Active Directory Structure Overview

Questions and Answers

What is the purpose of the schema in Active Directory?

To define the types, organization, and structure of data stored in the AD database (correct)

To define user permissions within the domain

To create and manage user accounts

To facilitate communication between different domains

Which of the following tasks can be performed using the Active Directory Administrative Center (ADAC)?

Change the functional level of a domain (correct)

Monitor network traffic across the domain

Install Windows Server on a new machine

Configure firewall settings

What does an object represent in Active Directory?

A grouping of information that describes a network resource (correct)

A list of active sessions in the network

A compilation of various user accounts

A specific user defined by unique login credentials

Which console is used for Active Directory Users and Computers management?

Microsoft Management Console (MMC)

Which of the following is NOT a function of the Active Directory Administrative Center (ADAC)?

Change network topologies

What defines the type of information stored in each object in Active Directory?

Schema attributes

Which of the following is NOT one of the container objects found in Active Directory?

User Accounts

What is the primary purpose of an Organizational Unit (OU) in Active Directory?

To organize and manage resources in a domain

What can be delegated within an Organizational Unit?

Administrative authority

How do container objects in Active Directory assist in network management?

By acting as organization structures that can manage users and resources

What is the primary function of a domain controller within an Active Directory site?

To store a full replica of the domain and manage user logins

Which component is NOT part of the organizing structure of Active Directory?

Virtual Machines

What does an Organizational Unit (OU) contain?

Any type of Active Directory object including users, computers, and printers

Which statement is true regarding domains within Active Directory?

Domains represent boundaries for administrative and policy control

What is the purpose of replicating changes among domain controllers in a domain?

To ensure that all domain controllers have consistent and updated information

In what scenario would a larger company utilize multiple domains?

To separate administrative responsibilities or geographical locations

Which objects can be found within an Organizational Unit (OU)?

User accounts, groups, and domain controllers

What role do Active Directory sites play in domain controller communication?

They define the physical boundaries of data geographical distribution.

What is the primary purpose of nesting Organizational Units (OUs) in Active Directory?

To mimic the corporate structure for easier object management

Which folder object is the default location for computer accounts in a domain?

Computers

What type of accounts are stored in the 'Foreign Security Principals' folder?

User accounts from other domains

Which of the following statements about Active Directory leaf objects is true?

They usually represent security accounts, network resources, or GPOs.

What is contained within the 'Users' folder object in Active Directory?

Default groups and two users: Administrator and Guest

In Active Directory, what is a core logical structure that includes OUs and folder container objects called?

Domain Objects

Which of the following is NOT a leaf object in Active Directory?

Organizational units

Why might larger companies use multiple domains in Active Directory?

To define security and policy boundaries

What type of user account allows access only to resources on the specific computer?

Local user account

Which of the following objects in Active Directory represents a shared network printer?

Leaf object

What purpose do group objects serve in Active Directory?

They streamline permission assignments.

What does authentication verify in the context of user accounts?

The user's identity

Which of the following best describes a domain user account?

It provides single logon access across the domain.

What feature distinguishes a computer account in Active Directory?

It signifies a domain member or domain controller.

What is a primary benefit of using groups for permissions in Active Directory?

It reduces the complexity of managing permissions.

Which built-in user account is typically used for guest access in Windows Server?

Guest

Study Notes

Active Directory Physical Structure

• An Active Directory site is a physical location where domain controllers communicate and replicate information.
• Each domain controller:
  • Stores a copy of the domain data and replicates changes to all other domain controllers.
  • Provides data search and retrieval functions for users.
  • Provides authentication and authorization services for users.

Active Directory Logical Structure

• Active Directory is organized into four components:
  • Organizational units (OUs)
  • Domains
  • Trees
  • Forests
• OU is a container that organizes users and resources into logical administrative units.

Active Directory Objects

• OUs contain Active Directory objects such as user accounts, groups, computer accounts, printers, shared folders, applications, servers, and domain controllers.
• A domain represents administrative, security, and policy boundaries
• Small to medium companies usually have one domain while larger companies may have several domains to separate geographical regions or administrative responsibilities.

Active Directory Administrative Center (ADAC)

• Use ADAC to:
  • Create and manage users, groups, and computer accounts.
  • Manage OUs.
  • Connect to other domain controllers.
  • Change the domain’s functional level and enable the AD Recycle Bin.

Active Directory Schema

• An object is a grouping of information that describes a network resource.
• The schema defines the types of objects that can be stored in Active Directory and what type of information is stored in each object.
• Schema classes define the types of objects in Active Directory.
• Schema attributes define the type of information stored in each object.
• The information stored in each attribute is called the attribute value.

Active Directory Container Objects

• Container objects contain other objects and are used to organize and manage users and resources on the network.
• Container objects act as administrative and security boundaries.
• Three container objects are found in AD:
  • Organizational Units
  • Folder Objects
  • Domain objects

Organizational Units (OU)

• An OU is a primary container object for organizing and managing resources in a domain.
• OUs can be used to organize objects into logical administrative groups that can be configured with specific policies.
• Authority of an OU can be delegated.
• Nesting OUs builds a hierarchical Active Directory structure that mimics the corporate structure for easier object management.

Folder Objects

• Folder objects are created by default and contain different objects.
• Five default folder objects are:
  • Builtin - houses default groups created by Windows
  • Computers - default location for computer accounts
  • Foreign Security Principals - contains user accounts from other domains
  • Managed Service Accounts - created specifically for services to access domain resources
  • Users - Stores two default users (Administrator and Guest) and several default groups

Domain Objects

• Domain objects are the core logical structure in AD, and they contain OU and folder container objects as well as leaf objects.
• Larger companies may use multiple domains to separate administration, define security boundaries, and define policy boundaries.

Active Directory Leaf Objects

• Leaf objects don’t contain other objects; they represent security accounts, network resources, or a Group Policy Object (GPO).
• Security account objects include users, groups, and computers.
• Network resource objects include servers, domain controllers, file shares, printers, etc.

Other Active Directory Leaf Objects

• Other commonly created leaf objects include:
  • Contact - a person associated with the company but not a network user.
  • Printer - represents a shared printer in the domain.
  • Shared folder - represents a shared folder on a computer in the network.

User Accounts

• A user account object contains information such as group memberships, account restrictions, profile path, and dial-in permissions.
• Authentication confirms a user’s identity, and then the account is assigned permissions and rights.
• Local user accounts are authorized to access resources only on that computer.
• Domain user accounts enable a single logon for users to access all resources in the domain.
• Windows creates two built-in user accounts: Administrator and Guest.

Active Directory Groups

• Group objects represent a collection of users with common permissions or rights.
• Permissions define which resources users can access and what level of access they have.
• Rights specify what types of actions a user can perform on a computer or network.
• Groups are used to assign members permissions and rights.
• More efficient than assigning permissions and rights to each user separately.

Computer Accounts

• A computer account object represents a computer that’s a domain controller or domain member.
• Computer accounts are used to identify, authenticate, and manage computers in the domain.

Description

Quizzing your knowledge on the physical and logical structures of Active Directory, this quiz covers key components like sites, organizational units, and domain controllers. Understand how these elements interact and function within an organization's network architecture.