Active Directory Quiz

Questions and Answers

What is one of the tasks you can perform using the Active Directory Administrative Center (ADAC)?

Install new software applications

Create and manage users, groups, and computer accounts (correct)

Change the internet connection settings

Defragment hard drives

A read-only domain controller (RODC) can accept write operations from clients.

False

What are the two variations to adding a domain to an existing forest?

Add a child domain and add a new tree.

Active Directory Administrative Center (ADAC) is built on __________.

PowerShell

Match the following tasks with their corresponding descriptions:

Create users = Establish identities for individuals in a domain Manage OUs = Organize and structure object hierarchy in Active Directory Change domain functional level = Adjust the capabilities of the domain features Enable AD Recycle Bin = Restore deleted objects in Active Directory

Which of the following is NOT a feature of Active Directory?

Cloud storage integration

Active Directory is based on the LDAP protocol.

True

What are the four organizing components of Active Directory?

Organizational Units (OUs), Domains, Trees, Forests

An Active Directory tree consists of a grouping of domains that share a common ________ structure.

naming

Match the following Active Directory components with their descriptions:

Organizational Units (OUs) = Container for organizing resources Domains = Core structural unit of Active Directory Trees = Grouping of domains with a common naming structure Forests = Collection of one or more Active Directory trees

What is the primary role of a domain controller (DC) in Active Directory?

Managing Active Directory objects and user authentication

A single Active Directory forest can contain multiple domains.

True

When was Windows Active Directory first introduced?

Windows 2000 Server

The Lightweight Directory Access Protocol (LDAP) utilizes the more efficient _______ protocol.

TCP/IP

What is the purpose of the Active Directory Domain Services (ADDS)?

Directory service for network resource management

What is the first step after installing Active Directory?

Configure Active Directory

Choosing the option 'Add a new domain to an existing forest' is necessary when installing the first domain controller in the network.

False

What does FQDN stand for?

Fully Qualified Domain Name

A boot mode used to perform restore operations on Active Directory is known as ___

Directory Services Restore Mode

Which of the following is NOT one of the options to select in the Domain Controller Options window?

Primary Domain Controller (PDC)

It is recommended by Microsoft to have at least one domain controller in every domain for fault tolerance.

False

What is the purpose of creating DNS delegation during Active Directory installation?

To allow Windows to create necessary records on the DNS server for the new domain.

What is the primary purpose of the Active Directory schema?

To define the structure and organization of data

A leaf object in Active Directory can contain other objects.

False

Name one type of container object found in Active Directory.

Organizational Unit (OU)

The __________ contains user accounts from other domains added as members of the local domain’s groups.

Foreign Security Principals

Match the following container objects to their descriptions:

Organizational Units = Group of objects organized for management Folder Objects = Default locations for specific types of accounts Domain Objects = Core logical structure containing other objects Leaf Objects = Single instances representing accounts or resources

Which type of object can be nested to create a hierarchical structure in Active Directory?

Organizational Units

A container object can also act as an administrative boundary.

True

What is one example of a default folder object in Active Directory?

Users

The information stored in each attribute is called the __________ value.

attribute

Which of the following is NOT a function of a domain object in Active Directory?

Storing file shares

Which of the following best describes where Group Policies can be applied?

Local Computer, Site, Domain, Organizational Unit

Policies defined in the User Configuration node affect all computers in the Active Directory.

False

The broadest logical Active Directory component is called the __________.

forest

Match the following types of Active Directory objects with their descriptions:

Container objects = Holds groups and organizational units Leaf objects = Represents security accounts and resources Domains = Primary administrative units Forests = Broadest logical component of Active Directory

Which setting is NOT found under the User Configuration node?

User Accounts

Once the Active Directory Recycle Bin is enabled, it can be disabled again at any time.

False

How are policies applied in Active Directory?

In a specific order: Local Computer, Site, Domain, Organizational Unit.

The settings in the __________ node allow administrators to control user environments remotely.

Computer Configuration

What type of data is stored in directory partitions of Active Directory?

Varied types of data managed by different processes

Which type of zone in Active Directory contains a read-only copy of all resource records for the zone?

Secondary zone

A local user account can access resources on any computer in the domain.

False

What is the main function of a trust relationship in Active Directory?

Defines access to resources across domains.

A __________ contains all objects in a domain, including users and groups.

domain directory partition

Match the following Active Directory terms with their definitions:

GPO = List of settings for user and computer configuration FSMO roles = Special roles for domain controllers KCC = Tool for determining replication topology Global Catalog = Facilitates forest-wide searches

Which command in PowerShell is used to view domain-wide FSMO roles?

Get-AD Domain

Each GPO can be overridden by users if they have sufficient permissions.

False

What are the two built-in user accounts created by Windows?

Administrator and Guest

The __________ role is responsible for managing the schema in Active Directory.

Schema Master

What best describes a computer account object in Active Directory?

A representation of a computer in a domain.

Intrasite replication occurs between domain controllers in different sites.

False

Name the main node types within a Group Policy Object.

Computer Configuration and User Configuration

Each domain in a forest shares a single __________.

schema

Match the following directory partition types with their descriptions:

Schema directory partition = Contains information needed to define AD objects Configuration partition = Holds configuration information for the entire forest Global catalog partition = Partial replica of all objects in the forest Application directory partition = Used by applications to hold beneficial information

Study Notes

Windows Domain Administration - Overview

• Windows Domain Administration is a course focusing on managing computer networks.
• The course is taught by Professor Denis Latremouille.
• Week 03 focuses on the role of directory services and Windows Active Directory.

The Role of a Directory Service

• A network directory service manages computer network information.
• It facilitates retrieval and management of this information.
• Often serves as an administrative tool, though users also access it for resource locating.
• Directory services require careful planning before implementation due to their complexity.

Windows Active Directory

• Active Directory is a directory service based on standards.
• It defines, stores, and accesses directory service objects.
• Its structure is hierarchical, based on the X.500 system.
• It uses LDAP, a lightweight protocol, built on X.500.
• It utilizes a more efficient TCP/IP protocol.
• Integrating other operating systems (like Linux) into an Active Directory network requires LDAP.
• Initially implemented in Windows 2000 Server.

Windows Active Directory Features

• Features a hierarchical organization.
• Stores data in a centralized but distributed database.
• Supports scalability.
• Offers security measures.
• Provides flexibility in configuration.
• Enables policy-based administration.

Overview of the Active Directory Structure

• Physical structure comprises sites and servers configured as domain controllers.
• Logical structure mirrors the organizational structure for a user-friendly experience.

Active Directory's Physical Structure

• An Active Directory site is a physical location where domain controllers communicate and replicate periodically.
• A domain controller (DC) is a computer running Windows Server 2016 with the Active Directory Domain Services role installed.
• Each DC contains a full replica of domain objects and handles replicating changes.
• These controllers provide data searching and retrieval.
• They also provide authentication and authorization services to users accessing network resources.

Active Directory's Logical Structure

• Active Directory components include Organizational Units (OUs), domains, trees, and forests.
• OUs organize users and resources into logical administrative units.
• Examples of objects found within OUs include user accounts, groups, computer accounts, printers, shared folders, applications, servers, and domain controllers.
• Domains are the core structural units of Active Directory.
• They contain OUs and represent administrative, security and policy boundaries.
• Small to medium companies typically have a single domain.
• Larger companies often have multiple domains to manage geographically dispersed or functionally distinct parts of the company.
• Trees group related domains into a hierarchical structure.
• Forests are a collection of one or more trees that support communication and sharing of information between domains within the trees.

Installing Active Directory

• Installing ADDS (Active Directory Domain Services) often requires Server Manager.
• Installing DNS Server is sometimes necessary if it is not already present on the network.
• A new Active Directory configuration on a server requires selecting certain options.
• These options include adding a domain controller to an existing domain, adding new domains to an existing forest or starting a new forest entirely.
• Users will be prompted for specific domain names, including FQDN (fully qualified domain name)
• Appropriate functional levels for forest, and domain must be set
• The DSRM (Directory Services Restore Mode) password needs to be entered.
• Windows does a prerequisite check before starting the installation.

Installing Additional Domain Controllers

• Microsoft recommends at least two domain controllers (DCs) for fault tolerance and load balancing.
• Installing additional DCs in an existing domain involves selecting "Add a domain controller to an existing domain" rather than "Add a new forest."

Installing a New Domain in an Existing Forest

• Adding a new domain involves either adding a child domain or a new tree.
• Child domains share top-level and second-level naming structure with existing domains.
• New trees have separate naming structures from existing domains.

What's Inside Active Directory

• Active Directory can be accessed through Active Directory Administrative Center (ADAC) or Active Directory Users and Computers MMC.
• ADAC is based on PowerShell.
• ADAC provides tools for managing users, groups, and computer accounts.
• Managing OUs (organizational units).
• Connecting with other domain controllers in the same or different domains.
• Changing the domain's functional level and enabling the AD Recycle Bin.

The Active Directory Schema

• Objects are collections of network resource information.
• Schema defines type, organization, and structure of data in the Active Directory database.
• Schema classes outline the types of objects in Active Directory.
• Schema attributes specify the information stored in each object.
• Attribute values are the information stored in each attribute.

Active Directory Container Objects

• Container objects hold other objects, used for organizing and managing resources on a network..
• Organizational units (OUs), folder objects, and domain objects are container objects within Active Directory.

Organizational Units

• OUs are primary container objects for organizing resources in a domain.
• OUs organize multiple objects into logical administrative groups for policy configuration.
• OU authority can be delegated.
• Nesting OUs in Active Directory creates a hierarchical structure that resembles corporate structures.

Folder Objects

• Default folder objects (builtin, computers, etc.) are created in a domain.
• Foreign Security Principals folder holds users from different domains that are included in a local domain's groups.
• Managed Service Accounts store accounts assigned for specific services needing to access resources on a domain.
• The Users folder stores default users (Administrator and Guest).

Domain Objects

• The domain is Active Directory's core logical structure.
• It includes OUs, folder objects as well as leaf objects.
• Larger companies use multiple domains to define areas of administrative control.
• Each domain generally has a default GPO (Group Policy Object)
• Domains in Active Directory are depicted by an icon with 3 towers in Active Directory Users and Computers (ADUC).

Active Directory Leaf Objects

• Leaf objects do not contain other objects.
• They represent security accounts, network resources, or GPOs.

User Accounts

• User account objects contain information such as group memberships, account restrictions, profile path, and dial-in permissions.
• User authentication confirms a user's identity and appropriate rights
• Local user accounts are authorized to access resources on the single computer where they are logged on.
• Domain user accounts allow access to resources throughout entire domain.
• Windows creates two built-in accounts: Administrator and Guest.

Zone Type

• Primary zone contains read/write master copy of all resource records for the zone, authoritative.
• Secondary zone contains read-only copy of all the resource records and is authoritative.
• Stub zone contains read-only copy of just the SOA (Start of Authority) and NS (Name Server) records, and A records, not authoritative.

Groups

• Group objects represent collections of users with shared permissions or rights.
• Permissions specify resources users can access and what level of access they have.
• Rights specify actions users can perform on a computer or network.
• Groups streamline permission assignment compared to assigning individual users..

Computer Accounts

• A computer account object represents a domain member computer (or domain controller).
• Used for identifying, authenticating, and managing domain computers.
• Created automatically upon AD installation on a server.
• The computer account's name must match the physical computer's name.

Locating Active Directory Objects

• Objects can be searched (via the Find Users, Contacts, and Groups dialog box) within a specified domain or across all domains in the directory.
• Results depend on users' container and security settings.

Active Directory Terminology

• Replication is the process that consistently maintains information in a distributed database.
• Directory partitions are the segments of an Active Directory database.
• Operations masters manage Active Directory functions.
• Trust relationships determine access from other domains.

Active Directory Replication

• Maintains a consistent database distributed across various locations.
• Intrasite replication happens between controllers in the same site.
• Intersite replication occurs between multiple sites.
• Multimaster replication enables replacing Active Directory objects.
• Knowledge Consistency Checker runs on all domain controllers to establish an appropriate replication topology ensuring that no more than 3 hops are involved in the replication process.

Directory Partitions

• Sections of the Active Directory database.
• Domain partition contains all objects within a domain.
• Schema partition contains information required to define Active Directory objects and attributes.
• Global catalog partition is a partial replica of all objects in the forest.
• Application partition stores application-specific information.
• Configuration partition holds Active Directory configuration information affecting all the objects in a forest.

Operations Master Roles

• Designated servers manage specific activities.
• Flexible Single Master Operation (FSMO) roles may include Schema Master, Infrastructure master, Domain Naming master, RID master, and PDC Emulator master.
• Responsibility for these roles can be transferred to different controllers as required.

Trust Relationships

• Trust relationships determine a domain's access to resources in other domain environments.
• Active Directory automatically establishes trust relationships among domains within a forest.

The Role of Forests

• All domains in a forest share common schema, admin accounts, global catalog, trusts, and replication.

The Importance of the Global Catalog Server

• The first domain controller automatically becomes the Global Catalog server.
• Additional global catalog servers can be configured.
• Global Catalog servers provide fast searches across the entire domain or forest.
• Users can log in to computers from various domains using their user principal names (UPNs).
• Facilitates access to universal groups membership information.

Introducing Group Policies

• Group Policy Objects (GPO) are lists of configuration settings for users and computer configurations.
• GPOs are applied to computers or containers of similar function within an organization.
• Installing Active Directory creates two default GPOs: Default Domain Policy and Default Domain Controllers Policy.
• GPOs can be viewed, created and managed via the Group Policy Management console.

The Computer Configuration Node

• Three folders within the Policies folder for computer configurations:
• Software Settings: installs and remotely manages applications.
• Windows Settings: contains various settings such as Name Resolution Policy, Security Settings, Scripts extension, Policy-based QoS.
• Administrative Templates: configures control panel, network, printer, system and component settings.

The User Configuration Node

• Policies folder contains similar configuration options affecting domain users:
• Software Settings manages application packages.
• Windows Settings can include scripts, security and security settings, folder redirection.
• Policy-based QoS: controls quality of service associated with network traffic.
• Administrative Templates: allow admins to configure users' and their computer environment configurations .

How Group Policies Are Applied

• GPOs apply in a specific order: Local Computer, Site, Domain, and Organizational Unit.
• Policies not explicitly defined are not applied
• The last applicable policy takes precedence.

Chapter Summary

• Directory service stores information about network resources and is used for managing users, computers, and resources.
• Active Directory is based on X.500 Standard and LDAP.
• Server Manager is used to install and set up an Active Directory infrastructure.
• A new Active Directory installation in a network creates a root domain in a new forest.
• Objects are the fundamental components in Active Directory. Objects are categorized into container and leaf categories.
• Leaf objects represent security accounts, network resources, and GPOs.
• The Active Directory Recycle Bin is a feature that can be enabled but after enabling it, it can't be disabled.

Description

Test your knowledge on Active Directory concepts, features, and components with this quiz. Learn about tasks performed using the Active Directory Administrative Center and the structure of domains and forests. Perfect for IT professionals seeking to strengthen their understanding of directory services.