You need to ensure that administrators can create user accounts in the child domain
Your company has a single Active Directory directory service forest with a forest root domain and a child domain. The company has a high rate of employee turnover, and administrators create several hundred user accounts per week. A domain controller in the child domain fails. Within several hours of the failure, administrators are unable to create new user accounts within the child domain. You need to ensure that administrators can create user accounts in the child domain. What should you do?
You need to minimize the amount of administrative effort
You are the network administrator for your company. The network contains 20 Windows Server 2003 database servers.
The written security policy for your company requires that the following services must be disabled on all database server computers:
Computer Browser
File Replication
Indexing Service
Remote Registry
Server
Task Scheduler
The written security policy also requires that the database servers must be prohibited from having access to the Internet. You use a Windows XP Professional client computer named Admin1 that has access to the Internet. You need to perform a weekly analysis of the hotfix level of the database servers compared with the latest available updates.
You need to minimize the amount of administrative effort.
What should you do?
Which two actions should you perform? (Each correct answer presents part of the solution
Your company has a hub-and-spoke network topology. The network spans several physical locations. Each location is configured as an Active Directory directory service site. There are two domain controllers in each site. You need to prevent the spoke sites from creating replication connections to other spoke sites in the event that all domain controllers in the hub site are unavailable. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
You need to ensure that the network printers receive their IP addresses from DHCP
You are the network administrator for Contoso, Ltd. The network consists of a single Active Directory domain. All servers run Windows Server 2003. All client computers run Windows XP Professional. The network also contains 10 network printers. All servers have manually configured IP addresses.
The client computers and network printers receive their TCP/IP configuration information from a DHCP server. Company IP policy states that each of the network printers will always be configured with the same IP address. You configure a DHCP server and create a DHCP scope as shown in the exhibit.
Users report that they cannot submit print jobs to any of the network printers. You investigate and discover that none of the network printers are receiving their IP addresses from the DHCP server. You need to ensure that the network printers receive their IP addresses from DHCP.
What should you do?
Exhibit:
You need to ensure that members of the server support team can log on locally to only
You are the network administrator for a company that has a single office. The network consists of a single
Active Directory domain and a single site. All servers run Windows Server 2003. All file and print servers
and application servers are located in an organizational unit (OU) named Servers. A server support team
handles daily support issues for the file and print servers and application servers. All of the server support
team’s user accounts are located in an OU named SST. You are responsible for managing security for the
company’s servers. You create a group named ServerSupport that includes all the user accounts of the
server support team. You need to ensure that members of the server support team can log on locally to only
the file and print servers and the application servers. What should you do?
You need to minimize name resolution traffic across the WAN connection
You are a network administrator for your company. The network consists of a Windows NT 4.0 domain. All servers run Windows NT Server 4.0 and all client computers run Windows NT Workstation 4.0. The company has two offices that are connected by a 56-Kbps WAN connection. All computers are configured to use WINS for name resolution and network browsing capability between the two offices. The company is planning to upgrade the domain controllers to Windows Server 2003 and to deploy Windows Server 2003 and Windows XP Professional computers.
You need to maintain name resolution and network browsing support during and after the upgrade process. You need to allow users of Windows NT Workstation 4.0 and Windows XP Professional computers to browse and connect to both Windows NT Server 4.0 and Windows Server 2003 computers. You need to minimize name resolution traffic across the WAN connection.
What should you do?
You need to ensure that the file and print servers are responsive to user requests during Active Directory
You are a network administrator for your company. The company has offices in Paris and New York. The
network consists of a single Active Directory domain that contains six domain controllers, as shown in the
exhibit.
The Paris and New York offices are connected by an IP site link. The six domain controllers are configured
as shown in the following table.
You notice that at regular intervals the CPU utilization on some of the file and print servers increases to 100
percent for a period of time. During this time, the servers become unresponsive to user requests. You
discover that this problem occurs during Active Directory replication.
You need to ensure that the file and print servers are responsive to user requests during Active Directory
replication.
What should you do?
You need to deploy and refresh the custom security settings on a routine basis
You are the network administrator for your company. The network consists of a single Active Directory domain. The network contains 10 domain controllers and 50 servers in application server roles. All servers run Windows Server 2003. The application servers are configured with custom security settings that are specific to their roles as application servers.
Application servers are required to audit account logon events, object access events, and system events. Application servers are required to have passwords that meet complexity requirements, to enforce password history, and to enforce password aging. Application servers must also be protected against man- in-the-middle attacks during authentication. You need to deploy and refresh the custom security settings on a routine basis.
You also need to be able to verify the custom security settings during audits.
What should you do?
You need to enable junior managers to perform the
You are the network administrator for your company. The network consists of a single Active Directory
domain. The relevant portion of the organizational unit (OU) structure is shown in the exhibit.
The company’s sales division consists of an inside sales department, a mobile sales
department, and a telemarketing department. User objects for users in these departments are stored in the
Inside, Mobile, and Telemarket OUs respectively. User objects for all junior managers and senior managers
are stored in the Managers OU. The company decides to train junior managers to perform basic
administrative tasks. Junior managers are responsible for enabling and disabling accounts for all sales
users except junior managers and senior managers. You need to enable junior managers to perform the
assigned administrative tasks. You must not affect any existing permissions. What should you do?
You need to ensure that all client computers can connect to server-based resources on all subnets
You are the network administrator for your company. The relevant portion of the network is shown in the exhibit.
All servers run Windows Server 2003. Each subnet of the network contains 100 Windows XP Professional computers. Each subnet also contains a DHCP server, which provides TCP/IP configuration information to all computers on its local subnet.
You create and configure Subnet3 for a new department at your company. Users in Subnet3 report that they cannot connect to resources located on servers in Subnet1 and Subnet2. When they attempt to connect to these resources, they receive the following error message “Server .” The users can successfully connect to resources located on servers in Subnet3.
Users in Subnet1 and Subnet2 report that they cannot connect to resources located on servers in Subnet3. When they attempt to connect to these resources, they receive the following error message “Server did not respond in a timely manner.” The users can successfully connect to resources in both Subnet1 and Subnet2.
You need to ensure that all client computers can connect to server-based resources on all subnets.
What should you do?
Exhibit: