Configuring Adv Server ALL TERMS

Ace your homework & exams now with Quizwiz!

You manage a network with a single domain named eastsim.com. The network currently has three domain controllers. During installation, you did not designate one of the domain controllers as a global catalog server. Now you need to make the domain controller a global catalog server.

Active Directory Users and Computers or Active Directory Sites and Services.

Your organization run a Hyper-V hypervisor on Windows Server 2016 that hosts several Windows Server 2016 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2016 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. What must you do to perform this procedure correctly?

1. Add the source domain controller's computer object to the Cloneable Domain Controllers group in the Users container. 2. Create the DCCloneConfig.XML file for the cloned domain controller.

To prevent Update Sequence Number (USN) rollback issues with virtual domain controllers, each domain controller (virtual or physical) is assigned a unique identifier called the VM-Generation-ID. For virtual domain controllers, where is this identifier stored?

1. As an attribute of each domain controller computer object in Active Directory. 2. In a file within the virtual machine configuration.

You manage a group of 20 Windows 10 workstations that are current configured as a Workgroup. Which advantages you could realize by installing Active Directory and adding computers to a a domain?

1. Centralized configuration control 2. Centralized authentication

Maria Hurd is going on a seven-week sabbatical and will not be in to work during that time. Which of the following can you perform to secure her user account and prevent if from being used to access network resources while she is away?

1. Disable the user account. 2. Set an account expiration time for the last day Maria will be in the office.

Your network consists of three domains in a single forest: eastsim.com, acct.eastsim.com, and dev.eastsim.com. You have formed a partnership with another company. They also have three domains, westsim.com, mktg.westsim.com, and sales.westsim.com. Because of the partnership, users all the domains for the eastsim.com forest need access to the resources in all three domains in the partner network. Users in the partner network should not have access to any of your domains.

1. Do not use selective authentication. 2. Create a forest trust between eastsim.com and westsim.com 3. Create the trust as an incoming trust.

Your network consists of three domains in a single forest: northsim.com, acct.northsim.com, and dev.northsim.com. You have formed a partnership with another company that has two domains, southsim.com and sales.southsim.com. Because of the partnership, users in the sales.southsim.com domain need access to the resources in the dev.northsim.com domain. No other users in any other domains should have access to resources in any other domain.

1. Do not use selective authentication. 2. From the dev.northsim.com domain, create an outgoing trust. 3. Create an external trust.

You are the network adiministrator for westsim.com. The network consists of one Active Directory domain that contains 1,500 users. westsim.com has one main office and 15 branch offices. There are three domain controllers at the main office and one domain controller at each branch office. You have been asked to identify which domain controller hosts the Schema Master role.

1. Dsquery 2. Active Directory Schema Snap-in

You have a high-end color laser printer that is shared on a server in north.westsim.com. Because of the high price per page, you have removed the print permission from the Everyone group. You need to grant the print permissions to the marketing users in the north.westsim.com, east.westsim.com, and west.westsim.com domains.

1. In the North domain, create a Domain Local group called CLR-PRT. 2. In all three domains, create a global group named Marketing. 3. Add all three global groups to the North CLR-PRT group and assign the print permission to the group.

You manage the network with a single Active Directory domain named eastsim.com. All domain controllers run Windows Server 2003. The domain functional level is at a Windows Server 2003. You would like to install a read-only domain controller for the eastsim.com domain to implement in a branch office.

1. Install a Windows Server 2016 domain controller. Move the PDC emulator role to this server 2. Run adprep/forestprep

Your company has been using Windows workgroups on a server running Windows Server 2016. Due to rapid growth of the company, it has no determined that is best to start using Active Directory. After installing the Active Directory role, what must you do to add the domain controller for your first forest? Select two.

1. Install global catalog 2. Promote the server.

Your organization runs a Hyper-V hypervisor on a Windows Server 2008 R2 system that hosts a mix of Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016 virtual domain controllers. You want ot use snapshots to protect your virtual domain controllers on this hypervisor host. However, you have heard that doing this can cause Update Sequence Number (USN) rollback issues. What must you do to prevent this from happening?

1. Install the latest Integration Services from a Windows Server 2012 R2 or newer hypervisor on the virtual domain controllers. 2. Upgrade the hypervisor host to Windows Server 2012 R2 or newer.

You have completed the installation of the Active Directory Domain Services role on a new server. Now you want to promote this server to be a domain controller in an existing domain. The server was installed with a Server Core deployment, so you will need to make this server a domain controller in an existing domain from the PowerShell command line.

1. Install-ADDSDomainController 2. Import-Module ADDSDeployment

You manage user accounts in the southsim.com domain. Each department is represented by an organizational unit (OU). Computer and user accounts for each department have been moved to their respective OUs. You want to control access to a new color printer named ColorMagic. To do this, you create the following groups: *A domain local group named ColorMagic-DL. *A global group named Sales-GG. You want all users in the sales department to have access to the new printer.

1. On the ColorMagic printer object, assign permissions to the ColorMagic-DL group. 2. On the Members tab for the Sales-GG group, add all sale user accounts. 3. On the Members Of tab for the Sales-GG group, add the ColorMagic-DL group.

You need to add a new Windows server to an Active Directory domain. You intend to make this new server a domain controller. This server was installed with a server core deployment, so you'll need to install the Active Directory Domain Services role from the Powershell console.

AD-Domain-Services

What is the key difference between a managed service account and a group managed service account?

A managed service account can be used on only one computer in a domain.

You have a universal group called SalesExecs. This group has successfully been used as an email distribution group. Later, you try to assign the group permissions to a shared folder, but SalesExecs does not appear as a choice.

Convert the SalesExecs group from distribution group to a security group.

You are the administrator for ABC corporation. Your network has a single Active Directory domain called xyz.com. The sales team has a shared folder on Srv1 that is used to hold sales contact information. You need to control access to this folder so that only members of the sales team can access the folder. You create a group called Sales and add all members of the sales team as members of the group. However, when you try to assign permissions to the shared folder, the Sales group you created does not show in the list of available objects. You check the properties of the group and find the details shown in the image.

Convert the group to a security group.

Mary Hurd is a manager in the sales department. Mary is a member of the Managers global group. This group also has members from other organizational units. The Managers group has been given the read share permission to the reports shared folder. Mary's user account (mhurd) has also been given the change share permission to the Reports shared folder. You need to create several new user accounts that have the same group membership and permission settings as mhurd user account.

Copy the mhurd user account. Assign the new account the change share permission to the Reports shared folder.

Your network has two sites as shown in the graphic. Computer3 is the bridgehead server in the Atlanta site, and Computer1 is the bridgehead server for the Denver site. You want to modify the replication schedule between Atlanta and Denver. Which object's properties would you edit to begin modifying the replication schedule?

DEFAULTIPSITELINK

At 5:30 pm., you get a call from Mary Hurd, a user in the sales department, stating that she can't log in. You use Active Directory Users and Computers and see the information shown in the image.

Enable Mary's account

You are the network administrator for a network with a single Active Directory forest. All domains in the forest are at Windows Server 2008 functional level, and the forest is also at a Windows Server 2008 functional level. Offices are located in Denver, Chicago, and Miami. Each geographic location has an Active Directory site configured. The links that connect the Denver and Miami....

Enable Universal Group Membership Caching for the Denver and Miami sites.

You manage a single-domain network named northsim.com. Currently, all users are located at a single site in Miami. You are opening a branch office in Orlando. The Orlando office...

Enable Universal Group Membership Caching on the Orlando site.

You are the administrator for a small company that uses a Windows server to host a single domain. Mary Hurd, a user in the sales department, calls and reports that she is unable to log in using her computer (Sales1). You use Active Directory Users and Computers and see the screen shown in the image.

Enable the computer account.

The CEO has requested the ability to send emails to managers and team leaders. He'd like to send a single email and have it all automatically forwarded to all users in the list. Because the email list might changed frequently, you do not want the email list to be used for assigning permissions.

Create a distribution global group. For each user on the email list, make their user account a member of the group.

You are the domain administrator for a single domain forest. You have 10 file servers that are member servers running Windows Server. Your company designed its top-level OU structure based on the 15 divisions for your company. Each division has a global security group containing the user accounts division managers. You have folders on your file servers that all managers should have permission to access. For some resources, all division managers will need full control. For others, they will only need read or change permissions. You need a group strategy that will facilitate the assignment of permissions but minimize the administrative effort.

Create a global group called AllMgrs. Make each of the existing division managers groups a member.

Your network consists of a single Active Directory domain. Your company has recently merged with another company. The acquired company has an Active Directory network with multiple domains. All domain controllers in both forests run Windows Server 2016. You have been given the task of recommending changes to the Active Directory structure. You want to let users in both companies to access each other's resources...

Create a two-way forest trust between the two forest root domains.

You are the network administrator of a network that spans two locations, Atlanta and Dallas. The network has only one Active Directory domain named company.local. The Atlanta and Dallas locations are connected using a T1 line. You have also configured an on-demand dial-up connection....

Create two Site Link objects representing the T1 and dial-up connections. Configure the T1 Site Link object with a lower cost than the dial-up Site Link object.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. All of the servers run Windows Server 2016, and all of the clients run Windows 10. The company has a branch office...

Get-ADDomainControllerPasswordReplicationPolicyUsage

You are the network administrator for corpnet.com. The company has a main office that has two domain controllers named DC1 and DC2. The company plans to deploy a new domain controller named DC3 to a branch office.

In Active Directory Sites and Services, move the DC3 computer object.

You are the administrator of eastsim.com domain, which has two domain controllers. Your Active Directory structure has organizational units (OUs) for each company department. You have assistant administrators who help manage Active Directory objects. For each OU, you grant one of your assistants Full Control over the OU. You come to work one morning to find that while managing some user accounts, the administrator in charge of Sales OU has deleted the entire OU. You restore the OU and all of its objects from a recent backup. You want to configure the OU to prevent accidental deletion. You edit the OU properties, but can't find the Protect object from accidental deletion setting. What should you do so you can configure this setting?

In Active Directory Users and Computers, select View > Advanced Features.

You are the network administrator for corpnet.com The company has a main office and two branch offices named Branch1 and Branch2. The main office has two domain controllers named DC1 and DC2. The Branch1 branch office has one domain controller named DC3. There are no domain controllers at the Branch2 location. In Active Directory Sites and Services, you have created a site that corresponds to each location. You have also created IP site links between each site. You discover....

Increase the cost of the site link between Branch1 and Branch2.

You have hired a temporary worker named John Miller to work in the shipping department during the holidays. John should only be allowed to log on to the Ship01 workstation and no others.

In John's user account, add Ship01 to the Log On To list.

You are the administrator for a large single-domain network. You have several Windows Server domain controllers and member servers. Your 3,500 client computers are Windows workstations. Today, one of your users has called for help. It seems that his computer is reporting that a trust cannot be established between his Windows computer and the domain controller. He is unable to log on to the domain. You examine the computer's account using Active Directory Users and Computers, and there is nothing obviously wrong. You need to allow this user to log on to the domain.

Reset the computer account and rejoin the domain.

The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed.

Reset the computer account in Active Directory.

You are the network administrator for the westsim.com. The Network consists of a single Active Directory domain. A user named Mary Merone is working on location in Africa. She called to report that her laptop had failed. The hardware vendor replicated the laptop, and now you need to join the new computer to the domain. However, there is no connectivity from the current location to the domain. You must ensure that the laptop has joined the domain immediately, even if it cannot by physically connected to the domain controller.

Prepare the computer to perform an offline domain join by creating an Active Directory account for the computer using the Djoin/provision command.

You manage the network with a single Active Directory domain. You have installed a read-only domain controller in your branch office. As part of the configuration, you added the Sales Users group and the Sales Computers group as members of the Allowed RODC Password Replication Group group.

Prepopulate passwords on the RODC.

You have just ordered several laptop computers that will be used by members of the programming team. The laptops will arrive with Windows. You want the computer account for each new laptop to be added to the Developers OU in Active Directory. You want each programmer to join his or her new laptop to the domain.

Prestage the computer accounts in Active Directory. Grand the programmers the rights to join the workstation to the domain.

You are the network administrator for corpnet.com. The corpnet.com forest has three Active Directory domains, corpnet.com, sales.corpnet.com, and development.corpnet.com. corpnet.com has a relationship with a vendor named partner.com. The partner.com forest has two Active Directory domains, partner.com and support.partner.com. Currently, there is a cross-forest trust configured...

Modify the name suffix routing list on the existing cross-forest trust.

You are the network administrator for the corpnet.com. corpnet.com uses a vendor named partner.com. You create a cross-forest trust with Selective Authentication between the corpnet.com Active Directory forest and the partner.com Active Directory forest. On a file server named File1, you create a share named Share1 and assign the following permissions: *Partner\SalesUsers - Allow Modify NTFS permissions. *Partner\SalesUsers - Allow-Full Control share permissions. Users in the Partner\SalesUsers group...

Modify the properties of the File1 computer account in Active Directory Users and Computers.

Your organization runs a Hyper-V hypervisor on Windows Server 2016 that hosts several Windows Server 2016 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2016 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. Prior to cloning the source virtual machine, you need to check it for installed applications and services that aren't compatible with the cloning process. Which PowerShell cmdlet can you use to do this?

New-ADDCCloneConfigFile

A virtual domain controller has been powered on and begins to boot. When it does, the hypervisor host detects that he value of the VM-Generation-ID in the virtual machine's configuration and value of the VM-Generation-ID in the virtual domain controller's computer object in the Active Directory don't match. What happens next?

The hypervisor pushes the latest RID pool and USN to the virtual domain controller.

When a new employee is hired in the sales department, you create the user account, add the user account to multiple groups, assign the user permissions to the sales contact database, and configure permissions to home and shared folders. Because of high turnover, you find that as users leave the organization, you spend several hours tracking down file ownership and reassigning permissions to other users.

Use programming language to create a deprovisioning solution. Write scripts or routines that run automatically and reassign ownership and permissions when a user account is deleted.

The computer arrives, and you edit the system properties and name it AdminRemote. When you try to join the computer to the domain, you receive an error message and are unable to proceed. You want the new computer to be joined to the domain using the same name as the old computer.

netdom reset and then netdom join

You manage a single-domain network with a domain named widgets.com. You have received funding to upgrade all your domain controllers from Windows Server 2003 to Windows Server 2012 R2. You upgrade all domain controllers to Windows Server 2012 R2. You then set the domain and forest functional levels to Windows Server 2012 R2. You decide to migrate from FRS replication to...

dfsmig/setglobalstate 2

You manage a single-domain network with a domain named widgets.com. You have received funding to upgrade all your domain controllers from Windows Server 2003 to Windows Server 2012 R2. You upgrade all domain controllers to Windows Server 2012 R2. You then set the domain and forest functional levels to Windows Server 2012 R2. You decide.... After a few days, you noticed several replication errors...

dfsrmig/setglobalstate 0

You are an enterprise administrator for WestSim Corporation. Because of a recent merger, the network has two forests, westsim.com and eastsim.com. You have a user account in the westsim.com domain. You want to be able to access resources in the eastsim.com domain. You do not want users in the eastsim.com domain to access resources in the westsim.com domain.

On westsim.com, configure an incoming trust to eastsim.com.

Your security policy states that all accounts should be locked out after three unsuccessful logon attempts and that accounts must be reset only by an administrator. A GPO enforces these settings. On Monday morning, you receive a call from the help desk. There are seven users who are unable to log in the domain. Upon further investigation, you notice all seven accounts have been locked out. You need to unlock the user accounts with the least amount of administrative effort while complying with your security policy.

Using Active Directory Users and Computers, select Unlock Account for each account.

Match the Active Directory term on the right with its corresponding definition on the left. Not every definition on the left have an associated term on the right.

*Data table: Contains all the information in the Active Directory data store. *Link Table: Contains data that represents linked attributes. *SD Table: Contains data that represents inherited security descriptors for each object. *Schema: Identifies the object classes that exist in the tree and the attributes of each class.

Organizational units organize network resources. You can use the organizational model that best meets your needs. Drag the organizational model on the left to the appropriate example OU on the right.

*Denver OU: Physical location model *Printers OU: Object type model *Sales OU: Corporate structure model *Engineering OU: Corporate structure model *Brazil OU: Physical location model *Brazil OU containing Sales OU: Hybrid model

Match the Active Directory term on the right with its corresponding definition of the left. Not every definition on the left have an associated term on the right.

*Domain Controller: A server that holds a copy of the Active Directory database that can be written to. *Forest Root Domain: The first domain created in an Active Directory forest. *Tree Root Domain: The highest level domain in a tree.

You currently have Active Directory and a domain controller installed on a Windows Server 2012 R2 server. You have decided that it is time to upgrade to Windows Server 2016 and that an in-place upgrade is your best option. To prepare for the upgrade, you will need to run Adprep.exe. Match the Adprep command and switch with the correct description.

*Extends the Active Directory schema and updates the permissions as necessary: Adprep/forestprep *Configures permissions so that RODCs are able to replicate DNS application directory partitions: Adprep/rodcprep *Updates domain information: Adprep/domainprep *Used to prepare Group Policy for migraiton: Adprep/domainprep/gpprep

Match each default Active Directory object on the left with the appropriate description on the right.

*Holds the default service administrator accounts: Builtin container *The default location for new user accounts and groups: Users container *The default location for domain controller computer accounts: Domain controller OU *The root container to the hierarchy: Domain container *The default location for workstations when they join the domain: Computers container

Drag each Active Directory term on the left to it's corresponding definition on the right.

*Logical organization of resources: Organizational Unit *Collection of network resources: Domain *Collection of related domain trees: Forest *Resource in the directory: Object *Group of related domains: Tree

You are working for a company that has a large Active Directory network with locations in New York City, Washington D.C., Seattle, Miami, and Des Moines. The company has just opened an office in Toronto. You are responsible for bringing the new Toronton site online. The Toronto and Washington locations are connected with a high-speed WAN link. A dial-up connection has also been configured between the two locations. You need to configure the new site links to accommodate the Toronto office.

1. Configure a site link to represent the high-speed connection between Toronto and Washington D.C.. Configure the site link cost to be 50. 2. Configure a site link to represent dial-up connection between Toronto and Washington D.C. Configure the site link cost to be 150.

You have not yet installed Active Directory Domain Services (AD DS) on a new Windows Server system. You are planning to use the computer as a domain controller in Active Directory.

1. Configure the computer name. 2. Set the system time and time zone.

You have a shared folder called Reports on the Sales1 server in the sales.westsim.com domain. The following two users need access to this shared folder. *Mark in the westsim.com domain *Mary in the sales.westsim.com domain You create a global group called Sales in westsim.com. You grant this group the necessary permissions to the Reports shared folder. You add Mark as a member of the group, but you are unable to add Mary as a group member.

1. Convert the group to a universal group. 2. Delete the existing group. Create a domain local group in sales.westsim.com. Add Mark and Mary as members and assign permissions to the share.

You are the administrator for a network with two domains, westsim.com and branch.westsim.com. User accounts for the sales team are in both domains. You have a shared folder called Reports on Sales1 server in the westsim.com domain. You also have a shared folder called Contacts on Sales6 server in the branch.westsim.com domain. All sales users need access to both shared folders. What do you need to do to implement a group strategy to provide access to the necessary resources?

1. Create a global group in each domain. Add users within each domain in the group. 2. Create a universal group in westsim.com. 3. Create a universal group in westsim.com 4. Add the universal group to domain local groups in each domain. 5. Assign permissions to the domain local groups.

You are the domain administrator for a single domain forest. Your company has based its top-level OU structure on the four divisions for your company, manufacturing, operations, marketing, and transportation. Each division has a global security group containing the user accounts for division managers. You want to have a single group that can be used when you need grant access to resources to all of your organization's managers. What should you do?

1. Create a global security group called AllMgrs and make each of the existing Division Manager groups a member. 2. Create a universal security group called AllMgrs and make each of the existing Division Manager groups a member.

You are the network administrator for a company with a single Active Directory domain. The domain and forest functional levels are running Windows Server 2012 R2. The company headquarters is located in Los Angeles, and its three branch offices are located in Denver, Chicago, and New York. There are high-speed WAN links that connect all of the branch offices to the corporate headquarters. The Chicago and New York offices also have a separate WAN link between them that should be used only when the connection to Los Angeles is unavailable. There is an Active Directory site configured for each office location, and all sites are connected by the default site link. You notice...

1. Create a site link named Chicago-NY and put the Chicago and New York sites into it. 2. Increase the site link cost for the Chicago-NY site link to 250.

The Support department has very high turnover. Nearly every week, you need to add a new user accounts. All user accounts have the same department and fax number settings. Each account must also have permission to the Orders shared folder. You want to create a template account to use when creating new accounts in the future.

1. Create a user account with the department and fax number settings. 2. Disable the user account. 3. Create a group called Support. Make the template account a member of the Support group. Assign permissions for the group to the Orders shared folder.

You are the network administrator for an Active Directory forest with a single domain named northsim.com. All domain controllers are running Windows Server 2016. Your company has just acquired a company that has the Active Directory forest with one Windows 2008 domain named southsim.com. The current structure of both forests must be retained for now. You need to design trust between the domains or forests to meet the following requirements: *Users in the northsim.com domain must be able to use the resources in the southsim.com domain. * Users in the southsim.com domain should not be able to use the resources in the northsim.com domain with the exception of selected management personnel, who will be allowed access to reports on one of the servers in the northside.com domain. *You would like to minimize the number of trusts created and the amount of effort needed to maintain the trusts.

1. Enable Selective Authentication for the northside.com forest. 2. Create a two-way forest trust between the northsim.com forest and southsim.com forest.

You are the network administrator for a network with a single Active Directory domain and default site configuration. Your domain consist of three domain controllers, two at the company headquarters in Los Angeles , and one in New York. Active Directory Domains and Trusts shows that all three domain controllers are replicating without errors. You have implemented a group structure using Microsoft's recommendation. You have global groups...

1. Make the domain controller in New York a global catalog server. 2. Create two sites, one called Los Angeles, and one called New York. Assign the IP subnet in use at each location to the appropriate site.

You have just started a new job as the administrator of the eastsim.com domain. The manage of the accounting department has overheard his employees jokes about how many employees are using "password" as their password. He wants you to configure a more restrictive password policy for employees in the account department. Before creating the password policy, you open the Active Directory Users and Computers structure and see the following containers and OU: eastsim.com *Builtin *Users *Computers *Domain Controllers Which steps must you perform to implement the desired password policy?

1. Put the accounting employees user objects into the OU created for the accounting employees. 2. Create an OU in eastsim.com for the accounting employees. 3. Configure the password policy and link it to the OU created for the accounting employees.

You manage the network with a single Active Directory domain named eastsim.com. You have installed a read-only domain controller in your branch office. As part of the configuration, you added the Authenticated Users group and the Domain Computers group as members of the Allowed RODC Password Replication Group group.

1. Rejoin the computers listed in the rodcpw.txt file to the domain. 2. Manually reset user account passwords for users listed in the rodcpw.txt file. Force users to change their passwords at next login.

You are the network administrator for corpnet.com. The company has a main office and four branch offices. All of the servers run Windows 2016. All of the sites have been added to the DEFAULTIPSITELINK object, which is set to replicate every 15 minutes. The Branch1 office contains one domain controller, DC3...

1. Remove the Branch1 office from the DEFAULTIPSITELINK. 2. Configure the Options attribute on the new link. Configure the Cost on the new link. 3. Create a new IP Site Link and add the main office and Branch1 office to the new link.

You are the network administrator with a single Active Directory domain. The company headquarters is located in Boston, and fifteen branch offices exist across the United States. Currently, one Active Directory site is configured for each branch office location. All sites are connected by the default site link. You notice that the default replication interval is to infrequent...

1. Remove the slow connection sites from the default site link. 2. Configure a new site link that contains the slow connection sites and the corporate headquarters site and configure an appropriate interval and schedule.

Your company has four sites within the Atlanta metropolitan area: Central Office (CO), Shipping (SH), Manufacturing (MN), and Warehouse (WH). Each site connects to the CO site with a T-1 link that operates at 1.544 Mbps. An auxiliary link between NM and WH sites....

1. Set the site link cost from CO-to-WH to 50. 2. Set the site link from MN-to-WH to 160. 3. Set the site link cost from CO-to-MN to 50.

At 5:30 p.m., you get a call from Mary Hurd, a user in the Sales department. Mary tells you that she can't log in. You use Active Directory Users and Computers and see the information shown in the image. You need to make sure Mary can log in.

1. Unlock Mary's account 2. Change the log in hours to extend past 5:30 p.m. 3. Change Mary's account to never expire.

You are the administrator of a network with two Active Directory domains. Each domain currently includes 35 global groups and 75 domain local groups. You have been reading the Windows Server help files and have come to the conclusion that universal groups may be the answer to ease administrative management of these groups. You decide to incorporate universal groups. How can you make sure to not include changes to any group that will affect group member's assigned permissions?

Add global groups to universal groups and then add those to domain local groups.

Consider the domain shown in the example below. Click on all user objects displayed in the image.

Click on Marty Bones and Mary Hurd

You need to configure the CORPDC server as a global catalog server. From within Active Directory Users and Computers, you have opened the properties dialog for this server. Where do you click?

Click on NTDS settings...

You are the network administrator for a network with a single Active Directory forest. The forest root domain name is westsim.local, and there are two child domains named support.westsim.local and research.westsim.local. Branch offices are located in Denver and Chicago. The corporate headquarters is located in Dallas. The Denver site has domain controllers from the support.westsim.local domain and research.westsim.local domains. Workstation computer accounts and user accounts for the Denver location...

Configure a shortcut trust between research.westsim.com domains and the support.westsim.com domain.

You manage a network with a single domain named widgets.com. The network has multiple domain controllers at two locations: Chicago and Baltimore. A WAN link connects the two locations. You create two site objects and configure a site link object to connect the two sites. To reduce WAN...

Configure all domain controllers to use DFS replication.

You are the administrator of an Active Directory domain, eastsim.com, which is at the Windows 2008 R2 functional Level. Your company has recent acquired a competitor who has an Active Directory domain, westsim.com, which is running Windows 2003 functional level. You have access to an administrator account in the westsim.com domain. You need to allow users in westsim.com to access shared folders on FS1 in the eastsim.com domain. You want to make sure that the shared folders on FS1 are the only resources in your domain that the westsim.com users can access.

Configure eastsim.com to have a one-way outgoing forest trust with westsim.com. Configure the trust to use selective authentication and grant domain users from westsim.com the Allowed to Authenticate permission on the FS1 computer account.

You are the network administrator for your company. Your network consists of two Active Directory domains, research.westsim.local and sales.westsim.local. Your company has two sites. Dallas and Houston. Each site has two domain controllers, one domain controller for each domain. Users in Houston...

Configure one of the domain controllers in Houston to be a global catalog server.

You are the network administrator of a network with a single Active Directory forest. The forest root domain is named westsim.local, and there are two child domains named europe.westsim.local and asia.westsim.local. All domain controllers are running Windows Server 2012 R2 or Windows Server 2016. Your network has five Active Directory sites in the United States, six in Europe, and three in Asia. All sites in Europe have two domain controllers from the europe.westsim.local domain and one domain controller from the westsim.local. Several sites in Europe are using outdated hardware for their domain controllers, and you have decided to update them. You install...

Configure the new server as a preferred bridgehead server for its site.

You are working for a company that has a large Active Directory network with locations in New York City, Washington, D.C., Seattle, Miami, and Des Moines. The company has just opened an office in Toronto. You are responsible for bringing the new Toronto site online...

Configure the site link between Toronto and Washington, D.C. to be available between 7:00 p.m. and 5:00 a.m.

You are the network administrator for westsim.com. The network consists of a single Active Directory domain. There is one main office located in New York, and several branch offices including one in Chattanooga, TN. All of the clients in Chattanooga, TN are configured using DHCP and obtain addresses in the 172.16.0.0/16 subnet with the scope ranging from 172.16.3.1 to 172.16.3.254. There are two domain controllers in the Chattanooga office named TNDC1 and TNDC2. TNDC1 has a static IP address of 172.16.2.3/16, and TNDC2 has a static IP address of 172.16.2.4/16. During the course of an IT audit, you notice that users authenticated by TNDC2 experience significant logon delays. You order a new server to replace TNDC2. As a temporary fix, you would life to ensure that all users in Chattanooga, TN, site are authenticated by TNDC1. The solution should enable users to be authenticated by TNDC2 only if TNDC1 fails. What should you do ?

Create a new Active Directory site. Create a new subnet object using the 172.16.2.4/32 subnet. Move TNDC2 to the new site.

You are the network administrator that spans two locations, Atlanta and Dallas. Atlanta and Dallas are connected using a dedicated WAN link. The Atlanta location is also connected to the internet. A single Active Directory domain spans both locations, and each location has a single domain controller. You have not used the Active Directory Sites and Services snap-in to make any changes to the default configuration. Users in Dallas complain that internet access is very slow at times. After monitoring the network traffic across the WAN link, you discover that the slow performance occurs after major changes are made to Active Directory. What is the first step to solving this problem?

Create a new site object in Active Directory and move the server object for the Dallas domain controller into the new site.

You are the administrator for WestSim Corporation. The network has a single domain, westsim.com, running at the Windows Server 2008 functional level. Five domain controllers running Windows Server 2012 R2 or Windows Server 2016 are located on the network. Your company recently merged with EastSim corporation. Their network has a single Active Directory domain running at the Windows 2003 forest functional level. For now, you need to maintain the eastsim.com domain as a separate forest. Users in eastsim.com need access to the resources in the westsim.com domain. However, users in westsim.com should not have access to any resources in the eastsim.com domain.

Create a one-way external trust where the westsim.com domain trusts the eastsim.com domain.

You are the network administrator for corpnet.com. Users in the .sales.us.corpnet.com domain frequently need to access shares in the sales.eu.corpnet.com, but report that it often takes a long time to be authenticated when accessing the shares. You need to reduce the amount of time it takes the users in sales.us.corpnet.com to be authenticated in sales.eu.corpnet.com

Create a shortcut trust.

You manage a single domain named southsim.com. The network has three locations: Seattle, Portland, and Boise. You need to configure Active Directory sites so that resource access and logon is localized for each location and WAN traffic is minimized...

Create a site for Seattle and a site that includes both Portland and Boise locations.

You are the network administrator for corpnet.com. corpnet.com has two Active Directory domains named corpnet.com and production.corpnet.com. They also have development domain in a separate forest named development.corpnet.net. You need to configure the Active Directory environment to meet the following requirements.: *Users in the development.corpnet.net domain must be able to access resources in the production.corpnet.com domain. *Users in the development.corpnet.net domain must not be able to access resources in the corpnet.com domain. *Users in the production.corpnet.com and corpnet.com domains must not bw able to access resources in the development.corpnet.net domain.

Create an external trust.

You are the network administrator for a company with a single Active Directory domain. The corporate office is located in Miami, and there are satellite offices in Boston and Chicago. There are Active Directory sites configured for all three geographic locations. The Default-First-Site-Name was renamed the Miami site. Each location has a single IP subnet configured and associated with the appropriate site. Each office has several domain controllers. The Boston office recently expanded to three additional floors in the office building that they are in. The additional floors....

Create subnets for the new floors in the Boston office and link them to the Boston site.

You are the network administrator for a company with a single Active Directory domain. The corporate office is located in Miami, and there are satellite offices in Boston and Chicago. There are Active Directory sites configured for all three geographic locations. The Default-First-Site-Name was renamed to become the Miami site. Each location has a single IP subnet configured and associated with the appropriate site. Each office has several domain controllers. The Boston office...

Create subnets for the new floors in the Boston office and link them to the Boston site.

You are the administrator for the eastsim.com domain. Your Active Directory structure has organizational units (OUs) for each company department. You have assistants who help with resetting passwords and managing group membership. You also want your assistants to help create and delete user accounts. Which of the following tool can you use to allow your assistants to perform these additional tasks?

Delegation of Control Wizard

You are the network administrator for an Active Directory forest with a single domain. The network has three sites with one domain at each site. You have created and configured sites in Active Directory Sites and Services, and replication is operating normally between sites. You configure two universal groups for use in securing the network. All users are members of one universal group or the other. After configuring the universal groups, users at site 2 and 3...

Designate the domain controllers at sites 2 and 3 as global catalog servers.

You are the network administrator for westsim.com. westsim.com has one main office and 50 branch offices. The network consists of one Active Directory domain that contains 5,000 users.

Install Active Directory Domain Services (AD DS) using the Install from Media (IFM) method and configure the read-only domain controller (RODC) option.

You are the network administrator for northsim.com, a company that specializes in extreme sports vacations. The company has one main office and 30 branch offices. All of the branch offices have 3 to 10 users on location, and all of them are located in remote areas of the country. Due to the need to be located near natural resources, many of the branch offices lack basic security and almost all of them are connected to the main office via dial-up. Users at the branch offices complain that it takes a long time to log on to the domain. Management has authorized the purchase and deployment of one Windows Server 2016 server for each branch office. You have been asked to develop a standard installation for the new servers being deployed. Your solution must meet the following requirements: • Each branch office server should perform authentication for users located at that branch office. • Each branch office server should be configured to minimize the amount of Active Directory information that will be compromised in the event that the server is stolen. • Each branch office server should be configured to minimize the amount of user data that will be compromised in the event that the server is stolen. What should you do?

Install a read-only domain controller (RODC) in each branch office. Configure the hard drive to use Bitlocker drive encryption.

You manage a network with a single Active Directory domain named eastsim.com Your company has a single office in Dallas. You open a second office in San Antonio. The San Antonio location is connected to the Dallas location by a WAN...

Install a read-only domain controller (RODC) in the branch office.

Which built-in local user account is a member of the local Administrators group?

Local System

You are a domain administrator for a large multi-domain network. There are approximately 2,500 computers in your domain. Organizational Units (OUs) have been created for each department. Group Policy objects (GPOs) are linked to each OU to configure department-wide user and computer settings. While you were on vacation, another 20 computers were added to the network. The computers appear to be functioning correctly with one exception: the computers do not seem to have the necessary GPO settings applied.

Move the computer accounts from their current location to the correct OUs.

You manage the eastsim.com forest with multiple domains. Your company has recently formed a partnership with the westsim.com forest which also has multiple domains. To facilitate sharing of information between locations, you create a two-way forest trust between eastsim.com and westsim.com. After several days, your boss...

On the eastsim.com domain, delete the outgoing trust.

You are the administrator for a small network. You have approximately 50 users who are served by a single Windows server. You are providing Active Directory, DNS, and DHCP with this server. Your clients all use Windows workstations. Last week, an employee quit. A replacement has been hired and will be starting next Monday. The new user will need to have access to everything the previous user had, including document files held in the Home folder. You need to set up an account for the new user that all the access required.

Rename the existing account, changing the name fields to match the new employee.

Your organization runs a Hyper-V hypervisor on Windows Server 2016 that hosts several Windows Server 2016 virtual domain controllers. You want to add an additional virtual domain controller. Instead of installing a new Windows Server 2016 virtual machine and promoting it to be a domain controller, you decide to simply copy one of the existing virtual domain controller's virtual machine files. You have completed all of the preparatory steps and are now ready to clone the source virtual machine. Which PowerShell cmdlets must you use to do this?

Rename-VM Export-VM Import-VM

You are the administrator for the northsim.com domain. The domain has two domain controllers, DC1 and DC2. DC1 is located in the main office, and DC2 is located in the branch office. You work in the branch office and manage the network there. The main office is connected to the branch office with a WAN link. A site object has been created for each location. The DEFAULTIPSITELINK object connects two locations. To reduce WAN traffic, replication between sites occurs between 8:00 p.m. and 5:00 a.m. The branch office....

Run repadmin/replicate DC2 DC1

You are the network administrator for westsim.com. The network consist of a single Active Directory domain. All the servers run Windows Server 2016. All the clients run Windows 10. There are three Active Directory sites, New York, Chicago, and Los Angeles. The New York site contains one domain controller named NYDC1. The Los Angeles site contains one domain controller named LADC1. The Chicago site does not contain any domain controllers. There are partial TI links between the New York site and Chicago site, and between Los Angeles site and the Chicago site. The appropriate site link objects are configured, and cost for both site links are set to 100. You determine that users from the Chicago office are being authenticated by the domain controller in Los Angeles. However...

Set the autositecoverage setting to LADC1 to 0.

Your network currently has the following Active Directory domains: westsim.com, emea.westsim.com, uk.emea.westsim.com, and us.westsim.com. Your company is closing its offices in the United States/ Previously, most of the network administration took place in that office. Now all IT administration will take place in your London offices. You have removed all domain controllers from the us.westsim.com domain except for the DC1 server. This server hosts the following roles: RID Master PDC Master Domain naming master Infrastructure Master Prior to removing....

Transfer the domain naming master to WS1, WS2, or WS4.

Your network currently has two domains, eastsim.com and sales.eastsim.com. You need to remove sales.eastsim.com domain. You have removed all domain controllers in the domain except for the DC1.sales.eastsim.com server. This server holds the following infrastructure master roles: RID Master PDC Master Infrastructure Master Domain naming Master You are getting ready to remove Active Directory from DC1. What should you do first?

Transfer the domain naming master to a domain controller in eastsim.com


Related study sets

Chapter 6 Strategic Progress Check

View Set

Missed PrepU Questions: Medication and I.V. Administration

View Set

Maternity - Ch 10. Nursing Care During Labor and Birth

View Set

chapter 2 reading critically for pathos 1-4 using emotions to build bridges 5-10

View Set