1. Home
  2. Flashcards
  3. Preview

Windows Server 2003 – Active Directory

  1. Active Directory database information that is stored on each domain controller has what file name?
    • NTDS.dit
    • (p.2)
  2. What is the max level of OU (Organizational Unit) depth recommended by Microsoft for Active Directory?
    • 10 levels
    • (p.8)
  3. What is the name of the master database that contains definitions of all objects in Active Directory?
    • Schema
    • (p.5)
  4. What is another name for Domain Partition which contains all of the objects within the local domain?
    • Directory Partition
    • (p.10)
  5. What are the 4 partitions for Active Directory?
    • Schema Partition
    • Configuration Partition
    • Domain Partition (Directory Partition)
    • Application Partition
    • (p.9-10)
  6. What is not considered a formal partition, but must be replicated to each domain?
    • Global Catalog
    • (p.10)
  7. What is defined as one or more IP subnets that are connected by fast links?
    • Sites
    • (p.11)
  8. What is the authentication protocol used by Windows Server 2003?
    • Kerberos
    • (p.23)
  9. What is the default Functional Level for Windows Server 2003?
    • Windows 2000 Mixed
    • (p.16)
  10. What can be used to clean up DNS database when records are no longer required?
    • Aging and Scavenging
    • (p.41)
  11. What is the purpose of domain DNS zones?
    • replication
    • (p.40)
  12. What is a shortcut trust?
    • Transitive (A trusts C)
    • (p.49)
  13. What is the purpose of transitive Trust?
    • shorten number of hops
    • (p.49)
  14. What are the requirements to install Active Directory?
    • Edition - Standard, Enterprise. Datacenter
    • Administrator Account (local machine)
    • NTFS-200MB free space (database)
    • 50MB free space (transaction log)
    • TCP/IP
    • DNS
    • (p.28)
  15. What Windows Server 2003 Edition cannot install Active Directory?
    • Web
    • (p.28)
  16. How much free hard drive space is needed for Active Directory transaction log files?
    • 50MB
    • (p.28)
  17. What do you run to install Active Directory?
    • dcpromo
    • Manage Your Server Web page
    • (p.30)
  18. What folder contains the Active Directory domain's public files?
    • \sysvol
    • (p.35)
  19. Where does Active Directory store its database file?
    • \NTDS
    • (p.35)
  20. What are the 4 parts of DNS that are installed during the Active Directory install process?
    • Application Directory Partition
    • Aging and Scavenging
    • Forward Lookup Zones and SRV records
    • Reverse Lookup Zones
    • (p.36)
  21. What is stored in the Global Catalog to make them available Forest wide?
    • UPN (User Principal Names)
    • (p.54)
  22. What is required to raise the Functional Level of a Forest?
    • Member of Enterprise Admins group
    • (p.40)
  23. Will dcpromo allow you to remove Active Directory?
    • Yes
    • (p.28)
  24. True/False – Domain Functional Levels can be raised independently?
    • True
    • (p.48)
  25. What are the two application Directory Partitions?
    • domaindnszones
    • forestdnszones
    • (p.40)
  26. What is required in DNS to allow clients to login?
    • SRV Record
    • (p.42)
  27. What Forest Functional Level must you be in to create cross-forest trust?
    2003
  28. What trust would you use to create non-Microsoft system trust?
    • Realm
    • (p.51)
  29. How do you set the fastest site link?
    • lowest cost
    • (p.66)
  30. What is the value range of cost?
    • 1-99,999
    • (p.66)
  31. What is the Intersite default frequency of replication during the schedule?
    • 180 minutes
    • (p.67)
  32. (p.67)
  33. What must a multi-master domain controller have to do replication?
    • Active Directory-Integrated Zone
    • (p.??)
  34. What is defined by IP subnets that are well connected?
    • Sites
    • (p.60)
  35. When complete propagation of a partition's objects and attributes has taken place on all domain controllers within a site it is called?
    • Convergence
    • (p.62)
  36. How often does KCC check for changes?
    • every 15 minutes
    • (p.68)
  37. What is the max amount of hops that KCC allows?
    • 3 (Rule of 3)
    • (p.63)
  38. What is the best protocol for replication?
    • RPC over IP
    • (p.67)
  39. What is the range of time Frequency can be set (minutes)?
    • 15 minutes - 1 week (10,080 minutes)
    • (p.??)
  40. What are the 5 FSMO Roles?
    • D - Domain Naming Master
    • R - Relative Identifier (RID) Master
    • I - Infrastructure Master
    • P - Primary Domain Controller (PDC) Emulator
    • S - Schema Master
    • (p.90/93)
  41. Which FSMO are Forest-Wide?
    • Domain Naming Master
    • Schema Master
    • (p.93)
  42. Which are Domain wide FSMO Roles?
    • R - Relative Identifier (RID) Master
    • I - Infrastructure Master
    • P - Primary Domain Controller (PDC) Emulator
    • (p.90)
  43. What 3 things does the Domain Naming Master do?
    • Makes sure Domain names are unique
    • New Domain Names
    • Removes Domain Names
    • (p.94)
  44. What does RID Master do?
    • assigns RIDs
    • first 500 RIDs
    • request more 250 RIDs
    • (p.91)
  45. What is use to move an object to a different domain?
    • movetree.exe
    • (p.91)
  46. Can you create new users if your Domain Naming Master is down but you have 5 rids left?
    • yes
    • (p.97)
  47. The Infrastructure Role is like what other role?
    • Global Catalog
    • (p.92)
  48. What is the need for Universal Group Membership Caching?
    • Process a logon without presence of Global Catalog Server
    • (p.85)
  49. What Functional level must you be in to do Universal Group Caching?
    • Windows 2000 Native or higher
    • (p.87)
  50. How often does the Universal Cache get updated?
    • every 8 hours
    • (p.86)
  51. If you have a single DC what are its roles?
    • Everything (DRIPS, Global Catalog)
    • (p.90)
  52. What role must you transfer if you are taking down a server?
    • Infrastructure Master
    • (p.??)
  53. What server must you be on when using movetree.exe?
    • RID Master (Source Domain)
    • (p.91)
  54. What can you use to add users to Active Directory users from the command-line with Excel (csv) document?
    • CSVDE
    • (p.129)
  55. What would you use for a CSV file to add, delete or modify objects from the command-line?
    • LDIFDE
    • (p.129)
  56. What are the two situations you will have the Inf Master on the server with the Global Catalog?
    • One Global Catalog
    • All are Global Catalog
    • (p.??)
  57. What defines how users logon names should be created?
    • Naming Standards Document
    • (p.140)
  58. What is the most important part of a secure network?
    • Education of Users
    • (p.140)
  59. Where do you enable Smart Card login for user?
    • Active Directory Users and Computers --> User Properties --> Account Tab --> Smart Card is Required
    • (p.145)
  60. What service must be running to use Run As?
    • Secondary Logon Service
    • (p.146)
  61. What is a strong password (by the book)?
    • 8 characters
    • special, number
    • one character off previous
    • (p.142)
  62. How can you elevate to another user account?
    • Run As
    • (p.146)
  63. If you have set delegation what location will you remove delegation?
    • ACL
    • (p.151)
  64. How do you move OUs around in Active Directory Users and Computers?
    • Drag and Drop
    • Move Option
    • DSmove
    • (p153-154)
  65. What is the method of controlling settings across your network?
    • Group Policy
    • (p.160)
  66. Nonlocal Group Policy Objects(GPO) can be can be linked to what 3 things?
    • Sites
    • Domains
    • OUs
    • (last is strongest)
    • (p.162)
  67. In what order are Group Policies processed?
    • Local-Site-Domain-OU (LSDOU)
    • (p.172)
  68. How can you access Local Group Policies?
    • gpedit.msc
    • (p.??)
  69. What are examples of group policy containers?
    • OUs
    • Sites
    • Domains
    • (p.171)
  70. How many GPOs can they contain?
    • as many as it can hold
    • (p.??)
  71. What is in a GPO folder?
    • contain GPO settings in Sysvol folder
    • (p.??)
  72. If you create a GPO at the domain level what will it affect?
    • everything in the domain
    • (p.171)
  73. What would you do if you wanted to prevent the GPO from affecting a particular OU?
    • Block Policy Inheritance
    • (p.175)
  74. If you have a GPO and you want to set the strongest precedence over everything else what do you use?
    • loopback
    • (p.177)
  75. What is the location of the key in the Group Policy editor for changing password settings?
    • Computer Configuration --> Windows Settings --> Security Settings --> Account Policies --> Password Policies
    • (p.186)
  76. What is the default mechanism for authenticating domain users in Server 2003?
    • Kerberos
    • (p.188)
  77. Logon Event Category and Account Logon Event Category are different in what way?
    • Logon Event Category - logs local workstation
    • Account Logon - logs for logon to domain controller
    • (p.192)
  78. What give the administrator the ability to redirect storing of files?
    • Folder Redirection
    • (p.205)
  79. If you have shutdown on full security log what can be used as an attack on your system?
    • DoS
    • (p.190)
  80. What are the reason(s) to set a service to Manual or Disable?
    • Optimize (Security - not in the book)
    • (p.197)
  81. What are the diffence in Basic and Advanced Folder Redirection?
    • Ability to specify location
    • (p.206)
  82. If you turn on auditing what two locations in the GPO must be set?
    • Group Policy Object Editor (p.191)Active Directory Users and Computers --> Object --> Properties --> Security --> Advanced --> Auditing
    • (p.193)
  83. How do you force GPO update?
    • gpupdate
    • (p.214)
  84. What are the four parts of the Software Life Cycle?
    • P - Planning
    • I - Implementation
    • M - Maintenance
    • R - Removal
    • (p.222)
  85. What are the 3 extension of Windows Installer packages and what do they do?
    • Installer - .msi
    • Transform - .mst
    • Patches - .msp
    • (p.223)
  86. What are the two Nodes you can assign an application?
    • Computer
    • User
    • (p.226)
  87. What Nodes can you publish an application?
    • User
    • (p.226)
  88. What file extension is used for older software and can only be published?
    • .zap
    • (p.224)
  89. What are the four levels of Software Restriction Rules?
    • Hash
    • Certificate
    • Internet Zone
    • Path
    • (p.238-240)
  90. What is the default security of software when installed?
    • None
    • (p.??)
  91. What security applies only to msi files?
    • Internet Zone
    • (p.??)
  92. How do you deploy installation with GPOs?
    • .msi
    • (p.??)
  93. What are the 3 ways to control Group Policy?
    • Block Policy Inheritance
    • Security Filtering (ACL)
    • WMI Filters
    • (p.252)
  94. How many WMI filters can be created for a GPO?
    • 1 only
    • (p.254)
  95. What is used to Manage GPOs?
    • GPMC - Group Policy Management Console
    • (p.256)
  96. What tool is used to test the affect of policies applied to users or computers after all filters, Security Group Permissions, Block Policy, Ect.?
    • RSoP - Resultant Set of Policies
    • (p.261)
  97. 96. What are the two RSoP modes?
    • Planning Mode
    • Logging Mode
    • (p.262)
  98. What is used in RSoP to obtain information from the client computer/users?
    • gpresult.msc
    • (p.268)
  99. What is a command line tool that allows you to create and display n RSoP query from the command line?
    • GPResult
    • (p.271)
  100. How do you stop a GPO from a Group of People?
    • Security Filtering (ACL/ACE)
    • (p.252)
  101. What OS must you have to use WMI filters?
    • Windows Server 2003/Windows XP Pro SP1
    • (p.??)
  102. What is the database engine for Active Directory?
    • Extensible Storage Engine (ESE)
    • (p.282)
  103. What is the default life of a "tombstone"?
    • 60 days
    • (p.283)
  104. What must be done to perform Manual Offline Defragmentation?
    • F8 (Advanced Option Menu) --> Directory Services Restore Mode --> ntdsutil
    • (p.283)
  105. What tool would you use to backup System State?
    • Ntbackup
    • (p.285-292)
  106. What is the method to restore domain controller to a point in time it was considered good?
    • Normal restore
    • (p.292)
  107. What tool must be used to do authoritative restore?
    • Ntdsutil
    • (p.293)
  108. When a catastrophic event affecting all your domain controllers requires an entire domain to be restored you should preform?
    • Primary Restore
    • (p.293)
  109. What is the tool used to give you the state of your Domain Controller and help with troubleshooting?
    • Dcdiag
    • (p.306)
  110. What is the tool you use to compare directory information on more than one domain controller and detect differences?
    • Dsastat
    • (p.306)
  111. What is the tool used to display replication and status?
    • Replmon
    • (p.306)
  112. What tool can check replication consistency and force replication events (KCC)?
    • Repadmin
    • (p.306)
  113. What is the tool that can manage and verify trust, join computers to domains and verify replication ability?
    • Netdom
    • (p.306)
  114. What is the first thing you should check if you are having problems with your Active Directory?
    • Event Viewer (Directory Service Logs)
    • (p.297)
  115. What must be on the root forest domain for you to raise the forest functional level?
    • Schema Master Role
    • (p.??)
  116. What is the standard that defines the naming of all objects?
    • LDAP
    • (p.12)
  117. What is the location that all Active Directory information is stored that is replicated across the domain?
    • ??
    • (p.9-10)
  118. What is the purpose of Windows 2003 Interim Functional Level?
    • NT4
    • (p.??)
  119. What was the naming service pre-Windows 2000?
    • WINS
    • (p.??)
  120. What is the type of trust used to minimize hops?
    • shortcut trust
    • (p.22)
  121. What is the default cost of a site link?
    • 100
    • (p.66)
  122. What is the server that connects two sites/domains for replication?
    • Bridgehead Server
    • (p.62)
  123. What does Active Directory use to track changes along with timestamps?
    • USN
    • (p.62)
  124. What type of updates does Active Directory-Integrated Zones provide?
    • Secure
    • (p.??)
  125. What is the role of the Global Catalog Server?
    • Facilitation of searches for objects in the forest
    • Resolution of UPNs
    • Provision of universal group membership
    • (p.84)
  126. What is the term for putting a Group inside a Group?
    • Nesting
    • (p.119)
  127. What is the lowest role you can convert a Group?
    • Windows Server 2000 Native
    • (p.117)
  128. What is the best way to hide objects in an OU?
    • ACL --> List Content Permission
    • (p.147-148)
  129. Where do you edit the GPO for an OU?
    • Active Directory Users and Computers --> Properties of OU --> Group Policies Tab --> Edit
    • (p.??)
  130. GPO/GPC/GPT
    (p.163)
  131. Where do you go to edit GPOs?
    • Active Directory Users and Computers (you will end up in Group Policy Object Editor - MMC Snap-in)
    • (p.166)
  132. What order will GPOs be loaded and then processed?
    • (load) LSDO (process) LSDO
    • (p.171-172)
  133. What are the 3 running levels of Services?
    • Automatic
    • Man
    • Disable
    • (p.??)
Author
mwbeauchamp
ID
11806
Card Set
Windows Server 2003 – Active Directory
Description
Windows Server 2003 – Active Directory
Updated

  1. Home
  2. Flashcards
  3. Preview