Term
| ________________, the directory service in Windows Server 2003, is the main repository for information about network users and resources. |
|
Definition
|
|
Term
| A _______________________ is a tool that allows businesses to define, manage, access, and secure network resources, including files, printers, people, and applications, for a group of users. |
|
Definition
|
|
Term
| The major benefits of the high-powered Active Directory directory service include: |
|
Definition
- Centralized resource and security administration
- Single logon for access to global resources
- Fault tolerance and redundancy
- Simplified resource location |
|
|
Term
| What is the name of the file where all the information from your Active Directory is stored? |
|
Definition
|
|
Term
| What makes up the Common Microsoft Management Console set? |
|
Definition
- Active Directory Users and Computers (DSA.MSC)
- Active Directory Domains and Trusts (DOMAIN.MSC)
- Active Directory Sites and Services (DSSITE.MSC) |
|
|
Term
| In a Windows Server 2003 environment, Active directory provides fault tolerance using what? |
|
Definition
| A multi-master replication system, where multiple servers, installed as domain controllers, share a common database. |
|
|
Term
| In Active Directory, each object is defined in a __________. |
|
Definition
| Schema. A schema is a master database that contains definitions of all objects in the Active Directory. |
|
|
Term
| _______________ is when administration of an OU can be delegated to a supervisor or manager and thus can allow that person to manage the day-to-day resource access. |
|
Definition
| Delgation of administration |
|
|
Term
| A ____________ is a logical grouping of network resources and devices that are administered as a single unit. |
|
Definition
|
|
Term
| What two tools allow you to begin the Active Directory installation process? |
|
Definition
The two tools that allow you to begin the Active Directory installation process are
the Manage Your Server Web page and the dcpromo.exe command line tool. |
|
|
Term
Which of the following are requirements for Active Directory installation?
a. An IP address of a DNS server
b. Any version of DNS
c. Windows Server 2003 Web Edition
d. An NTFS partition
e. Dynamic Host Configuration Protocol (DHCP) |
|
Definition
a and d are correct. Answer b is incorrect since DNS must support SRV resource
records and not all versions do. Answer c is incorrect because the Web Edition
does not support Active Directory. Answer e is incorrect. DHCP has nothing to do
with Active Directory, but rather is a service used to supply TCP/IP information. |
|
|
Term
| What term refers to the first domain created on the network? |
|
Definition
| The first domain created on the network is referred to as the forest root domain. |
|
|
Term
Which of the following are key points related to the Sysvol folder structure
in Active Directory?
a. It contains user data that should be backed up.
b. It contains replicated data such as logon scripts.
c. It contains the operating system boot files.
d. It must be placed on a FAT32 partition.
e. It must be placed on an NTFS partition. |
|
Definition
b and e are correct. Answer a is incorrect since user data should not reside in the
same location as system files. Operating system boot files are stored at the root
of C: by default and system files are stored in the systemroot directory. This
makes answer c incorrect. If answer e is correct because of NTFS permission
requirements, answer d is incorrect. |
|
|
Term
Before you are able to create an application directory partition, you must
be a member of which group?
a. Domain Users
b. Domain Admins
c. Schema Admins
d. Enterprise Admins |
|
Definition
d is the correct answer. Since application directory partition information can be
configured to replicate to any domain in the forest, creating this partition is an
enterprise-level task and requires enterprise permissions to do so. |
|
|
Term
When trying to connect to a shared folder by typing \\SERVER1\DATA at
a prompt, John receives an error that SERVER1 cannot be located. List
three possible reasons why this could happen and the steps you would
take to verify them. |
|
Definition
Possible answers students may have are:
1. No record exists for SERVER1 in the forward lookup zone of DNS. Check the
DNS forward lookup zone for SERVER1’s record.
2. SERVER1 is down. Test the server by attempting a ping. If there is no reply, check
all links to the server.
CHAPTER 2 IMPLEMENTING ACTIVE DIRECTORY 9
3. John’s computer has an error in its DNS configuration. Use ipconfig to check
the current settings for John’s network connection. If IP is being obtained from
a DHCP server, attempt a renewal of the information using ipconfig /renew. If IP
is manually configured, check the properties of John’s network connection.
4. The record in DNS for SERVER1 is old and has not been updated. Check the
record in DNS to verify this is a problem. If it is, modify the record to reflect
the correct information or you can use ipconfig /registerdns from SERVER1 if
dynamic updates are enabled. |
|
|
Term
You are the administrator for a large automotive parts company. Management
has just released the names of several vendors that you will need to
allow access to network resources. These vendors either have Microsoft
Windows NT 4.0, Windows 2000, or Windows Server 2003 domains. You
have established a domain that holds all the information that vendors will
need to access within your forest. The vendors want to be able to gain
access to these resources without permitting access for your company to
their network. What do you need to do to make this happen? |
|
Definition
You need to establish an external one-way trust between the vendor resource
domain in your forest and the appropriate user domain in their forest. |
|
|
Term
What are the default names of the application directory partitions created
by the DNS installation within the Active Directory Installation Wizard? |
|
Definition
DomainDnsZones
ForestDnsZones |
|
|
Term
Using nslookup’s /? switch, what would be the syntax needed to view all
SRV records? |
|
Definition
|
|
Term
You have just installed a new application that has modified the schema by
adding a new object. Another administrator at a different location does
not have this object listed on his domain controller. What is the most
likely reason for this? What should he do to resolve the problem? |
|
Definition
Replication has not taken place yet. He should wait for the replication process to
take place. There is a normal latency when the schema is modified. |
|
|
Term
The KCC is responsible for calculating intrasite replication partners.
During this process, what is the maximum number of hops that the KCC
will allow between domain controllers?
a. 2
b. 3
c. 4
d. 5 |
|
Definition
b. The maximum number of hops that the KCC will allow between domain controllers
is three. This allows a maximum replication latency of 15 minutes, since each
domain controller holds a change for five minutes before forwarding it. |
|
|
Term
Replication that occurs between sites is called ____________ replication.
a. Local
b. Remote
c. Intersite
d. Intrasite |
|
Definition
| c. Intersite replication occurs between sites |
|
|
Term
Company XYZ is a national company with locations in Detroit, Minneapolis,
Phoenix, and Dallas. There are two connections between Detroit and
Minneapolis. The first is a T-1 link and the second is a 128-Kbps link.
When setting up the site links for replication, what should you do to
ensure that the 128-Kbps link is used only if the T-1 is unavailable?
a. Set a cost of 1 for the T-1 and a cost of 5 for the 128-Kbps link.
b. Set a cost of 5 for the T-1 and 1 for the 128-Kbps link.
c. Leave the costs at their default value of 100.
d. Manually change the schedule to disallow replication on the 128-Kbps
link until it is needed. |
|
Definition
a. When setting costs, the lower number indicates a higher priority. Setting
the cost of 1 for the T-1 and 5 for the 128-Kbps link indicates that the T-1 is the
primary replication link. Answer b is the opposite of this, making it incorrect.
Answer c would make both links have the same priority. Answer d would cause
more administration than necessary. |
|
|
Term
You are a consultant working on a site plan for a medium-sized organization.
The organization consists of a main office and three branch offices. Two of the locations have standard IP links to the main office, while the
third branch office is a separate domain and uses an Internet connection
for e-mail. How should you configure the site links for the three branch
offices to the main office? |
|
Definition
Configure RPC over IP for the two standard link branch offices and configure SMTP
for the remote office that is part of a separate domain. This solution follows the
guidelines that include using RPC over IP in most situations and SMTP when there
is an Internet-based connection from a separate domain. |
|
|
Term
Assuming the same scenario as in question 4, what information will be
replicated between the third branch office and the main office? |
|
Definition
Global catalog, schema, and configuration information will be the only information
replicated because the third branch office is using SMTP for replication. SMTP only
replicates global catalog, schema, and configuration information. |
|
|
Term
You are the administrator for a network that has several sites. There is a
site link from the main headquarters to each remote site for file transfer
and replication purposes. You have been asked to create five new users
on the network, and several of the users need immediate access to network
applications. When asked by your manager how long replication of
these new accounts will take, you answer with which of the following
responses?
a. Replication occurs every 180 minutes by default.
b. Replication occurs at 15-minute intervals.
c. Replication occurs as soon as the account is added.
d. Replication occurs only between 12:00 A.M. and 6:00 A.M. |
|
Definition
| a. The default intersite replication schedule is set for every 180 minutes. |
|
|
Term
Modify the scenario in question 6 by placing all domain controllers in the
same site. How would you answer your manager’s question now?
a. Replication occurs every 180 minutes by default.
b. Replication occurs at 15-minute intervals.
c. Replication occurs as soon as the account is added.
d. Replication occurs only between 12:00 A.M. and 6:00 A.M. |
|
Definition
c. When a new account is added to the Active Directory database, the account
information is immediately replicated to all domain controllers within the site. The
difference between this and the answer to question 6 is that this question deals
with intrasite replication instead of intersite replication. |
|
|
Term
What is the advantage of creating your sites and subnets prior to installing
subsequent domain controllers? |
|
Definition
When your domain controllers are installed and an IP address is assigned, they will
automatically be placed in the site associated with their network address. This will
save you the step of moving them later. |
|
|
Term
What is the database that serves as a central repository for all Active
Directory objects called?
a. Main database
b. Central catalog
c. Global database
d. Global catalog
e. Enterprise catalog |
|
Definition
d. Global catalog is the term used to refer to the central repository database
that contains all Active Directory objects. All other answers are not valid terms. |
|
|
Term
Which of the following roles are forest-wide roles?
a. PDC emulator
b. Infrastructure master
c. Domain naming master
d. Schema master
e. Global catalog |
|
Definition
c and d. The two forest-wide roles are the domain naming master and schema
master role. The other choices are domain-wide roles. |
|
|
Term
| A _______ is defined by one or IP subnets that are connected by fast links. |
|
Definition
|
|
Term
| What is the standard naming structure and hierarchy in Active Directory? |
|
Definition
Lightweight Directory Access Protocol (LDAP)
Established by the internet Engineering Task Force (IETF) to facilitate the implementation of X.500 in e-mail. It is used for scalability and integration capabilities. |
|
|
Term
| What does not replicate to all domain controllers? Rather, it replicates only to domain controllers designated specifically to hold the global catalog. |
|
Definition
|
|
Term
| What allows administrators to control what information is replicated and to which domain controllers? |
|
Definition
|
|
Term
| What deals with all of the replication in the specific domain? |
|
Definition
|
|
Term
| What contains the replication topology and other configuration data that must be replicated throughout the forest? |
|
Definition
|
|
Term
| What contains the rules and definitions that are used for creating and modifying objects classes and attributes? |
|
Definition
|
|
Term
| _____________ are typically assigned and inherited within a domain only, not from the forest. |
|
Definition
|
|
Term
| A ________ is the highest level in Active Directory. In a ___________, Active Directory uses directory partition to store and replicate information. |
|
Definition
|
|
Term
| Where are SRV records located? |
|
Definition
| Within DNS... to provide mapping to a host providing service. |
|
|
Term
| What are the two types of functional levels? |
|
Definition
|
|
Term
| What are the forest functional levels? |
|
Definition
- Windows 2000 (Supports NT 4.0, 2000, and 2003)
- Windows Server 2003 interim (NT 4.0 and 2003)
- Windows Server 2003 (2003) |
|
|
Term
| How do you raise the Forest Functional level? |
|
Definition
- Must be logged on as a member of the Enterprise Admin Group
- Must be connected to the Schema Operations Master
- All domain controllers must support the new functional level
- Irreversible |
|
|
Term
| _____________ is a command line tool that will open the active directory install wizard. |
|
Definition
|
|
Term
| What are th differences between DomainDNSZones and DorestDNSZones? |
|
Definition
DomainDNSZones – A single partition that allows DNS infromation to be replicated to all domain controllers running DNS within the domain.
ForestDNSZones – A single partition that contains all DNS Servers in the forest. Zones stored here are replicated to all DNS servers running on domain controllers in the entire forrest. |
|
|
Term
| Although not enabled by default, ___________________ is a process that can beused by Windows Server 2003 DNS to clean up the DNS database when resource records are no longer required. |
|
Definition
|
|
