Active Directory Structure Overview

Questions and Answers

What is stored in each attribute of an object in a schema?

Attribute value (correct)

Schema classes

Attribute name

Container object

An Organizational Unit (OU) can be used to organize multiple objects into logical administrative groups.

True

Name one type of container object found in Active Directory.

Organizational Unit

A container object in Active Directory can act as administrative and ______ boundaries.

security

Match the following attributes with their descriptions:

Organizational Units = Primary container for managing resources Folder Objects = Used to store files and applications Domain objects = Represents the network environment Container Objects = Organizes and manages users and resources

What is a tree in the context of Active Directory?

A grouping of domains that share a common naming structure

A single forest can contain multiple Active Directory trees.

True

What does AD DS stand for?

Active Directory Domain Services

What is the primary purpose of Active Directory?

Centralized authentication and authorization

To install Active Directory Domain Services, you must use ______.

Server Manager

Which of the following is NOT an option during the Deployment Configuration of AD DS?

Create a subnet for active directory

Active Directory only stores user information.

False

What are the two types of structure in Active Directory?

Physical structure and logical structure

You must install the DNS Server Role before installing Active Directory if DNS is not present.

True

What do you need to provide for the new forest root during installation?

Fully qualified domain name (FQDN)

Active Directory supports ________-based administration.

policy

Match the following features of Active Directory with their descriptions:

Hierarchical organization = Organizes information in a structured way Centralized database = Single source of truth for user information Scalability = Adaptable to growing organization needs Security = Controls access and protects data

Match the following terms with their definitions:

Tree = A grouping of domains that share a common naming structure Forest = A collection of one or more Active Directory trees AD DS = Active Directory Domain Services FQDN = Fully Qualified Domain Name

Which of the following is NOT a feature of Active Directory?

Real-time processing

Active Directory uses a distributed database model.

True

What do forests, trees, and domains represent in Active Directory?

Hierarchy of networked resources

What is the primary purpose of nesting OUs in Active Directory?

To create a hierarchical structure for object management

The 'Users' folder object in Active Directory contains only a few default users.

True

What are the default groups housed within the 'Builtin' folder object?

Default groups created by Windows.

A leaf object in Active Directory usually represents a ______.

Security account, network resource, or Group Policy Object (GPO).

Match the following folder objects with their descriptions:

Builtin = Contains default groups created by Windows Computers = Default location for computer accounts Foreign Security Principals = Houses user accounts from other domains Managed Service Accounts = For services accessing domain resources

Which of the following is NOT a type of object that a leaf object can represent?

Folder

A domain in Active Directory can only contain one organizational unit (OU).

False

What is the role of the 'Computers' folder object in Active Directory?

It is the default location for computer accounts created when a new computer or server joins the domain.

What is created when the first domain controller is installed in a forest?

A new tree and a new forest

Intersite replication refers to replication that occurs within the same site.

False

What is the function of a Global Catalog server?

Facilitates domain and forest-wide searches and logons across domains.

The Knowledge Consistency Checker (KCC) runs on all __________ to determine the replication topology.

Domain Controllers (DCs)

Match the following types of replication with their descriptions:

Intrasite replication = Replication within the same site Intersite replication = Replication between different sites Multimaster replication = Replacement of AD objects Knowledge Consistency Checker (KCC) = Determines replication topology

What is one primary benefit of Active Directory replication?

Maintains a consistent database across locations

Larger organizations typically require a simpler Active Directory structure.

False

What enables users to log on to computers in any domain within the forest?

User Principal Name (UPN)

What is the primary purpose of Active Directory?

Manage network resources and user accounts

True or False: Active Directory manages Organizational Units (OUs) to centralize user authentication and policy management.

True

What does ADAC stand for and what is its primary use?

Active Directory Administrative Center; it is used to manage users, groups, and computer accounts.

The _______ defines the types of objects that can be stored in Active Directory.

schema

Match the following Active Directory functionalities with their descriptions:

Creating users = Enables administrators to add new user accounts Managing OUs = Organizes users and resources hierarchically Changing domain functional level = Modifies capabilities and features of the domain Enabling AD Recycle Bin = Allows recovery of deleted objects

What must be installed if DNS is not already present on the network before setting up Active Directory Domain Services?

DNS Server Role

A tree in Active Directory consists of one or more domains sharing a common naming structure.

True

What is the purpose of a Global Catalog server in Active Directory?

To provide a searchable, partial representation of every object in the forest.

During the installation of a new forest, you will be prompted for the fully qualified ______ name (FQDN).

domain

Match each type of Active Directory structure with its definition:

Tree = A grouping of domains with a common name structure Forest = A collection of one or more Active Directory trees Domain = The basic unit of Active Directory that contains users and resources Child Domain = A domain that is part of a larger parent domain

Which of the following options is NOT available during the Deployment Configuration of Active Directory Domain Services?

Remove an existing domain

A forest can consist of multiple trees, each with their hierarchy of parent and child domains.

True

What is the first component created when installing a domain controller in a new forest?

The first domain in the new forest

What is the primary role of a domain controller in Active Directory?

To replicate domain data to all other domain controllers

An organizational unit (OU) cannot contain other OUs.

False

What are the four organizing components of Active Directory?

Organizational Units, Domains, Trees, Forests

A domain serves as a boundary for ______, security, and policy settings.

administration

Match the following Active Directory object types with their descriptions:

User Accounts = Accounts representing individual users Groups = Collections of user accounts for easier management Shared Folders = Folders accessible to users over the network Domain Controllers = Servers that authenticate and authorize users

Which of the following is considered a leaf object in Active Directory?

User Account

Active Directory only contains domain controllers as its core components.

False

What enables users to log on to computers in any domain within the forest?

Trust Relationships

Which of the following is NOT a type of leaf object in Active Directory?

User account

Domain user accounts allow access to resources only on the local computer.

False

What type of user account is limited to access resources only on the local computer?

Local user account

A group object represents a collection of users with common ______ or rights.

permissions

Match the following user account types with their descriptions:

Local user account = Access resources only on the local computer Domain user account = Access to all resources in the domain Administrator account = Full control over the domain Guest account = Limited access to resources

What does the computer account object primarily represent?

A computer that is a domain controller or domain member

Groups in Active Directory are beneficial as they allow for assigning permissions individually to each user.

False

What is a shared folder in Active Directory?

It represents a shared folder on a computer in the network.

What is the process of maintaining a consistent database of information among several locations called?

Replication

The first domain controller in a forest is designated as a Global Catalog server.

True

What are the two types of replication in Active Directory?

Intrasite and Intersite replication

The Knowledge Consistency Checker (KCC) runs on all __________ to determine the replication topology.

Domain Controllers

Which of the following is a function of a Global Catalog server?

Facilitating domain and forest-wide searches

Match the following types of replication with their descriptions:

Intrasite replication = Replication between domain controllers in the same site Intersite replication = Replication that occurs between two or more sites Multimaster replication = Replication mechanism for replacing AD objects

Multimaster replication is used exclusively for synchronizing data within the same site.

False

What does the Global Catalog server facilitate for users across domains?

Logon using their user principal name (UPN)

Which of the following is NOT a component used to organize the logical structure of Active Directory?

Nodes

What is the primary purpose of the Active Directory Administrative Center (ADAC)?

To manage users, groups, and computers

A domain in Active Directory can contain multiple Organizational Units (OUs).

True

The Active Directory Schema defines the types of objects that can be stored in Active Directory.

True

What is the primary function of a domain controller in Active Directory?

To store a copy of the domain data and manage authentication.

What is the Active Directory Users and Computers management console primarily used for?

To manage user and computer accounts in Active Directory.

An Active Directory site is a physical location where domain controllers ______.

communicate and replicate information

Match the following objects with their types in Active Directory:

User Account = Leaf Object Organizational Unit = Container Object Domain = Container Object Printer = Leaf Object

The ______ defines the types, organization, and structure of data stored in the Active Directory database.

schema

Which of the following describes an Organizational Unit (OU) in Active Directory?

A container for organizing users and resources

Match the following AD management tools with their primary functions:

Active Directory Administrative Center = Creating and managing accounts Active Directory Users and Computers = Managing organizational units and accounts Group Policy Management = Configuring security settings DNS Manager = Managing domain name system settings

Active Directory sites are primarily used to group domains for improved security.

False

Name two types of objects contained within an Organizational Unit (OU).

User accounts and Computer accounts

Which option should you select if it is your first domain controller in the network?

Add a new forest

The DNS Server Role must always be installed before Active Directory Domain Services can be set up.

False

What does FQDN stand for?

Fully Qualified Domain Name

A ______ is a collection of one or more Active Directory trees.

forest

Which of the following is a feature of Active Directory’s tree structure?

Trees share a common naming structure.

Match the following terms with their definitions:

Domain = A logical grouping of network objects Child Domain = A domain that is part of a tree hierarchy Parent Domain = The primary domain in a tree Forest = A collection of one or more Active Directory trees

All domains in a forest can communicate and share information.

True

What are the two main structures in Active Directory?

Trees and forests

Which of the following types of container objects can be found in Active Directory?

Organizational Units

An Organizational Unit (OU) can delegate authority to manage its contained objects.

True

What is the term used for the information stored in each attribute of an object in a schema?

attribute value

A ______ object in Active Directory can be used to organize users and resources.

container

Match the following container objects with their descriptions:

Organizational Units = Primary container for organizing a domain's resources Folder Objects = Logical containers for holding other objects Domain Objects = Represents a security boundary and its resources Security Groups = Used to manage user permissions and rights

What is the main purpose of Active Directory replication?

To maintain a consistent database across multiple locations.

Intrasite replication occurs between domain controllers in different sites.

False

What role does the Knowledge Consistency Checker (KCC) play in Active Directory?

Determines the replication topology.

The first domain controller in a forest creates a new ______ and the root of a new forest.

tree

Match the following Active Directory replication types with their descriptions:

Intrasite replication = Replication within the same site Intersite replication = Replication between different sites Multimaster replication = Allows multiple domain controllers to accept changes Knowledge Consistency Checker = Determines the replication topology

What essential function does a Global Catalog server provide?

Facilitates logon across domains using UPN.

A Global Catalog server is created when a new domain controller is added to a forest.

False

What must be present for Active Directory Domain Services (AD DS) to be installed?

DNS Server

Study Notes

Active Directory Structure

• Hierarchical Organization Active Directory utilizes a hierarchical structure, featuring domains and organizational units (OUs). These structures simplify user management and control access to data.
• Centralized, Distributed Database Active Directory employs a centralized, distributed database, ensuring all changes and information are consistent throughout the directory.
• Scalability Active Directory can scale to support large numbers of users, devices, and services. It can be expanded and adapted to meet an organization’s growing needs.
• Security Active Directory is designed with robust security features, implementing permissions, authentication, and authorization for secure network access.

Active Directory Logical Structure

• Tree A group of domains sharing a common naming structure with a potential for parent and child domains.
• Forest A collection of Active Directory trees providing a shared environment. All domains can communicate and exchange information. It can contain one or more trees, each with a parent-child hierarchy.

Installing Active Directory

• Active Directory Domain Services (AD DS) The Windows Active Directory service is commonly named as AD DS.
• Server Manager The installation of AD DS is done via Server Manager.
• DNS Server Role If DNS is not already installed, you must first install the DNS Server role in your network.
• Deployment Configuration Options AD DS installation offers three options:
  • Add a domain controller to an existing domain
  • Add a new domain to an existing forest
  • Add a new forest (select this if it’s the first domain controller in the network)
• Fully Qualified Domain Name (FQDN) You’ll be prompted for the FQDN for the new forest root. An FQDN includes all parts of the domain name.

Active Directory Objects

• Container Objects These objects hold other objects, organized for managing resources on the network. They act as administrative and security boundaries.
• Organizational Units (OUs) An OU facilitates the management of resources in a domain.
• Folder Objects Five default folder objects serve various purposes: Builtin (housing default groups), Computers (default storage for domain member computers), Foreign Security Principals (holding user accounts from other domains), Managed Service Accounts (created specifically for services to access domain resources), and Users (storing default users and groups).
• Domain Objects Represent the core of the AD structure, they contain OU and folder objects, as well as leaf objects.

Active Directory Leaf Objects

• Security Account Objects Users, groups, and computers are examples of security account objects.
• Network Resource Objects Servers, domain controllers, file shares, printers, and other network components.
• Group Policy Object (GPO) Controls and manages various settings.

Active Directory Replication

• Replication The process of ensuring consistent data across distributed locations.
• Intrasite Replication Replication within the same site between different network sites.
• Intersite Replication Replication across different sites.
• Multimaster Replication Used to replace Active Directory objects.
• Knowledge Consistency Checker (KCC) Runs on all domain controllers (DCs), determining the replication topology.

The Global Catalog Server

• First Domain Controller As the initial DC in a forest, this server is automatically designated as a Global Catalog server.
• Search Functionality Global Catalog servers facilitate searches spanning multiple domains and the entire forest.
• Logon Across Domains Users can access computer systems in any domain using their user principal name (UPN).

Active Directory’s Physical Structure

• Active Directory uses Sites to define physical locations where domain controllers communicate and replicate information.
• Each Domain Controller has a full replica and is responsible for replicating changes with other domain controllers, storing domain data and retrieving data for users to locate objects, and providing authentication and authorization services for users logging into the domain.

Active Directory’s Logical Structure

• Active Directory has four organizational components: Organizational Units (OUs), Domains, Trees and Forests.
• OUs are containers for organizing and managing logical groups of users and resources in the network, like user accounts, groups, computer accounts, printers, shared folders, applications, servers and domain controllers.
• A Domain defines administrative, security, and policy boundaries, small companies typically have one, while larger businesses might use multiple domains to separate geographical regions or administrative responsibilities.
• A Tree groups domains that share a common naming structure, including a parent domain and, optionally, child domains.
• A Forest is a collection of one or more trees that share the same Active Directory environment. Domains within a forest can communicate, allowing users to access resources in any domain seamlessly.

Installing Active Directory

• Active Directory Domain Services (AD DS) is installed through the Server Manager.
• If DNS is not already configured on the network, the DNS Server Role must be installed.
• During installation, you are presented with options to add a domain controller to an existing domain, create a new domain in an existing forest, or add a new forest (for the first domain controller in a network).
• You will be prompted for the fully qualified domain name (FQDN) for the new forest root.

Active Directory Components

• Use the Active Directory Administrative Center (ADAC), and the Active Directory Users and Computers (ADUC) management console to manage users, groups, computer accounts, OUs, connect to other domain controllers, change domain functional levels, and enable the AD Recycle Bin.

Active Directory Schema

• Objects in Active Directory represent network resources, and the schema defines the information structure and organization of data stored in the database.
• Schema classes define the types of objects that can be stored in Active Directory.

Active Directory Objects

• Leaf objects, such as users, groups, and computers, are stored under container objects.
• Other common leaf objects include: Contacts - people associated with the company but not network users, Printers - representing shared printers, and Shared folders - representing shared folders on computers in the network.
• User account objects contain information on group memberships, account restrictions, user profiles, and dial-in permissions.
• User accounts provide authentication and authorization to access domain resources.
• Local user accounts are specific to a machine, while domain user accounts allow single sign-on access to all resources in the domain.
• Windows creates two built-in user accounts: Administrator and Guest.
• Group objects represent collections of users with common permissions and rights that manage user access more efficiently.
• Computer account objects represent either domain controllers or domain members, they are used to identify, authenticate, and manage computers in the domain.

Working with Forests, Trees, and Domains

• Smaller organizations typically focus on OUs and their child objects, while larger organizations will need a more complex structure with multiple domains, trees, and forests.
• The first domain controller creates a new domain and automatically creates a new tree and the root of a new forest.

Active Directory Replication

• Replication is used to maintain consistency when the database is distributed across multiple locations.
• Intrasite replication occurs between domain controllers in the same site, while intersite replication occurs between different sites.
• Multimaster replication is used in AD for replacing AD objects.
• The Knowledge Consistency Checker (KCC) runs on all domain controllers to determine the replication topology.

The Global Catalog Server

• The first domain controller in a forest is automatically designated as a Global Catalog server.
• It facilitates domain and forest-wide searches, enabling users to log on to computers in any domain using their user principal name (UPN).

Active Directory Structures

• Active Directory is a directory service used for managing network resources and organizing network users and resources.
• Each domain controller contains a full replica of the objects that make up the domain and its responsible for storing a copy of the domain data, replicating changes to that data to all other domain controllers in the domain, providing data search and retrieval functions, and providing authentication and authorization services.

Active Directory Logical Structures

• Active Directory has four organizing components: Organizational Units (OUs), Domains, Trees, and Forests.
• OUs are containers used to organize a network's users and resources into logical administrative units.
• OUs can contain users, groups, computer accounts, applications, servers, and domain controllers.
• A domain represents administrative, security, and policy boundaries.
• Companies can have multiple domains to separate geographical regions or administrative responsibilities.
• A tree is a grouping of domains that share a common naming structure.
• A forest is a collection of one or more active directory trees that provide a common Active Directory environment.

Installing Active Directory

• The Windows Active Directory service is commonly referred to as Active Directory Domain Services (AD DS)
• Install the AD DS using Server Manager.
• You must install the DNS Server Role if DNS is not already present on the network.
• When installing AD DS, you have the following options:
  • Add a domain controller to an existing domain
  • Add a new domain to an existing forest
  • Add a new forest (choose this if it is the first DC in the network)

What's Inside Active Directory

• You can explore Active Directory using the Active Directory Administrative Center (ADAC) and the Active Directory Users and Computers management console.
• These tools allow you to create and manage user, group, and computer accounts.
• They allow you to manage OUs, connect to other domain controllers, change the domain's functional level, and enable the AD Recycle Bin.

Active Directory Schema

• An object is a grouping of information that describes a network resource.
• The schema defines the type, organization, and structure of data stored in the AD database.
• Schema classes define the types of objects that can be stored in Active Directory.
• Schema attributes define what type of information is stored in each object.
• Attribute values store the information for each attribute.

Active Directory Container Objects

• Container objects contain other objects
• Container objects are used to organize and manage users and resources on the network.
• Container objects act as administrative and security boundaries.
• There are three container objects in AD:
  • Organizational Units
  • Folder Objects
  • Domain Objects

Organizational Units

• OUs are primarily used to organize and manage resources in a domain.
• OUs organize multiple objects into logical administrative groups that can be configured with specific policies relevant to that group.
• The authority of an OU can be delegated.

Working with Forests, Trees, and Domains

• Small organizations focus mainly on OUs and their child objects.
• Larger organizations may require an AD structure composed of several domains, multiple trees, and even a few forests.
• The first domain controller creates more than just a new domain; it creates a new tree and the root of a new forest.

Active Directory Replication

• Replication is the process of maintaining a consistent database of information when the database is distributed among several locations.
• Intrasite replication refers to replication between domain controllers in the same site.
• Intersite replication occurs between two or more sites.
• Multimaster replication is used by AD for replacing AD objects.
• The Knowledge Consistency Checker (KCC) runs on all DCs to determine the replication topology.

The Importance of the Global Catalog Server

• The first domain controller installed in a forest is automatically designated as a Global Catalog Server.
• Global Catalog Servers facilitate domain and forest-wide searches.
• Global Catalog Servers enable users to log on to computers in any domain by using their user principal name (UPN).

Description

This quiz explores the fundamental concepts of Active Directory, including its hierarchical organization, centralized database, scalability, and security features. It also covers the logical structure, including trees and forests, providing a comprehensive understanding of how Active Directory operates.