Questions for Week 4
1.
What is a “Contiguous Namespace”?
A contiguous namespace is a hierarchical arrangement of the child and parent domain names separated by a period. Module 10, Page 4.
2.
What is a “Tree”?
A tree is a hierarchical arrangement of Windows 2000 domains that share a contiguous namespace. A tree consists of one or more domains. Module 10, Page 4.
3.
What is a child domain?
A child domain is a domain added into a tree under another domain. Module 10, Page 4.
4.
What is a parent domain?
A parent domain is the domain above a child domain? Module 10, Page 4.
5.
What is a tree root domain?
The tree root domain is the domain at the top of a domain tree. Module 10, Page 4.
6.
What is a forest?
A forest is a collection of one or more trees. Trees in a forest DO NOT share a contiguous namespace.
Module 10, Page 5.
7.
What do domains in a forest share?
Domains in a forest share a common configuration, schema, and global catalog. Module 10, Page 5.
8.
What is a forest root domain?
A forest root domain is the first domain created in a forest. Module 10, Page 6.
9.
What is stored in the forest root domain?
1) Global catalog information (on first domain controller).
2) Configuration information.
3) Schema information.
Module 10, Page 6. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning
10.
What two groups exist only in the forest root domain?
1) Enterprise Admins.
2) Schema Admins
Module 10, Page 6.
11.
What are four reasons that you might want to have multiple domains in your organization?
1) Reduce replication traffic – Domain controller in a domain replicate information among each other.
2) Maintain separate security settings – A domain is a security unit.
3) Preserve the domain structure of earlier versions of Windows NT.
4) Separate Administrative control.
Module 10, Page 7.
12.
What tool is used to create domains?
The Active Directory Installation Wizard (dcpromo.exe) is used to create domains. Module 10, Page 9.
13.
What tool is used to add a child domain to an existing root domain?
The Active Directory Installation Wizard (dcpromo.exe) is used to add child domains. Module 10, Page 9.
14.
What tool is used to create a new tree?
The Active Directory Installation Wizard (dcpromo.exe) is used to create a new tree. Module 10, Page 11.
15.
What tool is used to create a new forest?
The Active Directory Installation Wizard (dcpromo.exe) is used to create a new forest. Module 10, Page 12.
16.
What is a domain trust?
A domain trust is a relationship established between domains that enables a domain controller in one domain to authenticate users in the other domain. Module 10, Page 13.
17.
What is a trust path?
A trust path is a series of trust relationship for passing authentication requests between tow domains.
Module 10, Page 13.
18.
What is a Transitive Trust?
A Transitive Trust means that the trust relationship extended to one domain is automatically extended to all other domains that trust that domain. Module 10, Page 14. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning
19.
What is a Two-Way Trust?
A Two-Way Trust means that there are two trust paths going in both directions (a two-way trust is two oneway trusts). Module 10, Page 14.
20.
What is a Tree-Root Trust?
A Tree-Root Trust relationship is the trust relationship that is established when you add a new tree to a forest. Module 10, Page 15.
21.
What is a Parent-Child Trust?
A Parent-Child Trust relationship is established when you create a new domain in a tree. Module 10, Page
15.
22.
What is the primary authentication protocol in Windows 2000?
Kerberos V5 protocol is the primary authentication protocol in Windows 2000. Module 10, Pages 16, 17.
23.
What happens when a user in one domain tries to access a resource in another domain?
The Kerberos V5 protocol determines whether the trusting domain, the domain in which the resource is located, has a trust relationship with the trusted domain, the domain in which the user logged in. Module
10, Page 16.
24.
What computer functions as the Kerberos V5 Key Distribution Center (KDC)?
In Windows 2000, the domain controller functions as the KDC. Module 10, Page 17.
25.
What is the function of a shortcut trust?
A shortcut trust reduces the trust path between two domains by allowing a more direct connection between two domains that otherwise would require the trust path to travel up the hierarchy before it travels down to the other domain. Module 10, Page 19.
26.
When would one create a Nontransitive Trust?
A nontransitive trust can be used for any of these situations:
1) Between a Windows 2000 domain and a Windows NT domain.
2) Between a Windows 2000 domain in one forest and a Windows 2000 domain in another forest.
3) Between a Windows 2000 domain and a Kerberos V5 protocol security realm.
Module 10, Page 20.
27.
What tool is used to create a nontransitive trust?
Active Directory Domains and Trusts is used to create nontransitive trusts? Module 10, Page 21. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning
28.
What command line tool is used to verify and revoke trust paths?
The netdom command is used to verify and remove trust paths. Module 10, Page 23.
29.
During the logon process, what is provided by a Global Catalog Server?
1) Universal Group Membership information for the account.
2) Domain information when using user principal names during logon.
Module 10, Page 35.
30.
Members of which group can log on to the network even when a Global Catalog Server is unavailable?
Members of the Domain Admins group. Module 10, Page 36.
31.
Which computer is normally designated as the Global Catalog Server?
The first domain controller in a forest is automatically designated as a Global Catalog Server. Module 10,
Page 37.
32.
What tool is used to enable or disable a Global Catalog Server?
Active Directory Sites and Services is used to enable or disable a Global Catalog Server. Module 10, Page
37.
33.
What is the usefulness of Universal Groups?
Universal Groups are used to consolidate groups that SPAN multiple domains. Module 10, Page 40.
34.
You cannot create a Universal Group, what is the most probable cause?
The domain where you are trying to create the Universal Group is NOT in Native Mode. Module 10, Page
50.
35.
What is Active Directory’s Multi-master replication model?
Multi-master means that there are multiple domain controllers that contain copies of Active Directory and the Active Directory contents can be changed on any domain controller. Changes made on one domain controller must be replicated to the other domain controllers. Module 11, page 1.
36.
What are two advantages of the Active Directory Multi-master replication model?
1) There is no single domain controller that, if unavailable, must be replaced before updates to Active
Directory can resume as was the case with Windows NT domain controllers.
2) Domain controllers can be distributed across the network an d located in multiple physical sites, which enables fault tolerance.
Module 11, Page 2. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning
37.
What are the four ways that Active Directory can be updated?
1) Adding an object to Active Directory, i.e. user, computer, printer.
2)
Modifying the value of an object’s attribute.
3) Modifying the name or parent of an object.
4) Deleting an object from the directory.
Module 11, Page 4.
38.
What is an originating update?
An originating update is a committed request made on one domain controller that must be replicated to other domain controllers. Module 11, Page 4.
39.
What is a replicated update?
A replicated update is an update to Active Directory that originated on another domain controller. Module
11, Page 4.
40.
What is replication latency?
Replication latency is the time needed for a change made on one domain controller to be received by another domain controller. The default notification interval is 5 minutes. Module 11, Page 5.
41.
What is urgent replication?
Attribute changes in Active Directory that are considered security-sensitive are immediately replicated required immediate notification and are called urgent replication. Module 11, Page 6.
42.
What is an Active Directory replication conflict?
Since changes can occur on any domain controller, it is possible that concurrent updates to the same object or attribute can occur on different domain controllers. When this occurs there is a conflict that must be resolved. Module 11, Page 7.
43.
What are the three conflict types?
1) Attribute value.
2) Add/move under a deleted contain object OR deletion of a contain object.
3) Sibling name.
Module 11, Page 7.
44.
What does Windows 2000 Active Directory do to minimize conflicts?
Domain controllers record and replicate changes to objects at the attribute level rather than the object level.
Module 11, Page 7. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning
45.
What are the three components of the globally unique stamp that Active Directory uses to aid in conflict resolution?
1) Version Number.
2) Timestamp.
3) Server Globally Unique Identifier (GUID).
Module 11, Page 8.
46.
What is propagation dampening?
Propagation dampening is the process of reducing the amount of unnecessary data from traveling from one domain controller to another domain controller. Module 11, Page 9.
47.
Name the three logical directory partitions that the Active Directory database is divided into?
1) Schema Partition (one per forest).
2) Configuration Partition (one per forest).
3) Domain Partition (many per forest).
Module 11, Pages 11,12.
48.
What is a Replication Topology?
A Replication Topology is the pathway by which replication travels throughout a network. Module 11,
Page 12.
49.
What is the process that establishes a replication path when a new domain controller is added to a site?
The process is called the Knowledge Consistency Checker (KCC) . Module 11, Page 15.
50.
The KCC automatically creates Connection Objects. What tool is used to manually create a Connection
Object?
Active Directory Sites and Services is used to manually create a Connection Object. Module 11, Page 16.
51.
What is an Active Directory Site?
A site is a set of TCP/IP subnet addresses ranges and assume fasat, highly reliable network links. Module
11, Page 25.
52.
What is the name of the first site created when you install Windows 2000 Advanced Server?
Default-First-Site-Name . Module 11, Page 25.
53.
What functions make sites useful?
1) They can control replication traffic.
2) They can control Logon traffic.
Module 11, Page 25. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning
54.
What are some characteristics of replication WITHIN sites?
1) Replication occurs between domain controllers.
2) Replication traffic uncompressed.
Module 11, Page 26.
55.
What are some characteristics of replication BETWEEN sites?
1) Replication can be scheduled to occur during off-peak hours.
2) Replication traffic is compressed to conserve available bandwidth.
Module 11, Page 27.
56.
What Replication Protocol(s) can be used BETWEEN Sites?
1) Remote Procedure Call (RPC).
2) Simple Mail Transport Protocol (SMTP) (used when links between sites are unreliable).
Module 11, Page 29.
57.
Who can create a Site?
Members of the Enterprise Admins group or the Domain Admins group can create sites. Module 11, Page
31.
58.
What is a Site Link?
A Site Link is an object used to manage replication BETWEEN sites. Module 11, Page 33.
59.
What are the components of a Site Link?
1) Transport.
2) Member Sites.
3) Cost.
4) Schedule.
5) Replication Interval.
Module 11, Page 33.
60.
What is a Site Link Bridge?
A Site Link Bridge consists of two or more Site Links and is used to connect two or more sites together and model the routing behavior of a network. Module 11, Page 35.
61.
What is the purpose of the Replication Monitor?
The Replication Monitor displays in a graphical format the replication topology of connections between servers on the same SITE. Module 11, Page 43. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning
62.
What command line utility can be used to view the replication topology from the perspective of each domain controller?
The repladmin tool. Module 11, Page 45.
63.
What can be done to modify Replication Behavior?
1) Creating additional Connection Objects.
2) Configure Preferred Bridgehead Servers.
Module 11, Pages 46, 47.
64.
What should be configured in every site to facilitate efficient use of Active Directory?
1) At least one Domain Controller.
2) At least one Global Catalog Server.
3) At least one DNS Server.
Module 11, Page 54. www.thebeaconinstitute.com
2000 The Beacon Institute for Learning