Pregunta | Respuesta |
Default Containers Inside ADDS | UserContainer: default container for user objects ComputersContainer: default contatiner for computer objects |
LDAP | Lightweight Directory Access Point (port 3389) -the protocol used to talk to the ADDS -sits on top of the TCP/IP stack and controls internet directory access |
Kerberos | Kerberos is used every time you log on to an ADDS-joined machine, as well as when you access network resources such as file shares and applications. Rather than transmit your actual password over the network, Kerberos operates with a series of tickets. |
3 Parts of Kerberos | 1. a client, server, and trusted third party (KDC) to mediate between them. 2. Clients obtain tickets from the Kerberos Key Distribution Center (KDC). 3. they present these tickets to servers when connections are established. |
KDC | A key distribution center (KDC) in cryptography is a system that is responsible for providing keys to the users in a network that shares sensitive or private data. |
TGT | a Ticket Granting Ticket or Ticket to Get Tickets (TGT) is a small, encrypted identification file with a limited validity period. ... The TGT file contains the session key, its expiration date, and the user's IP address, which protects the user from man-in-the-middle attacks. |
DNS | translates domain names into IP addresses, allowing you to access an Internet location by its domain name |
Domain Controller | 1. the main computer server in the domain that controls or manages all the computers within the domain 2. has an Active Directory database from which user accounts can be created and deleted, and security and access granted or revoked. |
Member Server | 1. a server role defined by Microsoft Active Directory (AD) 2. belongs to a domain but is not the domain controller. 3. belongs to a domain but is not the domain controller. |
NTLM | NT (New Technology) LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users. NTLM is the successor to the authentication protocol in Microsoft LAN Manager (LANMAN). Fallback if Kerberos is faulty. |
Time Service Tool | You can use W32tm.exe to configure Windows Time service settings and to diagnose time service problems. W32tm.exe is the preferred command-line tool for configuring, monitoring, or troubleshooting the Windows Time service. |
NTP | A protocol used to synchronize computer clock times in a network. It belongs to and is one of the oldest parts of the TCP/IP protocol suite. The term NTP applies to both the protocol and the client-server programs that run on computers. |
7 ADDS Logical Components | DOMAIN TREE FOREST OU SITE SCHEMA PARTITIOND |
4 ADDS Physical Components | DATA STORE DOMAIN CONTROLLERS GLOBAL CATALOG SERVER RODC: READ-ONLY DOMAIN CONTROLLER |
Domain | contains a group of computers that can be accessed and administered with a common set of rules |
Two Names for Domain in ADDS | NET BIOS DOMAIN NAME DNS DOMAIN NAME |
NETBIOS DOMAIN NAME | 1. down level domain name used to communicate with client computers & applications. 2. does not use DNS domain services. |
DNS Domain Name | 1. used thoughout administrative tools 2. used in authentication of client computers 3. only kerberos supported clients can use DNS domain name when they authenticate ADDS. 4. computer must run DSCIENT |
Replication Policy | Once you have separate domains, all of the changes to objects within the domain partition are replicated only to the domain controllers within the domain. The other domains do not "see" the changes. |
Account Policy | A document which outlines the requirements for requesting and maintaining an account on computer systems or networks, typically within an organization. |
Group Policy | a hierarchical infrastructure that allows a network administrator in charge of Microsoft's Active Directory to implement specific configurations for users and computers. ... Group Policy allows administrators to define security policies for users and for computers |
4 Main Contexts in ADDS | Domain Naming Configuration Schema Application Directory |
Domain Naming | Responsible for: User Accounts Group Accounts Computer Accounts It is synchronized with only domain controllers in same domain. |
Schema | Foundation of object structures for the entire forest. Replicates to all domain controllers in the forest. Schema Master: One domain controller in the forest can update the schema. |
Configuration in ADDS | Security- user accounts configured in one domain don't have access to resources in other domains. Responsible for tracking forest wide information, like sites, & subnets, related to configuration. |
Application Directory Partition in ADDS | Handles dynamic data and is used to store DNS information. |
Forest Wide Replication | Stores ADDS structures, (trees, forests, domains, and replication sites topology). Stores forest DNSZones partition. One per forest. |
Domain Wide Replication | Domain Name Container. Each domain has its own. Stores users, groups and computers. |
A Domain Name System zone file (DNS zone file) | A simple text file which is automatically bundled with DNS records. The file contains all the necessary information of all resources records for the particular domain. Alternatively, it can also contain the complete Internet Protocol to domain mapping of the domain. |
Active Directory Tree | 1. Tied to the DNS name space. 2. Name of tree in the forest or its child. 3. Follow the 2-way transitive trusts that are created in its forest. 4. Parent tree and child carry the same DNS extension. |
Active Directory Forests | 1. Has at least one tree. 2. Structured at the installation of the 1st domain controller for a new domain. Create forest at the DC wizard. 3. Need tool to document forest structure. |
Global Catalog | 1. PAS 2. Phone directory for the ADDS. 3. Has every object from every domain represented without their attributes. 4. Name, phone number, email, and address. |
PAS | Partial Attribute Set A Microsoft Active Directory concept defined as the subset of attributes that replicate to partial naming context (NC) replicas. |
OU | Organizational Units Objects in the domain that help organized the other objects in the domain. Cannot span multiple domains. Hierarchy within the domain. |
2 Security Purposes for OU's | 1. Admin can delegate tasks to users. 2. Deployment of GPO's. |
GPO | Group Policy Object A GPO defines rules for users, computers, groups and organizational units (OUs). GPOs are used to establish security settings, install applications, run scripts, set group preferences and configure the Registry. |
SITES IN ADDS | 1. Controls replication between domain controllers. 2. Access to resources on site before going on WAN. 3. Contains domain controllers form different domains. 4. Represented by subnets. |
Subnets | How client computers track down resources in their own site using DNS. |
¿Quieres crear tus propias Fichas gratiscon GoConqr? Más información.