MS Server 2008 Quiz 8

1. The Infrastructure Master FSMO role is responsible for reference updates from its domain objects to other domains.

True

False

2. What tool is used to seize a FSMO role?

Ntosutil

Ntdsutil

Dcpromo

Adutil

The ntdsutil utility allows you to transfer and seize FSMO roles. When you use this tool to seize a FSMO role, the tool attempts a transfer from the current role owner first. Ntdsutil will only actually seize the role if the existing FSMO holder is unavailable.

Explanation

The ntdsutil utility allows you to transfer and seize FSMO roles. When you use this tool to seize a FSMO role, the tool attempts a transfer from the current role owner first. Ntdsutil will only actually seize the role if the existing FSMO holder is unavailable.

3. How many FSMO roles does Active Directory support?

2

5

10

12

Active Directory supports five FSMO roles. Their functionality is divided between domain-wide and forest-wide FSMOs.

Explanation

Active Directory supports five FSMO roles. Their functionality is divided between domain-wide and forest-wide FSMOs.

4. Which of these design aspects should you consider when planning the appropriate location of FSMO role holders?

Number of domains that are or will be part of the forest

Physical structure of the network

Number of domain controllers that will be available in each domain

All of the above

Planning the appropriate locations for FSMO role holders requires that you consider the following design aspects: the number of domains that are or will be part of the forest, the physical structure of the network, and the number of domain controllers that will be available in each domain.

Explanation

Planning the appropriate locations for FSMO role holders requires that you consider the following design aspects: the number of domains that are or will be part of the forest, the physical structure of the network, and the number of domain controllers that will be available in each domain.

5. What holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest?

Domain controller

Global catalog

DNS server

DHCP server

The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS).

Explanation

The global catalog holds a subset of forest-wide Active Directory objects and acts as a central repository by holding a complete copy of all objects from the host server’s local domain with a partial copy of all objects from other domains within the same forest, called the partial attribute set (PAS).

6. What port is used by Active Directory to direct search requests to a global catalog server?

3629

3389

3268

3232

When a user initiates a search for an object in Active Directory, the request is automatically sent to TCP port 3268, which is used by Active Directory to direct these requests to a global catalog server. One of the SRV records used by Active Directory refers to the global catalog, or _gc, service, which listens on port 3268 to respond to these requests.

Explanation

When a user initiates a search for an object in Active Directory, the request is automatically sent to TCP port 3268, which is used by Active Directory to direct these requests to a global catalog server. One of the SRV records used by Active Directory refers to the global catalog, or _gc, service, which listens on port 3268 to respond to these requests.

7. What process is used when you move a FSMO role gracefully from one domain controller to another?

Role seizure

Role transfer

Role migration

Role separation

The role transfer process is used when you move a FSMO role gracefully from one domain controller to another. You can transfer FSMO roles from one domain controller to another to improve Active Directory performance or as a temporary measure when a domain controller will be taken offline for maintenance.

Explanation

The role transfer process is used when you move a FSMO role gracefully from one domain controller to another. You can transfer FSMO roles from one domain controller to another to improve Active Directory performance or as a temporary measure when a domain controller will be taken offline for maintenance.

8. When a user initiates a search for an object in Active Directory, the request is automatically sent to TCP port 3389, which is used by Active Directory to direct these requests to a global catalog server.

True

False

9. What Windows Server 2008 feature stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server?

Global group membership caching

Domain group membership caching

Local group membership caching

Universal group membership caching

For sites that do not have a global catalog server available, Windows Server 2008 offers a feature called universal group membership caching. This stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.

Explanation

For sites that do not have a global catalog server available, Windows Server 2008 offers a feature called universal group membership caching. This stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.

10. The domain controller that hosts the global catalog must have enough space on the hard drive to house the global catalog. As a rule of thumb, you should estimate 75 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.

True

False

11. Each object’s SID consists of two components: the domain portion and the __________.

FSMO role

Global catalog

Subnet mask

Relative identifier

The RID is a variable-length number that is assigned to objects at creation and becomes part of the object’s security identifier (SID). A SID is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.

Explanation

The RID is a variable-length number that is assigned to objects at creation and becomes part of the object’s security identifier (SID). A SID is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.

12. The Domain Naming Master is responsible for managing changes to the Active Directory schema.

True

False

13. What types of memberships are stored in the global catalog?

Domain local

Universal

Global

Local workstation

Domain local and global group memberships are stored at the domain level; universal group memberships are stored in the global catalog.

Explanation

Domain local and global group memberships are stored at the domain level; universal group memberships are stored in the global catalog.

14. As a rule of thumb, you should estimate __________ percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.

15

25

50

70

As a rule of thumb, you should estimate 50 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.

Explanation

As a rule of thumb, you should estimate 50 percent of the size of the ntds.dit file of every other domain in the forest when sizing hardware for a global catalog server.

15. What is used to uniquely identify an object throughout the Active Directory domain?

Security identifier

Relative identifier

Intermediate identifier

Domain identifier

A security identifier (SID) is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.

Explanation

A security identifier (SID) is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID.