142 Tips for Passing the

Microsoft Windows Professional 70-219 Exam

by Emmett Dulaney, MCT, MCSE

1.0 Analyzing Business Requirements

1. Identifying the business model is necessary because similar businesses often have
similar needs and requirements.

2. Knowing the geographic scope can help define the infrastructure employed by the
IT department.

3. The five possible geographic models are: Regional, National, International,

Subsidiary, and Branch Office.

4. The Regional model: When implementing technologies that are within companies
restricted to regional boundaries, you can often pay less attention to such things as
international translations than you would with different models.

5. The key to the Regional model is that all sites must be within a single, well-defined
geographic area.

6. The scale of the National model is grander than that of the Regional model. You
can still often overlook many factors such as international regulations, but you must
consider time zones, local laws, and so forth.

7. By definition, all sites within the National model must be contained within a single
nation.

8. By definition, international boundaries are crossed in the International model.

Importance must be paid to languages/translations, regulations, laws, and time
zones. Representatives from all countries should be involved in IT decision-making
processes.

9. Under the Subsidiary model, subsidiaries are part of a larger company, but function
independently. When working with a subsidiary of a larger conglomerate, make
 certain that approval for the solution generated will be acceptable to the parent
company if there is a complex relationship between the two.

10. Under the Branch Office model, you must go to lengths to verify that solutions
implemented at the branch offices work with technologies employed throughout the
rest of the company.

11. Branch offices are wholly controlled by other entities (corporate offices).

12. All company processes should be documented and diagrammed. Of key importance
are the processes related to information flow, communication flow, service/product
lifecycles, and decision-making.

13. Information flow: How information moves throughout the company. This typically
follows the organization chart, but can differ with geographic breaks.

14. Communication flow: Rather than being how the information is disseminated, it
focuses more on how the information is used. Does a customer hear something to
make them want to buy more of your product, or less? Does a customer tell you
something they heard about your company that makes you want to send out a
resume?

15. Communication flow differs from information flow in that it often lacks formal
structure and comes about as a result of communication with others (customers,
vendors, etc.).

16. Service/product lifecycles: The lifespan of the product. Services can have a lengthy
or short lifespan and can encompass leases from DHCP, authentication from a
domain controller, and so on.

17. Decision-making process: Does the Chief Technology Officer need to approve all
expenditures, or can they be signed-off on at a lower level?

18. Decision-making can either follow the organizational chart or can be completely
dispersed if the company practices empowerment (allowing the employees the
power to make key decisions within structured guidelines).
19. When deciding business requirements, its important to analyze existing and
planned organizational structures. These categories can break down into the
following key areas: management model; company organization; vendor, partner,
and customer relationships; and acquisition plans.

20. Different risk models can be associated with different management models. One of
the most common management models is departmental, in which each department
is geared around a function (sales, research, etc.). Other models include project-
based and cost center-based.

21. When analyzing the management model, determine whether you are dealing with a
family-owned business, a privately held business, or a public company with a CEO
and Board of Directors.

22. Company organization: Some organizations are divided by products (transmissions

in one division, four-wheel-drive axles in another, etc.), whereas other
organizations divide operations and responsibilities purely on geographic terms.

23. Vendor/partner/customer relationships: Know the contact points and whether web
presence is offered on an Internet, intranet, and/or extranet basis.

24. Vendors can be external (the traditional model) or internal if each department acts
as a cost center.

25. Acquisition plans: Is the company you are designing a solution for actively seeking
acquisitions (meaning you must plan for future growth), or are they a likely
acquisition target?

26. Never assume a companys priorities are constant. They can change with
management teams, market shifts, etc. During the design process, find out what the
priorities are and where interest lies.

27. Factors that can influence company strategies include company priorities, projected
growth and strategy, relevant laws and regulations, the company's tolerance for risk,
and the total cost of operations.

28. Projected growth and growth strategy: How is expansion accomplished (acquisition,
divestiture, franchises, and so on). Do you need to include plans for growth, or will
 conditions be stagnant for a while? Are there seasonal variables? Is there a
documented goal for growth?

29. Relevant laws and regulations are always subject to change and must be watched
carefully. Is the company in a high-profile position to be greatly affected by new
legislation? Does the company work with encryption? Do local laws or international
laws affect the organization?

30. Company's tolerance for risk - how does the company weigh risk against profit:
vulnerability against value? Do they employ basic security devices on sites? Do
they employ physical security at the facility?

31. When computing the total costs of operations (TCO), consider the value of the
company's data; of the IT staff's budget; of having server access 24 hours a day
versus 8, etc.? Where does the funding come from?

32. Microsoft uses seven categories to group budgeted costs: Hardware and Software
costs, Management costs, Development costs, Support costs, Communication costs,
End-user costs, and Downtime costs.

33. Verify that there is a budget for any training that needs to be done and that all
relevant decision-makers are in agreement on the need to support the existing
support staff.

34. The structure of IT management should weigh heavily in the analysis of business
requirements. Factors that help understand the management structure include
administration type, funding model, outsourcing, decision-making process, and
change management.

35. The administration type can be either centralized, decentralized, or hybrid.

36. Hybrid administration has most of the functions performed at a central location, but
one or more key contact people are on-site for handling lesser responsibilities.

37. Funding model: Funding can be crucial in implementing technologies. If the IT

department is being run as a profit center, then the departments it administers are
charged for the services provided.
38. Outsourcing is necessary when certain needs cannot be met internally.

39. Although outsourcing is a good way to solve short-term issues, it can present
problems down the road when you cannot find the group who implemented a
solution because they have moved on, and the solution now has problems.

40. Change management: Is there a structure in place or not? When changes occur,
what is the procedure followed? If there is no procedure, chaos can result. If there is
too much of a procedure, no change will ever occur.

41. In most situations, small companies can change (and adapt to change) more readily
than larger companies.

2.0 Analyzing Technical Requirements

42. When deciding whether to implement Active Directory in an existing or planned
network, it is important to detail the possible impact of so doing.

43. Access patterns: Are all the resources centralized, or are they disbursed? When
users need to access a resource, is it within their LAN 80% of the time, or only 20%
(meaning they access the WAN 80% of the time)? What are the implications of the
resources being centralized versus being disbursed? What are the implications of
the resource being within the LAN 80% of the time versus 20%?

44. Company size: The geographic scope as well as the owner or organization
responsible for the company.

45. User and resource distribution: Where are the users? How are they serviced? How
do they reach the resources (servers, printers, etc.)? Do they reach them via hubs,
switches, routers, or bridges? Via modems or proxy servers?

46. Connectivity between sites: What bandwidth is employed? Are there leased lines or
dial-up connections (with or without multilink)?

47. Speeds employed on WANs differ by technologies. The most common technologies
are modems (analog, ISDN, DSL, and cable) and leased lines (T1, T3, E1, E3).

48. An analog/traditional modem requires a single phone line for a connection and is
limited in speed to approximately 57,600bps.
49. ISDN (Integrated Services Digital Network) requires two phone lines and can reach
a speed of approximately 128,000bps.

50. DSL (Digital Subscriber Line) uses existing phone lines (copper) and is available
only in certain areas. You must be within a short distance of a switching station, and
speeds can reach 9Mbps. The closer you are to the central office, the faster the
speed which is possible (and the different the type of DSL available ADSL,
HDSL, etc.)

51. Cable modems work with the coaxial from the cable television company. The
speed, though reduced with the number of users, is approximately 2Mbps.

52. T1 is a dedicated line that operates across 24 channels at 1.544Mbps.

53. T3 is a dedicated line of 672 channels able to run at speeds of 43Mbps.

54. E1 is the European counterpart to T1; it uses 32 channels and can run at 2.048Mbps.

55. E3 is the European counterpart to T3.

56. Connectivity can include hubs, switches, bridges, routers. You must determine
which topologies are employed (star versus mesh, etc.).

57. Network roles and responsibilities can be defined as administrative, or they can be
associated with a user, a service. or other.

58. Administrative roles are those predefined by the operating system with additional
responsibilities above a user. Examples include Administrator, Backup Operator,
etc.

59. User roles simply have the right to log on and use the network resources.

60. Service roles run as services in the operating system. They require no user
interaction.

61. Performance requirements: Are users connecting only for authentication, or for the
entire session (such as with Terminal Server)?

62. During performance analysis, it is important to identify any bottlenecks and create a
baseline from which to judge future modifications.
63. Security considerations: What are the needs of the organization, and what operating
systems does the organization support? Can everything standardize upon TCP/IP, or
must NetBEUI (insecure) be used, and so on?

64. The most effective means of implementing security with Windows 2000 clients is
through the use of group policies.

65. When computing performance requirements, find out the peak utilization, the type
of circuits used, requirements of applications, and so on.

66. When evaluating the company's technical environment, always factor in both the
existing environment and the planned environment, and differences between the
two.

67. The impact of going to Active Directory should be calculated in terms of: existing
systems and applications; existing and planned upgrades and rollouts; technical
support structure; existing and planned network and systems management; and
client needs.

3.0 Designing a Directory Services Architecture

68. Active Directory is a database that stores information about objects in the
networksuch as users, computers, printers, and shared foldersin a central
location.

69. The Active Directory naming scheme follows the path: forest, tree(s), domains.

70. Active Directory depends on DNS (Domain Name System) for it to work. In the
absence of DNS, there is effectively no Active Directory.

71. Active Directory is created to be scalable and interoperate with other name services.

72. A forest can consist of either a single domain or multiple domains. (Therefore, by
definition, a single domain can also be a tree).

73. The MoveTree command-line utility enables you to move objects between domains
within a single forest.
74. A tree is a contiguous namespace, meaning the child has the parent as part of its
name. Each tree has its own identity within the forest.

75. Site link bridges are used to connect sites together and to model the routing
behavior of a network.

76. Within a site, replication traffic is carried out via Remote Procedure Calls over IP,
while between sites it is done through either RPC or SMTP.

77. Windows 2000 uses a multi-master replication model; the primary unit of
replication is the domain.

78. Domains are partitions; that is, entities that can be combined into trees and forests,
but that operate with some autonomy.

79. Domains contain objects, and/or organizational units (OUs). An OU is a container

for organizing objects within a domain into logical sub-groupings.

80. A domain is an administrative as well as security boundary since administrative

privileges do not extend past domain boundaries.

81. The Active Directory root domain has to be unique within the DNS realm it works
with.

82. The simplest network is a network with one domain.

83. Reasons for creating additional domains include: to isolate replication traffic, to
retain existing NT domain structures, to support decentralized administration, to
support international boundaries, and/or to support more than one domain policy.

84. Factors to consider when deciding to create more than one domain include
replication, security, and overhead.

85. Throughout the forest, there is only one write-able copy of the schema, which is
held by the Schema operations master.

86. There is only one schema per Windows 2000 forest, and it is maintained forest-
wide by virtue of being stored on every domain controller.
87. The schema container holds all the definitions required to view the objects in the
directory, and each is identified by a globally unique number known as the Object
Identifier (OID).

88. The NTDSUTIL.EXE utility can be used to perform many low-level Active
Directory administration tasks. It can be used to seize the operations master role,
mark objects for an authoritative restore, etc.

89. ADSIedit is a tool that can be used to view the Active Directory schema.

90. You can view schema contents by using the Active Directory Schema MMC snap-
in or the ADSIedit MMC utility.

91. The Active Directory Migration Tool (ADMT) is used to aid migration from
Windows NT 4.0 to Windows 2000 with Active Directory.

92. Active Directory names are equivalent to DNS names and use the SRV records of
DNS to store information about services, thereby creating "dynamic DNS."

93. The Relative Distinguished Name is the host name of the computer, whereas the
User Principal Name consists of a user logon name and a domain name identifying
the domain in which the user account is located.

94. To refer to a host in a domain, you use a fully qualified domain name (FQDN).

95. Names used for objects should follow consistent rules to make it easier to identify
the objects months later.

96. It is recommended that the registered DNS name your company already has, if they
are connected to the Internet, be used as the Active Directory root domain.

97. Reasons for creating OUs (organizational units) include: to control access to
resources, to create group policy objects, to delegate administration, and/or to group
common objects.

98. A site (comprised of one or more physical subnets) is a way to create replication
boundaries within the Active Directory.

99. Working at the physical layer, a site can consist of multiple domains, and domains
can operate in multiple sites.
100. The purpose of the Knowledge Consistency Checker (KCC) is to generate a
replication topology for both intra-site and inter-site replication.

101. REPADMIN enables you to administer replication between partners.

102. REPLMON can be used to show the replication topology.

103. Modifying the schema is an irreversible operation. Schema modification is disabled

by default on all domain controllers; only members of the Schema Admins group
can make changes.

4.0 Designing Service Locations

104. In a Flexible Single-Master Operation (FSMO), user rights for managing the
operations can be assigned to users or groups. Flexible single-master operations
(FSMOs) are also known as Operations masters designated to be the single
master of a particular operation.

105. There are five operations master roles: Domain Naming master, Infrastructure
master, PDC Emulator, RID master, and Schema master.

106. The placement of the operations master is crucial to load balancing and fault
tolerance.

107. The Domain Naming master allows additions, removals, and some modifications of
all domains in the forest. It also generates the unique SID for every domain in the
forest.

108. The Infrastructure master updates group-to-user references when changes occur.

109. It is recommended that the Infrastructure master be placed on a domain controller

that is not the global catalog server to even the load and separate the burden of each
role.

110. The PDC Emulator master is used for interoperability with older clients. The RID
master and PDC Emulator roles should be placed on the same domain controller (if
it is not overloaded)or, if not, on separate primary operations master domain
controllers (making sure they both have direct connection objects to the standby
PDC emulator and RID master servers).
111. The RID (Relative ID) master issues IDs to domain controllers, as needed (10,000
at a time).

112. The Schema master controls all updates to the schema.

113. The Schema master and Domain Naming master are forest-wide in nature, whereas
the RID, Infrastructure, and PDC Emulator masters are domain-based. (Only one
server in each domain is needed for these operations.)

114. The first global catalog server is created automatically with the creation of the first
domain controller within the forest.

115. For speed reasons, a global catalog server should be created at each site.

116. Global catalog servers should be placed in locations to reduce traffic and help with
load balancing and fault tolerance.

117. In areas where bandwidth is at a premium, a global catalog server can be configured
to only receive updates after hours.

118. Active Directory Sites and Services, an MMC snap-in, enables you to change the
role of the global catalog server to another domain controller.

119. Domain controllers should be created for fault tolerance and functionality, as
needed.

120. It is important to convert domain controllers to native mode (non-Windows NT 4.0)

to enhance the performance of Active Directory.

121. When domain controllers need to replicate, they examine the values of their Update
Sequence Number (USN) for each object, and replicate only the attributes whose
objects contain differing USNs.

122. DNS is installed as a service within Windows 2000 through the use of wizards. If
you install Active Directory (through the Active Directory Installation Wizard) and
a DNS server cannot be found, the ADI wizard will attempt to install the DNS
service for you.
123. When you install Active Directory, you must identify a DNS server. If you cannot
do so, the Active Directory Installation Wizard will prompt you to convert the
existing machine into a DNS server as well.

124. DNS servers can be running Windows 2000, or other operating systems, provided
that they accept SRV records.

125. The first division of DNS is into domains. The InterNIC (Internet Network
Information Center) controls top-level domains.

126. Domain Admins are limited to a single domain.

127. During the design phase, it is important to ask the following questions: Who is in
charge of each department? Who manages user accounts? (Are central polices
used?) Who manages resource accounts? How is administration divided? Who must
sign-off on purchases and policies?

128. With publicly held companies, operations and ownership become separate, and can
be driven by the need for profit and quick solutions rather than by long-term
planning.

129. Within the IT department, you should assess the experience of key personnel. The
assessment can take into account number of years of experience, familiarity with
Active Directory, etc.

130. Authentication can be accomplished through the use of the following (which can be
used in conjunction with one another): CHAP, EAP, MS-CHAP, PAP, and SPAP.

131. CHAP (Challenge Handshake Authentication Protocol) is one-step above PAP in

that it does not use clear-text passwords.

132. EAP (Extensible Authentication Protocol) the client and the server negotiate the
protocol that will be used, in much the same way that networking protocols are
determined. Possible choices include one-time passwords, username/password
combinations, or access tokens.
133. MS-CHAP (Microsoft Challenge Handshake Authentication Protocol) requires the
client to be using a Microsoft operating system (version 2), or a small handful of
other compatible operating systems (version 1).

134. PAP (Password Authentication Protocol) uses a plain-text password authentication

method and should only be used if the clients you support cannot handle encryption.

135. SPAP (Shiva Password Authentication Protocol), which is a shade above PAP,
provides backward-compatibility but is not favored for new installations.

136. LDAP functionality is a key component of Active Directory, employing similar

naming standards.

137. LDAP functionality makes Active Directory compatible with other naming
strategies (such as BIND).

138. LDAP is a derivative of X.500. LDAP uses four different name types: 1)
Distinguished name, 2) Relative Distinguished name, 3) User Principal name, and
4) Canonical name.

139. The Distinguished name, in LDAP, is the full path, including containers, of the
object.

140. The Relative Distinguished name (RDN), in LDAP, is the portion of the name thats
unique within its container.

141. The User Principal name, in LDAP, is the user-friendly name.

142. The Canonical name, in LDAP, is a top-down notation of the Distinguished name.