Term
| The Global Catalog is crucial to AD. It holds a complete set of each object within the host servers local domain NC as well as a partial copy of all objects from other domain NCs (within the same forest). What is the partial copy called? |
|
Definition
| PAS (partial attribute set) |
|
|
Term
| The Global Catolog has four main functions. What are they, in short? |
|
Definition
Facilitates searches for objects in the forest
Resolves UPNs
Maintains Universal Group Membership info
Maintains a copy of all obects in the domain in which it resides |
|
|
Term
| What port is used when a user initiates a search for an object in AD? |
|
Definition
TCP 3268
One of the SRV records used by AD that refers to the _gc service uses this port |
|
|
Term
T/F
When a user logs on with his UPN (david@domain.com) the local Domain Controller contacts the GC server to comlpete the logon process |
|
Definition
|
|
Term
| A Universal Group can contain user, groups, and computers from ? |
|
Definition
|
|
Term
| How can you add an attribute to the PAS to be replicated throughout the forest when it is not otherwise replicated? |
|
Definition
|
|
Term
| This feature is offered in WS2k3 and WS2k8 for sites that do not have a GC server available so that users may logon to the domain. |
|
Definition
| Universal Group Membership Caching |
|
|
Term
| For UGMC to function, a user must have |
|
Definition
| succesfully logged on when a GC server was available and UGMC was enabled |
|
|
Term
|
Definition
|
|
Term
When UGMC is enabled and a user attempts to logon, what does the DC attempt to contact first?
GC
UGMC (on itself) |
|
Definition
| The Global Catalog is always first attempt |
|
|
Term
Domain specific FSMO roles (choose 3):
Schema Master
RID Master
PDC Emulator
Infrastructure Master
Domain Naming Master |
|
Definition
Infrastructure Master
PDC Emulator
RID Master |
|
|
Term
| FSMO which is responsible for reference updates, which assists in the tracking of which domains own which objects |
|
Definition
|
|
Term
| This FSMO handles password changes, account lockouts, and time synchronization within the domain |
|
Definition
|
|
Term
Which statement is true?
A RID is a part of the SID
A SID is a part of the RID |
|
Definition
RID is part of the SID;
The RID is a variable length number that is given by the RID master at the time of the objects creation. With the RID as well as the domain identifier, a SID is built |
|
|
Term
| When two or more DCs exist in a domain, the RID Master assigns a block of ___ RIDs to each domain controller. |
|
Definition
|
|
Term
| When will a DC contact a RID master for new RIDs? |
|
Definition
| When it has used 50% of the RIDs that were previously alloted to them |
|
|
Term
| What happens if a RID Master is unavailabel to a DC and the DC reaches its refresh period for RIDs? |
|
Definition
| The DC will not be able to create any new objects. |
|
|
Term
| When moving an object from one domain to another, what FSMO role holding server must you be logged on to? |
|
Definition
| You must be logged on the RID Master in the source domain and must be moving the object to the RID Master server within the destination domain. |
|
|
Term
| How many RID Masters can you have per domain/forest? |
|
Definition
|
|
Term
| A GUID is a ___ bit hexadecimal number that is assigned to each object at the time of creation. |
|
Definition
|
|
Term
| FSMO responsible for replicating changes to an objects SID or DN |
|
Definition
|
|
Term
| What is the GUID comprised of? |
|
Definition
| Date and Time of creation, a unique identifier, and a sequence number |
|
|
Term
| Infrastructure Master works closely with the ____ ____, which makes sense because when a change is made to an object like if it has moved, the Inf Master replicates the change to all other Inf Masters in domains that have trust relationships. |
|
Definition
|
|
Term
| What FSMO role(s) should not be coupled on to a DC that hosts the Global Catalog when a multi domain (with multiple DCs) environment is present? |
|
Definition
Infrastructure Master;
this is bc when they are located on the same server in a multi domain multi DC enviro, it is impossible to see that a change has been made and replication needs to occur. Instead, place these two together in the same site.
PDC Emulator;
Only because there is already a burdensome ammount of traffic for the PDC Em |
|
|
Term
|
Definition
| A Global Catalog has been configured on a server that is hosting the Infrastructure Master FSMO |
|
|
Term
| Which FSMO manages GPO edits? |
|
Definition
|
|
Term
| When you are creating a new domain through dcpromo, for example, it takes a considerable amount of time. This is partly bc the new domain name you are trying to create is being checked against the records in this Forest wide FSMO. |
|
Definition
|
|
Term
| When logging on to a computer, you type in the wrong password. The computer seems to be just hanging, but really it is ? |
|
Definition
| It is contacting the PDC Emulator to see if there have been any changes to the password that was input |
|
|
Term
| To minimize latency on your Network lines, you can couple the RID Master with the ____ ____. |
|
Definition
| PDC Emulator bc it is a major consumer of RIDs |
|
|
Term
| Moving FSMO roles to a different DC gracefully |
|
Definition
|
|
Term
T/F
You should seize the Schema Masters role to a DC if it is to be offline for an extended period. |
|
Definition
False;
The availability of the Schema Master is not that important to ungracefully seize the role. You should instead just wait until it comes back online and make the decision to either transfer it or leave it be later. |
|
|
Term
| What should you do if the DC holding the PDC Emulator FSMO goes tits up? |
|
Definition
| You should immediately seize the role, if users are affected that is. |
|
|
Term
You can view the Domain wide FSMO roles on your domain by accessing:
ADUC
AD D&T
AD S&S |
|
Definition
|
|
Term
You can view the Domain Naming Master FSMO role holder by accessing:
ADUC
AD D&T
AD S&S |
|
Definition
|
|
Term
T/F
The Schema Master can be viewed through ADUC |
|
Definition
False;
To view the Shema Master role holder, you have to access the AD Schema mmc snap-in |
|
|
Term
What is this a result of?
Role Schema Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
Role Domain Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
Role PDC Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
Role Rid Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
Role Infrastructure Update Owner = CN=NTDS Settings,CN=MAIL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=domain,DC=com
......................... MAIL passed test KnowsOfRoleHolders |
|
Definition
| The command dcdiag /test:knowsofroleholders /v |
|
|
Term
There is a process to seize roles via the command line. Put these in order:
Connections
connect to server
ntdsutil
roles
fsmo maintenance(prompt):
fsmo maintenance(prompt):quit
ntdsutil(prompt):quit
server connections(prompt):quit |
|
Definition
ntdsutil
roles
connections
connect to server
server connections (prompt):quit
fsmo maintenance (prompt):
fsmo maintenance (prompt):quit
ntdsutil (prompt):quit |
|
|
Term
| To add or remove an application directory partition from AD, the ___ ___ ___ needs to be accessible |
|
Definition
|
|
Term
| The ____ _____ is responsible for managing time synchronization within a domain. |
|
Definition
|
|
