Which cmdlets should you run?
###BeginCaseStudy###
Topic 4, Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client computers. The
office in San Diego has 100 computers. The computers in the San Diego office are often replaced. The offices
connect to each other by using a slow WAN link. Each office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com. The forest contains two
domains named northwindtraders.com and west.northwindtraders.com. All servers run Windows Server
2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named Site1. The site in
the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown in the following
table.
DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller (RODC). All DNS
zones are Active Directory-integrated. All zones replicate to all of the domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all
of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All of the user
accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the following table.
Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual hard disks (VHDs)
are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in
both offices. The reports are generated automatically once per week by an enterprise resource planning
(ERP) system.
A perimeter network in the Montreal office contains two standalone servers. The servers are configured as
shown in the following table.
The servers in the perimeter network are accessible from the Internet by using a domain name suffix of
public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will be configured as
shown in the following table.
Configure IP routing between Site1 and the network services that Northwind
Traders hosts in Windows Azure.
Place a domain controller for the northwindtraders.com domain in Windows
Azure.
Upgrade all of the computers in the Montreal office to Windows 8.1.
Purchase a subscription to Microsoft Office 365.
Configure a web application proxy on Server6.
Configure integration between VMM and IPAM.
Apply GPO1 to all of the San Diego users.
Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
All virtual machines must use ODX.
Users must be able to access App1 from the Internet.
GPO1 must not be applied to computers that run Windows 8.1.
All DNS zones must replicate only to DC1, DC2, and DC3.
All computers must be able to resolve names by using a local DNS server.
If a WAN link fails, users must be able to access all of the sales reports.
The credentials for accessing Windows Azure must be permanently stored.
The on-premises network must be connected to Windows Azure by using
Server4.
The administrators must be able to manage Windows Azure by using
Windows PowerShell.
The number of servers and services deployed in the San Diego office must
be minimized.
Active Directory queries for the objects in the forest must not generate WAN
traffic, whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
Ensure that all DNS zone data is encrypted when it is replicated.
Minimize the number of permissions assigned to users and administrators,
whenever possible. Prevent an Active Directory Domain Services (AD DS) attribute
named SSNumber from replicating to Site2. Ensure that users can use their northwindtraders.com user account to access
the resources hosted in Office 365.
Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###
You need to implement a solution for DNS replication.
Which cmdlets should you run?
How should you configure the certificate request?
###BeginCaseStudy###
Topic 4, Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client computers. The
office in San Diego has 100 computers. The computers in the San Diego office are often replaced. The offices
connect to each other by using a slow WAN link. Each office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com. The forest contains two
domains named northwindtraders.com and west.northwindtraders.com. All servers run Windows Server
2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named Site1. The site in
the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown in the following
table.
DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller (RODC). All DNS
zones are Active Directory-integrated. All zones replicate to all of the domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all
of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All of the user
accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the following table.
Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual hard disks (VHDs)
are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in
both offices. The reports are generated automatically once per week by an enterprise resource planning
(ERP) system.
A perimeter network in the Montreal office contains two standalone servers. The servers are configured as
shown in the following table.
The servers in the perimeter network are accessible from the Internet by using a domain name suffix of
public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will be configured as
shown in the following table.
Configure IP routing between Site1 and the network services that Northwind
Traders hosts in Windows Azure.
Place a domain controller for the northwindtraders.com domain in Windows
Azure.
Upgrade all of the computers in the Montreal office to Windows 8.1.
Purchase a subscription to Microsoft Office 365.
Configure a web application proxy on Server6.
Configure integration between VMM and IPAM.
Apply GPO1 to all of the San Diego users.
Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
All virtual machines must use ODX.
Users must be able to access App1 from the Internet.
GPO1 must not be applied to computers that run Windows 8.1.
All DNS zones must replicate only to DC1, DC2, and DC3.
All computers must be able to resolve names by using a local DNS server.
If a WAN link fails, users must be able to access all of the sales reports.
The credentials for accessing Windows Azure must be permanently stored.
The on-premises network must be connected to Windows Azure by using
Server4.
The administrators must be able to manage Windows Azure by using
Windows PowerShell.
The number of servers and services deployed in the San Diego office must
be minimized.
Active Directory queries for the objects in the forest must not generate WAN
traffic, whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
Ensure that all DNS zone data is encrypted when it is replicated.
Minimize the number of permissions assigned to users and administrators,
whenever possible. Prevent an Active Directory Domain Services (AD DS) attribute
named SSNumber from replicating to Site2. Ensure that users can use their northwindtraders.com user account to access
the resources hosted in Office 365.
Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###
HOTSPOT
You are planning the certificates for Northwind Traders.
You need to identify the certificate configurations required for App1.
How should you configure the certificate request? To answer, select the appropriate options in the answer
area.
What should you recommend?
###BeginCaseStudy###
Topic 4, Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client computers. The
office in San Diego has 100 computers. The computers in the San Diego office are often replaced. The offices
connect to each other by using a slow WAN link. Each office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com. The forest contains two
domains named northwindtraders.com and west.northwindtraders.com. All servers run Windows Server
2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named Site1. The site in
the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown in the following
table.
DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller (RODC). All DNS
zones are Active Directory-integrated. All zones replicate to all of the domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all
of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All of the user
accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the following table.
Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual hard disks (VHDs)
are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in
both offices. The reports are generated automatically once per week by an enterprise resource planning
(ERP) system.
A perimeter network in the Montreal office contains two standalone servers. The servers are configured as
shown in the following table.
The servers in the perimeter network are accessible from the Internet by using a domain name suffix of
public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will be configured as
shown in the following table.
Configure IP routing between Site1 and the network services that Northwind
Traders hosts in Windows Azure.
Place a domain controller for the northwindtraders.com domain in Windows
Azure.
Upgrade all of the computers in the Montreal office to Windows 8.1.
Purchase a subscription to Microsoft Office 365.
Configure a web application proxy on Server6.
Configure integration between VMM and IPAM.
Apply GPO1 to all of the San Diego users.
Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
All virtual machines must use ODX.
Users must be able to access App1 from the Internet.
GPO1 must not be applied to computers that run Windows 8.1.
All DNS zones must replicate only to DC1, DC2, and DC3.
All computers must be able to resolve names by using a local DNS server.
If a WAN link fails, users must be able to access all of the sales reports.
The credentials for accessing Windows Azure must be permanently stored.
The on-premises network must be connected to Windows Azure by using
Server4.
The administrators must be able to manage Windows Azure by using
Windows PowerShell.
The number of servers and services deployed in the San Diego office must
be minimized.
Active Directory queries for the objects in the forest must not generate WAN
traffic, whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
Ensure that all DNS zone data is encrypted when it is replicated.
Minimize the number of permissions assigned to users and administrators,
whenever possible. Prevent an Active Directory Domain Services (AD DS) attribute
named SSNumber from replicating to Site2. Ensure that users can use their northwindtraders.com user account to access
the resources hosted in Office 365.
Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###
HOTSPOT
You need to recommend a solution for communicating to Windows Azure services.
What should you recommend? To answer, select the appropriate options in the answer area.
You need to implement an IPAM solution
###BeginCaseStudy###
Topic 4, Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client computers. The
office in San Diego has 100 computers. The computers in the San Diego office are often replaced. The offices
connect to each other by using a slow WAN link. Each office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com. The forest contains two
domains named northwindtraders.com and west.northwindtraders.com. All servers run Windows Server
2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named Site1. The site in
the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown in the following
table.
DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller (RODC). All DNS
zones are Active Directory-integrated. All zones replicate to all of the domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all
of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All of the user
accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the following table.
Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual hard disks (VHDs)
are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in
both offices. The reports are generated automatically once per week by an enterprise resource planning
(ERP) system.
A perimeter network in the Montreal office contains two standalone servers. The servers are configured as
shown in the following table.
The servers in the perimeter network are accessible from the Internet by using a domain name suffix of
public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:
On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will be configured as
shown in the following table.
Configure IP routing between Site1 and the network services that Northwind
Traders hosts in Windows Azure.
Place a domain controller for the northwindtraders.com domain in Windows
Azure.
Upgrade all of the computers in the Montreal office to Windows 8.1.
Purchase a subscription to Microsoft Office 365.
Configure a web application proxy on Server6.
Configure integration between VMM and IPAM.
Apply GPO1 to all of the San Diego users.
Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
All virtual machines must use ODX.
Users must be able to access App1 from the Internet.
GPO1 must not be applied to computers that run Windows 8.1.
All DNS zones must replicate only to DC1, DC2, and DC3.
All computers must be able to resolve names by using a local DNS server.
If a WAN link fails, users must be able to access all of the sales reports.
The credentials for accessing Windows Azure must be permanently stored.
The on-premises network must be connected to Windows Azure by using
Server4.
The administrators must be able to manage Windows Azure by using
Windows PowerShell.
The number of servers and services deployed in the San Diego office must
be minimized.
Active Directory queries for the objects in the forest must not generate WAN
traffic, whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
Ensure that all DNS zone data is encrypted when it is replicated.
Minimize the number of permissions assigned to users and administrators,
whenever possible. Prevent an Active Directory Domain Services (AD DS) attribute
named SSNumber from replicating to Site2. Ensure that users can use their northwindtraders.com user account to access
the resources hosted in Office 365.
Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.
###EndCaseStudy###
HOTSPOT
On Server2, you create a Run As Account named Account1. Account1 is associated to an Active Directory
account named VMMIPAM.You need to implement an IPAM solution.
What should you do? To answer, select the appropriate configuration for each server in the answer area.
You need to perform the directory synchronization with Office 365
###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:
Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:
The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.
###EndCaseStudy###
You need to perform the directory synchronization with Office 365.
What should you do first?A. Set the domain functional level to Windows Server 2012.
Which two actions should you perform?
###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:
Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:
The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.
###EndCaseStudy###
You need to design a solution for the recovery-time objective.
Which two actions should you perform? Each correct answer presents part of the solution.
What should you create?
###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:
Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:
The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.
###EndCaseStudy###
You need to configure the connection between the new remote branch office and the existing branch offices.
What should you create?
You need to plan the expansion of the Los Angeles office
###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:
Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:
The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.
###EndCaseStudy###
You need to plan the expansion of the Los Angeles office.
What should you do?A. Install a read-only domain controller in Los Angeles.
You need to design the acquisition strategy for Margie’s Travel
###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:
Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:
The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.
###EndCaseStudy###
HOTSPOT
You need to design the acquisition strategy for Margie’s Travel.
What should you do? To answer, select the appropriate option for each action in the answer area.
Which three actions should you perform in sequence?
###BeginCaseStudy###
Topic 6, Contoso Ltd, Case B
Background
OverviewContoso, Ltd., is a software development company. Contoso has a main office in London and two branch
offices, one in Madrid and the other in Dublin. The company is in the process of adopting Microsoft Azure to
host business critical resources and applications.
Contoso has an Active Directory Domain Services (AD DS) domain named contoso.com. All devices in the
three offices are members of the domain. Each office has a dedicated organizational unit (OU) in the root of
the domain named London. Madrid, and Dublin, respectively. Each office OU has three child OUs named
Computers, Users, and Groups.
The local Administrator account is disabled on all client devices in the domain by using a Group Policy object
(GPO) named SecurityConflguration that is linked to the root of the domain. Contoso’s security department
also has a GPO named WSUSConfiguration. WSUSConfiguration defines the configuration of Windows
Update Services on the Windows Server Update Services (WSUS) server named WSUS1.
You have a GPO named RemoteSales that uses a WMI filter. The GPO prevents users from launching
applications that are not approved.
DNS Services
Contoso uses a DNS service that is installed on two domain controllers in the main office. The domain
controllers are named DO and DC2. Both DO and DC2 run Windows Server 2008 R2. Both domain controllers
host Active Directory integrated zones named contoso.com and lab.contoso.com. The zones are configured
to allow only secure updates.
Research
Contoso creates a new research department to develop integration between Contoso’s software and public
cloud services.
Finance Department
Users in the finance department use a client-server application named App1. App1 uses custom Active
Directory attributes to store encryption keys. App1 is a business critical application that must be migrated to
Windows Azure.
A server named SERVER2 hosts Appl. SERVER2 runs Windows Server 2008 R2. The disk configuration for
SERVER2 is shown in the following table:
A server named SERVER1 hosts a database that is used by Appl. SERVER1 runs Windows Server 2008 R2 and
SQL Server 2008 R2. The disk configuration for SERVER1 is shown in the following table:
The Contoso management team plans to increase the use of Appl. To accommodate these plans, the size of
the datable must be increased
Sales Department
Users in the sales department use laptop computers when they travel. Salespeople use a legacy application
named ContosoSales on their laptop computers. Salespeople can use a pool of shared desktop computers in
each office.
The ContosoSales app is dependent on a specific registry key that is frequently overwritten by third-party
applications. This causes the ContosoSales app to stop working.
Business Requirements
All DNS servers must be placed in a physically secure location.
Software development department
All software developers must migrate their servers and workstations to the DNS domain lab.contoso.com to
ensure that frequent changes to DNS do not interfere with the production environment.
Finance department
All servers that host App1 must be migrated to Windows Azure. A new Azure virtual machine (VM) named
CL0UD2 must be deployed to Windows Azure.
Sales department
Users in the sales department should not be able to run applications on their laptop computers that are not
approved by the security department. Users in the sales department should have no such restrictions while
they work on the desktop computers in the office.
Technical Requirements
App1 requirements
You have the following requirements: The size of the database for App1 must be increased to 8 TB.
The encryption keys for App1 should not be replicated to the offices where physical
server security is not guaranteed.
The amount of disk space that is used by Windows Azure must be minimized.
Infrastructure requirements
You have the following requirements:
The lab.contoso.com DNS domain zone must not be replicated or transferred to DNS
servers outside of the London office.
A new DNS domain zone named research.contoso.com must be deployed for users in
the research department.
The research.contoso.com DNS domain zone must be protected by using DNS
Security Extensions {DNSSEC).
All computers in the London and Madrid offices must install Windows Updates from
the server WSUS1.
A new domain controller for the contoso.com domain must be deployed in the
Madrid office.
Replication traffic must be minimized when the new domain controllers are
deployed.
New WMI filters must not conflict with existing WMI filters.
###EndCaseStudy###
DRAG DROP
You need to configure DNS for the Dublin office.
Which three actions should you perform in sequence? To answer, move the appropriate actions from the list
of actions to the answer area and arrange them in the correct order.
