1412826
Description
Flashcards by shepworth.sh, updated more than 1 year ago
|
|
Created by shepworth.sh
over 9 years ago
|
|
| Question | Answer |
| (AD DS) | Active Directory® Domain Services |
| AD DS database is? | a central store of all domain objects, such as user accounts, computer accounts, and groups |
| AD DS domain controllers also host the? | service that authenticates user and computer accounts when they sign into the domain |
| all users and computers must connect to AD DS domain controllers when? | they sign into the network |
| AD DS is composed of both? | logical and physical components |
| What is a Partition? | is a section of the AD DS database & is one file named Ndts.dit, you view it, manage it, and replicate it. |
| What is a Schema? | set of definitions of object types & attributes that you use to create objects in AD DS |
| What is a Domain? | is a logical, administrative container for users & computers |
| What is a Domain tree? | collection of domains that share a common root domain & a Domain Name System (DNS) namespace |
| What is a Forest? | collection of domains that share a common AD DS |
| What is a Site? | collection of users, groups, & computers that are defined by their physical location. |
| What is a Organizational unit (OU)? | a container object that provides a framework for delegating admin rights & linking Group Policy Objects (GPO's) |
| What is a Container? | container is an object that provides an organizational framework for use in AD DS. Containers cannot have GPOs linked to them |
| What is a Domain controller? | contains a copy of the AD DS database each DC can process changes & replicate changes to all other DC's in domain |
| What is a Data store? | data store on each DC, it holds the AD DS database |
| What is a Global catalog server? | a DC that hosts the global catalog, which is a partial, read-only copy of all objects in the forest. Speeds up searches for objects stored on DC's in a different domain in forest |
| What is a Read-only domain controller (RODC)? | used in branch offices where security/IT support are less advanced than corporate centers. |
| logical container used to? | manage user, computer, group, and other objects |
| User accounts? | contain information required to authenticate a user during sign-in & build the user's access token |
| Computer accounts? | domain-joined computer has an account in AD DS. Computer accounts are used for domain-joined computers |
| Groups? | used to organize users or computers to manage permissions & group policy in domain. |
| The AD DS Domain Is a Replication Boundary? | When changes are made to any object in domain, the DC where change occurred replicates that change to all DC's in domain. If multiple domains in forest, only subsets of changes are replicated to other domains. |
| Domain Admins group members have full control over? | every object in the domain |
| Whenever a domain-joined computer starts, or a user signs in to a domain-joined computer, AD DS does what? | authenticates them |
| organizational unit (OU) is a container object within a domain that you can use to? | consolidate users, computers, groups, and other objects. OU's you can link GPO's directly. |
| You usually use containers for? | system objects and default locations for new objects. you cannot apply a GPO directly to a container |
| A domain tree is a collection of ? | one or more domains that share a contiguous name space |
| A forest is a collection of ? | one or more domain trees that share a common directory schema and global catalog |
| The first domain that is created in the forest is called the? | forest root domain |
| The forest root domain contains a few objects that? and they are? | do not exist in other domains in the forest they are: • The schema master role • The domain naming master role • The Enterprise Admins group • The Schema Admins group |
| What is a schema master role? | special forest-wide domain controller role. only one schema master in any forest. Schema can be changed only on DC that holds schema master. |
| What is a domain naming master role? | special forest-wide domain controller role. only one domain naming master in any forest. New domain names can be added to the directory only by domain naming master. |
| What is a Enterprise Admins group? Gives them what? | The Administrator account for the forest root domain. full admin rights to every domain in forest. |
| What is a Schema Admins group? | Schema Admins group can make changes to the Schema. |
| AD DS forest is a security boundary. By default, no users from ? | outside the forest can access resources inside the forest. |
| all DC's in the forest must share what? | the same schema |
| What Is the AD DS Schema? | AD DS schema is the component that defines all object classes and attributes that AD DS uses to store data. |
| What is Web Application Proxy? | a Remote Access service that gives external users access to applications running on internal servers from anywhere, at any time. |
| All DC's except RODCs store a? | read/write copy of both Ntds.dit and SYSVOL folder |
| Kerberos authentication service, which User and Computer accounts, use for? | sign-in authentication |
| Key Distribution Center (KDC), which issues? | ticket-granting tickets (TGTs) to an account that signs in to the AD DS domain |
| What Is the Global Catalog? | is a partial, read-only, searchable copy of all objects in forest. Speeds up searches for objects that might be stored on DC's in a different domain in the forest. |
| Explain the AD DS Sign-in Process? | users sign in to AD DS, their system looks in DNS for service resource (SRV) records to locate nearest domain controller. SRV records specify info about available services, and are recorded in DNS for all DC's |
| What are the 6 AD DS sign process steps? |
Image:
123 (image/png)
|
| If the sign-in is successful, the local security authority (LSA) builds an access token for the user that contains the? | SIDs for the user and any groups in which the user is a member. |
| A client uses sites when it needs to contact a DC. It starts by looking up? | SRV records in DNS |
| Certain operations can be performed only by a specific role, on a specific domain controller. A DC that holds one of these roles is called an operations master (also known as a)? | flexible single master operations (FSMO) role) |
| The five operations master roles are? Forest (2) & Domain (3)... | Forest Operations Masters • Domain naming master • Schema master Domain Operations Masters • Relative ID (RID) master • Infrastructure master • PDC emulator master |
| What is a Relative ID (RID) master? | ensure's that no two DC's assign the same SID to two different objects, the RID master allocates blocks of RIDs to each DC within the domain to use when building the SID |
| What is a Infrastructure master? | maintains inter-domain object references, such as when a group in one domain contains a member from another domain. |
| If infrastructure master is down, DC's that are not global catalogs are unable to check? | universal group memberships and are unable to authenticate users |
| The infrastructure role should not reside on a? | global catalog server, unless you have a single-domain forest. |
| What is a PDC emulator master? & what does it do when passwords are changed? | The DC that holds PDC emulator is the time source for the domain. It receives urgent password changes. If a user’s password is changed, the info is sent to the DC holding PDC emulator. |
| What Is Windows Azure Active Directory? |
is a service that provides identity
management and access control for your cloud-based applications.
Image:
1234 (image/png)
|
Want to create your own Flashcards for free with GoConqr? Learn more.