You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. The functional level of the domain is Windows Server 2003. The organizational unit (OU) structure is shown in the exhibit. (Click the Exhibit button.) Your company uses an X.500 directory service enabled product to support a sales and marketing application. The application is used only by users in the sales department and the marketing department. The application uses InetOrgPerson objects as user accounts. InetOrgPerson objects have been created in Active Directory for all Sales and Marketing users. These users are instructed to log on by using their InetOrgPerson object as their user account. Microsoft Identity Integration Server is configured to copy changes to InetOrgPerson objects from Active Directory to the X.500 directory service enabled product. All InetOrgPerson objects for marketing employees are located in the Marketing OU. All InetOrgPerson objects for sales employees are located in the Sales OU. Mikhail is another administrator in your company. Mikhail is responsible for managing the objects for users who require access to the X.500 directory service enabled product. You need to configure Active Directory to allow Mikhail to perform his responsibilities. Which action or actions should you take? (Choose all that apply.)

You are the network administrator for your company. The network consists of a single Active Directory domain. The domain includes an organizational unit (OU) named TerminalServers and a global group named Accounting. The TerminalServers OU contains all of the Windows Server 2003 computer accounts running Terminal Services. Members of the Accounting group connect to terminal servers to access their software applications. You create a Group Policy object (GPO) and link it to the TerminalServers OU. You configure the GPO to publish a software installation package that installs the most recent tax application. Users in the Accounting group report that the new tax application is not installed on any of the terminal servers. You log on to one of the servers running Terminal Services and attempt to use Add or Remove Programs in Control Panel. When you select Add New Programs, you receive the following error message: "Applications are not available to install from the network in this mode." You need to ensure that the new tax application is installed on the computers running Terminal Services. What should you do?

You have a single Active Directory directory service domain. You have several domain security policies in place. The relevant part of the network consists of the servers shown in the following table. You create two global security groups named Sales Admins and Research Admins. You add the users in the sales and research departments into their respective groups. You need to allow the sales and research departments to administer their own Active Directory user, computer, and group objects, while maintaining the existing security policies of the company. exhibit What should you do?

You are the network administrator for Blue Yonder Airlines. The company has offices in Toronto, New York, and Chicago. The network connections are shown in the exhibit. (Click the Exhibit button.) The network consists of two Active Directory domains. User objects for users in the Toronto office and the New York office are stored in the blueyonderairlines.com domain. User objects for users in the Chicago office are stored in the production.blueyonderairlines.com domain. Active Directory is configured as shown in the following table. Users in the New York office frequently report that they cannot log on to the network, or that logging on takes a very long time. You notice increased global catalog queries to servers in the Toronto office during peak logon times. You need to improve logon performance for users in the New York office without
increasing WAN traffic that is due to replication. What should you do?

Your company has a main office in Chicago and a branch office in New York. The company has a single Active Directory directory service forest with four domains. Two of the domain controllers are described in the following table. An application has a server component and a client component. When the server component is installed, several schema classes and attributes are added. A user in the ne.sales.contoso.com domain installs the client component on his client computer. You then install the server component. Thirty minutes after you install the server component, the user attempts to run the client component, but receives an error message stating that the schema objects cannot be found. You verify that the objects are present on DC1. The users logon server is DC4. You need to ensure that the user can immediately run the client component. What should you do?

Exhibit
You are a network administrator for your company. The network consists of a single Active Directory forest
that contains one domain. The company has its main office and one branch office in San Francisco. The
company has additional branch offices in Chicago, New York, and Toronto. Administrators at the main office
are responsible for managing all objects in the domain. Administrators at each branch office are responsible
for managing user and computer objects for employees who work in the same branch office as the
administrator. Administrators for the San Francisco branch office are also responsible for managing user
and computer objects for employees who work in the main office. These users are managed as a single
unit. You want administrators to be authorized to make changes only to the objects for which they are
responsible. You need to plan an organizational unit (OU) structure that allows the delegation of required
permissions. You want to achieve this goal by using the minimum amount of administrative effort. Which OU
structure should you use?
Figure A
Figure B
Figure C
Figure D

You have two Active Directory directory service domains. Domain controllers are configured as shown in the following table. DC2 fails with an unrecoverable error. You need to move DC2s FSMO roles. What should you do?

You are the network administrator for Northwind Traders. The network consists of a single Active Directory forest. The functional level of the forest is Windows Server 2003. The forest consists of a forest root domain named northwindtraders.com and a child domain named child1.northwindtraders.com. The child1.northwindtraders.com domain contains all of the user accounts for the network. Your company acquires a company named Contoso, Ltd. The Contoso, Ltd., network consists of a single Active Directory
forest that contains a forest root domain named contoso.com and a child domain named child1.contoso.com. All domain controllers run Windows 2000 Server. Both domains contain user accounts and resource servers. The domains and existing trust relationships are shown in the exhibit. (Click the Exhibit button.) You need to create the minimum number of trust relationships required for the users in the child1.northwindtraders.com domain to access resources in both domains in the contoso.com forest. What should you do?

You are the network administrator for your company. The network consists of a single Active Directory
domain. The company’s written domain administration policy requires that help desk employees must have
the ability to reset passwords. The help desk employees must be able to reset passwords for all user
accounts except for members of the Domain Admins global group and members of the Executives global
group. The help desk employees must not have any other administrative rights in the domain. All help desk
employees are members of the Help Desk global group. All members of the Domain Admins group are
located in an organizational unit (OU) named AdminsOU. All members of the Executives group are located
in an OU named ExecutiveOU. All other user accounts are located in an OU named EmployeesOU. The
relevant portion of the OU design for the domain is shown in the exhibit. (Click the Exhibit button.) You need
to configure the permissions for the help desk employees as defined by the written domain administration
policy. What should you do?

You are a network administrator for Fabrikam, Inc. The network consists of a single Active Directory domain named fabrikam.com. All servers run Windows Server 2003. All client computers run Windows XP Professional. The company restricts all users so that they can use only authorized applications. All domain users are authorized to use the Microsoft Office suite of applications. Members of a security group named CRM Users are also authorized to use a customer relationship management (CRM) application. You configure Group Policy objects (GPOs) as shown in the exhibit. (Click the Exhibit button.) The Office Applications GPO has only the Microsoft Office applications listed as allowed applications. The CRM Application GPO has only the CRM application listed as an allowed application. The CRM Application GPO has security settings so that it applies only to members of the CRM Users security group. Users who are members of the CRM Users security group report that they cannot run the CRM application. You need to reconfigure the domain to meet the following requirements: All users must be able to run the Microsoft Office applications. Members of the CRM Users security group must be able to run the CRM application. All users must be prevented from running unauthorized software.Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)