You have a single Active Directory directory service domain with two domain controllers named DC1 and DC2. DC1 and DC2 are located in two Active Directory sites. Both domain controllers run Windows Server 2003 and are configured as global catalog servers. A domain user object is deleted on DC1. Replication has not yet occurred between DC1 and DC2. You need to recover the deleted object before the change is replicated to DC2. What should you do first?

You are the network administrator for Contoso Pharmaceuticals. The network consists of a single Active Directory domain named contoso.com. The domain contains three Windows Server 2003 domain controllers. A domain controller named DC2.contoso.com fails because of a hardware failure. You decide not to rebuild the domain controller. However, because several applications refer to DC2.contoso.com by its NetBIOS name, you need to provide a new domain controller that has the same name. You install a new Windows Server 2003 computer and name it DC2. You attempt to promote the server to a domain controller in the contoso.com domain. The promotion fails and you receive the following error message. You need to install a new domain controller named DC2 in the contoso.com domain. What should you do?

You have a single Active Directory directory service domain with three domain controllers named DC1, DC2, and DC3. All FSMO roles are held on DC1. All domain controllers are global catalog servers. Several users are experiencing logon times that are longer than normal. All users are authenticating with DC1 and DC3. The DC2 logs display error messages indicating that the Active Directory database partition is out of free space. You need to ensure that Active Directory is accessible on DC2. You add a 500-GB hard disk to DC2, back up the system state data, and restart DC2 in Directory Services Restore Mode. What should you do next?

You have an Active Directory directory service forest with two domains named Domain1 and Domain2. All domain controllers run Windows Server 2003 SP2. A user object in Domain1 that belongs to groups in Domain2 is deleted from Active Directory. You perform an authoritative restore of the user object. You need to recover group memberships for the user. What should you do?

You have a single Active Directory directory service domain. The forest functional level is set to Windows 2000 native. The domain functional level is set to Windows 2000 native. You are preparing to replicate additional Schema attributes to the global catalog. You need to ensure that only a partial replication occurs when new Schema attributes are added to the global catalog. What should you do?

You have a single Active Directory directory service forest with three domains. You are monitoring Active Directory replication. You need to obtain the replication status of all domain controllers. What should you do?

You are the network administrator for your company. The company consists of two subsidiaries named Contoso, Ltd., and Fabrikam, Inc. The network consists of two Active Directory forests. The WAN connections that connect some domain controllers are unreliable. The domain and trust configuration is shown in the Network Diagram exhibit.

You create shared folders on Windows Server 2003 member servers in both forests. Some of the shared folders are accessible to users from both forests. For each of the shared folders, you create a domain local group. You add global groups from domains in either forest to the domain local group. The Fabrikam, Inc., division is sold to a different company. You delete the trust relationship between the two forests. You notice that after the trust relationship is deleted, the membership lists for some of the domain local groups are no longer accurate. When you view a membership list, it contains entries without user-friendly names. A sample is shown in the Membership List exhibit.

You need to delete all the unknown groups from the membership list for the domain local groups. You want to achieve this goal by using the minimum amount of administrative effort, and without modifying the access to resources for users in the contoso.com forest. What should you do?

Your company has a single Active Directory directory service forest with a forest root domain and a child domain. The company has a high rate of employee turnover, and administrators create several hundred user accounts per week. A domain controller in the child domain fails. Within several hours of the failure, administrators are unable to create new user accounts within the child domain. You need to ensure that administrators can create user accounts in the child domain. What should you do?

Your company has a hub-and-spoke network topology. The network spans several physical locations. Each location is configured as an Active Directory directory service site. There are two domain controllers in each site. You need to prevent the spoke sites from creating replication connections to other spoke sites in the event that all domain controllers in the hub site are unavailable. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

You are the network administrator for a company that has a single office. The network consists of a single
Active Directory domain and a single site. All servers run Windows Server 2003. All file and print servers
and application servers are located in an organizational unit (OU) named Servers. A server support team
handles daily support issues for the file and print servers and application servers. All of the server support
team’s user accounts are located in an OU named SST. You are responsible for managing security for the
company’s servers. You create a group named ServerSupport that includes all the user accounts of the
server support team. You need to ensure that members of the server support team can log on locally to only
the file and print servers and the application servers. What should you do?