Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites
named Site1 and Site2. The domains and the sites are configured as shown in following
table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the
child.contoso.com domain.
What should you identify?
A.
The placement of the global catalog server
B.
The placement of the infrastructure master
C.
The placement of the domain naming master
D.
The placement of the PDC emulator
Explanation:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of
the close interaction between the RID operations master role and the PDC emulator role
The PDC emulator processes password changes from earlier-version clients and other
domain controllers on a best-effort basis; handles password authentication requests
involving passwords that have recently changed and not yet been replicated throughout the
domain; and, by default, synchronizes time. If this domain controller cannot connect to the
PDC emulator, this domain controller cannot process authentication requests, it may not be
able to synchronize time, and password updates cannot be replicated to it.
Correct answer is : A
A Global Catalog is needed. As the PDC emulator is already present in child Domain.
Global Catalog server is a requirement for logging on to the domain. It’s advisable to have at least one Global Catalog server in a site.
If a Global Catalog is not available in a site and there is another Global Catalog server in a remote site, the server in the remote site can be used for the logon process.
0
0
You explanation seems legit, but how about this?
All domain controllers which receives an incorrect authentication request will poll the PDC Emulator as a “second opinion” before rejecting the user. Since the PDCE always knows the most recently modified passwords it can grant access even if the change has not yet been replicated to the authenticating DC.
http://rickardnobel.se/all-pdc-emulator-functions/
I would move PDC emulator from child domain site1 to site2, because site1 have Master domain PDC emulator for authentification.
0
0
Without a GC in site 2, and moving the PDC emulator to site2 (DC4), with a failed site link it would cause users in child.contoso.com in site1 to be unable to logon unless they have a GC. Correct answer should be A.
0
0
Jony is correct.
Correct answer is D. Since the PDC Emulator is on site 1 and the link between the two sites fail, how will users be able to logon without a PDC Emulator?
https://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx
0
0
D is correct – Global Catalog is not critically needed when first replication passes. It´s then used only for cross domain searches etc. But PDC emulator is needed for A) checking password changes B if requests have wrong timestamp, they will be rejected.
0
0
OK but what about the below:
https://technet.microsoft.com/en-nz/library/cc728188(v=WS.10).aspx
Where it says a GC server is needed for user logon in a multi domain site (UPN name resolution). I believe the Infrastructure master role does the same job on a DC without a GC but site 2 has neither – It’s a tricky question but I’ve come to think it is actually A taht’s the answer
0
0
Why do the answers to this question state placement? If you move the GC to site 2, how does that help Site 1? The only logical conclusion is that the PDC emulator for the child domain needs to be placed in site 2, right?
0
0
CORRECT ANSWER IS D …. I SCORED 100PERCENT IN THIS EXAM AND IM HERE TO HELP JONY GAVE A NEAR ENOUGH PERFECT EXPLANATION
0
0
I don’t know how you got 100%, the following MS article makes it crystal clear that a GC is a must in a multi-domain environment, otherwise the user is denied logon.
Global Catalog Server Requirement for User and Computer Logon
https://support.microsoft.com/en-us/kb/216970
0
0
From MS:
Responding to operations master failures
https://technet.microsoft.com/en-us/library/cc737648(v=ws.10).aspx
PDC emulator master failure
The severity of a PDC outage depends on your Service Level Agreement (SLA) and the actual behavior and configuration of the environment. For example, inconsistent password change behavior may affect users beyond what your SLAs allow, or the lack of time synchronization may cause resource access failures.
Also, in smaller environments, it may happen that the PDC as the first server in the domain is the only DNS or Global Catalog Server, or is the only domain controller (DC) with a valid SYSVOL in case other DCs did not successfully initiate or maintain SYSVOL replication. The PDC role holder may also be the target for regular file server access. When this is done for folder redirection or logon script activities, it may also affect users when logging on and while they work.
Other than the conditions described above, there is no direct dependency of the domain members on the PDC role holder. However, you might be using applications that are coded to contact the PDC only. You should try to avoid having this single point of failure.
Often, these applications were written for Windows NT 3.x and 4.0 deployments where the PDC was the only writable DC. However, since Active Directory, all DCs except Read-Only DCs are writable. The DsGetDcName API allows you to pick the right type; similar options are available in AD API interfaces like ADSI (ADS_READONLY_SERVER) or the .NET runtime.
The loss of the primary domain controller (PDC) emulator master may affect network users. Therefore, when the PDC emulator master is not available, you may need to immediately seize the role.
For procedures on how to seize the PDC emulator role, see Seize the PDC emulator role.
0
0