Practice Exam


Case Study: Paxil Pharmaceuticals

Paxil Pharmaceuticals, based in Princeton, New Jersey, has business locations in the United States, Canada, and Europe. The majority of its 50,000 employees works in the U.S. offices, with 5,000 employees in Europe and 2,000 in Canada.

Paxil recently acquired Ritter Health Products, a U.S.-based firm with 10,000 employees. The merger has not gone especially smoothly, both from a management and an IT perspective.

Current LAN/Network Environment

Paxil's environment consists mainly of Windows NT 4.0 Server and Workstation. Very few computers run any version of Windows 9x, and these are primarily laptops.

Ritter is primarily Unix based, with Windows 98 found in the administrative offices and a sizeable population of Macintosh computers.

Both companies are well networked within locations.

Proposed LAN/Network Environment

The merged companies will migrate to Windows 2000 as quickly as possible. The Paxil Active Directory design was already complete, and deployments were under way when the Ritter acquisition was announced.

The decision to move to Windows 2000 has met with some resistance at Ritter, and certain Unix-based applications will continue to run on the Unix hardware after the migration is complete.

WAN Environment

Both Paxil and Ritter have excellent WAN links in North America. Full 1.5Mbps T-1 circuits connect the eight Paxil and three Ritter locations. Temporarily, a 128Kbps VPN circuit is used to connect Paxil and Ritter headquarters locations.

In Europe, Paxil offices use 256Kbps connections. Paxil's European headquarters in London is connected to the Princeton headquarters with a 64Kbps line. This connection is typically saturated during overlapping business hours.

Proposed WAN Environment

No changes are planned at this time. Eventually, the Paxil and Ritter headquarters offices will be linked by T-1 and the Europe circuit will be upgraded, but no timetable has been set yet.

Directory Design Commentary

CEO : We need to digest the Ritter acquisition before we make any major changes to our computer systems. We will go ahead with the migration to Windows 2000 and include Ritter, but the applications will stay the same for the foreseeable future.

Director, IT : The Ritter merger was the last thing we needed. We had our Active Directory plans all set and had migrated two data centers and four of our locations to Windows 2000. We will have to include them in our plans now, but we need to keep them somewhat separate for resource management.

VP, Sales : We need to be sure to work as a team with Ritter. Their sales force needs access to Paxil data, and vice versa, if we are to take advantage of our two companies' strengths.

Internet Strategy

Both Paxil and, Ritter have a wide range of Internet initiatives. With registered domain names of paxilpharm.com and ritterhealth.com , respectively, both companies have extensive Web and FTP sites, as well as employee email. Both have developed extranets for use by medical professionals.

No changes are planned, and both companies will retain their domain names.

Question 1

What is the first domain created in an organization's Active Directory called?

  • a. The root domain

  • b. The forest

  • c. The forest root

  • d. The schema

A1:

The correct answer is c. Answer a is incorrect because, although the forest root is also a root domain, the forest root domain has special importance in Active Directory, which other root domains do not have. Answer b is incorrect, even though the creation of the forest root occurs at the same time as the creation of the forest. The schema is the logical definition of Active Directory. Therefore, answer d is incorrect also.

Question 2

Can both the Paxil and Ritter domains share the same forest?

  • a. No, there can be only one domain in a forest.

  • b. Yes, there can be more than one domain name in a forest.

  • c. No, only one root domain is permitted in an Active Directory forest.

A2:

The correct answer is b. Active Directory permits more than one root domain in a forest. Answer a is incorrect because no limit exists to the number of domains in a forest. Answer c is incorrect because having more than one domain in a forest, creating a disjoint namespace, is possible.

Question 3

Paxil's Active Directory design has a root domain of paxilpharm.com , with child domains of na.paxilpharm.com and eur.paxilpharm.com . By default, can users in na.paxilpharm.com access resources in eur.paxilpharm.com ?

  • a. No, a cross-link trust must be created between na.paxilpharm.com and eur.paxilpharm.com .

  • b. No, trusts in Active Directory are not transitive.

  • c. Yes, two-way Kerberos trusts are automatically created between parent and child domains as well as between root domains in a forest.

  • d. Yes, trusts are created automatically between every domain in a forest.

A3:

The correct answer is c. Two-way, transitive Kerberos trusts are created automatically whenever a new domain is added to a forest. The trust goes from child domain to parent domain or between root domains in a disjoint namespace. Although you can create a cross-link trust between two domains to speed Kerberos validation, answer a is incorrect because this trust is unnecessary. Answer b is incorrect because the default trusts established between domains are indeed transitive. Finally, answer d is incorrect because trusts are not created between every domain but rather from parent to child and between root domains in the forest.

Question 4

During the migration to Windows 2000 at Paxil, users in a Windows 2000 domain need access to file and print resources in an NT 4.0 domain. Which type of trust can be created to allow access to the NT 4.0 domain?

  • a. No trust relationships can exist between Windows 2000 and Windows NT 4.0 domains.

  • b. A two-way transitive Kerberos trust can be created.

  • c. A two-way nontransitive Kerberos trust can be created.

  • d. A one-way nontransitive NTLM trust can be created.

A4:

The correct answer is d. "Old-style" NTLM trusts can be established between Windows 2000 domains and Windows NT domains. These trusts are nontransitive, however. If a two-way trust is required, two one-way trusts can be set up, just as was done under NT. Therefore, answer a is incorrect. Answers b and c are also incorrect because Windows NT does not support Kerberos authentication or trust relationships.

Question 5

Management at the Paxil headquarters office in Princeton wants to be able to view basic employee information contained in Active Directory for the entire corporation. However, it is concerned that doing this will create an inordinate amount of WAN traffic whenever the query is performed, which is definitely not desirable given the slow and congested link to Europe. How can Paxil management view the employee information without placing a burden on the WAN?

  • a. Place a Global Catalog Server in the Princeton office.

  • b. Locate a domain controller for the Europe domain in the London office.

  • c. Create an LDAP script to extract information from the Europe domain and use LDIF to import it into the root domain.

  • d. There is no way to query basic employee information in all domains without crossing the WAN.

A5:

The correct answer is a. The Global Catalog contains a subset of all attributes for all objects in all domains in an Active Directory forest. By placing a Global Catalog Server in the Princeton office, management can obtain reports on all basic employee information by searching the GC. Answer b is technically correct, but it is not as good as answer a because extra replication traffic would be generated and custom queries would still have to be written.

Answer c is incorrect because this solution would create duplicate user accounts in the forest. Answer d is also incorrect. Although GC replication traffic will cross the WAN, causing some overhead, the employee information queries will not.

Question 6

Because of political issues regarding the Paxil/Ritter merger, management is considering leaving the companies in separate forests for the next 12 months but wants to be able to merge the two organizations' GCs. Can this be accomplished, and how?

  • a. No, merging Global Catalog contents of two separate forests is impossible .

  • b. Yes, you can create a Kerberos trust between the forest root domains of the two forests, and the GCs will automatically update each other.

  • c. Yes, you can run an LDAP script to extract the contents of each GC and use LDIF to import the other forest's data.

  • d. Yes, in the Active Directory Domains and Trusts MMC snap-in, you can select domain controllers from both forests and create a GC replication path .

A6:

The correct answer is a. The GC is forest-wide in scope and is read-only, so no updates can be performed. You might be able to write ADSI or LDAP scripts to query both GCs, but there is no way to automatically merge them. Aside from this, answer b is incorrect because you can only create a one-way, nontransitive NTLM trust between domains in different forests. Answer c will not work because the GC is updated only through replication between domain controllers. Answer d is incorrect, as well, because there is no such feature in Active Directory using any snap-in.

Question 7

To support a human resources application being installed at Ritter, three attributes of the User object class must be added to the GC. Who can perform this operation?

  • a. A member of the Domain Admins global group in the domain where the application is installed.

  • b. A member of the Enterprise Admins global group.

  • c. A member of the Schema Admins global group.

  • d. Attributes cannot be added to the GC without permission from Microsoft.

A7:

The correct answer is c. Only members of the Schema Admins group can modify the schema. The Active Directory Schema MMC snap-in is used to mark an attribute as one that should be replicated to the GC. Answer a is incorrect on two counts: Schema modifications affect the entire forest, not a single domain, and domain admins do not have the rights to modify the schema. Answer b is incorrect also, although the initial Administrator account created in the forest root domain is a member of both the Enterprise Admins and Schema Admins groups. Finally, answer d is incorrect because the Active Directory design allows an organization complete flexibility in modifying the schema.

Note that this update to the Schema will affect not only the Ritter domain, but also all the Paxil domains.

Question 8

The Active Directory design team is discussing the types of servers that will be necessary in various locations across the merged companies. The following are a list of sites and a list of servers. Place the appropriate server type under the name of the site where it should be placed. You can use a server type in more than one location.

Locations:

Paxil ”Berlin office

Ritter ”Dallas headquarters

Paxil ”Princeton headquarters

Server types:

DNS server

Global Catalog server

Domain controller

Schema operations master

A8:

The correct answer is as follows :

Paxil ”Berlin office:

DNS server

Global Catalog server

Domain controller

Ritter ”Dallas headquarters:

DNS server

Global Catalog server

Domain controller

Paxil ”Princeton headquarters:

DNS server

Global Catalog server

Domain controller

Schema operations master

Note that each site should have at least one domain controller, Global Catalog Server, and DNS server, but only the site where the forest root domain is located will have a schema operations master.

Question 9

The Active Directory design team at Paxil wants to manage replication traffic for the Ritter locations. Using the following list, arrange the steps necessary to create an effective replication topology across the Ritter WAN links.

Tasks:

Specify a replication schedule for each site link.

Define subnets in Active Directory for all Ritter locations.

Create site links as necessary.

Create sites.

Assign subnets to sites.

A9:

The correct answer is as follows:

Define subnets in Active Directory for all Ritter locations.

Create sites.

Assign subnets to sites.

Create site links as necessary.

Specify a replication schedule for each site link.

Question 10

Paxil's European headquarters is connected to the Princeton office by a 64Kbps circuit. During the hours from 7 a.m. to 2 p.m., this link is at almost full capacity. To prevent replication from occurring during these hours, a replication schedule should be set for each site.

  • a. True

  • b. False

A10:

Answer b is correct. Replication schedules are set for site links, not sites. Replication frequency (every 15 minutes, every hour ) is set at the site level, but not the schedule.



MCSE Active Directory Services Design. Exam Cram 2 (Exam Cram 70-219)
MCSE Windows 2000 Active Directory Services Design Exam Cram 2 (Exam Cram 70-219)
ISBN: 0789728648
EAN: 2147483647
Year: 2003
Pages: 148

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net