Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named
Site1 and Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com
domain.
What should you identify?
A.
The placement of the global catalog server
B.
The placement of the infrastructure master
C.
The placement of the domain naming master
D.
The placement of the PDC emulator
Explanation:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close
interaction between the RID operations master role and the PDC emulator role.
The PDC emulator processes password changes from earlier-version clients and other domain
controllers on a best-effort basis; handles password authentication requests involving passwords
that have recently changed and not yet been replicated throughout the domain; and, by default,
synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain
controller cannot process authentication requests, it may not be able to synchronize time, and
password updates cannot be replicated to it.
The PDC emulator master processes password changes from client computers and replicates these
updates to all domain controllers throughout the domain. At any time, there can be only one domain
controller acting as the PDC emulator master in each domain in the forest.
D
0
0
Practically, this question is wrong. If you don’t have a connection to DC, you still able to login into your cached profile. isn’t ?
0
0
D
0
0
Global Catalogue is needed so the answer is A. PDC is needed for updating/changing passwords but not for login
0
0
it’s non sense, but seems D is correct in real exam, check last note of riddle here, he said he got 100%
http://www.aiotestking.com/microsoft/what-should-you-identify-74/#comments
still believe A is correct.
0
0
Josh is right.
See https://support.microsoft.com/en-us/kb/216970
Quote:
If a GC server cannot be located by the domain controller during this process:
If the account that is used is the built-in Administrator account (RID 0x1F4 or decimal 500), Windows 2000 allows the logon to take place without the domain controller contacting a GC.
If cached credentials exist for the user on the local computer, the user is logged on with those credentials. Access to network resources must be validated on an individual basis. If the client uses Kerberos to use a server’s resources, the KDC must be contacted to get a ticket for the server, or if NTLM is used,
pass-through authentication is required.
If cached credentials do not exist, the user is denied logon.
Quote END
And here more detailed:
https://standalonelabs.wordpress.com/2011/05/07/is-a-global-catalog-really-needed-for-user-logon/
0
0
https://blogs.technet.microsoft.com/askds/2011/02/25/friday-mail-sack-no-redesign-edition/#pdceauth
it clearly states “[PDC Emulator] It’s not required for direct user authentication unless you are using (unsupported) NT and older operating systems or some Samba flavors. I’ve had customers who didn’t notice their PDCE was offline for weeks or months. Plenty of non-fully routed networks exist where many users have no direct access to that server at all.”
So it cannot (should not) be PDC placement.
0
0
A.
you can have only 1 PDC in a domain, it does not matter what site it is in, there is NO Global Catalog server so nobody can log in. You need at lease 1 GC in the domain, preferably one in each site.
0
0
The Answer seems to be D
Even thoughtthere can only be one PDC per donin it is important for password replication
This site has a good discription of the FSMO roles and there impact on clients
https://jorgequestforknowledge.wordpress.com/2011/07/11/the-impact-of-fsmo-roles-not-being-available/
0
0