Ch.

2 Worksheet

Name ______________________________________

CIS 2154 - Ch. 2 Worksheet: Implementing Active Directory - 200901

1.The purpose of DomainDnsZones is to contain all Domain Name System (DNS) servers in the ____________. 2.The Domain Name System (DNS) can be installed when for an Active Directory installation?

3.Should an Active Directory design have long-term value and validity? 4.Active Directory has only (one/many) role(s) to play as the directory service in a network. 5.Your companys domain named contoso.com has a two-way external trust with a Windows NT Server 4.0

domain named NWTRADERS. Contoso.com also has other trust relationships in place with other companies. Your manager tells you he no longer wants your domain to trust NWTRADERS, but he wants all other trust relationships to remain in place. What should you do in Active Directory Domains And Trusts?

6.You are the network administrator for the Active Directory domain named wingtiptoys.com. Your domain has

three child domains and is the forest root domain for a separate domain tree named litwareinc.com. Each domain has three domain controllers that host an Active Directory-integrated zone for their own domain. Many of the domain controllers are geographically separated from your domain. Users in other domains have noticed a significant delay when accessing resources in your domain. Youve noticed that there is significant host name resolution activity across wide area network (WAN) links between your domain and others. Youd like to reduce this traffic and improve user response times. What should you do?

7.You are installing a new Active Directory domain and forest. During this installation an error message is

displayed. The error message states that an Active Directory domain controller for the domain contoso.com could not be contacted. Ensure that the DNS domain name is typed correctly. All Internet Protocol (IP) settings for servers are statically configured. How would you respond to this error message?

8.A client is attempting to log on to the cohowinery.com domain. What service will provide the client with the

name of a domain controller in the domain? 9.You are the system administrator for a small company named Coho Winery. The company policy requires that all server Internet Protocol (IP) addresses be statically configured. Currently Coho Winery only has one domain controller for the domain cohowinery.com named ServerA. There are three member servers on the network named ServerB, ServerC, and ServerD. ServerB and ServerC are providing Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) services for your network. ServerA currently has one disk drive installed, which holds the Sysvol partition and the log files for Active Directory. You have been tasked with providing fault tolerance for Coho Winerys domain. What should you do?

10.You have just completed an installation of Active Directory and restarted the new domain controller. When

performing post-installation tasks, you notice that the application directory partition was not created. How would you correct this problem?

11.Recently two new Windows 2003 Domain Name System (DNS) Servers were installed on the network,

replacing the previous Windows 2000 DNS Servers. Currently, the network supports 3000 client computers. Two thousand users in the organization are mobile and connect with laptops to the network. You receive a call from the network administrator of the help desk. He tells you the results from performing an Nslookup indicate that the DNS server has several records for systems that are no longer on the network. He informs you that this issue is causing resource access issues. What should you do to correct this issue?

Ch. 2 Worksheet

Name ______________________________________

12.Andys user account resides in the west.london.cohowinery.com domain. He needs to gain access to a shared

folder in the south.paris.cohovineyard.com domain. Andy is able to do this, but he complains that it seems to take a very long time to establish the shared folder connection. Other users in the south.paris.cohovineyard.com domain require frequent access to resources shared in the west.london.cohowinery.com domain. You want to reduce the amount of time it takes for these users to access resources across the forest. What should you do?

13.As the network administrator for a small company your duties include troubleshooting and maintaining the

Domain Name System (DNS) server for cohowinery.com domain. You notice a lot of records have been added to the DNS database during the last month. You realize that some of these host records are from computers that are not members of your domain. You must ensure that computers that are not members of your domain cannot add records to the DNS database. You must also ensure that all domain member host records can be updated only by the computers that registered the records. What should you do? 14. You are logged on as an administrator. You are a member of the Schema Admins, Enterprise Admins, and Domain Admins groups. You just finished installing a new domain controller on a computer named Server15. You need to modify the Active Directory schema using the Microsoft Management Console (MMC) Schema snap-in. However, you do not see this console in your administrative tools folder. What must you do to get access to the Schema snap-in? (Choose all that apply.) a. Use Regsvr32 to register the dynamic link library (DLL), Schmmgmt.dll. b. Use ADSIEdit, right-click the name of your domain, and select Update Schema Now. c. Refresh the Active Directory Users And Computers console. d. Create a new MMC, and add the Schema snap-in. e. Open Replmon, click the Schema partition, and press F5.
15. You are an administrator for contoso.com. Contoso.com has two child domains, west.contoso.com

and east.contoso.com. The contoso.com domain is using the Windows 2000 native domain functional level. The west.costoso.com domain is in the Windows 2000 mixed domain functional level. The east.contoso.com domain is in the Windows Server 2003 interim domain functional level. You attempt to raise the functional level of the forest, but you receive an error message. What must you do before you can raise the forest functional level? (Choose all that apply.) a. Raise the domain functional level of west.contoso.com. b. Raise the domain functional level of east.contoso.com. c. Raise the domain functional level of contoso.com. d. Create separate Active Directory sites for east.contoso.com and west.contoso.com. e. Back up the system state data of a domain controller in the forest root.
16. You are the network administrator for the cohowinery.com domain. You need to add a new user

principal name (UPN) suffix to your existing domain. You are currently logged on using an account that is a member of Domain Users only. What must you do in order to add this new UPN suffix? (Choose all that apply.) a. Log on using an account that is a member of the Schema Admins group. 3

b. Log on using an account that is a member of the Domain Admins group. c. Log on using an account that is a member of the Enterprise Admins group. d. Use the Active Directory Domains And Trusts console. e. Use the Active Directory Sites And Services console. f. Use the Active Directory Users And Computers console.
17. You are running a testing lab for your company. In your lab, you have an Active Directory domain

named contoso.com. Two computers, named TestDC1 and TestDC2, are configured as domain controllers for this domain. TestDC1 was the first domain controller installed on the domain. You raise the forest functional level to Microsoft Windows Server 2003 in order to test compatibility with a custom schema-modifying application. The test doesnt work as expected. Your manager then asks you to test the application when the forest is in Windows 2000 native functional level. Which of the following should you do in order to prepare TestDC1 and TestDC2? (Choose all that apply.) a. Configure TestDC1 as a member server of the existing domain. b. Configure TestDC2 as a member server of the existing domain. c. Move the Schema operations master role from TestDC1 to TestDC2. d. Move the Domain Naming operations master role from TestDC1 to TestDC2. e. Remove Active Directory from TestDC1. f. Remove Active Directory from TestDC2.
18. You are the domain administrator for cpandl.com. The domain controllers for this domain, named

DC1 and DC2, are running Microsoft Windows Server 2003 Standard Edition. The Domain Name System (DNS) servers for your domain, named DNS1 and DNS2, are running Windows Server 2003 Enterprise Edition. DC1 and DC2 are configured to use DNS1 and DNS2 as their Preferred and Alternate DNS servers. DNS1 and DNS2 are configured to allow Zone Transfers To Any Server. You need to verify that the service location (SRV) resource records were added appropriately to your DNS server. Which of the following steps should you take? (Choose all that apply.) a. Run Nslookup on DC2. b. Upgrade DC1 and DC2 to Windows Server 2003 Enterprise Edition. c. Disable Zone Transfers on DNS1 and DNS2. d. Issue the command ls t SRV cpandl.com. e. Issue the command ls t SRV domain.
19. When installing a replica domain controller for an existing domain, which of the following tasks

must you complete? (Choose all that apply.) a. Specify the location of the Sysvol and Log folders. b. Specify the name of the first domain controller installed in the domain. c. Specify the domain name. d. Specify the Directory Services Restore Mode password. e. Define the forest root domain name.
20. You are the network administrator for the Active Directory domain named contoso.com. There are

five domain controllers on your domain. All domain controllers use Microsoft Windows Server 2003. Four of these domain controllers are online. The domain controller that holds the Schema operations master role is kept offline. You typically manage the domain using an account that has membership only in the Domain Admins group. However, you have access to accounts with membership in all administrative groups. Your manager asks you to install Microsoft Exchange 2000. What must you do before you can install Exchange 2000? (Choose all that apply.) a. Log on using a user account that is a member of the Server Operators group. b. Log on using a user account that is a member of the Schema Admins group.

Ch. 2 Worksheet

Name ______________________________________

c. Ensure the domain controller holding the Schema operations master is online. d. Use netdiag /fix to ensure the domain is ready. e. Use ADPREP on your forest.
21. You are a network administrator for an Active Directory domain named fabrikam.com. Three

domain controllers named DC1, DC2, and DC3 are part of your network. These domain controllers run Microsoft Windows Server 2003 Standard Edition and host the Active Directory-integrated Domain Name System (DNS). There are 500 Microsoft Windows XP Professional client computers on your network. There are also 40 Windows NT Workstation 4.0 client computers, as well as 50 Microsoft Windows 95 computers on the network. All of the client computers have the latest service packs installed. Previously, your network had a domain named FABRIKAM, which was hosted by computers that ran Microsoft Windows NT Server 4.0. There were also two Windows Internet Name Service (WINS) servers that provided name resolution services on the network. After upgrading to Windows Server 2003, your help desk received a few calls from users unable to connect to resources. You log on without a problem from a Windows XP Professional client computer to your domain. Which of the following actions must you perform to ensure that all network users are able to access resources? (Choose all that apply.) a. Upgrade the Windows 95 client computers. b. Upgrade the Windows NT Workstation 4.0 client computers. c. Ensure that all client computers list one of the domain controllers as their preferred or primary DNS server. d. Configure Forwarding in the DNS console from DC2 and DC3 to DC1. e. Remove all references to Root Hints from all domain controllers.
22. You are the network administrator for Coho Vineyard. Your network is not connected to the

Internet, but all computers use the Transmission Control Protocol/Internet Protocol (TCP/IP). The Windows Internet Name Service (WINS) is the only name resolution service in use on your network. There are three domain controllers on your network. These domain controllers are named DC1, DC2, and DC3. These domain controllers run Microsoft Windows NT Server 4.0. Most of your client computers run Microsoft Windows NT Workstation 4.0 or Microsoft Windows XP Professional. Your network also includes three Windows NT Server 4.0 Remote Access Service (RAS) servers. There are no plans to upgrade the RAS servers or the Backup Domain Controller (BDC) servers at this time. DC1 is a Windows NT Server 4.0 Primary Domain Controller (PDC). You upgrade DC1 to run Microsoft Windows Server 2003 Standard Edition. Active Directory installation starts automatically. Which of the following options must you choose during Active Directory installation to support your current network environment? (Choose all that apply.) a. Choose the Windows Server 2003 interim forest functional level. b. Choose the Windows 2000 forest functional level. c. Select preWindows 2000 compatible permissions. d. Select Windows Server 2003 permissions. e. Install and configure Domain Name System (DNS) automatically. f. Configure the Preferred DNS Server settings of DC1 to point to a WINS server.
23. You are the network administrator of alpineskihouse.com. All of your domain controllers run

Microsoft Windows Server 2003 Enterprise Edition. Recently, many of your users were imported from a Windows NT Server 4.0 domain named ADATUM. These users had e-mail addresses with a domain name suffix of adatum.com. You want to enable these users to log on using their e-mail addresses. What should you do? (Choose all that apply.) 5

a. Add an additional user principal name (UPN) suffix of adatum.com in Active Directory Domains And Trusts. b. Use ADSIEdit to modify the sIDHistory attribute on each user account. c. Add an entry for adatum mapped to the Internet Protocol (IP) address of the domain controller to the host file of each new users computer. d. Change the imported users UPN suffixes to adatum.com. e. Create a new Active Directory site named adatum in Active Directory Sites And Services.
24. You are the network administrator for Coho Vineyard and Winery. Youve just finished installing an

Active Directory domain named cohovineyardandwinery.com. Both the winery and vineyard are in the same physical location and on the same local area network (LAN). You expect to have a maximum of 150 client computers on your domain. Your manager tells you there is a problem with the name youve created. The board of directors has informed him that the domain name is too long. They want you to use the name cohowinery.com. Your manager wants to be able to use the cohovineyard.com domain name and suffix for his e-mail address and logon. What solution can you provide to incorporate the use of both cohovineyard.com and cohowinery.com to meet these requests? (Choose all that apply.) a. Create a forest root domain named cohovineyard.com. b. Rename the forest root domain to cohowinery.com. c. Create a second domain tree named cohovineyard.com. d. Configure an additional user principal name (UPN) suffix of cohovineyard.com. e. Configure your managers UPN suffix for cohovineyard.com.
25. Select all requirements for installing Windows Server 2003 Active Directory. (Choose all that

apply.) a. 200 MB minimum free space b. NTFS partition c. Windows Server 2003 Web Edition d. 250 MB minimum free space e. FAT32 partition
26. Which of the following are valid ways to launch the Active Directory Installation Wizard? (Choose

all that apply.) a. Use the Microsoft Management Console (MMC) Components Services snap-in. b. Use the MMC Computer Management snap-in. c. From the Manage Your Server Web page. d. Use Add Or Remove Programs in Control Panel. e. Use Dcpromo.exe.
27. You are the network administrator for a large company. You have three domain controllers named

ServerA, ServerB, and ServerC. You have one Domain Name System (DNS) server named ServerD. These servers provide logon authentication and resource access for 5000 users. There is a brief power outage. When power is restored, you receive several calls from users who are unable to log on to the domain. You need to allow these users to log on. Which of the following would be valid steps to troubleshoot this problem? (Choose all that apply.) a. Stop the NetLogon service on all servers. b. Ensure all servers are online. c. Ensure that an SRV resource record exists on ServerD for all domain controllers. d. Delete all Host (A) records on ServerD. e. Ensure that the NetLogon service has started on ServerA, ServerB, and ServerC.

Ch. 2 Worksheet

Name ______________________________________

28. You are the administrator of a small network. You recently installed a new Windows 2003 DNS

server. A network user calls to tell you that he is receiving an error report from a computer with Internet Protocol (IP) address 10.0.0.200. You are not familiar with that IP address. You issue a ping a 10.0.0.200 to attempt to resolve the host name. The ping does not return a host name in the reply. Later, you locate this computer and determine the appropriate host name. You want to ensure that when you use the ping a command to resolve the host name in the future, the host name is returned. How could you accomplish this task? (Choose all that apply.) a. Add a forward lookup zone. b. Add a reverse lookup zone. c. Scavenge Stale Resource Records. d. Configure a Pointer (PTR) record for the 10.0.0.200 address that maps the proper host name.

29.You are the network administrator for contoso.com, which is an Active Directory domain. All domain

controllers in the domain run Windows Server 2003 Standard Edition. There is also a Kerberos realm and a Windows Server NT 4.0 domain on your network. The Kerberos realm is named fabrikam.com and is hosted by UNIX servers. The Windows NT Server 4.0 domain is named ADATUM. Members of the fabrikam.com realm need to access resources on contoso.com. Users on ADATUM also need access to resources on contoso.com. What should you do in order to provide access to these domain resources, without giving access to resources that are not required? (Choose all that apply.) a. Configure a trust relationship so that ADATUM trusts contoso.com. b. Configure a trust relationship so that contoso.com trusts fabrikam.com. c. Configure a trust relationship so that contoso.com trusts ADATUM. d. Configure a trust relationship so that contoso.com trusts fabrikam.com.
30. You are tasked with organizing your companys Information Technology (IT) resources. Currently,

your network environment has one member server for each workgroup and it has three workgroups. Each server has a single volume using the FAT32 file system. During the restructuring, you want to take advantage of the following features: improved hard disk security, domain fault tolerance, centralized administration, single point of access to global resources, and simplified resource location. What should you do? (Choose all that apply.) a. Convert the member servers single volume to the NTFS file system. b. Install Active Directory on one member server and create a new domain. c. Reconfigure all the current member servers into one workgroup. d. Install Active Directory on two of the member servers, creating a domain with two domain controllers. e. Add an extra member server to each workgroup and promote each workgroup to a new domain.