Shared Flashcard Set

Details

Server 2008
Server 2008 - Chapter 6
62
Computer Networking
Undergraduate 1
05/09/2013

Additional Computer Networking Flashcards

 


 

Cards

Term
What is the folder location and filename for the AD database?
Definition
NTDS.DIT in the \windows\ntds folder
Term
The SYSVOL is created on what type of servers? all domain controllers
Definition
all domain controllers
Term
What does the SYSVOL contain?
Definition
The SYSVOL typically contains scripts and group policy objects.
Term
Is the SYSVOL automatically replicated? …to what types of servers?
Definition
yes; to all domain controllers in that domain
Term
What is its default location for the SYSVOL(folder)?
Definition
The default location for SYSVOL is in the \windows\sysvol folder.
Term
What file system is necessary for SYSVOL?
Definition
NTFS
Term
Is the schema extensible?
Definition
-yes
-The schema is extensible, which means that you can define new object classes and attributes.
Term
If the schema is extended, what does it affect?
Definition
every domain controller/domain in your forest
Term
Describe a global catalog server
Definition
a domain controller that has a copy of the global catalog
Term
What server by default becomes the global catalog server?
Definition
very first domain controller in the forest
Term
What is the minimum number of global catalog servers suggested?
Definition
1 per site
Term
What 2 utilities can be used to configure a domain controller as a global catalog server?
Definition
DCPROMO and Active Directory Sites and Services
Term
If a global catalog is unavailable, may users be unable to logon?
What is stored in the global catalog that can affect user authentication (2)?
Definition
-yes
-UPNs (to resolve to the full domain name) and universal group membership
Term
What is a namespace?
Definition
A namespace is any bounded area in which names can be resolved
Term
What standard does AD use for its namespace?
Definition
DNS
Term
What protocol/standard does it use for queries and updates?
Definition
LDAP
Term
What is name resolution?
Definition
The process of translating a name into a different piece of information that it represents.
Term
Describe the 2 different types of namespaces. Give examples
Definition
Contiguous: ABC.COM and SALES.ABC.COM
Disjointed: ABC.COM and XYZ.COM
Term
What is a distinguished name (DN)? Give an example.
Definition
-An object's Distinguished Name (DN) uniquely identifies it and contains sufficient information for a client to retrieve the object from the directory.
-The DN includes the name of the domain that holds the object, as well as the complete path through the container hierarchy to the object.
-DNs in Active Directory are similar to the full path of a file on a hard drive partition.
-The Letter1.doc file's full path on the C: partition might be: C:\DOCS\Letters\2009\Letter1.DOC
-The DN for the JSmith user object in the microsoft.com domain might be:
Distinguished Name: "CN=JSmith,OU=All Users OU,OU=Sales Users OU,DC=microsoft,DC=com"
Term
Will the DN change if the object is moved?
Definition
YES,If the object is moved, the DN will change.
Term
What is the relative distinguished name (RDN)? Give an example.
Definition
-An object’s relative distinguished name (RDN) is a distinct object name within the DN.
-For ex. in the DN: "CN=JSmith,OU=All Users OU,OU=Sales Users OU,DC=microsoft,DC=com",
the RDNs are: JSmith, All Users OU and Sales Users OU
Term
What is a globally unique identifier (GUID)?
Definition
-Every object in the AD store has a globally unique identifier (GUID) allowing it to be moved or renamed, with the identifier unchanged.
-A GUID is a 128-bit number that is assigned when the object is first created that is guaranteed to be unique across all domains in the forest
Term
Will the GUID for an object change if it is moved or renamed?
Definition
NO
Term
Is the GUID guaranteed to be unique across domains?
Definition
YES
Term
Describe a user principal name (UPN).
Definition
-A user principal name (UPN) is in the form: user@domain.com
-A UPN is a shorthand version of the user name, since it does not include the full DNS domain name of the user’s home domain (w/all child domains).
-UPNs allow a user a single logon name that can be used in every domain in the forest.
example. lwesolowski@neit.edu
Term
How are UPNs resolved to their full domain path?
Definition
by the global catalog
Term
Do all domains in a forest share the same schema?
…global catalog?
Definition
-YES
-YES
Term
Describe the Enterprise Admins group. Where is it created?
Definition
The Enterprise Admins group is created in the forest root domain only, but becomes a member of every domain's built-in Administrators group, giving it god privileges in every domain in the forest.
Term
Give some reasons a company would create more than one production forest.
Definition
-There may be some extreme situations that may warrant the use of multiple production forests:
-Network administration is separated into completely independent groups that do not trust each other, i.e. one section of the company does not want to be controlled by the others Enterprise Admins group.
-The two sections of the company will never need to access each others resources/corporate-wide systems, for ex. email, remote access, etc.
-It is suggested to examine all options for delegating administration, before defining multiple production
Term
How many production forests will a single company typically have?
Definition
one
Term
Why would you create multiple trees in a forest?
Definition
-The only reason you would create multiple trees within a single forest is if the company has multiple domain names that are disjointed.
Term
Is there any security advantage to separating domains into separate trees?
Definition
no
The trust relationship between different tree root domains is the same trust relationship between a parent and child domain in the same tree.
Term
Is a single network object typically created in more than one domain?
Definition
NO
Term
Do domain administrators have administrative privileges outside their domain?
Definition
NO
Term
List the 6 reasons to create more than one domain.
Definition
1- To create a dedicated forest root domain
2- Decentralized domain Administrators groups
3- Different domain account policies
4- More than one disjointed domain names
5- Slow or unreliable WAN links between different sites
6- Massive numbers of objects
Term
Why would you create a dedicated forest root domain?
Definition
To increase security of the forest-wide administrative groups, Enterprise and Schema Admins groups
-This domain will not contain many network objects and the only Administrators of this domain are those that have Enterprise-wide rights.
Term
What types of policies can only be configured at the domain level (if you’re not in Server 2008 domain functional level)?
Definition
Account Policies which are Password, account lockout and Kerberos policies; They can only be set at the domain level (if you are not in Server 2008 domain functional level).
Term
Which is better… a shallow or deep domain hierarchy?
Definition
-shallow
-A shallow hierarchy decreases the number of trust relationships that must be traversed when a user in one domain tries to access a resource that is in another.
Term
What is a popular option?
Definition
A popular option: create all child domains in a single hierarchy under the forest root domain
Term
A site in AD is a combination of one or more _
Definition
IP Subnets/Network Addresses
Term
How many sites will a company typically have?
Definition
-Typically an organization will create a site for every remote location (connected via WAN links to other sites).
Term
Sites are created to control what 2 AD functions?
Definition
-Sites are normally created to control the following:
-Workstation Logon: When a user logs on, AD services-enabled clients will try to find a domain controller in the same site as the user’s computer to service the user’s logon request.
-Directory Replication: The schedule and path for replication of a domain’s directory can be configured different for intersite replication as opposed to replication within the same site
Term
By default, how many sites does AD create? What is its name?
Do additional/separate sites need to be manually created?
Definition
-one
-Default-First-Site-Name
-YES
Term
Describe a site link.
Definition
-A site link is an AD object created to represent a WAN link between different sites.
Term
What options can be configured for the link?
Definition
-A site link can be adjusted for replication availability (2am – 4am), costs (which make one site link used more often then another when there are multiple paths between sites), and replication frequency (every 30 minutes).
Term
What is the default replication frequency?
Definition
every 3 hours
Term
Describe an OU.
Definition
-An OU (organizational unit) is a container within your Active Directory database, used to organize objects within a domain into logical administrative containers that mirror your org’s functional and business structure.
Term
Think of an OU like a
Definition
folder on a hard drive partition___.
Term
What does an OU contain?
Definition
An OU can contain AD objects like users, groups, computers, printers, and other OUs from the same domain.
Term
Can an OU contain another OU?
Definition
YES
Term
What AD console is used to create OUs?
Definition
Active Directory Users and Computers
Term
OUs are typically designed to mimic… Give examples
Definition
-OUs are usually created to mimic business functions (SALES, ADMIN), geographical areas (PROVIDENCE, JAPAN), type of object (USERS, COMPUTERS), or a combination of these (PROVIDENCE SALES USERS).
Term
List the 2 suggested OU design steps.
Definition
1- Delegation of Administration
2- Applying group policies (GPOs)
Term
Can an object be moved from one OU to another (in the same domain)?
What are the 2 methods that can be used to move an object?
Definition
-YES
-Right-click on the object and select > Move, then select the new location. You can also drag and drop the object between locations
Term
How can you search for an object in AD Users and Computers?
Definition
RIGHT-click the container, and click FIND
Term
Describe delegating administration.
Definition
-Delegation of administration is the process of assigning AD permissions to users that are not domain administrators.
Term
Who would you delegate admin to?
Definition
a user that is not a domain administrator
Term
What is it modifying?
Definition
AD permissions on the object/its ACL
Term
What is the most common container level to delegate admin?
Definition
OU
Term
Where can you view AD object permissions?
Definition
To manually manage an objects AD permissions, right-click the object, select > Properties, and go to the Security tab.
Term
Do child objects by default inherit their permissions from their parent object?
Definition
YES
Term
How do you start the wizard that is used to easily delegate administration?
Definition
-To use the wizard, right-click on the OU and select: Delegate Control.
Supporting users have an ad free experience!