Shared Flashcard Set

Details

Active Directory Lesson 4
Microsoft Server 2008 AD
20
Computer Networking
Not Applicable
01/04/2017

Additional Computer Networking Flashcards

 


 

Cards

Term
Active Directory will tolerate a maximum of a 5-minute ___ between a client and the domain controller that authenticates it
Definition
clock skew
Term
The ___ is responsible for managing time synchronization within a domain
Definition
PDC Emulator
Term
You can improve login times in a site that does not contain a global catalog server by implementing ___
Definition
universal group membership caching
Term
To add or remove an application directory partition from Active Directory, the ___ needs to be accessible
Definition
Domain Naming Master
Term
If a domain controller that holds a FSMO role fails and will not be returned to the network, you can ___ the FSMO role to another domain controller
Definition
seize
Term
You can add additional attributes to the ___ by modifying the Active Directory schema
Definition
partial attribute set (PAS)
Term
The ___ uniquely identifies an object within an Active Directory domain, but will change if an object is moved from one domain to another
Definition
security identifier (SID)
Term
The ___ FSMO role should not be housed on a domain controller that has been configured as a global catalog
Definition
Infrastructure Master
Term
You can transfer the ___ FSMO from one domain controller to another using the Active Directory Domains and Trusts MMC snap-in
Definition
Domain Naming Master
Term
Membership information for a(n) ___ is stored on the global catalog
Definition
universal group
Term
What is the Active Directory component that contains a reference to all objects within Active Directory called?
a. Main database
b. Central catalog
c. Global database
d. Global catalog
Definition
Global Catalog

The Global Catalog server contains a reference to each object within an Active Directory forest, regardless of which domain the GC belongs to or how many domains are configured within the forest
Term
Which of the following roles is a forest-wide FSMO role?
a. PDC Emulator
b. Infrastructure Master
c. Schema Master
d. Global catalog
Definition
Schema Master

The Schema Master and the Domain Naming Master are the forest-wide FSMO roles.
Each Active Directory domain also has three domain-wide FSMOs: the PDC Emulator, the Infrastructure Master, and the RID Master
Term
To which port does the _gc SRV record listen?
a. TCP 445
b. UDP 137
c. TCP 3268
d. UDP 445
Definition
TCP 3268

The Global Catalog answers queries on TCP port 3268. Normal domain controller LDAP
queries take place on TCP port 389
Term
You are the administrator of an Active Directory forest that contains a forest root domain with three child domains. How many of each FSMO does this forest contain?
a. 1 Domain Naming Master, 1 Schema Master, 3 PDC Emulators, 3 Infrastructure
Masters, 3 RID Masters
b. 3 Domain Naming Masters, 3 Schema Masters, 3 PDC Emulators, 3 Infrastructure Masters, 3 RID Masters
c. 1 Domain Naming Master, 1 Schema Master, 4 PDC Emulators, 4 Infrastructure Masters, 4 RID Masters
d. 1 Domain Naming Master, 1 Schema Master, 1 PDC Emulator, 1 Infrastructure Master, 1 RID Master
Definition
1 Domain Naming Master, 1 Schema Master, 4 PDC Emulators, 4 Infrastructure Masters, 4 RID Masters

There is only one forest-wide Domain Naming Master and Schema Master per forest. Because there are four total domains in this example (the forest root domain and the three child domains), there will be four of each domain-wide FSMO role
Term
The Schema Master FSMO for your forest will be taken offline for a few hours so that your hardware vendor can replace the motherboard of the server. To allow your clients to continue to log in, what is the minimum that you need to do?
a. Transfer the Schema Master FSMO to another domain controller before taking it
offline.
b. Seize the Schema Master FSMO to another domain controller before taking it offline.
c. Do nothing. Your clients will still be able to log in while the Schema Master is offline.
d. Disable the domain controller's computer account from Active Directory Users and Computers before taking it offline
Definition
Do nothing. Your clients will still be able to log in while the Schema Master is offline

The Schema Master is only required when an application is installed that will extend the Active Directory schema. This FSMO role is not noticeable during day-to-day client logon operations and thus can be taken offline for a short period of time without impacting client activities
Term
You are a member of the Domain Admins group of a child domain on an Active Directory network. You have an application that requires you to configure an application directory partition, but you find that you are unable to do so. What could be preventing you from creating an application directory partition in your domain?
a. You must be a member of the Enterprise Admins group to create an application
directory partition.
b. You must be a member of the Schema Admins group to create an application directory partition.
c. You must be a member of the Forest Admins group to create an application directory partition.
d. You must be a member of the DNS Admins group to create an application directory partition
Definition
You must be a member of the Enterprise Admins group to create an application
directory partition

Only Enterprise Administrators can create application directory partitions because these have the potential to be replicated forest-wide
Term
The RID Master FSMO distributes RIDs to domain controllers in increments of ____. a. 100
b. 250
c. 500
d. 1,000
Definition
500

By default, the RID Master FSMO role hands out Relative Identifiers (RIDs) to each
domain controller in a domain in increments of 500. Each DC will go back to the RID Master to obtain a new supply of RIDs when their current allotment runs out
Term
You are logging onto an Active Directory child domain from a workstation running Windows Vista Business. By default, where will this workstation look to synchronize its clock with the domain?
a. The PDC Emulator for the child domain
b. The PDC Emulator for the forest root domain.
c. An external clock
d. The domain controller that authenticates the workstation
Definition
The domain controller that authenticates the workstations

Active Directory time synchronization is hierarchical, wherein the PDC Emulator for
each domain will synchronize its time with the PDC Emulator in the forest root domain. Each DC in a domain will synchronize its time with the PDC Emulator for its domain. Member servers and workstations in a domain will synchronize their time with the DC that authenticated them, which can be the PDC Emulator for that domain
Term
Each object's SID consists of two components: the domain portion and the ________.
a. remote identifier
b. globally unique identifier
c. relative identifier
d. global identifie
Definition
relative identifier

An object SID is comprised of the security identifier for the Active Directory domain,
which will be the same for each security principal created within that domain, and a relative identifier, which will be unique to that security principal
Term
You can view and manage the PDC Emulator FSMO role holder using which utility?
a. Active Directory Users and Computers
b. Active Directory Schema
c. Active Directory Sites and Services
d. Active Directory Domains and Trusts
Definition
Active Directory Users and Computers

To view the PDC Emulator, RID Master, and Infrastructure Master FSMO role holders,
right-click the domain name in Active Directory Users and Computers and select the Operations Masters option from the context menu
Supporting users have an ad free experience!