Page: 1
/ 90
Total 450 questions
Your company recently deployed a new Active Directory forest named contoso.com. The first domain controller in the forest runs Windows Server 2012 R2.
You need to identify the time-to-live (TTL) value for domain referrals to the NETLOGON and SYSVOL shared folders.
Which tool should you use?
- A. Ultrasound
- B. Replmon
- C. Dfsdiag
- D. Frsutil
Answer : C
DFSDIAG can check your configuration in five different ways:
-> Checking referral responses (DFSDIAG /TestReferral)
-> Checking domain controller configuration
-> Checking site associations
-> Checking namespace server configuration
-> Checking individual namespace configuration and integrity
References:
https://blogs.technet.microsoft.com/josebda/2009/07/15/five-ways-to-check-your-dfs-namespaces-dfs-n-configuration-with-the-dfsdiag-exe-tool/
HOTSPOT -
Your network contains an Active Directory forest named contoso.com that contains a single domain. The forest contains three sites named Site1, Site2, and Site3.
Domain controllers run either Windows Server 2008 R2 or Windows Server 2012 R2.
Each site contains two domain controllers. Site1 and Site2 contain a global catalog server.
You need to create a new site link between Site1 and Site2. The solution must ensure that the site link supports the replication of all the naming contexts.
From which node should you create the site link?
To answer, select the appropriate node in the answer area.
Hot Area:
Answer :
Explanation:
Create a Site Link -
To create a site link -
-> Open Active Directory Sites and Services. To open Active Directory Sites and Services, click Start, click Administrative Tools, and then click Active
Directory Sites and Services.
To open Active Directory Sites and Services in Windows Server® 2012, click Start, type dssite.msc.
-> In the console tree, right-click the intersite transport protocol that you want the site link to use.
Use the IP intersite transport unless your network has remote sites where network connectivity is intermittent or end-to-end IP connectivity is not available. Simple
Mail Transfer Protocol (SMTP) replication has restrictions that do not apply to IP replication.
References: Create a Site Link -
https://technet.microsoft.com/en-us/library/cc731294.aspx
Your network contains two Active Directory forests named contoso.com and adatum.com. Contoso.com contains one domain. Adatum.com contains a child domain named child.adatum.com.
Contoso.com has a one-way forest trust to adatum.com. Selective authentication is enabled on the forest trust.
Several user accounts are migrated from child.adatum.com to adatum.com. Users report that after the migration, they fail to access resources in contoso.com.
The users successfully accessed the resources in contoso.com before the accounts were migrated.
You need to ensure that the migrated users can access the resources in contoso.com.
What should you do?
- A. Replace the existing forest trust with an external trust.
- B. Run netdom and specify the /quarantine attribute.
- C. Disable SID filtering on the existing forest trust.
- D. Disable selective authentication on the existing forest trust.
Answer : C
Explanation:
Security Considerations for Trusts
Need to gain access to the resources in contoso.com
Disabling SID Filter Quarantining on External Trusts
Although it reduces the security of your forest (and is therefore not recommended), you can disable SID filter quarantining for an external trust by using the
Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:
* Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant them access to resources in the trusting domain based on the SID history attribute.
Etc.
Incorrect Answers:
B. Enables administrators to manage Active Directory domains and trust relationships from the command prompt, /quarantine Sets or clears the domain quarantine.
D. Selective authentication over a forest trust restricts access to only those users in a trusted forest who have been explicitly given authentication permissions to computer objects (resource computers) that reside in the trusting forest.
References: Security Considerations for Trusts
https://technet.microsoft.com/en-us/library/cc755321(v=ws.10).aspx
HOTSPOT -
Your network contains an Active Directory domain named contoso.com. The domain contains domain controllers that run either Windows Server 2003, Windows
Server 2008 R2, or Windows Server 2012 R2.
You plan to implement a new Active Directory forest. The new forest will be used for testing and will be isolated from the production network.
In the test network, you deploy a server named Server1 that runs Windows Server 2012 R2.
You need to configure Server1 as a new domain controller in a new forest named contoso.test.
The solution must meet the following requirements:
-> The functional level of the forest and of the domain must be the same as that of contoso.com.
-> Server1 must provide name resolution services for contoso.test.
What should you do?
To answer, configure the appropriate options in the answer area.
Hot Area:
Answer :
Set the forest function level and the Domain functional level both to Windows Server 2003.
Also check Domain Name (DNS) server.
Note:
* When you deploy AD DS, set the domain and forest functional levels to the highest value that your environment can support. This way, you can use as many AD
DS features as possible. For example, if you are sure that you will never add domain controllers that run Windows Server 2003 to the domain or forest, select the
Windows Server 2008 functional level during the deployment process. However, if you might retain or add domain controllers that run Windows Server 2003, select the Windows Server 2003 functional level.
* You can set the domain functional level to a value that is higher than the forest functional level. For example, if the forest functional level is Windows Server
2003, you can set the domain functional level to Windows Server 2003 or higher.
References:
http://www.electricmonk.org.uk/2014/03/01/understanding-active-directory-domain-services-ad-ds-functional-levels/
Your network contains an Active Directory forest named adatum.com. The forest contains a single domain. The domain contains four servers. The servers are configured as shown in the following table.
You need to update the schema to support a domain controller that will run Windows Server 2012 R2.
On which server should you run adprep.exe?
- A. Server1
- B. DC3
- C. DC2
- D. DC1
Answer : B
Explanation:
We must use the Windows Server 2008 R2 Server.
Upgrade Domain Controllers to Windows Server 2012 R2 and Windows Server 2012
You can use adprep.exe on domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 to upgrade to Windows Server 2012.
You cannot upgrade domain controllers that run Windows Server 2003 or 32-bit versions of Windows Server 2008. To replace them, install domain controllers that run a later version of Windows Server in the domain, and then remove the domain controllers that Windows Server 2003.
Reference:
http://technet.microsoft.com/en-us/library/hh994618.aspx#BKMK_UpgradePaths
31 days access 