|Exam Name||:||Windows Server 2008 Active Directory, Configuring|
|Questions and Answers||:||661 Q & A|
|Updated On||:||November 17, 2017|
|PDF Download Mirror||:||70-640 Brain Dump|
|Get Full Version||:||Pass4sure 70-640 Full Version|
You are the systems administrator of a large organization that has recently implemented Windows Server 2008 R2. You have a few remote sites that do not have very tight security. You have decided to implement read-only domain controllers (RODC).
What forest functional levels does the network need for you to do the install? (Choose Three)
Windows 2000 Mixed
Windows 2008 R2
Prerequisites for Deploying an RODC
Ensure that the forest functional level is Windows Server 2003 or higher.
Deploy at least one writable domain controller running Windows Server 2008 or Windows Server 2008 R2 in the same domain as the RODC and ensure that the writable domain controller is also a DNS server that has registered a name server (NS) resource record for the relevant DNS zone. An RODC must replicate domain updates from a writable domain controller running Windows Server 2008 or Windows Server 2008 R2.
Your network contains an Active Directory domain. The domain contains several domain controllers. All domain controllers run Windows Server 2008 R2. You need to restore the Default Domain Policy Group Policy object (GPO) to the Windows Server 2008 R2 default settings. What should you do?
Run dcgpofix.exe /target:dc.
Run dcgpofix.exe /target:domain.
Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe
Delete the link for the Default Domain Controllers Policy, and then run gpupdate.exe
Your network contains an Active Directory forest named contoso.com. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. DC2 holds the PDC emulator role.
The power supply on DC2 fails.
You seize the PDC emulator role to DC1. You replace the power supply on DC2.
You need to bring DC2 back online as the PDC emulator as soon as possible. The solution must minimize the disruption of services for users.
What should you do?
Connect DC2 to the network. Turn on DC2, and then transfer the PDC emulator role.
Reinstall Windows Server 2008 on DC2 and promote DC2 to a domain controller. Transfer the PDC emulator role.
Reinstall Windows Server 2008 on DC2 and promote DC2 to a domain controller. Seize the PDC emulator role.
Disconnect DC2 from the network. Turn on DC2, and then seize the PDC emulator role. Connect DC2 to the network.
Your network contains a single Active Directory domain. The domain contains five read- only domain controllers (RODCs) and five writable domain controllers. All servers run Windows Server 2008.
You plan to install a new RODC that runs Windows Server 2008 R2.
You need to ensure that you can add the new RODC to the domain. You want to achieve this goal by using the minimum amount of administrative effort.
Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
From Active Directory Domains and Trusts, raise the functional level of the domain.
At the command prompt, run adprep.exe /forestprep.
From Active Directory Users and Computers, pre-stage the RODC computer account.
At the command prompt, run adprep.exe /domainprep.
At the command prompt, run adprep.exe /rodcprep.
During the first stage of the installation, the wizard records all the data about the RODC
that will be stored in the distributed Active Directory database, including the read-only domain controller account name and the site in which it will be placed. This stage must be performed by a member of the Domain Admins group.
To create an RODC account by using the Windows interface
Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
Double-click the domain container, then you can either right-click the Domain Controllers container or click the Domain Controllers container, and then click Action.
Click Pre-create Read-only Domain Controller account
Your network contains an Active Directory domain named contoso.com. All domain controllers run a Server Core installation of Windows Server 2008 R2. You need to identify which domain controller holds the PDC emulator role. Which tool should you run?
Your network contains an Active Directory domain.
You need to activate the Active Directory Recycle Bin in the domain. Which tool should you use?
You can enable Active Directory Recycle Bin by using the following methods:
Enable-ADOptionalFeature Active Directory module cmdlet (This is the recommended method.)
Before you can make the recycle bin available, you must first update Active Directory schema with the required attributes. When you do this, the schema is updated, and then every object in the forest is updated with the recycle bin attributes as well. This process is
irreversible once it is started.
Your network contains 50 domain controllers that runs Windows Server 2008 R2.
You need to create a script that resets the Directory Services Restore Mode (DSRM) password on all of the domain controllers. The solution must NOT maintain passwords in the script.
Which two tools should you use? (Each correct answer presents part of the solution. Choose two.)
Active Directory Users and Computers
Local Users and Groups
B: You can also NTDSUTIL command tool to reset DSRM password. In an elevated CMD prompt where you have logged on as a Domain Admin, run:
NTDSUTIL SET DSRM PASSWORD SYNC FROM DOMAIN ACCOUNT <your user
here> Q Q D (not A): There comes a day in nearly every administrator’s life where they will need to boot a domain controller into DS Restore Mode. Whether it’s to perform an authoritative restore or fix database issues, you will need the local administrator password.
A corporate network includes an Active Directory Domain Services (AD DS) forest that contains two domains. All servers run Windows Server 2008 R2. All domain controllers are configured as DNS servers.
A standard primary zone for dev.contoso.com is stored on a member server.
You need to ensure that all domain controllers can resolve names from the dev.contoso.com zone. What should you do?
On one domain controller, create a stub zone. Configure the stub zone to replicate to all DNS servers in the forest.
On one domain controller, create a stub zone. Configure the stub zone to replicate to all DNS servers in the domain.
On one domain controller, create a conditional forwarder. Configure the conditional forwarder to replicate to all DNS servers in the domain.
On the member server, create a secondary zone.
You are the network administrator for an organization that has two locations, New York and London.
Each location has multiple domains but all domains fall under the same tree, Stellacon.com.
Users in the NY.us.stellacon.com domain need to access resources in the London.uk.stellacon.comdomain.
You need to reduce the amount of time it takes for authentication when users from NY.us.stellacon.com access resources in London.uk.stellacon.com. What can you do?
Set up a one-way shortcut trust from London.uk.stellacon.com to NY.us.stellacon.com.
Set up a one-way shortcut trust from NY.us.stellacon.com to London.uk.stellacon.com.
Enable Universal Group Membership Caching in NY.us.stellacon.com.
Enable Universal Group Membership Caching in London.uk.stellacon.com.
Understanding When to Create a Shortcut Trust When to create a shortcut trust
Shortcut trusts are one-way or two-way, transitive trusts that administrators can use to optimize the authentication process.
Authentication requests must first travel a trust path between domain trees. In a complex forest this can take time, which you can reduce with shortcut trusts. A trust path is the series of domain trust relationships that authentication requests must traverse between any two domains. Shortcut trusts effectively shorten the path that authentication requests travel between domains that are located in two separate domain trees.
Shortcut trusts are necessary when many users in a domain regularly log on to other
domains in a forest.
Using the following illustration as an example, you can form a shortcut trust between domain B and domain D, between domain A and domain 1, and so on.
C:\Documents and Settings\usernwz1\Desktop\1.PNG Using one-way trusts
A one-way, shortcut trust that is established between two domains in separate domain trees can reduce the time that is necessary to fulfill authentication requests—but in only one direction. For example, when a oneway, shortcut trust is established between domain A and domain B, authentication requests that are made in domain A to domain B can use the new one-way trust path. However, authentication requests that are made in domain B to domain A must still travel the longer trust path.
Using two-way trusts
A two-way, shortcut trust that is established between two domains in separate domain trees reduces the time that is necessary to fulfill authentication requests that originate in either domain. For example, when a two-way trust is established between domain A and domain B, authentication requests that are made from either domain to the other domain can use the new, two-way trust path.