You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain
Your company has an Active Directory forest that contains a single domain. The domain member
server has an Active Directory Federation Services (AD FS) server role installed. You need to
configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain.
What should you do?
Which tool should you use?
You install a read-only domain controller (RODC) named RODC1. You need to ensure that a user
named User1 can administer RODC1. The solution must minimize the number of permissions
assigned to User1. Which tool should you use?
You need to mount an Active Directory Lightweight Directory Services (AD LDS) snapshot from Server1
Your network contains an Active Directory domain. The domain contains a server named Server1.
Server1 runs Windows Server 2008 R2. You need to mount an Active Directory Lightweight Directory
Services (AD LDS) snapshot from Server1. What should you do?
You need to ensure that all the computers can use the most up-to-date version of the AD RMS template
Your network contains an Active Directory domain named contoso.com. The network contains client
computers that run either Windows Vista or Windows 7. Active Directory Rights Management
Services (AD RMS) is deployed on the network. You create a new AD RMS template that is
distributed by using the AD RMS pipeline. The template is updated every month. You need to ensure
that all the computers can use the most up-to-date version of the AD RMS template. You want to
achieve this goal by using the minimum amount of administrative effort. What should you do?
What should you include in the recommendations?
###BeginCaseStudy###
Case Study: 8
Graphic Design Institute, Case A
Scenario
COMPANY OVERVIEW
Graphic Design Institute is a training company that has a main office and 10 branch offices.
The main office is located in Bangalore.
PLANNED CHANGES
Graphic Design Institute plans to implement the following changes:
• Deploy a new two-node failover cluster that runs the Hyper-V server role on each
node.
• Ensure that intra-cluster network traffic is isolated from all other network traffic.
• Implement Network Access Protection (NAP) for all of the client computers on the
internal network and for all of the client computers that connect remotely.
EXISTING ENVIRONMENT
The relevant servers in the main office are configured as shown in the following table.
The server has the following configurations:
• NPAS1 contains a static IP address pool,
• Web1, Web2, and Web3host a copy of the corporate Web site.
• Web1, Web2, and Web3 are located in the perimeter network and belong to a
workgroup.
All client computers run Windows XP Professional, Windows Vista Enterprise, or Windows
7 Enterprise, All client computers are members of the domain.
Some users work remotely. To access the company’s internal resources, the remote users use
a VPN connection to NPAS1.
Existing Active Directors/Directory Services
The network contains a single-domain Active Directory forest named
graphicdesigninstitute.com. The Active Directory Recycle Bin is enabled.
Existing Network Infrastructure
Graphic Design Institute has an internal network and a perimeter network.
The network contains network switches and wireless access points (WAPs) from multiple
vendors. Some of the network devices are more than 10 years old and do not support portbased authentication.
TECHNICAL REQUIREMENTS
All of the accounts used for administration must be assigned the minimum amount of
permissions.
Web1, Web2, and Web3 must have the identical configurations for the corporate Web site.
The Web servers must contain a local copy of all the Web pages in the Web site. When a
Web page is modified on any of the Web servers, the modifications must be copied
automatically to all of the Web servers.
A user named Admin1 must be responsible for performing the following tasks:
• Restarting all of the Web servers.
• Backing up and restoring the files on all of the Web servers.
A user named Admin2 must be responsible for performing the following tasks:
• Backing up the Active Directory database.
• Recovering deleted objects from the Active Directory Recycle Bin.
###EndCaseStudy###
You need to recommend a solution for configuring the Web servers. The solution must meet the
company’s technical requirements. What should you include in the recommendations?
which group should you add User1?
Your network contains a single Active Directory domain. Active Directory Rights Management
Services (AD RMS) is deployed on the network. A user named User1 is a member of only the AD RMS
Enterprise Administrators group. You need to ensure that User1 can change the service connection
point (SCP) for the AD RMS installation. The solution must minimize the administrative rights of
User1. To which group should you add User1?
You need to ensure that Web1, Web2, and Web3 download updates from WSUS1
###BeginCaseStudy###
Case Study: 8
Graphic Design Institute, Case A
Scenario
COMPANY OVERVIEW
Graphic Design Institute is a training company that has a main office and 10 branch offices.
The main office is located in Bangalore.
PLANNED CHANGES
Graphic Design Institute plans to implement the following changes:
• Deploy a new two-node failover cluster that runs the Hyper-V server role on each
node.
• Ensure that intra-cluster network traffic is isolated from all other network traffic.
• Implement Network Access Protection (NAP) for all of the client computers on the
internal network and for all of the client computers that connect remotely.
EXISTING ENVIRONMENT
The relevant servers in the main office are configured as shown in the following table.
The server has the following configurations:
• NPAS1 contains a static IP address pool,
• Web1, Web2, and Web3host a copy of the corporate Web site.
• Web1, Web2, and Web3 are located in the perimeter network and belong to a
workgroup.
All client computers run Windows XP Professional, Windows Vista Enterprise, or Windows
7 Enterprise, All client computers are members of the domain.
Some users work remotely. To access the company’s internal resources, the remote users use
a VPN connection to NPAS1.
Existing Active Directors/Directory Services
The network contains a single-domain Active Directory forest named
graphicdesigninstitute.com. The Active Directory Recycle Bin is enabled.
Existing Network Infrastructure
Graphic Design Institute has an internal network and a perimeter network.
The network contains network switches and wireless access points (WAPs) from multiple
vendors. Some of the network devices are more than 10 years old and do not support portbased authentication.
TECHNICAL REQUIREMENTS
All of the accounts used for administration must be assigned the minimum amount of
permissions.
Web1, Web2, and Web3 must have the identical configurations for the corporate Web site.
The Web servers must contain a local copy of all the Web pages in the Web site. When a
Web page is modified on any of the Web servers, the modifications must be copied
automatically to all of the Web servers.
A user named Admin1 must be responsible for performing the following tasks:
• Restarting all of the Web servers.
• Backing up and restoring the files on all of the Web servers.
A user named Admin2 must be responsible for performing the following tasks:
• Backing up the Active Directory database.
• Recovering deleted objects from the Active Directory Recycle Bin.
###EndCaseStudy###
You need to ensure that Web1, Web2, and Web3 download updates from WSUS1. What should you
do?
You need to create new organizational units in the AD LDS application directory partition
Your company has a server that runs an instance of Active Directory Lightweight Directory Services
(AD LDS). You need to create new organizational units in the AD LDS application directory partition.
What should you do?
Which NAP enforcement method should you recommend?
###BeginCaseStudy###
Case Study: 8
Graphic Design Institute, Case A
Scenario
COMPANY OVERVIEW
Graphic Design Institute is a training company that has a main office and 10 branch offices.
The main office is located in Bangalore.
PLANNED CHANGES
Graphic Design Institute plans to implement the following changes:
• Deploy a new two-node failover cluster that runs the Hyper-V server role on each
node.
• Ensure that intra-cluster network traffic is isolated from all other network traffic.
• Implement Network Access Protection (NAP) for all of the client computers on the
internal network and for all of the client computers that connect remotely.
EXISTING ENVIRONMENT
The relevant servers in the main office are configured as shown in the following table.
The server has the following configurations:
• NPAS1 contains a static IP address pool,
• Web1, Web2, and Web3host a copy of the corporate Web site.
• Web1, Web2, and Web3 are located in the perimeter network and belong to a
workgroup.
All client computers run Windows XP Professional, Windows Vista Enterprise, or Windows
7 Enterprise, All client computers are members of the domain.
Some users work remotely. To access the company’s internal resources, the remote users use
a VPN connection to NPAS1.
Existing Active Directors/Directory Services
The network contains a single-domain Active Directory forest named
graphicdesigninstitute.com. The Active Directory Recycle Bin is enabled.
Existing Network Infrastructure
Graphic Design Institute has an internal network and a perimeter network.
The network contains network switches and wireless access points (WAPs) from multiple
vendors. Some of the network devices are more than 10 years old and do not support portbased authentication.
TECHNICAL REQUIREMENTS
All of the accounts used for administration must be assigned the minimum amount of
permissions.
Web1, Web2, and Web3 must have the identical configurations for the corporate Web site.
The Web servers must contain a local copy of all the Web pages in the Web site. When a
Web page is modified on any of the Web servers, the modifications must be copied
automatically to all of the Web servers.
A user named Admin1 must be responsible for performing the following tasks:
• Restarting all of the Web servers.
• Backing up and restoring the files on all of the Web servers.
A user named Admin2 must be responsible for performing the following tasks:
• Backing up the Active Directory database.
• Recovering deleted objects from the Active Directory Recycle Bin.
###EndCaseStudy###
Which NAP enforcement method should you recommend?
You need to ensure that users can access network resources only from computers that comply with the company po
Network Access Protection (NAP) is configured for the corporate network. Users connect to the
corporate network by using portable computers. The company policy requires confidentiality of data
when the data is in transit between the portable computers and the servers. You need to ensure
that users can access network resources only from computers that comply with the company policy.
What should you do?