|
|
|
|
|
|
|
|
|
|
|
| MCSE Microsoft® Windows® 2000 Directory Services Infrastructure Readiness Review; Exam 70-217 |
|
|
|
|||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||
Objective Domain 1: Installing, Configuring, and Troubleshooting Active Directory Services
- 1.1 Install, configure, and troubleshoot the components of Active Directory services.
- 1.2 Back up and restore Active Directory services.
Objective Domain 1: Installing, Configuring, and Troubleshooting Active Directory Services
The Installing, Configuring, and Troubleshooting Active Directory Services domain focuses on the implementation of Active Directory services, which includes the installation of Active Directory software, the configuration of your Active Directory site structure, and the administration of Active Directory backups. To carry out the installation of Active Directory services, Windows 2000 Server provides the Active Directory Installation Wizard. You can use the wizard to add a domain controller to an existing domain, to create the first domain controller of a new domain, to create a new child domain, and to create a new domain tree. You can configure Active Directory site structure using the Active Directory Sites And Services console. Sites allow administrators to configure Active Directory access and replication topology easily and to take advantage of the physical network. You can use the Backup Wizard to back up System State data, which includes Active Directory services. Scheduling regular backups of Active Directory services ensures that you will be able to recover in the event of a system failure.
Tested Skills and Suggested Practices
The skills that you need to successfully master the Installing, Configuring, and Troubleshooting Active Directory Services domain on the Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure exam include:
- Installing Active Directory services.
- Practice 1: Create the first domain controller in a new domain. Add a new domain controller to an existing domain. Configure Domain Name System (DNS) automatically for Active Directory services using the Active Directory Installation Wizard. Examine the types of files created when you install Active Directory—database and database log files and the shared system volume—and the optimum location for these files. Promote your domain from mixed mode to native mode.
- Practice 2: Start the Active Directory Installation Wizard in two different ways. Use the wizard to install Active Directory services on a stand-alone server.
- Creating a site in a domain.
- Practice 1: Use the Active Directory Sites And Services console to create sites in a domain. Notice that the Default-First-Site-Name site is created automatically when Active Directory is installed on the first domain controller in the site.
- Creating a subnet for a site and associating an existing subnet with a site.
- Practice 1: Use the Active Directory Sites And Services console to create subnets and associate subnets with a site.
- Creating a site link and adding a site to an existing site link.
- Practice 1: Determine the purpose of creating site links. Determine whether Internet Protocol (IP) or Simple Mail Transfer Protocol (SMTP) replication is best for your organization.
- Practice 2: Review site link attributes: site link cost, replication frequency, and replication availability. Enter the site link attributes that suit your organizational needs using the Active Directory Sites And Services console.
- Practice 3: Use the Active Directory Sites And Services console to create site links and to add sites to existing site links. Notice that the DEFAULTIPSITELINK site link is created automatically when Active Directory is installed on the first domain controller in the site.
- Creating site link bridges and understanding when to use site link bridges.
- Practice 1: Use the Active Directory Sites And Services console to create site link bridges and to bridge all site links for an intersite transport.
- Configuring connections manually and forcing replication over a connection.
- Practice 1: Use the Active Directory Sites And Services console to configure connections manually. Learn how to force replication over a connection.
- Moving server objects (member servers and domain controllers) between sites.
- Practice 1: Use the Active Directory Sites And Services console to move member servers and domain controllers between sites.
- Creating global catalog servers.
- Practice 1: Use the Active Directory Sites And Services console to enable a global catalog.
- Verifying Active Directory installation by viewing a domain.
- Practice 1: Log on as Administrator and use My Network Places to view a domain and thus verify Active Directory installation.
- Transferring operations master roles assignments from one domain controller to another.
- Practice 1: Use the Active Directory Users And Computers console to transfer the relative ID master, the PDC emulator master, and the infrastructure master role assignments. Use the Active Directory Domains And Trusts console to transfer the domain naming master role assignment. Use the Active Directory Schema snap-in to transfer the schema master role assignment.
- Implementing an organizational unit (OU) structure.
- Practice 1: Use the Active Directory Users And Computers console to create OUs that mirror your organization’s functional or business structure. Review the various tabs and data fields of the OU properties sheet. Set properties for the OUs.
Further Reading
Objective 1.1
Microsoft Corporation. MCSE Training Kit: Microsoft Windows 2000 Active Directory Services. Redmond, Washington: Microsoft Press, 2000. Review Lessons 2 through 4 in Chapter 4, "Implementing Active Directory," for instruction and practice on installing Active Directory, transferring operations master roles, verifying Active Directory installation, and implementing an OU structure. Review Lessons 1 through 4 in Chapter 6, "Configuring Sites," for instruction and practice on creating sites, subnets, site links, site link bridges, connection objects, and global catalog servers and on moving server objects between sites.
Microsoft Corporation. MCSE Training Kit: Microsoft Windows 2000 Server. Redmond, Washington: Microsoft Press, 2000. Review Lessons 3 and 4 in Chapter 6, "Active Directory Services," for instruction and practice on installing Active Directory services and implementing an OU structure.
Microsoft Corporation. Microsoft Windows 2000 Server Resource Kit. Volume: Microsoft Windows 2000 Server Distributed Systems Guide. Redmond, Washington: Microsoft Press, 2000. Review Chapter 1, "Active Directory Logical Structure," for information about global catalog servers. Review Chapter 6, "Active Directory Replication," for information about creating sites, subnets, site links, site link bridges, connection objects, and global catalog servers. Review Chapter 7, "Managing Flexible Single-Master Operations," for detailed information about transferring operations master roles.
Objective 1.2
Microsoft Corporation. MCSE Training Kit: Microsoft Windows 2000 Active Directory Services. Redmond, Washington: Microsoft Press, 2000. Review Lessons 6 and 7 in Chapter 11, "Administering Active Directory," for instruction on backing up and restoring Active Directory, including recovering from a system failure.
Microsoft Corporation. Microsoft Windows 2000 Server Resource Kit. Volume: Microsoft Windows 2000 Server Distributed Systems Guide. Redmond, Washington: Microsoft Press, 2000. Review Chapter 6, "Active Directory Replication," for detailed information about backing up and restoring Active Directory services, including recovering from a system failure.
1.1 Install, configure, and troubleshoot the components of Active Directory services.
You can install Active Directory services by using the Active Directory Installation Wizard. Launch the wizard by running Configure Your Server on the Administrative Tools menu of the Start menu, or by running DCPROMO from the command prompt. When you install Active Directory services using the wizard, you must have the background knowledge and skills to determine:
- Whether to create the first domain controller of a new domain or add a domain controller to an existing domain
- Whether to create a new child domain
- Whether to create a new domain tree
- Whether to allow the wizard to install a DNS server or to configure DNS manually
- The location of the database, database log files, and the shared system volume
Once Active Directory services are installed, you can verify the installation by viewing the new domain using the Active Directory Users And Computers console.
Active Directory services supports multimaster replication of the directory data store between all domain controllers in the domain. Some changes are impractical to perform in multimaster fashion, however, so only one domain controller, called the operations master, accepts requests for such changes.
After you have completed and verified the installation, you should plan operations master role locations for the domain and forest. Operations master roles are assigned to one or more domain controllers in a domain for the purpose of performing single-master replication. There are five operations master roles; two of the roles must appear in every forest, and the remaining three roles must appear in every domain in the forest. The operations master roles that must appear in every forest are:
- Schema master
- Domain naming master
The operations master roles that must appear in every domain in a forest are:
- Relative ID master
- Primary domain controller (PDC) emulator master
- Infrastructure master
You transfer the schema master role assignment to another domain controller by using the Active Directory Schema snap-in. You transfer the domain naming master role assignment to another domain controller by using the Active Directory Domains And Trusts console. You transfer the relative ID master, the PDC emulator master, and the infrastructure master role assignments by using the Active Directory Users And Computers console.
The organizational unit (OU) structure for your domain should mirror your organization’s functional or business structure. You can implement your OU structure by creating OUs and setting OU properties using the Active Directory Users And Computers console. The properties that you set for each OU can be used to perform a search within Active Directory services.
After you determine the logical environment for your organization, you must determine the physical structure. Site structure mirrors the physical environment of your organization and is maintained separately from the logical environment (domain structure). In Active Directory services, a site is a combination of one or more Internet Protocol (IP) subnets connected by a fast, reliable link. The way in which sites are configured affects the workstation logon/authentication and directory replication processes. To configure a site, you must first configure the settings for the site and then configure intersite replication.
You configure site settings by using the Active Directory Sites And Services console to perform the following tasks:
- Creating a site
- Associating a subnet with the site
- Connecting the site using site links
- Selecting a site license server
When you install Active Directory services on the first domain controller at a site, a default site named Default-First-Site-Name is automatically created in the Sites container. Subnet information is used to locate a domain controller during workstation logon/authentication and to determine the best routes between domain controllers during Active Directory replication. Site links must be created for replication to occur between two sites. Site links can exchange information using one of two replication protocols: IP or SMTP. IP replication allows low-speed, point-to-point, synchronous replication between all directory partitions. SMTP replication allows low-speed, asynchronous replication between the schema, configuration, and global catalog directory partitions. When you install Active Directory on the first domain controller at a site, a default site link named DEFAULTIPSITELINK is automatically created in the IP container. A site license server collects licensing information for a site and allows the site administrator to view the site’s licensing history (purchases, deletions, usage).
You configure intersite replication by using the Active Directory Sites And Services console to perform the following tasks:
- Configuring site link attributes
- Creating site link bridges
- Configuring connection objects (optional)
- Designating a preferred bridgehead server (optional)
Site link attributes include site link cost, replication frequency, and replication availability information. Site link cost is a value assigned to each connection used for intersite replication. Because Active Directory services select connections based on cost, the cheapest connection will always be used if available. Replication frequency is the number of minutes Active Directory services should wait before using a connection to check for replication updates. Replication availability is the schedule that determines when a site link is available. A site link bridge represents a set of site links whose sites communicate transitively through some transport. A site link bridge can allow connections to be created between two sites that are not connected by an explicit site link.
Because Active Directory services automatically create and delete connections designed to optimize replication, it may not be necessary to configure connection objects manually. You should configure connections manually only if you are certain the connection is required.
Although all domain controllers are used to exchange information between sites, you can specify a preferred bridgehead server to specify the preferred domain controller for intersite replication. Using intrasite replication, the bridgehead server then distributes directory information. If your organization uses a firewall to protect a site, you must establish your firewall proxy server as a preferred bridgehead server to ensure the successful exchange of directory information.
To meet the changing needs of your organization, you may need to maintain server settings for a site. A global catalog is created automatically on the first domain controller in the forest, which becomes the global catalog server. Depending on the ability of your network structure to handle replication and query traffic, you can designate additional domain controllers as global catalog servers using the Active Directory Sites And Services console. You can also move member servers and domain controllers between sites using the Active Directory Sites And Services console.
MCM
70-217.01.01.001
B, E, and F
Replication on part of your network is inefficient due to a slow link between network segments. To solve this problem, you want to configure a new site for part of your network. You have created a site object using the Active Directory Sites And Services console. Which tasks must you complete to configure the site? (Choose all that apply.)
A. Create a new domain.
Incorrect:
A. It is not necessary to create a new domain to configure the site.
B. Select a site license server.
Correct:
B. The site license server contains the Microsoft BackOffice software licensing information for each site. This information is used by the site or site license server administrator to view licensing history for the entire site. By default, the site license server is the first domain controller for the site; however, the site license server does not have to be a domain controller. Selecting a site license server is the final consideration in configuring the site.
C. Configure filters for the link.
Incorrect:
C. It is not possible to configure filters for a site link.
D.Assign a DNS server to the site.
Incorrect:
D. DNS servers are assigned not to sites but to domains.
E. Associate a subnet with the site.
Correct:
E. A site is a set of one or more subnets. When a computer in a site is authenticated during logon, subnet information is used to find the site’s domain controller and to determine the best routes between domain controllers for Active Directory replication. After you create a site object, you must create a subnet and associate the subnet with the site.
F. Connect the site using site links.
Correct:
F. For replication to occur between two sites, a site link must be established. The Active Directory Installation Wizard automatically creates an object named DEFAULTIPSITELINK, which you can rename to the name you want to use for a site link. After you create a site object and a subnet, and associate a subnet with the site, you must create a site link.
MCM
70-217.01.01.002
D and E
You are creating site links and have chosen SMTP replication as the replication protocol. What are the advantages of using this protocol? (Choose all that apply.)
A. SMTP does not require a certificate authority (CA).
Incorrect:
A. The CA is responsible for ensuring the authenticity of directory updates. SMTP replication requires you to complete the process of installing and configuring a CA.
B. SMTP can replicate over site links and within a site.
Incorrect:
B. SMTP replication is used only for replication over site links (intersite). It is not used for replication within a site (intrasite).
C. SMTP enables uniform high-speed, synchronous replication.
Incorrect:
C. SMTP enables low-speed, asynchronous replication between the schema, configuration, and global catalog directory partitions.
D. SMTP traffic can be secured, monitored, and managed across a WAN environment.
Correct:
D. When sites are on opposite ends of a WAN link, it may not be desirable or possible to perform synchronous IP replication. Asynchronous SMTP replication provides store-and-forward transport necessary for the WAN environment.
E. SMTP can replicate information over a network backbone that is not based on TCP/IP.
Correct:
E. SMTP replication is best used where RPC-over-IP transport is not possible, such as an X.400 network backbone.
MCS
70-217.01.01.003
C
A segment on your network has a slow and congested link that is made worse by directory replication. You need to create a new site for the network segment to solve this problem. The network segment already has an assigned subnet that you should use when you configure the site. Which object should you configure using the Active Directory Sites And Services console to associate the existing subnet with the new site?
A. The DNS server object
Incorrect:
A. It is not necessary, nor is it possible, to configure the DNS server object using the Active Directory Sites And Services console.
B. The site you are configuring
Incorrect:
B. You have already created a new site. Configuring a site includes associating a subnet with the site, connecting the site using site links, and selecting a site license server. At this point, you want to associate an existing subnet with your site.
C. The subnet that you want to associate with the site
Correct:
C. To associate an existing subnet with your site using the Active Directory Sites And Services console, you must configure that subnet object. In the Active Directory Sites And Services console, open the Subnets folder, right-click the subnet you want to configure, and then click Properties. In the Properties dialog box for the subnet, select the site with which to associate this subnet from the choices available in the Site list, and then click OK.
D. The NTDS settings object of the server associated with the site
Incorrect:
D. It is not necessary to configure the NTDS settings object of the server associated with the site to associate the existing subnet with the new site.
E. The relative ID master for the domain that contains the subnet object
Incorrect:
E. It is not necessary, nor is it possible, to configure the relative ID master for the domain that contains the subnet object using the Active Directory Sites And Services console.
MCM
70-217.01.01.004
C and D
Which tasks should you complete in the New Object-Site Link Bridge dialog box when creating a site link bridge?
A. Set the replication schedule.
Incorrect:
A. It is not necessary to set the replication schedule to create a site link bridge. You cannot set the replication schedule in the New Object-Site Link Bridge dialog box.
B. Select the transport protocol.
Incorrect:
B. You select the replication transport protocol when you create a site link, not when creating a site link bridge. You cannot select the transport protocol in the New Object-Site Link Bridge dialog box.
C. Select two or more sites to connect.
Correct:
C. To create a site link bridge, you must select two or more sites to connect in the New Object-Site Link Bridge dialog box.
D. Enter a name for the site link bridge.
Correct:
D. To create a site link bridge, you must enter a name for the site link bridge in the New Object-Site Link Bridge dialog box.
E. Clear (disable) the Bridge All Site Links check box.
Incorrect:
E. It is not necessary to clear the Bridge All Site Links check box to create a site link bridge. The New Object-Site Link Bridge dialog box does not have a Bridge All Site Links check box. You can clear the Bridge All Site Links check box in the IP Properties dialog box or the SMTP Properties dialog box.
MCS
70-217.01.01.005
D
You are configuring site link costs for a T1, an ISDN, and a dial-up connection. You need to assign a cost for each link. Which cost values would be appropriate?
A. Dial-up=80, ISDN=100, T1=110
Incorrect:
A. Cost values are relative; the lower the cost value, the higher the priority. The fastest link (T1) should have the lowest value, the next fastest link (ISDN) should have a higher value, and the slowest link (dial-up) should have the highest cost value.
B. ISDN=80, dial-up=100, T1=110
Incorrect:
B. Cost values are relative; the lower the cost value, the higher the priority. The fastest link (T1) should have the lowest value, the next fastest link (ISDN) should have a higher value, and the slowest link (dial-up) should have the highest cost value.
C. ISDN=100,T1=110, dial-up=120
Incorrect:
C. Cost values are relative; the lower the cost value, the higher the priority. The fastest link (T1) should have the lowest value, the next fastest link (ISDN) should have a higher value, and the slowest link (dial-up) should have the highest cost value.
D. T1=100, ISDN=110, dial-up=120
Correct:
D. Cost values are relative; the lower the cost value, the higher the priority. The fastest link (T1) has the lowest value of 100, the next fastest link (ISDN) has a higher value of 110, and the slowest link (dial-up) has the highest cost value of 120.
MCS
70-217.01.01.006
C
You need to configure a connection manually. You start the Active Directory Sites And Services console by clicking Start, pointing to Programs, pointing to Administrative Tools, and clicking Active Directory Sites And Services. What should you do next?
A. Right-click the Sites folder, and select New Active Directory Connection.
Incorrect:
A. You cannot select New Active Directory Connection by right-clicking the Sites folder.
B. Expand the Subnets folder, and select the subnet for one of the sites you want to connect.
Incorrect:
B. You cannot configure a connection manually using the subnet objects for the sites you want to connect.
C. Navigate to the NTDS settings for the domain controller for which you want to add the connection.
Correct:
C. To navigate to the NTDS settings for the domain controller for which you want to add the connection, you double-click the site that contains the domain controller. Then, open the Servers folder, right-click the domain controller, right-click NTDS Settings, and then click New Active Directory Connection. From this point, in the Find Domain Controllers dialog box, click the domain controller you want to include in the connection object, and click OK. Then in the New Object-Connection dialog box, enter a name for the new connection object in the Name field, and click OK.
D. Open the Servers folder, right-click the domain controller for which you want to add the connection, and select New Active Directory Connection.
Incorrect:
D. You cannot select New Active Directory Connection by right-clicking the domain controller. The connection object is a child of the NTDS settings object and references the replication source domain controller.
MCS
70-217.01.01.007
D
Your Active Directory network exists in two locations, LON and PAR. Each location is a separate site. The sites are connected via a T1 link, and each site is protected by a proxy server firewall. You created a site link that uses the SMTP-over-IP transport to facilitate replication between the sites. A global catalog server resides at the LON site, but none exists at the PAR site. You want to designate a global catalog server at the PAR site to facilitate the logon process. On which computer should you enable the global catalog server?
A. Workstation
Incorrect:
A. You cannot designate a workstation as a global catalog server. Only a domain controller can be designated as a global catalog server.
B. Proxy server
Incorrect:
B. You cannot designate a proxy server as a global catalog server. Only a domain controller can be designated as a global catalog server.
C. Member server
Incorrect:
C. You cannot designate a member server as a global catalog server. Only a domain controller can be designated as a global catalog server.
D. Domain controller
Correct:
D. Only a domain controller can be designated as a global catalog server.
MCM
70-217.01.01.008
A, E, F, and G
You need to install Active Directory services on a Windows 2000 server. In so doing, you want to achieve the following results:
Install a DNS server
Install a DHCP server
Install a certificate server
Create multiple sites and site links
Create the shared system volume
Create the first domain controller of a new domain
Create the database and database log files for the new domain
Your proposed solution is:
Launch the Active Directory Installation Wizard at the Windows 2000 server and use the wizard to complete the tasks listed above.
Which results does the proposed solution provide? (Choose all that apply.) A. Install a DNS server.
Correct:
A. The Active Directory Installation Wizard configures your Windows 2000 DNS server automatically. If you want to set up a configuration other than the default configuration provided by the wizard, you can configure DNS manually using the DNS console.
B. Install a DHCP server.
Incorrect:
B. The Active Directory Installation Wizard does not configure your Windows 2000 DHCP server. To install a DHCP server, you must install and configure the DHCP service.
C. Create multiple sites and site links.
Incorrect:
C. Although the Active Directory Installation Wizard creates the Default-First-Site-Name default site and the DEFAULTIPSITELINK default site link, you cannot create multiple sites and site links by using the wizard.
D. Install a certificate server.
Incorrect:
D. The Active Directory Installation Wizard does not install a certificate server. To install a certificate server; you must install and configure Certificate services.
E. Create the shared system volume.
Correct:
E. The Active Directory Installation Wizard automatically creates the shared system volume in the default location of systemroot\SYSVOL, where systemroot is the Windows 2000 directory. The shared system volume is a folder structure on all Windows 2000 domain controllers that stores scripts and some group policy objects for the domain and enterprise.
F. Create the first domain controller of a new domain.
Correct:
F. The Active Directory Installation Wizard allows you to choose whether to add the new domain controller to an existing domain or create the first domain controller for a new domain.
G. Create the database and database log files for the new domain.
Correct:
G. The Active Directory Installation Wizard automatically creates the database and database log files in the default location of systemroot\NTDS, where systemroot is the Windows 2000 directory. The database is the directory for the new domain.
MCM
70-217.01.01.009
B and D
When you install Active Directory services, you can accept the default locations of the directory database, database log files, and shared system volume, or you can specify an alternate location. Which locations would yield the best performance in a server with two hard disks, assuming both are formatted NTFS 5.0? (Choose two.)
A. Accept the default locations.
Incorrect:
A. The default locations place all three components on the same hard disk. For best performance, you should place the directory database and the log file on separate hard disks.
B. Place the shared system volume and database log files on one disk and the directory database on the other.
Correct:
B. For best performance, you should place the directory database and the log file on separate hard disks. The shared system volume only requires location on a partition or volume formatted with NTFS 5.0.
C. Place the directory database and database log files on one disk and the shared system volume on the other.
Incorrect:
C. For best performance, you should place the directory database and the log file on separate hard disks. The shared system volume only requires location on a partition or volume formatted with NTFS 5.0.
D. Place the directory database and shared system volume on one disk and the database log files on the other.
Correct:
D. For best performance, you should place the directory database and the log file on separate hard disks. The shared system volume only requires location on a partition or volume formatted with NTFS 5.0.
MCM
70-217.01.01.010
A and C
You need to install Active Directory services on a Windows 2000 server. Which methods can you use to launch the Active Directory Installation Wizard? (Choose two.)
A. Run DCPROMO from the Run dialog box.
Correct:
A. Running DCPROMO from the Run dialog box is one method of launching the Active Directory Installation Wizard.
B. Run ADSETUP from the Run dialog box.
Incorrect:
B. Running ADSETUP from the Run dialog box results in an error message and is not a valid method of launching the Active Directory Installation Wizard.
C. Run Configure Your Server on the Administrative Tools menu of the Start menu.
Correct:
C. Running Configure Your Server on the Administrative Tools menu of the Start menu is one method of launching the Active Directory Installation Wizard.
D. Run Install Active Directory on the Action menu of the Active Directory Sites And Services console.
Incorrect:
D. The Run Install Active Directory option is not available on the Action menu of Active Directory Sites And Services.
MCS
70-217.01.01.011
C
You need to move a domain controller from one site to another. You start the Active Directory Sites And Services console and select the domain controller that you want to move. What should you do next?
A. Drag the domain controller to the new site.
Incorrect:
A. It is not possible to drag the domain controller to a new site.
B. Right-click the domain controller, select Cut, navigate to the site to which you want to move the domain controller, and click Paste.
Incorrect:
B. It is not possible to cut and paste the domain controller to the new site.
C. Click Move on the Action menu, select the site to which you want to move the domain controller in the Move Server dialog box, and click OK.
Correct:
C. By clicking Move on the Action menu, selecting the site to which you want to move the domain controller, and then clicking OK, you can successfully move the domain controller to the new site.
D. Right-click the domain controller, select Advanced, select the site to which you want to move the domain controller in the Move Server dialog box, and click OK.
Incorrect:
D. It is not possible to select Advanced when right-clicking the domain controller in the Active Directory Sites And Services console.
MCS
70-217.01.01.012
D
You need to transfer the role of relative ID master for a domain. What should you do first?
A. Open the Active Directory Schema snap-in.
Incorrect:
A. Use the Active Directory Schema snap-in to transfer the schema master role assignment.
B. Open the Active Directory Sites And Services console.
Incorrect:
B. You cannot use the Active Directory Sites And Services console to transfer any of the operations master roles.
C. Open the Active Directory Domains And Trusts console.
Incorrect:
C. Use the Active Directory Domains And Trusts console to transfer the domain naming master role assignment.
D. Open the Active Directory Users And Computers console.
Correct:
D. Use the Active Directory Users And Computers console to transfer the relative ID master, the PDC emulator master, or the infrastructure master role assignments.
MCS
70-217.01.01.013
C
You need to transfer the domain naming master role assignment. What should you do first?
A. Open the Active Directory Schema snap-in.
Incorrect:
A. Use the Active Directory Schema snap-in to transfer the schema master role assignment.
B. Open the Active Directory Sites And Services console.
Incorrect:
B. You cannot use the Active Directory Sites And Services console to transfer any of the operations master roles.
C. Open the Active Directory Domains And Trusts console.
Correct:
C. Use the Active Directory Domains And Trusts console to transfer the domain naming master role assignment.
D. Open the Active Directory Users And Computers console.
Incorrect:
D. Use the Active Directory Users And Computers console to transfer the relative ID master, the PDC emulator master, or the infrastructure master role assignments.
MCS
70-217.01.01.014
A
You need to transfer the schema master role assignment. What should you do first?
A. Open the Active Directory Schema snap-in.
Correct:
A. Use the Active Directory Schema snap-in to transfer the schema master role assignment.
B. Open the Active Directory Sites And Services console.
Incorrect:
B. You cannot use the Active Directory Sites And Services console to transfer any of the operations master roles.
C. Open the Active Directory Domains And Trusts console.
Incorrect:
C. Use the Active Directory Domains And Trusts console to transfer the domain naming master role assignment.
D. Open the Active Directory Users And Computers console.
Incorrect:
D. Use the Active Directory Users And Computers console to transfer the relative ID master, the PDC emulator master, or the infrastructure master role assignments.
MCM
70-217.01.01.015
A, C, and E
The first computer installed into your Active Directory forest just met the minimum hardware requirements. To increase performance, you purchased a more powerful server to replace the server. You want to demote the initial server to a Windows 2000 member server, but first you need to transfer all operations master roles to the new Windows 2000 server. You want to achieve these results:
Transfer the relative ID master role
Transfer the schema master role
Transfer the PDC emulator role
Transfer the domain naming master role
Transfer the infrastructure master role
Your proposed solution is to open the Active Directory Users And Computers console on the initial server. Right-click the domain node that you want to transfer the roles to, and then click Connect To Domain. In the Connect To Domain dialog box, click Browse and select the domain from the list, and then click OK. In the console tree, right-click the Active Directory Users And Computers node, and then click Operations Masters. In the Operations Master dialog box, perform the following tasks:
- Click the RID tab, and then click Change.
- Click the Schema tab, and then click Change.
- Click the PDC tab, and then click Change.
- Click the Domain Naming tab, and then click Change.
- Click the Infrastructure tab, and then click Change.
- Click OK to close the Operations Master dialog box.
Which results does the proposed solution provide? (Choose all that apply.)
A. Transfer the relative ID master.
Correct:
A. The proposed solution uses the Active Directory Users And Computers console to transfer the roles. The RID tab is used to transfer the relative ID master role assignment.
B. Transfer the schema master role.
Incorrect:
B. You must use the Active Directory Schema snap-in to transfer the schema master role assignment.
C. Transfer the PDC emulator master role.
Correct:
C. The proposed solution uses the Active Directory Users And Computers console to transfer the roles. The PDC tab is used to transfer the PDC emulator master role assignment.
D. Transfer the domain naming master role.
Incorrect:
D. You must use the Active Directory Domains And Trusts console to transfer the domain naming master role assignment.
E. Transfer the infrastructure master role.
Correct:
E. The proposed solution uses the Active Directory Users And Computers console to transfer the roles. The Infrastructure tab is used to transfer the infrastructure master role assignment.
MCS
70-217.01.01.016
D
You need to create an organizational unit (OU) for the Sales department of your company. You log on to a Windows 2000 domain controller as Administrator. What should you do next?
A. Open the Active Directory Schema snap-in.
Incorrect:
A. The Active Directory Schema snap-in allows you to view and modify Active Directory schema. It is not used to create an OU.
B. Open the Active Directory Sites And Services console.
Incorrect:
B. The Active Directory Sites And Services console is used to manage information about the physical structure of your network (sites). It is not used to create an OU.
C. Open the Active Directory Domains And Trusts console.
Incorrect:
C. The Active Directory Domains And Trusts console is used to manage trust relationships between domains. It is not used to create an OU.
D. Open the Active Directory Users And Computers console.
Correct:
D. The Active Directory Users And Computers console is used to create OUs. Right-click on the location (such as a domain node) where you want to create the OU, point to New from the shortcut menu, and then click Organizational Unit.
MCS
70-217.01.01.017
B
You created an organizational unit (OU) but did not specify any values on the General tab for the OU Properties dialog box. How will this affect the functionality of Active Directory services?
A. The OU cannot link to group policies.
Incorrect:
A. If you do not specify property values for the OU, the OU will still be able to link to group policies.
B. You cannot search for the OU by its description.
Correct:
B. If you do not specify property values for the OU in the General tab of the OU properties dialog box, you will not be able to search for the OU by its description. Although there are many fields on the General tab, the "description" criterion is the only searchable property contained in the General tab.
C. Only the creator of the OU can view the OU.
Incorrect:
C. If you do not specify property values for the OU, other users may still view the OU.
D. The OU will not replicate across site links.
Incorrect:
D. If you do not specify property values for the OU, the OU will still replicate across site links.
1.2 Back up and restore Active Directory services.
When you back up Active Directory services, you must specify that you want to back up System State data. In Windows 2000, System State data is comprised of the registry, the COM+ Class Registration database, system boot files, the Certificate Services database (if the server is a certificate server), and Active Directory services and the SYSVOL directory (if the server is a domain controller).When you restore the System State data (including Active Directory services) to a domain controller, you must specify whether you want to perform a nonauthoritative restore or an authoritative restore. The default restore method is nonauthoritative.
A nonauthoritative restore brings components of the System State data that are replicated with another domain controller (such as Active Directory services) up to date by replication after you restore the data. An authoritative restore recovers the deleted objects and replicates them; changes made after the last backup operation are not restored.
To perform an authoritative restore, you must first start your computer in a special mode called Directory Services Restore Mode. This mode takes Active Directory services offline, allowing you to restore the SYSVOL directory and Active Directory database. The next step is to perform a nonauthoritative restore using the Restore Wizard. Restart the computer, but before the computer completes restart, you must again start in Directory Services Restore Mode. Use the NTDSUTIL utility to authoritatively restore your choice of Active Directory objects, which will then be propagated through replication.
MCM
70-217.01.02.001
A, C, and D
While configuring Active Directory services, you erroneously deleted an organizational unit (OU) object. Fortunately, you have a known good Active Directory backup that you can use to restore the object. You want to use the backup to achieve these results:
Restore the deleted OU object and all objects within the OU
Retain modifications made to the objects within the OU since the backup was created
The restore should not affect objects outside of the deleted OU object
Propagate the restored object to other domain controllers through replication
Your proposed solution is to perform an authoritative restore of the OU. After the authoritative restore is complete, you will then restart the computer in normal mode, verify that the SYSVOL share is published, and copy policy folders corresponding to the restored policy objects from the alternate location over the existing ones.
Which results does the proposed solution provide? (Choose all that apply.) A. Restore the deleted OU object and all objects within the OU.
Correct:
A. By performing an authoritative restore of the OU, you restore the OU and its objects without any effect on other data and objects.
B. Retain modifications made to the objects within the OU since the backup was created.
Incorrect:
B. An authoritative restore does not allow you to retain modifications made to the objects within the OU since the last backup was created. You should perform a nonauthoritative restore to update the restored data with newer data from your other servers.
C. The restore should not affect objects outside of the deleted OU object.
Correct:
C. When performing an authoritative restore, you mark only the deleted OU object as authoritative. This action restores only the deleted OU and leaves other objects undisturbed.
D. Propagate the restored object to other domain controllers through replication.
Correct:
D. When the restored domain controller is online and connected to the network, replication propagates the authoritatively restored OU to other domain controllers in the forest.
MCS
70-217.01.02.002
B
You are using the NTDSUTIL utility to authoritatively restore an organizational unit (OU) that was mistakenly deleted. The deleted OU is named "orders" and was located in the stsware.com domain. Which command should you enter at the authoritative restore prompt to authoritatively restore the organizational unit?
A. Ntdsutil OU=orders,DC=stsware,DC=com
Incorrect:
A. This is not the command to enter at the authoritative restore prompt to authoritatively restore the OU. You should type ntdsutil at the command prompt to invoke the NTDSUTIL utility. You should type the distinguished name of the OU after the RESTORE SUBTREE command to authoritatively restore the OU.
B. Restore subtree OU=orders,DC=stsware,DC=com
Correct:
B. To authoritatively restore the OU, you should type restore subtree followed by the OU’s distinguished name at the authoritative restore prompt.
C. Restore database OU=orders,DC=stsware,DC=com
Incorrect:
C. This is not the command to enter at the authoritative restore prompt to authoritatively restore the OU. You should type restore database at the authoritative restore prompt to restore the entire directory. You should type the distinguished name of the OU after the RESTORE SUBTREE command to authoritatively restore the OU.
D. Authoritative restore OU=orders,DC=stsware,DC=com
Incorrect:
D. This is not the command to enter at the authoritative restore prompt to authoritatively restore the OU. You should type authoritative restore at the NTDSUTIL prompt to invoke the authoritative restore command. You should type the distinguished name of the OU after the RESTORE SUBTREE command to authoritatively restore the OU.
MCS
70-217.01.02.003
F
You need to authoritatively restore a select portion of Active Directory data. What must you do before you can use the NTDSUTIL utility to authoritatively restore the data?
A. Publish the SYSVOL.
Incorrect:
A. It is not necessary to publish the SYSVOL before you can use the NTDSUTIL utility to authoritatively restore the data.
B. Perform a Primary restore.
Incorrect:
B. Because primary restore does not exist in Windows 2000, it is not possible to perform a primary restore for Active Directory services.
C. Synchronize Active Directory services.
Incorrect:
C. It is not necessary to synchronize Active Directory services before you can use the NTDSUTIL utility to authoritatively restore the data.
D. Revoke and reissue orphaned certificates.
Incorrect:
D. It is not necessary to revoke and reissue orphaned certificates before you can use the NTDSUTIL utility to authoritatively restore the data.
E. Bring down all domain controllers at the site.
Incorrect:
E. It is not necessary to bring down all domain controllers at the site before you can use the NTDSUTIL utility to authoritatively restore the data.
F. Nonauthoritatively restore the System State data.
Correct:
F. To authoritatively restore a select portion of Active Directory data, you must run the NTDSUTIL utility after you perform a nonauthoritative restore of the System State data but before you restart the server.
MCS
70-217.01.02.004
D
The primary disk drive in one of your domain controllers failed. You replaced the disk and successfully restored the file system using a tape backup. You also need to restore Active Directory services from the tape backup, but the Active Directory data stored on the tape is not current. Which type of restore should you perform to restore Active Directory services on the domain controller and allow the Active Directory replication system to update the restored data with newer data from your servers?
A. Verinc
Incorrect:
A. Verinc is not a type of restore. Verinc is part of a command used to authoritatively restore a subtree of the directory and override the version increase.
B. Primary
Incorrect:
B. Primary is not a type of restore used in Windows 2000.
C. Authoritative
Incorrect:
C. An authoritative restore does not allow you to retain modifications made to Active Directory services since the tape backup was created.
D. Nonauthoritative
Correct:
D. A nonauthoritative restore will restore Active Directory services on the domain controller and allow the Active Directory replication system to update the restored data with newer data from your servers.
| Top of Page |
Last Updated: Friday, July 6, 2001