0
Active Directory
Active Directory is a set of networking services made by Microsoft. Questions about using and configuring Active Directory belong here.
849 Questions
Which of the following is the best definition of a tree within Active Directory?
A: A group of hierarchically linked domains with trust relationships between them. B: A group of hierarchically linked domains within the same site. C: A group of hierarchically linked domains that have a contiguous namespace.
D: A group of hierarchically linked domains within a forest. A
A group of hierarchically linked domains with trust relationships between
them.
B
A group of hierarchically linked domains within the same site.
C
A group of hierarchically linked domains that have a contiguous
namespace.
D
A group of hierarchically linked domains within a forest.
A domain is a logical grouping of devices in a single name and can be administered as a group. Domains are assigned to companies or subdivisions within companies.
A forest is a collection of domain trees. A forest could contain domains from multiple sites, such as a parent company maintaining control over several acquired companies with different domain names.
What are two ways to create or edit Group Policy Objects?
There are two ways to create a new Group Policy object from a Starter GPO. You can create a new Group Policy object from a Starter GPO at the Starter GPOs node or at the Group Policy objects node.
Create a new GPO from a Starter GPO at the Starter GPOs nodeOpen the Group Policy Management Console. Expand theStarter GPOsnode.
Right-click the Starter GPO you want to use to create a new Group Policy object and then clickNew GPO from Starter GPO.
In theNew GPOdialog box, type the name of the new Group Policy object in theNamebox.
ClickOK.
Open the Group Policy Management Console. Right-click theGroup Policy Objectsnode.
In theNew GPOdialog box, type the name of the new Group Policy object in theNamebox.
Select the Starter GPO from theSource Starter GPOlist that you want to use to create a new Group Policy object.
ClickOK.
A DNS root zone is the top-level DNS zone in a Domain Name System (DNS) hierarchy
dcdiag
dcpromo is command u have to write it in Run to create a new domain controller and create active directory
How many password policies can be configured in a domain?
you can use combination of six policies
Configuring Password Policy Settings in an Active Directory-Based DomainYou must be logged on as a member of the Domain Admins group.
To implement password policies on network computers belonging to an Active Directory domain:
1. Navigate to the Control Panel (Start }Settings } Control Panel) and open the `Administrative Tools'.
2. Open the `Active Directory Users and Computers'. Right click on the root container of the domain and select Properties.
3. In the properties dialog, click on the Group Policytab. Then click on New to create a new Group Policy Object (GPO) in the root container.
4. Specify the name of the new group policy (for example, "Domain Policy") and then click on Close.
NOTE: Microsoft recommends that you create a new Group Policy Object rather than editing the default policy (called `Default Domain Policy'). This makes it much easier to recover from serious problems with security settings. If the new security settings create problems, you can temporarily disable the new Group Policy Object until you isolate the settings that caused the problems.
5. Right click on the root container of your domain and select Properties. This will bring up again the Domain Properties dialog.
6. Click on the Group Policy tab, and select the new Group Policy Object Link that you have just created (for example, `Domain Policy').
7. Click on Up to move the new GPO to the top of the list, and then click on Edit to open the Group Policy Object Editor.
8. Expand the Computer Configuration node and navigate to Windows Settings } Security Settings }Account Policies } Password Policy folder.
9. From the right pane, double-click on the `Enforce password history' policy. Then select the `Define this policy setting' option, and set the `Keep password history'value to `24'.
10. Click on the OK button to close the dialog.
11. From the right pane, this time double-click on the `Maximum password age' policy. Then select the `Define this policy setting' option and set the `Password will expire' value to 42 days.
12. Click on OK to close the properties dialog.
13. From the right pane, double-click on the `Minimum password age' policy. Then select the 'Define this policy setting' option and set the `Password can be changed after:' value to `2'.
14. Click on the OK button to close the dialog.
15. From the right pane, double-click on the `Minimum password length' policy. Then select the `Define this policy setting' option and set the value of the `Password must be at least:' entry field to `8'.
16. Click on the OK button to close the dialog.
17. From the right pane, double-click on the `Password must meet complexity requirements' policy. Then enable the `Define this policy setting in the template' option, and select `Enabled'.
18. Click on the OK button to close the dialog.
How do you install a sprinkler system?
There are two main methods of sprinkler system installation: open trench and pulled pipe. Open trench typically uses PVC pipe and pulled pipe typically uses poly pipe. Other than the pipe and fittings, the main difference in installation will be that the pulled pipe system requires a hole and saddle tee at the location of each sprinkler head.
The steps for installing an automatic sprinkler system using an open trench method are:
1. Start with a good sprinkler system design (try searching "sprinkler system designer" for support options)
2. Make sure that you have all necessary tools, equipment, and permits
3. Have Blue Stakes mark all utilities prior to any digging
4. Install a backflow prevention device according to code
5. Place flags at the location of each sprinkler head
6. Mark and dig all trenches and valve manifold locations
7. Build and install valve manifolds (preassembled valve manifolds can make this easier)
8. Connect mainline pipe from water source connection to valve manifolds
9. Lay lateral line pipe from the valve manifolds to the location of each sprinkler head
10. Install tees and swing assemblies for each sprinkler head and flush lines
11. Connect sprinkler heads to swing assemblies; set head to level with ground
12. Install sprinkler timer/controller and connect sprinkler wire from timer to valve manifolds
13. Install nozzles on sprinkler heads
14. Install valve boxes (as required) and backfill all trenches
15. Run a zone by zone test and adjust nozzle patterns
What is the recommended method for moving active directory objects from one domain to another?
look into Drag-and-Drop. it might help
What services does active directory schema provide?
An active directory schema allows the user to perform a detailed search for an individual, place or other piece of information. A well designed schema represents software that gives the user access to information within an organization. The structure becomes more detailed as the schema becomes detailed.
What is the difference between forward lookup zone and reverse lookup zone in DNS?
Forward lookup is name-to-IP address; the reverse lookup is IP address-to-name.
How you can raise domain functional level of 2003 server?
server 2003
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
After you upgrade all Windows NT 4.0-based domain controllers in a domain to Windows Server 2003, you can raise the functional level of each domain in the forest to Windows Server 2003. Before you raise the domain functional level, however, you must ensure that no Windows NT 4.0-based domain controllers remain in the domain.
Warning
* If Windows NT 4.0-based domain controllers are running in a domain when you raise the domain functional level to Windows Server 2003, they will no longer be able to communicate with the new Windows Server 2003 domain controllers and will not receive necessary updates.
Use the following LDAP query to identify any Windows NT 4.0 domain controllers remaining in the domain. Run the LDAP query against the Domain container in Active Directory Users and Computers. If you have not manually changed the value of the operatingSystemVersion attribute of the computer object, this query is conclusive for domain controllers running Windows NT 4.0. You must be a member of the Domain Admins group to run the following query.
To identify Windows NT 4.0-based domain controllers in a domain
1. From any Windows Server 2003-based domain controller, open Active Directory Users and Computers.
2. If the domain controller is not already connected to the appropriate domain, connect it to the domain as follows:
a. Right-click the current domain object, and then click Connect to domain.
b. In the Domain dialog box, type the DNS name of the domain that you want to connect to, or click Browse to select the domain from the domain tree, and then click OK.
3. Right-click the domain object, and then click Find.
4. In the Find dialog box, click Custom Search.
5. Click the domain for which you want to change the functional level.
6. Click the Advanced tab.
7. In the Enter LDAP query box, type the following, leaving no spaces between any characters (the query is not case-sensitive):
(&(objectCategory=computer)(operatingSystemVersion=4*)(userAccountControl:1.2.840.113556.1.4.803:=8192))
8. Click Find Now. This produces a list of the computers in the domain that are running Windows NT 4.0 and functioning as domain controllers.
A domain controller might appear in the list for any of the following reasons:
* The domain controller is running Windows NT 4.0 and must be upgraded.
* The domain controller has been upgraded to Windows Server 2003, but the change has not replicated to the target domain controller.
* The domain controller is no longer in service, but its computer object has not been removed from the domain.
Before you can change the domain functional level to Windows Server 2003, you must physically locate any domain controller in the list, determine its current status, and either upgrade or remove the domain controller as appropriate.
UDP Port 7725 - What is nitrogen service?
I do not know what the Nitrogen Service itself is, but the most common application to operate on port 7725 is Faronics Deep Freeze. It uses this port to talk to the administration console.
Difference between Schema Master and Global Catalog?
global catalog
The global catalog contains a complete replica of all objects in Active Directory for its Host domain, and contains a partial replica of all objects in Active Directory for every other domain in the forest.
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
In addition to configuration and schema directory partition replicas, every domain controller in a Windows 2000 Server or Windows Server 2003 forest stores a full, writable replica of a single domain directory partition. Therefore, a domain controller can locate only the objects in its domain. Locating an object in a different domain would require the user or application to provide the domain of the requested object.
The global catalog provides the ability to locate objects from any domain without having to know the domain name. A global catalog server is a domain controller that, in addition to its full, writable domain directory partition replica, also stores a partial, read-only replica of all other domain directory partitions in the forest. The additional domain directory partitions are partial because only a limited set of attributes is included for each object. By including only the attributes that are most used for searching, every object in every domain in even the largest forest can be represented in the database of a single global catalog server.
schema
All databases have a schema which is a formal definition (set of rules) which govern the database structure and types of objects and attributes which can be contained in the database. The schema contains a list of all classes and attributes in the forest.
The schema keeps track of:
* Classes
* Class attributes
* Class relationships such as subclasses (Child classes that inherit attributes from the super class) and super classes (Parent classes).
* Object relationships such as what objects are contained by other objects or what objects contain other objects.
There is a class Schema object for each class in the Active Directory database. For each object attribute in the database, there is an attributeSchema object.
Schem Master is A FSMO role held by single DC in forest
To create an application directory partition you must be a member of which group?
Enterprise Admin Group
When would you disable automatic site link bridging within active directory sites and services?
If your network is not fully routed, it is recommended that you disable automatic
site link bridging and instead configure manual site link bridges according to your
network infrastructure.
Any Domain controller (server in the domain and ad installed on it) can authrorize and authenticate the user. If there is any password related issue, the information is sent to the PDC.There is one PDC role holder server in the domain which delegates other DCs to authorirze and authenticate in domain
When did active directory come out?
Active Directory was previewed in 1999, released first with Windows 2000 Server edition, and revised to extend functionality and improve administration in Windows Server 2003. Additional improvements were made in Windows Server 2003 R2. Active Directory was refined further in Windows Server 2008 and Windows Server 2008 R2 and was renamed Active Directory Domain Services.
Active Directory was called NTDS (NT Directory Service) in older Microsoft documents. This name can still be seen in some Active Directory binaries.
GUI
nslookup.exe
What is the difference between Groups and OUs?
OUs are what is used to segregate and filter department bases on the region or type of users, groups, or computers. Users are placed into groups in an OU to control who has administrative authority over that user and group.
What are sites What are they used for?
One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network. B: A Site object in Active Directory represents a physical geographic location that hosts networks. Sites contain objects called Subnets.[3] Sites can be used to Assign Group Policy Objects, facilitate the discovery of resources, manage active directory replication, and manage network link traffic. Sites can be linked to other Sites. Site-linked objects may be assigned a cost value that represents the speed, reliability, availability, or other real property of a physical resource. Site Links may also be assigned a schedule. Source: http://en.wikipedia.org/wiki/Active_Directory_Site#Sites
What is a prepaid group practice model?
According to the text book "Medical Billing and Insurance Coding"-Fordney and French.... "The prepaid group practice model delivers services at one more locations thru a group of physicians who either 1.contract thru the HMO to provide care or 2. are employed aby the HMO........."
