Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
26 Cards in this Set
- Front
- Back
Four primary AD Administration Snap-ins and what each is used for? |
Active Directory Users and Computers - manage users, computers, OU's Active Directory Sites and Services - manage replication, network topology Active Directory Domains and Trusts - configure trust relations Active Directory Schema - modify AD attributes (blueprint). |
|
Active Directory Schema snap-in isn't registered by default. What is the command to register? |
regsvr32 schmmgmt.dll |
|
How can you administer AD DS for a Windows 8.1 PC? |
Remote Server Administration Tools (RSAT) |
|
What is Active Directory Administrative Center? |
Perform common AD object management tasks such as users, computers, groups and organizational management |
|
What are the 6 Directory Service Command-Line Tools and what do they do? Command to display Title of all AD users with first name John |
dsadd - add objects dsget - display objects dsmod - edit objects dsmove - move objects dsquery - query objects dsrm - remove objects dsquery user -name John* | dsget user -title |
|
What is this called? username@domain |
User Principal Name (UPN) |
|
What are the rules for unique user names (2)? |
Full Name must be unique in OU UPN must be unique in Forest |
|
3 user profile items you configure from Active Directory Administrative Center. What is username wildcard |
Profile Path Logon Script Home Folder %username% |
|
What is the node in GPO for configuring desktop profile and app settings? |
User Configuration\Policies\Windows Settings |
|
What are the two types of groups in AD? Explain each |
Distribution - cannot be given permission to resources, used for email Security - used to assign permissions, can also be used for distribution Both have SID's and can be converted to the other. Like my Global - All Staff groups |
|
What are the (4) Server 2012 Group Scopes? |
Local - use on any non-DC. Only available on actual device (local) Domain Local - use on DC's, only for specific domain Global - used to consolidate similar users (Therapists) Universal - used in multidomain networks, |
|
Which Groups can be converted? |
Domain Local and Global to Universal Universal to Domain Local or Global |
|
Acronym for best practice for nesting? First is member of second, second member or third, etc. |
IGDLA Identities (users & computers), Global Groups (Role Group) Domain-Local Groups (Rule Group) Access (to resources, permission to folder) in multidomain it's IGUDLA (U - Universal) Exampe in Module 3, Lesson 2 |
|
9 Default Protected Groups (4 Admin, 4 Operator, 1 other). Which of the 3 containers do they belong to below (User- Forest Root, User-Domain, Built In-Domain? |
Enterprise Admins - user-Forest Root Schema Admins - user-Forest Root Domain Admins - Users-Domain Server Operators - Built-in Account Operators - Built-in Backup Operators - Built-in Print Operators - Built-in Cert Publishers - Users-Domain |
|
What is a Protected Group? |
Members no longer inherit permissions from their OU's and have non-configurable protections applied to their accounts. For example, if you add Jeff Ford to the Account Operators group (a protected group), the help desk, which can reset all other user passwords in the Employees OU, cannot reset Jeff Ford’s password. |
|
What are the 6 special identify Groups? |
Anonymous Logon Authenticated Users Everyone (Auth and Guest Account) Interactive - users who access resource while logged on locally to host Network - Over network opposed to Creator Owner Creator Owner |
|
Note: Computer Accounts have passwords that Server changes automatically. Default: Computers folder is a Container and not an OU. Cannot create OU in container and can't link GPO. |
blank |
|
Command line command to reconfigure default computer container |
redircmp |
|
Two advantages of Pre-staging (created computer account before joining domain) a computer? |
Delegated security policy of OU Computer within scope of GPO |
|
What is command for Offline Domain Join? What is the / option to create the domain join file? What is the / option to import the domain join file? |
djoin.exe /provision /requestODJ |
|
Note : Every computer account in AD DS has a username (sAMAccount Name) and password. What Service uses Computer accounts credentials to log onto domain and establish secure channel? |
Netlogon |
|
Reset Secure Channel instead of deleting computer from domain and rejoining. How (6 ways)? |
AD Users and Computer AD Administrative Center dsmod netdom nltest PS: Test-ComputerSecureChannel -repair |
|
Best way to handle BYOD? |
Workplace join in AD FS. AD account is created, devices don't actually join domain, issued certificates |
|
What are two main purposes of OU? What are the 3 types of OU levels? |
Delegation of control, Application of GPO Flat, one or two deep Wide, more than 5 deep Narrow, anything in between |
|
Each object in AD DS has it's own ACL (Access Control List). What type of ACL List controls objects specific properties? What type of ACL List controls auditing settings |
Discretionary (DACL) System (SACL) |
|
Explain Effective Permissions Command line command to view permissions Note: Best practice to assign permissions to Groups instead of individual users |
Resulting permission for a security group Explicit override inherited Deny overrides allow dsacls |