Install and Configure Domain Controllers Flashcards
Contains notes directly correlating with exam objectives. (33 cards)
What configuration wizard can be used to install a new forest?
The “Active Directory Domain Services Configuration” wizard.
This wizard is prompted after installing the AD DS role and clicking on the “Promote to Domain Controller” link under notifications (flag icon) in Server Manager.
What three options are available, on the domain options screen, in terms of modifying the domain structure, within the AD DS Config wizard?
- Add a DC to an existing domain
- Add a new domain to an existing forest
- Add a new forest
How do you add a Domain Controller to a domain?
- The “Active Directory Domain Services” role needs to be installed on the server
- The server needs to be promoted to a Domain Controller (by either the AD DS wizard or PowerShell).
* Note: Within the AD DS wizard, the option to “Add a DC to an existing domain” can be used or if this is the first DC, the “Add a new forest” option would be used.
What PowerShell command can be used to install a new forest?
Install-ADDSForest -DomainName exampledomain
What PowerShell command can be used to view detailed information on the current forest such as the Domain Naming Master, Domains, Forest Mode, Global Catalog servers, current domain name, and Root Domain?
Get-ADForest
Within a Server Core environment, what command opens PowerShell?
PowerShell
What PowerShell command is used to install the AD DS role (used in a Server Core environment)?
Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
How do you install AD DS on a Server Core environment?
- PowerShell
- Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools
If installing on the first DC and a forest needs to be created then:
3. Install-ADDSForest -DomainName exampledomain.com
How do you remove a DC from the domain?
- With administrative privileges, within Server Manager, select the Remove Roles and Features tool and remove the AD DS role.
- After clicking on AD DS, click on the “Demote this domain controller” link which will prompt the AD DS Config wizard.
- Follow through the wizard to force the removal and demotion of the DC.
- After the server reboots, remove the AD DS role.
What PowerShell command can be used to remove a DC from the domain?
Uninstall-ADDSDomainController -DemoteOperationMasterRole:$true -ForceRemoval:$true -Force:$true
What are the two implementations of deploying a RODC server?
Staged and non-staged
What is a staged implementation of RODC?
A staged implementation is when a pre-created RODC account is used and linked to a group/user to perform the deployment without giving that group/user any elevated administrative privileges.
What is a non-staged implementation of RODC?
A non-staged implementation is when the domain administrator physically or remotely performs the configuration and deployment of the RODC server.
Which OU is right clicked to pre-create a RODC account?
Domain Controllers.
The system chosen to be the RODC must be a non-member server. True or false?
True.
After AD is uninstalled, what may need to be manually cleaned?
Metadata.
What are the steps to configure a staged RODC implementation?
- Within ADUC, pre-create a Read-only Domain Controller account and link it to a user/group that will be performing the deployment.
- The delegated user will install the AD DS role and promote the server to a DC.
- Within the AD DS Config wizard, when the credentials of the delegated user is entered, the wizard will see the pre-created RODC account that is tied to delegated user’s credentials.
- On the Domain Controller Options screen, make sure that the “Use existing RODC account” is selected as well as any other server options is added (DNS, global).
- After completion of the wizard, the server will reboot and the RODC installation is complete.
What is Install From Media?
IFM is used in situations such as deploying a domain controller at a branch office where there is a slow WAN link. All the data needed to create that DC can be put on a DVD which then can be brought to the branch site to relieve the WAN link from the heavy initial replication traffic.
What is NTDS?
New Technology Directory Service. This was the older name of Active Directory.
NTDS is recognized when using the ntdsutil command. This command-line tool is used to access and manage a Windows Active Directory database.
How do you create a snapshot that will be later used as IFM?
On the DC that will be used as the source of the IFM, activate an ntds instance using the ntds utility by opening a command prompt and type:
- ntdsutil
- activate instance ntds
- ifm
- create full d:\ifm
- quit
How do you install a DC with IFM, assuming the IFM is ready to be used?
On the DC that will be utilizing the IFM, create the DC as usual by installing AD DS and promoting to a DC. Within the ADDSC wizard, on the “Additional Options” screen, check the box that says “Install from Media” and specify replication option with Domain Controllers.
What does FSMO stand for?
Flexible Single Master Operator
What are the 5 FSMO roles?
- Schema Master
- Domain Naming Master
- PDC Emulator
- RID Master
- Infrastructure Master
What are the different scopes for the FSMO roles?
Forest-wide: Schema Master and Domain Naming Master
Domain-wide: PDC Emulator, RID Master, and Infrastructure Master.
