• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You are evaluating renaming the cpandll.com forest.
You need to recommend changes to the current network infrastructure to ensure that you can
rename the forest.
What should you recommend?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend changes to the Active Directory replication topology that support the
company’s planned deployment of the new Branch office.
What should you include in the recommendation?
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication certificates ar
###BeginCaseStudy###
Case Study: 5
City Power & Light
Company Overview
City Power & Light is a pubic utilities company. City Power & Light has a main office and 500 branch
offices.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the exhibit. (Click the Case Study Exhibits button.)
All domain controllers were recently upgraded to Windows Server 2003 R2.
City Power & Light has a public key infrastructure (PKI) that has the following configurations:
• An enterprise root certification authority (CA) in the cpandl.com domain.
• A certificate revocation list (CRL) and a delta CRL that are only published to Active Directory.
• EFS, Domain Controller, Domain Controller Authentication, and Directory E-Mail Replication
certificates are issued by the CA.
City Power & Light has a partner company name Contoso, Ltd. Contoso has an Active Directory forest
that contains an empty root domain named contoso.com end a child domain named
east.Contoso.com. No trusts exist between the forests.
Network Infrastructure
The City Power & Light network contains the following servers and applications:
• Fifty different corporate applications.
• A Microsoft Exchange Server 2003 organization.
• A server named Server1 in the east.cpandl.com domain, server1 runs windows Server 2008
R2.
The east.contoso.com domain contains a server named Server22 that runs Windows Server 2008 R2.
Problem Statements
Users who use multiple client computers report that they can only open encrypted files on the client
computer on which they encrypted the files.
Requirements
Business Goals
City Power & Light has the following business goals:
• Minimize IT costs.
• Significantly decrease the power consumption of the data centers.
Planned Changes
City Power & Light plans to implement the following changes:
• Deploy a read-only domain controller (RODC) in each branch office.
• Deploy a smart card to each branch office user and require that the users log on by using the
smart cards.
• Grant users from a local university access to the City Power & Light resources. The university
uses a third-party Kerberos authentication provider.
• Deploy a line-of-business application named App1 that meets the following requirements:
• App1 will be deployed on four servers that have the Remote Desktop Session Host (RD
Session Host) role service installed.
• Users who connect to App1 must be distributed between the RD Session Host servers.
• Users that connect to App1 must automatically reconnect to their disconnected sessions.
City Power & Light plans to implement a new branch office in a remote location. A child domain in
cpandl.com will be created for the remote office. The remote office will have a high latency, low
bandwidth connection to the Internet. RPC communication to the main office will not be possible.
Technical Requirements
City Power & Light must meet the following technical requirements:
• The amount of bandwidth used to replicate SYSVOL between the domain controllers must
be minimized.
• If users forget their passwords, they must be able to reset their passwords without
administrative intervention.
• Users must be able to initiate the installation of all 50 corporate applications from Programs
and Features on the client computers.
• Computer accounts for all client computers joined to a domain must automatically be
created in an organizational unit (OU) named Workstations.
Security Requirements
City Power & Light must meet the following security requirements:
• Administrative accounts and non-administrative accounts must have different password
policies.
• All communication between server1.east.cpandl.com and server22.east.contoso.com must
be encrypted.
• All Kerberos authentication traffic must be encrypted by using the Advanced Encryption
Standard (AES) algorithm that has a 256-bit size.
###EndCaseStudy###
You need to recommend changes to the Active Directory infrastructure that support the company’s
planned RODC deployment.
What should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend changes to the Active Directory environment that support the museum’s
planned subsidiary in France. What should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend a solution to ensure that the branch office users in France authenticate to a
local domain controller. If a local domain controller is unavailable, the users must authenticate to a
domain controller in the Paris office.
What should you recommend?
What should you recommend?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend a solution for the public key infrastructure (PKI) that meets the following
requirements:
Ensures that administrators in India can approve certificates for users in the India domain.
Minimizes costs.
What should you recommend?
Which IP address range should you recommend?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend an IP address range for the museum’s planned subsidiary in France.
Which IP address range should you recommend?
Which domain functional level should you recommend for the China domain?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You are evaluating the deployment of a Virtual Desktop Infrastructure (VDI) solution for personal
virtual desktops on the China campus.
You need to recommend changes to the infrastructure that support the museum’s planned VDI. The
solution must minimize hardware costs.
Which domain functional level should you recommend for the China domain?
What should you include in the recommendation?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend a solution for deploying App1. The solution must meet the museum’s
technical requirements.
What should you include in the recommendation?
What should you recommend?
###BeginCaseStudy###
Case Study: 6
Baldwin Museum of Science
Company Overview
The Baldwin Museum of Science is an international scientific organization.
Physical Locations
The Baldwin Museum of Science has campuses in India, China, and the United States.
Existing Environment
Active Directory Environment
The forest and domain structure is shown in the Baldwin Forest exhibit. (Click the Case Study Exhibits
button.)
The Active Directory environment contains the following servers and sites:
• An enterprise certification authority (CA) in usa.baldwinmuseumofscience.com.
• A separate Active Directory site in each country.
• A global catalog server in each site.
All domain controllers on the China campus run Windows Server 2003 R2 and have 32-bit hardware.
Network Infrastructure
Users access the network from desktop computers, portable computers, or thin clients. The users
are not assigned permanent client computers and log on to the network by using different client
computers.
All of the desktop computers and the portable computers run Windows 7. Microsoft System Center
Configuration Manager is used to manage updates on all of the client computers. The thin clients
connect to servers that have the Remote Desktop Session Host (RD Session Host) role service
installed.
All file servers in the forest run Windows Server 2008 R2. Shared folders and shared printers are
published in Active Directory.
The IP addresses for the campuses are assigned as shown in the following table.
The WAN links used to connect the campuses are highly saturated.
Problem Statements
Users from the campus in China frequently travel to the campus in India. These users report that it
takes a long time to log on to the domain when they work in India.
Requirements
Planned Changes
The Baldwin Museum of Science plans to open a subsidiary company in France. The network for the
subsidiary will be integrated into the existing Active Directory forest.
The site topology for the subsidiary will be configured as shown in the France Subsidiary exhibit.
(Click the Case Study Exhibits button.)
The Baldwin Museum of Science has the following requirements for the planned subsidiary:
• All replication connections for the domain controllers in the offices in France must be
configured manually.
• Users in all four offices in France must be able to search for printers and shares in the
baldwinmuseumofscience.com forest.
• The replication traffic over the WAN link that connects the Paris office and the campus in the
United States must be minimized.
• If the domain controller in a branch office fails, users from that office must not authenticate
to the domain controllers in the other branch offices.
China has a research department. The Baldwin Museum of Science plans to separate the research
department in China and establish the department as a new company named Trey Research.
Trey Research has the following requirements:
• Users at Trey Research must have a user principal name (UPN) suffix of treyresearch.com.
• Only the managers at Trey Research must have access to the resources in
china.baldwinmuseumofscience.com.
• Users from the baldwinmuseumofscience.com forest must be denied access to all of the
Trey Research resources.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Users must be able to access the resources on all of the file servers when they work
remotely.
• Administrators must be able to deploy updates to client computers when users are not
logged on.
The Baldwin Museum of Science must meet the following technical requirements regarding a line-ofbusiness application named App1:
• Deploy App1 to 300 users in the finance department.
• Ensure that no more than 100 instances of App1 run simultaneously.
• Ensure that App1 is available to users when they are disconnected from the corporate
network.
Security Requirements
The Baldwin Museum of Science must meet the following security requirements:
• Only the users’ personal documents that are stored on the file servers must be encrypted.
• Only the built-in Administrator account on each domain must be able to decrypt encrypted
files.
###EndCaseStudy###
You need to recommend changes to Active Directory to ensure that the replication between the
domain controllers in France supports the museum’s planned changes.
What should you recommend?