+ Reply to Thread
Results 1 to 1 of 1

Thread: 294 Notes

  1. Senior Member
    Join Date
    Aug 2008
    Posts
    2,666

    Certifications
    MCSE: Security, MCTS x 5, P+, S+, N+, A+, HIT
    #1

    Default 294 Notes

    These are some of my notes from studying for the 294. I have also typed up all the study questions along with the answers. If you want those, PM your email address as I am feeling too lazy to post them

    Chapter 1:
    1. A directory service stores all the information needed to use and manage system objects in a centralized location, simplifying the process of locating and managing resources.
    2. Data stored in AD is organized into objects, which have attributes. The schema defines objects that can be stored in AD.
    3. The logical structures in an organization are represented by domains, OUs, trees, and forest.
    4. Physical components of AD are sites and DCs
    5. The GC is the central repository of info about objects in the tree or forest.
    6. The info stored in the directory is logically partitioned into 4 units of replication in the following partitions: schema partition, configuration partition, domain partition, and application partition.
    7. AD replicated either INTER- or INTRA- site.
    8. Trust relationship is a link between domains in which the trusting domain honors the logon authentication of the trusted domain. 2k3 server supports the following trust relationships: tree-root, parent-child, shortcut, external, forest, and realm.
    9. GP are collections of user and PC configuration settings that can be linked to PCs, sites, domains, and OUs to specify behavior of user’s desktops
    10. Infrastructure design process consists of: (1) creating a forest plan, (2) creating domain plan, (3) creating an OU plan, (4) creating site topology plan.
    11. Try to create on forest to keep it simple, keep the domains to a minimum.
    12. 3 reasons to define an OU: (1) delegate administration (2) hide objects (3) administer GP.
    13. Main purpose of the site is to optimize network traffic.

    Chapter 2:

    1. Before installing AD, you must determine the domain structure, domain names, and storage location of database and log files, sysvol, and DNS configuration method.
    2. Begin domain structure with dedicated root domain and add child domains to meet requirements.
    3. Forest root domain is the first domain you create in AD. Must be centrally managed.
    4. Default location of database and log files is %systemroot%\Ntds, can change as needed.
    5. You can install AD by using: (1) configure your server wizard, (2) add/remove programs, (3) by using network/backup media, (4) unattended installation.
    6. Create the answer file by using the AD installation wizard.
    7. Remove DCs by using dcpromo.
    8. Can troubleshoot by using the following tools: Directory service log, netdiag, Dcdiag, Ntdsutil.
    Chapter 3:

    1. 3 AD management tools are available in admin. tools. The schema management needs to be added by typing regsvr32 schmmgmt.dll in the run bar, this adds the snap-in to the MMC
    2. 4 domain functional levels (1) 2000 mixed, (2) 2000 native, (3) 2003 interim, (4) 2003
    3. 3 forest functional levels: (1) 2000, (2) 2003 interim, (3) 2003.
    4. You can add alternative UPN suffixes to simplify administration and user logon process, providing a single UPN suffix for all users.
    5. There are 2 types of MMCs: custom and preconfigured.
    6. Snap-ins are apps designed to perform administrative tasks. 2 types: standalone and extensions. Standalones are referred to simply as snap-ins. Extensions are “extensions” and provide administrative functionality to another snap-in.
    7. 2 console modes: author – provides full access to all MMC functionality. User mode – the user cannot add, remove, save the MMC.
    8. Before backing up AD data, prepare the files to be backed up, get removable media.
    9. AD and sysvol directory are contained in system state.
    10. Can back up on demand, or schedule.
    11. Can restore AD by performing a nonauthoritative restore, the distributed services on DC are restored from backup media, and then updated through replication.
    12. Authoritative restore brings the domain or DC back to the state it was in at the time of backup.
    13. Before restoring AD, make sure you can access all locations that require restoration of files.
    14. Must be in directory restore mode to restore AD.
    Chapter 4:

    1. Create multiple domains to meet security requirements, meet administrative requirements, optimize replication traffic, or retain NT domains.
    2. Recommended # of trees in forest is 1, you might need to have more than one if you have more than 1 DNS name
    3. Use dcpromo to create more forests, domains, or add DCs.
    4. You can rename the domains in a forest only if all DCs are 2k3, domain is 2k3, forest is 2k3.
    5. User random.exe to rename or restructure the domain.
    6. Operations roles are single-master.
    7. Forest-wide operations master roles: Schema master, which controls all updates and modifications to the schema. Domain naming master controls the addition or removal of domains in the forest.
    8. Domain-wide OMRs. RID (relative ID master, which allocates sequences of RIDs to objects. Whenever the DC creates a user, group, or computer object it assigns the object a unique security ID, consisting of domain security ID (which is the same for all) and a unique relative ID.
    9. To move an object between domains, use movetree.exe.
    10. PDC emulator: allows communication between domains that don’t have 2003 client software, it acts as a BDC NT.
    11. Infrastructure master role is responsible for updating the group to user preferences whenever they are renamed.
    12. To transfer a master role is to move it with the cooperation of its current owner. You can transfer to other DCs in forest or domain to balance the load.
    13. To seize a master role is to move it w/o the cooperation of owner. Done when the current owner is dead or not working.
    14. Trust relationship is a link between 2 domains in which the trusting domain honors the logon authentication of the trusted domain.
    15. Trusts can be automatically or manually made, one or two way, transitive or non-transitive.
    Last edited by Psoasman; 09-16-2009 at 11:45 PM.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks