Homework: ADDS and Group Policy - Hsanokklis/2023-2024-Tech-journal GitHub Wiki

Please answer the following questions about Active Directory and Group Policies:

1. In dealing with Group Policy, what are two commands and their use for verifying and troubleshooting group policies applied by a Domain Controller?

  • gpresult

This command can be used to display the Resultant Set of Policy(RSoP) or which group policies and settings are applied to users and computers.

This is how to display the RSoP for the currently logged-in user

gpresult /user <username> /h <path\to\output\file.html>

This is how to display the RSoP for a specific computer

gpresult /computer <computername> /h <path\to\output\file.html>

/h is used to export the results to an HTML file so that its easier to read

  • gpupdate

This command can be used to force an immediate update of group policy settings on a computer. If policies have not been updated, this command will force them to update and be reapplied.

This is how to exectute the command

gpupdate /force

/force ensures that all policies are reapplied

2. When are COMPUTER group policy settings applied, and when are USER group policy settings applied.

Computer and Group Policies are applied at different times and in different circumstances.

Computer Group Policy

During Startup

  • Policies are applied when computer starts up

Every 90 minutes

  • Computers periodically refresh their group policy settings every 90 minutes.

When Forced

  • You can force a group policy update with the command gpupdate /force

User Group Policy

During User Logon

  • Applied when a user logs into a computer. Some policies will be user specific, and they will be applied.

Every 90 minutes

  • User policies are refreshed every 90 minutes.

When forced

  • You can manually force the user group policy with command gpupdate /force

3. Within a Windows Domain, why is it important that Domain Controllers replicate Active Directory information?

There are many reasons why Domain Controllers replicate AD information that are circuital to maintaining a healthy and functional windows network.

High Availability and Redundancy

  • If one Domain Controller becomes unavailable, others can continue to provide AD services thus allowing systems to stay functional.

Load Balancing

  • This allows tasks to be split across multiple domain controllers such as authentication and directory lookup.

Fault Tolerance

  • If data if corrupted or deleted, multiple copies of AD data allows for quick data recovery.

Reduced Network Latency

  • Login times and WAN traffic is reduced by replicating AD data to Domain Controllers in different locations.

Support for Multi-site environments

  • Allows for reliable AD information as Domain controllers replication information to make sure each site has up to date info.

Consistency and Data Integrity

  • Replication ensures data is consistent, without replication there could be data conflicts which can lead to authentication issues, security vulnerabilities, and operational problems.

Scalability

  • Bigger organizations have more data, and having more domain controllers with replicated data is important for redundancy and consistency across the organization.

Disaster Recovery

  • Goes along with availability and redundancy, if one DC fails then the others still have the data and data recovery can be quick.

Efficient Updates

  • Changes to AD objects are replicated which helps reduce the amount of network traffic and processing required for synchronization.

4. What is the purpose of an Organizational Unit?

The Purpose of an Organizational Unit in Active Directory is to provide a flexible and hierarchical structure for organizing, delegating admin control, applying policies, and managing permissions for resources within a domain.

Here are some OU tasks:

  • Organizing resources
  • Delegating Admin Control
  • Applying Group Policies
  • Simplifying Permissions Management
  • Isolation of Resources
  • Streamlining Searches and Queries
  • Scoping Group Memberships
  • Enhancing Reporting and Auditing

5. You have a group policy setup and want to test it on a particular account or computer before making changes everywhere? How could you accomplish this?

To test a group policy before applying it globally you can use Group Policy filtering. Group policy filtering allows you to target specific users, groups or computers.

Here are the steps to use group policy filtering

Create of Identify the Group Policy Object (GPO)

Edit the GPO

Configure the GPO settings

Filter the GPO

Test the filters

⚠️ **GitHub.com Fallback** ⚠️