Your network contains an Active Directory domain named contoso.com.
All domain controllers run Windows Server 2012 R2.
The domain contains two domain controllers.
The domain controllers are configured as shown in the following table.
The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client
computers in the Branch site only.
You plan to deploy a new RODC to the perimeter network in the Branch site.
You need to ensure that the new RODC will be able to replicate from DC10.
What should you do first on DC10?
A.
Run dcpromo and specify the /createdcaccount parameter.
B.
Run the Active Directory Domain Services Configuration Wizard.
C.
Run the Add-ADDSReadOnlyDomainControllerAccount cmdlet.
D.
Enable the Bridge all site links setting.
Explanation:
Creates a read-only domain controller (RODC) account that can be used to install an RODC in
Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using
the Install-ADDSDomainController cmdlet with the -ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using
the North America site as the source site for the replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 –
DomainName corp.contoso.com -SiteName NorthAmericaAdd-ADDSReadOnlyDomainControllerAccount
Can we replicate from RODC?
0
0
Everything I read says you can’t replicate FROM an RODC. “replicate from DC10” is stated as a requirement.
I go with B.
0
0
C is correct. You want to prestage the RODC account.
0
0
Can you prestage the RODC account FROM DC10 ?
Can an RODC create objects ( in this case a new RODC ) in the AD ?
0
0
i go with B
since the question only tells us:
You plan to deploy a new RODC to the perimeter network in the Branch site.
You need to ensure that the new RODC will be able to replicate from DC10.
nothing said about prestaging.
Because you can’t replicate from a RODC you have to make a normal DC out of it instead.
0
0
there is a same question with following answers:
A. Enable the Bridge all site links setting.
B. Run the Active Directory Domain Services Configuration Wizard.
C. Create an Active Directory site link bridge.
D. Create an Active Directory site.
0
0
Answer: B
0
0
answer is B
0
0
I agree with B. You can replicate from a RODC. You have to convert DC10 to a writable DC before installing another RODC wich replicates from it.
1
0
Agree answer should be B, you need to make DC10 a writable DC before so that the New RODC can replicate
Can an RODC replicate to other RODCs?
No, an RODC can only replicate from a writable Windows Server 2008 domain controller. In addition, two RODCs for the same domain in the same site do not share cached credentials. You can deploy multiple RODCs for the same domain in the same site, but it can lead to inconsistent logon experiences for users if the WAN to the writeable domain controller in a hub site is offline. This is because the credentials for a user might be cached on one RODC but not the other. If the WAN to a writable domain controller is offline and the user tries to authenticate with an RODC that does not have the user’s credentials cached, then the logon attempt will fail.
https://technet.microsoft.com/en-us/library/cc754956(v=ws.10).aspx
0
0
Correct Answer: C
Creates a read-only domain controller (RODC) account that can be used to install an RODC in Active Directory.
Note:
* Notes
Once you have added the RODC account, you can add an RODC to a server computer by using the Install-ADDSDomainController cmdlet with the –
ReadOnlyReplica switch parameter.
* Example
Adds a new read-only domain controller (RODC) account to the corp.contoso.com domain using the North America site as the source site for the
replication source domain controller.
C:\PS>Add-ADDSReadOnlyDomainControllerAccount -DomainControllerAccountName RODC1 – DomainName corp.contoso.com -SiteName
NorthAmerica Reference: Add-ADDSReadOnlyDomainControllerAccount
0
0
Answer is D
Site link transitivity is controlled by the Bridge all site links option on the properties pages of transport folders (such as IP or SMTP) in the Active Directory Sites and Services snapin.
Site link transitivity is enabled by default.
If you cannot place a writable Windows Server 2008 domain controller in the nearest site to the RODC, RODC replication depends on a site link bridge between the site links that contain the site of the RODC and the site of the writable Windows Server 2008 domain controller.
It must be done this way. lso because it says in the question that
“for security reasons, client computers in the perimeter network can communicate with client computers in the Branch site only.”
So, communcation between new RODC and the writeable DC must be done through DC10, and for this we need D.
0
0
It states “What should you do first on DC10?”
The answer is actually B. Why? Because you cannot replicate from RODC’s, you would need first to demote DC10 to a writable DC to be able to replicate from DC10.
Cannot be D- bridge all sites. This requires a non perimeter, fully routed network. The quesiton states completely “The Branch site contains a perimeter network.
For security reasons, client computers in the perimeter network can communicate with client
computers in the Branch site only.” So how are you going to create a bridge back to DC1, the main site that it cannot communicate with?
1
0
Also D is enabled by default I think *applies to 2008, not sure if its the same in 2012
By default, a new Windows Server 2008 forest has the Bridge all site links option enabled, which means that all site links are bridged. You can configure this setting in the properties of the Inter-Site transport in the Active Directory Sites and Services snap-in
https://technet.microsoft.com/en-us/library/cc732632(v=ws.10).aspx
0
0
It states “What should you do first on DC10?”
The only thing that you can do from DC10 is B. Other you cannot do it from DC10.
2
0
And from https://technet.microsoft.com/en-us/library/e41e0d2f-9527-4eaf-b933-84f7d3b2c94a, you can read:
Can an RODC replicate to other RODCs?
No, an RODC can only replicate from a writable Windows Server 2008 domain controller. In addition, two RODCs for the same domain in the same site do not share cached credentials. You can deploy multiple RODCs for the same domain in the same site, but it can lead to inconsistent logon experiences for users if the WAN to the writeable domain controller in a hub site is offline. This is because the credentials for a user might be cached on one RODC but not the other. If the WAN to a writable domain controller is offline and the user tries to authenticate with an RODC that does not have the user’s credentials cached, then the logon attempt will fail.
0
0