DRAG DROP
Your network contains an Active Directory forest named contoso.com. All domain controllers run
Windows Server 2008 R2.
The schema is upgraded to Windows Server 2012 R2.
Contoso.com contains two servers. The servers are configured as shown in the following table.
Server1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Managed Service Account as its identity.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Answer: See the explanation
Explanation:
Box 1:
Box 2:
Box 3: Modify the settings of AppPool1.
Note:
Box 1:
Group Managed Service Accounts Requirements:
At least one Windows Server 2012 Domain Controller
A Windows Server 2012 or Windows 8 machine with the ActiveDirectory PowerShell module, to
create/manage the gMSA.
A Windows Server 2012 or Windows 8 domain member to run/use the gMSA.
Box 2:
To create a new managed service account
On the domain controller, click Start, and then click Run. In the Open box, type ds
a. msc, and then click OK to open the Active Directory Users and Computers snap-in. Confirm that
the Managed Service Account container exists.
Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell
icon.
Run the following command: New-ADServiceAccount [-SAMAccountName<String>] [-Path <String>].
Box 3:
Configure a service account for Internet Information Services
Organizations that want to enhance the isolation of IIS applications can configure IIS application
pools to run managed service accounts.
To use the Internet Information Services (IIS) Manager snap-in to configure a service to use a
managed service account
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
Double-click <Computer name>, double-click Application Pools, right-click <Pool Name>, and click
Advanced Settings.
In the Identity box, click …, click Custom Account, and then click Set.
Type the name of the managed service account in the format domainname\accountname.Service Accounts Step-by-Step Guide
Picture missing. Pls. provide. Thanks!
0
0
Answer :
http://cdn.aiotestking.com/wp-content/uploads/70-411-v8/67.png
http://cdn.aiotestking.com/wp-content/uploads/70-411-v8/68.png
http://cdn.aiotestking.com/wp-content/uploads/70-411-v8/69.png
0
0
1. Install Win 2012 DC
2. Run New-ADServiceAccount
3. Modify the settings of AppPool1
0
0
How about
Run the new-ADServiceAcoount cmdlet
Run the install-ADServiceAccount cmdlet.
Modify the settings of AppPool1
0
0
Agree with Kholo
You have to create the managed service account in AD with the new-ADServiceAccount command
Then you install the account on the server that will use it with the install-ADServiceAccount command.
Then you modify the settings of AppPool1 to use the installed managed service account.
0
0
but, gMSAs can only be created on a DC running windows server 2012 R2. So you won’t be able to create them without them. I think the provided answer is correct.
0
0
No, you don’t need to have a running 2012r2 DC to create a gMSA. It’s enough to update the schema, which in this case is done beforehand according to the question. So in this case the logic SHOULD be – provision the account (new-adserviceaccount), install it on the machine (install-adserviceaccount) and finally configure the apppool to run using the gmsa.
Ref:https://technet.microsoft.com/en-us/library/jj128431%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396#BKMK_gMSA_Req -> prerequisites/requirements
0
0
As the Active Directory module is not installed by default unless you have a Domain Controller, you’d need additional steps to make it work without de DC. I’ll stick with the provided answer.
0
0
According to this link: https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/
Group Managed Service Accounts Requirements
At least one Windows Server 2012 Domain Controller
A Windows Server 2012 or Windows 8 machine with the ActiveDirectory PowerShell module, to create/manage the gMSA.
A Windows Server 2012 or Windows 8 domain member to run/use the gMSA.
So my answer would be:
1. Install a 2012 R2 DC
2. Run new-adserviceaccount
3. Modify the settings of AppPool1
0
0
1) need install server 2012
2) need add account
3) need use account to AppPool
0
0