Active Directory - Question and Answer

What is Active Directory?
The Windows directory service that stores information about all objects on the computer network and makes this information easy for administrators and users to find and apply. With the Active Directory, users can gain access to resources anywhere on the network with a single logon. Similarly, administrators have a single point of administration for all objects on the network, which can be viewed in a hierarchical structure.

What is the campus Windows AD Domain?
Active Directory is the directory service in a Windows network. The directory service stores information about network resources and makes the resources accessible to users and applications. Andrew Windows includes the ad.cmu.edu forest root domain. This is the top level naming structure. Andrew Windows also includes the andrew.ad.cmu.edu domain within the forest.

What is a forest?
A forest refers to an organizational structure that is a group of one or more trusted Windows trees. A forest shares a schema and global catalog servers. A single tree can also be called a forest.

What is a tree?
A tree is basically a domain or domains connected together in a hierarchy. The trees are linked together via a two-way transitive trust, sharing a common schema, configuration, and global catalog.

What departments should consider joining the AD domain?
For departments running Netware, this is a great migration strategy. Departments interested in single sign-on andrew accounts, cross-departmental information sharing, automating machine installs via RIS and GPO's, NT4 departments, domains with limited support personnel, and departments running stand-alone Windows 2000 or 2003 Servers are some of the reasons to consider the AD domain.

How can I do a remote install of an operating system?
Many newer computers support the PXE standard that is built in the latest network adapters that will let you install an operating system. Because no CD is required you can build many machines much faster. You can also have software deployed that you've defined in a Group Policy Object.

What is the purpose of the AD password reset?
If you are accessing an Active Directory resource (such as a shared folder) from a non-Kerberos computer (Win9x, WinNT) or a non-domain machine, you are required to reset your Active Directory password. Client Machines use Kerberos referrals to get credentials from the Andrew UNIX KDC's.Therefore, machines that can not understand the Kerberos referrals need to directly set the Active Directory password.

Can I have my own AD infrastructure?
DNS Support for External Forests will be available via NetReg, and the forest structure will reside under "win.cmu.edu". Send Domain request to netdev@andrew.cmu.edu; Specifing Domain name (e.g. example.win.cmu.edu) andDomain Controllers (e.g. dc1.example.win.cmu.edu, dc2.example.win.cmu.edu).

How do I prepare to join the AD domain?
You must have administrative access to a Departmental Organizational Unit (OU). To request an Organizational Unit (OU) for your department send Email to advisor@andrew.cmu.edu. You will also want to refer the documents available on this website.

What Operating Systems are supported on the AD domain?
Only modern Windows computers and servers are permitted to be part of the AD domain.

What is an Organizational Unit (OU)?
A Windows OU is an organization unit (a directory container) for grouping similar accounts or machines. OUs are used to provide a means of delegating authority over a group of accounts or machines to a person (the local administrator).

What is inheritance, and how does it work?
Group Policy is passed down from parent to child containers within a domain, which you can view by using the Active Directory Users and Computers snap-in tool. If you assign a specific Group Policy setting to a high-level parent container, that Group Policy setting applies to all containers beneath the parent container, including the user and computer objects in each container. You can block policy inheritance at the domain or organizational-unit level by opening the properties dialog box for the domain or organizational unit and selecting the Block Policy inheritance check box.

How do I administer my OU?
From a computer that is on the AD domain you will install the the Active Directory Users and Computers snap-in tool. The tool is located on the Windows Server installation CD in the \i386 directory. Run adminpak.msi to install it.

Can departments block ou's on their parent?
Group Policy Objects applied at a parent level in Active Directory will be applied to all child objects. Currently, there is one Group Policy Objects being applied at the Domain level of the tree. The Andrew Core GPO configures domain machines to function with the core Andrew Kerberos applications (e.g. NiftyTelnet, KerbFTP, Oracle Calendar, Mulberry) and is inherited by all machines in the Andrew Domain.

You can block Top Level Group Policy Objects from being applied at the Organizational Unit (OU) level. Blocking prevents inheritance of GPO's from parent objects, but they can still be explicitly assigned at the Organizational Unit (OU) level.




What is bridgehead server?
A bridgehead server is a domain controller in each site, which is used as a contact point to receive and replicate data between sites. For intersite replication, KCC designates one of the domain controllers as a bridgehead server. In case the server is down, KCC designates another one from the domain controller. When a bridgehead server receives replication updates from another site, it replicates the data to the other domain controllers within its site.

What is universal group membership caching?
Universal group membership caching is a feature of Windows 2003, which reduces the need of placing Global Catalog servers at all the remote locations for user authentication. The universal group membership caching feature can be enabled on any domain controller in a site. The domain controller, with universal group membership caching enabled, contacts a Global Catalog server whenever a user attempts to log on for the first time. The server then caches the user information locally and uses this information to authenticate the user the next time he attempts to log on. Note: Universal group membership caching can handle only the logon authentication part of a Global Catalog server. It is not capable of handling directory-wide queries.

What is GPO?
Group policy object (GPO) is a collection of group policy settings. It can be created using a Windows utility known as the Group Policy snap-in. GPO affects the user and computer accounts located in sites, domains, and organizational units (OUs). The Windows 2000/2003 operating system supports two types of GPOs, local and non-local (Active Directory-based) GPOs.


What is Active Directory schema?

What are the domain functional level in Windows Server 2003?

What are the forest functional level in Windows Server 2003?

What is global catalog server?

How we can raise domain functional & forest functional level in Windows Server 2003?

Which is the deafult protocol used in directory services?

What is IPv6?

What is the default domain functional level in Windows Server 2003?

What are the physical & logical components of ADS

In which domain functional level, we can rename domain name?

What is multimaster replication?

What is a site?

Which is the command used to remove active directory from a domain controller?

How we can create console, which contain schema?

What is trust?

What is the file that’s responsible for keep all Active Directory database?

No comments: