Flashcards in Directory Services Deck (32)
What is the "heart and soul" of the enterprise network?
What are the 3 primary functions in Directory Services?
- Active Directory Domain Controllers
- Dynamic Host Configuration Protocol (DHCP)
- Domain Name System (DNS) servers
Active Directory is capable of tracking a variety of items that can share common attributes. What are these items called?
Objects (Users, Machines, Groups, Services, etc.)
What is a set of attributes available for any particular object type?
What is a special type of object used to group other objects, also known as an organizational unit (OU).
When containers and objects are combined hierarchically, they tend to form branches. What is the term used to describe a set of objects within AD that have a transitive trust and contiguous namespace?
What term describes trees that are not part of the same namespace but that share a common schema, configuration, and global catalog?
Why is Network Time Protocol (NTP) so essential for Active directory to operate?
If the time disparity between the DC and the authenticating computer is excessive, Kerberos ticket generation fails. The computer is unable to process login requests for clients if Kerberos is required, otherwise the client must fall back to a less secure authentication method.
Service logon is typically used by service accounts or applications. What is the primary issue with this logon method?
It is very vulnerable
What is the difference between interactive and domain logon?
Interactive = local
Domain = network
What logon method caches previous users' logon information locally so that they can log on if a logon server is unavailable during later logon attempts?
Cached Domain Logon
What servers are in charge of Active Directory, DHCP, and DNS for a domain?
What process ensures that all Domain Controllers have the same up-to-date information?
What is the service that translates friendly domain names (i.e. microsoft.com) to IP addresses (i.e. 18.104.22.168)?
The host address (A) record is a standard DNS hostname record. What does it point to?
It points a hostname to an IP address.
What is a Canonical Name (CNAME) record?
It's a DNS entry that is an alias to another domain name. For example, Google.com & Gogle.com
What is a Pointer Record (PTR)?
It points an IP address to the hostname.
When are you assigned a Security Identifier (SID)?
When being authenticated by the DC.
What are the 5 FISMO (Flexible Single Master Operations) roles?
- Schema Master
- Domain Naming Master
- PDC Emulator
- RID Master
- Infrastructure Master
What is responsible for handling any changes that are sent to modify the Active Directory schema?
When a new domain is added to the Active Directory forest, what is responsible for making sure the new domain name is unique across the entire forest and entries are made into Active Directory and propagated to all other domain controllers?
Domain Naming Master
What is responsible for security descriptor propagation, distributed file system consistency, group policy replication, and login and password management among other things.
PDC (Primary Domain Controller) emulator
What is responsible for handing out blocks of relative identification numbers to each domain controller that participates in the domain. It is also responsible for removing an object from its domain and putting it in another domain during an object move.
RID (Relative Identification) Master
What handles cross-domain group membership and ensures that if a user’s group membership changes, the task of adding or removing the unique identifier is completed?
What establishes parent-child relationships and prevent conflicts?
PDC (Primary Domain Controller) Emulator. There is one PDC emulator per domain.
What is a collection of tools for managing complex networks, and is deployed in the new AFIN?
What are the 3 primary NetIQ tools?
- Directory Resources Administrator (DRA)
- Group Policy Administrator (GPA)
What tool gives administrators finely detailed “granular” privilege control which allows them to delegate users the power to perform necessary tasks for the enterprise?
DRA (Directory Resource Administration)
Group Policy Administrator is made up of 3 tools. What are they?
- Group Policy Explorer
- Group Policy Repository
- Group Policy Analysis