Sunday, March 29, 2020

Windows Server Infrastructure - Basics

Question: What is an Organizational Unit (OU) and why would you create additional OUs?
Show Answer
An OU is an object in a domain that you can use to store user objects, computer objects, group objects, and other AD DS objects. You typically create additional OUs when you want to delegate control to a specific group or link a Group Policy Object to the OU.


Question: What are the five flexible single master operations (FSMO) roles and where do they exist?
Show Answer
FSMO roles are special roles within a forest and domain. There are two FSMO roles at the forest level: Schema Master and Domain Naming Master. There are three FSMO roles at the domain level: RID Master, Infrastructure Master, and PDC Emulator.

Question: What is a trust relationship and which type of trust relationship is used to improve user logon times between two domains in a forest?
Show Answer
Trust relationships are authentication pipelines between different domains. Shortcut trusts can be used to improve user logon times between two domains in an Active Directory forest.


Question: Which optional AD DS feature enables you to quickly restore objects that have been deleted?
Show Answer
The Active Directory Recycle Bin, an optional feature of AD DS, provides a simplified process for restoring deleted objects.

Question: What is Server Core and what are some advantages of using it?
Show Answer
Server Core is the default Windows Server installation option. Server Core does not have a graphical user interface. Server Core installs fewer components so fewer updates are required. Server Core removes unneeded files so disk space and memory requirements are less. Lastly, fewer files and components means less opportunity for security threats.

Question: Which feature can you use to define different password policies and account lockout settings in a domain?
Show Answer
Fine-grained password policies let you specify different password policies and account lockout policies for different groups of users. For example, executives, administrators, service accounts, or regular users.

Question: Aziz has reported he is unable to sign in to the domain. The error message is, “The trust relationship between this workstation and the primary domain failed.” What is likely the problem and how should you fix it?
Show Answer
Most likely the problem is a broken secure channel. You can use Active Directory Users and Computers or PowerShell to reset the computer account and rejoin the computer to the domain.

Question: What is the global catalog and when is it used?
Show Answer
The global catalog is a central directory of every object in the forest. The global catalog is commonly used to provide Exchange email account information and a user’s Universal group memberships.

Question: What is the global catalog and when is it used?
Show Answer
The global catalog is a central directory of every object in the forest. The global catalog is commonly used to provide Exchange email account information and a user’s Universal group memberships.

Question: What is an AD DS site and when should you consider creating a site?
Show Answer
An AD DS site represents the physical structure, or topology, of your network. There are several reasons to consider creating additional sites such as: number of users at a location, slow links between locations, service localization, and AD DS database replication.


Question: When should you use an authoritative restore?
Show Answer
An authoritative restore is necessary when a known good copy of AD DS has been restored that contains objects that must override the existing state of other objects in the AD DS database.

Question: How are Group Policy settings and a Group Policy preferences different?
Show Answer
Group policy settings and group policy preferences are different. Preferences are not enforced, can reapply automatically, and can use item-level targeting.

No comments:

Post a Comment