294 Notes part 2
Psoasman
Member Posts: 2,687 ■■■■■■■■■□
Chapter 5:
1. A site is a set of IP subnets, connected by a fast, reliable link. Site structure mirrors the location of user communities. 2 main roles: to facilitate authentication and replication of data between sites.
2. 4 types of directory partition replicas: schema, configuration, domain, and application.
3. Replication process ensures that changes made to replica on 1 DC are synchronized to replicas on all other DCs within the domain. Creating, modifying, moving, or deleting an object triggers replication.
4. Site link is a logical, transitive connection between 2 or more sites that mirrors the network links and allows replication to occur. Site link bridge connects 2 or more sites in a transport where transitivity has been disabled in order to create a transitive and logical link between sites, that don’t have an explicit site link.
5. Bridgehead server is a single DC in a site, which is the contact point for replication between sites, and is automatically designated by the KCC.
6. To configure a site, you must create the site, create the subnet and associate it with the site, create or move a DC into the site, and designate a site license server.
7. When you install AD on the first DC in the same site, as site object named Default-First-Site-Name is automatically created in the sites container in AD site and services console.
8. Subnet info is used to find a DC in the same site as the computer is authenticated during the logon process and used during replication. Each site needs at least one subnet.
9. When you install new DCs into the domain, they go into the site of the source DC or into existing site.
10. Place at least 1 DC in each site or 2 DCs in each domain.
11. To configure intersite replication, you must create site links and configure site link attributes. Or you can designate a preferred bridgehead server; create site link bridges, and connection objects.
12. Site link attributes of cost, replication frequency and availability are set in the properties of site link.
13. Bridgehead servers are the contact point for exchange of directory info between sites. When 2 sites are connected by a site link, the KCC automatically selects bridgehead servers. Manually selected BHS are “preferred”
14. Site link bridge is the linking of more than 2 sites for replication using the same transport. When more than 2 sites are linked for replication and use the same transport, all the site links are “bridged” in terms of cost
15. Connection object is an AD object that represents an inbound-only connection to a DC and is automatically created by the KCC, can create manually.
16. Global catalog is central repository of info about objects in a tree, forest and is created automatically on the initial DC, aka GC server, which stores a full copy of all objects in the directory for its host domain and a partial copy of all objects for all other domains in the forest.
17. Universal group membership caching, allows a site that doesn’t have a GCS, to be configured to cache UGM for users who log onto the DC in each site. Must be set for each site and requires a DC 2k3.
18. Designate at least one GCS in each site.
19. An application directory partition is replicated only to specific DCs. 1 DC can host this and are usually created by the applications that use them to store and replicate data.
20. ADP can be a child of a domain directory partition, ADP, or new tree in a forest.
21. KCC automatically generates and maintains the replication topology for all ADP in enterprise. If ADP has replicas in more than one site, those replicas follow the same intersite replication schedule as the domain directory partition.
22. If you must demote a DC, remove the DC from the replica set of ADP or delete the ADP before you demote the DC.
23. 2k3 standard and Enterprise provide Replmon, AD replication monitor, Repadmin, and Dsastat for monitoring and troubleshooting replication.
24. Replom allows admins to view low-level status of AD replication, force synchronization between DCs, view topology.
25. Repadmin allows admins to view replication topology as seen from each DC and replication metadata
26. Dsastat allows admins to compare and detect differences between directory partitions on DCs and ensure DCs are up to date.
Chapter 6:
1. An OU is a container used to organize objects within one domain into logical administrative groups, and can be added into other OUs.
2. 3 reasons for defining an OU: (1) to delegate administration, (2) administer GP, (3) hide objects.
3. Design OUs with administration, not users in mind. For simplicity.
4. OUs are not security principals, can’t assign permissions based on users membership in an OU. Access control is for global, domain local, or universal groups.
5. Use AD users and computers to create OUs
6. Can create OU within a domain or within another OU.
7. Use AD U&C console and security tab to create OUs for purpose of hiding objects.
8. Use AD U&C console to rename, move within a domain, and delete OUs. If you delete an OU that contains objects, all of the objects that are in there are deleted as well.
9. 3 ways to move objects (1) use drag n drop, (2) use the move option (3) use the dsmove command.
Chapter 7:
1. 2k3 server provides 3 types of accounts, local user accounts, domain user accounts, built-in user acts.
2. Local user accts. Are stored in local security database. Domain user accts. Are stored in AD. Built-in accts. Are created automatically to perform administrative tasks.
3. User a consistent user naming convention
4. User strong passwords, smart cards are good.
5. For domain user accts. A users full name must be unique within the OU or container where you create the user acct
6. Always require new users to change their passwords at first logon.
7. Provide detailed property info on user’s accts, so you can search for them in the directory.
8. User profile is a collection of folders and data that stores the user’s current desktop environment, application settings, and personal data, network connections that are established when a user logs onto a computer. 4 types of profiles (1) local (2) roaming (3) mandatory (4) temporary.
9. Local user profile is based at the local computer and is available only at local computer.
10. Roaming profiles is based at the server and is downloaded to the local computer every time a user logs on and is available at any workstation or server computer on the network. R-click the user account >profile tab> type the path to the user folder \\server_name\shared_folder_name\Username%>ok.
11. Mandatory user profile is a read-only roaming profile based at the server and downloaded to the local computer every time a user logs on.
12. Home folder is a folder that you can provide for users to store personal documents and other applications. Store a home folder on a client computer or in a shared folder on file server.
13. Determine whether to use smartcard to keyboard login.
Chapter 8:
1. A group is a collection of users, computers, contacts, and other groups. Distribution groups are only for email.
2. Group scopes: domain local, global, and universal.
3. In 2k3, anonymous logon isn’t member of everyone anymore
4. When you delete a group, you only delete the group and remove the permissions and rights associated with that group, user accts are not affected.
5. Global groups are most often used to organize users who share similar network access requirements. Domain local groups are mostly used to assign permissions to resources. Universal groups are used to assign permissions to related resources in multiple domains.
6. LSDOU: place user accounts into global groups, create a domain local group for group of resources to be shared in common, place the global groups into DLG, then assign permissions to the DLG.
7. For global groups, members come from only the local domain, but they can access resources in any domain.
8. For DLG members can come from any domain, but they can only access resources only in local domain.
9. For universal groups, members can come from any domain in the forest and they can access resources in any domain in the forest.
1. A site is a set of IP subnets, connected by a fast, reliable link. Site structure mirrors the location of user communities. 2 main roles: to facilitate authentication and replication of data between sites.
2. 4 types of directory partition replicas: schema, configuration, domain, and application.
3. Replication process ensures that changes made to replica on 1 DC are synchronized to replicas on all other DCs within the domain. Creating, modifying, moving, or deleting an object triggers replication.
4. Site link is a logical, transitive connection between 2 or more sites that mirrors the network links and allows replication to occur. Site link bridge connects 2 or more sites in a transport where transitivity has been disabled in order to create a transitive and logical link between sites, that don’t have an explicit site link.
5. Bridgehead server is a single DC in a site, which is the contact point for replication between sites, and is automatically designated by the KCC.
6. To configure a site, you must create the site, create the subnet and associate it with the site, create or move a DC into the site, and designate a site license server.
7. When you install AD on the first DC in the same site, as site object named Default-First-Site-Name is automatically created in the sites container in AD site and services console.
8. Subnet info is used to find a DC in the same site as the computer is authenticated during the logon process and used during replication. Each site needs at least one subnet.
9. When you install new DCs into the domain, they go into the site of the source DC or into existing site.
10. Place at least 1 DC in each site or 2 DCs in each domain.
11. To configure intersite replication, you must create site links and configure site link attributes. Or you can designate a preferred bridgehead server; create site link bridges, and connection objects.
12. Site link attributes of cost, replication frequency and availability are set in the properties of site link.
13. Bridgehead servers are the contact point for exchange of directory info between sites. When 2 sites are connected by a site link, the KCC automatically selects bridgehead servers. Manually selected BHS are “preferred”
14. Site link bridge is the linking of more than 2 sites for replication using the same transport. When more than 2 sites are linked for replication and use the same transport, all the site links are “bridged” in terms of cost
15. Connection object is an AD object that represents an inbound-only connection to a DC and is automatically created by the KCC, can create manually.
16. Global catalog is central repository of info about objects in a tree, forest and is created automatically on the initial DC, aka GC server, which stores a full copy of all objects in the directory for its host domain and a partial copy of all objects for all other domains in the forest.
17. Universal group membership caching, allows a site that doesn’t have a GCS, to be configured to cache UGM for users who log onto the DC in each site. Must be set for each site and requires a DC 2k3.
18. Designate at least one GCS in each site.
19. An application directory partition is replicated only to specific DCs. 1 DC can host this and are usually created by the applications that use them to store and replicate data.
20. ADP can be a child of a domain directory partition, ADP, or new tree in a forest.
21. KCC automatically generates and maintains the replication topology for all ADP in enterprise. If ADP has replicas in more than one site, those replicas follow the same intersite replication schedule as the domain directory partition.
22. If you must demote a DC, remove the DC from the replica set of ADP or delete the ADP before you demote the DC.
23. 2k3 standard and Enterprise provide Replmon, AD replication monitor, Repadmin, and Dsastat for monitoring and troubleshooting replication.
24. Replom allows admins to view low-level status of AD replication, force synchronization between DCs, view topology.
25. Repadmin allows admins to view replication topology as seen from each DC and replication metadata
26. Dsastat allows admins to compare and detect differences between directory partitions on DCs and ensure DCs are up to date.
Chapter 6:
1. An OU is a container used to organize objects within one domain into logical administrative groups, and can be added into other OUs.
2. 3 reasons for defining an OU: (1) to delegate administration, (2) administer GP, (3) hide objects.
3. Design OUs with administration, not users in mind. For simplicity.
4. OUs are not security principals, can’t assign permissions based on users membership in an OU. Access control is for global, domain local, or universal groups.
5. Use AD users and computers to create OUs
6. Can create OU within a domain or within another OU.
7. Use AD U&C console and security tab to create OUs for purpose of hiding objects.
8. Use AD U&C console to rename, move within a domain, and delete OUs. If you delete an OU that contains objects, all of the objects that are in there are deleted as well.
9. 3 ways to move objects (1) use drag n drop, (2) use the move option (3) use the dsmove command.
Chapter 7:
1. 2k3 server provides 3 types of accounts, local user accounts, domain user accounts, built-in user acts.
2. Local user accts. Are stored in local security database. Domain user accts. Are stored in AD. Built-in accts. Are created automatically to perform administrative tasks.
3. User a consistent user naming convention
4. User strong passwords, smart cards are good.
5. For domain user accts. A users full name must be unique within the OU or container where you create the user acct
6. Always require new users to change their passwords at first logon.
7. Provide detailed property info on user’s accts, so you can search for them in the directory.
8. User profile is a collection of folders and data that stores the user’s current desktop environment, application settings, and personal data, network connections that are established when a user logs onto a computer. 4 types of profiles (1) local (2) roaming (3) mandatory (4) temporary.
9. Local user profile is based at the local computer and is available only at local computer.
10. Roaming profiles is based at the server and is downloaded to the local computer every time a user logs on and is available at any workstation or server computer on the network. R-click the user account >profile tab> type the path to the user folder \\server_name\shared_folder_name\Username%>ok.
11. Mandatory user profile is a read-only roaming profile based at the server and downloaded to the local computer every time a user logs on.
12. Home folder is a folder that you can provide for users to store personal documents and other applications. Store a home folder on a client computer or in a shared folder on file server.
13. Determine whether to use smartcard to keyboard login.
Chapter 8:
1. A group is a collection of users, computers, contacts, and other groups. Distribution groups are only for email.
2. Group scopes: domain local, global, and universal.
3. In 2k3, anonymous logon isn’t member of everyone anymore
4. When you delete a group, you only delete the group and remove the permissions and rights associated with that group, user accts are not affected.
5. Global groups are most often used to organize users who share similar network access requirements. Domain local groups are mostly used to assign permissions to resources. Universal groups are used to assign permissions to related resources in multiple domains.
6. LSDOU: place user accounts into global groups, create a domain local group for group of resources to be shared in common, place the global groups into DLG, then assign permissions to the DLG.
7. For global groups, members come from only the local domain, but they can access resources in any domain.
8. For DLG members can come from any domain, but they can only access resources only in local domain.
9. For universal groups, members can come from any domain in the forest and they can access resources in any domain in the forest.