In this section, you’ll see one or more sets of questions with the same scenario and problem. Each
question presents a unique solution to the problem, and you must determine whether the solution
meets the stated goals Any of the solutions might solve the problem. It is also possible that none
of the solutions solve the problem. Once you answer a question in this section, you will NOT be
able to return to it. As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution Determine whether the solution meets the
stated goals.
Your network contains an Active Directory forest named contoso.com. The forest contains a
member server named Server1 that runs Windows Server 2016. All domain controllers run
Windows Server 2012 R2. contoso.com has the following configuration.
You plan to deploy an Active Directory Federation Services (AD FS) farm on Served and to
configure device registration. You need to configure Active Directory to support the planned
deployment. Solution: You upgrade a domain controller to Windows Server 2016. Does this meet
the goal?
A.
Yes
B.
No
Answer: A.
Prerequisites:
– Schema version 85. By upgrading one DC to 2016, we meet this requirement.
– Domain functional level: at least Server 2003, for client certificate authentication if the certificate is mapped to the user’s account you need Domain functional level 2008 or higher.
source: https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/overview/ad-fs-2016-requirements#BKMK_4
2
7
I say A also, question says you “upgrade a DC to 2016” to do this, the 2016 schema must already be in place.
These 2 ADFS scenario questions are quite tricky and everyone seems to have conflicting answers.
3
3
Upgrade a domain controller to Windows Server 2016 will update the schema also during the DCpromo wizard. so after we have alle pre-requisites for support device registration. The answer is A for me :
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/operations/configure-device-based-conditional-access-on-premises
Requirement Description
An Azure AD subscription with Azure AD Premium To enable device write back for on premises conditional access – a free trial is fine
Intune subscription only required for MDM integration for device compliance scenarios -a free trial is fine
Azure AD Connect November 2015 QFE or later. Get the latest version here.
Windows Server 2016 Build 10586 or newer for AD FS
Windows Server 2016 Active Directory schema Achema level 85 or higher is required for msDS-IsCompliant attribute for device compliance scenarios
Windows Server 2016 domain controller This is only required for Microsoft Passport for Work
Windows 10 client Build 10586 or newer, joined to the above domain is required for Windows 10 Domain Join and Microsoft Passport for Work scenarios only
Azure AD user account with Azure AD Premium license assigned For registering the device
0
0
Agreed….Upgrade a domain controller to Windows Server 2016 will update the schema also during the DCpromo wizard. so after we have alle pre-requisites for support device registration. The answer is A for me too
https://www.virtualizationhowto.com/2016/11/upgrade-windows-server-2012-r2-domain-controller-to-windows-server-2016/
0
0
Answer is “B. No”
Installing Server 2016 does not automaticaaly upgrade the DFL or FFL. Going to ADUC and *manually* upgrading the DFL will while opening AD Domains and Trusts and right-clicking on ADDT will allow you to upgrade the FFL.
ADFS 3.0 (the default in Server 2012 and 2016) Device Registration requires Forest Functional Level of at least Server 2012 R2.
3
2
Source? I’ve seen this link that specifies all you need is the AD schema prep: https://technet.microsoft.com/en-us/library/dn550982(v=ws.11)
“You do not need a domain controller running Windows Server 2012 R2 for this solution. All you need is a schema update from your current AD DS installation. For more information about extending the schema, see Install Active Directory Domain Services. You can update the schema on existing domain controllers without installing a domain controller that runs Windows Server 2012 R2 by Running Adprep.exe.”
ADprep is performed during the DC promotion process starting with Server 2012
1
0
https://serverfault.com/questions/550127/add-windows-server-2012-dc-in-existing-2008r2-without-updating-schema
A?
1
0
No. B.
1
4
Correct Answer: –>> A
We are upgrading DS not AD FS, Since the beginning the schema version is 85, which means we can deploy AD FS in W2K16
***********************************************
Moving from AD FS in Windows Server 2012 R2 to
AD FS in Windows Server 2016 is easier
***********************************************
Previously, migrating to a new version of AD FS required exporting configuration from the old farm and importing to a brand new, parallel farm.
Now, moving from AD FS on Windows Server 2012 R2 to AD FS on Windows Server 2016 has become much easier. Simply add a new Windows Server 2016 server to a Windows Server 2012 R2 farm, and the farm will act at the Windows Server 2012 R2 farm behavior level, so it looks and behaves just like a Windows Server 2012 R2 farm.
Then, add new Windows Server 2016 servers to the farm, verify the functionality and remove the older servers from the load balancer. Once all farm nodes are running Windows Server 2016, you are ready to upgrade the farm behavior level to 2016 and begin using the new features.
2
0
Answer: B
Explanation:
Device Registration requires Windows Server 2012 R2 forest schema (not just domain schema).
3
3
Upgrading a domain controller does NOT automatically upgrade the functional level. It simply installs server 2016 and leaves the FFL intact. All DC’s must be deprecated that do not support the functional level you wish to upgrade to.
Functional level required for mobile device registration through ADFS is 2012R2 as already stated.
The answer is B.
3
3