###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)

All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:

• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###

You need to recommend a solution for deploying the corporate applications. The solution must meet
the company’s technical requirements.
What should you include in the recommendation?

###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)

All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:

• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###

You need to recommend a solution to identify which servers and workloads can be consolidated to
meet the company’s business goals.
What should you include in the recommendation?

###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)

All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:

• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###

You need to recommend a solution to ensure that users can open all files that they encrypt from any
computer.
What should you include in the recommendation?

###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)

All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:

• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###

You are evaluating renaming the cpandll.com forest.
You need to recommend changes to the current network infrastructure to ensure that you can
rename the forest.
What should you recommend?