Which of the following windows powershell commands successfully installs a new ou structure? quizlet
-Fewer than 1,000 users = 2 federation servers, 2 proxies Show
At the command line, use the dcpromo command combines with unattended installation switches and parameters values to create forest, domain, and domain controllers. Use
the following switches to customize the installation: 0 points In what order are group policy settings applied? • Parent-Child Relationships The OU hierarchy you create will be important when you consider the maintainability of security permissions. OUs can exist in a parent-child relationship, which means that permissions and group policies set on OUs higher up in the hierarchy (parents) can interact with objects in lower-level OUs (children). When it comes to delegating permissions, this is extremely important. You can allow child containers to inherit the permissions set on parent containers automatically. For example, if the North America division of your organization contains 12 other OUs, you could delegate permissions to all of them at once (saving time and reducing the likelihood of human error) by placing security permissions on the North America division. This feature can greatly ease administration, especially in larger organizations, but it is also a reminder of the importance of properly planning the OU structure within a domain. • Inheritance Settings Now that you've seen how you can use parent-child relationships for administration, you should consider inheritance, the process in which child objects take on the permissions of a parent container. When you set permissions on a parent container, all of the child objects are configured to inherit the same permissions. You can override this behavior, however, if business rules do not lend themselves well to inheritance. Requires that passwords can't contain the user name, the user's first or last name, the company name, or a complete dictionary word. The password must also contain a minimum of three of the four types of special characters: lowercase letters; uppercase letters; numbers; or !, @, #, $, %, ^, &, *. *Backs up just the CA database:certutll.exe -backupdb backup_folder *Backs up just the keys and certificates on the CA:certutll.exe -backupkey backup_folder *Restores the entire CA:certutll.exe -restore backup_folder *Backs up the entire CA:certutll.exe -backup backup_folder *Restores just the CA database:certutll.exe -restoredb backup_folder *Restores just keys and certificates:certutll.exe -restorekey backup_folder Authorization Explanation: Authorization is the process of granting the user access only to the resources he or she is permitted to use. Users joined to an Active Directory Domain Services (AD DS) domain can log on to the domain, not to an individual computer or application, and can access any resources in that domain for which administrators have granted them the proper permissions. What is the process of granting the user access only to the resources he or she is permitted to use? Container and leaf objects Explanation: Objects come in two basic classes: container objects and leaf objects. A container object can have other objects subordinate to it, whereas a leaf object cannot have subordinate objects. The container objects essentially form the branches of the tree, with the leaf objects growing on the branches. What are the two basic classes of Active Directory objects? Active Directory schema Explanation: Different object types have different sets of attributes, depending on their functions. The attributes each type of object can possess, the type of data that each attribute can store, and the object's place in the directory tree are all defined in the directory schema. What defines what objects exist as well as what attributes are associated with any object in the Active Directory? Organizational unit Explanation: An organizational unit (OU) is a container object that functions in a subordinate capacity to a domain, similar to a subdomain, but without the complete separation of security policies. As container objects, OUs can contain other OUs, as well as leaf objects. What is the next level of Active Directory container object within a domain? DNS Explanation: Active Directory uses the Domain Name System (DNS) naming conventions for its domains. You can create an Active Directory domain using the registered domain name you use on the Internet, or you can create an internal domain name, without registering it. Active Directory keeps a naming convention for the domain that mirrors ______. Bidirectional trust relationship between domains Explanation: Domains in the same tree have bidirectional trust relationships between them, though, which Active Directory creates automatically when you create each subdomain. These trust relationships mean that an administrator of a particular domain can grant any user in the tree access to that domain's resources. As a result, you do not need to create duplicate user objects, just because an individual needs access to resources in a different domain. What allows administrators to grant users in one domain access to resources of another domain within the same domain tree? Same security entity as one Active Directory forest, bidirectional trust between domain trees Explanation: When you create the first domain on an Active Directory network, you are in fact creating a new forest, and that first domain becomes the forest root domain. Subsequent domain trees can be created, but are still part of the original domain forest. Domains are not security boundaries, in the strict sense of the term. You can perform tasks in one domain that affect all other domains in the forest. To completely isolate one domain from another, you must create them in different forests. Therefore, the forest functions as the security boundary, not the domain. If an administrator creates a domain tree in an Active Directory forest, and then creates a separate and different domain tree, what is the relationship between the two domain trees? The lowest version of Windows Server on a domain controller Explanation: Functional levels are designed to provide backward compatibility in AD DS installations, with domain controllers running various versions of the Windows Server operating system. Each successive version of Windows Server includes new Active Directory features, which are not directly compatible with previous versions. By selecting the functional level representing the oldest Windows version running on your domain controllers, you disable these new features, so that the various domain controllers can interoperate properly. What determines the functional level of an Active Directory forest? An index of all AD DS objects in a forest Explanation: The global catalog is an index of all AD DS objects in a forest that prevents systems from having to perform searches among multiple domain controllers. What is the global catalog? Install-AddsForest -DomainName "adatum.com" Explanation: In its simplest form, the following command installs a domain controller for a new forest called adatum.com: What is the PowerShell cmdlet for installing a domain controller to the domain "adatum.com"? Group memberships are independent of the domain's tree structure. Explanation: One of the most important differences between groups and OUs is that group memberships are independent of the domain's tree structure. A group can have members located anywhere in the domain and, in some cases, can have members from other domains. What is an important difference between groups and OUs? SRV Explanation: The DNS is essential to the operating of AD DS. To accommodate directory services such as AD DS, a special DNS resource record was created that enables clients to locate domain controllers and other vital AD DS services. What special DNS resource record enables clients to locate domain controllers and other vital AD DS services? Windows Server 2012 R2 now allows administrators to use PowerShell. Explanation: In Windows Server 2008 and Windows Server 2008 R2, the accepted method for installing AD DS on a computer using the Server Core installation option is to create an answer file and load it from the command prompt using the Dcpromo.exe program with the /unattend parameter. In Windows Server 2012 R2, you can install AD DS on a computer running the Server Core installation option and promote the system to a domain controller, all by using Windows PowerShell. For Server Core installations, how does Windows Server 2012 R2 differ from Windows Server 2008 when installing the AD DS role and promoting the system to a domain controller? Using the Remove Roles and Features Wizard Explanation: To remove a domain controller from an AD DS installation, you must begin by running the Remove Roles and Features Wizard. What is the method for removing a domain controller in Windows Server 2012 R2? . Infrastructure as a Service (IaaS) Explanation: In addition to running Windows Server 2012 R2 on physical computers and locally-hosted virtual machines, Microsoft's Windows Azure service enables administrators to create virtual machines using leased cloud resources provided by Microsoft. This feature, called Infrastructure as a Service (IaaS), enables administrators to run applications in the cloud while maintaining full control over the virtual machines themselves. Which of the following features allows you to create virtual machines on a leased cloud resource? Windows Azure Explanation: In addition to running Windows Server 2012 R2 on physical computers and locally-hosted virtual machines, Microsoft's Windows Azure service enables administrators to create virtual machines using leased cloud resources provided by Microsoft. Windows Azure resources can be self-contained in the cloud and administrators can create a virtualized AD DS forest to organize and manage them. Which of the following features allows you to install AD DS on a virtual machine that is located in the cloud? Lightweight Directory Access Protocol (LDAP) Explanation: LDAP defines the format of the queries that Active Directory clients send to domain controllers, as well as provides a compound naming structure for uniquely identifying objects in the directory. What does LDAP stand for? Replication Explanation: When a domain has two or more domain controllers, each controller must have a database that is identical to those of the others. To stay synchronized, the domain controllers communicate by sending database information to each other, which is a process called replication. What is the process by which domain controllers communicate by sending database information to each other to stay synchronized? Multiple-master replication Explanation: Single-master replication can make managing the database difficult, especially if administrators are located in remote offices and must work over a slow wide-area network (WAN) link. To avoid this problem, Active Directory uses multiple-master replication, in which you can make changes to domain objects on any domain controller, which replicates those changes to all the other domain controllers. What type of Active Directory replication minimizes problems in database management over slow WAN links? dcdiag /test:registerindns /dnsdomain: Explanation: If the DNS registration process fails, computers on the network cannot locate that domain controller, the consequences of which can be serious. To confirm that a domain controller has been registered in the DNS, open a command-prompt window with administrative privileges and enter the dcdiag /test:registerindns /dnsdomain: What is the command-line tool and syntax for determining whether a domain controller has been registered in DNS? Uninstall-ADDSDomainController -ForceRemoval Explanation: To demote a domain controller with Windows PowerShell, use the Uninstall-ADDSDomainController cmdlet What is the PowerShell cmdlet and syntax for demoting a domain controller? d. Sites Explanation: To facilitate the replication process, Active Directory includes another administrative division called the site. A site is defined as a collection of subnets that have good connectivity between them. Good connectivity is understood to be at least T-1 speed (1.544 megabits per second). Generally speaking, this means that a site consists of all the local area networks (LANs) at a specific location. A different site would be a network at a remote location, connected to the other site using a T-1 or a slower WAN technology. What administrative division in Active Directory is defined as a collection of subnets that have good connectivity between them to facilitate the replication process? b. To control the traffic passing over relatively slow and expensive WAN links between locations Explanation: The primary reason for creating different sites on an Active Directory network is to control the amount of traffic passing over the relatively slow and expensive WAN links between locations. What is the primary reason for creating different sites on an Active Directory network? d. Site topology is manually configured dependent on WAN bandwidth and transmission speed. Explanation: Unlike many other elements of an Active Directory deployment, the creation of a site topology is not automatic. You must manually create and configure the site, subnet, and site link objects. When you create a site topology, you create site objects, specify the subnets located at each site by creating subnet objects, and then specify the access schedules and relative costs of the WAN links between the sites (in terms of bandwidth and transmission speed, not monetary costs) by creating and configuring site link objects. When is an Active Directory site topology created? c. Add a new Windows Server 2012 R2 DC to your existing Directory Services installation. Explanation: You can upgrade an AD DS infrastructure in two ways. You can upgrade the existing down-level DCs to Windows Server 2012 R2, or you can add a new Windows Server 2012 R2 DC to your existing installation. What is the simplest way for administrators to upgrade their AD DS infrastructure to Windows Server 2012 R2? a. On the Installation progress page that appears at the end of the Active Directory Domain Services role installation procedure, click the Promote this server to a domain controller hyperlink. The Active Directory Domain Services Configuration Wizard appears. Explanation: Every Active Directory domain should have a minimum of two domain controllers. Order the steps to add a domain controller to an existing domain. c. On the Installation progress page that appears at the end of the AD DS role installation procedure, click the Promote this server to a domain controller hyperlink. The Active Directory Domain Services Configuration Wizard appears. Explanation: When beginning a new AD DS installation, you first need to create a new forest, which you do by creating the first domain in the forest, the forest root domain. Order the steps to create a new forest. e. From the Server Manager's Manage menu, select Add Roles and Features. Explanation: Although the AD DS role does not actually convert the computer into a domain controller, installing it prepares the computer for the conversion process. Order the steps to install the AD DS role. b. From the Server Manager's Manage menu, select Remove Roles and Features. Explanation: To remove a domain controller from an AD DS installation, you must begin by running the Remove Roles and Features Wizard. Order the steps to remove a replica domain controller. forest Explanation: An Active Directory forest consists of one or more separate domain trees, which have the same two-way trust relationships between them as two domains in the same tree. When you create the first domain on an Active Directory network, you are in fact creating a new forest, and that first domain becomes the forest root domain. An Active Directory _____ consists of one or more separate domain trees. Domain Explanation: The domain is the fundamental component of the Active Directory architecture. You can zoom into a domain and create a hierarchy within it, and you can zoom out and create a hierarchy out of multiple domains. In AD DS, domains function by default as the boundaries for virtually all directory functions, including administration, access control, database management, and replication. What is the fundamental component of the Active Directory architecture, functioning as the boundary for virtually all directory functions, including administration, access control, database management, and replication? Organizational unit Explanation: An organizational unit (OU) is a container object that functions in a subordinate capacity to a domain, similar to a subdomain, but without the complete separation of security policies. As container objects, OUs can contain other OUs, as well as leaf objects. You can apply separate Group Policy settings to an OU and delegate the administration of an OU as needed. However, an OU is still part of the domain and still inherits policies and permissions from its parent objects. What is a container object that functions in a subordinate capacity to a domain, and still inherits policies and permissions from its parent objects? Group Explanation: Group objects are not containers, as OUs are, but they perform a similar function, with important differences. Groups are not full-fledged security divisions, as OUs are; you cannot apply Group Policy settings to a group object directly. However, group members—which can be leaf objects, such as users or computers, as well as other groups—inherit permissions assigned to that group. What is not a container, nor full-fledged security division and cannot have Group Policy settings applied directly to them? Active Directory Domain Services (AD DS) A directory service that Microsoft first introduced in Windows 2000 Server and has upgraded in each successive server operating system release, including Windows Server 2012 R2. attributes In Active Directory Domain Services, the individual properties that combine to form an object. authentication The process by which Windows Server 2012 R2 verifies that the user matches the user account employed to gain access. authorization The process of determining whether an identified user or process is permitted access to a resource and the user's appropriate level of access.
container object In Active Directory Domain Services, an object, such as a domain or organizational unit, that has leaf objects or other container objects as its subordinates. Directory Access Protocol (DAP) A communications protocol specified in the X.500 standard. It is also the progenitor of the Lightweight Directory Access Protocol (LDAP). directory schema An Active Directory Domain Services component that specifies the attributes each type of object can possess, the type of data that can be stored in each attribute, and the object's place in the directory tree. domain A set of network resources available for a group of users who can authenticate to the network to gain access to those resources. domain controller A Windows server with Active Directory Domain Services directory service installed. Each workstation computer joins the domain and is represented by a computer object. Administrators create user objects that represent human users. A domain differs from a workgroup because users log on to the domain once, rather than to each individual computer. domain tree In Active Directory Domain Services, an architectural element that consists of one or more domains that are part of the same contiguous namespace. forest In Active Directory Domain Services, an architectural element that consists of one or more domain trees. forest root domain In Active Directory Domain Services, the first domain created in a forest. global catalog A list of all the objects in an Active Directory Domain Services forest and a subset of each object's attributes, used by domain controllers to locate and access the resources of other domains in the same forest. leaf object In Active Directory Domain Services, an object, such as a user or computer, which is incapable of containing any other object. Lightweight Directory Access Protocol (LDAP) The standard communications protocol for directory service products, including Active Directory Domain Services. multiple-master replication A technique in which duplicate copies of a file are updated on a regular basis, no matter which copy changes. For example, if a file is duplicated on four different servers, a user can access any of the four copies and modify the file as needed. The replication engine uses the changes made to the modified copy to update the other three copies. Compare to single master replication. organizational unit (OU) A container object that functions in a subordinate capacity to a domain, but without the complete separation of security policies. Read-Only Domain Controller (RODC) In Active Directory Domain Services, a domain controller that supports only incoming replication traffic. single-master replication A technique in which duplicate copies of a file are updated on a regular basis from one master copy. For example, if a file is duplicated on four different servers, users can modify one copy and the replication engine propagates the changes to the other three copies. Compare with multiple-master replication. site A collection of subnets that have good connectivity between them. b. User Which
of the following items is a valid leaf object in Active Directory? a. Dynamic update support What is required by DNS for Active Directory to function? a. Forest root domain What is the first domain installed in a new Active Directory forest called? a. organizational units Which of the following cannot contain multiple Active Directory domains? b. Leaf What are the two basic classes of Active Directory objects? a. Administrators must manually supply information for certain attributes. Which
of the following is not true about an object's attributes? b. Global Catalog Which of the following does an
Active Directory client use to locate objects in another domain? a. Two-way trust relationship between domain trees What is the default trust relationship between domains in one forest? d. Group memberships are independent of the domain's tree structure. What is an important difference between groups and organizational units (OUs)? a. Because groups are independent from domain structure, its members may be located anywhere in the domain or outside the domain. What is the key difference between groups and Organizational Units (OUs)? c. Lower functional level means fewer features available. An Active Directory functional level must be low enough to ensure interoperability between domain controllers running different versions of Windows Server. How does the functional level affect the AD
forest? d. To control the amount of traffic passing over the relatively slow and expensive WAN links between locations What is the primary reason for
creating different sites on an Active Directory network? c. Add a new Windows Server 2012 R2 server to your existing Directory Services installation. What is the simplest way for administrators to upgrade their Active Directory Domain Services (AD DS) infrastructure to Windows Server 2012 R2? d. Yes, you use PowerShell, by first installing AD DS role, and then promoting the server to a DC. Is it possible to add AD DS on a computer running Server Core? What is the only OU created during the Active Directory installation process?What is the only OU created by default after installing Active Directory? inheritance. You cannot assign Group Policy settings to computer objects or delegate their administration.
Which of the following is the Powershell cmdlet used to create user objects?Create New User Accounts using the New-ADUser Cmdlet.
Which of the following option must be selected to create an additional domain controller in an existing domain environment?On the Deployment configuration page, select "Add Domain controller to an existing domain" . You need to specify the name of the domain in which the new DC will be added. The "Domain controller options" page appears next. Options to make this DC a DNS server and a Global Catalog are selected by default.
Which of the following tools can be used to create users in Active Directory domain Services?One way is by using the Active Directory Users and Computers MMC. This option provides a graphical user interface and is a good option for creating single accounts. Using Powershell or Dsadd can also be used to create domain user accounts and are a good option to use when required to create multiple users.
|