click below
click below
Normal Size Small Size show me how
MCSE 70-294
Planning implementing and maintaining a windwos server 2003 active directory inf
Question | Answer |
---|---|
what is a DN | a complete path from the top of the three to an object |
within active directory what is a GUID | a 128-bit hexadecimal number assigned when the object is created |
what is special about a SID | no two objects in a forest can hav the same SID |
hows does windows 2003 determine object access | windows 2003 uses the SID rather than GUID to determine object access. Backward compatibility |
what server in a active directory environment can make changes to the schema | the schema master |
what replication options are available to you in windows 2003 with respect to DNS | All DNS servers in the |
what is a domain partition contain in windows 2003 | information about all objects such as users groups, computers and organizational units in a domain. Its replicated to all controllers in a domain and a subset to global catalog servers in the forest |
what is the schema partition in windows 2003 | contains definitions of all objects and their attributes. Rules for creating and working with them is alos theRE> Replicated to all controllers in the forest |
what is configuration partition in windows 2003 active directory | this partition contains information about the structure of the actie directory forest, including domains, sites, and services its replicated to all of the controllers in the forest |
what is the application directory partition in windows 2003 active directory | application specifc data that needs to be replicated throughout specified portions of the forest. All referred to as application partition it can be replicated to a specific dc or to a set of DCs in the forest |
what is a schema in windows 2003 | a set of rules that define the classes of objects and their attributes in active directory |
what can an OU cotnain in windows 2003 active directory | any non contain object like: users, groups, and computers it can also contain other OUs |
what is a domain defined as | a logical grouping of computers and users that share a common database contain user accounts and other security information |
what is a tree defined as | a tree is a group of domains that share a contiguous namesapce in other words, a parent domain with one or more child domains |
what is a forest defined as | a forest is a group of domains that do not share a contiguous namespace |
what is an OU defined as in ADS | an ou is used to group objects within a domain into logical administrative groups |
what does FSMO stand for | flexible single master operations |
what are the FSMO roles | schema master, domain naming master, PDC emulator, infrastructure master, relative identifier (RID) master |
what does the domain naming master do | ensures that the names of the newly created domains adhere to the proper naming conventions for new trees or children in existing trees |
what is the role of the PDC emulator | propages any changes to user properties such as passwords to the BDCs. |
what is the role of the infrastructure master | updates rerfeences from objects such as memberships in domain groups, it its domain to objects in other domains. It receives the changes from a global catalog server |
regarding roles what should you not do | placing the infrastructure master and the global catalog on the same server not good. If they are not on the same server the infrastructure master cannot locate any outdated data. It should be located in the same site as the global catalog sever |
what is the role of the RID master | assigns SIDs to objects created in the domain. |
what are the pieces and parts of the SID | a SID has two parts a domain identifier that is common to all objects in the domain and a relative ID that is unique to each object |
what is a site in ADS | a set of one or more IP subnets connected by a highspeed LAN |
what is an operations master | is a domain controller that performs one or more of five specific roles that can be performed only from a single domain controller in the domain or forest |
In windows active directory what is a windows 2000 mixed functional level? | default level allows support for windows NT 4.0 and 2000 in the same domain. It does not support new features introduced in 2000 or 2003 such as universal groups or enhanced nesting |
describe the windows 2000 native functional level | allows support for windows 2000 in the domain but does not provide support for any of the windows 2003 features |
describe the windows 2003 interim functional level in active directory | used when upgrading a windows NT 4.0 domain to windows 2003 this functional level supports NT 4 but does not support 2000 |
describe the windows 2003 native functional level | only windows 2003 can play |
describe the windows 2000 interim forest level | the default when you create a new forest. It does not support windows 2003 it supports only forestwide features such as domain renaming and ehanced schema modifications |
describe the windows 2003 interim forest level | used when upgrading a windows NT 4.0 enterprise to a windows 2003 forest, this functional level supports NT 4.0 and windows 2003 domain controllers, but not Windows 2000 domain controllers |
describe the windows 2003 native forest level | this functional level supports only domains running in the windows 2003 native functional level and provides total support for all windows 2003 ADS features |
describe the command line tool adprep with the /forestprep | run this command on the schema master to prepare the forest for upgrade. It extends the schema to receive the new windows 2003 ehancements, including the additional of directory descriptors of certain objects. You should run this command before anything e |
describe the adprep with the /domainprep flags | should be run on the infrastructure master to prepare the 2000 domain to upgrade to windows 2003. It adjusts the ACLs and active directory objects and on the sysvol shared folder |
describe tthe windows 2003 R2 feature "Active directory federation services" | ADFS provides a single sign-on capability for authentication of users to multiple web-based applications. ADFS securely shares credentials across enterprise borders thereby eliminting a need to setup a user account for these people |
describe the windows 2003 R2 improvements to DFS | DFS namespaces. Enables you to present groups of folders on differerent servers as a virtual namespace tree. DFS replication uses a remote differential compression (RDC) *(rsync) to only move changes |
what are the ways that you can subdivide your namesapce within active directory? | separate domains and separate OUs |
describe deligation administration of a windows 2003 environment | its possible to do the same thing with domains as to perform them with OUs |
what version of BIND supports SRV records | 4.9.7 and 8.1.2 support SRV records |
windows 2003 web edition has what limitation | it can not be promoted to a domain controller |
how much hard drive space do you need to install ADS | 200MB for the database and 50MB for the transaction log |
regarding users what happens when you promote a box to a domain controller in 2003 | all of the local user and groups are deleted |
what happens to the permissions on resources when you promote a system | they get reset |
what happens to EFS keys during a promotion | they get lost as they are stored in the directory |
with respect to performance what is recommended regarding the database and log folders for ADS | put them on different drives |
if you're putting up a domain controller across a slow link what should you do? | using dcpomo /adv reduceds the time to create a domain controller because it avoids the transfer of a large quantity of ADS data |
how do you extract adprep in the process of planning for the upgrade to 2003 from 2000 | run winnt32 /checkupgradeonly this extracts adprep to the winnt\system32 folder and copies the LDIF files containing the schema upgrades |
what tool do you use to rename a domain in windows 2003 | rendom.exe which can be downloaded from the microsoft site |
what is the requirement prior to doing the rendom | as stated before you need to have a windows 2003 only functional level to support such a feature |
how do you designate other servers as global catalog servers? | select active directory sites and services expand the site, and the servers, right click on the NTDS settings folders and choose properties in the general tab select "global catalog" |
please describe some of the benefits associated with universal group caching | available at any domain or forest functional level that supports universal groups. You do not require a global catalog server at every site in your forest. Logon times are faster because the domain controllers doesn't have to go to the GC bandwidth is |
what is something to note regarding global catalog servers and universal group caching | to not have the GCs more than 1 replication hop away to ensure optimal setup |
how do you enable universal group caching | go into active directory sites and services, expand the site, right click NTDS settings and choose properties, in the site settings there is a checkbox for it |
in the exam if there is the symptom of slow access to resources across the wan what do you need to do | configure a local gc |
if access times are slow but access to resources is cool what do you need to do | configure universal group caching |
why might you want to transfer a FSMO | if your you have a planned maintence window |
regarding administrators and FSMOs what a good rule | keep them close to the administrators who are designated as responsible persons for them |
what is a good rule about the domain naming master and the schema master? | keep them on the same server and you should have a backup closeby |
how do you transfer FSMO roles? | go into active directory users and computers. Connect to the domain controller and then right click on the domain controller and select operations masters |
how do you transfer a FSMO role using the command line? | type in ntdsutil, then type roles, type connection, once connected type 'transfer role' either 'PDC emulator, rid master, infrastructure master, domain naming master, or schema master. You'll be asked to confirm then type quit and quite again |
if you seize a role and a role owner comes back what happens | bad things. AD has the potential for becoming corrupted. After you seize a role you need to reformat the former role owner and reinstall windows and then promote it again |
when do you seize a role in ADS | only if you know the previous owner is dead do you take over |
how do you seize a role in ADS from the command line | ndsutil type 'roles' once connected to the server type 'seize <role>' (PDC emulator, RID master, infrastructure master, domain naming master, or schema master) |