Term
What is the inetOrgPerson security principle used for |
|
Definition
Third party directory services |
|
|
Term
|
Definition
directory replication agent- replicates database between domain controllers |
|
|
Term
|
Definition
an attribute the security identifier |
|
|
Term
|
Definition
the pre-Windows Server 2000 logon name commonly called "user name" |
|
|
Term
|
Definition
an attribute that is the has of a user password |
|
|
Term
What is the "member" attribute |
|
Definition
stores the membership list for a group object |
|
|
Term
What are the directory partitions |
|
Definition
Schema,Configuration,DNS,Domain Naming Context,Partial Attribute Set(Global Catalog |
|
|
Term
What is the Schema partition |
|
Definition
Defines the attributes and classes that can be stored in the directory |
|
|
Term
What is the Domain Naming Context partition |
|
Definition
contains data about objects within a domain(if you make changes to an object via ADUC then you are modifying the Domain NC) |
|
|
Term
What is the Configuration partition |
|
Definition
contains info about network configuration,domains,services, topology |
|
|
Term
Where is the ntds.dit file stored |
|
Definition
|
|
Term
Where is the SYSVOL folder stored |
|
Definition
|
|
Term
What does the site object in ADDS represent |
|
Definition
A portion of an enterprise network that has good connectivity |
|
|
Term
How often does intrasite replication take place |
|
Definition
15-45 seconds(frequently) |
|
|
Term
What two partitions are available to all DC's in a forest |
|
Definition
Schema partition as it defines what objects and attributes can be stored in AD. The Configuration partition which contains info on the domains, services and topology of the forest |
|
|
Term
What are the two forest-wide admin accounts for ADDS |
|
Definition
Enterprise Admin and Schema Admin |
|
|
Term
|
Definition
The GC contains a full copy of the all objects in its host domain as well as a "partial" set of objects and attributes for all other domains in a the forest. Remember that the GC is a read read-only copy |
|
|
Term
Where is the DNS zone data sotred in an Active Directory Integrated Zone |
|
Definition
In the DNS application partition |
|
|
Term
Where can you raise the forest functional level and view the Domain Naming Operation Master |
|
Definition
Right click AD Domains and Trusts in AD Domains and Trusts and select Operations Master |
|
|
Term
Where can you raise the Domain Functional Level |
|
Definition
In AD Domains and Trusts by right clicking on the domain(server icons) and choosing Raise Domain Level |
|
|
Term
What does the AD Administrative Center require |
|
Definition
ADWS installed, port 9389 open,RSAT installed on a client machine running Vista w/SP1 or Windows 7 |
|
|
Term
Where can you add different UPN suffixes |
|
Definition
In AD Domains and Trusts by right clicking on the AD Domains and Trusts and choosing Properties |
|
|
Term
What are some of the tasks you can perform with AD Sites and Services |
|
Definition
helps to manage replication, network topology(ISTG,KCC) |
|
|
Term
2008 R@ Supports PVD what is require for a user to use a Personal Virtual Desktop |
|
Definition
Hyper-V, Remote Desktop Connection Manager, Remote Desktop Connection Broker server |
|
|
Term
Where is the adprep tool located in Windows 2008 |
|
Definition
The installation DVD sources\adprep |
|
|
Term
Where is the adprep tool for Windows Server 2008R2 |
|
Definition
The installation DVD support\adprep |
|
|
Term
What are the FSMO Roles in AD |
|
Definition
RID Master,Infrastructure Master,PDC Emulator(Domain) and Schema Master, Domain Naming Master(Forest) |
|
|
Term
What does the The Relative ID Master perform |
|
Definition
Allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains |
|
|
Term
What does the The PDC Emulator operations master role perform |
|
Definition
processes all password changes in the domain. Failed authentication attempts due to a bad password at other domain controllers are forwarded to the PDC Emulator before rejection. |
|
|
Term
What operation does the The Schema Master perform |
|
Definition
maintains all modifications to the schema of the forest. The schema determines the types of objects permitted in the forest and the attributes of those objects. |
|
|
Term
What function does the The Domain Naming Master perform |
|
Definition
Tracks the names of all domains in the forest and is required to add new domains to the forest or delete existing domains from the forest. It is also responsible for group membership. |
|
|
Term
|
Definition
intergrated scripting environment |
|
|
Term
What Operating Systems have Windows Powershell 2.0 built-in them by default |
|
Definition
ONLY 2008R2 and Windows 7(available to download for 2003 w/SP2,XP w/SP3,Vista w/SP1,2008 w/SP1) |
|
|
Term
What does Windows Powershell require |
|
Definition
.NET Framework 2.0 w/SP1 and Powershell ISE requires .NET 3.5 w/SP1 |
|
|
Term
What does Mulitmaster Replication mean |
|
Definition
All copies of the database are writable |
|
|
Term
What is the minimum supported funtional level in Windows Server 2008 |
|
Definition
Windows Server 2000 Native Mode |
|
|
Term
What is the minimum supported functional level in Windows Server 2008R2 |
|
Definition
|
|
Term
Where specifically is the zone data stored in an Active Directory Integrated Zone |
|
Definition
in an application partition |
|
|
Term
Active Directory relies on what service |
|
Definition
Active Directory Web Services |
|
|
Term
What is this command used for in Powershell 2.0 "Get-ADuser -Filter "-Name -eq 'John U'" |
|
Definition
The Get command(verb portion of the cmdlet)retrives info from ADDS/ADLDS. The -filter option allows you to refine your query to the name of the user |
|
|
Term
Name some of the funtions of the Active Directory Module for PS |
|
Definition
Computer Management,User management,group management, OU Management,password policy management manage the forest and domain, |
|
|
Term
What does the -moveADObject -TargetPath |
|
Definition
after using the get-ADUser -filter 'Name -eq TestUser' to connect to the object this will move the user to the desired target path(the dn) |
|
|
Term
What does the get-ADGroup -filter "Name -eq "Domain Admins" do |
|
Definition
Will allow you to view the membership of the group Domain Admins |
|
|
Term
What does the Add-ADGroupMember "Marketing" TestUser |
|
Definition
This cmdlet will allow you to add a user named TestUser to the Marketing group |
|
|
Term
What are some of the common parameters of the New-ADUser -Name cmdlet |
|
Definition
-SAMAccount,-AccountPassword,-Enabled,-Path(default is the built-in User container) |
|
|
Term
What is the default UPN suffix |
|
Definition
The DNS name of the domain (contoso.com/nwtraders.com) |
|
|
Term
What Powershell command can you run to reset a users password |
|
Definition
Set-ADAccountPassword –identity ‘cn=amy strand, ou=IT, dc=contoso, dc=com’ –Reset – NewPassword (ConvertTo-SecureString –AsPlainText “Pa$$w0rd2” –Force) |
|
|
Term
What cmdlet can you use to unlock a user account |
|
Definition
Unlock-ADAccount –identity ‘cn=amy strand, ou=IT, dc=contoso, dc=com’ |
|
|
Term
How to you enable a user account via Powershell |
|
Definition
Enable-ADAccount –identity |
|
|
Term
What cmdlet can you use to disable a user account |
|
Definition
Enable-ADAccount –identity |
|
|
Term
How can you modify a user object with Powershell |
|
Definition
Get-ADUser UserName | Set-ADUser [-parameter value…] |
|
|
Term
How would you modify users via Powershell |
|
Definition
Get-ADUser –Filter ‘Name –like “*”’ –SearchBase “OU=Production, DC=Contoso, DC=Com”|Set- ADuser –Department “Production” –Company “Contoso, Ltd” |
|
|
Term
How can you ensure that a user template shows up first in an OU |
|
Definition
put a "_" in front of the user template name (_Marketing) |
|
|
Term
When you copy a user template what Tab doesnt copy over |
|
Definition
|
|
Term
Can you use CSVDE to create object in ADDS |
|
Definition
Yes- by importing a .csv file(Remember that the default is to export so specify the -i parameter to import |
|
|
Term
Can you import passwords with CSVDE |
|
Definition
No- the password cannot be imported which means that the account will be disabled. After you set the password you can enable the account |
|
|
Term
How can you use Powershell to automate user object creation |
|
Definition
Import-CSV Users.csv| forEach New-ADUser (pay attention to where the pipe command is) |
|
|
Term
Why would you use LDIFE over CSVDE? |
|
Definition
LDIFE can import/export AND modify objects as well as modify passwords |
|
|
Term
What edition of Server introduces managed services account |
|
Definition
Windows Server 2008 R2, Windows 7 |
|
|
Term
What are the requirements for managed service accounts |
|
Definition
Managed Service account must run on Server 2008 R2, .NET Framework 3.5.x, AD Module for Powershell,Minimum of Windows 2003 Functional Level(How ever if you SPN management to be automatic then you will want the 2008 R2 domain functional level |
|
|
Term
What are the two distinct types of groups the help to effectively manage complex enterprises |
|
Definition
Role-Based Groups(Business Roles) and Rule-Based Groups(Access Management) |
|
|
Term
What is the order for group scope management |
|
Definition
Local,Global,Domain Local,Universal(L,G,D,U) |
|
|
Term
What are the defining characteristics of the four different group scopes |
|
Definition
What it can contain,What can it belong to,where it can be used |
|
|
Term
What is the domain naming context |
|
Definition
stores all the objects in the domain(users,computers,groups and others). Every DC in the domain has a writable copy of the domain naming context. Every GC in the forest has a read-only copy of the domain naming context for the GC's domain and a partial reade-only copy of every other domain naming context for all domains |
|
|
Term
What groups can be added to Domain Local Groups |
|
Definition
Users, Computers, global groups in the domain and likewise the same with any domain in the forest(as well as the same for trusted domains),Universal groups from any domain in the forest |
|
|
Term
What is the primary purpose of a domain local group |
|
Definition
To group together security principles together that share the same access needs(rule-based management) |
|
|
Term
What groups can be apart of the Global Groups |
|
Definition
Only u,c,gg from the same domain |
|
|
Term
What is the availabilty of the Global Group |
|
Definition
Global Groups can be nested in any Universal or Domain Local Group(IGDLA,IGUDLA) |
|
|
Term
|
Definition
Think of the Universal groups as giving you the ability to group together Forest Wide Roles(Company_Regional Managers) |
|
|
Term
|
Definition
I_dentities are grouped together into G_lobal groups which collect members based on their roles, which are members of D_omain Local groups which collect members together based on their A_cess needs |
|
|
Term
What permissions/rights can the Server Operator |
|
Definition
(Builtin container in every domain)Logon locally,start stop services, shutdown domain controls,perform backup/restore operations,format disks, create,delete shares |
|
|
Term
What permissions does the Account Operators group have |
|
Definition
create,modify,delete, all user/computer/group account in any OU EXCEPT the Domain Controllers OU. Cannot modify the Admins/Domain Admins groups or accounts. Can logon locally to DC's |
|
|
Term
What are the permissions of the Backup Operators group |
|
Definition
Perform Backup/Restore operations. Logon locally |
|
|
Term
What permissions does the Print Operators group have |
|
Definition
Manage print queues on DC's and shut down DC's. Logon Locally to the DC's |
|
|
Term
What are the two defining characteristics a distribution group |
|
Definition
Cannot be assigned a SID so it cannot be assigned permissions, used for email applications |
|
|
Term
What are the defining characteristics of a security group |
|
Definition
Can be assigned a SID(so you can assign permissions to this group type),Can be assign email |
|
|
Term
How do you create a new group via AD Module Powershell |
|
Definition
|
|
Term
How would you modify Universal Membership Cache |
|
Definition
|
|
Term
Name the 2003 Domain Functional Level features |
|
Definition
set the UserPassword Attribute on both users and inetOrgPerson(non-Windows based users),last logon tracking(lastLogonTimestamp),Netdom(domain rename),user/computer redirection(from defaults),Authorization manager(application authorization), Selective authentication(allow other users from from trusted domains access to specific servers),RODCs(must run adprep /rodcprep |
|
|
Term
Name some of the features of the Windows Server 2008 functional level |
|
Definition
DFS-R replication of the SYSVOL,AES128 and AES256 for Kerberos,detailed interactive logon information,frin grain password policy |
|
|
Term
Windows Server 2008 R2 domain functional level |
|
Definition
Authenitcation mechanism Assurance |
|
|
Term
Where can you raise the domain functional level |
|
Definition
Active Directory Domains and Trusts and ADUC>Right-click the domain and choose Raise Domain Functional Level |
|
|
Term
Windows Server 2003 Forest Functional Levels |
|
Definition
Link-value Replication,Support for RODCs(must be running 2008 Server),Improved KCC and ISTG,Conversion of the inetOrgPerson into a User class,deactivation/redefinition of object classes |
|
|
Term
Raising the forest functional level |
|
Definition
Via Active Directory Domains and Trusts |
|
|