What should you recommend?
###BeginCaseStudy###
Case Study: 4
Lucerne Publishing
Company Overview
Lucerne Publishing is a large publishing company that recently purchased a company named
Contoso, Ltd.
Physical Locations
Lucerne Publishing has a main office located in Seattle.
Existing Environment
Active Directory Environment
The network contains two Active Directory forests named lucernepublishing.com and contoso.com.
The forests are configured as shown in the exhibit. (Click the Case Study Exhibits button.)
All of the domains in both of the forests contain domain controllers that run Windows Server 2003
R2.
All of the domain controllers are configured as DNS servers.
Lucernepublishing.com contains a single Active Directory site.
Network Infrastructure
The network infrastructure of Lucerne publishing.com contains the following servers and
applications:
• An enterprise root certification authority (CA).
• A Microsoft Exchange Server 2010 organization.
• Thirty servers that run Windows Server 2008 R2. The servers have the following
configurations:
• The servers have the Remote Desktop Services (RDS) server role installed,
• The servers provide access to several line-of-business applications.
• Only 10 of the servers have a line-of-business application named App2 installed. App2 is
incompatible with the other line-of-business applications.
Requirements
Business Goals
Lucerne Publishing has the following business goals:
• Minimize software costs.
• Minimize the amount of administrative effort required to deploy new technology solutions.
Planned Changes
Lucerne Publishing plans to implement the following changes:
• Deploy Active Directory Rights Management Services (AD RMS) to the lucernepublishing.com
forest.
• Deploy a new line-of-business application named App5 on the Remote Desktop servers.
App5 will use Remote Desktop IP Virtualization.
• Deploy 150 wireless access points (WAPs) that support Wi-Fi Protected Access 2 security
running in Enterprise mode (WPA2-Enterprise).
• Migrate several users from contoso.com to lucernepublishing.com. The migrated users must
continue to have access to the resources in the contoso.com forest.
• Open a new branch office that will have a read-only domain controller (RODC) in the
contoso.com forest. The new branch office will connect to the Seattle office by using a WAN link and
will have a direct connection to the Internet.
Technical Requirements
Lucerne Publishing must meet the following technical requirements:
• Centralize performance and availability monitoring of the Remote Desktop servers.
• Centralize the collection of all security-related events generated on the Remote Desktop
servers.
Security Requirements
Lucerne Publishing must meet the following security requirements:
• Only client computers that are joined to the domain must be able to access the wireless
networks.
The hours during which the client computers can connect to the wireless network must be
controlled.
###EndCaseStudy###
You are evaluating the process of raising the functional level of the contoso.com forest to Windows
Server 2008 R2. You need to recommend which changes to the network must be implemented
before raising the forest functional level.
What should you recommend?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend an access solution for App1 that supports the company’s planned changes.
What should you include in the recommendation?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
Which requirement can be implemented based on the current functional level of the domains?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend a solution to ensure that all branch office users can log on by using their
smart cards after the RODCs are deployed.
What should you recommend?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend a solution for resetting forgotten user passwords. The solution must meet
the company’s technical requirements.
What should you include in the recommendation?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend changes to the Active Directory environment to provide the university
users access to the resources in the cpandl.com forest.
What should you recommend creating in the cpandl.com forest?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend a solution for securing the communications between
server1.east.cpandl.com and server22.east.contoso.com. The solution must meet the companys
security requirements.
What should you include in the recommendation?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend a solution for deploying the corporate applications. The solution must meet
the company’s technical requirements.
What should you include in the recommendation?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend a solution to identify which servers and workloads can be consolidated to
meet the company’s business goals.
What should you include in the recommendation?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend a solution to ensure that users can open all files that they encrypt from any
computer.
What should you include in the recommendation?