Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named
Site1 and Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com
domain.
What should you identify?
A.
The placement of the infrastructure master
B.
The placement of the global catalog server
C.
The placement of the domain naming master
D.
The placement of the PDC emulator
Explanation:
The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close
interaction between the RID operations master role and the PDC emulator role
The PDC emulator processes password changes from earlier-version clients and other domain
controllers on a best-effort basis; handles password authentication requests involving passwords
that have recently changed and not yet been replicated throughout the domain; and, by default,
synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain
controller cannot process authentication requests, it may not be able to synchronize time, and
password updates cannot be replicated to it.
Holy god what an incorrect answer. The RID master has NOTHING to do with existing users at all. The PDC emulator being inaccessible would neither prevent ANYONE from logging on. It could certainly prevent logon with new passwords, but that doesn’t mean they couldn’t log on. Whoever wrote this clearly has absolutely no grasp at all on how active directory works.
There is an incredibly obscure possibility of this scenario preventing logon and that would be only if machines older than windows 2000 were present on the network. Since all of those are abandonware, Microsoft would never imply this scenario.
The correct answer is the lack of a global catalog in the site.
1
0
B global catalog
0
0
B Global Catalogue Server or UGMC required for login
0
0
It has to be Global catalog.
https://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx
User Logon Support
In addition to its role as a search provider, in a forest that has more than one domain, the global catalog has a role as an identity source during the user logon process.
Universal Group Membership
During the domain logon process, the user must be authenticated. During the authentication process, the user is validated (the domain controller verifies the identity of the user) and the user receives authorization data for access to resources. To provide authorization data of a user, the authenticating domain controller retrieves the security identifiers (SIDs) for all security groups of which the user is a member and adds these SIDs to the user’s access token. In a forest that has more than one domain, the global catalog is the only location where memberships of all universal groups in that forest can be ascertained. For this reason, access to a global catalog server is required for successful authentication in a domain that can have universal groups.
For example, a user might be a member of a universal group that has its group object stored in a different domain but provides access to resources in the user’s domain. To ensure that the user can be authorized to access resources appropriately in this domain, the domain controller must have access to the membership of all universal groups in the forest.
If a global catalog server is not available, the user logon fails.
0
0
B is correct
0
0
Very few internet sites that come about to become comprehensive below, from our point of view are undoubtedly effectively really worth checking out.
0
0