Your company has a main office and a branch office. The company has a single-domain
Active Directory forest. The main office has two domain controllers named DC1 and DC2
that run Windows Server 2008 R2. The branch office has a Windows Server 2008 R2 readonly domain controller (RODC) named DC3.
All domain controllers hold the DNS Server role and are configured as Active Directoryintegrated zones. The DNS zones only allow secure updates.
You need to enable dynamic DNS updates on DC3.
What should you do?
A.
Run the Dnscmd.exe /ZoneResetType command on DC3.
B.
Reinstall Active Directory Domain Services on DC3 as a writable domain controller.
C.
Create a custom application directory partition on DC1. Configure the partition to store
Active Directoryintegrated zones.
D.
Run the Ntdsutil.exe > DS Behavior commands on DC3.
Explanation:
Answer) Reinstall Active Directory Domain Services on DC3 as a writable domain controller.http://technet.microsoft.com/en-us/library/cc754218%28WS.10%29.aspx#BKMK_DDNS
Appendix A: RODC Technical Reference Topics
DNS updates for clients that are located in an RODC site
When a client attempts a dynamic update, it sends a start of authority (SOA) query to its
preferred Domain Name System (DNS) server. Typically, clients are configured to use the
DNS server in their branch site as their preferred DNS server. The RODC does not hold a
writeable copy of the DNS zone. Therefore, when it is queried for the SOA record, it returns
the name of a writable domain controller that runs Windows Server 2008 or later and hosts
the Active Directory–integrated zone, just as a secondary DNS server handles updates for
zones that are not Active Directory–integrated zones. After it receives the name of a writable
domain controller that runs Windows Server 2008 or later, the client is then responsible for
performing the DNS record registration against the writeable server. The RODC waits a
certain amount of time, as explained below, and then it attempts to replicate the updated
DNS object in Active Directory Domain Services (AD DS) from the DNS server that it
referred the client to through an RSO operation.
Note:
For the DNS server on the RODC to perform an RSO operation of the DNS record update, a
DNS server that runs Windows Server 2008 or later must host writeable copies of the zone
that contains the record. That DNS server must register a name server (NS) resource record
for the zone. The Windows Server 2003 Branch Office Guide recommended restricting name
server (NS) resource record registration to a subset of the available DNS servers. If you
followed those guidelines and you do not register at least one writable DNS server that runs
Windows Server 2008 or later as a name server for the zone, the DNS server on the RODCattempts to perform the RSO operation with a DNS server that runs Windows Server 2003.
That operation fails and generates a 4015 Error in the DNS event log of the RODC, and
replication of the DNS record update will be delayed until the next scheduled replication
cycle.
Further information:
http://technet.microsoft.com/en-us/library/dd737255%28v=ws.10%29.aspx
Plan DNS Servers for Branch Office Environments
This topic describes best practices for installing Domain Name System (DNS) servers to
support Active Directory Domain Services (AD DS) in branch office environments.
As a best practice, use Active Directory–integrated DNS zones, which are hosted in the
application directory partitions named ForestDNSZones and DomainDNSZones. The
following guidelines are based on the assumption that you are following this best practice.
In branch offices that have a read-only domain controller (RODC), install a DNS server on
each RODC so that client computers in the branch office can still perform DNS lookups
when the wide area network (WAN) link to a DNS server in a hub site is not available. The
best practice is to install the DNS server when you install AD DS, using Dcpromo.exe.
Otherwise, you must use Dnscmd.exe to enlist the RODC in the DNS application directory
partitions that host Active Directory–integrated DNS zones.
Note: You also have to configure the DNS client’s setting for the RODC so that it points to
itself as its preferred DNS server.
To facilitate dynamic updates for DNS clients in branch offices that have an RODC, you
should have at least one writeable Windows Server 2008 DNS server that hosts the
corresponding DNS zone for which client computers in the branch office are attempting to
make DNS updates. The writeable Windows Server 2008 DNS server must register name
server (NS) resource records for that zone.
By having the writeable Windows Server 2008 DNS server host the corresponding zone,
client computers that are in branch offices that are serviced by RODCs can make dynamic
updates more efficiently. This is because the updates replicate back to the RODCs in their
respective branch offices by means of a replicate-singleobject (RSO) operation, rather than
waiting for the next scheduled replication cycle.
For example, suppose that you add a new member server in a branch office, Branch1, which
includes an RODC. The member server hosts an application that you want client computers
in Branch1 to locate by using a DNS query. When the member server attempts to register its
host (A or AAAA) resource records for its IP address to a DNS zone, it performs a dynamic
update on a writeable Windows Server 2008 or Windows Server 2008 R2 DNS server that
the RODC tracks in Branch1. If a writeable Windows Server 2008 DNS server hosts the
DNS zone, the RODC in Branch1 replicates the updated zone information as soon as
possible from the writeable Windows Server 2008 DNS server. Then, client computers in
Branch1 can successfully locate the new member server by querying the RODC in Branch1
for its IP address.
If you do not have a writeable Windows Server 2008 DNS server that hosts the DNS zone,
the update can still succeed against Windows Server 2003 DNS server if one is available but
the updated record in the DNS zone will not replicate to the RODC in Branch1 until the next
scheduled replication cycle, which can delay client computers that use the RODC DNS
server for name resolution from locating the new member server.