Question

Windows OS and System Admin

AD FS gives users the ability to do a single sign-on (SSO) and access applications on other networks without needing a secondary password. Organizations can set up trust relationships with other trusted organizations so a user’s digital identity and access rights can be accepted without a secondary password.

Group of answer choices

Primary domain controller

Backup domain controller

Read-only domain controller

Universal Group Membership caching

Answer 1

Primary domain controller

The Primary Domain Controller maintains the grasp reproduction of the directory database and validates users. The BDC computer systems have a reproduction of this database, however these copies are read-only. The PDC will replicate its account database to the BDCs on a ordinary basis. The BDCs exist in order to furnish a backup to the PDC, and can also be used to authenticate users logging on to the network. If a PDC should fail, one of the BDCs can then be promoted to take its place. The PDC will generally be the first domain controller that used to be created unless it was once replaced by using a promoted BDC.

Backup domain controller

A Backup Domain Controller incorporates a reproduction of the listing database and can validate users. If the PDC fails then a BDC can be promoted to a PDC. In such circumstances, an administrator promotes a BDC to be the new PDC. BDCs can additionally authenticate consumer logon requests and take some of the authentication load from the PDC. when changes are made to the master accounts database on the PDC, the PDC pushes the updates down to the BDCs. These extra area controllers exist to provide fault tolerance.

Read-only domain controller

A RODC is a kind of domain controller that has read-only partitions of Active Directory Domain Services (AD DS) database. RODC is accessible in Windows server 2008 OS and in its succeeding versions.RODC enhances security for the domain specially in the case of AD DS remote accesses. For instance, if an enterprise need to install a commercial enterprise integral software that can be established only on a DC, then every time when a faraway person is attempting to get right of entry to the application, the security is at stake.

Universal Group Membership caching

When a person tries to log on for the first time, the Domain Controller obtains the universal group membership for that consumer from a Global Catalog. This facts is cached on the Domain Controller for that web page indefinitely and is periodically refreshed in every 8 hours. Up to 500 universal team memberships can be up to date at once. Universal Group Membership Caching is most sensible for smaller department offices with low potential servers, which can't take care of additional load of hosting a GC, or locations that have extraordinarily gradual WAN connections.