Term
| What are the 3 Active Directory scopes? |
|
Definition
Domain Local
Global
Universal |
|
|
Term
| What are the Universal Group characteristics? |
|
Definition
- Available only in Win 2k Native and Server 2003 functional levels
- Includes user and computer accounts, global groups, and other universal groups from any domain in the forest
- Can be converted to domain local groups, or global groups as long as they don't have other universal groups as members
- Can be granted access permissions for resources in any domain in the forest and in domains in other trusted forests
|
|
|
Term
- What are the planning guidelines for Global and Domain Local groups?
|
|
Definition
- Create domain local groups for resources to be shared (group called "colored printers" in office)
- Assign resource permissions to domain local group (permissions to use colored printers)
- Create global groups for users with common job responsibilities (accounting department add user objects called "accounting"/IT group in Navy)
- Add global groups that need access to resources to the appropriate domain local group (add "accounting" global group to domain "color printer" global group)
|
|
|
Term
| What are the Default Groups in the Active Directory Built-In Groups? |
|
Definition
- Account operators
- Administrators (Domain/Enterprise)
- Back-up Operators
- Guests
- Incoming forest trust builders
- Network Config operators
- Performance Log users
- Performance Monitor users
- Pre Windows 2k compatible access
- Print operators
- Remote Desktop users
- Replicator
- Server operator
- Terminal server license servers
- Users
- Windows authorization access group
|
|
|
Term
| Which Built-In Active Directory groups can perform Backups? |
|
Definition
- Administrators
- Back-up operators
- Server operators
|
|
|
Term
| How to change group types and scopes? |
|
Definition
- GROUP TYPE:
- Open group properties in ADUC
- General tab, "group type options" click unselected option, then click OK.
- SCOPE:
- Same as above, except, select General tab, "group scope options"
|
|
|
Term
| What is the the Netdom.exe utility and what does it do? |
|
Definition
- CLI tool to create computer objects without specifying the name of the computer object
- Installed from Support\Tools\Suptools.msi folder on WS2k3 Install CD
|
|
|
Term
| Whater are the 2 ways of joining a computer to a domain? |
|
Definition
- Ctrl Panel > System > System Properties > Computer Name tab > Change Computer Name > Domain option
- netdom join computername /Domain:DomainName [/UserD:User /PasswordD:password]
- During OS Installation
|
|
|
Term
| What are the limits of creating computer objects while joining to a Domain? |
|
Definition
Authenticated Users are granted a right ("Add Workstations To Domain") to create 10 computer objects, which means computers must be running XP Pro, 2k Pro or one of the down-level AD clients.
Authent. users cannot join comps running WS2k3 or W2kS to the domain. |
|
|
Term
|
Definition
run from CLI in WS2k3 to place a computer in a specific OU before joining domain to inherit those policies
redircmp ou=workstations.DC=contoso,dc=com |
|
|
Term
| What are the 7 tabs under managing computer objects properties? |
|
Definition
- General (description, DNS Name, and Role)
- OS (no edit)
- Member Of (groups, Dom Comp Global by dflt.)
- Delegation (grant services)
- Location
- Managed By (user object responsible)
- Dial-In (telecommuters)
|
|
|
Term
|
Definition
| CLI tool to delete objects (can't delete with DSMOD). |
|
|
