Installing and Configuring Windows Server 2012

QUESTION NO: 5

Your network contains an active directory domain named contoso.com. The domain contains a domain controller named DCS. DCS has a server core installation of windows server 2012.

You need to uninstall Active Directory from DCS manually.

Which tool should you use?

A. The Remove-WindowsFeature cmdlet

B. the dsamain.exe command

C. the ntdsutil.exe command

D. the Remove-ADComputer cmdlet

Answer: C

Explanation:

This utility will allow you to manually remove a domain controller

Incorrect answers:

A. Removes Roles and Features to remove DC use Uninstall-addsdomaincontroller

B. Exposes Active Directory data that is stored in a snapshot or backup as a Lightweight Directory Access Protocol (LDAP) server

D. Removes AD computer object

References:

http://technet.microsoft.com/en-us/library/ee662310.aspx

http://support.microsoft.com/kb/216498

http://technet.microsoft.com/en-us/library/ee617250.aspx

QUESTION NO: 6

Your network contains an Active Directory forest. The forest contains a single domain named contoso.com. The domain contains four domain controllers. The domain controllers are configured as shown in the following table.

You plan to deploy a new domain controller named DC5 in the contoso.com domain.

You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully to a domain controller.

Which domain controller should you identify?

A. DC1

B. DC2

C. DC3

D. DC4

Answer: C

Explanation:

To perform a domain controller promotion you need the Infrastructure master to be online.

The schema master and the domain naming master are per-forest roles. Therefore, there is only one schema master and one domain naming master per forest.

The RID master, the PDC master, and the infrastructure master are per-domain roles. Each domain has its own RID master, PDC master, and infrastructure master. Therefore, if a forest has three domains, there are three RID masters, three PDC masters, and three infrastructures masters.

Incorrect answers:

A: The domain naming master Flexible Single Master Operations (FSMO) role holder is assigned to the domain controller that is responsible for making changes to the CN=Partitions,CN=Configuration, DC=domain configuration container in Active Directory

B: Active Directory Users and Computers Snap-in will always contact the PDC when User Properties is opened

D: very Exchange Server 5.5 site or Exchange 2000 Server Routing Group needs a Routing Information Daemon (RID) master, or routing master. This RID master generates the routing table for the rest of the site (or Routing Group), which replicates to the entire Exchange Server organization. By default the RID master is the first Exchange Server computer in the site.

References:

http://support.microsoft.com/kb/234790

http://support.microsoft.com/kb/254809

QUESTION NO: 7

Your network contains an Active Directory domain named contoso.com. The domain contains two domain controllers. The domain controllers are configured as shown in the following table.

You install a new server named Server1 that runs a Server Core Installation of Windows Server 2012.

You need to join Server1 to the contoso.com domain.

The solution must minimize administrative effort.

What should you use?

A. the dsadd.exe command

B. the New-ADComputer cmdlet

C. the djoin.exe command

D. the Add-Computer cmdlet

Answer: D

Explanation:

Add the local computer to a domain or workgroup.

Incorrect answers:

A. Adds specific types of objects to the directory

B. Creates a new Active Directory computer.

C. Use djoin for offline join in the perimeter network.

References:

Exam Ref 70-410: Installing and Configuring Windows Server 2012: Objective 5.3 Create and manage Active Directory groups and Organization units, Chapter 5: Install and Administer Active Directory, p. 289-291, 293

http://technet.microsoft.com/en-us/library/ee617245.aspx

http://technet.microsoft.com/en-us/library/ff793312(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc753708(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/hh849798.aspx

QUESTION NO: 8

Your network contains an Active Directory forest named contoso.com. All domain controllers currently run Windows Server 2008 R2.

You plan to install a new domain controller named DC4 that runs Windows Server 2012. The new domain controller will have the following configurations:

  • Schema master

  • Global catalog server

  • DNS Server server role

  • Active Directory Certificate Services server role

You need to identify which configurations cannot be fulfilled by using the Active Directory Domain Services Configuration Wizard.

Which two configurations should you identify? (Each correct answer presents part of the solution. Choose two.)

A. Enable the global catalog server.

B. Install the Active Directory Certificate Services role.

C. Install the DNS Server role.

D. Transfer the schema master.

Answer: B, D

Explanation:

AD Installation Wizard will automatically install DNS and allows for the option to set it as a global catalog server. ADCS and schema must be done separately.

Incorrect answers:

A: The Global Catalogue server is automatically installed.

C: The DNS server role is automatically installed.

References:

http://technet.microsoft.com/en-us/library/hh831457.aspx

Exam Ref 70-410: Installing and Configuring Windows Server 2012, Chapter 5: Install and administer Active Directory, Objective 5.1: Install domain controllers, p. 262

QUESTION NO: 9

Your company has an Active Directory forest. Not all domain controllers in the forest are configured as Global Catalog Servers. Your domain structure contains one root domain and one child domain. You modify the folder permissions on a file server that is in the child domain. You discover that some Access Control entries start with S-1-5-21... and that no account name is listed.

You need to list the account names.

What should you do?

A. Move the RID master role in the child domain to a domain controller that holds the Global Catalog.

B. Modify the schema to enable replication of the friendlynames attribute to the Global Catalog.

C. Move the RID master role in the child domain to a domain controller that does not hold the Global Catalog.

D. Move the infrastructure master role in the child domain to a domain controller that does not hold the Global Catalog.

Answer: D

Explanation:

If the IM Flexible Single Master Operation (FSMO) role holder is also a global catalog server, the phantom indexes are never created or updated on that domain controller. (The FSMO is also known as the operations master.) This behavior occurs because a global catalog server contains a partial replica of every object in Active Directory. The IM does not store phantom versions of the foreign objects because it already has a partial replica of the object in the local global catalog.

For this process to work correctly in a multidomain environment, the infrastructure FSMO role holder cannot be a global catalog server. Be aware that the first domain in the forest holds all five FSMO roles and is also a global catalog. Therefore, you must transfer either role to another computer as soon as another domain controller is installed in the domain if you plan to have multiple domains.

Incorrect answers:

A: The RID master allocates sequences of relative IDs (RIDs) to each of the various domain controllers in its domain. At any time, there can be only one domain controller acting as the RID master in each domain in the forest. Thus you should not move the RID master role. Also the RID master, PDC master as well as the Infrastructure master must be unique in each domain.

B: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the entire forest.

C: The RID master allocates sequences of relative IDs (RIDs) to each of the various domain controllers in its domain. At any time, there can be only one domain controller acting as the RID master in each domain in the forest. Thus you should not move the RID master role.

References:

http://support.microsoft.com/kb/248047

QUESTION NO: 10

You have an existing Active Directory site named Site1. You create a new Active Directory site and name it Site2.

You need to configure Active Directory replication between Site1 and Site2. You install a new domain controller. You create the site link between Site1 and Site2.

What should you do next?

A. Use the Active Directory Sites and Services console to configure a new site link bridge object.

B. Use the Active Directory Sites and Services console to decrease the site link cost between Site1 and Site2.

C. Use the Active Directory Sites and Services console to assign a new IP subnet to Site2. Move the new domain controller object to Site2.

D. Use the Active Directory Sites and Services console to configure the new domain controller as a preferred bridgehead server for Site1.

Answer: C

Explanation:

Replication between sites transfers domain updates when domain controllers for a domain are located in more than one site. Intersite replication of configuration and schema changes is always required when more than one site is configured in a forest. Replication between sites is accomplished by bridgehead servers, which replicate changes according to site link settings.

To configure replication between sites you need a domain controller in each site, thus your next step would be to move the new domain controller to Site2 and also you need to assign a new IP subnet to Site2 because sites only work effective because replication occurs to specific ranges of subnet addresses. The relationship between sites and subnets is integral to Active Directory replication.

Incorrect answers:

A: No need to configure a new site link bridge object because site link bridge objects are used by the KCC only when the Bridge all site links setting is disabled. Otherwise, site link bridge objects are ignored.

B: Site link costs only need to be configured after replication between sites has been configured. Thus you first need to set up the replication because When site links are bridged, the cost of replication from a domain controller at one end of the bridge to a domain controller at the other end is the sum of the costs on each of the intervening site links.

D: The new domain controller should be placed in Site2 which is the new site that was just created.

References:

http://technet.microsoft.com/en-us/library/cc755994%28v=WS.10%29.aspx

QUESTION NO: 11

You have a server named Server1 that runs Windows Server 2012.

You promote Server1 to a domain controller.

You need to view the service location (SRV) records that Server1 registers in DNS.

What should you do on Server1?

A. Run ipconfig /displaydns.

B. Open the Netlogon.dns file.

C. Run Get-DnsServerDiagnostics.

D. Open the Srv.sys file.

Answer: B

Explanation:

Netlogon.dns - If you are using non-Microsoft DNS servers to support Active Directory, you can verify SRV locator resource records by viewing Netlogon.dns. Netlogon.dns is located in the %systemroot%\System32\Config folder. You can use a text editor, such as Microsoft Notepad, to view this file.

The first record in the file is the domain controller's Lightweight Directory Access Protocol (LDAP) SRV record.

Incorrect answers:

A: Server1 has been promoted to a domain controller and if you want to view the SRV records then you should open the NetLogon.dns files.

C: Server1’s SRV records can only be viewed via the NetLogon.dns file.

D: The Server1 SRV records should be viewed via the NetLogon.dns file.

References:

http://support.microsoft.com/kb/816587/en-us

QUESTION NO: 12

Your network contains an Active Directory forest. The forest contains two domains named contoso.com and corp.contoso.com. All domain controllers run Windows Server 2012 and are configured as global catalog servers.

The corp.contoso.com domain contains a domain controller named DC1.

You need to disable the global catalog on DC1.

What should you do?

A. From Active Directory Users and Computers, modify the properties of the DC1 computer account.

B. From Active Directory Administrative Center, modify the properties of the DC1 computer account.

C. From Active Directory Sites and Services, modify the NTDS Settings of the DC1 server object.

D. From Active Directory Domains and Trusts, modify the properties of the corp.contoso.com domain.

Answer: C

Explanation:

When you navigate your way to the Active Directory Sites and Services\Sites\SiteName\Servers then in the details pane, right-click NTDS Settings of the selected server object, and then click Properties. There will you get access to the Global Catalog check box to add the global catalog, or clear the check box to remove the global catalog.

Incorrect answers:

A: The Active Directory Users and Computers console does not allow you to remove the global catalogue.

B: The Active Directory Administrative Center does not give to access to the NTDS settings that you need to access to remove the global catalogue.

D: He Active Directory Domains and Trust console will not give you access to the NTDS settings that you need to disable the global catalogue.

References:

http://technet.microsoft.com/en-us/library/cc755257.aspx

QUESTION NO: 13

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. All servers runs Windows Server 2012.The domain contains two domain controllers named DC1 and DC2. Both domain controllers are virtual machines on a Hyper-V host.

You plan to create a cloned domain controller named DC3 from an image of DC1.

You need to ensure that you can clone DC1.

Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)

A. Add the computer account of DC1 to the Cloneable Domain Controllers group.

B. Create a DCCIoneConfig.xml file on DC1.

C. Add the computer account of DC3 to the Cloneable Domain Controllers group.

D. Run the Enable-AdOptionalFeaturecmdlet.

E. Modify the contents of the DefaultDCCIoneAllowList.xml file on DC1.

Answer: A, B

A: Cloneable Domain Controllers Group (located in the Users container). Membership in this group dictates whether a DC can or cannot be cloned. This group has some permissions set on the domain head that should not be removed. Removing these permissions will cause cloning to fail. Also, as a best practice, DCs shouldn't be added to the group until you plan to clone and DCs should be removed from the group once cloning is complete. Cloned DCs will also end up in the Cloneable Domain Controllers group.

B: DCCloneConfig.xml is an XML configuration file that contains all of the settings the cloned DC will take when it boots. This includes network settings, DNS, WINS, AD site name, new DC name and more.

Incorrect answers:

C: You should add the appropriate computer account to the Cloneable Domain Controllers group, i.e. the DC1 computer account that should be cloned. DC3 will be the name of the clone.

D: The Enable-ADOptionalFeature enables an Active Directory optional feature that is associated with a particular Domain mode or Forest mode. Active Directory optional features that depend on a specified domain mode or Forest mode must be explicitly enabled after the domain mode or forest mode is set.

E: Before provisioning additional services or programs in the CustomDCCloneAllowList.xml file, verify whether you have the necessary license to copy that software contained on that virtual machine. If the applications are not cloneable, remove them from the source domain controller before you create the clone media. If an application appears in the cmdlet output, but is not included in the CustomDCCloneAllowList.xml file, cloning will fail. For cloning to succeed, the cmdlet output should not list any services or programs. In other words, an application should either be included in the CustomDCCloneAllowList.xml file or removed from the source domain controller.

Reference:

http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012.aspx

http://technet.microsoft.com/en-us/library/hh831734.aspx

Virtual Domain Controller Cloning in Windows Server 2012

QUESTION NO: 14

Your network contains an Active Directory forest named contoso.com.

The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and Site2. The domains and the sites are configured as shown in following table.

When the link between Site1 and Site2 fails, users fail to log on to Site2.

You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.

What should you identify?

A. the placement of the global catalog server

B. the placement of the PDC emulator

C. the placement of the infrastructure master

D. the placement of the domain naming master

Answer: B

Explanation:

The exhibit shows that Site2 does not have a PDC emulator. This is important because of the close interaction between the RID operations master role and the PDC emulator role

The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it.

Incorrect answers:

A: The global catalogue server role placement is not the issue.

C: The PDC emulator role, not the infrastructure master role will process authentication requests that will allow logging on for the Site2 users.

D: The domain naming master role is not the role that prevents Site2 users from logging on to the child domain.

References:

http://technet.microsoft.com/en-us/library/dd391870(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx

QUESTION NO: 15

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012.

The domain contains a user named User1 and a global security group named Group1.

You reconfigure DC2 as a member server in the domain.

You need to add DC2 as the first domain controller in a new domain in the forest.

Which cmdlet should you run?

A. Add-AdPrincipalGroupMembership

B. Install-AddsDomainController

C. Install WindowsFeature

D. Install AddsDomain

E. Rename-AdObject

F. Set-AdAccountControl

G. Set-AdGroup

H. Set-User

Answer: D

Explanation:

Installs a new Active Directory domain configuration

C:\PS>Install-ADDSDomain -Credential (Get-Credential CORP\EnterpriseAdmin1) -NewDomainName child - ParentDomainName corp.contoso.com -InstallDNS -CreateDNSDelegation -DomainMode Win2003 - ReplicationSourceDC DC1.corp.contoso.com -SiteName Houston -DatabasePath "D:\NTDS" –SYSVOLPath "D:\SYSVOL" -LogPath "E:\Logs" –NoRebootOnCompletion

Incorrect answers:

A: The Add-ADPrincipalGroupMembership cmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory groups.

B: The Install-ADDSDomainController cmdlet installs a domain controller in Active Directory.

Example: C:\PS>Install-ADDSDomainController -InstallDns -Credential (Get-Credential CORP\Administrator) -DomainName "corp.contoso.com"

C: Installs one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.

E: The Rename-ADObject cmdlet renames an Active Directory object.

F: The Set-ADAccountControl cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account.

G: The Set-ADGroup cmdlet modifies the properties of an Active Directory group. You can modify commonly used property values by using the cmdlet parameters.

H: The Set-User cmdlet is used to modify user attributes in Active Directory.

References:

http://technet.microsoft.com/en-us/library/hh974722.aspx

QUESTION NO: 16

Your network contains an Active Directory forest named contoso.com. The forest contains a single domain. The domain contains two domain controllers named DC1 and DC2 that run Windows Server 2012.

The domain contains a user named User1 and a global security group named Group1.

You need to add a new domain controller to the domain.

You install Windows Server 2012 on a new server named DC3.

Which cmdlet should you run next?

A. Add-AdPrincipalGroupMembership

B. Install-AddsDomainController

C. Install WindowsFeature

D. Install AddsDomain

E. Rename-AdObject

F. Set-AdAccountControl

G. Set-AdGroup

H. Set-User

Answer: B

Explanation:

The Install-ADDSDomainController cmdlet installs a domain controller in Active Directory.

Example: C:\PS>Install-ADDSDomainController -InstallDns -Credential (Get-Credential CORP\Administrator) -DomainName "corp.contoso.com"

Incorrect answers:

A: The Add-ADPrincipalGroupMembership cmdlet adds a user, group, service account, or computer as a new member to one or more Active Directory groups.

C: Installs one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2. This cmdlet is equivalent to and replaces Add-WindowsFeature, the cmdlet that was used to install roles, role services, and features in Windows Server 2008 R2.

D: Installs a domain in Active Directory.

E: The Rename-ADObject cmdlet renames an Active Directory object.

F: The Set-ADAccountControl cmdlet modifies the user account control (UAC) values for an Active Directory user or computer account.

G: The Set-ADGroup cmdlet modifies the properties of an Active Directory group. You can modify commonly used property values by using the cmdlet parameters.

H: The Set-User cmdlet is used to modify user attributes in Active Directory.

References:

http://technet.microsoft.com/en-us/library/hh974723.aspx

Site Search:

Close

Close
Download Free Demo of VCE
Exam Simulator

Experience Avanset VCE Exam Simulator for yourself.


Simply submit your e-mail address below to get started with our interactive software demo of your free trial.


Enter Your Email Address

Free Demo Limits: In the demo version you will be able to access only first 5 questions from exam.