Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
51 Cards in this Set
- Front
- Back
What service uses port 389? |
LDAP
|
|
What PowerShell cmdlet gets the resultant password replication policy for an account? |
the Get-ADAccountResultantPasswordReplicationPolicy cmdlet
|
|
Why should you use the CustomDCCloneAllowList.xml file when cloning a virtual domain controller?
|
This file is required if there are applications or services that were not recognized by the system as supporting cloning, and therefore were not added to the DefaultDCCloneAllowList.xml file
|
|
To use Kerberos authentication with SQL Server, which two conditions are required
|
1. The client and server computers must be part of the same Windows domain, or in trusted domains. 2. Service Principal Name (SPN) must be registered with Active Directory |
|
What commands must you run at the ntdsutil prompt to clean up server metadata?
|
metadata cleanup remove selected server <ServerName>
|
|
Which type of account in Windows Server 2008 R2 and above is a managed domain account that provides simplified SPN management and automatic password management?
|
Managed service account
|
|
What is a prerequisite for performing a cloning of a virtual domain controller?
|
the PDC emulator role must be running on domain controller running Windows Server 2012 or higher
|
|
What PowerShell statement will enable the Active Directory Recycle Bin for the verigon.com forest in order to restore deleted objects in Active Directory Domain Services (AD DS)?
|
Enable-ADOptionalFeature Identity 'CN=Recycle Bin Feature,CN=Optional Features,CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=verigon,DC=com' Scope ForestOrConfigurationSet Target 'verigon.com'
|
|
Which parameter of the Move-ADDirectoryServerOperationMasterRole cmdlet will allow you to seize a master operations role?
|
-Force
|
|
In what location is a sample DCCloneConfig.xml file that can be edited and used for cloning?
|
%windir%\system32
|
|
What setspn.exe command is used to create an SPN?
|
the setspn -s command
|
|
What tools can you use to view the contents of a mounted Active Directory snapshot?
|
Active Directory Users and Computers (DSA.msc), ADSIEDIT.msc, or LDP.exe
|
|
What would you run from the command line to register SPN http/srv55.nutex.com for a Windows Server 2012 R2 server named srv55?
|
setspn -S http/srv55.nutex.com srv55
|
|
What two conditions govern the presence or absence of the Delegation tab on the properties of a service?
|
an SPN must exist and the domain must be at the Windows Server 2003 level, or later
|
|
To what container should you set the Base DN to in the Search box of the ldp.exe tool when performing tombstone reanimation of a user account in nutex.com?
|
CN=Deleted Users, DC=nutex, DC=com
|
|
What GUI tools can you use to clean up server metadata in Windows Server?
|
Active Directory Sites and Services, Active Directory Users and Computers
|
|
Which four tools can be used to create a Password Settings Object (PSO)?
|
The Active Directory module for Windows PowerShell, Active Directory Service Interfaces Editor (ADSI Edit), Active Directory Administrative Center, and ldifde.exe
|
|
When do you choose to import an object that has been exported from an Active Directory snapshot instead of retrieving an object from the Active Directory Recycle Bin?
|
When you want to reset the values of an object's attributes to a previous value
|
|
What utility is used to expose a mounted snapshot to LDAP services?
|
dsamain
|
|
What setspn.exe command will list all SPNs of services on the Web server? |
setspn -l |
|
When you use the Dsamain tool to offer LDAP services to a mounted ntds.dit file, which port number can you NOT use for the ldapport number? |
389 |
|
What PowerShell cmdlet generates a password for a user, given all the policies that have been applied? |
the Get-Random |
|
Which cmdlet is used to restore deleted objects from the Active Directory Recycle Bin to their original location? |
Restore-ADObject |
|
What parameter of the Install-ADDSDomainController cmdlet is used to install and configure DNS on the domain controller? |
The -InstallDns parameter |
|
If you have enabled the Active Directory Recycle Bin in the forest, what container in Active Directory will contain users, groups, and other objects after they have been deleted? |
The Deleted Objects container |
|
What parameter of the Install-ADDSDomainController cmdlet is used to prevent the replication of certain passwords to the domain controller? |
the -DenyPasswordReplicationAccountName<String> parameter |
|
What Internet-standard file format can you use to perform batch operations against directories that conform to Lightweight Directory Access Protocol (LDAP) standards? |
LDAP Data Interchange Format (LDIF) |
|
Which Kerberos policy setting determines whether the KDC validates a session ticket request against the user rights policy of the account? |
Enforce user login restrictions |
|
What PowerShell cmdlet would allow you to view the settings of a Password Settings Object (PSO)? |
the Get-ADFineGrainedPasswordPolicy cmdlet |
|
When cloning a virtual domain controller, in which three possible locations can you place the DCCloneConfig.xml file? |
The directory where the DIT resides, %windir%\NTDS, or the root of a removable media drive. |
|
Besides using a GUI tool, what command-line utility can you use to clean up server metadata? |
ntdsutil |
|
What additional step is required to view deleted objects after setting the Base DN to in the Search box of the ldp.exe tool when performing tombstone reanimation of a user account? |
Use the Return deleted objects control to view deleted objects and perform operations on the objects. |
|
Which forest functional level is required to support the Active Directory Recycle Bin? |
Windows Server 2008 R2 or above forest functional level |
|
Which Kerberos policy setting determines the maximum time difference that Kerberos V5 tolerates between the client clock and the clock on the domain controller that performs authentication? |
Maximum tolerance for computer clock synchronization |
|
What PowerShell cmdlet gets the members of the allowed list or denied list of a read-only domain controller's password replication policy? |
the Get-ADDomainControllerPasswordReplicationPolicy cmdlet |
|
Which container in the verigon.com forest is called the Recycle Bin and contains objects that have been deleted from Active Directory? |
the CN=Deleted Objects, DC=verigon, DC=com container |
|
What would you run from the command line to list the currently registered SPNs for a Windows Server 2012 R2 server named srv55? |
setspn -l srv55 |
|
What parameter of the Install-ADDSDomainController cmdlet is used to delegate administration of a domain controller? |
the -DelegatedAdministratorAccountName<String> parameter |
|
How can you restore the values of an object's attributes after they have been modified? |
Mount an Active Directory snapshot, export the object, and import the object to the live Active Directory database. |
|
When cloning a virtual domain controller, what XML file MUST be present in one of three locations: the directory where the directory information tree resides, %windir%\NTDS, or the root of a removable media drive? |
The DCCloneConfig.xml file |
|
Which forest functional level is required to enable the Active Directory Recycle Bin? |
Windows Server 2008 R2 or higher |
|
While the graphical version of dcpromo.exe has been deprecated in Windows Server 2012, what command line function of dcpromo.exe can you still perform in Windows Server 2012 R2? |
You can still run dcpromo /unattend from a command prompt, and perform unattended installations |
|
What command is used to mount a snapshot? |
ntdsutil |
|
What GUI tool will allow you to enable the Active Directory Recycle Bin? |
Active Directory Administrative Center |
|
What setspn.exe command is used to delete an SPN? |
the setspn -d command |
|
When cloning a virtual domain controller, what XML files MUST be present on the source domain controller in % windir%\system32? |
The DefaultDCCloneAllowList.xml files must be located in %windir%\system32. |
|
Using ntdsutil.exe, what is the correct series of commands to move the Active Directory database on a domain controller named DC2 to a new and larger volume on the same server? |
net stop ntds Ntdsutil activate instance ntds files move db to f:\NewDirectory |
|
What tool is used to perform tombstone reanimation? |
the ldp.exe tool |
|
When specifying an account to be used as the security context of a service, what is the correct syntax for the account name in the This account dialog box on the Log On tab of the properties of the service? |
You must append a $ to it or you will receive an error message |
|
Which cmdlet will allow you to transfer a master operations role?
|
Move-ADDirectoryServerOperationMasterRole
|
|
What PowerShell cmdlet is used to create an additional domain controller?
|
the Install-ADDSDomainController cmdlet
|