Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
66 Cards in this Set
- Front
- Back
You decide to create a trust relationship between Domain A and Domain B. Before you take any other actions, can users in Domain A use resources from Domain B yet?
|
No.
A trust relationship only allows for the possibility of sharing resources between domains; it does not explicitly provide any permissions. In order to allow users to access resources in another domain, you must configure the appropriate permissions. |
|
Plans are to deploy four Active Directory domains with the following requirements:
minimize the number of servers enough fault tolerance to survive the complete failure of one domain controller. What is the minimum number of domain controllers to deploy initially? |
8
Two per domain for fault tolerance |
|
What server configurations can be directly promoted to become a domain controller for a new domain?
|
Member servers
Stand-alone servers |
|
Server1: Schema Master
Server2: RID Master Server3: Windows NT 4 BDC Server4: Infrastructure Master Server5: PDC Emulator Master Entire environment migrating to Windows Server 2008. Which Server not needed? |
Server3: Windows NT 4 BDC
|
|
Implicit trusts created between domains are known as ______
|
transitive trusts.
|
|
Need to add field to the properties of a User object.
On what servers can the change be made? |
The Schema Master is the only server within Active Directory on which changes to the schema can be made.
|
|
What are several Active Directory domains that share a contiguous namespace called?
|
A tree
|
|
Accidentally demoted the last domain controller of your ADTest.com domain.
Want a complete undo. Possible? |
Once the last domain controller in an environment has been removed, there is no way to recreate the same domain. If adequate backups had been performed, you may have been able to recover information by rebuilding the server
|
|
Items that depend on the DNS namespace are ....
|
Domains
trees forests DNS zones |
|
Which types of computers contain a copy of the Global Catalog (GC)?
|
Specified Active Directory domain controllers
|
|
Which pieces of information should you have before you use the Active Directory Installation Wizard to install a new subdomain?
|
name of the child domain
name of the parent domain DNS configuration information NetBIOS name for the server |
|
Which type of trust is automatically created between the domains in a domain tree?
|
Transitive two-way
|
|
A systems administrator wants to remove a domain controller from a domain. What is the easiest way to perform the task?
|
Use the Active Directory Installation Wizard to demote the domain controller.
|
|
Regarding the sharing of resources between forests...
|
A trust relationship must exist before resources can be shared between forests.
|
|
New remote location with very slow WAN link. Needs following specs:
Fast logon times Reduced network bandwidth Ability to use existing hardware What can you implement to achieve the above requirements? |
Universal group membership caching stores information locally once a user attempts to log on for the first time.
|
|
Of the five main single master functions, two apply to an entire Active Directory forest. What are the three that apply to just the domain?
|
RID Master
PDC Emulator Master Infrastructure Master |
|
When deploying Active Directory, you decide to create a new domain tree. What do you need to do to create this?
|
Promote a Windows Server 2008 computer to a domain controller and select the option that makes this domain controller the first machine in a new domain that is a child of an existing one.
|
|
7 Reasons for Using Multiple Domains
|
Scalability
Reducing replication traffic Meeting Business needs hierarchy - easier data managment Decentralized administration Multiple DNS or domain namesLegality |
|
What are some of the Drawbacks of Multiple Domains?
|
Administrative inconsistency
Increased management Decreased flexibility |
|
Min Requirements for DC numbers
|
2 DCs per Domain
|
|
Recommended Req's for DC numbers
|
2 DCs per Site
|
|
Reasons for adding extra DCs
|
Fault tolerance and reliability
Performance |
|
Main requirement for joining a new domain to an existing forest
|
Domain does not share a namespace with the existing Active Directory domain.
|
|
If you want to join a W2k8 server to an existing W2k3 Forest what do you need to do first?
|
Prepare the domain by running:
adprep /forestprep adprep /domainprep |
|
What naming information do you need prior to joining a domain to a new tree?
|
name of the parent domain
name of the child domain NetBIOS name for the new server |
|
What other information (other than the 3 names) do you need prior to joining a domain to a new tree?
|
DNS configuration
domain administrator username and password |
|
DcPromo option selected to create a new domain tree.
|
" makes this domain controller the first machine in a new domain that is a child of an existing domain"
|
|
DcPromo option selected to create a new domain tree.
|
makes this domain controller the first machine in a new domain that is a child of an existing domain
|
|
3 Features common to all Domains in a Forest
|
Schema
GC Configuration Info |
|
Type of trust between the Forest Root Domain and all the rest of the domains in the forest
|
2-way Transitive
|
|
How is a new Domain Tree created?
|
Created top down - forest root domain - then child domains
|
|
How do you move a DC between domains?
|
1. Demote it.
2. Move it. 3. Promote it |
|
True of False? A Trust grants all users in one domain access to the other domains.
|
False.
Trust only provides the foundation. Rights must be granted to resources once Trust is established. |
|
What 2 features of AD to ALL Trees and Forests share?
|
Schema and
Global Catalog |
|
What do you always have even if you only have 1 Domain?
|
A Tree and a Forest
|
|
What do you need to ensure is done before you remove the last DC from a Domain?
|
Computers no longer log on to this domain
No user accounts are needed All encrypted data is decrypted All cryptographic keys are backed up |
|
What are the 2 Forest Operation Master Roles?
|
Schema Master
Domain Naming Master |
|
What tool is used to manage the Forest Operation Master roles?
|
AD Domains & Trusts
|
|
What are the 3 Domain Operation master Roles?
|
RID Master
PDC Emulator Master Infrastructure Master |
|
The Schema master holds ___
|
a master copy of the AD Schema
|
|
Where can changes to the AD Schema be made?
|
Only on the Schema Master
|
|
The Domain Naming Master __
|
tracks domains within the AD Forest
|
|
What does the RID Master do?
|
Creates a unique RID for every AD object
|
|
PDC Emulator is responsible for __
|
Maintaining backward compatibility with NT DCs - used only in Mixed Mode domains.
|
|
In a Forest running at 2k Native or later what role does the PDC play?
|
Acts as default DC if another is not available
|
|
The Infrastructure Master ensures
|
Ensures that group membership info stays current between DCs
|
|
How do you assign the Domain Naming Master Role?
|
Open AD D&T
AD D&T Properties Select Operations Master Click Change |
|
How do you assign all of the RID, PDC and Infrastructure Roles?
|
Open AD U&C
right-click Domain Select Operation Masters Click Change |
|
What is a transitive trust?
|
Implied trusts.
If domain A trusts domain B AND domain B trusts domain C THEN domain A trusts domain C |
|
What are External Trusts used for?
|
Used to provide access to external domain (NT) that can't use forest trusts
|
|
What type of trust are External Trusts?
|
Non-transitive and either 1-way or 2-way (manually created)
|
|
On External Trusts, what is enabled by default to prevent hackers from using SID info to gain access?
|
Default SID filtering
SID History cleaned of SID history attributes that are not members of the trusted domain. |
|
When is a Realm Trust used?
|
Used to connect to non-Windows domain using Kerberos
|
|
What types of Realm Trusts are there?
|
Either Transitive or Non-Transitive
And either 1-way or 2-way |
|
Where do you configure Trust Releationships?
|
AD D&T - Domain Properties - Trusts Tab
|
|
What happens when Selective authentication is used with Cross Forest Trusts?
|
users can't authenticate to DC or resource server unless explicitly enabled
|
|
What is a manually created Trust called?
|
Shortcut trusts
|
|
What is a Cross Forest Trust used for?
|
To Share resources between forests
|
|
What is the restriction on Cross Forest Trusts?
|
They cannot be Non-transitive.
|
|
Where would you go to enable Selective Authentication?
|
Trust properties - Selective Authentication
|
|
Where would you add a UPN suffix?
|
AD D&T - Properties - UPN Suffixes
|
|
Where would you add a UPN suffix?
|
AD D&T - Properties - UPN Suffixes
|
|
You need to add another Global Catalog server to an existing domain. Where would you go to do this?
|
AD S&S
- DC - NTDS Settings Properties - GC Checkbox |
|
What happens when Universal Group Membership Caching is enabled on a W2k8 DC?
|
1. User logs on - Universal Groups cached from GC
2. Next time user logs on - no need to contact GC |
|
The benefits of Universal Group Membership Caching are:
|
Faster logon times
Reduced network bandwidth Ability to use existing hardware |
|
On a W2k8 DC how do you enable Universal Group Membership Caching?
|
AD S&S
- Sites - DefaulFirstSite - NTDS Settings - Properties - checkbox |