Windows Server Admin: Active Directory Overview

Questions and Answers

What is the primary function of Active Directory domains?

To manage internet traffic for websites

To provide email hosting services

To facilitate the organization of users and resources (correct)

To store multimedia files and documents

Which component of Active Directory is responsible for enforcing Group Policy settings?

Domain Controller (correct)

Forest Functional Level

Organizational Unit

Domain Name System

What are the FSMO roles in Active Directory used for?

To control access to internet resources

To manage user password policies

To oversee physical server hardware

To handle data replication and schema management (correct)

What is the purpose of the Active Directory Recycle Bin?

To recover deleted objects and user accounts

How do trust relationships benefit multiple Active Directory domains?

By permitting authentication across domains for users

What differentiates an Active Directory domain from a forest?

A domain is a collection of objects, while a forest is a collection of one or more domains.

What role do Organizational Units (OUs) serve in Active Directory?

To group users and resources for easier management

Which statement best describes Active Directory functional levels?

Functional levels define the capabilities of a domain or forest.

What is a primary responsibility of a domain controller in Active Directory?

To host the Active Directory DS database and manage authentication processes

Which of the following statements about FSMO roles is correct?

There are five FSMO roles divided into forest and domain roles

When raising the functional level of a domain, which factor is NOT a requirement?

All domain controllers can be of different Windows Server versions

Which of the following best describes the purpose of trust relationships in Active Directory?

They enable domains to share resources and provide access to users across different domains

What is a characteristic of a child domain in Active Directory?

It must be under a tree root domain within a forest

What does the Active Directory Recycle Bin allow administrators to do?

Restore deleted objects without losing their properties

Which of the following is NOT a function of a domain within Active Directory?

It provides public IP address assignment

To ensure redundancy and high availability, what is recommended for domain controller setup?

At least two domain controllers in each domain

Which operation requires a single master role within the multimaster replication model in Active Directory?

Managing forest-wide schema changes

Which of the following Windows Server versions is the oldest that can be used to raise the functional level of a domain?

Windows Server 2003

What do Local groups in Active Directory allow you to do?

Grant permissions only on the local computer

Which of the following statements regarding Global groups is true?

Can have permissions granted only in the local domain

What is the purpose of Group Managed Service Accounts (gMSAs)?

To automate password management for services across multiple computers

How can user accounts affect network access?

They allow or deny permission to sign in to computers

What is the primary function of Organizational Units (OUs) in Active Directory?

To apply group policies and delegate administrative permissions

Which types of accounts can use the Key Distribution Service root key?

Only Group Managed Service Accounts

What role do sites play in Active Directory?

To identify network locations with reliable connections

What are distribution groups used for in Active Directory?

Only with email applications and are not security enabled

Which tool is used to restore objects from the Active Directory Recycle Bin?

Active Directory Administrative Center

What is a primary benefit of using the Delegation of Control Wizard?

It simplifies assigning common administrative tasks

What is a characteristic of Universal groups in Active Directory?

May contain global groups from multiple domains

Which of these statements is accurate about the Active Directory Recycle Bin?

It allows restoration of deleted objects without downtime

When managing Group Policy Objects (GPOs), which action can be performed with the Group Policy Management Console (GPMC)?

Restore or import settings from backed-up GPOs

Study Notes

Windows Server Admin Fundamentals: Overview

• Covers the core concepts of Active Directory (AD) for Windows Server administration.
• Includes lessons on DNS, AD infrastructure, accounts and groups, organizational units (OUs), containers, and Group Policy.

Lesson 1: Active Directory Infrastructure

• Domains and forests:
  • Forest: A hierarchical structure of one or more domains.
  • Tree: A partial representation of a forest, with a single root domain.
  • Domain: A logical grouping of users, computers, and other resources.
• Domain Controllers:
  • Servers hosting the AD database (NTDS.DIT) and SYSVOL.
  • Perform authentication using Kerberos and Key Distribution Center services.
  • Best practices include using at least two domain controllers for availability and security measures like RODC or BitLocker Drive Encryption.
• Operations Master Roles (FSMOs):
  • Single-master operations in a multi-master replication model.
  • Examples include schema master, domain naming master, and infrastructure master.
• Functional Levels:
  • Determine the version compatibility and features of the AD domain and forest.
  • The functional level needs to match the highest OS version of the domain controllers.
• Trust Relationships:
  • Mechanisms for allowing users and computers in one domain to access resources in another domain.
  • Types include parent/child, tree root, external, shortcut, and forest.
• Sites:
  • Network locations that are defined for managing replication and service localization.
  • Used when domain controllers are separated by slow network connections.
• Active Directory Recycle Bin:
  • Enables restoring deleted AD objects without downtime.
  • Use the Active Directory module for Windows PowerShell or the Active Directory Administrative Center to recover objects within a specified lifetime.

Lesson 2: Accounts and Groups

• Account Types:
  • User Accounts: Allow users to sign in, access resources, and perform tasks.
  • Computer Accounts: Enable computers to authenticate and access resources.
• Group Types:
  • Distribution Groups: Used for email purposes only, not security-enabled.
  • Security Groups: Have security identifiers (SIDs), can be granted permissions, and can also be email enabled.
• Group Scopes:
  • Local Groups: Memberships can be users, computers, other group types, and permissions apply only to the local computer.
  • Domain Local Groups: Memberships are similar to local groups but permissions apply to resources anywhere in the domain.
  • Global Groups: Membership restrictions include only users and computers, and permissions can apply to resources within the domain and trusted domains.
  • Universal Groups: Can contain any type of object across the forest and permissions apply to resources throughout the forest.
• Group Nesting:
  • Implementing a group hierarchy, typically using IGDLA (Identities – Global – Domain Local – Access) structure.
• Group Managed Service Accounts (gMSAs):
  • Used to automate password and service principal name management for service accounts.
  • Can be used on multiple computers within the domain.
  • Require a Key Distribution Service root key for the domain.

Lesson 3: Organizational Units and Containers

• Organizational Units (OUs):
  • Container for grouping objects within a domain for management purposes.
  • Used for applying Group Policies and delegating administrative permissions.
  • Can't be applied with Group Policies directly.
• Default Containers:
  • Predefined containers in AD for specific object types, including the Users container, Domain Controllers OU, and Computers container.
• Delegation:
  • Granting administrative permissions to users and groups within an OU.
  • Can be based on object-specific or role-based permissions.
  • The Delegation of Control Wizard simplifies assigning common administrative tasks.

Lesson 4: Group Policy

• Group Policy Overview:
  • A powerful tool for managing user and computer settings across an AD domain.
  • Used for enforcing security settings, managing desktop applications, deploying software, and managing folder redirection.
• Group Policy Management:
  • Utilize the Group Policy Management Console (GPMC) for tasks like backing up, restoring, importing, and copying GPOs.
• Group Policy Processing:
  • Involves a defined order of processing Group Policies in a hierarchical structure.
  • Apply settings from the highest-level GPOs to the lowest-level GPOs.

Description

This quiz focuses on the fundamental concepts of Active Directory (AD) as part of Windows Server administration. Learn about domains, forests, domain controllers, and best practices for managing AD infrastructure effectively. Test your knowledge on core components and roles within AD to enhance your server administration skills.