You have a single Active Directory directory service domain with an enterprise certification authority (CA). You are creating a new Group Policy object (GPO) to perform certificate autoenrollment. You need to ensure that users are notified when an autoenrollment failure occurs. What should you do?

Your company has a single Active Directory directory service forest with three domains. A site named Site1 has three domain controllers named DC1, DC2, and DC3. All three domain controllers have the same directory and application partitions. DC3 holds the PDC Emulator Master and RID Master roles. You need to prevent DC3 from performing intersite replication, and you must accomplish this goal without disrupting intrasite replication. What should you do?

You have a single Active Directory directory service domain with two domain controllers named DC1 and DC2. DC1 and DC2 are located in two Active Directory sites. Both domain controllers run Windows Server 2003 and are configured as global catalog servers. A domain user object is deleted on DC1. Replication has not yet occurred between DC1 and DC2. You need to recover the deleted object before the change is replicated to DC2. What should you do first?

You have a single Active Directory directory service domain with three domain controllers named DC1, DC2, and DC3. All FSMO roles are held on DC1. All domain controllers are global catalog servers. Several users are experiencing logon times that are longer than normal. All users are authenticating with DC1 and DC3. The DC2 logs display error messages indicating that the Active Directory database partition is out of free space. You need to ensure that Active Directory is accessible on DC2. You add a 500-GB hard disk to DC2, back up the system state data, and restart DC2 in Directory Services Restore Mode. What should you do next?

You have a single Active Directory directory service forest with three domains. You are monitoring Active Directory replication. You need to obtain the replication status of all domain controllers. What should you do?

Your company has a single Active Directory directory service forest with a forest root domain and a child domain. The company has a high rate of employee turnover, and administrators create several hundred user accounts per week. A domain controller in the child domain fails. Within several hours of the failure, administrators are unable to create new user accounts within the child domain. You need to ensure that administrators can create user accounts in the child domain. What should you do?

Your company has a hub-and-spoke network topology. The network spans several physical locations. Each location is configured as an Active Directory directory service site. There are two domain controllers in each site. You need to prevent the spoke sites from creating replication connections to other spoke sites in the event that all domain controllers in the hub site are unavailable. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for a company that has a single office. The network consists of a single
Active Directory domain and a single site. All servers run Windows Server 2003. All file and print servers
and application servers are located in an organizational unit (OU) named Servers. A server support team
handles daily support issues for the file and print servers and application servers. All of the server support
team’s user accounts are located in an OU named SST. You are responsible for managing security for the
company’s servers. You create a group named ServerSupport that includes all the user accounts of the
server support team. You need to ensure that members of the server support team can log on locally to only
the file and print servers and the application servers. What should you do?