Shared Flashcard Set

Details

AD DS 2008
Directory Services
84
Computer Networking
Professional
05/31/2011

Additional Computer Networking Flashcards

 


 

Cards

Term
What is the inetOrgPerson security principle used for
Definition
Third party directory services
Term
What is the DRA
Definition
directory replication agent- replicates database between domain controllers
Term
What is the objectSID
Definition
an attribute the security identifier
Term
sAMAccountName?
Definition
the pre-Windows Server 2000 logon name commonly called "user name"
Term
What is the unicodePwd
Definition
an attribute that is the has of a user password
Term
What is the "member" attribute
Definition
stores the membership list for a group object
Term
What are the directory partitions
Definition
Schema,Configuration,DNS,Domain Naming Context,Partial Attribute Set(Global Catalog
Term
What is the Schema partition
Definition
Defines the attributes and classes that can be stored in the directory
Term
What is the Domain Naming Context partition
Definition
contains data about objects within a domain(if you make changes to an object via ADUC then you are modifying the Domain NC)
Term
What is the Configuration partition
Definition
contains info about network configuration,domains,services, topology
Term
Where is the ntds.dit file stored
Definition
C:\Windows\NTDS\ntds.dit
Term
Where is the SYSVOL folder stored
Definition
C:\Windows\SYSVOL
Term
What does the site object in ADDS represent
Definition
A portion of an enterprise network that has good connectivity
Term
How often does intrasite replication take place
Definition
15-45 seconds(frequently)
Term
What two partitions are available to all DC's in a forest
Definition
Schema partition as it defines what objects and attributes can be stored in AD. The Configuration partition which contains info on the domains, services and topology of the forest
Term
What are the two forest-wide admin accounts for ADDS
Definition
Enterprise Admin and Schema Admin
Term
*****INFO*****
Definition
The GC contains a full copy of the all objects in its host domain as well as a "partial" set of objects and attributes for all other domains in a the forest. Remember that the GC is a read read-only copy
Term
Where is the DNS zone data sotred in an Active Directory Integrated Zone
Definition
In the DNS application partition
Term
Where can you raise the forest functional level and view the Domain Naming Operation Master
Definition
Right click AD Domains and Trusts in AD Domains and Trusts and select Operations Master
Term
Where can you raise the Domain Functional Level
Definition
In AD Domains and Trusts by right clicking on the domain(server icons) and choosing Raise Domain Level
Term
What does the AD Administrative Center require
Definition
ADWS installed, port 9389 open,RSAT installed on a client machine running Vista w/SP1 or Windows 7
Term
Where can you add different UPN suffixes
Definition
In AD Domains and Trusts by right clicking on the AD Domains and Trusts and choosing Properties
Term
What are some of the tasks you can perform with AD Sites and Services
Definition
helps to manage replication, network topology(ISTG,KCC)
Term
2008 R@ Supports PVD what is require for a user to use a Personal Virtual Desktop
Definition
Hyper-V, Remote Desktop Connection Manager, Remote Desktop Connection Broker server
Term
Where is the adprep tool located in Windows 2008
Definition
The installation DVD sources\adprep
Term
Where is the adprep tool for Windows Server 2008R2
Definition
The installation DVD support\adprep
Term
What are the FSMO Roles in AD
Definition
RID Master,Infrastructure Master,PDC Emulator(Domain) and Schema Master, Domain Naming Master(Forest)
Term
What does the The Relative ID Master perform
Definition
Allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains
Term
What does the The PDC Emulator operations master role perform
Definition
processes all password changes in the domain. Failed authentication attempts due to a bad password at other domain controllers are forwarded to the PDC Emulator before rejection.
Term
What operation does the The Schema Master perform
Definition
maintains all modifications to the schema of the forest. The schema determines the types of objects permitted in the forest and the attributes of those objects.
Term
What function does the The Domain Naming Master perform
Definition
Tracks the names of all domains in the forest and is required to add new domains to the forest or delete existing domains from the forest. It is also responsible for group membership.
Term
What is ISE
Definition
intergrated scripting environment
Term
What Operating Systems have Windows Powershell 2.0 built-in them by default
Definition
ONLY 2008R2 and Windows 7(available to download for 2003 w/SP2,XP w/SP3,Vista w/SP1,2008 w/SP1)
Term
What does Windows Powershell require
Definition
.NET Framework 2.0 w/SP1 and Powershell ISE requires .NET 3.5 w/SP1
Term
What does Mulitmaster Replication mean
Definition
All copies of the database are writable
Term
What is the minimum supported funtional level in Windows Server 2008
Definition
Windows Server 2000 Native Mode
Term
What is the minimum supported functional level in Windows Server 2008R2
Definition
Windows Server 2003
Term
Where specifically is the zone data stored in an Active Directory Integrated Zone
Definition
in an application partition
Term
Active Directory relies on what service
Definition
Active Directory Web Services
Term
What is this command used for in Powershell 2.0 "Get-ADuser -Filter "-Name -eq 'John U'"
Definition
The Get command(verb portion of the cmdlet)retrives info from ADDS/ADLDS. The -filter option allows you to refine your query to the name of the user
Term
Name some of the funtions of the Active Directory Module for PS
Definition
Computer Management,User management,group management, OU Management,password policy management manage the forest and domain,
Term
What does the -moveADObject -TargetPath
Definition
after using the get-ADUser -filter 'Name -eq TestUser' to connect to the object this will move the user to the desired target path(the dn)
Term
What does the get-ADGroup -filter "Name -eq "Domain Admins" do
Definition
Will allow you to view the membership of the group Domain Admins
Term
What does the Add-ADGroupMember "Marketing" TestUser
Definition
This cmdlet will allow you to add a user named TestUser to the Marketing group
Term
What are some of the common parameters of the New-ADUser -Name cmdlet
Definition
-SAMAccount,-AccountPassword,-Enabled,-Path(default is the built-in User container)
Term
What is the default UPN suffix
Definition
The DNS name of the domain (contoso.com/nwtraders.com)
Term
What Powershell command can you run to reset a users password
Definition
Set-ADAccountPassword –identity ‘cn=amy strand, ou=IT, dc=contoso, dc=com’ –Reset –
NewPassword (ConvertTo-SecureString –AsPlainText “Pa$$w0rd2” –Force)
Term
What cmdlet can you use to unlock a user account
Definition
Unlock-ADAccount –identity ‘cn=amy strand, ou=IT, dc=contoso, dc=com’
Term
How to you enable a user account via Powershell
Definition
Enable-ADAccount –identity
Term
What cmdlet can you use to disable a user account
Definition
Enable-ADAccount –identity
Term
How can you modify a user object with Powershell
Definition
Get-ADUser UserName | Set-ADUser [-parameter value…]
Term
How would you modify users via Powershell
Definition
Get-ADUser –Filter ‘Name –like “*”’ –SearchBase “OU=Production, DC=Contoso, DC=Com”|Set-
ADuser –Department “Production” –Company “Contoso, Ltd”
Term
How can you ensure that a user template shows up first in an OU
Definition
put a "_" in front of the user template name (_Marketing)
Term
When you copy a user template what Tab doesnt copy over
Definition
The General Tab
Term
Can you use CSVDE to create object in ADDS
Definition
Yes- by importing a .csv file(Remember that the default is to export so specify the -i parameter to import
Term
Can you import passwords with CSVDE
Definition
No- the password cannot be imported which means that the account will be disabled. After you set the password you can enable the account
Term
How can you use Powershell to automate user object creation
Definition
Import-CSV Users.csv| forEach New-ADUser (pay attention to where the pipe command is)
Term
Why would you use LDIFE over CSVDE?
Definition
LDIFE can import/export AND modify objects as well as modify passwords
Term
What edition of Server introduces managed services account
Definition
Windows Server 2008 R2, Windows 7
Term
What are the requirements for managed service accounts
Definition
Managed Service account must run on Server 2008 R2, .NET Framework 3.5.x, AD Module for Powershell,Minimum of Windows 2003 Functional Level(How ever if you SPN management to be automatic then you will want the 2008 R2 domain functional level
Term
What are the two distinct types of groups the help to effectively manage complex enterprises
Definition
Role-Based Groups(Business Roles) and Rule-Based Groups(Access Management)
Term
What is the order for group scope management
Definition
Local,Global,Domain Local,Universal(L,G,D,U)
Term
What are the defining characteristics of the four different group scopes
Definition
What it can contain,What can it belong to,where it can be used
Term
What is the domain naming context
Definition
stores all the objects in the domain(users,computers,groups and others). Every DC in the domain has a writable copy of the domain naming context. Every GC in the forest has a read-only copy of the domain naming context for the GC's domain and a partial reade-only copy of every other domain naming context for all domains
Term
What groups can be added to Domain Local Groups
Definition
Users, Computers, global groups in the domain and likewise the same with any domain in the forest(as well as the same for trusted domains),Universal groups from any domain in the forest
Term
What is the primary purpose of a domain local group
Definition
To group together security principles together that share the same access needs(rule-based management)
Term
What groups can be apart of the Global Groups
Definition
Only u,c,gg from the same domain
Term
What is the availabilty of the Global Group
Definition
Global Groups can be nested in any Universal or Domain Local Group(IGDLA,IGUDLA)
Term
*********Info**********
Definition
Think of the Universal groups as giving you the ability to group together Forest Wide Roles(Company_Regional Managers)
Term
What does IGDLA mean
Definition
I_dentities are grouped together into G_lobal groups which collect members based on their roles, which are members of D_omain Local groups which collect members together based on their A_cess needs
Term
What permissions/rights can the Server Operator
Definition
(Builtin container in every domain)Logon locally,start stop services, shutdown domain controls,perform backup/restore operations,format disks, create,delete shares
Term
What permissions does the Account Operators group have
Definition
create,modify,delete, all user/computer/group account in any OU EXCEPT the Domain Controllers OU. Cannot modify the Admins/Domain Admins groups or accounts. Can logon locally to DC's
Term
What are the permissions of the Backup Operators group
Definition
Perform Backup/Restore operations. Logon locally
Term
What permissions does the Print Operators group have
Definition
Manage print queues on DC's and shut down DC's. Logon Locally to the DC's
Term
What are the two defining characteristics a distribution group
Definition
Cannot be assigned a SID so it cannot be assigned permissions, used for email applications
Term
What are the defining characteristics of a security group
Definition
Can be assigned a SID(so you can assign permissions to this group type),Can be assign email
Term
How do you create a new group via AD Module Powershell
Definition
New-ADGroup
Term
How would you modify Universal Membership Cache
Definition
Set-ADObject
Term
Name the 2003 Domain Functional Level features
Definition
set the UserPassword Attribute on both users and inetOrgPerson(non-Windows based users),last logon tracking(lastLogonTimestamp),Netdom(domain rename),user/computer redirection(from defaults),Authorization manager(application authorization), Selective authentication(allow other users from from trusted domains access to specific servers),RODCs(must run adprep /rodcprep
Term
Name some of the features of the Windows Server 2008 functional level
Definition
DFS-R replication of the SYSVOL,AES128 and AES256 for Kerberos,detailed interactive logon information,frin grain password policy
Term
Windows Server 2008 R2 domain functional level
Definition
Authenitcation mechanism Assurance
Term
Where can you raise the domain functional level
Definition
Active Directory Domains and Trusts and ADUC>Right-click the domain and choose Raise Domain Functional Level
Term
Windows Server 2003 Forest Functional Levels
Definition
Link-value Replication,Support for RODCs(must be running 2008 Server),Improved KCC and ISTG,Conversion of the inetOrgPerson into a User class,deactivation/redefinition of object classes
Term
Raising the forest functional level
Definition
Via Active Directory Domains and Trusts
Supporting users have an ad free experience!