Does this meet the goal?
###BeginCaseStudy###
Case Study: 4
A Datum Corporation
Overview
A Datum Corporation is an accounting company.
The company has a main office and two branch offices. The main office is located in Miami.
The branch offices are located in New York and Seattle.
Existing Environment
Network Infrastructure
The network contains an Active Directory domain named adatum.com. All servers run
Windows Server 2008 R2. The main office has the following servers and client computers:
• Two domain controllers configured as DNS servers and DHCP servers
• One file server that has multiples shares
• One thousand client computers that run Windows 7
Each branch office has the following servers and client computers:
• One domain controller configured as a DNS server and a DHCP server
• Five hundred to 800 client computers that run Windows XP
Each office has multiple subnets. The network speed of the local area network (LAN) is 1
gigabit per second. The offices connect to each other by using a WAN link. The main office
is connected to the Internet.
Current Issues
The WAN link between the Miami office and the Seattle office is a low bandwidth link with
high latency. The link will not be replaced for another year.
Requirements
Application Requirements
The company is developing an application named App1. App1 is a multi-tier application that
will be sold as a service to customers.
Each instance of App1 is comprised of the following three tiers:
• A web front end
• A middle tier that uses Windows Communication Foundation (WCF)
• A Microsoft SQL Server 2008 R2 database on the back end
Each tier will be hosted on one or more virtual machines. Multiple-tiers cannot coexist on the
same virtual machine.
When customers purchase App1, they can select from one of the following service levels:
• Standard: Uses a single instance of each virtual machine required by App1. If a virtual
machine becomes unresponsive, the virtual machine must be restarted.
• Enterprise: Uses multiple instances of each virtual machine required by App1 to
provide high-availability and fault tolerance.
All virtual hard disk (VHD) files for App1 will be stored in a file share. The VHDs must be
available if a server fails.
You plan to deploy an application named App2. App2 is comprised of the following two
tiers:
• A web front end
• A dedicated SQL Server 2008 R2 database on the back end
App2 will be hosted on a set of virtual machines in a Hyper-V cluster in the Miami office.
The virtual machines will use dynamic IP addresses. A copy of the App2 virtual machines
will be maintained in the Seattle office.
App2 will be used by users from a partner company named Trey Research. Trey Research has
a single Active Directory domain named treyresearch.com. Treyresearch.com contains a
server that has the Active Directory Federation Services server role and all of the Active
Directory Federation Services (AD FS) role services installed.
Planned Changes
A Datum plans to implement the following changes:
• Replace all of the servers with new servers that run Windows Server 2012.
• Implement a private cloud by using Microsoft System Center 2012 to host instances
of App1.
• In the Miami office, deploy four new Hyper-V hosts to the perimeter network.
• In the Miami office, deploy two new Hyper-V hosts to the local network.
• In the Seattle office, deploy two new Hyper-V hosts.
• In the Miami office, implement a System Center 2012 Configuration Manager
primary site that has all of the system roles installed.
• Implement a public key infrastructure (PKI).
Notification Requirements
A Datum identifies the following notification requirements:
• Help desk tickets must be created and assigned automatically when an instance of
App1 becomes unresponsive.
• Customers who select the Enterprise service level must receive an email notification
each time a help desk ticket for their instance of App1 is opened or closed.
Technical Requirements
A Datum identifies the following technical requirements:
• Minimize costs whenever possible.
• Minimize the amount of WAN traffic
• Minimize the amount of administrative effort whenever possible.
• Provide the fastest possible failover for the virtual machines hosting App2.
• Ensure that administrators can view a consolidated report about the software updates
in all of the offices.
• Ensure that administrators in the Miami office can approve updates for the client
computers in all of the offices.
Security Requirements
A Datum identifies the following security requirements:
• An offline root certification authority (CA) must be configured.
• Client computers must be issued certificates by a server in their local office.
• Changes to the CA configuration settings and the CA security settings must be
logged.
• Client computers must be able to renew certificates automatically over the Internet.
• The number of permissions and privileges assigned to users must be minimized
whenever possible.
• Users from a group named Group1 must be able to create new instances of App1 in
the private cloud.
• Client computers must be issued new certificates when the computers are connected
to the local network only.
• The virtual machines used to host App2 must use BitLocker Drive Encryption
(BitLocker).
• Users from Trey Research must be able to access App2 by using their credentials
from treyresearch.com.
###EndCaseStudy###
You need to recommend which type of clustered file server and which type of file share must
be used in the Hyper-V cluster that hosts App2. The solution must meet the technical
requirements and the security requirements.
Solution: You recommend a scale-out file server that uses an NFS share.
Does this meet the goal?
You need to ensure that Admin1 can delegate a custom task named Task1 by using the Delegation of Control Wizar
Your network contains an Active Directory domain named contoso.com.
On several organizational units (OUs), an administrator named Admin1 plans to delegate
control of custom tasks. You need to ensure that Admin1 can delegate a custom task named
Task1 by using the Delegation of Control Wizard.
What should you do?
What should you identify?
Your network contains an Active Directory forest. The forest contains two Active Directory
domains named contoso.com and child.contoso.com. The forest functional level is Windows
Server 2003. The functional level of both domains is Windows Server 2008.
The forest contains three domain controllers. The domain controllers are configured as
shown in the following table.
DC1 and DC2 have the DNS Server server role installed and are authoritative for both
contoso.com and child.contoso.com.
The child.contoso.com domain contains a server named serverl.child.contoso.com that runs
Windows Server 2012.
You plan to deploy server1.child.contoso.com as a read-only domain controller (RODC).
You run the adprep.exe /rodcprep command on DC3 and receive the following error message:
You need to identify what prevents you from successfully running Adprep /rodcprep on DC3.
What should you identify?
What should you include in the design?
Your network contains an Active Directory forest named contoso.com. The forest functional
level is Windows Server 2012.
The forest contains an Active Directory domain. The domain contains a global security group
named GPO_Admins that is responsible for managing Group Policies in the forest.
A second forest named fabrikam.com contains three domains. The forest functional level is
Windows Server 2003.
You need to design a trust infrastructure to ensure that the GPO_Admins group can create,
edit, and link Group Policies in every domain of the fabrikam.com forest.
What should you include in the design?
More than one answer choice may achieve the goal. Select the BEST answer.
What should you include in the recommendation?
Your network contains an Active Directory domain named contoso.com. Client computers
run either Windows 7 or Windows 8.
You plan to implement several Group Policy settings that will apply only to laptop computers.
You need to recommend a Group Policy strategy for the planned deployment.
What should you include in the recommendation?
More than one answer choice may achieve the goal. Select the BEST answer.
You need to ensure that the RODC is configured to meet the following requirements: Cache passwords for all of
Your company has a main office and a branch office.
The network contains an Active Directory domain named contoso.com. The domain contains
three domain controllers. The domain controllers are configured as shown in the following
table.
The domain contains two global groups. The groups are configured as shown in the
following table.
You need to ensure that the RODC is configured to meet the following requirements:
Cache passwords for all of the members of Branch1Users.
Prevent the caching of passwords for the members of Helpdesk.
What should you do?
You need to ensure that clients can obtain DHCP address assignments after you shut down PA1 and AM1
###BeginCaseStudy###
Case Study: 1
Contoso Ltd
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is
migrating to Windows Server 2012.
The company has two main offices and two branch offices. The main offices are located in
Paris and Amsterdam. One of the branch offices is a sales office located in Berlin. The other
branch office is a research office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory
site exists for each office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain
controllers for the research.contoso.com domain. The domain controllers run Windows
Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.
The company has 10 file servers that have the following disk configurations:
• A simple volume named C that is the System and Boot volume and is formatted
NTFS
• A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
• A simple volume named D that is formatted FAT32
• A simple volume named E that is formatted NTFS
• A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server
named AM1. Both servers have the following server roles installed:
• DNS Server
• DHCP Server
• Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service
Provider (ISP) as forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based
VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
• Create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain controllers
in sales.contoso.com will run Windows Server 2012. The client computers in
sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
• Implement two servers in the Amsterdam office and two servers in the Paris office to
replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have
shared storage.
• Decommission the research.contoso.com domain. All of the users and the Group
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
• Migrate the existing print queues to virtualized instances of Windows Server 2012.
• Migrate the file servers to new servers that run Windows Server 2012.
• Implement RADIUS authentication for VPN connections.
• Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
• All changes to Group Policies must be logged.
• Network Access Protection (NAP) policies must be managed centrally.
• Core networking services in each office must be redundant if a server fails.
• The possibility of IP address conflicts during the DHCP migration must be
minimized.
• A central log of the IP address leases and the users associated to those leases must be
created.
• All of the client computers must be able to resolve internal names and internet names.
• Administrators in the Paris office need to deploy a series of desktop restrictions to the
entire company by using Group Policy.
• The new sales.contoso.com domain will contain a web application that will access
data from a Microsoft SQL Server located in the contoso.com domain. The web application
must use integrated Windows authentication. Users’ credentials must be passed from the web
applications to the SQL Server.
###EndCaseStudy###
You implement and authorize the new DHCP servers. You import the server configurations
and the scope configurations from PA1 and AM1.
You need to ensure that clients can obtain DHCP address assignments after you shut down
PA1 and AM1. The solution must meet the technical requirements.
What should you do?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 1
Contoso Ltd
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is
migrating to Windows Server 2012.
The company has two main offices and two branch offices. The main offices are located in
Paris and Amsterdam. One of the branch offices is a sales office located in Berlin. The other
branch office is a research office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory
site exists for each office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain
controllers for the research.contoso.com domain. The domain controllers run Windows
Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.
The company has 10 file servers that have the following disk configurations:
• A simple volume named C that is the System and Boot volume and is formatted
NTFS
• A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
• A simple volume named D that is formatted FAT32
• A simple volume named E that is formatted NTFS
• A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server
named AM1. Both servers have the following server roles installed:
• DNS Server
• DHCP Server
• Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service
Provider (ISP) as forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based
VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
• Create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain controllers
in sales.contoso.com will run Windows Server 2012. The client computers in
sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
• Implement two servers in the Amsterdam office and two servers in the Paris office to
replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have
shared storage.
• Decommission the research.contoso.com domain. All of the users and the Group
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
• Migrate the existing print queues to virtualized instances of Windows Server 2012.
• Migrate the file servers to new servers that run Windows Server 2012.
• Implement RADIUS authentication for VPN connections.
• Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
• All changes to Group Policies must be logged.
• Network Access Protection (NAP) policies must be managed centrally.
• Core networking services in each office must be redundant if a server fails.
• The possibility of IP address conflicts during the DHCP migration must be
minimized.
• A central log of the IP address leases and the users associated to those leases must be
created.
• All of the client computers must be able to resolve internal names and internet names.
• Administrators in the Paris office need to deploy a series of desktop restrictions to the
entire company by using Group Policy.
• The new sales.contoso.com domain will contain a web application that will access
data from a Microsoft SQL Server located in the contoso.com domain. The web application
must use integrated Windows authentication. Users’ credentials must be passed from the web
applications to the SQL Server.
###EndCaseStudy###
You need to recommend a management solution for the GPOs. The solution must meet the
technical requirements. What should you include in the recommendation?
You need to ensure that an administrator named Admin5 in the research department can manage the user accounts
###BeginCaseStudy###
Case Study: 1
Contoso Ltd
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is
migrating to Windows Server 2012.
The company has two main offices and two branch offices. The main offices are located in
Paris and Amsterdam. One of the branch offices is a sales office located in Berlin. The other
branch office is a research office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory
site exists for each office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain
controllers for the research.contoso.com domain. The domain controllers run Windows
Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.
The company has 10 file servers that have the following disk configurations:
• A simple volume named C that is the System and Boot volume and is formatted
NTFS
• A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
• A simple volume named D that is formatted FAT32
• A simple volume named E that is formatted NTFS
• A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server
named AM1. Both servers have the following server roles installed:
• DNS Server
• DHCP Server
• Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service
Provider (ISP) as forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based
VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
• Create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain controllers
in sales.contoso.com will run Windows Server 2012. The client computers in
sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
• Implement two servers in the Amsterdam office and two servers in the Paris office to
replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have
shared storage.
• Decommission the research.contoso.com domain. All of the users and the Group
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
• Migrate the existing print queues to virtualized instances of Windows Server 2012.
• Migrate the file servers to new servers that run Windows Server 2012.
• Implement RADIUS authentication for VPN connections.
• Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
• All changes to Group Policies must be logged.
• Network Access Protection (NAP) policies must be managed centrally.
• Core networking services in each office must be redundant if a server fails.
• The possibility of IP address conflicts during the DHCP migration must be
minimized.
• A central log of the IP address leases and the users associated to those leases must be
created.
• All of the client computers must be able to resolve internal names and internet names.
• Administrators in the Paris office need to deploy a series of desktop restrictions to the
entire company by using Group Policy.
• The new sales.contoso.com domain will contain a web application that will access
data from a Microsoft SQL Server located in the contoso.com domain. The web application
must use integrated Windows authentication. Users’ credentials must be passed from the web
applications to the SQL Server.
###EndCaseStudy###
You are planning the decommissioning of research.contoso.com.
You need to ensure that an administrator named Admin5 in the research department can
manage the user accounts that are migrated to contoso.com. The solution must minimize the
number of permissions assigned to Admin5.
What should you do before you migrate the user accounts?
What should you recommend?
###BeginCaseStudy###
Case Study: 1
Contoso Ltd
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is
migrating to Windows Server 2012.
The company has two main offices and two branch offices. The main offices are located in
Paris and Amsterdam. One of the branch offices is a sales office located in Berlin. The other
branch office is a research office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory
site exists for each office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain
controllers for the research.contoso.com domain. The domain controllers run Windows
Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.
The company has 10 file servers that have the following disk configurations:
• A simple volume named C that is the System and Boot volume and is formatted
NTFS
• A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
• A simple volume named D that is formatted FAT32
• A simple volume named E that is formatted NTFS
• A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server
named AM1. Both servers have the following server roles installed:
• DNS Server
• DHCP Server
• Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service
Provider (ISP) as forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based
VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
• Create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain controllers
in sales.contoso.com will run Windows Server 2012. The client computers in
sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
• Implement two servers in the Amsterdam office and two servers in the Paris office to
replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have
shared storage.
• Decommission the research.contoso.com domain. All of the users and the Group
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
• Migrate the existing print queues to virtualized instances of Windows Server 2012.
• Migrate the file servers to new servers that run Windows Server 2012.
• Implement RADIUS authentication for VPN connections.
• Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
• All changes to Group Policies must be logged.
• Network Access Protection (NAP) policies must be managed centrally.
• Core networking services in each office must be redundant if a server fails.
• The possibility of IP address conflicts during the DHCP migration must be
minimized.
• A central log of the IP address leases and the users associated to those leases must be
created.
• All of the client computers must be able to resolve internal names and internet names.
• Administrators in the Paris office need to deploy a series of desktop restrictions to the
entire company by using Group Policy.
• The new sales.contoso.com domain will contain a web application that will access
data from a Microsoft SQL Server located in the contoso.com domain. The web application
must use integrated Windows authentication. Users’ credentials must be passed from the web
applications to the SQL Server.
###EndCaseStudy###
You need to recommend changes to the DNS environment that support the implementation
of the sales.contoso.com domain. The solution must ensure that the users in all of the
domains can resolve both Internet names and the names of the servers in all of the internal
domains.
What should you recommend?