IT Certifications Home > microsoft > mcse
MICROSOFT/MCSE
MCSE INTRODUCTIONMCSE BOOT CAMPSFREE MCSE PRACTICEMCSE BOOKS |
100 Tips for Passing the Microsoft Windows
Professional 70-222 Exam
1. Active Directory is a hierarchical (versus flat, like NT) database. It stores information
about objects--known as attributes.
2. Active Directory Migration Tool (ADMT) is an MMC-snap-in that can be used to
assist with migration by cloning/moving computers. It is not installed by default.
3. The ADDUSERS utility can be used to create new user and group accounts from a
comma-delimited file.
4. ADMT (Active Directory Migration Tool) holds about 10 wizards that are used to
perform migrations in logical steps.
5. Always document your existing domain fully when planning any migration.
6. As with earlier versions of the operating system, the Windows 2000 default for newly
created entities is equal to Everyone - Full Control.
7. At least two domain controllers should be present in a domain to provide some level of
fault tolerance.
8. Before migration, one BDC should be taken off the network and set aside to use in the
event of a migration failure (after promoting to PDC).
9. Between the DHCPDISCOVER and DHCPREQUEST steps are where most of the
DHCP problems occur.
10. Certificate Services is used to verify the integrity of messages.
11. ClonePrincipal is used to clone users (via scripts) and leave their existing accounts as
they are. This is especially useful with incremental migrations.
12. Cloning is the act of copying one user or computer's information to another (leaving
the original intact). This is often useful when migrating and the user must still access
existing domains while the new ones are being created.
13. CNAME records are used in DNS to create alias records to zones. Windows 2000
uses SRV records for identifying services.
14. DACLs (Discretionary Access Control Lists) contain SIDs and related permissions.
15. DCPROMO can be used to migrate a domain controller to a new forest.
16. DDNS zone transfers can be full (AXFR) or incremental (IXFR). The latter are
quicker, as they send only new/changed records.
17. The Deny permission overrides all other permissions. In the absence of Deny, rights
accumulate through individual and group assignments, as well as through folder and file
assignments. (In the case of a conflict, file permissions override folder permissions.)
18. Device Manager contains a number of troubleshooting aids that can be used to solve
problems.
19. DHCP servers must the authorized before Active Directory will recognize them. If
they are not authorized, they will be turned off (shut down) by AD.
20. DNS must be present for Active Directory to function. AD uses DNS to find the
Global Catalog(s) and locate resources.
21. DNS problems, outside of compatibility, are often caused by other services such as
DHCP.
22. DNS zones can be Active-Directory integrated to replicate with Active Directory.
23. Domain Consolidation - also known as flattening - should be done as part of any
restructuring, if needed.
24. Domain trees consist of a root domain (top) and child domains (beneath the root).
Child domains always have the name of the parent within their full name.
25. During migration, you should upgrade account domains first, and resource domains
last. If any restructuring is to be done, it should be accomplished before any upgrades are
attempted.
26. EAP (Extensible Authentication Protocol) is used to provide security with RAS and
allow for the use of smart cards for authentication.
27. ERDs (Emergency Repair Disks) should be made before and after each system is
upgraded. In Windows 2000, they are now made from the Backup utility.
28. File Replication Service (FRS) is used for multi-master replication of the SYSVOL
folders.
29. For every Windows 2000-based computer, three hidden shares are created
automatically:
· C$--The root of the computer's drive. A similar share (such as D$, E$, and so on)
will be created for each hard drive partition on a system.
· ADMIN$--The root of the partition on which Windows 2000 has been installed.
· IPC$--The remote IPC (InterProcess Connect) share used for networking.
30. Global groups should be cloned before user accounts.
31. Group Polices can be used to manage desktop configuration. They are always applied
in the following order: Site, Domain, OU. Multiple OUs can be nested within one
another, and it the order will proceed through all of those policies if they exist. If a local
policy exists, it will be applied before the other three.
32. Group Policies apply only to Windows 2000 clients, and are created using GPEDIT
(an MMC snap-in).
33. Group Policy is implemented by Active Directory and managed through Active
Directory Sites and Services, Active Directory Users and Computers, or the MMC
GPEDIT snap-in.
34. If you have multiple account domains to upgrade, start with the one having the
smallest number of users first, and then proceed incrementally to the one having the most
users.
35. If you do not need to connect to the Internet, it is possible to use a protocol other than
TCP/IP for your network (even though TCP/IP is the default). This severely limits the use
of other services and features, which depend on TCP/IP.
36. IIS 5.0, included with Windows 2000, includes a number of new features and
improvements over IIS 4.0. Among the new features are CPU throttling and WebDAV.
37. In order to use EFS, the file system must be NTFS and the files must not be
compressed.
38. Incremental migration allows for a safer upgrade than a full migration, and is easier to
roll back from.
39. If an application runs fine under Windows NT but not under Windows 2000, it could
be the result of version checking.
40. Inter-forest refers to the relationship between domains in different forests, whereas
intra-forest refers to relationships that exist between domains in the same forest.
41. Intra-site replication is done between domain controllers within the same site, while
inter-site replication occurs between domain controllers on different sites.
42. Kerberos is used for security when two computers are both running Windows 2000.
43. KLIST is used to view and delete Kerberos tickets.
44. LMRepl, the LAN Manager Replication service, does not exist in Windows 2000,
having been replaced by FRS (File Replication Service).
45. Local permissions and attributes are used to protect files when users are local.
46. Master domain models can be migrated either through the centralized or decentralized
methods.
47. Migration can involve a simple upgrade of the operating systems, or include a
restructuring of the domain. Upgrades keep all access, relationships, and accounts intact.
48. MoveTree is a tool that simplifies the movement of trees within the structure. It
works only within domains in the same forest.
49. MoveTree creates three log files detailing actions taken: Movetree.log, Movetree.err,
and Movetree.chk.
50. Moving or copying a file to a new directory could change the permissions on an
NTFS file. This depends on whether the file is moved or copied and on whether the target
directory is on the same NTFS volume as the original.
51. Multimaster replication exists in Windows 2000 (versus the PDC/BDC relationship of
Windows NT 4.0). This allows for multiple domain controllers within a domain--each
with a writeable copy of the database.
52. Multiple master domains can be migrated through the single domain tree or multiple
domain tree migration methods.
53. Native mode, once applied to the domain, is permanent. There is no means by which
you can switch back to the default (mixed mode). To enable native mode, choose it on a
single domain controller; Active Directory will permeate the change throughout.
54. NetBIOS can run over TCP/IP and IPX/SPX as an interface.
55. NETDOM is a command-line tool that can be used for working with trust
relationships. It can be used for inter- and intra-forest restructuring.
56. No longer limited to backing up only to tape, the Backup utility with Windows 2000
can write to any media. You cannot restore Windows NT backups to Windows 2000.
57. Non-Windows 2000 clients cannot use Group Policies. They must use System
Policies (which are created with the older POLEDIT utility). These policies reside in the
Netlogon share.
58. NSLOOKUP is the primary tool for troubleshooting problems with DNS.
59. NTDSUTIL can be used to work with (defragment) Active Directory files when a
domain controller is offline.
60. NTFS permissions protect you at the file level, whereas share permissions can be
applied only at the directory level. NTFS permissions can affect users logged on locally
or across the network to the system where the NTFS permissions are applied.
61. NTLM (which exists in NT 4.0) has been upgraded to NTLMv2 for Windows 2000. It
used to provide authentication.
62. Objects cannot be cloned within the same forest.
63. Objects created within a folder inherit the rights/permissions assigned to the folder,
unless otherwise changed.
64. Organizational Units (OUs) are used for delegating administrative authority within a
domain.
65. PDCs (primary domain controllers) must be upgraded before any other controllers in
the domain. You first upgrade the operating system, and then the domain.
66. Printer permissions can be applied via sharing.
67. Replacing the Disk Administrator utility from Windows NT, Disk Management
surpasses that tool in that it now allows for remote disk management, supports dynamic
volumes (except on portable computers), offers wizards for many choices, and allows you
to make a great many changes on-the-fly, without requiring a reboot to be active.
68. REPLADMIN can be used to administer and troubleshoot replication between sites.
You can also look for errors in Event Viewer, as well as use REPLMON.
69. RRAS servers should be upgraded after the domain controllers.
70. The Service Account Migration wizard can be used to run services that need to run as
local system accounts (versus as user accounts).
71. Share permissions apply only when a user is accessing a file or folder through the
network.
72. Shortcut trusts are used to shorten paths for authentication reasons.
73. SIDHistory is used to allow access to previous/resource domains, as well as to retain
the SID of migrated users.
74. SIDWALKER can be used to change the properties of a SID (security identifier).
75. Site links must exist before data can be replicated between sites.
76. SMS (Systems Management Server) can be used to do hardware and software
inventories, as well as to roll out software.
77. SRV records must be supported on legacy DNS servers in order to utilize Active
Directory. Microsoft recommends BIND 8.2 or higher compliance for legacy servers.
78. STOP errors/messages, if thoroughly examined, can be used to identify the types of
problems that are occurring.
79. Subordination is inherent in the Windows 2000 tree structure. Having OUs be
subordinate to domains, which are subordinate to forests, etc., allows for security as well
as granular delegation.
80. TCP/IP is the default protocol in Windows 2000 and the only one installed by default.
Support is also there, however, for: NetBEUI (for older Microsoft clients), NWLink (for
communication with NetWare servers), AppleTalk (for Macintosh clients), and DLC (for
communicating with mainframes and older network printers; newer network printers use
TCP/IP).
81. The Delegation of Control wizard helps you delegate control of Active Directory
objects by granting users permission to manage users, groups, computers, OUs, or other
entities.
82. The five single operations master roles are: Schema Master, Domain Naming Master,
RID (Relative ID) Master, Infrastructure Master, and PDC Emulator. The first two are
forest-wide roles; the latter three are domain-wide roles.
83. The Global Catalog is used to find resources within the forest. The GC is needed to
be able to log on to the domain.
84. The Hardware Compatibility List (HCL) should always be checked before any
upgrade.
85. The Knowledge Consistency Checker (KCC) is used to automatically optimize
directory replication.
86. The No Access permission, which was available in all previous versions of NTFS
(that is, in Windows NT), does not exist in NTFS 5 and Windows 2000.
87. The Recovery Console is not automatically installed in Windows 2000. You can
install it, or run it from the CD, as necessary.
88. The Windows 2000 Resource Kit contains tools that assist with migration. As opposed
to most other exams, which focus only on the core product, the 70-222 exam expects you
to be familiar with the Resource Kit and its offerings.
89. Universal Security Groups can only be created when running in native mode.
90. When share and NTFS permissions are combined, the most restrictive permission set
applies.
91. When using TCP/IP, you should always use DHCP to reduce the number of errors
that can be created.
92. Although WINS is supported by Windows 2000, DNS is the preferred method of
resolving host names to IP addresses--in particular DDNS (Dynamic Domain Name
System).
93. Windows 2000 employs implicit two-way transitive trusts between parent domains
and child domains. Administrators can create explicit trusts, if necessary.
94. Windows 2000 networks default to mixed mode, meaning that interoperability with
NT 4.0 (PDC/BDCs) is built-in. When there are no more NT 4.0 domain controllers on
the network, the domain should be upgraded to native mode.
95. Windows 2000 works with NTFS, FAT, and FAT32 file systems. FAT is needed for
MS-DOS, OS/2, the Windows 3.x operating systems, and the first release of Windows
95. FAT32 can be used with the second release of Windows 95 (95b) and Windows 98.
96. Windows 95 and Windows 98 cannot be upgraded to Windows 2000 Server (but they
can be upgraded to Windows 2000 Professional).
97. Windows NT 4.0 DNS servers must be running at least Service Pack 4 to be
compatible with DNS used by Windows 2000.
98. Windows NT 4.0 domains consisted of four types of models: single domain, master
domain, multiple master domain, and complete trust.
99. WINS name resolution occurs in four steps: Name Registration, Name Renewal,
Name Refresh, and Name Query.
100. With FAT and FAT32, you do not have the ability to assign "extended" or
"extensible" permissions, and the users sitting at the console effectively are the owners of
all resources on the system. As such, they can add, change, and delete any data or file
they desire.
Document Outline
|