Windows Active Directory Overview

Questions and Answers

What is the purpose of a directory service in a network?

• To manage user access rights and permissions. (correct)
• To provide centralized data storage for applications.
• To facilitate seamless communication between devices.
• To enhance network security through encryption.

Which protocol does the Lightweight Directory Access Protocol (LDAP) use?

• Transmission Control Protocol (TCP) (correct)
• Hypertext Transfer Protocol (HTTP)
• File Transfer Protocol (FTP)
• Remote Procedure Call (RPC)

What distinguishes leaf objects from container objects in Active Directory?

• Leaf objects can contain other objects, while container objects cannot.
• Leaf objects are strictly user accounts, unlike container objects.
• Leaf objects can be replicated, while container objects are not.
• Leaf objects do not have child objects, whereas container objects do. (correct)

What is an Organizational Unit (OU) in Active Directory?

A grouping of users and resources for easier management. (C)

What is the function of the Global Catalog (GC) in a forest?

To provide a searchable catalog of all objects across domains. (C)

Which tool is utilized to install the Active Directory Domain Services (ADDS) role?

Server Manager (C)

What is an FQDN, and why is it important when setting up a domain?

It specifies the unique location of a server in the DNS namespace. (C)

What is the role of the Knowledge Consistency Checker (KCC)?

To automate the generation of replication topology. (B)

What is the purpose of adding a child domain in an existing forest?

To share at least the top-level and second-level domain name structure with an existing domain. (A)

Which feature of the Active Directory Administrative Center (ADAC) allows for the connection to other domain controllers?

Connect to other domain controllers in the same or a different domain (B)

What does the AD Recycle Bin enable within Active Directory?

To restore deleted objects without downtime. (A)

Which command structure is behind each action performed in ADAC?

PowerShell commands (C)

What is a critical consideration when deciding if a Domain Controller (DC) should be a global catalog server?

The impact on logon performance and directory searches. (A)

What must be done after the installation of Active Directory is complete?

Promote the server to a Domain Controller (D)

Which option should you select if this is the first Domain Controller in the network?

Add a new forest (B)

What is required when entering the directory services restore mode password?

It must be a complex password with special characters. (C)

What does the DNS delegation enable during the Active Directory installation?

It enables Windows to create necessary DNS records. (D)

Why does Microsoft recommend having at least two Domain Controllers in every domain?

For fault tolerance and load balancing. (A)

What does specifying the NetBIOS domain name during the installation process accomplish?

Allows Windows to provide backward compatibility. (C)

What type of account capabilities can be selected in the Domain Controller Options window?

Read-only domain controller (RODC) (C)

What is the primary difference when installing an additional Domain Controller compared to the first?

You select 'Add a domain controller to an existing domain.' (C)

What type of user account allows access to resources only on a specific computer?

Local user account (A)

Which zone type contains a read/write master copy of all resource records?

Primary zone (C)

In Active Directory, what does replication help maintain?

Consistency of the database (D)

What is the primary purpose of a Group Policy Object (GPO)?

To configure operating environments remotely (D)

Which folder under Policies in GPO contains settings for application management?

Software Settings (B)

What must match the name of the computer it represents in Active Directory?

Computer account object (A)

Which type of Active Directory partition contains user and computer objects?

Domain partition (B)

What does a stub zone contains relative to resource records?

Only SOA and NS records (A)

What is the effect of a trust relationship in Active Directory?

Defines access across domains (C)

How are the operations master roles best described?

Requires a single domain controller for specific tasks (C)

Which built-in user accounts does Windows create by default?

Administrator and Guest (B)

What type of user configuration in GPO cannot be overridden by users?

Policies folder settings (C)

What is the primary function of the Active Directory schema?

To define the type, organization, and structure of data stored (A)

Which of the following is NOT a type of container object in Active Directory?

Network Resources (D)

What advantage does nesting Organizational Units (OUs) provide?

Mimics the corporate structure for easier management (B)

Which folder object is used for computer accounts in Active Directory?

Computers (D)

What type of object typically represents a single network resource in Active Directory?

Leaf Object (A)

What is a key characteristic of security account objects in Active Directory?

They include user, group, and computer accounts (D)

Which of the following statements about domain objects is TRUE?

Every domain object has a unique Group Policy Object (GPO) linked to it (D)

What is the primary role of a container object in Active Directory?

To contain other objects and manage network resources (D)

Which folder object contains default groups created by Windows?

Builtin (A)

What can authority over an Organizational Unit (OU) be used for?

To delegate administrative tasks and permissions (B)

What is the effect of policies defined in the User Configuration node?

They only impact domain users within the GPO’s scope. (D)

In what order are Group Policies applied?

Local Computer, Site, Domain, Organizational Unit (A)

What happens to policies that are not defined or configured?

They do not get applied at all. (D)

What is true about the AD Recycle Bin feature?

Once enabled, it remains enabled without the option to disable. (C)

Which folder in the User Configuration node allows for application assignment or publishing?

Software Settings (A)

What is the primary identifying and administrative unit of Active Directory?

Domain (A)

What does the Policy based QoS node in the User Configuration specifically manage?

Quality of Service for applications (A)

What is a directory partition in Active Directory?

A section of the Active Directory database for data management. (A)

Which component is considered the broadest logical structure in Active Directory?

Forest (D)

What does Active Directory utilize to maintain the structure of its directory service?

X.500 standard and LDAP (A)

What is a primary feature of Active Directory's physical structure?

It consists of sites and servers configured as domain controllers. (A)

Which of the following best describes an Organizational Unit (OU) in Active Directory?

A logical container to organize users and resources. (B)

In which scenario would a company typically have multiple domains within its Active Directory?

If it has several geographical regions or diverse administrative responsibilities. (D)

What role does a domain controller (DC) serve in an Active Directory environment?

It runs Windows Server with the Active Directory Domain Services role installed. (A)

Which component of Active Directory is the highest level of hierarchical structure?

Forest (B)

What is a primary function of the Active Directory's hierarchical organization?

To enforce centralized configuration management. (B)

What must be done if DNS is not already established on the network before installing Active Directory Domain Services (ADDS)?

Install the DNS Server Role. (A)

Which protocol provides a more efficient means for accessing directory service objects in Active Directory?

Lightweight Directory Access Protocol (LDAP) (B)

What distinguishes a 'Tree' in Active Directory from a 'Forest'?

A Tree is a collection of domains sharing a common naming structure, while a Forest encompasses multiple trees. (C)

What is the main advantage of having a centralized management tool like Active Directory?

It simplifies resource management and access control across the network. (D)

What is the principal benefit of integrating other operating systems into an Active Directory network?

Utilization of the Lightweight Directory Access Protocol (LDAP) (D)

Which component of Active Directory primarily represents administrative and policy boundaries?

Domains (C)

What characterizes a tree in the context of Active Directory?

A grouping of domains with a common naming structure (A)

In installing Active Directory Domain Services (ADDS), what role must be present if DNS is not already configured?

DNS Server Role (B)

What is the purpose of an Active Directory site?

To facilitate communication and replication between domain controllers (C)

Which of the following describes the logical structure of Active Directory?

A pattern that reflects the organizational structure it supports (D)

What does the hierarchical organization in Active Directory allow administrators to do?

Implement different security policies for different users at any level (B)

Which of the following statements about Active Directory replication is true?

Knowledge Consistency Checker (KCC) optimizes replication by defining a topology with no more than three hops. (A)

Which folder under the Computer Configuration node in a GPO includes security settings related to user rights?

Windows Settings (C)

Which type of trust relationship allows users from one domain to access resources in another domain without additional permissions?

Transitive Trust (C)

What is the primary function of a secondary zone in DNS configuration?

It contains a read-only copy of all resource records for the zone. (C)

Which of the following best describes the role of the Global Catalog in Active Directory?

It facilitates searches by containing all objects in the forest with their attributes. (B)

What is the purpose of specifying a NetBIOS domain name during Active Directory installation?

To ensure compatibility with legacy systems that do not support DNS. (D)

During the installation of Active Directory, what is a critical step taken in the DNS options window?

Creating the DNS delegation. (D)

Which option must be selected to add a new domain controller in an existing Active Directory domain?

Add a domain controller to an existing domain. (B)

What information must you enter when prompted for the fully qualified domain name (FQDN) during installation?

The complete domain name including all parts of the name. (B)

What capability must be carefully considered when configuring a new Domain Controller?

Whether to install a read-only domain controller (RODC). (D)

Which of the following best describes what happens after reviewing selections in the Active Directory installation process?

A prerequisite check is performed before installation begins. (B)

What is a required step when adding a new domain controller to ensure proper functioning of Active Directory?

Determining whether to install DNS. (C)

What aspect of Active Directory does the Directory Services Restore Mode (DSRM) password pertain to?

Restoring Active Directory after corruption. (C)

What are the two variations of adding a domain to an existing forest?

Adding a child domain and adding a new tree (B)

Which task can be performed using the Active Directory Administrative Center (ADAC)?

Create and manage users, groups, and computer accounts (B)

What is a characteristic of the commands executed in ADAC?

Each command corresponds to an underlying PowerShell command. (B)

What is a critical consideration when determining the location of a new Domain Controller (DC)?

The DC's location should provide optimal replication across all other DCs. (B)

What advantage does using Active Directory Users and Computers MMC provide?

It enables the creation and management of user accounts and OUs. (A)

Which feature in Active Directory is used to enable the deletion recovery of objects?

AD Recycle Bin (A)

Which aspect of a Domain Controller (DC) can affect its role as a Global Catalog (GC) server?

Whether the DC is a read-only domain controller (D)

What does the integration of PowerShell in ADAC facilitate?

Executing administrative tasks with a graphical interface. (C)

What is the role of a read-only domain controller (RODC)?

To provide authentication services while minimizing security risks. (B)

Which PowerShell feature in ADAC allows users to review previously executed commands?

PowerShell History pane (C)

What is the primary distinction of schema classes within Active Directory?

They represent the types of objects permissible in Active Directory. (D)

What role do organizational units (OUs) play in managing resources within Active Directory?

They allow for grouping of objects and delegation of administration. (B)

Which of the following is NOT a type of default folder object created in Active Directory?

Printers (D)

What characteristic defines a leaf object in Active Directory?

It typically correlates to network resources or security accounts. (A)

Which of the following statements about domain objects in Active Directory is true?

Each domain can be administratively independent from others. (A)

What is the main function of schema attributes in Active Directory?

They specify what information can be stored in an object. (B)

What is a unique feature of the 'Foreign Security Principals' folder object?

It holds user accounts for group members of external domains. (D)

Which describes the nature of container objects in Active Directory?

They can organize other objects and establish administrative boundaries. (C)

What is a primary purpose of nesting OUs within Active Directory?

To mimic the corporate structure for simplified management. (B)

Which of the following accurately reflects the role of the Active Directory schema?

It defines and structures the data types and relationships in AD. (A)

Flashcards

Active Directory (AD)

A centralized directory service used to manage users, computers, and resources in a network.

Domain Controller (DC)

A server that stores and manages Active Directory data for a specific domain.

Organizational Unit (OU)

A container object in Active Directory used to logically group users, computers, and other objects.

Lightweight Directory Access Protocol (LDAP)

A protocol used to access directory services, like Active Directory, over a network.

Forest

The highest level of Active Directory's hierarchical structure, encompassing multiple domains.

Replication

The process of copying directory data between domain controllers to ensure consistency.

Policy-based Administration

Using policies to control and manage Active Directory settings and user access permissions.

Global Catalog (GC)

A domain controller that stores frequently accessed directory data to speed up searches.

Child Domain

A new domain within a forest that shares the same top-level and second-level domain name structure as an existing domain.

New Tree

A new domain in a forest with a completely different naming structure than existing domains.

Global Catalog Server (GC)

A type of domain controller that stores frequently accessed information from the entire forest, making searches faster.

Read-Only Domain Controller (RODC)

A domain controller that can only read Active Directory information, not write to it. It can be used in remote locations with limited connectivity.

Active Directory Administrative Center (ADAC)

A tool used to manage and configure Active Directory, including users, groups, computers, and organizational units. It uses PowerShell commands and provides a graphical interface.

Directory Service

A network service storing information about a network, offering features to manage and access that information. Primarily used for administration, but users can access it for resources.

Windows Active Directory

A directory service based on X.500 standards to define, store, and access directory service objects. It's based on LDAP (Lightweight Directory Access Protocol) for efficient communication.

Active Directory Features

Features include hierarchical organization, centralized but distributed database, scalability, security, flexibility, and policy-based administration.

Active Directory Site

A physical location where domain controllers communicate and replicate information regularly.

Domain Controller

A computer running Windows Server, responsible for storing and managing Active Directory data for a specific domain.

Active Directory's Purpose

To manage user accounts, computers, printers, applications, and network resources in a centralized and secure way.

Domains

The core structuring unit of Active Directory, representing administrative, security, and policy boundaries. Typically, smaller companies have one domain, while larger ones may have several.

Trees

A grouping of domains sharing a common naming structure. A tree can have a parent domain and multiple child domains.

What are the options for adding a domain controller?

When configuring Active Directory, you can choose to add a domain controller to an existing domain, add a new domain to an existing forest, or add a new forest. Each option has different implications for your network's organization and structure.

What is an FQDN?

A Fully Qualified Domain Name (FQDN) includes all parts of a domain name, such as 'server.example.com'. It is used to uniquely identify a server or device on a network.

What are Domain Controller Capabilities?

Domain controllers can be configured with different capabilities, such as serving as a DNS server, a Global Catalog, or a Read Only Domain Controller (RODC). These capabilities determine the role and functionality of the domain controller in the network.

What is DSRM?

Directory Services Restore Mode (DSRM) is a boot mode used to restore Active Directory if data is lost or corrupted. It requires a password for access.

What is DNS Delegation?

Creating a DNS delegation allows Windows to create the necessary DNS records on the DNS server for a new domain.

What is a NetBIOS Domain Name?

A NetBIOS domain name is used for backward compatibility with older systems that don't use DNS. It is a short, simpler name for a domain.

Why are multiple Domain Controllers recommended?

Having multiple domain controllers in a domain improves fault tolerance and load balancing. If one DC fails, other DCs can take over its responsibilities.

How does installing additional domain controllers differ from installing the first one?

When installing additional DCs, you select 'Add a domain controller to an existing domain' instead of 'Add a new forest'. The process is similar, but the focus is on expanding an existing domain.

What is an object in Active Directory?

An object is a collection of information representing a network resource, like a user account, computer, or printer.

What is the Active Directory Schema?

The schema defines the structure, types, and organization of data stored in the Active Directory database.

Schema Classes

Schema classes define the types of objects that can be stored in Active Directory, like user accounts or computers.

Schema Attributes

Schema attributes define what kind of information is stored for each object.

What is a container object in Active Directory?

A container object holds other objects. It's used for organizing and managing network resources.

Name three types of container objects.

The three main container objects in Active Directory are: Organizational Units (OUs), Folder Objects, and Domain Objects.

What is an Organizational Unit (OU)?

An OU is a primary container for organizing and managing resources within a domain. It allows you to apply specific policies to groups of objects.

What's the purpose of Folder Objects?

Folder Objects hold default groups, computers, and users in a domain.

What is a Domain Object?

The domain is the core structure of Active Directory. It contains other objects, like OUs and folders, and has its own default policies.

What is a leaf object in Active Directory?

A leaf object doesn't contain other objects. It typically represents a user account, computer, or network resource.

Computer Configuration Node

The part of the Group Policy Object that controls computer settings. Policies here affect all computers linked to the GPO.

User Configuration Node

This part of the Group Policy Object controls user settings for users within the GPO's scope. It includes settings for software, Windows settings, and more.

Software Settings (User/Computer)

Allows administrators to assign or publish application packages to users or computers linked to the GPO.

Windows Settings (User/Computer)

Contains settings for managing user and computer configurations, including scripts, security, folder redirection, and policy-based QoS.

Administrative Templates (User/Computer)

Contains settings that enable administrators to control users' or computers' computer and network environments.

GPO Application Order

Group Policies are applied in a specific order: Local Computer, Site, Domain, Organizational Unit. Policies defined later take precedence.

AD Recycle Bin

A feature in Active Directory that allows administrators to restore deleted objects, like user accounts or computers.

What's a Group Policy Object (GPO)?

A list of settings that administrators use to manage user and computer environments remotely.

What's a Local User Account?

An account that allows access only to resources on the specific computer it was created on.

What's a Domain User Account?

An account that grants access to resources across the entire domain.

What's the purpose of user authentication?

Confirms a user's identity before granting permissions and rights.

What are the two types of directory replication?

Intrasite replication happens within the same physical site, while intersite replication occurs between different sites.

What is a primary zone?

A zone that holds the master, writable copy of all resource records. It's the authoritative source for information.

What is a secondary zone?

A zone containing a read-only copy of all resource records. It relies on the primary zone for updates.

What is a stub zone?

A zone with a read-only copy of SOA and NS records for a zone, plus essential A records for resolving NS records.

What is a directory partition?

A section of an Active Directory database that holds specific types of information.

What is a domain directory partition?

A partition containing all objects within a domain, including users, groups, computers, and more.

What is a schema directory partition?

A partition containing information about the structure and attributes of objects within AD.

What is a global catalog partition?

A partition containing a partial replica of all objects in the forest, facilitating faster searches.

What's a computer account object?

An object representing a computer that's either a domain controller or a member of a domain.

What are FSMO roles?

Five specialized roles that require a single domain controller to be responsible for a specific task.

What is a trust relationship in AD?

It defines how security principals from different domains can access resources in each other's domains.

FQDN

A fully qualified domain name (FQDN) is a domain name that includes all parts of the name, such as 'server.example.com'. It is used to uniquely identify a server or device on a network.

Domain Controller Capabilities

Domain controllers can be configured with different capabilities, such as serving as a DNS server, a Global Catalog, or a Read Only Domain Controller (RODC). These capabilities determine the role and functionality of the domain controller in the network.

DSRM

Directory Services Restore Mode (DSRM) is a boot mode used to restore Active Directory if data is lost or corrupted. It requires a password for access.

DNS Delegation

Creating a DNS delegation allows Windows to create the necessary DNS records on the DNS server for a new domain.

NetBIOS Domain Name

A NetBIOS domain name is used for backward compatibility with older systems that don't use DNS. It is a short, simpler name for a domain.

Fault Tolerance

Having multiple domain controllers in a domain improves fault tolerance. If one DC fails, other DCs can take over its responsibilities, ensuring continuous operation.

Installing New DC

Installing additional domain controllers in an existing domain involves selecting 'Add a domain controller to an existing domain' instead of 'Add a new forest'. The process is similar, but the focus is on expanding an existing domain.

Should you install DNS?

When adding a domain controller, you need to decide if it should also be a DNS server, handling domain name resolution. This decision depends on your network's needs and configuration.

What are Schema Classes?

Schema classes define the types of objects, like users or computers, that can be stored in Active Directory.

What are Schema Attributes?

Schema attributes define the specific information stored for each object, such as a user's name or a computer's IP address.

What is a container object?

A container object holds other objects, like users and computers, allowing for organized management.

What are Organizational Units (OUs)?

OUs are primary containers for organizing and managing resources within a domain. They allow for specific policy applications to groups of objects.

What are Folder Objects?

Folder Objects hold default groups, computers, and users in a domain, acting as a starting point for these objects.

What is a leaf object?

A leaf object doesn't contain any other objects. Typically it represents a specific user account, computer, or network resource.

What are the two main types of Active Directory objects?

Active Directory objects can be either container objects, which hold other objects, or leaf objects, which represent individual resources.

What's the difference between a container object and a leaf object?

Container objects group and organize other objects, while leaf objects represent single resources like users, computers, or printers.

What is Active Directory?

A directory service used for managing users, computers, and resources in a network. It's based on standards like X.500 and uses LDAP for communication.

What are Domain Controllers?

Servers responsible for storing and managing Active Directory data for a specific domain. They handle authentication and resource access requests.

What is a Forest?

The highest level in Active Directory's hierarchy. It groups multiple domains, allowing them to communicate and share information.

What is the purpose of Replication?

Ensuring consistency across multiple Domain Controllers. Changes in one DC are copied to others, keeping data synchronized.

What is Policy-Based Administration?

Using policies to control and manage Active Directory settings and user permissions. Simplifies administration by applying rules to groups.

What is a Site?

A physical location in which Domain Controllers communicate and replicate data regularly. It helps optimize data transfer and performance.

Add a Child Domain

Adding a new domain that shares the same top-level and second-level domain name structure as an existing domain in the forest.

Add a New Tree

Adding a completely new domain with a separate naming structure from any existing domains in the forest.

Domain Controller (DC) Roles

Domain Controllers can have specific roles like Global Catalog (GC) server, Read-Only Domain Controller (RODC), or a regular DC.

What factors determine DC location?

Choosing a site for your domain controller involves considering factors like its role, its accessibility for network traffic, and its proximity to other resources.

What are the two ways to add a domain to an existing forest?

You can either add a child domain, which shares the same name structure, or a new tree, which has a completely different naming structure.

What does the ADAC tool do?

The ADAC tool allows you to create and manage objects within Active Directory, like users, groups, computers, and organizational units. It also lets you manage domain settings like functional levels and the Recycle Bin.

What is PowerShell's role in ADAC?

ADAC is built on PowerShell, so every action you take in ADAC is actually executing a PowerShell command behind the scenes.

Why is ADAC useful for administrators?

ADAC provides a graphical interface for managing and configuring Active Directory, simplifying and streamlining common tasks.

What are two considerations for installing a new domain?

You need to decide if the domain will be a child domain (sharing the name structure) or a new tree (with a separate structure). You also need to choose the location where you want to install the domain controller.

What is authentication?

The process of verifying a user's identity before granting access to network resources.

What are the different types of user accounts?

There are local user accounts, which provide access only to resources on the local computer, and domain user accounts, which grant access to resources across the entire domain.

What is a group in Active Directory?

A collection of user accounts with common permissions and rights, simplifying administration by assigning permissions to the group rather than each user.

What are the five Flexible Single Master Operation (FSMO) roles?

These roles are special administrative functions in Active Directory that require a single domain controller to be responsible. They include Schema Master, Infrastructure Master, Domain Naming Master, RID Master, and PDC Emulator Master.

What is the Global Catalog?

A domain controller that stores frequently accessed information from the entire forest, enabling faster searches and logon across domains.

Study Notes

Directory Service Role

• A directory service is a centralized repository of information about users, computers, and other resources in a network.
• Careful planning is crucial for directory services setup to ensure scalability, security, and efficiency.
• Directory services provide a centralized management tool, but due to complexity, requires careful planning prior to setup.
• Directory services store information about a computer network, and offer features for retrieving and managing that information.

Windows Active Directory (AD)

• Lightweight Directory Access Protocol (LDAP) is a protocol used by directory services to access and manage their data. It uses TCP/IP.
• Three key features of Active Directory:
  • Centralized directory: Stores information about all the network resources.
  • Scalability: Can support large numbers of users, computers, and resources.
  • Security: Provides granular control over access permissions.
• Active Directory's hierarchical structure is based on a logical organizational model, not physical locations.
• Policy-based administration in Active Directory allows administrators to manage user permissions, settings, and configurations uniformly across the entire network by creating policy rules.
• Windows Active Directory was first used in Windows 2000 Server.

Active Directory Physical and Logical Structures

• The physical structure of Active Directory is composed of:
  • Servers
  • Networks
  • Sites
  • hardware
• A Domain Controller (DC) is a server that stores and replications the information about users, computers, and resources in the directory service. It also manages the network.
• Each domain controller contains a full replica of the objects that make up the domain and is responsible for: Storing a copy of the domain data, replicating changes to that data, providing data search and retrieval functions, and providing authentication and authorization services.
• An Organizational Unit (OU) is a container object in Active Directory used to organize users, computers, and resources into logical groups.
• A tree is a collection of domains that share a common naming context. A forest is a collection of trees.
• An Active Directory site is a physical location in which domain controllers communicate and replicate information periodically.

Installing Active Directory

• Active Directory Domain Services (ADDS) is installed using the Server Manager tool.
• To install ADDS, use Server Manager. If DNS is not already present on the network, install the DNS Server Role.
• A Fully Qualified Domain Name (FQDN) is the complete internet domain name with the host name, used to uniquely identify a server or computer within a domain.
• Adding a domain controller to an existing domain joins a new server to the established domain structure, while creating a new forest establishes a completely independent domain structure.. Promoting a server to a Domain Controller (DC).
• Click the notifications flag in Server Manager and click "Promote this server to a DC".

Inside Active Directory

• The Active Directory schema defines the structure and types of objects which can exist within the directory.
• Three examples of container objects: Organizational Unit (OU), Domain, and Tree.
• Leaf objects contain data, while container objects hold other objects.
• The Active Directory Administrative Center (ADAC) streamlines management tasks by providing a graphical interface for organizing users, groups, and resources.

Replication and Directory Partitions

• Intrasite replication is the copying of data between servers within the same site. Intersite replication is copying data between different sites.
• Five directory partition types:
  • Domain Partition: Contains all objects in a domain (users, groups, computers, OUs)
  • Schema Partition: Stores the structure and definitions of the directory objects.
  • Configuration Partition: Stores configurations that are not relevant to the user base.
  • Global Catalog Partition: Holds a partial replica of all the objects in the forest.. Crucial for cross-domain searches.
  • Application Directory Partition: Stores information that benefits from application and services.. Allows apps to store data tailored to their needs.
• The Knowledge Consistency Checker (KCC) ensures consistency between different copies of the directory data across different sites/servers.

FSMO Roles and Trust Relationships

• Five FSMO roles:
  • Infrastructure Master; Domain Naming Master; Schema Master; RID Master,PDC Emulator Master
• A trust relationship between domains allows users and computers in one domain to access resources in another domain.
• Users cannot access resources across domains without a trust relationship because there is no established way to authorize or authenticate outside of the domain boundary.

Global Catalog and Group Policies

• The Global Catalog (GC) provides a centralized repository of user and computer information across the entire forest.. Enables fast cross-domain searches.
• Two default GPOs created when AD is installed:
  • Default Domain Policy
  • Default Domain Controllers Policy
• Group policies are applied in a defined order, creating a hierarchical structure with priority, with the last one set taking precedence.

PowerShell Commands

• Get-ADForest is used to view FSMO roles across the entire forest.
• Get-ADDomain is used to retrieve information about a specific domain.

Description

Explore the fundamental concepts of Windows Active Directory, including its role as a directory service and its benefits for network management. This quiz covers key features such as scalability, security, and policy-based administration to enhance your understanding of directory services.