Windows Active Directory Overview

Questions and Answers

What is the purpose of a directory service in a network?

To manage user access rights and permissions. (correct)

To provide centralized data storage for applications.

To facilitate seamless communication between devices.

To enhance network security through encryption.

Which protocol does the Lightweight Directory Access Protocol (LDAP) use?

Transmission Control Protocol (TCP) (correct)

Hypertext Transfer Protocol (HTTP)

File Transfer Protocol (FTP)

Remote Procedure Call (RPC)

What distinguishes leaf objects from container objects in Active Directory?

Leaf objects can contain other objects, while container objects cannot.

Leaf objects are strictly user accounts, unlike container objects.

Leaf objects can be replicated, while container objects are not.

Leaf objects do not have child objects, whereas container objects do. (correct)

What is an Organizational Unit (OU) in Active Directory?

A grouping of users and resources for easier management.

What is the function of the Global Catalog (GC) in a forest?

To provide a searchable catalog of all objects across domains.

Which tool is utilized to install the Active Directory Domain Services (ADDS) role?

Server Manager

What is an FQDN, and why is it important when setting up a domain?

It specifies the unique location of a server in the DNS namespace.

What is the role of the Knowledge Consistency Checker (KCC)?

To automate the generation of replication topology.

What is the purpose of adding a child domain in an existing forest?

To share at least the top-level and second-level domain name structure with an existing domain.

Which feature of the Active Directory Administrative Center (ADAC) allows for the connection to other domain controllers?

Connect to other domain controllers in the same or a different domain

What does the AD Recycle Bin enable within Active Directory?

To restore deleted objects without downtime.

Which command structure is behind each action performed in ADAC?

PowerShell commands

What is a critical consideration when deciding if a Domain Controller (DC) should be a global catalog server?

The impact on logon performance and directory searches.

What must be done after the installation of Active Directory is complete?

Promote the server to a Domain Controller

Which option should you select if this is the first Domain Controller in the network?

Add a new forest

What is required when entering the directory services restore mode password?

It must be a complex password with special characters.

What does the DNS delegation enable during the Active Directory installation?

It enables Windows to create necessary DNS records.

Why does Microsoft recommend having at least two Domain Controllers in every domain?

For fault tolerance and load balancing.

What does specifying the NetBIOS domain name during the installation process accomplish?

Allows Windows to provide backward compatibility.

What type of account capabilities can be selected in the Domain Controller Options window?

Read-only domain controller (RODC)

What is the primary difference when installing an additional Domain Controller compared to the first?

You select 'Add a domain controller to an existing domain.'

What type of user account allows access to resources only on a specific computer?

Local user account

Which zone type contains a read/write master copy of all resource records?

Primary zone

In Active Directory, what does replication help maintain?

Consistency of the database

What is the primary purpose of a Group Policy Object (GPO)?

To configure operating environments remotely

Which folder under Policies in GPO contains settings for application management?

Software Settings

What must match the name of the computer it represents in Active Directory?

Computer account object

Which type of Active Directory partition contains user and computer objects?

Domain partition

What does a stub zone contains relative to resource records?

Only SOA and NS records

What is the effect of a trust relationship in Active Directory?

Defines access across domains

How are the operations master roles best described?

Requires a single domain controller for specific tasks

Which built-in user accounts does Windows create by default?

Administrator and Guest

What type of user configuration in GPO cannot be overridden by users?

Policies folder settings

What is the primary function of the Active Directory schema?

To define the type, organization, and structure of data stored

Which of the following is NOT a type of container object in Active Directory?

Network Resources

What advantage does nesting Organizational Units (OUs) provide?

Mimics the corporate structure for easier management

Which folder object is used for computer accounts in Active Directory?

Computers

What type of object typically represents a single network resource in Active Directory?

Leaf Object

What is a key characteristic of security account objects in Active Directory?

They include user, group, and computer accounts

Which of the following statements about domain objects is TRUE?

Every domain object has a unique Group Policy Object (GPO) linked to it

What is the primary role of a container object in Active Directory?

To contain other objects and manage network resources

Which folder object contains default groups created by Windows?

Builtin

What can authority over an Organizational Unit (OU) be used for?

To delegate administrative tasks and permissions

What is the effect of policies defined in the User Configuration node?

They only impact domain users within the GPO’s scope.

In what order are Group Policies applied?

Local Computer, Site, Domain, Organizational Unit

What happens to policies that are not defined or configured?

They do not get applied at all.

What is true about the AD Recycle Bin feature?

Once enabled, it remains enabled without the option to disable.

Which folder in the User Configuration node allows for application assignment or publishing?

Software Settings

What is the primary identifying and administrative unit of Active Directory?

Domain

What does the Policy based QoS node in the User Configuration specifically manage?

Quality of Service for applications

What is a directory partition in Active Directory?

A section of the Active Directory database for data management.

Which component is considered the broadest logical structure in Active Directory?

Forest

What does Active Directory utilize to maintain the structure of its directory service?

X.500 standard and LDAP

What is a primary feature of Active Directory's physical structure?

It consists of sites and servers configured as domain controllers.

Which of the following best describes an Organizational Unit (OU) in Active Directory?

A logical container to organize users and resources.

In which scenario would a company typically have multiple domains within its Active Directory?

If it has several geographical regions or diverse administrative responsibilities.

What role does a domain controller (DC) serve in an Active Directory environment?

It runs Windows Server with the Active Directory Domain Services role installed.

Which component of Active Directory is the highest level of hierarchical structure?

Forest

What is a primary function of the Active Directory's hierarchical organization?

To enforce centralized configuration management.

What must be done if DNS is not already established on the network before installing Active Directory Domain Services (ADDS)?

Install the DNS Server Role.

Which protocol provides a more efficient means for accessing directory service objects in Active Directory?

Lightweight Directory Access Protocol (LDAP)

What distinguishes a 'Tree' in Active Directory from a 'Forest'?

A Tree is a collection of domains sharing a common naming structure, while a Forest encompasses multiple trees.

What is the main advantage of having a centralized management tool like Active Directory?

It simplifies resource management and access control across the network.

What is the principal benefit of integrating other operating systems into an Active Directory network?

Utilization of the Lightweight Directory Access Protocol (LDAP)

Which component of Active Directory primarily represents administrative and policy boundaries?

Domains

What characterizes a tree in the context of Active Directory?

A grouping of domains with a common naming structure

In installing Active Directory Domain Services (ADDS), what role must be present if DNS is not already configured?

DNS Server Role

What is the purpose of an Active Directory site?

To facilitate communication and replication between domain controllers

Which of the following describes the logical structure of Active Directory?

A pattern that reflects the organizational structure it supports

What does the hierarchical organization in Active Directory allow administrators to do?

Implement different security policies for different users at any level

Which of the following statements about Active Directory replication is true?

Knowledge Consistency Checker (KCC) optimizes replication by defining a topology with no more than three hops.

Which folder under the Computer Configuration node in a GPO includes security settings related to user rights?

Windows Settings

Which type of trust relationship allows users from one domain to access resources in another domain without additional permissions?

Transitive Trust

What is the primary function of a secondary zone in DNS configuration?

It contains a read-only copy of all resource records for the zone.

Which of the following best describes the role of the Global Catalog in Active Directory?

It facilitates searches by containing all objects in the forest with their attributes.

What is the purpose of specifying a NetBIOS domain name during Active Directory installation?

To ensure compatibility with legacy systems that do not support DNS.

During the installation of Active Directory, what is a critical step taken in the DNS options window?

Creating the DNS delegation.

Which option must be selected to add a new domain controller in an existing Active Directory domain?

Add a domain controller to an existing domain.

What information must you enter when prompted for the fully qualified domain name (FQDN) during installation?

The complete domain name including all parts of the name.

What capability must be carefully considered when configuring a new Domain Controller?

Whether to install a read-only domain controller (RODC).

Which of the following best describes what happens after reviewing selections in the Active Directory installation process?

A prerequisite check is performed before installation begins.

What is a required step when adding a new domain controller to ensure proper functioning of Active Directory?

Determining whether to install DNS.

What aspect of Active Directory does the Directory Services Restore Mode (DSRM) password pertain to?

Restoring Active Directory after corruption.

What are the two variations of adding a domain to an existing forest?

Adding a child domain and adding a new tree

Which task can be performed using the Active Directory Administrative Center (ADAC)?

Create and manage users, groups, and computer accounts

What is a characteristic of the commands executed in ADAC?

Each command corresponds to an underlying PowerShell command.

What is a critical consideration when determining the location of a new Domain Controller (DC)?

The DC's location should provide optimal replication across all other DCs.

What advantage does using Active Directory Users and Computers MMC provide?

It enables the creation and management of user accounts and OUs.

Which feature in Active Directory is used to enable the deletion recovery of objects?

AD Recycle Bin

Which aspect of a Domain Controller (DC) can affect its role as a Global Catalog (GC) server?

Whether the DC is a read-only domain controller

What does the integration of PowerShell in ADAC facilitate?

Executing administrative tasks with a graphical interface.

What is the role of a read-only domain controller (RODC)?

To provide authentication services while minimizing security risks.

Which PowerShell feature in ADAC allows users to review previously executed commands?

PowerShell History pane

What is the primary distinction of schema classes within Active Directory?

They represent the types of objects permissible in Active Directory.

What role do organizational units (OUs) play in managing resources within Active Directory?

They allow for grouping of objects and delegation of administration.

Which of the following is NOT a type of default folder object created in Active Directory?

Printers

What characteristic defines a leaf object in Active Directory?

It typically correlates to network resources or security accounts.

Which of the following statements about domain objects in Active Directory is true?

Each domain can be administratively independent from others.

What is the main function of schema attributes in Active Directory?

They specify what information can be stored in an object.

What is a unique feature of the 'Foreign Security Principals' folder object?

It holds user accounts for group members of external domains.

Which describes the nature of container objects in Active Directory?

They can organize other objects and establish administrative boundaries.

What is a primary purpose of nesting OUs within Active Directory?

To mimic the corporate structure for simplified management.

Which of the following accurately reflects the role of the Active Directory schema?

It defines and structures the data types and relationships in AD.

Study Notes

Directory Service Role

• A directory service is a centralized repository of information about users, computers, and other resources in a network.
• Careful planning is crucial for directory services setup to ensure scalability, security, and efficiency.
• Directory services provide a centralized management tool, but due to complexity, requires careful planning prior to setup.
• Directory services store information about a computer network, and offer features for retrieving and managing that information.

Windows Active Directory (AD)

• Lightweight Directory Access Protocol (LDAP) is a protocol used by directory services to access and manage their data. It uses TCP/IP.
• Three key features of Active Directory:
  • Centralized directory: Stores information about all the network resources.
  • Scalability: Can support large numbers of users, computers, and resources.
  • Security: Provides granular control over access permissions.
• Active Directory's hierarchical structure is based on a logical organizational model, not physical locations.
• Policy-based administration in Active Directory allows administrators to manage user permissions, settings, and configurations uniformly across the entire network by creating policy rules.
• Windows Active Directory was first used in Windows 2000 Server.

Active Directory Physical and Logical Structures

• The physical structure of Active Directory is composed of:
  • Servers
  • Networks
  • Sites
  • hardware
• A Domain Controller (DC) is a server that stores and replications the information about users, computers, and resources in the directory service. It also manages the network.
• Each domain controller contains a full replica of the objects that make up the domain and is responsible for: Storing a copy of the domain data, replicating changes to that data, providing data search and retrieval functions, and providing authentication and authorization services.
• An Organizational Unit (OU) is a container object in Active Directory used to organize users, computers, and resources into logical groups.
• A tree is a collection of domains that share a common naming context. A forest is a collection of trees.
• An Active Directory site is a physical location in which domain controllers communicate and replicate information periodically.

Installing Active Directory

• Active Directory Domain Services (ADDS) is installed using the Server Manager tool.
• To install ADDS, use Server Manager. If DNS is not already present on the network, install the DNS Server Role.
• A Fully Qualified Domain Name (FQDN) is the complete internet domain name with the host name, used to uniquely identify a server or computer within a domain.
• Adding a domain controller to an existing domain joins a new server to the established domain structure, while creating a new forest establishes a completely independent domain structure.. Promoting a server to a Domain Controller (DC).
• Click the notifications flag in Server Manager and click "Promote this server to a DC".

Inside Active Directory

• The Active Directory schema defines the structure and types of objects which can exist within the directory.
• Three examples of container objects: Organizational Unit (OU), Domain, and Tree.
• Leaf objects contain data, while container objects hold other objects.
• The Active Directory Administrative Center (ADAC) streamlines management tasks by providing a graphical interface for organizing users, groups, and resources.

Replication and Directory Partitions

• Intrasite replication is the copying of data between servers within the same site. Intersite replication is copying data between different sites.
• Five directory partition types:
  • Domain Partition: Contains all objects in a domain (users, groups, computers, OUs)
  • Schema Partition: Stores the structure and definitions of the directory objects.
  • Configuration Partition: Stores configurations that are not relevant to the user base.
  • Global Catalog Partition: Holds a partial replica of all the objects in the forest.. Crucial for cross-domain searches.
  • Application Directory Partition: Stores information that benefits from application and services.. Allows apps to store data tailored to their needs.
• The Knowledge Consistency Checker (KCC) ensures consistency between different copies of the directory data across different sites/servers.

FSMO Roles and Trust Relationships

• Five FSMO roles:
  • Infrastructure Master; Domain Naming Master; Schema Master; RID Master,PDC Emulator Master
• A trust relationship between domains allows users and computers in one domain to access resources in another domain.
• Users cannot access resources across domains without a trust relationship because there is no established way to authorize or authenticate outside of the domain boundary.

Global Catalog and Group Policies

• The Global Catalog (GC) provides a centralized repository of user and computer information across the entire forest.. Enables fast cross-domain searches.
• Two default GPOs created when AD is installed:
  • Default Domain Policy
  • Default Domain Controllers Policy
• Group policies are applied in a defined order, creating a hierarchical structure with priority, with the last one set taking precedence.

PowerShell Commands

• Get-ADForest is used to view FSMO roles across the entire forest.
• Get-ADDomain is used to retrieve information about a specific domain.

Description

Explore the fundamental concepts of Windows Active Directory, including its role as a directory service and its benefits for network management. This quiz covers key features such as scalability, security, and policy-based administration to enhance your understanding of directory services.