Active Directory (AD) is the Microsoft networked directory services. It contains users, groups, organizational units (OUs), computers, printers, and servers. AD has both a logical and a physical architecture. The logical architecture includes domains, domain trees, forests, and OUs. The physical architecture includes the AD sites and the servers that build the domain (the DCs). DNS provides the namespace for AD domains. AD domains look like Internet website domain names, such as company.local. AD sites provide improved control over replication and Group Policies for each location on your WAN. AD replication includes intrasite (within the site) replication and intersite (between sites) replication.
- Draw a diagram representing a small company with two locations. Assume that one domain will be used but an AD site will be defined for each location. Note the IP subnets that will be used at each site.
- List four object types that may be stored in an AD database.
- Research the different functional levels available for domains and forests in Windows Server 2008 and Windows Server 2008 R2.
- Open the hosts file and view the contents on a Windows machine.
Answers for Exercises
- Answers will vary, but the diagram should look similar to the one in Figure 5-9. The IP subnets should use different blocks of IP addresses.
- Answers will vary, but they should include a selection from the following: user accounts, groups, computers, servers, organizational units, and printers.
- The following site may be used: http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels(WS.10).aspx.
- The file is available in the c:\windows\system32\drivers\etc folder. Note the descriptions and sections of the file.
- 1. What is the last method attempted for hostname resolution before a Windows client gives up and returns an error indicating that the hostname could not be resolved?
- A. Network broadcast
- B. Lmhosts
- C. DNS server
- D. hosts
- 2. True or false: By default, AD does not have containers for storing user accounts and groups; you must create organizational units to hold them.
- 3. What process is used to ensure that all copies of the AD database are synchronized across AD servers?
- A. Replication
- B. Authentication
- C. Name resolution
- D. IP address mapping
- 4. What is the trust boundary in AD networks?
- 5. Which of the following server types are implemented in most organizations to support AD DS operations and client connections? (Choose two.)
- A. DNS
- B. IIS
- C. SharePoint
- D. DHCP
- 6. Define a domain tree.
- 7. Define an AD site.
- 8. What can be created directly between two child domains in different paths of an AD domain hierarchy in order to improve authentication efficiency?
- A. Global Catalog
- B. Site link
- C. Transitive trust
- D. Shortcut trust
- 9. How many domains must be implemented at a minimum when you want to implement AD and support three locations on your WAN?
- A. 1
- B. 3
- C. 6
- D. 9
- 10. True or false: You cannot use the AD Recycle Bin feature until your entire forest is in the Windows Server 2008 R2 functional level?
Answers for Review Questions
- 1. B The very last thing that is checked for resolution is the Lmhosts file, which contains NetBIOS names to IP address mappings.
- 2. False Built-in containers exist for storage of user accounts and groups. You can create organizational units for your own needs, but built-in containers do exist.
- 3. A Replication, which can be intersite or intrasite replication, is the process that ensures consistency across all copies of the AD database on different AD servers (DCs).
- 4. The forest. The forest is the trust boundary because all domains in a forest trust all other domains through some transitive trust path.
- 5. A, D DNS is implemented to provide hostname resolution. DNS is required in AD implementations. DHCP is implemented to provide IP configuration settings to computers. Although DHCP is not required, it does make network management easier.
- 6. A hierarchical group of domains sharing the same root namespace.
- 7. A location defined by IP subnets for intersite AD replication and potential use of unique site-based Group Policies.
- 8. D A shortcut or manual trust can be created directly between the two child domains so that the transitive trust path does not have to be traversed for authentication to occur.
- 9. A A single domain can span multiple sites, so you are required to create only one domain in this scenario.
- 10. True Windows Server 2008 R2 first introduced the AD Recycle Bin, and you must be at the Windows Server 2008 R2 functional level to take advantage of it. This also requires that all domains be at the Windows Server 2008 R2 functional level.