|
Home > Archive > 70-219 > August 2002 > Here are some brief notes
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Here are some brief notes
|
|
|
| I typed some of my notes up and thought I'd share them if anyone is interested. They're not much, but every little bit helps... I typed them in Word. Hope the formatting isn't all screwed up.
Active Directory – 70-219
Forest:
Boundary for a 2-Way Transitive Trust
Two Forests = Two Totally Separate Administrations / Separate Security /
Different Schema
Use forests to set up a boundary for Administration and Schema.
Global Catalog Service – Contains account information for all universal groups in a native environment. Allows a centralized place for information about an entire forest. MUST be a domain controller. Defaults on Forest Root. WON’T have one on each domain by default. Forest is a boundary for a GCS.
Forest Root is the first Domain in the Forest.
Contains:
1.Enterprise Administrator
2.Schema Master
3.Point of Failure
Forest Root Domain includes an Enterprise Admin Group and a Schema Admin Group. One person included by default in both groups – Forest Root Domain Controller Administrator.
*How do you create a “shared” authority and allow a 2-Way Transitive Trust between domains in two forests? Create a new, empty “pristine” forest, add a few Domain Admins from each Domain and put in Enterprise Admins groups.
Tree: Deals with NAMESPACE only. Has nothing to do with Administration.
Set up trees only if two domains need different names.
The only reason to deal with trees is to create different names.
Domain:
Boundary for Administration / Security
ONE account policy (passwords, etc.) per Domain.
90% of replication occurs between DCs within a domain.
Must have DNS before you ever add more domain controllers – all replicate among themselves.
Organizational Units:
Two reasons to create:
1. Apply Group Policy
2. Delegate Responsibility
CANNOT put OUs in a Group
Objects and Attributes are SCHEMA: List of rules that DCs are aware of that dictate what objects and attributes can be added and how they can be manipulated.
Can be modified but can’t be deleted, only disabled.
Replicates throughout the entire forest (part of the 10% that does)
Simplicity: Ideally, you want One Domain, One Tree, One Forest
OPERATIONS MASTERS “FSMO” – Single Master Replication
All Domain Controllers are peers but some DCs take on additional roles. For example, the 1st Domain Controller in a Forest takes on the role of Schema Operations Master.
One of each per Forest
Schema Master: R/W copy of Schema
Domain Naming Master: List of DNS/NetBios names
One of each per Domain
PDC Emulator: Password changes (no synch required), Controls Time Synchronization, mixed mode PDC, changes to Group Policy hit PDC 1st – Central Point, GPO Master
RID Master: “Relative ID” , Hands out RID Range (A RID is the Domain ID + RID = Forest SID)
Infrastructure: Keeps track of group memberships that cross Domain boundaries.
How many FSMOs do we need? (# of Domains x 3) + 2
Sites Sites control TRAFFIC.
Sites have to do with PHYSICAL not LOGICAL.
How do sites control traffic?
1. Create two sites which mirror physical locations.
2. Tell Active Directory which Domain Controllers are at each site.
3. Tell Active Directory which subnets are at each site.
4. Create SITE LINKS (which mirror WAN links)
What are the 3 key properties of Site Links?a. Schedule – When can Domain Controllers Replicate?
b. Interval – How frequently can DCs replicate when it is allowed?
c. Cost – What is the weight or “cost” of the links? Default cost = 100 / The lower the cost, the faster the route to synch.
A Site REQUIRES: (DNS, DC, GC)
1. 1 DNS Server
2. 1 Domain Controller
3. 1 Global Catalog Services Server (at least)
All Domains have a default site: Default-First-Site-Name
DNS Server Zone – A Database for a Namespace
Create a zone by creating a Domain Controller with a compatible name, then turn on “Dynamic Update.”
Kerberos Authentication Path: Follows the Namespace path.
DC must verify that trust exists
Path ALWAYS from Account > Resource
Can speed up authentication by creating a Short-Cut Trust. Don’t create this unless it is needed due to frequent exchange of resources.
Also, remember:
U - Users
G - Go into Global Groups
(Universal here, if used - Only to pretty up)
L - Which go into Domain Local Groups
Y - Which are assigned Your resources
GPOs are applied:
L - Local Machine
S - Site
D - Domain
O - OU
O - OU
Again:
Schema Master - One Per Forest
Domain Naming Master - One Per Forest
Infrastructure - One Per Domain
RID - One Per Domain
PDC - One Per Domain
Don't get hung up on what these do. Focus on how many you need.
All Sites: DC, GC, DNS
If a link is greater than a T1 (T3 or better - a T3 is 44) than you don't need a new site. Otherwise, create a new site.
If I can think of anything else, I'll post it.
I'm sure I missed EVERY question on DNS. I get SO stuck there. But know ADI and what it can do and about SRVs. | |
| Pavlov 2002-08-29, 7:58 pm |
| Thanks for the notes - you're a peach!  | |
|
| quote:
Originally posted by Pavlov
Thanks for the notes - you're a peach!
Agreed. Thanks for posting. We should keep this material somewhere. If you need free webspace to upload it, let me know. | |
| Pavlov 2002-08-29, 8:06 pm |
| Looks to me like the start of a 219 for freaks guide  | |
|
| lol  | |
|
| Thanks for the kudos. Was looking over my notes again tonight and thought about posting more but I am beat.
Freak, I might be interested in taking you up on that web space! Have considered typing up all of my notes for all tests so far just to sort of reinforce and revisit the concepts (Could I even PASS 210 again? It's been sooooo long ago, it seems, though really only a little over a month.) but don't know how I'll find the time. Will be hitting the books for 216 after a week or so respite.
I just wish I could implement something from 219. Me and my One Site, One Forest, One Tree, One Domain, One Domain Controller network don't get a lot of practice with these larger than my life concepts.
And I KNOW I should have a back-up DC!!!!! Talk to my boss... | |
| RUSH2112 2002-08-30, 7:29 am |
| Congrats on passing 219 TRIBO. I didn't even know you were scheduled to take the exam. Obviously you passed. Great job and best of luck with your next exam. You are right behind me in my shadow with your exams. | |
| KScheler 2002-08-30, 10:43 am |
| Good notes, Tribo. Keep up the same study habit and you'll breeze thru 216. Good Luck! | |
| freak 2002-08-30, 11:40 am |
| quote:
Originally posted by TRIBO
Freak, I might be interested in taking you up on that web space! Have considered typing up all of my notes for all tests so far just to sort of reinforce and revisit the concepts (Could I even PASS 210 again? It's been sooooo long ago, it seems, though really only a little over a month.) but don't know how I'll find the time. Will be hitting the books for 216 after a week or so respite.
The offer still stands. If you want to make it a full study guide for www.MCSEFreakPress.com, I could be interested. If you just want to post the notes as such, I am interested as well and I will post them on www.MCSEFreak.com instead... either way, feel free to email me at freak@mcsefreakpress.com anytime |
|
|
|
|