Sunday, July 23, 2017

Key Terms for Chapter 14

Comma-Separated Value (CSV) A text-based file format in which the data fields of a single record are recorded on a single line, separated by commas
Comma-Separated Value Directory Exchange (CSVDE): A command-line utility that can create new AD DS objects by importing information from a comma-separated value (.csv) file.
domain user: An account that can access AD DS or network-based resources, such as shared folders and printers.
Dsadd.exe: The standard command-line tool for creating AD DS leaf objects, which you can use with batch files to create AD DS objects in bulk.
header record: In a CSV file, the first line of the text file that uses proper attribute names.
LDAP Data Interchange Format (LDIF): A data file format for user records that you can use with the LDIFDE.exe utility.
LDAP Data Interchange Format Directory Exchange (LDIFDE): A utility that can import AD DS information and use it to add, delete, or modify
objects, in addition to modifying the schema, if necessary.
local user: An account that can access only resources on the local computer and that are stored in the local Security Account Manager (SAM)
database on the computer where they reside.
SAM account name: The AD DS attribute containing the user’s login ID.
Security Account Manager (SAM): The database on a local Windows computer where account information is stored.
Chapter 14- Creating and Managing Active Directory Users and Computers
Multiple choices
1.       What can be used to add, delete, or modify objects in Active Directory, in addition to modifying the schema if necessary?
2.       When using CSVDE, what is the first line of the text file that uses proper attribute names?
b. Header record
3.       Which of the following utilities do you use to perform an offline domain join?
c. djoin
4.       Which of the following is not a type of user account that is configured in Windows Server 2012 R2?
c. network accounts
5.       Which of the following are the two built –in user accounts created automatically on a computer running Windows Server 2012 R2?
c. Administrator
d. Guest
6.       What us the Windows PowerShell cmdlet syntax for creating a new user account?
7.       What is the Windows PowerShell cmdlet syntax for creating a new computer object?  
b. New-ADComputer –Name <computer name> -path <distinguished name>
8.       When using Netdom.exe to join an account, you may add the parameter [/OU:OUDN]. If this parameter is left out, where is the object placed?
c. In the Computers container
9.       Who may join a computer to the domain?
d. Members of the computer’s local Administrators group may join the computer to the domain.
Best Answer
1.       What is the primary means by which people access resources on an Active Directory Domain Service (AD DS) network?
d. By having a user account
2.       What differences matter most in creating a single user versus multiple users?
a. Single user creation is often done from the graphical user interface (GUI), whereas creating multiple users typically requires using command-line tools.
3.       What two graphical tools will help create either user or computer objects?
b. Active Directory Administrative Center and Active Directory Users and Computers
4.       What is a key benefit to using ADAC or the Active Directory Users and Computers console?
a..ADAC allows you to modify the properties of both multiple users and multiple computers at once,
5.       Are typical, authenticated users able to create computer objects in an Active Directory?
d. Yes, by default, users who are successfully authenticated to Active Directory are permitted to join up to 10 workstations to the domain, thus creating up to 10 associated computer objects  
Build a List
1.       Order the steps to create a user in Active Directory Users and Computers
a.. From the Tools menu in the Server Manager window, select Active Directory Users and Computers.
d. In the left, pane, find the domain in which you want to create the user objects and select a container in that domain. From the Action menu, select New > User. 
b. Type an initial password for the user in the Password and Confirm password fields.
c. Confirm the setting you configured and click Finish,
2.       Order the steps to create a user template.
d. From the Tools menu in the Server Manager window, select Active Directory User and Computers
c. In the left pane, find the domain in which you want to create the user object and select a container in that domain. From the Action menu, select New >User.
b. Type “Default Template,” or a similarly descriptive name, in the Full Name fields and an account name in the User logon name field.
a.. Specify an initial password. Clear the User must change password at next logon check box.
e. Select the Account is disabled a check box and click Next.
f. Finish new user creation and modify any attributes needed.
g. To use he template, right click the Default Template user object and, from the context menu, select Copy. The Copy object –User Wizard appears
3.       Order the steps that occur for a user to authenticate.
a..User attempts to log on to an AD domain. The client computer establishes a connection to a domain controller to authenticate the user’s identity.
d. the two systems perform a preliminary authentication by using their respective computer objects, to ensure both systems are part of the domain.
c. The two systems establish a secure communications channel over which the user authentication process begins.
b. The NetLogon service running on the client computer connects to the same service on the domain controller, and then each one verifies that the other system has a valid computer account.
Business Case Scenarios
Scenario 14-1
Creating User Objects You are a network administrator who is in the process of building an Active Directory network for a company named XXXXX, Inc., and you have to create user objects for the 75 users in the Inside Sales department. You have already created the domain and an OU called Inside Sales for this purpose. The Human Resources department has provided you with a list of the users’ names and has instructed you to create the account names by using the first initial and the last name. Each user object must also have the value Inside Sales in the Department property and XXXXX, Inc. in the Company property. Using the first name in the list, Oliver Cox, as an example, which of the following command-line formats would enable you to create the 75 user objects, with the required property values.
a.. dsadd “Oliver Cox” –company “XXXXX, Inc.” –dept “Inside Sales”
Scenario 14-2
You are preparing a new branch office with new computers. You would like to join the computers to the domain. Unfortunately, the branch office network is available. How would you proceed?
I would first go to the Domain Controller that is for the network. I would run within the command prompt Djoin/provision/domain <domain name>/machine <computer name>/ save file <filename.txt>. This should save the file so that you have it to run on the other computers. I would then go to the other computers that need to be joined. Go into the command prompt and type Djoin/requestODJ/loadfile <filename.txt>/%SystemRoot%/local os. That should load the computers into the network.


Business Continuity and Disaster Recovery

Miller, D. R., Pearson, B., Oriyano, & S.-P. (2014).  CISSP Training Kit . Redmond: Microsoft Press.