Microsoft 70-294

Ques on No: 1 You are the network administrator for ExamKing. Your network consists of a single Ac ve Directory forest that contains three domains. The forest root domain is named ExamKing.com. The domain contains two child domains named asia.ExamKing.com and africa.ExamKing.com. The func onal level of the forest is Windows Server 2003. Each domain contains two Windows Server 2003 domain controllers named DC1 and DC2. DC1 in the ExamKing.com domain performs the following two opera ons master roles: schema master and domain naming master. DC1 in each child domain performs the following three opera ons master roles: PDC emulator master, rela ve ID (RID) master, and infrastructure master. DC1 in each domain is also a global catalog server. The user account for ExamKing in the africa.ExamKing.com domain is a member of the Medicine Students security group. Because of a name change, the domain administrator of africa.ExamKing.com changes the Last name eld of Exams user account from King to Edwards. The domain administrator of asia.ExamKing.com discovers that the user account for Exam is s ll listed as ExamKing. You need to ensure that the user account for Exam Edwards is correctly listed in the Medicine Students group. What should you do?

A. Transfer the PDC emulator master role from DC1 to DC2 in each domain. B. Transfer the infrastructure master role from DC1 to DC2 in each domain. C. Transfer the RID master role from DC1 to DC2 on each domain. D. Transfer the schema master role from DC1 to DC2 in the ExamKing.com domain. Answer: B Explana on: Problems like this can occur when the Infrastructure master role is on the same domain controller as the Global Catalog. The infrastructure master updates the grouptouser reference whenever group memberships change and replicates these changes across the domain. The infrastructure master compares its data with that of a global catalog. Global catalogs receive regular updates for objects in all domains through replica on, so the global catalog data will always be up to date. If the infrastructure master nds that its data is out of date, it requests the updated data from a global catalog. The infrastructure master then replicates that updated data to the other domain controllers in the domain. Unless there is only one domain controller in the domain, the infrastructure master role should not be assigned to the domain controller that is hos ng the global catalog. If the infrastructure master and global catalog are on the same domain controller, the infrastructure master will not func on. The infrastructure master will never nd data that is out of date, so it will never replicate any changes to the other domain controllers in the domain. Transferring the Infrastructure master role to a dierent computer would resolve this problem. There is no reason to transfer any other master roles.

1 of 238

Microsoft 70-294

Incorrect Answers: A: The PDC Emulator is responds to Windows NT 4 BDCs. It also receives all new password and lockout informa on changes immediately for the en re domain. Neither of these func ons will ensure that the user account changes are updated in the domain. C: The RID Master keeps track of the alloca on RIDs to domain controllers to ensure that two domain controllers do not hand out the same SID. D: The Schema Master controls what is allowed in the Ac ve Directory directory.

Reference: Michael Cross, Jeery A. Mar n, Todd A. Walls, Mar n Grasdal, Debra Li lejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70294: Planning, Implemen ng, and Maintaining a Windows Server 2003 Ac ve Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 505509 Ques on No: 2 You are the network administrator for ExamKing. The network consists of a single Ac ve Directory domain with two sites. Each site contains two domain controllers. One domain controller in each site is a global catalog server. You add a domain controller to each site. Each new domain controller has a faster processor than the exis ng domain controllers. ExamKing requires Ac ve Directory replica on to ow through the servers that have the most powerful CPUs in each site. You need to congure the intersite replica on to comply with ExamKing requirement for Ac ve Directory replica on. What should you do?

A. Congure the new domain controllers as global catalog servers. B. Congure the new domain controller in each site as a preferred bridgehead server for the IP transport. C. Congure the new domain controller in each site as a preferred bridgehead server for the SMTP transport. D. Congure an addi onal IP site link between the two sites. Assign a lower site link cost to this site link than the site link cost for the original site link Answer: B Explana on: Directory informa on is replicated both within and among sites. Ac ve Directory replicates informa on within a site more frequently than across sites. This balances the need for uptodate directory informa on with the limita ons imposed by available network bandwidth. You customize how Ac ve Directory replicates informa on using site links to specify how your

2 of 238

Microsoft 70-294

sites are connected. Ac ve Directory uses the informa on about how sites are connected to generate Connec on objects that provide ecient replica on and fault tolerance. You provide informa on about the cost of a site link, mes when the link is available for use and how o en the link should be used. Ac ve Directory uses this informa on to determine which site link will be used to replicate informa on. Customizing replica on schedules so replica on occurs during specic mes, such as when network trac is low, will make replica on more ecient. Ordinarily, all domain controllers are used to exchange informa on between sites, but you can further control replica on behavior by specifying a bridgehead server for intersite replicated informa on. Establish a bridgehead server when you have a specic server you want to dedicate for intersite replica on, rather than using any server available. You can also establish a bridgehead server when your deployment uses proxy servers, such as for sending and receiving informa on through a rewall. Incorrect Answers: A: The global catalog is the central repository of informa on about Ac ve Directory objects in a tree or forest. The domain controller that holds a copy of the global catalog is called a global catalog server. The global catalog enables a user to log on to a network by providing universal group membership informa on to a domain controller when a logon process is ini ated, and enables nding directory informa on regardless of which domain in the forest actually contains the data. It does not control replica on. C: You can use either IP or SMTP as the protocol for replica on trac. However, SMTP replica on requires an Enterprise Cer ca on Authority (ECA) because Public Key encryp on and cer cates are used to verify iden ty of domain controllers and provide digital signatures. D: We can control the ow of replica on trac by crea ng a new site link with a lower cost. Replica on will then occur across the site link with the lower cost. However, this op on does not specify that the new site link must be between MainDC3 and BranchDC3.

Reference: Michael Cross, Jeery A. Mar n, Todd A. Walls, Mar n Grasdal, Debra Li lejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70294: Planning, Implemen ng, and Maintaining a Windows Server 2003 Ac ve Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, Chapter 6, pp. 453455 MS Windows Server 2003 Deployment Kit Designing and Deploying Directory and Security Services Ac ve Directory Replica on Concepts Ques on No: 3 The network consists of six Ac ve Directory domains. All servers run Windows Server 2003. Each oce is congured as a single domain. Each oce is also congured as an Ac ve Directory site. ExamKing uses an applica on server that queries user informa on from the global catalog. You install applica on servers in the main oce and in three branch oces. The network is congured as shown in the exhibit

3 of 238

Microsoft 70-294

. You monitor the WAN connec ons between the main oce and each branch oce and discover that the u liza on increased from 70 percent to 90 percent. Users report slow response mes when accessing informa on on the applica on server. You need to place global catalog servers in oces where they will improve the response mes for the applica on servers. You need to achieve this goal with a minimum amount of increase in WAN trac. In which oce or oces should you place a new global catalog server or servers? (Choose all that apply)

A. Berlin B. Rio de Janeiro C. New Delhi D. St Petersburg E. Cairo Answer: BCD Explana on: Because the applica on server queries Global catalog a ributes, we need to put one Global Catalog server in each site hos ng an applica on server; in this case Rio de Janeiro, New Delhi and St Petersburg. Incorrect Answers: A: Berlin does not host an applica on server and therefore does not require a Global Catalog Server.

Reference: Michael Cross, Jeery A. Mar n, Todd A. Walls, Mar n Grasdal, Debra Li lejohn Shinder & Dr. Thomas W. Shinder, MCSE: Exam 70294: Planning, Implemen ng, and Maintaining a Windows Server 2003 Ac ve Directory Infrastructure Study Guide & DVD Training System, Syngress Publishing, Rockland, MA, 2003, pp. 31, 505509.

4 of 238

Microsoft 70-294

Ques on No: 4 You are the network administrator for ExamKing. ExamKing has three oces. The network consists of a single Ac ve Directory domain with three sites. Each oce is congured as a separate site. ExamKing opens a new branch oce in Montreal that has 10 users. This oce does not contain a domain controller. The Montreal Oce has WAN connec ons to two of the exis ng oces. A router is installed at each of the four oces to route network trac across the WAN connec ons. The network a er the addi on of the Montreal Oce is shown in the exhibit

. You need to ensure that when the users in the Montreal oce log on the domain during normal opera ons, they will be authen cated by a domain controller in ExamKing Site2. What are two possible ways to achieve this goal? (Each correct answer presents a complete solu on. Choose two)

A. Create a new IP subnet object that includes the subnet used in the Montreal Oce. Link the new subnet object to the ExamKing Site2 site object. B. Create a new IP subnet object that includes the subnet used in the Montreal Oce.Link the new subnet object to the ExamKing Site3 site object. C. Create an addi onal site for the Montreal Oce. Congure a site link to ExamKing Site3 with a cost of 300. Congure a site link to ExamKing Site2 with a cost of 200. D. Create an addi onal site for the Montreal Oce. Congure a site link to ExamKing Site2 with

5 of 238