Scribd
Upload
26 views2 pages

Forest & Tree Definition: Enterprise Admin

The document discusses several topics related to Active Directory including the difference between trees and forests, domain admin vs enterprise admin groups, ports used in AD, authentication protocols, and garbage collection. Trees are collections of domains while forests are collections of trees. Enterprise admins have full rights over the entire forest while domain admins control a single domain. AD uses Kerberos for authentication and garbage collection frees space by marking deleted objects for later removal.

Uploaded by

rajeshec83
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
26 views2 pages

Forest & Tree Definition: Enterprise Admin

The document discusses several topics related to Active Directory including the difference between trees and forests, domain admin vs enterprise admin groups, ports used in AD, authentication protocols, and garbage collection. Trees are collections of domains while forests are collections of trees. Enterprise admins have full rights over the entire forest while domain admins control a single domain. AD uses Kerberos for authentication and garbage collection frees space by marking deleted objects for later removal.

Uploaded by

rajeshec83
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

1.

Forest & Tree Definition

The main difference between Tree and Forest in Active Directory is that Tree is a collection of domains
while forest is a set of trees in active directory. In brief, a tree is a collection of domains whereas a forest
is a collection of trees.

2. Mention What Is The Difference Between Domain Admin Groups And Enterprise Admins Group
In Ad?

Enterprise Admin: In Enterprise Admin groups, members have full rights over all of the domains in
the forest. This group is also a member of the Administrators group but on all domain controllers in
the forest. You need to add users with caution as they get access to the forest completely. They can
force shutdown from a remote system, profile system performance, take ownership of files and much
more.

Domain Admin groups: In Domain Admin groups, members have complete control of the domain.
On all domain controllers, domain workstations, domain member servers, they are members of the
Administrators group. An administrator account is also a member of this group. One can adjust the
memory quotas for a process, manage security log, restore files and directories and can do much
more.

3. Port Numbers used in AD

Active Directory communications involve a number of ports, some of which are more familiar to network
and security administrators than others. ... SMB over IP (Microsoft-DS): port 445 TCP, UDP. LDAP: port
389 TCP, UDP. LDAP over SSL: port 636 TCP. Global catalog LDAP: port 3268 TCP.

12. Protocol for AD Authentication

Active Directory uses Kerberos version 5 as authentication protocol in order to provide authentication
between server and client.

13. What do you understand by Garbage Collection? Explain.

Garbage collection is a housekeeping process that is designed to free space within the Active Directory
database. ... When an object is deleted, it is not removed from the Active Directory database. Instead, the
object is instead marked for deletion at a later date. This mark is then replicated to other domain controllers.

You might also like