Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains three domain controllers. The
domain controllers are configured as shown in the following table.
You plan to test an application on a server named Server1. Server1 is currently located in Site1. After the test, Server1 will be moved to Site2. You need to ensure
that Server1 attempts to authenticate to DC3 first, while you test the application. What should you do?
A.
Create a new site and associate the site to an existing site link object.
B.
Modify the priority of site-specific service location (SRV) DNS records for Site2.
C.
Create a new subnet object and associate the subnet object to an existing site.
D.
Modify the weight of site-specific service location (SRV) DNS records Site1.
Explanation:
Service Location (SRV) Resource Record
Priority A number between 0 and 65535 that indicates the priority or level of preference given for this record to the host that is specified in Host offering this service.
Priority indicates this host’s priority with respect to the other hosts in this domain that offer the same service and are specified by different service location (SRV)
resource records.
Incorrect:
Not D:
Weight: A number between 1 and 65535 to be used as a load-balancing mechanism. When you select among more than one target SRV host for the type of service
(specified in Service) that use the same Priority number, you can use this field to weight preference toward specific hosts. Where several hosts share equal priority,
SRV-specified hosts with higher weight values that are entered here should be returned first to resolver clients in SRV query results.
Service Location (SRV) Resource Record Dialog Box
answer is wrong!
reason:
https://technet.microsoft.com/en-us/library/cc742513(v=ws.11).aspx
“Lower numbers are given higher preference. The highest priority or preference goes to a host (offering the service that is specified in this record) that has a priority value of zero (0).” => given answer would result in opposite of what’s being asked, because you cannot apply negative values to this integer!
my vote is C, reason:
It’s less impact on overall infrastructure and only affects server3.
One may wonder about how DC locator works when processing overlapping subnets. This article states that “the IP subnet with the smallest matching subnet mask is used”, wich would alway apply to /32 what I would use here:
https://technet.microsoft.com/en-us/library/2009.06.subnets.aspx
2
0
The part
“Lower numbers are given higher preference. The highest priority or preference goes to a host (offering the service that is specified in this record) that has a priority value of zero (0).”
Than Den responded with
“given answer would result in opposite of what’s being asked, because you cannot apply negative values to this integer!”
doesn’t make this answer wrong, nowhere does it state that a priority value of Zero has been applied or that you can’t change the other servers priorities for that site. Priority numbers can be applied from 0 to 65535, so you simply change the site specific SRV DNS records for Site2 which Server3 should be assigned to and make it so that DC3 is 0 and DC1 and DC2 are 2 or higher and anything assigned to Site2 will have DC3 as their primary DC.
1
0
Answer is C without any doubt .. Domain Controllers tell the PC to which DC/Site to connect for authentication based solely on matching subnets -> sites .. there is nothing you can do to tweak a PC to authenticate to another site if the PC already has an IP address in a subnet defined in Sites and Services that attaches to a specific Site.. tweaking DNS SRV records only changes the behavior in that particular site.
0
0
I am going to have go to with C as well. The priority by default is 0 and the ustion doesn’t say anything that can make us assume it was changed. By linking a subnet object to a site, hosts with an IP address within that subnet will try to authenticate to objects within that site first.
Although, I just tested this with a lab and I could not get it working. I had two DCs. DC1 and DC2. I created a network with subnet1 being 192.168.1.0/24 and subnet2 being 192.168.2.0/24. They were both in the same domain and had IPs on the subnet1. I added a server with a static IP onto subnet2. When using echo %LOGONSERVER% I would always get DC1 even though the subnet2 was linked to the site DC2 was placed in. I moved DC2 to the same subnet as the client and it was still trying to contact DC1 for logon. So I could not get this working, but in theory. It should work. I also tried with the SRV records and I would increment them by one except for the DC2. The server was trying trying to contact DC1 for authentication.
0
0
I will go with C in this case. Changing the weight or priority of SRV records in the site container only affects selection once the client decides on a site container. Adding a new subnet object to site2 which server1’s IP falls into makes the SRV lookup focus on site2 from the very beginning. Since there is only one SRV record in site2 for ldap (DC3) weight and priority have no impact.
1
0
One more point – changing the weight and priority values would affect all clients querying for an ldap server, not just server1. This could have a negative effect for site1 clients authenticating to site2 all the time. Designating the subnet object for Server1 (could even use a /32 mask) that is attached to site2 enforces the desired effect for only Server1.
1
0
I agree with dunderhead.
C.
0
0