Understanding Active Directory Features

Questions and Answers

PDF Questions PDF Answers

What is the primary function of schema attributes in Active Directory?

To define types of objects

To store user passwords

To manage security settings

To define what type of information is stored in each object (correct)

A container object in Active Directory cannot store other objects.

False

Name the three types of container objects found in Active Directory.

Organizational Units, Folder Objects, Domain objects

An __________ is a primary container object for organizing resources in a domain.

Organizational Unit

Match the following container objects with their description:

Organizational Units = Primary container for organizing resources Folder Objects = Used to store files and resources Domain objects = Represent the domain within Active Directory

What purpose does the Active Directory Schema serve?

It defines the types and organization of data stored in Active Directory.

The Active Directory Administrative Center (ADAC) can only manage users and computers in the same domain.

False

What can an administrator do using the Active Directory Administrative Center (ADAC)?

Create and manage users, groups, and computer accounts.

The schema in Active Directory defines the types of __________ that can be stored.

objects

Match the following Active Directory tasks with their descriptions:

Create users = Setting up new user accounts in the directory Manage OUs = Organizing users and groups into hierarchical structures Change domain functional level = Adjusting the domain's feature set and compatibility Enable AD Recycle Bin = Restoring deleted objects in Active Directory

What is the primary role of Active Directory in a business environment?

Centralized authentication and authorization

Active Directory only allows authentication for local resources.

False

What are the components of Active Directory's physical structure?

Sites and servers configured as domain controllers

Active Directory can be described as a __________ but __________ database.

centralized, distributed

Match the following features of Active Directory with their descriptions:

Hierarchical organization = Structured way of managing resources Scalability = Ability to grow with user needs Security = Protection of data and resources Policy-based administration = Management of user access and permissions

Which of the following is NOT a feature of Active Directory?

Remote access management

Active Directory is exclusively used for managing user data.

False

Define what a directory service does in a network.

Stores information about a computer network and offers features for retrieving and managing that information.

Which of the following is NOT a type of leaf object commonly created in Active Directory?

User account

A local user account can access resources on multiple computers in the domain.

False

What are the two built-in user accounts created by Windows?

Administrator and Guest

A group object in Active Directory represents a collection of users with common ______.

permissions or rights

Match the following objects with their definitions:

Contact = A person associated with the company but not a network user Printer = Represents a shared printer in the domain Shared folder = Represents a shared folder on a computer in the network Computer account = Represents a computer that’s a domain controller or member

What is the primary purpose of a group object in Active Directory?

Represent collection of users with common permissions

Authentication in Active Directory does not involve confirming a user’s identity.

False

What type of account provides a single logon for users to access all resources in the domain?

Domain user account

What does the first domain controller create upon its installation?

A new tree and root of a new forest

Intrasite replication occurs between domain controllers in different locations.

False

What mechanism does Active Directory use to determine the replication topology?

Knowledge Consistency Checker (KCC)

The first domain controller installed in a forest is designated as a __________.

Global Catalog server

Match the Active Directory replication type with its description:

Intrasite replication = Replication within the same site Intersite replication = Replication between different sites Multimaster replication = Allows replacing Active Directory objects Knowledge Consistency Checker (KCC) = Determines the replication topology

What primary function does the Global Catalog server NOT perform?

Maintains exclusive ownership of all AD objects

Larger organizations typically only focus on Organizational Units (OUs) for their Active Directory structure.

False

What is the main purpose of Active Directory replication?

To maintain a consistent database of information across multiple locations.

Study Notes

Role of Active Directory

• Active Directory is a centralized authentication and authorization service from Microsoft.
• It helps control user access to data and enforce company security policies.

Active Directory Features

• Active Directory provides a hierarchical organization of network resources.
• It utilizes a centralized but distributed database structure allowing for scalability.
• It emphasizes security, flexibility, and policy-based administration.

Directory Service

• A directory service stores and manages information about a computer network.
• It provides features for retrieving and managing this information.
• It is considered an administrative tool.

Active Directory Structure

• It consists of physical structures such as sites and servers acting as domain controllers.
• It also includes logical structure which defines the organization's look and feel within the directory service.

Working with Active Directory

• The Active Directory Administrative Center (ADAC) is used for managing and creating user, group, and computer accounts.
• It also allows managing Organizational Units (OUs).
• Using ADAC, you can connect to other domain controllers within the same or a different domain.
• It enables changing the domain's functional level and activating the AD Recycle Bin.

Active Directory Schema

• An object is a data grouping that describes a network resource.
• The schema defines the object types, organization, and structure of data stored within the AD database.
• Schema classes define the types of objects that can be stored in Active Directory.
• Schema attributes define the information stored in each object.
• The information within each attribute is called the attribute value.

Active Directory Container Objects

• Container objects hold other objects.
• They serve to organize and manage users and resources within the network.
• They act as administrative and security boundaries.
• There are three main types of container objects in AD: Organizational Units (OUs), Folder Objects, and Domain Objects.

Organizational Units (OUs)

• OUs are primary container objects for organizing and managing resources within a domain.
• OUs can organize multiple objects into logical administrative groups.
• They can be configured with specific policies relevant to the group.
• The authority of an OU can be delegated.

Other Leaf Objects

• Some leaf objects commonly created in AD include:
  • Contact - a person associated with the company but not a network user.
  • Printer - represents a shared printer within the domain.
  • Shared Folder - represents a shared folder on a computer within the network.

User Accounts

• User account objects include information like group memberships, account restrictions, profile path, and dial-in permissions.
• Authentication confirms the user's identity.
• Once identity is confirmed, permissions and rights are assigned.
• Local user accounts are authorized to access resources only on a specific computer.
• Domain user accounts provide a single login for users to access all resources within the domain.
• Windows creates two built-in user accounts: Administrator and Guest.

Groups

• A group object represents a collection of users with shared permissions or rights.
• Permissions define the level of access users have to resources.
• Rights specify the types of actions a user can perform within a network or on a computer.
• Groups simplify the process of assigning permissions and rights to members.

Computer Accounts

• A computer account object represents a computer that acts as a domain controller or domain member.
• It's used to identify, authenticate, and manage computers within the domain.

Forests, Trees, and Domains

• Smaller organizations typically focus on OUs and their child objects.
• Larger organizations might require an AD structure composed of multiple domains, trees, and forests.
• The initial domain controller installation creates a new domain, tree, and serves as the root for a new forest.

Active Directory Replication

• Replication maintains a consistent database of information when the database is distributed across locations.
• Intrasite replication is between domain controllers within the same site.
• Intersite replication occurs between two or more sites.
• Multimaster replication is used for replacing AD objects within the directory service.
• The Knowledge Consistency Checker (KCC) runs on all DCs, determining the replication topology.

Global Catalog Server

• The first domain controller installed in a forest is automatically designated as a Global Catalog server.
• Global Catalog servers have these key functions:
  • They facilitate domain and forest-wide searches.
  • They enable logon access across domains.
  • Users can log on to computers in any domain using their user principal name (UPN).

Description

This quiz explores the fundamental aspects of Active Directory, including its role in user authentication and access control. Participants will learn about its hierarchical organization, security features, and how it serves as a directory service for managing network resources.