=========================================
More than often I was confused by a very basic concept that may be too simple for a guru but I just couldn't find a definite/clear answer ANYWHERE, and it slowed down my learning progress a lot. So, I am listing a few below, hoping that can help others who are experiencing similar problems.
1. do I have to have a MX record on my internal DNS for Exchange servers?
Answer: no. You don't. MX record is used only for people from Internet sending email to your organization.
2. Local Administrator, Domain Administrator, Administrators, and Domain Admins
1). "Administrator" is a built-in account that you can't disable/delete but can rename
2). If you are in a domain, you will have both "domain\administrator" and local "computer$\administrator" account. The one you see in Active Directory Users and Computers is domain administrator, while the one you see in Local Users and Groups is local Administrator. Note: on a Domain Controller, there is not Local Users and Groups anymore, and you will use only the one you see in ADUC, which is domain administrator (having local administrator permissions at the same time)
3). "Administrator" is not the same as LocalSystem
4). "Administrators" is a built-in local group for local administrators. "Domain Admins" is a built-in group for domain administrators.
5). By default, member of "domain admins" is also member of local "administrators"
6). You can put any one into "domain admins" and "administrators", they then get the permissions respectively