You need to ensure that Active Directory is accessible on DC2
You have a single Active Directory directory service domain with three domain controllers named DC1, DC2, and DC3. All FSMO roles are held on DC1. All domain controllers are global catalog servers. Several users are experiencing logon times that are longer than normal. All users are authenticating with DC1 and DC3. The DC2 logs display error messages indicating that the Active Directory database partition is out of free space. You need to ensure that Active Directory is accessible on DC2. You add a 500-GB hard disk to DC2, back up the system state data, and restart DC2 in Directory Services Restore Mode. What should you do next?
Which two actions should you include in your plan? (Each correct answer presents part of the solution
You are a network administrator for Alpine Ski House. The network consists of a single Active Directory domain. The domain name is alpineskihouse.com. The network contains three Windows Server 2003 domain controllers. You are creating the recovery plan for the company. According to the existing backup plan, domain controllers are backed up by using normal backups each night. The normal backups of the domain controllers include the system state of each domain controller.
Your recovery plan must incorporate the following organizational requirements:
Active Directory objects that are accidentally or maliciously deleted must be recoverable.
Active Directory must be restored to its most recent state as quickly as possible.
Active Directory database replication must be minimized.
You need to create a plan to restore a deleted organizational unit (OU). Which two actions should you include in your plan? (Each correct answer presents part of the solution. Choose two.)
You need to recover group memberships for the user
You have an Active Directory directory service forest with two domains named Domain1 and Domain2. All domain controllers run Windows Server 2003 SP2. A user object in Domain1 that belongs to groups in Domain2 is deleted from Active Directory. You perform an authoritative restore of the user object. You need to recover group memberships for the user. What should you do?
you need to ensure that administrators do not lose connections to servers in one office when they attempt to c
You are the systems engineer for your company. The network consists of a single Active Directory domain. The company has a main office and two branch offices. All servers run Windows Server 2003. All client computers run either Windows XP Professional or Windows 2000 Professional. Each branch office maintains a dedicated 256-Kbps connection to the main office.
Each office also maintains a T1 connection to the Internet. Each office has a Microsoft Internet Security and Acceleration (ISA) Server 2000 computer, which provides firewall and proxy services on the Internet connection. Each branch office contains one domain controller and five servers that are not domain controllers. There is minimal administrative staff at the branch offices.
A new company policy states that all servers must now be remotely administered by administrators in the main office. The policy states that all remote administration connections must be authenticated by the domain and that all traffic must be encrypted. The policy also states that the remote administration traffic must never be carried in clear text across the Internet.
You choose to implement remote administration by enabling Remote Desktop connections on all servers on the network. You decide to use the Internet-connected T1 lines for remote administration connectivity between offices.
Because administrative tasks might require simultaneous connections to multiple servers across the network, you need to ensure that administrators do not lose connections to servers in one office when they attempt to connect to servers in another office.
What should you do?
You need to ensure that only a partial replication occurs when new Schema attributes are added to the global c
You have a single Active Directory directory service domain. The forest functional level is set to Windows 2000 native. The domain functional level is set to Windows 2000 native. You are preparing to replicate additional Schema attributes to the global catalog. You need to ensure that only a partial replication occurs when new Schema attributes are added to the global catalog. What should you do?
You need to ensure that the baseline security configuration for the payroll department complies with the writt
You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The Active Directory domain contains three organizational units (OUs): Payroll Users, Payroll Servers, and Finance Servers.
The Windows XP Professional computers used by the users in the payroll department are in the Payroll Users OU. The Windows Server 2003 computers used by the payroll department are in the Payroll Servers OU. The Windows Server 2003 computers used by the finance department are in the Finance Servers OU.
You are planning the baseline security configuration for the payroll department. The company’s written security policy requires that all network communications with servers in the Payroll Servers OU must be secured by using IPsec. The written security policy states that IPSec must not be used on any other servers in the company.
You need to ensure that the baseline security configuration for the payroll department complies with the written security policy. You also need to ensure that members of the Payroll Users OU can access resources in the Payroll Servers OU and in the Finance Servers OU.
What should you do?
You need to obtain the replication status of all domain controllers
You have a single Active Directory directory service forest with three domains. You are monitoring Active Directory replication. You need to obtain the replication status of all domain controllers. What should you do?
You need to review the individual queries that the server handles
You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service. During testing, you notice the following intermittent problems:
Name resolution queries sometimes take longer than one minute to resolve.
Some valid name resolution queries receive the following error message in the Nslookup command-line tool: “Non-existent domain.”
You suspect that there is a problem with name resolution. You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem.
What should you do?
You need to delete all the unknown groups from the membership list for the domain local groups
You are the network administrator for your company. The company consists of two subsidiaries named Contoso, Ltd., and Fabrikam, Inc. The network consists of two Active Directory forests. The WAN connections that connect some domain controllers are unreliable. The domain and trust configuration is shown in the Network Diagram exhibit.
You create shared folders on Windows Server 2003 member servers in both forests. Some of the shared folders are accessible to users from both forests. For each of the shared folders, you create a domain local group. You add global groups from domains in either forest to the domain local group. The Fabrikam, Inc., division is sold to a different company. You delete the trust relationship between the two forests. You notice that after the trust relationship is deleted, the membership lists for some of the domain local groups are no longer accurate. When you view a membership list, it contains entries without user-friendly names. A sample is shown in the Membership List exhibit.
You need to delete all the unknown groups from the membership list for the domain local groups. You want to achieve this goal by using the minimum amount of administrative effort, and without modifying the access to resources for users in the contoso.com forest. What should you do?
What else should you do?
You are a network administrator for your company. The network contains Windows Server 2003 computers and Windows XP Professional client computers. All computers are members of the same Active Directory forest. The company uses a public key infrastructure (PKI) enabled application to manage marketing data. Certificates used with this application are managed by the application administrators.
You install Certificate Services to create an offline stand-alone root certification authority (CA) on one Windows Server 2003 computer. You configure a second Windows Server 2003 computer as a stand-alone subordinate CA. You instruct users in the marketing department to enroll for certificates by using the Web enrollment tool on the stand-alone subordinate CA.
Some users report that when they attempt to complete the enrollment process, they receive an error message on their certificate, as shown in the exhibit.
Other users in the marketing department do not report receiving the error. You need to ensure that users in the marketing department do not continue to receive this error message.
You also need to ensure that only users in the marketing department trust certificates issued by this CA. You create a new organizational unit (OU) named Marketing.
What else should you do?
Exhibit: