Chapter 1: Active Directory

Question 1

What is a network directory service?

Answer 1

A network directory service is an administrative tool that stores, retrieves, and allows for the centralised management of information on a network.

Question 2

What is Active Directory Domain Services (ADDS)?

Answer 2

Active Directory is a directory service based on standards for defining, storing, and accessing directory service objects. It is based on the LDAP standard for accessing directory service objects.

Question 3

Active Directory Features (6)

Answer 3

Hierarchical organisation
Centralised but distributed database
Scalability
Security
Flexibility
Policy-based administration

Question 4

What is an Active Directory site?

Answer 4

An active directory site is a physical location in which domain controllers communicate and replicate information periodically

Question 5

Domain Controller (DC)

Answer 5

A Domain Controller is a computer running Windows Server with the ADDS role installed, which services (and controls) one domain.

Question 6

Domain Controller - Responsibilities (4)

Answer 6

1. Maintain a replica of objects in the domain
2. Replicate changes to the data to all other domain controllers in the domain
3. Providing data search and retrieval functions for users attempting to locate objects in the directory
4. Providing authentication and authorisation services for users (logging in and accessing network resources)

Question 7

Active Directory Logical Structure (4)

Answer 7

Organisational Units
Domains
Trees
Forests

Question 8

Organisational Unit (OU)

Answer 8

An organisational unit is an AD container object that is used to organise network users and resources into logical administrative units.

Contains objects such as: User accounts, groups, computer accounts, printers, applications, shared folders, servers, domain controllers

Question 9

Domain

Answer 9

The domain is the core structural unit of an Active Directory, which contains OUs, and represents the administrative, security, and policy boundaries

Extra: Represented by a pyramid, large companies may have several to separate regions or administrative responsibilities

Question 10

Tree

Answer 10

A tree is a grouping of one or more domains that share a common top-level and second-level domain name (naming structure)

Question 11

Forest

Answer 11

A forest is a collection of one or more Active Directory trees (groupings of domains) that provide a common Active Directory environment

Question 12

ADAC is used to… (functions 4)

Answer 12

Active Directory Administrative Center is used to:
Create and manage users and groups
Manage OUs
Connect to other domain controllers
Change the domains functional level

Question 13

What is meant by “Active Directory Schema”?

Answer 13

Active Directory (AD) schema is a blueprint that describes the rules about the objects that can be stored.

Question 14

Object

Answer 14

An object is an entity that represents a (network) resource such as users, computers, or printers, that is part of an AD network.

Question 15

The schema defines…

Answer 15

The schema defines the type, organisation, and structure of objects stored in the AD database

Question 16

Schema classes

Answer 16

Schema classes define the types of objects that can be stored in Active Directory

Question 17

Schema attributes

Answer 17

Schema attributes define the rules of what type of information is stored in an AD object, the type of information is called the attribute value.

Question 18

What are Active Directory Container Objects?

Answer 18

A container object is used to encapsulate other objects for organisation, management, administrative, and security purposes

Question 19

Types of AD container objects (3)

Answer 19

Organisational Units
Folder objects
Domain objects

Question 20

Type of Folder objects (5)

Answer 20

Builtin - for default windows groups
Computers - default for computer accounts in domain
Foreign Security Principals - user accounts from other domains
Managed Service Accounts - for services to access domain resources
Users - the administrator and guest default accounts

Question 21

Leaf Object

Answer 21

A leaf object is an AD object that doesn’t contain other objects and represents either a security account, network resource, or GPO

Question 22

What is replication? What are the types? (3)

Answer 22

Replication is the process of maintaining a consistent database of information when the database is distributed among several locations (at domain controllers)

Intrasite replication - replication between domain controllers in the same site
Intersite replication - replication between domain controllers at two or more sites
Multimaster repliation - repliation used by AD for replacing AD objects

Question 23

Knowledge Consistency Checker (KCC)
Defines….

Answer 23

KCC runs on all Domain Controllers and defines the replication topology of them, to make sure that no more than three hops exist between any two Domain controllers.

Question 24

Directory partition (5)

Answer 24

Each section of an Active Directory database:
Domain directory partition
Schema directory partition
Global catalog partition
Application directory partition
Configuration partition

Question 25

Operations master

Answer 25

The operations master is the domain controller that is responsible for all the function of all DCs, it is usually the first DC, and its responsibilities can be transferred if needed

Question 26

Flexible Single Master Operation (FSMO)

Answer 26

Schema master Infrastructure master Domain naming master RID master PDC Emulator master

Question 27

Trust relationships

Answer 27

In active directory, a trust relationship defines whether and how security principals from one domain can access network resources in another domain

Question 28

All domains in a forest share these characteristics (6)

Answer 28

A single schema Forest-wide administrative accounts Operations masters Global catalog Trusts between domains Replication between domains

Question 29

Global catalog servers (functions 3)

Answer 29

Facilitates domain and forest-wide searches Facilitates logon across domains - using UPN Hold universal group membership information

Question 30

Forest root domain (4)

Answer 30

The forest root domain is the first domain in a forest, and is imperative to the functionality of AD It handles; DNS server, Global catalog server, Forest-wide administrative accounts, Operations masters

Question 31

Why is a single domain preferrable? (4)

Answer 31

Simplicity Lower costs Easier management Easier access to resources

Question 32

Under what circumstances should you consider using more than one domain? (5)

Answer 32

Need for differing account policies Need for different name identities Replication control Need for internal and external domains Need for tight security

Question 33

Group Policy Object (GPO)

Answer 33

A group policy object is a list of settings that administrators use to configure user and computing operating environments remotely, and can be managed using the GPMC

Question 34

How would you locate Active Directory objects?

Answer 34

Searching in Active Directory Users and Computers

Question 35

What is a directory partition?

Answer 35

Directory partitions are sections of the Active Directory database that holds varied types of data and are managed by different processes

Question 36

How is data organised in Active Directory?

Answer 36

The data in Active Directory is organised as objects

Question 37

What types of objects are there in Active Directory?

Answer 37

Container objects and leaf objects

Question 38

What do leaf objects typically represent?

Answer 38

Leaf objects generally represent security accounts, network resources, and GPOs

Question 39

What is a directory service?

Answer 39

A directory service is a database that stores network resource information and can be used to manage users, computers, and resources throughout the network

Question 40

Network resources

Answer 40

Network resources are any device, information, or service available across a network. EXAMPLE: Files, applications, services, servers, computers, printers, etc.

Question 41

LDAP

Answer 41

Lightweight Directory Access Protocol is based on the X.500 Directory Access Protocol