True or false: joining a computer to active directory involves joining the computer to a workgroup.

Learn the most common Active Directory attacks, how they unfold and what steps organizations can take to mitigate their risk.

Taking the right steps to secure your Active Directory has never been more critical. Learn 8 Active Directory security best practices to reduce your risk.

Active Directory forest is a critical — but often underappreciated — element of the IT infrastructure. Learn what it is and how to manage it.

Businesses cannot operate without Active Directory up and running. Learn why and how to develop a comprehensive Active Directory disaster recovery strategy.

Active Directory delivers key authentication services so it’s critical for migrations to go smoothly. Learn 5 Active Directory migration best practices.

Active Directory security groups play a critical role in controlling access to your vital systems and data. Learn how they work.

In this article, we will show how to add a Windows 8 or Windows 8.1 client to a Windows Domain / Active Directory. The article can be considered an extention to our Windows 2012 Server article covering Active Directory & Domain Controller installation.

Our client workstation, FW-CL1, needs to join the Firewall.local domain. FW-CL1 is already installed with Windows 8.1 operating system and configured with an IP address 192.168.1.10 and a DNS server set to 192.168.1.1, which is the domain controller. It is important that any workstation needing to join a Domain, has its DNS server configured with the Domain Controller's IP address to ensure proper DNS resolution of the Domain:

Figure 1. FW-CL1 IPconfig

Now, to add the workstation to the domain, open the System Properties of FW-CL1 by right-clicking in the This PC icon and selecting properties:

Figure 2. System Settings

Next, click Advanced system settings option in the upper left corner. The System Properties dialog box will open. Select the Computer Name tab and then click on the Change… button to add this computer to the domain.

Figure 3. System Properties

In the next window, select the Domain: option under the Member of section and type the company's domain name. In our lab, the domain name is set to firewall.local. When done, click on the OK button.

Figure 4. Adding PC to Domain

The next step involves entering the details of a domain account that has permission to join the domain. This security measure ensures no one can easily join the domain without the necessary authority. Enter the domain credentials and click OK:

Figure 5. Enter Domain Credentials

If the correct credentials were inserted, the PC becomes a member of the domain. A little welcome message will be displayed. Click OK and Restart the PC to complete the joining process:

Figure 6. Member of Domain

The detailed operations that occur during a domain join can be found in the %systemroot%\debug\NETSETUP.LOG file.

At a higher level, when you join a computer in Active Directory, a Computer Account is created in the Active Directory database and is used to authenticate the computer to the domain controller every time it boots up.

This completes our discussion on how to join a Windows 8 & Windows 8.1 Client to Windows Domain - Active Directory.

Back to Windows 8/8.1 Section

1. Which of the following protocols is Active Directory based upon?
A.LDAP
B.L2TP
C.PPTP
D.PPP
E.IPSec
2. . Which of the following is not a component of Active Directory?
A.Group Policy
B.Internet Information Services
C.Distribution Groups
D.Security Groups
E.All of the above are components of Active Directory
3.Your manager asks you to configure Internet Explorer to display the banner “Provided by Company X.” How will you accomplish this?
A.Within group policy
B.Through Windows SUS
C.Using Local Security Policy of each machine
D.Using Computer Management of the domain server
4. What protocol provides automatic IP address configuration?
A.DNS
B.DHCP
C.ARP
D.TCP
5. Which of the following is not a potential advantage of an active directory domain?
A.Centralized user management
B.Single sign-in login
C.Enhanced security management
D.Ability to deploy software and settings on a large scale
E.Cross-platform compatibility
6. You are the administrator of an active directory domain. A user complains to you that he is unable to change his password. No other users have this issue. What is the most likely cause of the problem?
A.Insufficient login credentials
B.He is a member of the Administrators group
C.He is not a member of the domain
D.The property “User cannot change password” has been enabled in Active Directory Users and Computers
7. Which of the following is arranged in the correct Active Directory organizational order (largest to smallest)?
A.Forest, Domain, Tree, Branch, Computer
B.Tree, Forest, Domain, Computer
C.Computer, Forest, Domain, Tree
D.Forest, Tree, Computer, Domain
E.Forest, Tree, Domain, Computer
8. You are the administrator of a small business Active Directory domain server. Your users complain that they are unable to add more than 1 GB to their “My Documents” folders on their computers. What is the most likely cause of the issue?
A.Incorrect folder redirection configuration
B.Insufficient disk space on local machines
C.Incorrect configuration of disk management
D.Insufficient user credentials
E. User error
9. Which of the following is not an organizational unit within an Active Directory environment?
A.User
B.Security Group
C.Distribution Group
D.Computer
E.Administrative Group
10. Which of the following is a potential issue when converting a network from a workgroup to a domain?
A.Ensuring that computers correctly join the domain and users migrate from local to domain profiles
B.Reduced security as a result of domain login
C.Difficulty in users logging into the new, decentralized system
D.High difficulty in converting a Windows 2003 Server from a workgroup to domain server
E.Inability to effectively configure group security policy in a domain
11. Which of the following modes is associated with the backup and saving of critical domain server information?
A.Safe mode
B.Safe mode with networking
C.Safe mode with command prompt
D.Last known good configuration mode
E.None of the above
12. You are the manager and administrator of a large network using both Windows Server 2003 and UNIX infrastructure. Which of the following allows for limited cross-platform compatibility between the company domain COMPANY and the Unix nodes?
A.GPEDIT
B.SAMBA
C.IPCHAINS
D.KEREBOS
E.BASH
13. You are the administrator of a small business network that wishes to use an email server program, Microsoft Exchange, in conjunction with the domain you have established. You already use the domain server as both a DHCP server/gateway and a Windows domain controller. Which of the following is a potential issue when setting up the email server?
A.Domains are not compatible with other messaging services such as email and SMS servers
B.Domains operate on a different layer of the seven-layer network hierarchy
C.Computers on domains must be assigned the same IP address as the domain server
D.The firewall on the domain server could block the traffic from the email application
14. Which of the following groups can always login to a server via Directory Services Restore Mode?
A.Administrators only
B.Administrators and Power Users
C.Administrators, Power Users, and Backup Operators
D.Power Users and Backup Operators
E.Administrators and Backup Operators
15. A user complains that after repeated attempts at logging onto his domain account, he continues to receive the message that the username and/or password are incorrect. You are positive that he is entering the correct credentials to login to the domain server. Which of the following is the most likely explanation for this issue?
A.His network connection is not working correctly
B.The domain server is not recognizing his computer as a registered node
C.He is logging onto his computer and not the actual domain
D.The domain controller’s login server is not working correctly
E.He has a faulty Windows installation
16. What is a potential issue with allowing multiple concurrent connections to an IIS server that is used on the same server as a domain controller?
A.Security could be breached by a buffer overflow error
B.The bandwidth and processing power used to access IIS could take away from the available bandwidth/processing power of the domain controller
C.IIS often interferes with the correct operation of a domain controller
D.The SAM Security Database will undergo over-extension as it is being accessed too much by both the IIS and the domain servers
E.None of the above are potential issues
17. A user complains to you that he is experiencing difficulties with his Windows installation and wishes to re-install Windows. Which of the following utilities would you use to remotely perform an installation via network?
A.Netprep
B.Riprep
C.Config
D.Netconfig
E.None of the above
18. Which of the following is a typical concern involved in migrating from Windows 2000 Server to Windows Server 2003 with regard to Active Directory functionality?
A.Difficulty in migrating existing user accounts
B.Difficulty in migrating existing group policy
C.Reduced cross-platform compliance in Windows Server 2003
D.Compatibility of legacy applications on the new server
E.Compliance of Server 2003 with LDAP specifications
19. Your company runs Windows Server 2003 with an Active Directory domain controller and group policy. A user complains that he is experiencing trouble with his desktop, and explains that he is unable to change the image of the background of the screen. His username is JOHN and his group is USERS. Your manager asks you to resolve the issue. How can you best resolve this issue?
A.Disable group policy management for USERS
B.Disable group policy management for JOHN
C.Disable the desktop control policy option for USERS
D.Disable the desktop control policy option for JOHN
E.Add JOHN to a new group SPECIAL USERS, copy the group policy management settings from USERS, and apply it to SPECIAL USERS with the exception of the desktop policy option
20. You are the network administrator for a Windows-based network with 100 users. You wish to organize the users by the department in which they work – Accounting, Engineering, and so forth. You also wish to apply access controls to centrally located (server-side) resources based on those assigned groups. Without the installation of additional software, which of the following is not necessary to apply this access control scheme?
A.Active Directory
B.TCP/IP
C.Creation of non-default groups
D.Creation of group policy settings
E.Creation of access control list for server resources
21. Which of the following is an advantage of using login scripts in Active Directory?
A.They allow for routine and forced execution of commands and programs
B.They allow for scheduled, routine, and forced execution of commands and programs
C.They allow for scheduled and optional execution of commands and programs
D.They allow for routine and user-induced execution of commands and programs
E.They allow for scheduled and forced execution of commands and programs
22 Your manager asks you to implement a solution that would allow for the creation of two separate logical groupings of networked computers, both of which fall under a single, general company tree. Which of the following will accomplish this goal?
A.Create two forests and one domain
B.Create two trees and one domain
C.Create three domains
D.Create one forest and two domains
E.Create one forest, two trees, and four domains

23. Your manager asks you to crack down on extraneous Internet usage by deviant domain users. You are responsible for the domain controller only; the gateway and routing is administered by one of your peers. What should you tell your manager?
A.Internet access control is not a function of Active Directory, and therefore the request should be sent to a different administrator
B.You will install a DHCP server in conjunction with a WINS control server
C.You will configure Internet Access Control Options via Administrative Tools
D.You will configure Internet Information Services
E.You will configure Windows Firewall to restrict network traffic
24. Which of the following is true of Active Directory in regard to the seven-layer OIC networking hierarchy?
A.Active Directory operates in the Data Link layer
B.Active Directory operates in the Physical layer
C.Active Directory operates in the Network layer
D.Active Directory operates in the Presentation layer
E.None of the above
25. A user complains that he cannot access his account on the domain COMPANY and that the server reports that his account has been disabled. How would you best go about correcting the issue?
A.Delete his current account and create an account with an identical username and password
B.Copy his disabled account, rename the old account, and change the new account to the original name
C.Uncheck the “Account is Disabled” option under the Properties for his account
D.Check the “Account is Enabled” option under the Properties for his account
E.Assign him a new password and ask him to change it when he has logged on
26. Your manager asks you to implement a solution that allows domain users to share a common desktop background and certain desktop items. You go to Group Policy Management, but upon changing the settings, you notice that the desktops do not change. What should you first assume is the issue?
A.Group policy has been configured incorrectly
B.The computers/users are not in the correct groups in group policy
C.The PC requires a logoff/logon before the new settings will be pulled
D.The Windows installation on the PC is defective
E.The Windows Server 2003 installation on the server has not been configured correctly
27. Which of the following accurately describes the difference between a normal and a fault-tolerant DFS installation?
A.Fault-tolerant DFS stores all file system topology
B.Fault-tolerant DFS uses more processing power
C.Fault-tolerant DFS stores all file system topology on a separate server
D.Fault-tolerant DFS uses RAID 1
E.Fault-tolerant DFS is incapable of using RAID
28. Which of the following is not a hidden share on a Windows Server 2003 installation?
A.Admin$
B.IPC$
C.Printstor$
D.Print$
E.SYSVOL
29. You have a single Active Directory domain. All domain controllers run Windows Server 2008 and are configured as DNS servers. The domain contains one Active Directory-integrated DNS zone. You need to ensure that outdated DNS records are automatically removed from the DNS zone. What should you do?
A.From the properties of the zone, modify the TTL of the SOA record.
B.From the properties of the zone, enable scavenging.
C.From the command prompt, run ipconfig /flushdns.
D.From the properties of the zone, disable dynamic updates.
30.Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. The Audit account management policy setting and Audit directory services access setting are enabled for the entire domain. You need to ensure that changes made to Active Directory objects can be logged. The logged changes must include the old and new values of any attributes. What should you do?
A.Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
B.From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory service changes.
C.Enable the Audit account management policy in the Default Domain Controller Policy.
D.Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
31. Your company, Contoso Ltd has a main office and a branch office. The offices are connected by a WAN link. Contoso has an Active Directory forest that contains a single domain named ad.contoso.com. The ad.contoso.com domain contains one domain controller named DC1 that is located in the main office. DC1 is configured as a DNS server for the ad.contoso.com DNS zone. This zone is configured as a standard primary zone. You install a new domain controller named DC2 in the branch office. You install DNS on DC2. You need to ensure that the DNS service can update records and resolve DNS queries in the event that a WAN link fails. What should you do?
A.Create a new stub zone named ad.contoso.com on DC2.
B.Create a new standard secondary zone named ad.contoso.com on DC2.
C.Configure the DNS server on DC2 to forward requests to DC1.
D.Convert the ad.contoso.com zone on DC1 to an Active Directory-integrated zone.
32. Your company has a server that runs an instance of Active Directory Lightweight Directory Service (AD LDS). You need to create new organizational units in the AD LDS application directory partition. What should you do?
A.Use the dsmod OU command to create the organizational units.
B.Use the Active Directory Users and Computers snap-in to create the organizational units on the AD LDS application directory partition.
C.Use the dsadd OU command to create the organizational units.
D.Use the ADSI Edit snap-in to create the organizational units on the AD LDS application directory partition
33. Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role. DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role. You need to ensure that DC2 holds the Schema Master role. What should you do?
A.Configure DC2 as a bridgehead server.
B.On DC2, seize the Schema Master role.
C.Log off and log on again to Active Directory by using an account that is a member of the Schema Administrators group. Start the Active Directory Schema snap-in.
D.Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.
34. Your network consists of an Active Directory forest that contains one domain named contoso.com. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. You have two Active Directory-integrated zones: contoso.com and nwtraders.com. You need to ensure a user is able to modify records in the contoso.com zone. You must prevent the user from modifying the SOA record in the nwtraders.com zone. What should you do?
A.From the Active Directory Users and Computers console, run the Delegation of Control Wizard.
B.From the Active Directory Users and Computers console, modify the permissions of the Domain Controllers organizational unit (OU).
C.From the DNS Manager console, modify the permissions of the contoso.com zone.
D.From the DNS Manager console, modify the permissions of the nwtraders.com zone.
35. Your company has an Active Directory domain. All servers run Windows Server 2008 R2. Your company uses an Enterprise Root certificate authority (CA). You need to ensure that revoked certificate information is highly available. What should you do?
A.Implement an Online Certificate Status Protocol (OCSP) responder by using an Internet Security and Acceleration Server array.
B.Publish the trusted certificate authorities list to the domain by using a Group Policy Object (GPO).
C.Implement an Online Certificate Status Protocol (OCSP) responder by using Network Load Balancing.
D.Create a new Group Policy Object (GPO) that allows users to trust peer certificates. Link the GPO to the domain.
36. You have two servers named Server1 and Server2. Both servers run Windows Server 2008 R2. Server1 is configured as an enterprise root certification authority (CA). You install the Online Responder role service on Server2. You need to configure Server1 to support the Online Responder. What should you do?
A.Import the enterprise root CA certificate.
B.Configure the Certificate Revocation List Distribution Point extension.
C.Configure the Authority Information Access (AIA) extension.
D.Add the Server2 computer account to the CertPublishers group.
37. Your company has an Active Directory domain. A user attempts to log on to a computer that was turned off for twelve weeks. The administrator receives an error message that authentication has failed. You need to ensure that the user is able to log on to the computer. What should you do?
A.Run the netsh command with the set and machine options.
B.Reset the computer account. Disjoin the computer from the domain, and then rejoin the computer to the domain.
C.Run the netdom TRUST /reset command.
D.Run the Active Directory Users and Computers console to disable, and then enable the computer account.
38. Your company has an Active Directory forest that contains a single domain. The domain member server has an Active Directory Federation Services (AD FS) role installed. You need to configure AD FS to ensure that AD FS tokens contain information from the Active Directory domain. What should you do?
A.Add and configure a new account partner.
B.Add and configure a new resource partner.
C.Add and configure a new account store.
D.Add and configure a Claims-aware application
39. You network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2. You need to reset the Directory Services Restore Mode (DSRM) password on a domain controller. What tool should you use?
A.Active Directory Users and Computers snap-in
B.ntdsutil
C.Local Users and Groups snap-in
D.dsmod
40. Your company has a main office and a branch office. You deploy a read-only domain controller (RODC) that runs Microsoft Windows Server 2008 to the branch office. You need to ensure that users at the branch office are able to log on to the domain by using the RODC. What should you do?
A.Add another RODC to the branch office.
B.Configure a new bridgehead server in the main office.
C.Decrease the replication interval for all connection objects by using the Active Directory Sites and Services console.
D.Configure the Password Replication Policy on the RODC.
41. Your company has a single Active Directory domain named intranet.adatum.com. The domain controllers run Windows Server 2008 and the DNS server role. All computers, including non-domain members, dynamically register their DNS records. You need to configure the intranet.adatum.com zone to allow only domain members to dynamically register DNS records. What should you do?
A.Set dynamic updates to Secure Only.
B.Remove the Authenticated Users group.
C.Enable zone transfers to Name Servers.
D.Deny the Everyone group the Create All Child Objects permission.
42. Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2008 R2 and are configured as DNS servers. A domain controller named DC1 has a standard primary zone for contoso.com. A domain controller named DC2 has a standard secondary zone for contoso.com. You need to ensure that the replication of the contoso.com zone is encrypted. You must not lose any zone data. What should you do?
A.Convert the primary zone into an Active Directory-integrated stub zone. Delete the secondary zone.
B.Convert the primary zone into an Active Directory-integrated zone. Delete the secondary zone.
C.Configure the zone transfer settings of the standard primary zone. Modify the Master Servers lists on the secondary zone.
D.On both servers, modify the interface that the DNS server listens on.
43. Contoso, Ltd. has an Active Directory domain named ad.contoso.com. Fabrikam, Inc. has an Active Directory domain named intranet.fabrikam.com. Fabrikam's security policy prohibits the transfer of internal DNS zone data outside the Fabrikam network. You need to ensure that the Contoso users are able to resolve names from the intranet.fabrikam.com domain. What should you do?
A.Create a new stub zone for the intranet.fabrikam.com domain.
B.Configure conditional forwarding for the intranet.fabrikam.com domain.
C.Create a standard secondary zone for the intranet.fabrikam.com domain.
D.Create an Active DirectoryCintegrated zone for the intranet.fabrikam.com domain.
44. An Active Directory database is installed on the C volume of a domain controller. You need to move the Active Directory database to a new volume. What should you do?
A.Copy the ntds.dit file to the new volume by using the ROBOCOPY command.
B.Move the ntds.dit file to the new volume by using Windows Explorer.
C.Move the ntds.dit file to the new volume by running the Move-item command in Microsoft Windows PowerShell.
D.Move the ntds.dit file to the new volume by using the Files option in the Ntdsutil utility
45. Your company has file servers located in an organizational unit named Payroll. The file servers contain payroll files located in a folder named Payroll. You create a GPO. You need to track which employees access the Payroll files on the file servers. What should you do?
A.Enable the Audit process tracking option. Link the GPO to the Domain Controllers organizational unit. On the file servers, configure Auditing for the Authenticated Users group in the Payroll folder.
B.Enable the Audit object access option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.
C.Enable the Audit process tracking option. Link the GPO to the Payroll organizational unit. On the file servers, configure Auditing for the Everyone group in the Payroll folder.
D.Enable the Audit object access option. Link the GPO to the domain. On the domain controllers, configure Auditing for the Authenticated Users group in the Payroll folder.
46. Your company uses a Windows 2008 Enterprise certificate authority (CA) to issue certificates. You need to implement key archival. What should you do?
A.Configure the certificate for automatic enrollment for the computers that store encrypted files.
B.Install an Enterprise Subordinate CA and issue a user certificate to users of the encrypted files.
C.Apply the Hisecdc security template to the domain controllers.
D.Archive the private key on the server.
47. Your company has an Active Directory domain that runs Windows Server 2008 R2. The Sales OU contains an OU for Computers, an OU for Groups, and an OU for Users. You perform nightly backups. An administrator deletes the Groups OU. You need to restore the Groups OU without affecting users and computers in the Sales OU. What should you do?
A.Perform an authoritative restore of the Sales OU.
B.Perform a non-authoritative restore of the Sales OU.
C.Perform an authoritative restore of the Groups OU.
D.Perform a non-authoritative restore of the Groups OU.
48. Your network consists of a single Active Directory domain. The functional level of the forest is Windows Server 2008 R2. You need to create multiple password policies for users in your domain. What should you do?
A.From the Group Policy Management snap-in, create multiple Group Policy objects.
B.From the Schema snap-in, create multiple class schema objects.
C.From the ADSI Edit snap-in, create multiple Password Setting objects.
D.From the Security Configuration Wizard, create multiple security policies.
49. You have a domain controller that runs Windows Server 2008 R2 and is configured as a DNS server. You need to record all inbound DNS queries to the server. What should you configure in the DNS Manager console?
A.Enable debug logging.
B.Enable automatic testing for simple queries.
C.Configure event logging to log errors and warnings.
D.Enable automatic testing for recursive queries.
50. Your company has a main office and a branch office. The company has a single-domain Active Directory forest. The main office has two domain controllers named DC1 and DC2 that run Windows Server 2008 R2. The branch office has a Windows Server 2008 R2 read-only domain controller (RODC) named DC3. All domain controllers hold the DNS Server role and are configured as Active Directory-integrated zones. The DNS zones only allow secure updates. You need to enable dynamic DNS updates on DC3. What should you do?
A.Run the Dnscmd.exe /ZoneResetType command on DC3.
B.Reinstall Active Directory Domain Services on DC3 as a writable domain controller.
C.Create a custom application directory partition on DC1. Configure the partition to store Active Directory-integrated zones.
D.Run the Ntdsutil.exe > DS Behavior commands on DC3.
51. Your company has a branch office that is configured as a separate Active Directory site and has an Active Directory domain controller. The Active Directory site requires a local Global Catalog server to support a new application. You need to configure the domain controller as a Global Catalog server. Which tool should you use?
A.The Server Manager console
B.The Active Directory Sites and Services console
C.The Dcpromo.exe utility
D.The Computer Management console
E.The Active Directory Domains and Trusts console
52. Your company has a main office and three branch offices. The company has an Active Directory forest that has a single domain. Each office has one domain controller. Each office is configured as an Active Directory site. All sites are connected with the DEFAULTIPSITELINK object. You need to decrease the replication latency between the domain controllers. What should you do?
A.Decrease the replication schedule for the DEFAULTIPSITELINK object.
B.Decrease the replication interval for the DEFAULTIPSITELINK object.
C.Decrease the cost between the connection objects.
D.Decrease the replication interval for all connection objects.
53. Your company has two Active Directory forests named contoso.com and fabrikam.com. Both forests run only domain controllers that run Windows Server 2008. The domain functional level of contoso.com is Windows Server 2008. The domain functional level of fabrikam.com is Windows Server 2003 Native mode. You configure an external trust between contoso.com and fabrikam.com. You need to enable the Kerberos AES encryption option. What should you do?
A.Raise the forest functional level of fabrikam.com to Windows Server 2008.
B.Raise the domain functional level of fabrikam.com to Windows Server 2008
C.Raise the forest functional level of contoso.com to Windows Server 2008.
D.Create a new forest trust and enable forest-wide authentication.
54. Your company has an Active Directory forest that runs at the functional level of Windows Server 2008. You implement Active Directory Rights Management Services (AD RMS). You install Microsoft SQL Server 2005. When you attempt to open the AD RMS administration Web site, you receive the following error message: "SQL Server does not exist or access denied." You need to open the AD RMS administration Web site. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Restart IIS.
B.Manually delete the Service Connection Point in AD DS and restart AD RMS.

C.Both A. and D.
D.Start the MSSQLSVC service.
55. You are decommissioning domain controllers that hold all forest-wide operations master roles. You need to transfer all forest-wide operations master roles to another domain controller. Which two roles should you transfer? (Each correct answer presents part of the solution. Choose two.)
A.Domain naming master
B.Infrastructure master
C.RID master
D.Schema master
E.Both A. and D.
56. Your company has an Active Directory domain named ad.contoso.com. The domain has two domain controllers named DC1 and DC2. Both domain controllers have the DNS server role installed. You install a new DNS server named DNS1.contoso.com on the perimeter network. You configure DC1 to forward all unresolved name requests to DNS1.contoso.com. You discover that the DNS forwarding option is unavailable on DC2. You need to configure DNS forwarding on the DC2 server to point to the DNS1.contoso.com server. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Clear the DNS cache on DC2.
B.Configure conditional forwarding on DC2.
C.Configure the Listen On address on DC2.
D.Delete the Root zone on DC2.
E. Both B and D
57. Your company has an organizational unit named Production. The Production organizational unit has a child organizational unit named R&D. You create a GPO named Software Deployment and link it to the Production organizational unit. You create a shadow group for the R&D organizational unit. You need to deploy an application to users in the Production organizational unit. You also need to ensure that the application is not deployed to users in the R&D organizational unit. What are two possible ways to achieve this goal? (Each correct answer presents a complete solution. Choose two.)
A.Configure the Block Inheritance setting on the Production organizational unit.
B.Configure the Block Inheritance setting on the R&D organizational unit.
C.Configure the Enforce setting on the software deployment GPO.
D.Configure security filtering on the Software Deployment GPO to Deny Apply group policy for the R&D security group.
E. Both B and D
58. All consultants belong to a global group named TempWorkers. You place three file servers in a new organizational unit named SecureServers. The three file servers contain confidential data located in shared folders. You need to record any failed attempts made by the consultants to access the confidential data. Which two actions should you perform? (Each correct answer presents part of the solution. Choose two.)
A.Create and link a new GPO to the SecureServers organizational unit. Configure the Deny access to this computer from the network user rights setting for the TempWorkers global group.
B.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit privilege use Failure audit policy setting.
C.Create and link a new GPO to the SecureServers organizational unit. Configure the Audit object access Failure audit policy setting.
D.On each shared folder on the three file servers, add the TempWorkers global group to the Auditing tab. Configure the Failed Full control setting in the Auditing Entry dialog box.
E.Both C and D
59. When a computer learns another computer's MAC address, it keeps the address in its ...
A.arp cache
B.arp file
C.arp query
D.bit bucket
60. What is the only real downside of stub zone?
A.like conditional forwarders, if a DNS server's address changes, it must be updated maunally
B.it can only hold CNAME records
C.you have to configure zone transfers
D.Additional traffic created by replicating zone information
61. When configuring folder and file permissions, use the _____ button on the folder properties Security tab to change which groups and users have permissions to a folder.
A.General
B.Edit
C.Modify
D.Tools
62. In the Windows environment, a _____ is a group of DLLs, information files, and programs that processes print jobs for printing.
A.driver
B.renderer
C.queue manager
D.spooler
63. What is the IPv6 equivalent of IPv4's loop back address of 127.0.0.1?
A.127.0.0.1
B.fe80:0:0:0:0:0:0:1
C.0:0:0:0:0:0:fe80
D.::1
64. You're taking an older server performing the PDC emulator master role out of service and will be replacing it with a new server configured as a domain controller. What should you do to ensure the smoothest transition?
A.Transfer the PDC master role to the new domain controller, and then shut down the old server
B.shutdown the current PDC master and seize the PDC master role from the new domain controller
C.back up the domain controller that's currently the PDC master, restore it to the new domain controller, then shut down the old PDC master
D.shutdown the current PDC master, and then transfer the PDC master role to the new domain controller
65. Which of the following is an important requirement for running Hyper-V?
A.Must have at least Windows Server 2008 Web Edition installed
B.Must have a multi core CPU
C.Must have a multi socket motherboard
D.Must have at least Windows Server 2008 64-bit Standard Edition
66. A ______ is one in which every child object contains the name of the parent object.
A.disjointed namespace
B.logical namespace
C.contained namespace
D.contiguous namespace
67. For several hours now, your IT staff has been trying to troubleshoot an issue on AppSrv1. AppSrv1 uses an application that requires it to access SQL database on a server named DBSrv1 but recent changes in the network topology have outdated previous DNS entries. Initially, the problem is believed related to the DNS database, but after using nslookup, you find that the DNS entry is correct. AppSrv1 can reach the DBSrv1 server manually by IP address, but when using a name, it resolves to the wrong machine. What is most likely the issue?
A.AppSrv1 has a static route entry to DBSrv1
B.nslookup was pulling from the correct DNS server, but the computer is configured with the wrong DNS server
C.A conditional forward zone has not been set up properly
D.someone added a static entry for DBSrv1 in the hosts text file which is now outdated.
68. A _____ is a TCP/IP-based concept (container) within Active Directory that is linked to IP subnets.
A.forest
B.domain
C.site
D.tree
69. One of your partner organizations currently has to provide logon credentials to access criticial applications on your extranet's web site. While this has worked in the past, a recent metting has brought to light the need for singole sign-on capabilities for the website. After researching the issue, you discover that one of Windows Server 2008's new Active Directory roles can help solve the problem. Which of the following answers allows you to create a trust relationshiop between your extranet and your partner organization?
A.Active Directory Federation Services (AD FS)
B.Active Directory Lightweight Directory Services (AD LDS)
C.Active Directory Rights Management Services (AD RMS)
D.Active Directory Advanced Integration Services (AD AIS)
70. Under what MMC would you create new connection objects?
A.Active Directory Sites and Services
B.Active Directory Users and Computers
C.Active Directory Network and Connection Objects
D.Active Directory Domains and Trusts
71. Which of the following features is not present in Windows Server 2003 domain functional level?
A.Domain controller renaming
B.selective authentication
C.logon timestamp replication
D.fine-grained password policies
72. If you make changes to an existing GPO that is already linked in Active Directory, how fast do the policy settings take effect?
A.50 seconds
B.30 minutes
C.1 hour
D.As soon as the client downloads them
73. To _____ an object means to make it available for users to access when they view Active Directory contents.
A.inherit
B.control
C.present
D.publish
74. If multiple default gateways are assigned to a computer (such as a multihomed server), what determines which default gateway will be used?
A.a random process
B.the default gateway with the highest address is the one used
C.the metric
D.the gateway on the smaller subnet will be used
75. Which of the following tools is the basic application responsible for loading more useful management related snap-ins?
A.Disk Management
B.Internet Information Services Manager
C.Hyper V Manager
D.Microsoft Management Console
76. If multiple servers are specified in the forwarders tab of a server's Properties, what happens if a query is made and none of the forwarders provide a response?
A.a normal recursive lookup process is initiated, starting with a root server
B.the query fails and the DNS server sends a failure reply to the client
C.the query is then passed to conditional forwarders
D.the query is cached until it can be resolved
77. You are in charge of a domain that contains several office rooms and one large computer commons area. In order to secure accounts in the domain, you want to apply separate account policies for the computers in the commons area, while maintaining the policies that are used in the office rooms. Currently, all computers are in the Computers folder. What is the most efficent way to accomplish this task?
A.Create a new OU called "CommonsArea" and move the commons area computer accounts into it. Create a new GPO and configure the desired account policies. Link the new GPO to the CommonsArea OU
B.Create a new domain on a new domain controller to service the commons area
C.The policy settings must be assigned manually on the local computer GPO's in the commons area
D.Create a new GPO and specify the computer accounts of the computers in the commons area then apply the desired account policies. Finally, link the new GPO to the domain.
78. One of the below IP address / subnet mask pairs is invalid; find the invalid answer.
A.10.0.239.254/255.0.255.0
B.172.31.1.200/255.255.0.0
C.192.168.2.190/255.255.255.128
D.10.200.139.1/255.255.255.248
79. Which of the following is not a common way to configure DNS for a forest trust?
A.Conditional forwarders
B.Stub zone
C.secondary zone
D.Caching DNS
80. Which is not a benefit of using virtual machines?
A.virtual machines consolidate resources
B.virtualization isolates critical applications for testing and troubleshooting purposes
C.virtual machines can be used to provide access to multiple OSs in an educational environment
D.virtual machines have reduced hardware and software requirements
81. The Network Devices Enrollment Services (NDES) allows network devices such as routers and switches, to obtain certificates by using a special Cisco proprietary protocol known as ....
A.Simple Certificate Enrollment Protocol (SCEP)
B.Special Device Certification Protocol (SDCP)
C.Secured Network Device Protocol (SNMP)
D.Special Certificate Enrollment Protocol (SCEP)
82. Last Friday, your organization deployed a brand new Server Core installation of Windows Server 2008. To simplify adminstrative tasks and to prevent downtime your organization makes use of monitoring software that continually tests connectivity. This monitoring software then sends text messages to a specific group of administrators if it should detect that a server is unreachable for any reason. On Monday, when the Server Core's IP address was placed into the monitoring software, the group of administrators received a text almost immediately telling them that the Server Core machine was unreachable. The administrator on-call says that on Friday, he was able to ping the Server Core box to a well known internet address, as well as several servers on the local network. On Monday, he attempts to ping the Server Core installation from his workstation for the first time and does not receive a response. Assuming that the Server Core installation is using default settings, what is most likely the issue?
A.Over the weekend, Windows Update ran and downloaded a driver update for the ethernet card without disabling the original driver, causing it to malfunction. Using the command waus.exe /purge /recent should fix the issue
B.the Server Core machine has the TCP/IP protocol enabled on the outgoing protocol list for the configured network interface, but not for the incoming list. It must be added in the interface's Properties dialog box
C.The network cable is installed for the server has failed over the weekend, and should be replaced to restore normal network connectivity.
D.Windows Server 2008's firewall is blocking ICMP Echo Request packets by default. To fix the issue, you must type netsh firewall set icmpsetting 8
83. A(n) ______ is a list of privleges given to an account or security group granting access to an object, such as a shared folder or shared printer.
A.ACL
B.ACE
C.attribute list
D.GPO
84. Windows Server 2008 is activated automatically after several days. However, if it can't be activated, how many days do you have to active Windows Server 2008 before you can no longer log on?
A.30 days
B.15 days
C.60 days
D.90 days
85. If correct time zone information is not used and your servers' clocks run at different times, what is most likely to have issuses on your network?

A.Windows Update
B.IP address assignment
C.program performance
D.User authentication
86. When examining a Workgroup Model, a Windows Server 2008 server that participates in a workgroup is referred to as a _____.
A.domain controller
B.member server
C.stand-alone server
D.stand-alone member server
87. You are constructing a server for a small office complex that will run for approximately 12 hours everyday. Because of a limited budget, you have decided to use a disk subsystem that is inexpensive and offers excellent performance. Pick the technology that best fits this description.
A.SCSI
B.SATA
C.PATA
D.SAS
88. The main purpose of Active Directory is to _.
A.Provide authentication and authorization to users and computers.
B.Provide File and Print services
C.Give administrators the ability to control access to restricted hardware
D.allow users to organize their files systems into a cohesive and high performance directory structure
89. What command can you type to perform a system state backup?
A.wbadmin start systemstatebackup
B.wbadmin start sysstatebackup
C.wbadmin begin systemstatebackup
D.wbadmin start statebackup
90. Which command below can be used to add your Server Core system as a domain member?
A.netdom
B.dcpromo
C.netsh
D.domjoin
91. When using HTTPS, after the web client finds that CA is trusted and the signature on a certficate is verified, the web client sends additional parameters to the server that are encrypted with the server's ....
A.Private key
B.Public key
C.Secret key
D.Ciphertext
92. What does round robin do?
A.Allows an administrator to configure multiple routes that user must make "rounds" through in order to reach a service, improving security
B.causes network performance issues by continuously rotating the IP addresses associated with services
C.creates invalid DNS records by disabling DNS timestamp scavenging
D.creates a load sharing/ balancing mechanism for servers that have identical services, such as two servers that hose the same website.
93. What type of information does a resource record of type A contain?
A.host
B.name server
C.state of authority
D.IPv6 host
94. Windows Server 2008 Enterprise is capable of being configured with failover clustering for up to how many nodes?
A.4 nodes
B.8 nodes
C.16 nodes
D.30 nodes
95. _____ are used in Microsoft operating systems to provide a consistent working environment for one or more users.
A.Environments
B.Settings
C.Templates
D.Profiles
96. You work for the large Example.com corporation. Recently, Example.com has been adding new branch offices at a steady rate. Just last week, a new branch office was created and now you have been put in charge of configuring group policy settings for the branch office. Because this branch office will be fairly large, it will be set up as a separate domain. Since there are several branch offices with similar GPO requirements, you want to be able to make use of GPOs that have already proven to be useful. What is the easiest way to make the policies in this new branch office similar to those already in place?
A.Manually recreate all GPO settings from the other domains and link them to the new domain
B.Use GPO migration by adding the domains with the policies you want to GPMC, and then copy and paste them.
C.Use CSVDE import the GPOs via comma separated values in text files
D.backup the desired GPOs on the domains you want to mimic, then restore the GPOs in the new domain.
97. You are the administrator of a domain whose users are experiencing difficulties in properly updating their respective Windows installations with the latest upgrades and patches. Which of the following is the best solution?
A.Disable Active Directory and manage the machines as a workgroup
B.Disable the “Manage my Own Security” option within Control Panel
C.Use Group Policy to require the regular automatic updating of Windows
D.Employ Windows Server Update Services in conjunction with Group Policy
98. What is a major drawback to enabling the auditing of object access?
A.decreased security
B.too much information is logged
C.not ideal for highly secure environment
D.involves considerable overhead
99. When a print job is processed over the Internet or an intranet, _____ must be installed and running in Windows Server 2008.
A.Windows Distribution Services (WDS)
B.Internet Information Services (IIS)
C.Windows Support Services (WSS)
D.Web Server Service (WSS)
100. Which description best fits the CA Administrator role?
A.Approves requests for certificate enrollment and revocation
B.manages auditing logs
C.configures and maintains CA servers, and can assign all other CA roles and renew the CA certificate
D.Able to backup and restore files and directories
101. GPC replication between domain controllers in the same site occurs at about what interval after a change has been made by default?
A.20 seconds
B.50 seconds
C.30 seconds
D.15 seconds
102. What is the Microsoft recommendation for placement of global catalog servers?
A.Install a global catalog server in a site once it is larger than 50 accounts and the number of DCs is greater than 2
B.install a global catalog server in a site once it is larger than 500 accounts and the number of DCs is greater than 2
C.Install a global catalog server in a site once it is larger than 1,000 accounts and the number of DCs is greater than 4
D.install a global catalog server in a site once it is larger than 5,000 accounts and the number of DCs is greater than 8
103. If your creating a shortcut trust between domains in different forests, this must exist first:
A.Realm trust
B.External trust
C.Another shortcut trust
D.forest trust
104. What must be done to allow a user to be able to access a file encrypted with EFS over a network connection?
A.Certificate autoenrollment must be configured
B.the user must be given the correct permissions
C.the users SID must be exported to the remote machine
D.this can not be accomplished
105. The ______ stores information about every object within a forest.
A.global catalog
B.global master
C.schema master
D.master catalog
106. Which of the following Windows Server 2008 editions has no upgrade path?
A.Standard Edition
B.Enterprise Edition
C.Datacenter Edition
D.Web Server Edition
107. What option under the General tab in the Properties dialog box of a forest trust is only availble for use betweeon two Windows Server 2008 domains?
A.direction of trust
B.transitivity of trust
C.the other domain supports Kerberos AES Encryption
D.Validate
108. Increased network usage has inspired your staff to install a new DNS server. After much consideration, you have decided to also make the new server a domain controller as well. One of your interns is curious as to what benefit this would provide to DNS over simply making the DNS server a member server.
A.The server can do zone transfer for stub zones
B.The AD-integrated domain DNS zones will be created automatically
C.Active Directory integrated secondary zones would be possible
D.resource consolidation
109. Active Directory was first introduced in which operating system?
A.Windows 2000 Server
B.Windows XP SP2
C.Windows 2003 Server
D.Windows Vista
110. Where do users log in when joining an Active Directory domain?
A.application
B.individual computer
C.domain
D.server
111. There are two basic classes of objects in an Active Directory domain. Which of the following is an object?
A.logical
B.leaf
C.tree
D.attribute
112. Which of the following is a main group type found in Active Directory?
A.security
B.domain
C.global
D.universal
113. Which group is used most often when designing an Active Directory infrastructure?
A.distribution
B.universal
C.global
D.security
114. Which group is used for nonsecurity-related functions, such as sending email messages to a collection of users?
A.distribution
B.universal
C.global
D.security
115. DNS naming limitations call for a maximum of how many characters per domain name?
A.32
B.63
C.128
D.255
116. What type of compatibility are functional levels designed to provide in Active Directory installations running domain controllers with various versions of the Windows Server operating system?
A.functional
B.forward
C.backward
D.existing
117. What is the name of the communications protocol called for by the original X.500 standard?
A.Directory Access Protocol

B.Data Access Protocol
C.Lightweight Directory Access Protocol
D.Lightweight Data Access Protocol
118. The Read-Only Domain Controller (RODC) supports only incoming replication traffic. As a result, what is it possible to do when using a Read-Only Domain Controller?
A.create Active Directory objects
B.modify Active Directory objects
C.delete Active Directory objects
D.none of the above
119. A site topology consists of all of the following Active Directory object types except __________.
A.Sites
B.Subnets
C.Subnet Links
D.Site Links
120. When using the subzone method, you can leave the Internet DNS servers in place and use Windows Server 2008 DNS servers to host the zone for the subdomain. Which of the following is a configuration change that you must make?
A.You must use your domain controllers as your DNS servers.
B.You must use your Internet DNS servers to host your Active Directory domains.
C.You must turn on dynamic updates on the DNS servers.
D.You must configure Internet DNS servers to delegate the Active Directory subdomain to the Windows Server 2008 DNS servers.
121. Which of the following isnota reason for creating an organizational unit?
A.assigning Group Policy settings
B.duplicating organizational divisions
C.implementing domains
D.delegating administration
122. Which of the following isnota variable that can affect the performance of an Active Directory installation?
A.length of the domain name you create
B.hardware you select for your domain controllers
C.capabilities of your network
D.types of WAN links connecting your remote sites
123. To use a Windows Server 2008 computer as a domain controller, you must configure it to use a(n) __________.
A.APIPA address
B.address supplied by a DHCP server
C.static IP address
D.none of the above
124. Every Active Directory domain should have a minimum of __________ domain controllers.
A.one
B.two
C.three
D.four
125. An Active Directory domain controller can verify a user’s identity by which of the following methods?
A.smart cards
B.passwords
C.biometrics
D.all of the above
126. Which of the following isnota reason why you should try to create as few domains as possible when designing an Active Directory infrastructure?
A.A license must be purchased from Microsoft for each domain you create.
B.Additional domains increase the overall hardware and maintenance costs of the deployment.
C.Some applications might present security issues when working in a forest with multiple domains.
D.Additional domains increase the number of administrative tasks that must be performed.
127. Which of the following Active Directory elements provides a true security boundary?
A.organizational units
B.domains
C.domain trees
D.forests
128. What is the primary difference between global and universal groups?
A.Global groups decrease the amount of replication traffic between sites.
B.Universal groups add more data to the global catalog.
C.You can use universal groups across the board if your network consists of multiple sites.
D.Global groups add more data to the universal catalog.
129. Unlike organizational units, you cannot assign Group Policy settings to computer objects, nor can you delegate their administration.
A.True
B.False
130. Subdomains in a tree inherit permissions and policies from their parent domains.
A.True
B.False
131. You can drag and drop leaf objects, such as users and computers, between OUs, but not between domains.
A.True
B.False
132. When you want to grant a collection of users permission to access a network resource, such as a file system share or a printer, you can assign permissions to an organizational unit.
A.True
B.False
133. Active Directory is one of the easiest technologies to test because an isolated lab environment usually can emulate many of the factors that can affect the performance of a directory service.
A.True
B.False
134. What are the requirements to enable the Active Directory recycle bin in Windows Server 200
A.All DCs must be running Windows Server 2008 R2
B.Adprep to prepare both the forest and domain
C.Raise the functional level of the forest and domains to Windows Server 2008 R2
D.All of above
135. This Windows 2000 component stores all of the objects that make up a Windows 2000 network, such as user objects, group objects, and computer objects. It also provides the services that enable users to locate objects on the network and also provides administrators with the tools that are necessary to manage a Windows 2000 network." What does this best describe? Select one.
A.WINS
B.DNS
C.Domain
D.Active Directory
136. What are sites and domains, and how are they different from each other? Select two.
A. A domain is a logical grouping of servers and other network resources under a single domain name. It is also a component of the Active Directory logical structure.
B. A domain is a logical grouping of servers and other network resources under a single domain name. This is also a component of the Active Directory physical structure.
C. A site is a combination of one or more IP subnets that are connected by a high-speed link. This is also a component of the Active Directory physical structure.
D. Both A and C.
137. Which of the following best describes a tree and a forest? Select two
A. A tree is a group of one of more domains, all of which share a contiguous DNS namespace.
B. A forest is a group of one or more domains, all of which share a contiguous DNS namespace.
C. A forest is a collection of two or more trees that form a noncontiguous DNS namespace.
D. Both A and C
138. This Windows 2000 service provides name resolution of fully qualified domain names, such as acme.com. It also has the ability to map fully qualified domain names to the corresponding IP addresses, and defines the namespace. This also allows clients to locate servers that provide necessary services, such as the global catalog and authentication." What service does this best describe? Select one.
A. WINS
B. DNS
C. DHCP
D. Active Directory
139. When an administrator runs dcpromo command in Windows Server 2003 to install Domain, setup fails with the following message "Active Directory installation failed. The network location could not be reached." What may be the problem ?
A.DNS
B.Default gateway
C.Network adapter
D.Administrative privileges
140. As the network administrator of a Windows 2003 network, when you were monitoring your network securities, you discovered that most of the users have been using the same password ever since their accounts were created. You want to secure your password policies so that users must change their passwords periodically. What will be your course of action?
A.Enforce password history
B.Minimum password age
C.Maximum password age
D.Both A and C
141.You are the network administrator and responsible for handling your company's domain sales.microsoft.com running in Windows Server 2003. Your domain accidentally crashes and when you re-run the dcpromo command to promote it again as domain controller with the same name, it fails. What may be the problem?
A.DNS zone conflicting with the same name
B.Some old objects with same name conflicting for the new server
C.Latest service pack is missing
D.Run ipconfig/flusdhns command
142.Which of the following commands provide maximum information related to capacity statistics such as megabytes per server and per object class, and to compare two directory tree across replicas in the same domain?
A.repadmin
B.replmon
C.netdiag
D.dsastat
143.You are the administrator of a Windows 2003 domain. The domain has 100 users working on Windows XP. You want to allow all users to change their desktop setting if they try to work on any Windows XP computer. But their altered desktops should not be saved once they log off. What should you do in this scenario?
A.Edit GPO to set the customize desktop
B.Change the ntuser.dat file to ntuser.man in profiles directory
C.Schedule a batch to run at some interval to delete the user's home directory at each client computer
D.Configure a roaming profile for each user in the network
144.Which of the following commands are useful for troubleshooting Active Directory replication failure due to incorrect DNS configuration?
A.ipconfig/registerdns
B.dcdiag /test:registerdns /dnsdomain
C.dcdiag /test:connectivity
D.Both B and C
145.You are the network administrator for your company. One user account named Mike often needs to be moved between sales and marketing group. But the changes are not taking effect. Which of the following FSMO role may be responsible for that?
A.RID Role
B.Infrastructure role
C.PDC emulator role
D.Domain naming role
146.Which of the following FSMO roles mostly affects the network users functionality immediately?
A.PDC Emulator role
B.Infrastructure role
C.Domain name master
D.RID master role
147.You are the network administrator of an Aerospace Company.Your company's policy clearly states for renaming of Guest account on all computers in domain.You have no time to edit name manually on each computer.You need to do it immediately.What should you do ?
A.Create a login script and apply it on Default Domain Group Policy
B.Instruct user to enable remote desktop and change their name from server using remote desktop
C.Use GPO to rename Guest account at the Default Domain Group Policy
D.Send network message to all users to rename guest account
148.The network of ABC TOYS company consists of Windows Server 2003 and 5000 Windows XP Clients. Sometime, users report missing data from the server. The network administrator wants to find the user deleting the files. He created a GPO and assigned it on the ABC Toys domain. Which actions should he audit?
A.Process tracking
B.Account login events
C.Object access
D.Privileged access
149. Your network consists of three Windows 2003 Domain Controllers named DC-1, DC-2 and DC-3. DC-3 doesnot hold any FSMO roles. After backing-up the System State Data Back-up of all DCs, DC-3 disk failed. You replaced the failed disk with a new disk and installed Server 2003 on the new disk. What should you do next on DC-3?
A.Restore the System State Data back-up from Directory Services restore Mode
B.Run Windows Back-up on DC-1 and restore the same on DC-3
C.Run Active Directory installation wizard to make the new computer a replica in the domain
D.Force replication from Active Directory Sites and Services to DC-3
150.You are the administrator of a Windows 2003 domain. According to company policy, you created an OU and applied a GPO restricting Control Panel access to users. Later on, your company policy changed and you allow Control Panel access to some of the users in that OU. The policy also states that their membership be kept as it is without moving them to other groups or OUs.How will you allow Control Panel access to some users thereby restricting access to others in the same OU?
A.Deny Apply Group Policy permission to users from the properties of Control Panel GPO.
B.Create a new security group, move all users to that group, and deny GPO permissions
C.Add users to Domain Administrator group
D.Select Block Policy Inheritance from the properties tab of OU.