an existing forest or starting a new forest entirely.
• Users will be prompted for specific domain names, including FQDN (fully qualified domain name)
• Appropriate functional levels for forest, and domain must be set
• The DSRM (Directory Services Restore Mode) password needs to be entered.
• Windows does a prerequisite check before starting the installation.

Installing Additional Domain Controllers

• Microsoft recommends at least two domain controllers (DCs) for fault tolerance and load balancing.
• Installing additional DCs in an existing domain involves selecting "Add a domain controller to an existing domain" rather than "Add a new forest."

Installing a New Domain in an Existing Forest

• Adding a new domain involves either adding a child domain or a new tree.
• Child domains share top-level and second-level naming structure with existing domains.
• New trees have separate naming structures from existing domains.

What's Inside Active Directory

• Active Directory can be accessed through Active Directory Administrative Center (ADAC) or Active Directory Users and Computers MMC.
• ADAC is based on PowerShell.
• ADAC provides tools for managing users, groups, and computer accounts.
• Managing OUs (organizational units).
• Connecting with other domain controllers in the same or different domains.
• Changing the domain's functional level and enabling the AD Recycle Bin.

The Active Directory Schema

• Objects are collections of network resource information.
• Schema defines type, organization, and structure of data in the Active Directory database.
• Schema classes outline the types of objects in Active Directory.
• Schema attributes specify the information stored in each object.
• Attribute values are the information stored in each attribute.

Active Directory Container Objects

• Container objects hold other objects, used for organizing and managing resources on a network..
• Organizational units (OUs), folder objects, and domain objects are container objects within Active Directory.

Organizational Units

• OUs are primary container objects for organizing resources in a domain.
• OUs organize multiple objects into logical administrative groups for policy configuration.
• OU authority can be delegated.
• Nesting OUs in Active Directory creates a hierarchical structure that resembles corporate structures.

Folder Objects

• Default folder objects (builtin, computers, etc.) are created in a domain.
• Foreign Security Principals folder holds users from different domains that are included in a local domain's groups.
• Managed Service Accounts store accounts assigned for specific services needing to access resources on a domain.
• The Users folder stores default users (Administrator and Guest).

Domain Objects

• The domain is Active Directory's core logical structure.
• It includes OUs, folder objects as well as leaf objects.
• Larger companies use multiple domains to define areas of administrative control.
• Each domain generally has a default GPO (Group Policy Object)
• Domains in Active Directory are depicted by an icon with 3 towers in Active Directory Users and Computers (ADUC).

Active Directory Leaf Objects

• Leaf objects do not contain other objects.
• They represent security accounts, network resources, or GPOs.

User Accounts

• User account objects contain information such as group memberships, account restrictions, profile path, and dial-in permissions.
• User authentication confirms a user's identity and appropriate rights
• Local user accounts are authorized to access resources on the single computer where they are logged on.
• Domain user accounts allow access to resources throughout entire domain.
• Windows creates two built-in accounts: Administrator and Guest.

Zone Type

• Primary zone contains read/write master copy of all resource records for the zone, authoritative.
• Secondary zone contains read-only copy of all the resource records and is authoritative.
• Stub zone contains read-only copy of just the SOA (Start of Authority) and NS (Name Server) records, and A records, not authoritative.

Groups

• Group objects represent collections of users with shared permissions or rights.
• Permissions specify resources users can access and what level of access they have.
• Rights specify actions users can perform on a computer or network.
• Groups streamline permission assignment compared to assigning individual users..

Computer Accounts

• A computer account object represents a domain member computer (or domain controller).
• Used for identifying, authenticating, and managing domain computers.
• Created automatically upon AD installation on a server.
• The computer account's name must match the physical computer's name.

Locating Active Directory Objects

• Objects can be searched (via the Find Users, Contacts, and Groups dialog box) within a specified domain or across all domains in the directory.
• Results depend on users' container and security settings.

Active Directory Terminology

• Replication is the process that consistently maintains information in a distributed database.
• Directory partitions are the segments of an Active Directory database.
• Operations masters manage Active Directory functions.
• Trust relationships determine access from other domains.

Active Directory Replication

• Maintains a consistent database distributed across various locations.
• Intrasite replication happens between controllers in the same site.
• Intersite replication occurs between multiple sites.
• Multimaster replication enables replacing Active Directory objects.
• Knowledge Consistency Checker runs on all domain controllers to establish an appropriate replication topology ensuring that no more than 3 hops are involved in the replication process.

Directory Partitions

• Sections of the Active Directory database.
• Domain partition contains all objects within a domain.
• Schema partition contains information required to define Active Directory objects and attributes.
• Global catalog partition is a partial replica of all objects in the forest.
• Application partition stores application-specific information.
• Configuration partition holds Active Directory configuration information affecting all the objects in a forest.

Operations Master Roles

• Designated servers manage specific activities.
• Flexible Single Master Operation (FSMO) roles may include Schema Master, Infrastructure master, Domain Naming master, RID master, and PDC Emulator master.
• Responsibility for these roles can be transferred to different controllers as required.

Trust Relationships

• Trust relationships determine a domain's access to resources in other domain environments.
• Active Directory automatically establishes trust relationships among domains within a forest.

The Role of Forests

• All domains in a forest share common schema, admin accounts, global catalog, trusts, and replication.

The Importance of the Global Catalog Server

• The first domain controller automatically becomes the Global Catalog server.
• Additional global catalog servers can be configured.
• Global Catalog servers provide fast searches across the entire domain or forest.
• Users can log in to computers from various domains using their user principal names (UPNs).
• Facilitates access to universal groups membership information.

Introducing Group Policies

• Group Policy Objects (GPO) are lists of configuration settings for users and computer configurations.
• GPOs are applied to computers or containers of similar function within an organization.
• Installing Active Directory creates two default GPOs: Default Domain Policy and Default Domain Controllers Policy.
• GPOs can be viewed, created and managed via the Group Policy Management console.

The Computer Configuration Node

• Three folders within the Policies folder for computer configurations:
• Software Settings: installs and remotely manages applications.
• Windows Settings: contains various settings such as Name Resolution Policy, Security Settings, Scripts extension, Policy-based QoS.
• Administrative Templates: configures control panel, network, printer, system and component settings.

The User Configuration Node

• Policies folder contains similar configuration options affecting domain users:
• Software Settings manages application packages.
• Windows Settings can include scripts, security and security settings, folder redirection.
• Policy-based QoS: controls quality of service associated with network traffic.
• Administrative Templates: allow admins to configure users' and their computer environment configurations .

How Group Policies Are Applied

• GPOs apply in a specific order: Local Computer, Site, Domain, and Organizational Unit.
• Policies not explicitly defined are not applied
• The last applicable policy takes precedence.

Chapter Summary

• Directory service stores information about network resources and is used for managing users, computers, and resources.
• Active Directory is based on X.500 Standard and LDAP.
• Server Manager is used to install and set up an Active Directory infrastructure.
• A new Active Directory installation in a network creates a root domain in a new forest.
• Objects are the fundamental components in Active Directory. Objects are categorized into container and leaf categories.
• Leaf objects represent security accounts, network resources, and GPOs.
• The Active Directory Recycle Bin is a feature that can be enabled but after enabling it, it can't be disabled.

Description

Test your knowledge on Active Directory concepts, features, and components with this quiz. Learn about tasks performed using the Active Directory Administrative Center and the structure of domains and forests. Perfect for IT professionals seeking to strengthen their understanding of directory services.