Wenatchee Valley College - CTS Discussion Board

You are not logged in. Would you like to login or register?



2/05/2020 1:31 pm  #1


Chapter 4 Solutions

Chapter 4 Solutions Review Questions 
[list=1]

  • Your company has four departments: Marketing and Sales, Manufacturing, Product Research, and Business. Which of the following Active Directory container design plans might you use to best manage the user accounts and network access needs of each department?

  • Answer: c. Create four OUs in one domain. 
    [list=1]
  • Using the example in Question 1, what Active Directory capability can you use to establish different account lockout policies for each of the four departments?

  • Answer: a. fine-grained password policies 
    [list=1]
  • Your colleague has installed Active Directory Domain Services as a server role, but he has discovered that Active Directory cannot be used at this point. What next step must he take to get Active Directory ready for use?

  • Answer: c. He must perform initial configuration to promote the server housing the Active Directory Domain Services role to a domain controller. 
    [list=1]
  • You receive a message that Active Directory Domain Services has experienced an error and the Active Directory Domain Services service must be stopped and restarted. Which of the following tools can you use? (Choose all that apply.)

  • Answer: a. Component Services 
    [list=1]
  • Which of the following server operating systems can be used when the domains in Windows Server 2016 Active Directory are set at the Windows Server 2012 domain functional level? (Choose all that apply.)

  • Answer: c. Windows Server 2012 R2 and d. Windows Server 2016 
    [list=1]
  • Domains in a tree are in a _____ relationship.

  • Answer: Kerberos transitive trust relationship 
    [list=1]
  • What tool can you use to manage fine-grained password policies?

  • Answer: b. Active Directory Administrative Center 
    [list=1]
  • A _____ is a unique number associated with each object in AD DS.

  • Answer: globally unique identifier (GUID) 
    [list=1]
  • Your school has a parent object named straton.edu and the child object names stratonalum.org and studentarts.org. What kind of namespace is this?

  • Answer: a. disjointed 
    [list=1]
  • Your company’s management has decided that the accounts in all OUs should be set up and managed by the Information Technology department’s security specialist. As the AD DS administrator, how can you best give this capability to the security specialist?

  • Answer: c. Use the delegate control feature to give her control of the OUs that contain user accounts. 
    [list=1]
  • A local security group is used on a ________ server.

  • Answer: stand-alone 
    [list=1]
  • Which of the following are actions performed by the global catalog? (Choose all that apply.)

  • Answer: a. provides lookup and access to all resources in all domains and d. authenticates users when they sign on 
    [list=1]
  • You work for a bank that has five branch offices and one to two servers are located at each branch office. For best security, what kind of domain controller should be used at each branch office?

  • Answer: d. A Read-Only Domain Controller 
    [list=1]
  • You are creating a special user profile for all members of the inventory control unit in your business. After you create the profile, what tool can you use to copy it to all of the user accounts in the inventory control unit?

  • Answer: b. System applet in Control Panel 
    [list=1]
  • Which of the following is true about all trees in a forest? (Choose all that apply.)

  • Answer: a. They all use the same schema and c. They all use the same global catalog. 
    [list=1]
  • The list of security descriptors associated with a user account in Active Directory is called a(n) _________.

  • Answer: access control list 
    [list=1]
  • A site reflects interconnected _____ and is used for DC _____.

  • Answer: subnets, replication 
    [list=1]
  • You manage the servers for your city government. You’ve installed a new Windows Server 2016 server and one of your first tasks is to configure user accounts for the police patrol division. All of the police officers will have the same security configuration on their user accounts. Which of the following is a good practice for managing the security on these user accounts?

  • Answer: b. Create a global security group and make all of the user accounts members. 
    [list=1]
  • To reset a password, you use the _____ tool.

  • Answer: Active Directory Users and Computers 
    [list=1]
  • Which of the following are required attributes for a user account? (Choose all that apply.)

  • Answer: a. domain, b. user’s full name, c. password, and d. logon name Hands-On Projects Tips and Solutions for Chapter 4 Activity 4-1 In this activity students install the Active Directory Domain Services role. Note that a DNS server should already be installed on the network. In Step 11, a minimum of two domain controllers are recommended for a single domain. In Step 23, the typical default file locations are as follows:

    • Database folder: C:\Windows\NTDS
    • Log files folder: C:\Windows\NTDS
    • SYSVOL folder: C:\Windows\SYSVOL

     You might note that NT is used in many places in Windows Server systems. NT refers back to the original Windows Server NT. Activity 4-2 In this activity, students learn how to access the Active Directory Domains and Trusts tool for managing a domain. In Step 4, there are three tabs that are used to control the properties of domain management. The General tab provides the NetBIOS (pre-Windows 2000) domain name and a text box for a domain description. The Trusts tab is used to display existing trusted (outgoing trusts) and trusting (incoming trust) relationships and provide the ability to modify trust relationships. The Managed By tab is used to set up a manager for the domain, including providing name, address, office, telephone, and fax information Activity 4-3 This activity enables students to create an OU and delegate authority over it. In Step 5, the options on the menu are:

    • Delegate Control
    • Move
    • Find
    • New
    • All Tasks
    • Cut
    • Delete
    • Rename
    • Properties
    • Help

     Activity 4-4 This project enables students to practice creating a user account via the Active Directory Users and Computers tool. In Step 3, the Administrator, DefaultAccount, and Guest accounts are already created by default. Other objects in the Users folder can include the following groups:

    • Allowed RODC Password Replication Group
    • Cert Publishers
    • Cloneable Domain Controllers
    • Denied RODC Password Replication Group
    • DHCP Administrators
    • DHCP Users
    • DnsAdmins
    • DnsUpdateProxy
    • Domain Admins
    • Domain Computers
    • Domain Controllers
    • Domain Guests
    • Domain Users
    • Enterprise Admins
    • Enterprise Key Admins
    • Enterprise Read-only Domain Controllers
    • Group Policy Creator Owners
    • Key Admins
    • Protected Users
    • RAS and IAS Servers
    • Read-only Domain Controllers
    • Schema Admins

     In Step 5, the Full name, domain name, and pre-Windows 2000 name are filled in automatically. Activity 4-5 In this project, students practice disabling the account they created in Activity 4-4. Next, they rename the account and then enable it. Consider using this activity as an opportunity to discuss situations in which to disable accounts. Compare this to having an account expire on a specified date, rather than disabling it. In Step 8, the down arrow inside the white circle should disappear from the icon on the account listing in the Users folder. Activity 4-6 This project enables students to practice moving an account from one OU to another, as they might in an organization in which people change departments. Activity 4-7 In this activity, students reset a password. When students do this activity, consider discussing why it is desirable for account administrators to be unaware of a particular account’s password and why it simply cannot be looked up. Also, if you have experience with financial or system auditors, discuss the account management practices you are familiar with in relation to audits. Activity 4-8 This project enables students to learn how to delete an account. The success of the activity is indicated when the account no longer exists in the Active Directory Users and Computers console. To supplement this activity, you might have students work individually or in groups creating a sample policy for an organization that specifies the circumstances in which an account is deleted. Or, obtain a sample policy from an organization and discuss it in class. Activity 4-9 In this project, students create a domain local group, a global group, and make the global group a member of the domain local group. In Step 4, the defaults for the group are:

    • Global for the scope
    • Security for the group type

     In Step 20, there should be no members in the domain local group. Case Projects Advanced Sounds makes audio systems for home entertainment centers, computers, industry, and motor vehicles. Over the past ten years this company has pioneered new technologies in audio systems, which have spurred rapid growth. The company has one large office, research, and manufacturing complex in New York City. This complex is divided into the following divisions: Business, Research and Development, Manufacturing, and Distribution. Parts manufacturing centers are located in Quebec City and in Montreal. Advanced Sounds also has seven outlet stores in New York City, four outlets in Quebec City, and two in Montreal. Each outlet store has a WAN connection to the central office computer center in New York City. Advanced Sounds is engaging in a full upgrade of its Windows Server 2008 R2 network to Windows Server 2016. The upgrade includes using Windows Server 2016 Active Directory. Advanced Sounds has pioneered many technological innovations and is very concerned about keeping its network and computer systems secure. Their Information Technology (IT) Department hires you to help them implement Windows Server 2016 Active Directory. Case Project 4-1: Active Directory Installation Planning Advanced Sounds IT Department has formed a small installation planning committee consisting of the IT server operations manager, two system programmers, the current Active Directory administrator, and you. After the first meeting they have asked you to prepare a small report to address the following questions:

    • What tools are used in Windows Server 2016 to install Active Directory?
    • What information is needed for the initial installation involving these tools?
    • What special considerations exist in terms of having both Windows Server 2008 R2 and Windows Server 2016 servers as DCs?

    Answer: 

    • In answer to the first bulleted item, there is one tool to use when installing Active Directory. First, Server Manager is used to install the AD DS server role. Next, Server Manager is again used to promote the server to a domain controller.
    • In terms of the second bulleted item, students should mention the following as information that is good to have prior to the installation:

      • What domains, trees, and forests to use in the upgrade plan.
      • Ensure there is a DNS server already installed.
      • Ensure each new Windows Server 2016 DC will have a permanent IP address.
      • Whether to create a new domain in a new forest or to join as a new domain in an existing forest.
      • What domain names to use and whether to use a continuous or disjointed namespace.
      • Whether to use additional domain controller options in the Additional Domain Controller Options window.
      • A password to use in case Active Directory needs to be started in the Directory Services Restore Mode.

    • The special consideration is to plan to configure Active Directory for the Windows Server 2008 R2 forest functional level, which enables having both Windows Server 2008 R2 and Windows Server 2016 DCs (as well as Windows Server 2012 and Server 2012 R2 DCs).

     Case Project 4-2: Active Directory DesignDue to a political decision several years ago, there is only one forest and domain for this company. Given what you know about the company’s basic structure, how many forests, trees, and domains do you recommend? Do you recommend any sites? Note that there are four IP subnets at the New York City complex and two IP subnets at each of the Quebec City and Montreal locations. Create a report and if you have access to drawing software, create a diagram of your proposed design.Answer: Students have some latitude to come up with different designs in this situation. One model would have one forest for the entire company and one tree for each of the locations: New York City, Quebec City, and Montreal. There might be one parent domain to reflect the name of the company. Each division in the main complex might have its own child domain. Also, there could be child domains for the Quebec City and Montreal locations. Because all locations are under the same broad company name (Advanced Sounds) the namespace could be contiguous, however, students could also make a case for a disjointed namespace as well, to identify the locations of the Quebec City and Montreal plants, for example. Because there are existing IP subnets, the company might create three sites, one for the New York City location consisting of four IP subnets and one each for the Quebec City and Montreal locations —enabling Active Directory replication to be managed over the WAN link(s). Additional sites may need to be configured, such as between subnets in separate buildings, also to manage replication and provide the fastest authorization onto the networks. Case Project 4-3: Creating OUs Until now, user accounts have been stored in only three OUs in the single domain. There is currently one OU for each of the New York City, Quebec City, and Montreal locations. The Advanced Sounds installation planning committee has decided to adopt your Active Directory structure proposed in Case Project 4-2, and now they want to also create OUs for each division in the company and place these under the domains that you have proposed. Further, the committee wants to have a computer technical specialist in each division to manage its OU and the user accounts under it. To help accomplish this, the committee asks you to create an instructional document that shows how to create an OU and delegate authority. Answer: Students might compose a set of instructions like the following: 
    [list=1]
  • Open Server Manager, click Tools, and click Active Directory Users and Computers.
  • Right-click the appropriate domain in the tree of the left pane, point to New, and click Organizational Unit.
  • Enter the name of the OU and click OK.
  • Click the arrow in front of the domain in the left pane so that you can see the OU you created listed under the domain.
  • Right-click the OU and click Delegate Control.
  • Click Next when the Delegation of Control Wizard starts.
  • Click Add.
  • Click the Advanced button.
  • Click Find Now.
  • Select the user account or accounts that will manage the OU. Click OK.
  • Click OK in the Select Users, Computers, or Groups dialog box.
  • Click Next in the Delegation of Control Wizard.
  • Click the box for Create, delete, and manage user accounts.
  • Click Next.
  • Review the tasks that you have completed and then click Finish.
  • Close the Active Directory Users and Computers window.

  •  Case Project 4-4: Installing Servers at the Outlet Stores All of the outlet stores have grown and have their own networks with ten or more workstations. In the past, these stores have not had network connectivity to the home complex. However, this has created many problems due to extra paperwork and outdated handling of data. The installation committee would like to install WAN links to each outlet store and place servers in them. For efficiency, they would like to have the servers installed with Active Directory. Create a short report of your recommendations for installing a server at these outlet stores, and include the reasoning behind your recommendations. Answer: In this situation it makes sense to install RODCs at the outlet stores. The advantages for using RODCs include the following:

    • They can function as Key Distribution Centers for the local users to make network access more efficient.
    • They are more secure than a DC in this situation, because they do not have the full set of account credentials for all users in the company (only for the local users) and because the Active Directory contents is read-only.
    • They can have access to DFS files, but for security no DFS files are stored on the RODC.
    • They can also be configured as DNS servers.
    • They can be secured by using BitLocker Drive Encryption.
    • Management authority for the RODC can be delegated to an employee at the outlet store.

     

     

    Board footera

     

    Powered by Boardhost. Create a Free Forum