Your network contains an Active Directory domain. All domain controllers run Windows Server 2008 R2.
You need to collect all of the Directory Services events from all of the domain controllers and store the events in
a single central computer.
What should you do?

A.
Run the ntdsutil.exe command.

B.
Run the repodmin.exe command.

C.
Run the Get-ADForest cmdlet.

D.
Run the dsamain.exe command.

E.
Create custom views from Event Viewer.

F.
Run the dsquery.exe command.

G.
Configure the Active Directory Diagnostics Data Collector Set (DCS),

H.
Configure subscriptions from Event Viewer.

I.
Run the eventcreate.exe command.

J.
Create a Data Collector Set (DCS).

Explanation:
Reference:
http://technet.microsoft.com/en-us/library/cc749183.aspx
Event Subscriptions
Event Viewerenables you to view events on a single remote computer. However, troubleshooting an issue
might require you to examine a set of events storedin multiple logs on multiple computers.
Windows Vista includes the ability to collect copies of events from multiple remote computers and store
them locally. To specify which events to collect, you create an event subscription. Among other details, the
subscription specifies exactly which events will becollected and in which log they will be stored locally. Once a
subscription is active and events are being collected, you can view and manipulate these forwarded events as
you would any other locally stored events.
Using the event collecting feature requires that you configure both the forwarding and the collecting computers.
The functionality depends on the Windows Remote Management (WinRM) service and the Windows Event
Collector (Wecsvc) service. Both of these services must be running on computers participating in the
forwarding and collecting process. To learn about the steps required to configure event collecting and
forwarding computers, see Configure Computers to Forward and Collect Events(http://technet.microsoft.com/
en-us/library/cc748890.aspx).