...| | Definition TRUE | | | Term When you want to grant a collection of users permission to access a network resource, such as a file system share or a printer, you can assign permissions to an organizational unit. | | Definition FALSE | | | Term Active Directory is one of the easiest technologies to test because an isolated lab environment usually can emulate many of the factors that can affect the performance of a directory service. | | Definition FALSE | | | Term When you want to grant a collection of users permission to access a network resource, such as a file system share or a printer, you can assign permissions to an organizational unit. | | Definition FALSE | | | Term Active Directory is one of the easiest technologies to test because an isolated lab environment usually can emulate many of the factors that can affect the performance of a directory service. | | Definition FALSE | | | Term Active Directory was first introduced in which operating system? | | Definition Windows 2000 Server | | | Term Where do users log in when joining an Active Directory domain? | | Definition domain | | | Term There are two basic classes of objects in an Active Directory domain. Which of the...
Words: 1908 - Pages: 8
...Unit 10 In Class Assignment AD Trouble Shooting and Backup 1. What is extensible storage engine (ESE) Also known as JET Blue, is an ISAM (Indexed Sequential Access Method) data storage technology from Microsoft. How does it work? It’s purpose is to allow applications to store and retrieve data via indexed and sequential access. Numerous Windows components take advantage of ESE, such as desktop and directory. Source: https://www.google.com/#q=What+is+extensible+storage+engine+(ESE) Source: 2. Does Active directory offer any fault tolerance, if so what kind? Yes. In any Active Directory deployment, more than one server with the Active Directory Domain Services role deployed is recommended for fault tolerance. In fact, at least two Domain Controllers are recommended as a best practice for every Domain deployed in an Active Directory forest. The reason for this is to ensure that more than one server exists at any given time with a copy of the Active Directory database. Source: http://www.techrepublic.com/blog/data-center/active-directory-virtualization- best-practices/ Yes. For fault tolerance, you should always deploy new domains with at least two domain controllers. If you only have a single domain controller for a given domain and the domain controller fails...
Words: 918 - Pages: 4
...Server 2008 | A starting address of 192.0.0.0 and an ending address of 223.255.255.255 is a member of which network class? | Class C | . IPv4 addresses are commonly represented by using what type of notation? | Dotted-decimal | Which feature is an integral part of IPv6, whereas it was an optional feature under IPv4? | IP Security | Each host on a TCP/IP network should be configured with a number of mandatory and optional configuration items except for which of the following? | Routing Method | . If a system will be a DHCP server, what type of address should you set? | Static IP Address | What is made up of free space from multiple physical disks | Spanned Volume | Which partition style is recommended for disks larger than 2TB or for disks that are used in Itanium computers? | GPT | . BOOTP enables a TCP/IP workstation to retrieve settings for all of the configuration parameters it needs to run excluding which option? | Workstation Settings | Which of the following is not a key benefit provided by DHCP for those managing and maintaining a TCP/IP network? | De Centralized Administration | Sent by clients via broadcast to locate a DHCP server per RFC 2131, which message may include options that suggest values for the network address and lease duration? | DHCP Discover | What type of zone might a DNS server host? | Primary | Which of the following is not a forward or reverse lookup zone type? | Integrated | Which zone enables a host to determine another host’s...
Words: 1150 - Pages: 5
...Module 1 Written Assignment Robert Collazo Rasmussen College What steps are required in the planning and design of this domain infrastructure? Determine the Number of Forests. This step involves determining whether one or multiple forests are required to meet the organization’s objectives. Determine the Number of Domains. This step involves determining the number of domains that are required to meet the organization’s objectives. Assign Domain Names. This step involves assigning names to each of the domains. Select the Forest Root Domain. This step involves selecting the forest root domain. Determine Domain Controller Placement. This step involves deciding where domain controller resources will be placed for each domain in each forest. Determine Operations Master Role Placement. This step involves deciding the placement of the operations master roles for the forest and each domain. Determine Domain Controller Configuration. This step involves determining the disk space, memory, processor, and the network requirements for each domain controller. How would you implement and configure the AD domain for these offices? When implementing AD for these offices I would configure first a forest or domain. Then I would configure trust, sites, and active directory replication. Then I would configure the global catalog and master operations. What would you implement to allow access between domains? Which type would you recommend and why? Selective authentication By creating...
Words: 918 - Pages: 4
...server. What would a basic DNS file look like? Describe the file. The DNS or (Domain Name System) names the number mappings on your computer. For example www.justfigmont.com could be the number 160.92.3.6. This is achieved through the DNS. The DNS is a hierarchy. There are a small number of root domain name servers that are responsible for tracking the top level domains and who are under them. The root domain servers between them know about all the people who have name servers that are authoritative for domains under the root. A basic DNS file may look like this: C:\>nslookup Default Server: vnsc-bak.sys.gtei.net Address: 4.2.2.2 > set type=mx > bellcs.com Server: vnsc-bak.sys.gtei.net Address: 4.2.2.2 Non-authoritative answer: bellcs.com MX preference = 0, mail exchanger = bellcs.com bellcs.com nameserver = ns2.server766.net bellcs.com nameserver = ns.server766.net bellcs.com internet address = 66.78.26.7 "Setting up a Basic DNS Server for a Domain." Setting up a Basic DNS Server for a Domain. N.p., n.d. Web. 07 Aug. 2015. "Learn Exchange Server 2000: Setting Up DNS for Internet Access." RSS. N.p., n.d. Web. 07 Aug. 2015. Unit 8 Assignment 2 What benefits do you see in moving an organization to an Active Directory environment? Four Benefits of Moving an Organization to an Active Directory Environment: 1. Using an Active Directory environment gives a better representation of the network. The active Directory structure...
Words: 689 - Pages: 3
...address 223.255.255.255 is a member of which network class? 5. IPv4 addresses are commonly represented by using what type of notation? 6. Which feature is an integral part of IPv6, whereas it was an optional feature under IPv4? 7. Each host on a TCP/IP network should be configured with a number of mandatory optional configuration items except for which of the following? 8. If a system will be a DHCP server, what type of address should you set? 9. What is made up of free space from multiple physical disks? 10. Which partition style is recommended for disks larger than 2tb or for disks that are used in Itanium computers? 11. BOOTP enables a TCP/IP workstation to retrieve settings for all of the configuration parameters it needs to run excluding which option? 12. Which of the following is not a key benefit provided by DHCP for those managing and maintaining a TCP/IP network? 13. Sent by clients via broadcast to locate a DHCP server per RFC 2131, which message may include options that suggest values for the network address lease duration? 14. What type of zone might a DNS server host? 15. Which of the following is not a forward or reverse lookup zone type? 16. Which zone enables a host to determine another host's name based on its IP address 17. A windows server 2008 computer that has been configured with the Active Directory DS role is referred to as a ___. 18. The process of keeping each domain controller in synch with changes that...
Words: 921 - Pages: 4
...LAB #1 – ASSESSMENT WORKSHEET Configure Active Directory and Implement Departmental and User Access Controls Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview In this lab, you configured Windows Active Directory to create Department and User accounts, and set unique read/write folder and fi le access privileges. You used the Windows Configuration Applet and Group Policy Management console to create and test configurations and read/write of several fi les with specific access controls. You also used group policy objects to restrict access to certain users and groups at the directory, folder, and fi le level. Lab Assessment Questions & Answers 1. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve CIA for departmental LANs, departmental folders, and data. 2. Is it a good practice to include the account or user name in the password? Why or why not? 3. To enhance the strength of user passwords, what are some of the best practices to implement for user password definitions to maximize confidentiality? 4. Can a user defined in Active Directory access a shared drive if that user is not part of the domain? 5. Does Windows Server 2008 R2 require a user’s logon/password credentials prior to accessing shared drives? 6. When looking at the Active Directory structure for Users and Computers, which group has the least amount of implied privileges? 7. When granting access to LAN systems for guests (i...
Words: 363 - Pages: 2
...computer. What selections are available to you in the left pane? The selections available to me include: Roles, Features, Diagnostics, Configuration, and Storage. 2. Using the Windows Help option, describe any roles and features that are currently installed on this server. There are currently no Roles or Features installed on the server. 3. Explain in your own words why it is a best practice to configure a server, such as a DNS server, with a static IP address rather than allowing it to obtain an IP address using DHCP. To put it simply, if the IP address of the server is consistently being changed by DHCP, then the ports that were opened up to allow the server to work through the firewall are going to be remain opened on the server’s old address, and not necessarily on the new one. This could cause applications to not run properly or at all, but worse, could create security vulnerabilities for the network. A static IP address allows other workstations on the network to easily keep track of the server. 4. Explore the netsh command menus. Record three commands that you can issue from the command line using netsh, and describe what each command does. 1. Exec- runs a script file 2. Add- adds a configuration entry to a list of entries 3. Online- sets the current mode to online Matt Carlson IT255.XM1.10WTR Instructor Vincent Tran January 9, 2010 Virtual Lab 2 1. When a child domain is installed and the parent domain is hosting an Active Directory–integrated...
Words: 3462 - Pages: 14
...Microsoft 70-640 TS: Windows Server 2008 Active Directory, Configuring Version: 30.6 Microsoft 70-640 Exam Topic 1, Exam Set 1 QUESTION NO: 1 You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. Only one Active-Directory integrated zone has been configured in the ABC.com domain. ABC.com has requested that you configure DNS zone to automatically remove DNS records that are outdated. What action should you consider? A. You should consider running the netsh /Reset DNS command from the Command prompt. B. You should consider enabling Scavenging in the DNS zone properties page. C. You should consider reducing the TTL of the SOA record in the DNS zone properties page. D. You should consider disabling updates in the DNS zone properties page. Answer: B Explanation: In the scenario you should enable scavenging through the zone properties because scavenging removes the outdated DNS records from the DNS zone automatically. You should additionally note that patience would be required when enabling scavenging as there are some safety valves built into scavenging which takes long to pop. Reference: http://www.gilham.org/Blog/Lists/Posts/Post.aspx?List=aab85845-88d2-4091-8088a6bbce0a4304&ID=211 QUESTION NO: 2 You work as the network administrator at ABC.com. The ABC.com network has a domain named ABC.com. All servers on the ABC.com network run Windows Server 2008. The ABC.com network...
Words: 34198 - Pages: 137
...regarding the addition of Active Directory to the current Ken 7 Windows Limited network environment. The following are some considerations about Active Directory and the integration with the current network. Currently, system administrators create Ken 7 users in each computer where users need access. In the Active Directory, where will system administrators create Ken 7 users? In Active Directory (AD) system administrators would create users in the Group Policy Management Console (GPMC), which is used to create & edit GPO’s (Group Policy Object), import & export GPO’s, copy & paste GPO’s, back-up & restore GPO’s, search for GPO’s, or create reports on GPO’s. By creating the GPO’s for each department (eg. Administrators, Planners, Shop Floor users, Managers, Purchasing users, Accounting users), proper access/privileges are granted based on department needs. How will the procedures for making changes to the user accounts, such as password changes, be different in the Active Directory? Through Active Directory (AD), the sys admin would be able to have the passwords changed by each user by Active Directory managing the “roll-out” of asking that passwords being changed & needed security strength of the password by the internal automation of Active Directory. This is randomly handled by AD in a “90” or “120” day timeframe. What action should administrators take for the existing workgroup user accounts after converting to the Active Directory? As prior to the implementation...
Words: 505 - Pages: 3
...deploying Active Directory with third-party DNS, the DNS server must support _____ records. SRV What is the command-line utilities allows moving objects from one location to another? Dsmove Active Directory supports _____ FSMO roles and their functionality is divided between domain-wide and forest-wide FSMOs. five The _____________ command-line tool is a valuable tool for testing resource access permissions. Runas Which type of group can be used to grant or deny permissions to any resource located in any domain in a forest. Global group When a user logs on to Active Directory, an _________________ is created that identifies the user and all of the user's group memberships. Access Token The first ______________ installed in a new Active Directory forest will hold all of the FSMO roles. DC An object is defined in the ___________ of Active Directory. Schema Active Directory uses _____________ that allow users to access resources in a single domain forest or multiple domain forests. trust relationships ____________________ of Windows Server 2008 allows enterprises to migrate their down-level Active Directory domain controllers gradually. Functional levels Active Directory __________________ are the means by which administrators can control the replication traffic. sites Each DC maintains a local value called an _____________ that keeps track of changes that are made at each DC. update sequence number (USN) The _____________ of Active Directory...
Words: 563 - Pages: 3
...Lesson 5 Active Directory Administration Key Terms access token Created when a user logs on, this value identifies the user and all of the user’s group memberships. Like a club membership card, it verifies a user’s permissions when the user attempts to access a local or network resource. Anonymous Logon Special identity that refers to users who have not supplied a username and password. authenticate To gain access to the network, prospective network users must identify themselves to a network using specific user accounts. authentication Process of confirming a user’s identity using a known value such as a password, pin number on a smart card, or the user’s fingerprint or handprint in the case of biometric authentication. authorization Process of confirming that an authenticated user has the correct permissions to access one or more network resources. batch file Files, typically configured with either a .bat extension or a .cmd extension, that can be used to automate many routine or repetitive tasks. built-in user accounts Accounts automatically created when Microsoft Windows Server 2008 is installed. By default, two built-in user accounts are created on a Windows Server 2008 computer: the Administrator account and the Guest account. Comma-Separated Value Directory Exchange (CSVDE) Command-line utility used to import or export Active Directory information from a comma-separated value (.csv) file. Comma-Separated...
Words: 6605 - Pages: 27
...50 LAB #3 | Enable Windows Active Directory and User Access Controls LAB #3 – ASSESSMENT WORKSHEET Enable Windows Active Directory and User Access Controls Course Name and Number: Student Name: Instructor Name: Lab Due Date: Overview This lab provided students with the hands-on skills needed to create a new Active Directory domain in Windows Server 2003 and demonstrated how to configure a centralized authentication and policy definition for access controls. The Active Directory users and workstation plug-ins were used to create users, groups, and configure role-based access permissions and controls on objects and folders in a Windows Server 2003 Active Directory system. Lab Assessment Questions & Answers 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization. 2. What two access controls can be set up for Windows Server 2003 folders and authentication? Authentication and Access control. 3. If you can browse a file on a Windows network share, but are not able to copy it or modify it, what type of access controls and permissions are probably configured? What type of access control would best describe this access control situation? Assessment Worksheet 4. What is the mechanism on a Windows server where you can administer granular policies and 51 permissions on a Windows network using role-based access? 5. What is two-factor authentication...
Words: 478 - Pages: 2
...Chapter 1: 1. Which of the following items is a valid leaf object in Active Directory? a. Domain b. User c. Application partition d. OU 2. Which of the following domain controllers can be joined to a forest that is currently set at the Windows Server 2008 forest functional level? a. Windows 2000 b. Windows Server 2003 c. Windows Server 2008 d. Windows NT 4.0 3. You are planning an Active Directory implementation for a company that currently has sales, accounting, and marketing departments. All department heads want to manage their own users and resources in Active Directory. What feature will permit you to set up Active Directory to allow each manager to manage his or her own container but not any other containers? a. Delegation of control b. Read-only domain controller c. Multimaster replication d. SRV records 4. The process of keeping each domain controller in synch with changes that have been made elsewhere on the network is called __________. a. Copying b. Osmosis c. Transferring d. Replication 5. The __________ Domain Controller contains a copy of the ntds.dit file that cannot be modified and does not replicate its changes to other domain controllers within Active Directory. a. Secondary b. Primary c. Read-Only d. Mandatory 6. What type of trust is new to Windows Server 2008 and is only available when the forest functionality is set to Windows Server 2008? a. Parent-child trust b. Two-way...
Words: 591 - Pages: 3
...Professor Jason Kaluzny Lesson 13 Best Answer What is the key difference between groups and Organizational Units (OUs)? a. Because groups are independent from domain structure, its members may be located anywhere in the domain or outside the domain. b. You cannot apply Group Policy settings directly to group objects. c. OUs are containers, whereas groups are not containers. d. There is essentially no difference between OUs and groups. 2. An Active Directory functional level must be low enough to ensure interoperability between domain controllers running different versions of Windows Server. How does the functional level affect the AD forest? a. Higher functional level means more efficient AD communication. b. Higher functional level means few Global Catalog errors. c. Lower functional level means fewer features available. d. Lower functional level means time to upgrade the lowest servers. 3. What is the primary reason for creating different sites on an Active Directory network? a. To create geographical divisions within the Active Directory b. To provide another boundary when applying Group Policy settings (along with domains and OUs) c. To provide a layer of access control between objects in differing sites d. To control the amount of traffic passing over the relatively slow and expensive WAN links between locations 4. What is the simplest way for administrators to upgrade their Active Directory Domain Services (AD DS) infrastructure to Windows...
Words: 1019 - Pages: 5
