Sie sind auf Seite 1von 3

MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration, 1423903188

Ch. 3 Solutions-1

Chapter 3 Solutions
Review Questions
1. Which of the following best describes a directory service?
b. Similar to a database program but with the capability to manage objects in it
2. Which of the following is a feature of Active Directory? (Choose all that apply.)
a. Fine-grained access controls
b. Can be distributed among many servers
3. What term is used for transferring Active Directory information among domain controllers?
replication
4. Which of the following is a component of Active Directory’s physical structure?
c. Sites
5. Which of the following is the responsibility of domain controllers? (Choose all that apply.)
a. Storing a copy of the domain data
b. Providing data search and retrieval functions
d. Providing authentication services
6. Groups are considered an organizing component of Active Directory. True or False?
False
7. Which of the following is not associated with an Active Directory tree?
b. A container object that can be linked to a GPO
8. Which of the following is associated with an Active Directory forest? (Choose all that apply.)
a. Contains trees with different naming structures
b. Allows independent domain administration
d. Represents the broadest element in Active Directory
9. Which of the following is associated with installing the first domain controller in a forest?
c. Global catalog
10. The Active Directory database and log files should always be located on the same disk. True
or False?
False
11. Which MMCs are added after Active Directory installation? (Choose all that apply.)
a. Active Directory Domains and Trusts
c. ADSI Edit
12. You run the Add Roles Wizard in Server Manager to add the AD DS role. After the wizard is
finished, you check the Administrative Tools folder but don’t find any of the Active Directory
management tools. What should you do?
Run Dcpromo.exe.
13. Which of the following defines the types of objects in Active Directory?
MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration, 1423903188
Ch. 3 Solutions-2

d. Schema classes
14. Which of the following defines the types of information stored in an Active Directory object?
c. Schema attributes
15. “John Doe” is an example of which of the following?
b. Attribute value
16. Which of the following is a container object? (Choose all that apply.)
a. Domain
d. OU
17. Which of the following is a default folder object?
a. Computers
18. Which type of account is not found in Active Directory?
b. Local user account
19. You have just created a shared folder on your domain controller. You publish the share in
Active Directory by using the Shared Folders snap-in in Computer Management. To make
sure the shared folder was published correctly, you use the Search Active Directory tool in
Windows Explorer. You can find the shared folder, but when you open Active Directory Users
and Computers, you can’t locate the object representing the shared folder. What should you do
so that you can see this object in Active Directory Users and Computers?
Click View, Users, Contacts, Groups, and Computers as containers from the Active Directory Users
and Computers menu, and then click to expand the domain controller icon in the Domain Controllers
OU.
20. To which of the following can a GPO be linked? (Choose all that apply.)
b. Domains
d. Sites
21. Which container has a default GPO linked to it?
d. Domain
22. When are policies set in the User Configuration node applied?
c. At user logon
23. Users can override settings in the Preferences folder of a GPO. True or False?
True
24. Which of the following is a folder under the Computer Configuration node? (Choose all that
apply.)
a. Administrative Templates
d. Windows Settings
25. If a policy is defined in a GPO linked to a domain, and that policy is defined with a different
setting in a GPO linked to an OU, which is true by default?
a. The policy setting in the GPO linked to the OU is applied.

Case Projects

Case Project 3-1: Configuring Active Directory


MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration, 1423903188
Ch. 3 Solutions-3

Creating four new OUs to represent the four departments makes the most sense. Each OU should
include user, group, and computer objects. The existing computer objects in the Computers folder
should be moved to the corresponding OUs. The Domain Controllers OU should contain both DCs
created in case projects from previous chapters. Students should be encouraged to consult Figures 3-2
through 3-4 in creating their diagrams.
Case Project 3-2: Explaining GPOs

Students should explain that GPOs enable administrators to define settings that affect users and
computers and include information about the four places that GPOs can be applied: local computer,
sites, domains, and OUs. In addition, they should explain how a policy applied at a domain can be
overridden by a policy defined at the OU. Therefore, a set of policies can be defined that affect the
entire domain, but if one department requires different settings, a GPO can be linked to that
department’s OU.
Case Project 3-3: Creating the Group Policy Structure

1. Policy requirement: Lock out all users from Control Panel with the exception of Engineering
Department users
GPO required: Default Domain Policy applied to the domain
Path to policy: User Configuration\Policies\Administrative Templates\Control Panel\Prohibit access
to the Control Panel
Policy setting: Enabled
GPO required: New, applied to the Engineering OU
Path to policy: User Configuration\Policies\Administrative Templates\Control Panel\Prohibit access
to the Control Panel
Policy setting: Disabled
2. Policy requirement: Auditing should be enabled on all computers in the domain
GPO required: Default Domain Policy applied to the domain
Path to policy: Computer Configuration\Policies\Windows Settings\Security Settings\Local
Policies\Audit Policy\Audit logon events
Policy setting: Enable both success and failure events
3. Policy requirement: Marketing Department users should have a new application available on any
computer where they log on
GPO required: New, applied to the Marketing OU
Path to policy: User Configuration\Policies\Software Settings\Software Installation
Policy setting: Specify the application name and assign it to users