Organizational Unit
________________, the directory service in Windows Server 2003, is the main repository for information about network users and resources.
Active Directory
Intrasite Replication
Replication of active directory between domain controllers on the same site. Uses the Knowledge Consistency Checker (KCC)
A _______________________ is a tool that allows businesses to define, manage, access, and secure network resources, including files, printers, people, and applications, for a group of users.
Directory Service
A ____________ is a logical grouping of network resources and devices that are administered as a single unit.
A 128-bit hex number that is guaranteed to be unique within the enterprise.
Parent-Child Trust
- Implicitly established when you create a new child domain in a tree

- Transitive

- Two-way
Although not enabled by default, ___________________ is a process that can beused by Windows Server 2003 DNS to clean up the DNS database when resource records are no longer required.
aging and scavenging
Each Active Directory Object has a _________ that defines who has permission to the object and what type of access is allowed.
Security Descriptor
Configuration Partition

- Describes _________
- Replicated to _________
- Describes the configuration information for the domain, including the replication topology and the domain structure

- Replicated to all domain controllers in the forest
What deals with all of the replication in the specific domain?
Domain Partition
What are effective permissions?
The overall permissions that a security principal has for an object, including group permissions and inherited permissions.
The ______________ is provided to automate and simplify the process of setting administrative permissions for a domain or OU.
Delegation of Control Wizard
Trust Relationship
A link between two domains in which the trusting domain honors the logon authentication of the trusted domain.
Tree Root Trust
- Implicitly established when you add a new tree root to a forest
- Transitive
- Two-way
Replication that occurs between sites is called ____________ replication.a. Localb. Remotec. Intersited. Intrasite
c. Intersite replication occurs between sites
Which dsquery command should you use to find users in the directory who have been inactive for two weeks?
dsquery user -inactive 2
What is the standard naming structure and hierarchy in Active Directory?
Lightweight Directory Access Protocol (LDAP)Established by the internet Engineering Task Force (IETF) to facilitate the implementation of X.500 in e-mail. It is used for scalability and integration capabilities.
An administrator creates this kind of trust manually when two domains are logically distant from each other in a forest or tree hierarchy and wants to improve login times.
Shortcut Trust

(Transitive. Can be one way or two way)
Where are SRV records located?
Within DNS... to provide mapping to a host providing service.
Why is it necessary to delegate administrative control of Active Directory objects?
To ensure that specific administrators get the appropriate permissions for an object.
Name the three reasons to create an OU, and say which is the primary reason.
1. To delegate administration (primary)
2. To hide objects
3. to administer Group Policy
Steps in Creating a Domain Plan
1. Determine the number of domains required.
2. Define the Forest Root Domain
3. Define a domain hierarchy and name domains
4. Determine the placement of DNS servers
When trying to connect to a shared folder by typing \\SERVER1\DATA ata prompt, John receives an error that SERVER1 cannot be located. Listthree possible reasons why this could happen and the steps you wouldtake to verify them.
Possible answers students may have are:1. No record exists for SERVER1 in the forward lookup zone of DNS. Check theDNS forward lookup zone for SERVER1’s record.2. SERVER1 is down. Test the server by attempting a ping. If there is no reply, checkall links to the server.CHAPTER 2 IMPLEMENTING ACTIVE DIRECTORY 93. John’s computer has an error in its DNS configuration. Use ipconfig to checkthe current settings for John’s network connection. If IP is being obtained froma DHCP server, attempt a renewal of the information using ipconfig /renew. If IPis manually configured, check the properties of John’s network connection.4. The record in DNS for SERVER1 is old and has not been updated. Check therecord in DNS to verify this is a problem. If it is, modify the record to reflectthe correct information or you can use ipconfig /registerdns from SERVER1 ifdynamic updates are enabled.
What is the purpose of the Saved Queries feature?
Allows administrators to create, edit, save, and email queries.
List the steps in creating a Site Topology Plan
1. Define Sites
2. Place domain controllers
3. Define a replication strategy
4. Place global catalog servers and operations masters within the forest
You are the administrator for a large automotive parts company. Managementhas just released the names of several vendors that you will need toallow access to network resources. These vendors either have MicrosoftWindows NT 4.0, Windows 2000, or Windows Se
You need to establish an external one-way trust between the vendor resourcedomain in your forest and the appropriate user domain in their forest.
For quotas to be effective on the configuration partition, _______________.
All domain controllers in the forest must be running Windows Serve 2003.
What information do you need to know about the links between sites to set up Intersite Replication? (4 things)
- Replication transport used
- Cost of the site link
- Times when the link is available
- How often the link should be used
Which of the following roles are forest-wide roles?a. PDC emulatorb. Infrastructure masterc. Domain naming masterd. Schema mastere. Global catalog
c and d. The two forest-wide roles are the domain naming master and schemamaster role. The other choices are domain-wide roles.
List the four stages in the Active Directory design process.
* Creating a forest plan
* Creating a domain plan
* Creating an OU plan
* Creating a site topology plan
How do you raise the Forest Functional level?
- Must be logged on as a member of the Enterprise Admin Group- Must be connected to the Schema Operations Master- All domain controllers must support the new functional level- Irreversible
