Creates an event when a user or computer attempts to authenticate using an Active Directory account.

Audits successful and failed account logons.

Creates an event when a user logs on interactively (locally) to a computer or over the network (remotely).

audits successful and failed logons

Audits events, including the creation, deletion, or modification of user, group, or computer accounts.

Successful account management activities are audited

Audits changes to user rights assignment policies audit policies, or trust policies.

Successful policy changes are audited

Audits the use of privilege or user right.

No auditing is performed by default.

Audits system restart, shutdown, or changes that affect the system or security log.

successful and failed system events are audited.

Audits events such as program activation and process exit.

Successful process tracking events are audited.

Global-->Universal

Domain-->Local

Universal-->global

Universal-->domain local

Accounts are members of

Global Groups which are a member of

Domain Local groups which are then added to

Acess Control Lists (ACL)

True or False:

CSVDE is used to modify existing objects

False

LDIFDE is used to modify

• computer object must be created
• must have appropriate permissions
• must be a member of local admins group. 

• join a computer to a domain from command prompt
• remotely
• specifies the OU for computer obect
• creates a computer acct. 

Enforce is set at parent level.

Will override any Block inheritence that are set.

1. Remove Apply Group Policy permission for authenticated users group.
1. Do not set Deny 
2. Determine groups to which GPO should not be applied and set GP permission to Deny

• only one in AD DS forest
• designed to provide high availability and load balancing 

Windows 200 SP3

or Windows Server2003

issued to trusted users who have an email enabled account in AD DS.

It is generated when the user first tries to open rights protected content

contains the public key of the user as well as his or her private key.

A machine certificate is created the first time an RMS-enabled app is used.

• Creates a lockbox on the computer to correlate the machine certificate with the user's profile 

• created when the user saves content in a rights-protected made.
• license lists which users can use the content and under which contions as well as the rights each user hasw to content. 

in a file called NTDS.dit

• 3 parts
• data table
• contains all info in AD store
• link table
• data that represents linked attributes
• security descriptor table
• contains data that represents inherited security descriptors for each object

a database that contains a partial replica of every object from every domain within a forest

This provides for faster searches.

• only writeable copy of the zone database
• changes to the zone can only be made to the primary zone
• the server that holds the primary zone is called the primary server
• each zone can have only a single primary zone server
• zone data is stored in a text file 

• changes cannot be made to the records
• copies zone data from other servers through a process called zone transfer
• can copy zone data from the primary server or other secondary servers.
• zone data is stored in a text file. 

• only contains information about hte name servers that are authoritative for the zone.
• NOT authoritative for the zone
• dynamic, meaning it will kep the list of name servers for the zone updated automatically
• use a stub zone to forward name requests based on zones while keeping name server lists updated automatically.

Djoine.exe /provision

Djoin.exe /requestODJ

dsadd or netdom

use netdom to rename computer account

use netdom join to join a computer to a domain

provides the same benefits of using a domain user account with these improvements

• passwords are manged and reset automatically
• when the domain is running at the Windows Server 2008 R2 functional level, the service princiapl name (SPN) doesn't need to be managed as with local accounts. 

(active directory service interfaces editor)

acts as a low level GUI editor for common administrative tasks such as adding, deleting, and moving objects.

Used to query, view, and edit attributes that are not exposed through other MMC snap-ins.

(start of authority)

first record in any dns database file.

defines the general parameters for the DNS zone, and it is assigned to the DNS server hosting the primary copy of a zone.

What is the NS?

(Name Server)

• identifies all name servers that can perform name resolution for the zone. 

• The SOA record for the zone
• NS records for all authoritative DNS servers for the zone
• A records for authoritative name servers identified in the NS records. 

 Recursion is the process by which a DNS server or host uses root name servers and subsequent servers to perform name resolution.

Disabling recursion will keep the server from using forwarders

pointers to top level DNS servers on the Internet.

if you have a DNS server configured as a root zone server, it will never use the root hints file.  It considers itself authoritative and therefore will not access the Internet to forward DNS queries.

a local balancing mechanism used by DNS servers to share and distribute network resource loads.

It is a static method for load balancing.  If one server fails, DNS still sends requests to that failed server.

Link local Multicast Name Resolution

• used to update Server 2003 or 2000 active directory schema for Server 2008 or R2
• run this command only once in the forest
• run on the domain controller that holds the schema operations master role for the forest
•  

• prepares a domain for Sever 2008 or 2008R2
• run on the domain controller that holds the infrastructure operations master role for the domain
• run AFTER the adprep /forestprep
• run in each domain you plan on installing a dc that runs 2008 or 2008 R2
• for domains at the Windows 2000 functional level, run adprep /domainprep/gpprep 

• run if you plan on installing an RODC in any domain in the forest
• updates permissions on application directory partitions to enable replication of the partitions to RODCs.
• runs remotely
• run only once in the forest. 

• run the adprep /forestprep command if this is the first 2008 or R2 domain controller in the forest
• if you plan on installing an RODC in any domain inthe forest  run adprep /rodcprep
• schema must be updated before OS is installed if you are performing and unattended installation of AD DS with 2008 or 2008 R2.

• in server manager run Add Roles Wizard to install Active Directory binaries
• run dcpromo.exe
• can be used to install new 2008 forests, domains, and domain controllers. 

• use dcpromo combined with unattend installation switches.
• /NewDomain with forest, tree, or child specifies the type of new domain.
• use /databasePath:C:\Windows\ntds /logPath:C:\Windows\ntdslogs /sysvolpath:C:\Windows\sysvol to specify the location of the databse file, directory service log files, and system volume (SYSVOL) folder.
•  

remove AD DS

then reinstall the domain controller as an RODC

0-200 Server Native

2-Server 2003

3-Server 2008

• Active Directory Domain Services Installation Wizard
• dcpromo.exe to start the wizard
• dcpromo at the command line
• dcpromo in an answer file 

• first, transfer the operations master roles hosted by the dc to other dcs
• do not select the Delet the domain option
• answer file
• IsLastDCInDomain=yes
• command line
• /IsLastDCInDomain:Yes and /DemoteFSMO:Yes 

What steps do you perform to remove the LAST dc from the forest.

• DFS
• Advanced Encryption Standard (AES)
• Last interactive logon info.
•  

Authentication mechanism assurance (AMA)

allows you to control access to netowrk resources based on the type of certificate used during logon.

No.

You must have all domain controllers at the level you want to raise to.

Active Directory Users and Computers or

Active Directory Domainst and Trusts

• Domain controllers that don't run the necessary operating system version
• insufficient hardware
• domain controller running an antivirus program that is incompatible with Server 2008 or 2008 R2
• Use of version specific program that does not run on Server 2008 or 2008 R2
• the need to upgrade a program with the latest service pack. 

netdiag /test:member

netdiag /test:dsgetdc

• represents a physical network segment
• identifies the network address and mask
• Domain controllers are indirecty associated with ______ based on the domain controer IP address.

• What is a site?

• represents a group of we-connected networks
• linked to one or more subnets
• can host domain controllers from more than one domain, and a domain can be represented in more than one site
• create additional _____ to identify locations separated by WAN links 

• an Active Directory object that represents logical paths between sites that can be used for Active Directory replication
• represent logical not physical connections

a collection of two or more site links that can be grouped as a single logical link.

*connection*

a domain controller in a site that replicates with domain controllers in other sites

*replication*

a logical communication channel between domain controllers

unidirectional

used for intra and inter-site replication

also know as IP

Does not require a CA

allows replication within mail messages in environments where wide area network links are not available.

a domain controller in a site that has been designated as a potential bridgehead server

Should be a global catalog server.

use the autositecoverage setting in the

HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameter

• faster replication/decreased network traffic
• flexible scheduling and bandwidth throttling to limit the quantity of data transmitted and/or accepted within a specified perioed of time.
• automatic self-healing for many database errors.
• improved support for RODCs
• built in health monitoring tools 

• upgrade all domain controllers to 2008 or R2
• Change the domain functional level to Server 2008 or R2
• Verify the current state of replication by running repadmin /ReplSum
• run the dfsrmig command to start the and control the migration. 

Domain naming master

 schema master

• in a forest that contains a single Active Directory domain
• if every domain controller in a domain that is part of a multi-domain forest also hostst he global catalog. 

RID master

PDC emulator

• netdom query fsmo
• dcdiag /test:knowsofroleholders /v
• dsquery server -hasfsmo

use only of all of the following are NOT true

• site has more than 100 users
• WAN link connecting the site to the rest of the network is reliable and fast
• location has roaming users
• location runs an application that requires a global catalog server. 

• created by default
• transitive
• two-way

• created by default
• transitive
• two-way 

• created manually
• non-transitive
• one-way, although you can create two one-way trusts to simulate a two-way trust 

• created manually
• transitive or non transitive
• either one way or two way 

• created manually
• transitive within the two forests but non-transitive between other forests.
• either one way or two way. 

• created manually
• transitive
• either one way or two way 

1. configure the autoenrollment settings in a GPO
2. Assign read, enroll, and autoenroll permission to the Domain users group on the certifcate template

a template that contains settings for the Administrative Templates portion of a Group Policy Object.

Software distribution and security  settings are not contained in these

IIS must be installed on the computer before the Online Responder can be installed. The correct configuration of IIS for the Online Responder is installed automatically when you install an Online Responder.

• An OCSP Response Signing certificate template must be configured on the CA, and autoenrollment used to issue an OCSP Response Signing certificate to the computer on which the Online Responder will be installed.
• The URL for the Online Responder must be included in the authority information access (AIA) extension of certificates issued by the CA. This URL is used by the Online Responder client to validate certificate status.