For A -> (There are 2 account domains, cant upgrade all DCs due to application programs)
For B -> (Need to upgrade the resource domains)
For C -> (recommended procedure)
For D -> (what about washington)
(The apps can still be supported on an nt4 BDC)
2. You need to design the group policy hierarchy that should be applied to a user in the human resources department for technical staff at the Boston research facility. In which order should you apply the Group Policy objects (GPO's)? (Trey Q2) a. Domain GPO, Boston site GPO, human resources GPO, Boston OU GPO. b. Boston site GPO, domain GPO, human resources GPO, Boston OU GPO. c. Boston site GPO, domain GPO, Boston OU GPO, human resources GPO. d. Domain GPO, Boston OU GPO, Boston site GPO, human resources GPO. Answer: c(Highest to lowest)
3. How should you implement the administration of group policy? (Select all that apply) (Trey Q3) a. Enable departmental administrators at each location to edit GPOs that apply to their departmental OU's. b. Enable domain administrators at each location to edit GPOs that apply to their departmental OU's. c. Enable departmental administrators to create Group Policy objects to link GPO's to sites, domains, and organizational units, and to edit site-level and domain-level GPO's. d. Enable domain administrators to create Group Policy objects to link GPO's to sites, domains, and organizational units, and to edit site-level and domain-level GPO's. Answer: a,dFor A -> (More granular)
For B -> (not delegated enough)
For C -> (to much control)
Enterprise administrators will be a small group contained in a separate top-level domain to manage the entire organization.
Domain administrators will be granted rights to the entire domain.
Branch administrators will be granted rights for operations at the physical locations.
Departmental administrators will have localized rights based on their specific roles.
The departmental and branch administrators of resource domains are not granted administrative rights for the corresponding account domains.
4. You must decide how many domains to create for Trey Research. What is the most important factor that you should consider when deciding whether to create more than one domain? (Trey Q4) a. The requirement that different companies have different account lockout policies. b. The number of resources in a domain. c. The requierment that each company has different available bandwidth. d. The number of users in a domain. Answer: a(no comments)
5. You upgrade the Trey Research client computers and domain controllers to Windows 2000 as planned. You must now choose the locations for the server services. Move each service to the appropriate location or locations. (Use all the server services. You might need to reuse server services) (Trey Q5)| Locations | Server Services |
|---|---|
| 1. Washington, D.C. | A. Global catalog |
| 2. Boston | B. DNS |
| 3. San Francisco | C. RID master |
| D. Schema Operations Master | |
| E. Infrastructure Operations Master | |
| F. PDC Emulator | |
| G. Domain Naming Master |
Before you begin note that a schema operations master and a domain naming master must remain in the first domain created (root)There can be only one per forest. There can be one Infra master, RID and PDC emulator per domain.The GC and Infra master must be on separate servers.An infra master is responsible for updating removal and addition of users to groups within the domain and the updates thereof to the other DC's
6. You need to grant permissions to a set of resources that are managed on three domain controllers in the Washington, D.C., facility. You need to grant these permissions to users at all facilities. What should you do? (Trey Q6) a. Create a domain local group in the local domain, and grant this group access to the resources. b. Create a universal group in the root domain, and grant this group access to the resources. Create one global group in the appropriate domain or domains, and add to this group the users who need access to the resources. Add the global groups to universal group. c. Create a security group in the local domain, and grant this group access to the resources. Create one global group in the appropriate domain or domains, and add to this group the users who need access to the resources. Add the global groups to the security group. d. Create a global group in the root domain, and grant this group access to the resources. Create onother global group in the appropriate domain or domains, and add to this group the users who need access to the resources. Add the secondary global group to first global group. Answer: a(Remember universal groups are replicated y the GC's, try and avoid them as much as needed)
7. Which change must you make to DNS to prepare for the implementation of Windows 2000? (Trey Q7) a. Provide DNS services that will support incremental zone transfers. b. Provide DNS services that will replace WINS services. c. Provide DNS services that will support SRV records. d. Provide DNS services that will support dynamic updates. Answer: cFor A -> (traffic issue)
The advertisment of services is vital for locating the domain controllers
8. How should you implement DNS naming strategy for Trey Research? (Trey Q8) a. Use the existing DNS infrastructure. Use four domains named treyresearch.com, corp.treyresearch.com, parnelli-aerospace.treyresearch.com and corp.parnelli-aerospace.treyresearch.com b. Upgrade the existing DNS infrastructure. Retain the current naming strategy. c. Use the existing DNS infrastructure. Use two domains named treyresearch.com and parnelli-aerospace.treyresearch.com. d. Upgrade the existing DNS infrastructure. Use three domains named treyresearch.com, corp.treyresearch.com, and parnelli-aerospace.treyresearch.com. Answer: d(The standard structure is not sufficient, upgrade is imenent, ruling out A and C)
For B -> (Consolidation is required where possible)
9. How should you design the DNS for Trey Research? (Trey Q9) a. Retain the existing UNIX DNS service. Plan your DNS scheme independent of your Active Directory plans. b. Retain the existing UNIX DNS service. On this service, configure the zones required for Windows 2000. c. Upgrade the existing UNIX DNS service. On this service, configure the zones required for Windows 2000. d. Upgrade the existing UNIX DNS service. Plan your DNS scheme independent of your Active Directory plans. Answer: c(Upgrades are needed ruling out A and B)
For C -> (needed as no dynamic updates)
For D -> (Silly, DNS is vital for AD resolution)
1. Which two Adatum Corporation business factors should influence your Active Directory naming strategy? (Adatum Q1) a. Number of users b. Possible sale of Adatum Corporation name. c. Avaliable bandwith. d. Expected rate of growth. e. Cost of bandwith f. Organizational Unit hierarchy. Answer: b,fFor B -> (Separate web and internal names)
For F -> (Administration delegation)
2. Which Adatum Corporation business factor necessitates a multiple domain Active Directory design? (Adatum Q2) a. Requiring local IT staff to maintain local resources. b. Need for differing security policies. c. Individual infrastructure management control at the New York and Sydney offices. d. Need to minimize downtime. Answer: bFor A -> (can be done with ous)
For B -> (Requires domains esspecially password)
For C -> (Could be done with ous)
For D -> (silly)
3. You are designing Adatum Corporation's OU hierarchy. Which business factors should have the most influence on your design? (Adatum Q3) a. Number of users per Facility b. Expected Growth Plans c. Departments d. Regional Security Differences e. Wan Topology f. Internet Presense g. 24-Hour Global Collaboration Answer: cFor A -> (not sufficient users to limit)
For B -> (ous are scalable)
For C -> (Delegate password resets etc....for 8 departments)
For D -> (Domains)
(there are a total of 7 choices in the real exam)
4. Adatum Corporation is considering using the domain names listed below in a design that uses only the default Windows 2000 Trusts. Identify the Kerberos re-ferral path that is traversed when a user in newyork.west.adatum.com accesses resources located in sydney.east.adatum.com. Move the appropriate domain names to the trust path list and arrange them in correct order. (Use only domain names that apply.) (Adatum Q4)| Location | Trust Path List Possible Domain Names |
|---|---|
| A. Adatum | 1. adatum.com |
| B. West | 2. west.adatum.com |
| C. East | 3. east.adatum.com |
| D. New York | 4. newyork.west.adatum.com |
| E. Sydney | 5. london.west.adatum.com |
| 6. sanjose.west.adatum.com | |
| 7. sydney.east.adatum.com | |
| 8. bangkok.east.adatum.com | |
| 9. newdehli.east.adatum.com |
The biggest question is do we bypass adatum.com and do we need to trust the source domain ie New York
Shortcut trusts:
Before an account can be granted access to resources by a domain controller of another domain, Windows 2000 must determine whether the domain containing the desired resources (target domain) has a trust relationship with the domain in which the account is located (source domain). To make this determination for two domains in a forest, Windows 2000 computes a trust path between the domain controllers for these source and target domains. A trust path is the series of domain trust relationships that must be traversed by Windows 2000 security to pass authentication requests between any two domains. Computing and traversing a trust path between domain trees in a complex forest can take time, which can be reduced with shortcut trusts. Shortcut trusts are two-way transitive trusts that enable you to shorten the path in a complex forest. You explicitly create shortcut trusts between Windows 2000 domains in the same forest. A shortcut trust is a performance optimization that shortens the trust path for Windows 2000 security to take for authentication purposes. The most effective use of shortcut trusts is between two domain trees in a forest.
As We were told to use the standard trusts shortcut trusts dont apply.
For B -> ((full path reqired)
For C -> (silly)
For D -> (includes 9 that is not usable)
5.You are considering the following domain hierarchy for Adatum Corporation:| east.adatum.com | west.adatum.com |
|---|---|
| bangkok.east.adatum.com | newyork.west.adatum.com |
| newdelhi.east.adatum.com | london.west.adatum.com |
| sydney.east.adatum.com | sanjose.west.adatum.com |
There is a one-to-one relationship between sites and locations. A domain is associated with only one location. Additionally, adatum.com and west.adatum.com will be managed in the New York location.
How should you design the server services at the New York location? (Adatum Q5)
a. One schema operations master, one domain naming master, nine domain controllers, two global catalog servers and three PDC emulators. b. One schema operations master, three domain naming master, three domain controllers, three global catalog servers and three PDC emulators. c. One schema operations master, one domain naming master, six domain controllers, two global catalog servers and three PDC emulators. d. One schema operations master, six domain naming master, six domain controllers, six global catalog servers and six PDC emulators. Answer: cOne schema operations master, one domain naming master must remain in the first domain. --> So Answers B and D are invalid.
Global catalog and infra master must be on different servers. For fault tolerance a minimum of two servers is required per domain (that takes us to 12 DC's, just for the west). It is then safe to assume fault tolerance is not the main issue of the question. (10 Dcs is a minimum for entire organization)
6. Adatum Corporation decides to enter into a joint venture with one of the vendors. This venture will result in the creation of a third company that will require its own Internet presence. Systems administration duties for the new company will be shared equally by Adatum Corporation and vendor. Adatum Corporation and vender currently have separate Active Directory forests. Which modifications should you make to Active Directory to support the joint venture requirements? (Adatum Q6) a. Create a new domain for the new company. Create this domain as a subdomain of the forest root for Adatum Corporation forest. b. Create a new tree for the new company. Create this tree in the vendor's forest. c. Create a new tree for the new company. Create this tree in Adatum Corporation's forest. d. Create a new forest for the new company. Assign appropriate trusts between Adatum Corporation's forest and the new forest. Answer: dEmphasis on own internet presence. Adatums web presence is a separate issue as they wish to sell etc. Assume the new company requires the same web presence as company name (note joint venture not merger with Adatum)
For A -> (more appropriate for a merger)
For B -> (and achieve absolutely nothing, why not)
For C -> (new tree, same forest equals same web DNS structure)
For D -> (yes)
7. A proposed design for Adatum Corporation is shown below:| San Jose Site | New York Site |
|---|---|
| sj1 -- west.adatum.com | ny1 -- west.adatum.com -- (User) |
| sj2 -- west.adatum.com | ny2 -- west.adatum.com |
| sj3 -- west.adatum.com -- (Bridgehead) | ny3 -- west.adatum.com -- (Bridgehead) |
The servers are named SJ1, SJ2, SJ3 and NY1, NY2 and NY3. SJ3 and NY3 are bridgehead servers. You want to create a new user on NY1. You must identify the steps for default replication of that user to every domain controller in the New York and San Jose sites.
Given this proposed design, move the replication steps needed to achieve this goal to the list of steps and arrange them in correct order. (Choose only replication steps that apply.) (Adatum Q7)
| Ordered List of Replication Steps | Possible Replication Steps |
|---|---|
| 1. Create the user | |
| 2. NY1 notifies its replication partner or partners | |
| 3. NY1 sends data to SJ3 | |
| 4. NY2 and NY3 begin pull replication from NY1 | |
| 5. NY3 notifies its replication partner or partners | |
| 6. NY3 sends data to SJ3 | |
| 7. SJ1 and SJ2 begin pull replication from SJ3 | |
| 8. SJ3 notifies its replication partner or partners | |
| 9. SJ3 begins to pull replication from NY3 |
"the important thing to note in the question is that data is automatically pushed between bridgehead servers", unless a latency period has been specified.To control traffic, DCUSNs are also compared between each DC in the current domain first.
In summary, a site link directs information arbitrarily to any domain controller in a site. Establishing a bridgehead server provides some ranking or criteria for choosing which domain controller should be preferred as the recipient for inter-site replication. This bridgehead server then subsequently distributes the directory information via intra-site replication.
You provide information about the cost of a site link, times when the link is available for use and how often the link should be used. Active Directory uses this information to determine which site link will be used to replicate information. Customizing replication schedules so replication occurs during specific times, such as when network traffic is low, will make replication more efficient.Within a site, each domain controller has the potential to act as a bridgehead server if needed. If you specify one or more computers to be preferred bridgehead servers, only a single domain controller acts as the bridgehead server at any given time. Although Active Directory does select another preferred bridgehead server for use in the event of failure, while this rerouting takes place, there is a period of time in which no inter-site replication will occur.
Replication follows a simple "Notify-Pull-Notify-Pull" pattern. Here are the replication steps you must follow:
| Active Directory Design Components | Business Factors |
|---|---|
| 1. Forests | A. Each resort must have independent control. |
| 2. Sites | B. Resort administrative control is divided among five departments. |
| 3. Number of domains | C. All member logon requests must avoid using the WAN line. |
| 4. OUs | D. It must be easy to move a member's user object from one resort to another resort. |
| 5. Security Group membership | E. Directory replication cannot be scheduled during times of peak usage. |
| F. There are many employee positions at each resort. |
A --- 1 (Forests determine independancy)
B --- 4 (Ous can be represented by departments)
C --- 2
D --- 4
E --- 2 (the purpose of sites)
F --- 5
Supported MOVETREE Operations
The following operations are supported with the MOVETREE utility:
- Move an object or a nonempty container to a different domain. Valid only within the same forest.
- Move Domain Local and Global groups between domains without members and within domains with members. Valid only within the same forest.
- Move Universal groups with members within and between domains. Valid only within the same forest.
Unsupported MOVETREE Operations:
- Local and Domain Global groups that contain members. Universal group memberships remain intact so that security is not compromised. Associated object data. This includes group policies, user profiles, logon scripts, users' personal data, encrypted files, smart cards, and public key certificates. Group policies would need to be applied to the users, groups, or computers. New smart cards and certificates would need to be issued from the Certificate Authority in the new domain. Use additional scripts or management tools, such as the Remote Administration Scripts, in conjunction with MOVETREE, to perform these additional steps.
2. How should you design the domain and forest structure for the members? (GBC Q2) a. Use the generalbusinessconsultants.com for the forest root and a single domain. b. Add a DNS zone named members to each unique resort DNS name. Create a separate Active Directory tree in each resort forest. c. In the generalbusinessconsultants.com forest, create a separate Active Directory tree for each resort. d. Add a DNS zone named members to each unique resort DNS name. Create a separate Active Directory forest for each resort. Answer: a(members = GBC not resort employees and must be independant of the resorts) (Members log on to one big GBC domain)
3. Which General Business Consultants business need or needs should you implement by using GPO's? (Choose all that apply) (GBC Q3) a. Configure the desktop settings for the resort employees. b. Automatically assigning IP addresses to wireless devices. c. Updating the software on the kiosks. d. Configuring user logon requests to avoid using the WAN line. Answer: a,cFor A -> (As per requiremnts, resort specific)
For B -> (Whatever)
For C -> (touchscreens, WDM complient drivers)
For D -> (would place GC's locally, better choice)
4. Resort employees must be able to update member records. Which trust relationship should you configure between the member domain and each resort domain? (GBC Q4) a. Default trust b. Two-Way transitive trust c. One-Way trust, where resort trusts member d. One-Way trust, where member trusts resort Answer: dFor A -> (two way, not required)
For B -> (default)
For C -> (Wrong way)
For D -> (User accounts will be located at GBC S. Jose = members)
5. You must implement DNS services for one of the resorts which set or sets of steps should you perform? (Choose all that apply) (GBC Q5) a. Install Microsoft DNS server on two servers, configure a sub-domain of the resort's Internet domain. b. Install Microsoft DNS server on two servers, configure a sub-domain of the generalbusinessconsultants.com zone. c. Install Microsoft DNS server on two servers. Use these servers for the generalbusinessconsultants.com zone that is integrated into AD. d. Upgrade the resort's existing DNS services to support Active Directory SRV records. e. Migrate the resort's top-level domain to Microsoft DNS server. Answer: a,cFor A -> (a separate web presence is required, and internal domain is possible)
For B -> (Lets hope the 3rd party DNS zones want to be integrated)
For C -> (leads off A, two for fault tolerance)(Emphasis on "that is ", implying the sub domain)
For D -> (what about DDNS)
For E -> (Sure...your ISP wont mind!!)
6. You need to design a DNS domain and forest structure that meets the internal needs of the resorts. What should you do? (GBC Q6) a. Create a DNS zone named AD as a sub-domain of the resort's existing Internet domain name. Assign this domain name to the Active Directory forest root. b. Create a DNS zone named generalbuisnessconsultants. Use the zone as a delegate to the resort's Internet domain name. Assign this domain name to the Active Directory forest root. c. Create a DNS zone that has the same name as the resort. Use this zone as a delegate to generalbusinessconsultats.com. Add this domain name to the generalbusinessconsultats Active Directory forest. d. In the generalbusinessconsultats.com domain, create a sub-domain that has the same name as the resort. Use this zone as a delegate to the generalbusinessconsultats.com. Assign this domain name to the Active Directory forest root. Answer: aFor A -> (Yeah baby, 1 domain for the net and one internal)
For B -> (delgated zone, from the ISP DNS ...ok?)
For C -> (Resorts and members are different domains and entities)
For D -> (As per C)
(AD: "Resort".com)
7. You must decide how many Windows 2000 Server computers you need to host the domain controllers and global catalog servers for phase 1 of the General Business Consultants implementation plan. What is the minimum number of servers that you should use? (GBC Q7) a. 15 b. 20 c. 25 d. 27 e. 33 Answer: d6 resorts = 6, 1 extra for fault tolerance per domain = 12
6 members= 6 add 1 extra each = 12
1 x schema master
1 x GC at IT HQ
1 x infra master (can't be same as GC)
12+12+1+1+1 = 27
8. You need to choose the top-level OU that will support a resort's internal business requirements. Which top-level OU should you use? (GBC Q8) a. Job positions b. Resorts c. Departments d. User, computer, printer, kiosk, and file share objects Answer: cFor A -> (lower level)
For B -> (Domains)
For C -> (top ous)
For D -> (lowerlevel)
9. How many forests should you create for phase 1 of the General Business Consultants implementation plan? (GBC Q9) a. 1 b. 2 c. 6 d. 7 e. 13 Answer: dmembers.GBC.Com (Employees)=1 6x AD."resort".Com (Resorts, independant)=6
1+6=7
10. You are deciding how you should support the requirements of the General Business Consultants members, resort employees, and resort departments. You need to decide which technologies are the most appropriate to meet the requirements of each group. Move each technology to the most appropriate group. (Use all technologies. Use each technology only once) (GBC Q10)| Groups | Technology |
|---|---|
| 1. Resort Employees | A. Unique schema |
| 2. Members | B. Intrasite replication |
| 3. Resort departments | C. Delegated Administrative rights |
| D. Intersite replication |
resort employees = intrasite replication (local only)
members = intersite replication(logon anywhere) & unique schema (as per story)
resort departments = Delegated administrative rights (as per story)
11. You need to configure replication for General Business Consultants. Which two steps should you take? (Choose Two) (GBC Q11) a. Set the interval to 180 minutes. Set the schedule to 1:00 A.M. to 6:00 A.M. local time at each resort. b. Create Intrasite links between the member and resort domain controllers that are located at each resort. c. Set the interval to 60 minutes. Set the schedule to 11:00 A.M. to 4:00 P.M local time at each resort. d. Create Intrasite links on the member domain controllers that are located at each resort and at the San Jose IT center. e. Create inter-forest RPC connections between the resort and member forests. Answer: a,dFor A -> (Good time for replication)
For B -> (you do not want replication between members and resorts)
For C -> (Avoid during peak usage, like normal office hours)
For D -> (specific links ensures replication locally is optimised by using the specified servers only, due to LAN bandwidth needs or Hardware specs)
For E -> (as per B)
(I am assuming either D is a typo and should read Intersite, or they are reffering to explicit replication partners. Dont like D if it is intrasite as it there is not enough info to support the need, but must choose 2, so D it is) (To confirm D does infact read Intersite)
12. You must decide how many forests General Business Consultants should use. Which business or technical factor or factors should influence your decision? (Choose all that apply) (GBC Q12) a. All member logon requests must avoid using the WAN line. b. Both smart-card authentication and password authentication will be used for security. c. Each resort will want to be able to add applications that might uniquely change the Directory schema of its internal operating domain. d. It will not be necessary for employees of one resort to access information about employees of another resort. e. Membership will exceed 2 million. f. The resorts do not want General Business Consultants or any other resort to have any authority to change user permissions for their employees g. Directory replication cannot be scheduled during times of peak usage. Answer: c,d,fFor A -> (Domains)
For B -> (Replication)
For C -> (A schema is forest specific)
For D -> (Forests allow independance and the need for resource access if required)
For E -> (Who cares)
For F -> (As per D, could be delegated though, forest are a good method to ensure independancy, give them their own forest )
For G -> (Sites)
NOTES:
Determining the Number of Forests for Your Network
Creating a Single Forest Environment
A single forest environment is simple to create and maintain. All users see a single directory through the global catalog, and do not need to be aware of any directory structure. When adding a new domain to the forest, no additional trust configuration is required. Configuration changes only need to be applied once to affect all domains.
Creating a Multiple-Forest Environment
If administration of your network is distributed among many autonomous divisions, it might be necessary to create more than one forest.Because forests have shared elements, such as schema, it is necessary for all the participants in a forest to agree on the content and administration of those shared elements. Organizations such as partnerships and conglomerates might not have a central body that can drive this process. In short-lived organizations like joint ventures, it might not be realistic to expect administrators from each organization to collaborate on forest administration.
It might be necessary to create more than one forest if individual organizations:
- Do not trust each other's administrators.
- Cannot agree on a forest change policy.
- Want to limit the scope of a trust relationship.
- Incremental Costs for an Additional Forest
- Each forest you create incurs a fixed management overhead as follows.
Some features that are available within a forest are not available between forests, such as the following:
- You can only use default UPNs if a user account is in a different forest than the computer being used for logging on. Default UPNs are required because a domain controller in the computer's forest will not find a user account with a matching UPN in the global catalog. The user account appears in the global catalog of a different forest. The domain controller handling the logon must then use the
- Logging on using a smart card relies on a user principal name. Default UPNs must be used for a cross-forest logon process that uses smart cards to work.
- You can move security principals between domains in the same forest, but they must be cloned between domains in separate forests. Cloning is not as transparent to an end user as moving a user between domains. For more information about cloning, see "Determining Domain Migration Strategies" in this book. (Yes read it also - very important stuff) In cases where it is not important for all users to have a consistent view of the directory, it might be appropriate to have multiple forests. For example, consider a company such as an Internet service provider (ISP) that hosts Active Directory on behalf of several companies. The users in the different client companies have no reason to share a consistent view of the directory. Additionally, there is no reason to have a transitive trust relationship between the companies. In this case, maintaining separate forests is useful and appropriate.
1. You must decide how your active Directory design will be affected by the factors that influence Hiabuv Toys business strategies. Move each business factor to the Active Directory design component that it most influences. (Use all business factors. Use business factors only once.) (Hiabuv Q1)| Active Directory Design Factors | Components Business Factors |
|---|---|
| 1. Forest design | A. Hiabuv Toys is acquiring Wide World Importers |
| 2. Site Design | B. The Montreal office will be permanently closed |
| 3. Domain Design | C. The European offices will operate independently of the North American offices. |
| 4. Organization Unit design | D. IT support tasks will be performed at the North American and European technical support centers. |
| E. Manufacturing facilities are being built in Germany |
A ---> 1 (separate web presence)
B ---> 4 (Separate issue for future replication, to be taken over by Toronto)
C ---> 3 (separate GPOs can be assigned with domains)
D ---> 4 (delegation)
E ---> 2 (will be part of HIABEU, replication-sites more important) 2. Engineering users want to be able to continue to administer their own resources after the Windows 2000 implementation. What should you do to enable this goal? (Hiabuv Q2)
a. Create a domain for the engineering department. Create an engineering organizational unit. Grant the engineering department complete administrative control of its OU. Move computer and user objects into the domain. b. Create a domain for the engineering department. Locate this domain on the same level as the North America domain. Grant the engineering department complete administrative control of its domain. Move computer and user objects into the domain. c. Create a separate OU for the engineering department. Locate this OU in the North America domain. Grant the engineering department complete administrative control of its OU. Move computer and user objects into the OU. d. Create a separate forest for the engineering department. Grant the engineering department complete administrative control of this forest. Move computer and user objects into the forest. Answer: cFor A ->(being removed)
For B -> (As per A)
For C -> (HIABNA took over HIABENG previuosly, would be a good place to put it)
For D -> (Separate forest means a separate domain, not wanted)
3. You must integrate Europe and North America in AD. What should you do? (Hiabuv Q3) a. Create one forest for Hiabuv Toys. Create a sub-domain for each site. b. Create one forest and one domain for Hiabuv Toys. Name the domain hiabuvtoys.com. Create a Europe OU. Locate this OU in hiabuvtoys.com. c. Create one forest for Hiabuv Toys. Create one sub-domain each for Canada, the US, Mexico and Germany. d. Create one forest for Hiabuv Toys. Create one domain for Europe and one domain for North America. Answer: d(Refering to HIABNA and HIABEU)
For A -> (HIABNA is not a site, the locations are)
For B -> (Separate password GPOs are required)
For C -> (Expands on the existing structure, does not consolidate)
4. After the Montreal office is permanently closed, how many sites should you use for the hiabuvtoys.com domain tree? (Hiabuv Q4) a. 12 b. 13 c. 14 d. 15 Answer: c9 from the USA, 1 from Canada (excludes MONT), 1 from Europe, 1 from Mexico, 1 from Frankfurt and 1 for Detroit
9+1+1+1+1+1=14
5. Which server roles should you implement for Hiabuv Toys? (Hiabuv Q5) a. One schema operations master, one domain-naming master, one RID master, one PDC emulator, one infrastructure operations master. b. One schema operations master, one domain-naming master, two RID master, two PDC emulator, two infrastructure operations master. c. One schema operations master, one domain-naming master, three RID masters, three PDC emulator, three infrastructure operations master. d. One schema operations master, one domain-naming master, four RID masters, four PDC emulator, four infrastructure operations master. Answer: bEurope.hiabuvtoys.com - only 2 domains are our concern
Northamerica.hiabuvtoys.com
Both of these domains are child domains of an unpopulated hiabuvtoys.com forest root domain
1 schema master per forest/enterprise
1 domain naming master per enterprise
1 pdc emulator per domain
1 RID per domain
1 Infra per domain
1 GC per location
6. After the Windows 2000 implementation is complete, which domain name or names should you use in the internal DNS for Hiabuv Toys? (Choose all that apply) (Hiabuv Q6) a. Oklahomacity.hiabuvtoys.com b. Europe.hiabuvtoys.com c. Boston.hiabuvtoys.com d. Chicago.hiabuvtoys.com e. Northamerica.hiabuvtoys.com Answer: b,eFor A -> (site)
For C -> (Site)
For D -> (site)
7. Which factor or factors should you consider when designing the domain naming strategy for Hiabuv Toys? (Choose all that apply) (Hiabuv Q7) a. Local administrators will perform basic account administration. b. The company wants to implement separate security policies for Europe and North America. c. The WAN line to Europe will be upgraded. d. The company wants to have an Internet presence. Answer: b,dFor A -> (Ou delegation)
For B -> (yes)
For C -> (Will still remain in a separate domain)
For D -> (External and internal Domain names)
8. You must decide whether to place Europe in AD as a domain or as an OU. Which factor should most influence your decision? (Hiabuv Q8) a. Available WAN bandwidth b. Geographic distribution c. The company's plans for expansion in Europe. d. The current and proposed IT administrative structures and security policies in Europe Answer: dFor A -> (sites)
For B -> (Sites, wan links)
For C -> (scalable)
For D -> (passwords)
9. You must design the site topology for Hiabuv Toys. Which factor or factors should have the most influence on your design? (Choose all that apply) (Hiabuv Q9) a. The existing DNS naming structure b. Number of locations c. Cost of WAN bandwidth d. Available WAN bandwidth e. Number of departments Answer: b,dFor A -> (not site related)
For B -> (yes)
For C -> (There was no mention of cost issues at present)
For D -> (Yes, the fact that it is minimal does not stop you from planning the sites according to bandwidth supported)
For E -> (OUs)
They clearly state bandwidth usage is minimal. With the introduction of AD the GCs on the DC's will be doing a little more talking. Sites minimize cost by using schedules anyway.
10. What should you do to prepare for the transfer of employees from the Montreal office to the Toronto office? (Hiabuv Q10) a. Create separate domains for Montreal and Toronto. Move the Users account to the Toronto domain when the Montreal domain is removed. b. Create separate forests for Montreal and Toronto. Move the Users account to the Toronto domain when the Montreal domain is removed. c. Create separate OUs for Montreal and Toronto. Move the Users account to the Toronto OU when the Montreal OU is removed. d. Create separate OUs for Montreal and Detroit. Move the Users account to the Detroit OU when the Montreal OU is removed. Answer: c(A and B are silly and dont tie in with the AD structure)
For C -> (the most logical option)
For D -> (Lets keep things local)
(They also clearly state Toronto will be the drop zone)
11. Which strategy should you use to integrate Worldwide Importers to Hiabuv Toys in the Active Directory Structure? (Hiabuv Q11) a. Create a forest for Hiabuv.com. Integrate WorldwideImporters.com into existing forest b. When acquisition of Worldwide Importers is complete, register one new domain name c. Create a forest for Hiabuv.com. Create a second forest for WorldwideImporters.com d. In Hiabuv.com create a subdomain for WorldwideImporters. Answer: cBoth companies are developing schema aware software that will modify the schema. The software will work independently from each other.
1. You must decide how your Active Directory design will be affected by the factors that influence the business strategies of ProseWare Corporation. Move each business factor to the appropriate component in your Active Directory design. (Use all business factors. Use each only once) (PWC Q1)| Active Directory Design Components | Business Factors |
|---|---|
| 1. Forest structure | A. Availability of IW shares from the corporate customer domains. |
| 2. Site Structure | B. Classification of information workers into occupational roles and administration of IW's by ProseWare Corporation employees. |
| 3. Domain structure | C. Unique authentication requirements of IW's |
| 4. Organizational unit structure | D. Existing WAN connectivity and utilization rates |
| 5. Explicit trust relationships | E. Division of ProseWare Corporation into departments |
| F. Schema modification policy |
A ---> 5 (needed for access)
B ---> 4 (delegation)
C ---> 3 (domain specific)
D ---> 2 (sites = replication)
E ---> 4 (Domains used for locations, department = OU's)
F ---> 1 (forest specific)
2. How many forests and domains should you create for ProseWare Corporation? (PWC Q2) a. One forest and three domains b. Two forests and three domains c. Three forests and five domains d. Four forests and four domains. Answer: aResource(1 domain).pw_master(1domain).corp(1 domain).(prosware.com(internet))
3. How many sites should you create for ProseWare Corporation? (PWC Q3) a. 1 b. 2 c. 4 d. 6 Answer: cNew York, Chicago, LA, Atlanta
4. Which ProseWare Corporation planned upgrade will require you to modify the schema? (PWC Q4) a. Smart cards and PKI certificates will be implemented. b. The two corporate customers will want to be able to view the ProseWare Corporation file shares in their own global catalogs. c. The existing Windows NT domains will be consolidated and upgraded. d. Microsoft Exchange 5.5 will be upgraded to 2000. Answer: dFor A -> (Exchange 2000 will allow this, the schema would have already been changed)
For B -> (they can view them, and are already AD integrated, dont need to save them or modify their attributes)
For C -> (standard)
(Any installation or upgrade of exchange extends the schema of the users attributes eg emails address, exchange tasks etc)
(There is also the corrolation of groups and DLs)
5. Which task(s) must you perform to implement the required Windows 2000 design for ProseWare Corporation? (Choose all that apply) (PWC Q5) a. Create two explicit one-way trust relationships. Configure these trusts so that the ProseWare Corporation IW domain trusts a domain in each of the two corporate customer forests. b. Create two one-way trust relationships. Configure these trusts so that a domain in each of two corporate customer forests trusts thee ProseWare Corporation IW domain. c. Create shortcut trust between the employee domain and the IW domain. d. Create sites and Intersite replication schedules for NY, Atlanta, and Los Angeles. e. Install domain controllers in NY, Atlanta, and LA f. Configure DNS and Global Catalog services in NY, Atlanta, and LA g. Set replication schedules between ProseWare Corporation and the corporate customer forests. h. Integrate DNS into Active Directory. i. Move the infrastructure operations master that is on the domain controller to a domain controller that is not hosting a global catalog. j. Create transitive trusts between ProseWare Corporation and two corporate customer forests. k. Request that ProseWare Corporation file share objects be added to the corporate customers' global catalogs. Answer: a,d,e,f,h,i,kFor A -> (allows acces into prosware)
For B -> (Nulled by A)
For C -> (Not in the same forest, need access via root)
For D -> (Replication for AD)
For E -> (Local GC's, for local logon and queries)
For F -> (local queries resolved)
For G -> (separate forests, different schemas)
For H -> (Automatic)
For I -> (Standard procedure, required if more than one DC installed or else changes wont be replicated)
For J -> (Separate entities require explicit trusts)
For K -> (Beter faster accesss, only the pointers though)
6. You need to migrate ProseWare Corporation's existing Windows NT domains into Active Directory. Move the tasks needed to achieve this goal to the migration plan, and arrange them in the correct order. (Use only tasks that apply) (PWC Q6)| Migration Plan | Possible Tasks |
|---|---|
| 1.______________________ | A. Move users from the PW_MASTER domain to the resource domain at there location. Upgrade the PW_MASTER PD to Windows 2000, and create the Active Directory root domain. Upgrade each resource domains PDC to Windows 2000, creating a separate child domain for each location. |
| 2.______________________ | B. Upgrade all of the BDCs of each NT 4 domain to Win2k domain controllers. |
| 3.______________________ | C. Create a new NT 4 domain and add to this domain user accounts for each IW. Migrate the WinNT domain to Win2k. Create an explicit transitive trust relationship between the employee domain and the corporate customer domain. |
| D. Upgrade the PW_Master PDC to Win2k, creating a Win2k domain all employee user accounts. Attach this domain to the root domain. | |
| E. Upgrade the Win NT 4 resource domain PDCs to Win2k, designating each as a child domain of the employee domain. Create new OU's in the employee domain. Move the computer security groups and other security groups into the new OU's. Decommission the child domains. |
First eliminate the wrong Possible Tasks:
A. Move users from the PW_MASTER domain to the resource domain at there location. Upgrade the PW_MASTER PD to Windows 2000, and create the Active Directory root domain. Upgrade each resource domains PDC to Windows 2000, creating a separate child domain for each location.
C. Create a new NT 4 domain and add to this domain user accounts for each IW. Migrate the WinNT domain to Win2k. Create an explicit transitive trust relationship between the employee domain and the corporate customer domain.
Leaves us with BDE, now the correct order.
1 ----> D (need to upgrade account domain first)
2 ----> E (Then resource domains)
3 ----> B (Then remaining BDC's)
(I would like to have seen decomission as the last part of B, Lets assume the BDCs were taken off line.)
(To confirm. the question stands as is)
7. Which step or steps should you take to design the DNS structure and the AD domains? (Choose all that apply) (PWC Q7) a. Create a subzone for each ProseWare Corporation location. b. Create a subzone for any necessary child domains of the proseware.com tree. c. Create a forest root named corp.proseware.com d. Create a subzone for any necessary child domains of the corp.proseware.com tree. e. Create a forest named proseware.com Answer: c,dFor A -> (locations are OU's)
For B -> (Corp.etc is the root. The ISP also won't be to happy)
For C -> (need a root)
For D -> (need DNS resolution coming through the root)
For E -> (The internet name)
8. Which requirement should affect your domain migration strategy? (PWC Q8) a. Schedule for employee client computer upgrades to Win2k Prof. b. Maintaining employee accounts and passwords c. Protecting the current domain structure d. Maintaining IW (Information Worker) accounts and passwords Answer: bFor A -> (Can support pre windows clients with PDC emulators)
For B -> (always the highest priority)
For C -> (Flat as apposed to DNS integrated)
For D -> (Trusts)
9. What should you use as the top level OU's for PWC employees? (PWC Q9) a. Business Administration, HR, IT, Marketing, Consulting b. NY, Chicago, Atlanta, LA c. employees, recruiting, IW, accounting, corporate customers, Project d. user objects, computer objects, printer objects, file sharing objects Answer: a(not any comments)
1. Which goal is accomplished as a direct result of an upgrade to Windows 2000 Active Directory? (Fabricam Q1-1) a. increased control and increased capability to standardize applications and computer configurations throughout the company b. online availability of data for vendors and customers c. automated paper-based business processes d. reduction of the total cost of ownership of IT systems during the first year after the upgrade e. increased security for existing client computers Answer: aFor A -> (Emphasis on capability not concern of implemenation.Delagation, MSI's and OUS.)
For B -> (No web connection mentioned)
For C -> (No use of MSI for apps mentioned, although capable)
For D -> (Slow upgrade, nervous, not specific, TCO will only show later)
For E -> (No Ipsec or encryption mentioned, although capable)
2. The database administrator for the human resources department attempts to upgrade the SAP application that will integrate with Active Directory and add new classes. The installation fails. What is the most likely cause of this failure? (Fabricam Q1-2) a. The administrator trying to install the application is not in the Schema Administrators group. b. The administrator trying to install the application does not have permissions to create Group Policy objects (GPOs) c. The administrator trying to install the application is not in the Domain Administrators group for the local domain d. The administrator trying to install the application is not in the Enterprise Administrators group. e. The service account for the application is not a part of the Enterprise Administrators group. Answer: a(New classes echo New Schema!)
For A ->(Group required to make changes to the Schema, also for Echange 5.5 AD connector. The application requires changes to be made to the standard AD schema)
For B ->(GPO's not relevant to SAP classes)
For C ->(Not Sufficient, needs to be the first installation administrator)
For D ->(As Above)
For E ->(Service accounts are used for bootup and logon procedures ie log as part of the system.The service account may also be used for alterations later on. More commonly you would find a service account and a separate installation account)
3. How should you design the sites and site links for Fabrikam, Inc.? (Choose one of the following five answer choices.) (Fabricam Q1-3) a. Create one site each for Atlanta, Dallas, and Phoenix. Create SMTP site links between Atlanta and Dallas and between Dallas and Phoenix. Between Atlanta and Dallas, schedule the links to replicate from 12:00 midnight to 2:00 A.M. Dallas local time. Between Dallas and Phoenix, schedule the links to replicate from 3:00 A.M. to 5:00 A.M., Dallas local time. b. Create one site each for Atlanta, Dallas, and Phoenix. Create SMTP site links between Atlanta and Dallas and Phoenix. Between Atlanta and Dallas and between Dallas and Phoenix, schedule the links to replicate from 2:00A.M. to 4:00 A.M., Dallas local time. c. Create one site each for Atlanta, Dallas, and Phoenix. Create IP site links between Atlanta and Dallas and between Dallas and Phoenix. Between Atlanta and Dallas, schedule the links to replicate from 12:00 midnight to 2:00 A.M., Dallas local time. Between Dallas and Phoenix, schedule the links to replicate from 3:00 A.M. to 5:00 A.M., Dallas local time. d. Create one site each for Atlanta, Dallas, and Phoenix. Create IP site links between Atlanta and Dallas and between Dallas and Phoenix. Between Atlanta and Dallas and between Dallas and Phoenix, schedule the links to replicate from 2:00 A.M., Dallas local time. e. Create one site that will contain all three locations. Answer: dSmtp uses 80 % more bandwidth than IP. Rule out A and B. The major difference between answer C and D is the hours of replication. The time difference between locations would result in replication occuring during business hours if you used Answer C. Remember, two shifts per day on an average 9 to 5 day and then a shift for the evening.
(Smtp can and should be used for unreliable or slow connections. There was not enough info to state the lines were bad, nor what their oppinion of a slow line is.)
(12 1am 2 3 4 5 6 7)open for rep (8 9 10 11 12 1pm 2 3 4 5 6 7 8 9 10 11) Buss. hrs
4. Which upgrade path should you use for Fabrikam, Inc.? (Fabricam Q1-4) a. Upgrade the Dallas account domain.Use this domain as the root domain. Separately upgrade the three Windows NT 4.0 resource domains to Windows 2000. Consolidate these three domains into one domain. b. Separately upgrade the four Windows NT 4.0 domains to Windows 2000. Upgrade these domains in place. Use the existing trust-relationship structure. c. Upgrade the four Windows NT 4.0 domains to Windows 2000. Upgrade these domains in place. Re-establish the previous two-way explicit trust relationships. d. Create a new root domain.Upgrade the three Windows NT 4.0 resource domains to Windows 20000. Upgrade the Windows NT 4.0 account domain for Dallas to Windows 2000. Consolidate all of the accounts into the root domain. Answer: aFor B -> (Need a root located at HQ as a starting point)
For C -> (Previous structure would have used one way trusts ie Master-Resource)
(Always upgrade the account domain first)
5. How many domains should Fabrikam, Inc., have at the end of the upgrade project? (Fabricam Q1-5) a. one domain for the entire company b. one domain for Atlanta and Phoenix, and one domain for Dallas c. one domain for each location d. four domains corresponding to the Windows NT 4.0 domain structure Answer: aFor B -> (Separate domains are only required for different password policies)
For C -> (You may set the ability to reset passwords if locations are OU's)
6. Which Windows 2000 site design should you implement for Fabrikam, Inc.? (Fabricam Q1-6) a. Continue using the existing WAN lines. Create one site that contains all three locations. b. Upgrade the WAN lines to 44.736Mbps. Create one site that contains all three locations. c. Upgrade the WAN lines to 1.544Mbps. Create one site that contains all three locations. d. Upgrade the WAN lines to 1.544Mbps. Create one site each for Dallas, Atlanta,and Phoenix. e. Continue using the existing WAN lines. Create one site each for Dallas, Atlanta,and Phoenix. Answer: eFor A -> (Silly - replication over WAN)
For B -> (No money)
For C -> (No money)
For D -> (No money)
For E -> (Isolates replication traffic and allows schedules)
7. How should you design DNS to support Windows 2000 for Fabrikam, Inc.? (Fabricam Q1-7) a. Use the existing DNS servers, and upgrade them to support SRV records. To support secondary zones, add additional DNS servers that run Windows 2000. b. Install Microsoft DNS server on Windows 2000 computers, and integrate DNS into Active Directory. c. Use the existing DNS servers, and upgrade them to support dynamic update d. Add new DNS servers that run the latest version of BIND. Answer: bFor A -> (Existing DNs is UNiX, need a W2K to be the root)
For B -> (Offers security and performance, just what MS want)
For C -> (What about srv records)
For D -> (8.1.2 will do, but will also cost money) (Still no AD at root) (The latest version supports both SRV and DDNS but lacks features required for implementing AD such as DNS replication roles) also whos going to pay?
8. Where should you locate the server services for Windows 2000? (Fabricam Q1-8) a. In Dallas, locate a schema operations master, a domain naming master, an infrastructure operations master, a RID master, a PDC emulator, and a global catalog. In both Atlanta and Phoenix, locate one of each of the following: a RID Master, an infrastructure operations master, a PDC emulator, and a global catalog. b. In Dallas, locate a schema operations master, a domain naming master, an infrastructure operations master, a RID master, a PDC emulator, and a global catalog. In both Atlanta and Phoenix, locate a RID master, a domain naming master, a PDC Emulator, and a global catalog. c. In Dallas, locate a schema operations master, a domain naming master, an infrastructure operations master, a RID master, a PDC emulator, and a global catalog. In both Atlanta and Phoenix, locate one infrastructure operations master and one global catalog. d. In Dallas, locate a schema operations master, a domain naming master, an infrastructure operations master, a RID master, a PDC emulator, and a global catalog. Locate one global catalog in Atlanta and one global catalog in Phoenix. Answer: dBefore you begin note that a schema operations master and a domain naming master must remain in the first domain created (root). There can be only one per forest. There can be one Infra master, RID and PDC emulator per domain. The GC and Infra master must be on separate servers.An infra master is responsible for updating removal and addition of users to groups within the domain and the updates thereof to the other DC's.
For A -> (The wheels fall off here)
For B -> (Whoops!!)
For C -> (Whoops!!, single domain here!)
For D -> (GCs are good for local authentication, the sucessfull queries for the DC's that is)
9. You want to implement Windows 2000 to minimize the impact of replication on WAN traffic for Fabrikam, Inc. What should you do? (Fabricam Q1-9) a. Define Group Policy objects (GPOs) only at the domain and organizational unit (OU) levels. b. Use SMTP site links for replication.Optimize the site link schedule. c. Define policies and procedures so that only global groups are included in universal groups. d. Use IP site links for replication. Optimize the replication schedule. e. Reduce the number of attributes replicated by the global catalog. Answer: dFor A -> (Helps replication data amount, not significant enough)
For B -> (80 % more bandwidth utilization than IP (choice D))
For C -> (Why not makes things worse? Do we need universal if we have one domain, as they allow you to log on to any domain in the forest, nup , global groups will do thank you)
For D -> (Yes please)
For E -> (Inaccurate updates versus efficientcy, I dont want his/her job)
10. You need to create a design that will allow you to grant permissions to a set of resources that are on three servers in the Dallas office. You need to grant these permissions to users throughout the entire company after the upgrade. What should you do? (Fabricam Q1-10) a. Create local groups on each resource server that is on the Dallas location, and grant these groups access to the resources. create one global group for the domains , and add the members who need to gain access to the resources. Add the global groups to the local group. b. Create a domain local group in the domain and add the members who need to gain access to the resources. Add the global groups to the domain local group. c. Create a domain local group in the domain in which the resources exist and grant this group access to the resources. Create one global group for the domain or domains, and add the members who need to gain access to the resources. Add the global groups to the domain local group. d. Create local groups on each resource server that is on the Dallas location, and grant these groups access to the resources. Grant each local group access to the resource on its respective server. Create one global group for the domain or domains. And add the members who need to gain access to the resources. Create a universal group. Add the global groups to the universal group add the universal group to the domain local group. Answer: cFor A -> (The correct group is Domain Local, we are not in a workgroup here)
For B -> (members must be added to global)
For C -> (looks good, AGLP)
For D -> (As per A)
Remember the AGLP model: Account to Global to Local then assign permission. Perhaps it hould read AGDLP (Domain local).
11. How should you design the implementation of Group Policy for the Fabricam, Inc., sales department? (Choose one of the following five answer choices.) (Fabricam Q1-11) a. Create domain-level Group Policy objects (GPOs) for company-wide policies. Set sales-specific policies in the top-level sales organizational unit (OU). Use site-level GPOs to set location-specific policies as necessary. b. Create domain-level Group Policy objects (GPOs) for company-wide policies. Set sales-specific policies in the top-level Atlanta, Dallas, and Phoenix organizational units (OUs) c. Create domain-level Group Policy objects (GPOs) for company-wide policies. Enable the No Override setting for the domain level GPOs. Set sales-specific policies in the top-level sales organizational unit (OU). Use site-level GPOs to set location-specific information as necessary. Enable Block Inheritance for the GPO that is in the sales OU d. Create domain-level Group Policy objects (GPOs) for company-wide policies. Enable No Override for the domain-level. Set location-specific policies in the top-level Atlanta, Dallas, and Phoenix or organizational unit (OU). Set department-specific policies in the top-level Atlanta, Dallas, and Phoenix organizational unit (OU). Enable Block Inheritance for the GPO that is in the sales OU. e. Create one domain-level group policy object (GPO) for sales. Grant read only and apply group policy permissions to only the sales department security group. Answer: aFor A -> (The MS way. The more specific the requirement, the lower the level of configuration. Tested linking a site policy to an OU. Bear in mind the multiple polices can be applied to an OU. The story also mentions no filtering, which deals with No Overide and Block inheritance)
For B -> (All ous underneath will get effected, not just sales)
For C -> (No override will kick butt)
For D -> (As per C)
For E -> (What if the different locations required different settings ? You cant set read and apply to a different specific conditions on the same condition, only to the policy as a whole)
"Initially, Group Policy will be designed to redirect folders, to define logon scripts that will be customized for each department at each location"
12. What is the most critical decision you have to make before you implement your Active Directory? (Fabricam Q1-12) a. The name of the first domain b. The number of domains c. The number of users d. The DNS e. Are aliens real Answer: aFor A -> (I assume Active Directory Name - The root is vital and cant be re-named once created, DNS can be chopped and changed)
For B -> (no limit, not so,do a calculation on the maximium character length of a FQDN, in this case though, not an issue)
For C -> (no limit, yeagh right MS.16 mill or so)
For D -> (Vital)
Active Directory uses DNS as its location service, enabling computers to find the location of domain controllers. To find a domain controller in a particular domain, a client queries DNS for resource records that provide the names and IP addresses of the Lightweight Directory Access Protocol (LDAP) servers for the domain. LDAP is the protocol used to query and update Active Directory, and all domain controllers run the LDAP service. *You cannot install Active Directory without having DNS on your network*, because Active Directory uses DNS as its location service. However, you can install DNS separately without Active Directory.
13. Which is the most important step if you upgrade Fabricam Inc. to Windows 2000? (Fabricam Q1-13) a. Find out how many sites you need b. Find out where to place the schema-operation-master c. Find out how many Domains you need d. Make the OU-structur Answer: d