Apply Your Knowledge

Amell

Bernie

Trainer

555-7179

Prairie Sky Consulting

Blanchard

Verna

Systems Analyst

555-4296

Housing Associates

Bond

Dorothy

Trainer

555-7096

Prairie Sky Consulting

Clark

Cathie

Trainer

555-7028

Prairie Sky Consulting

Ducharme

Lydia

Network Administrator

555-7220

Goldenrod Developments

Emmett

Matt

Network Administrator

555-6057

Goldenrod Developments

Guyn

Karen

Network Administrator

555-1544

Goldenrod Developments

Guyn

Pat

Systems Analyst

555-6669

Goldenrod Developments

James

Robert

Systems Analyst

555-8729

Housing Associates

Jensen

Nicole

Systems Analyst

555-8849

Goldenrod Developments

Kyle

Ann

Trainer

555-8849

Prairie Sky Consulting

Magnus

Holly

Trainer

555-5295

Prairie Sky Consulting

Michell

Christine

Network Administrator

555-4755

Prairie Sky Consulting

Myers

Leslie

Network Administrator

555-1479

Goldenrod Developments

Nowlin

Patty

Systems Analyst

555-4296

Housing Associates

Poulin

Paule

Systems Analyst

555-8606

Housing Associates

Rutherford

Donna

Trainer

555-7612

Prairie Sky Consulting

Ryan

Kathleen

Network Administrator

555-5467

Goldenrod Developments

Sept

Rick

Systems Analyst

555-6057

Housing Associates

Stratton

Susan

Systems Analyst

555-6669

Housing Associates

Swenson

Kathi

Network Administrator

555-5487

Goldenrod Developments

1.

Open a command prompt and change to the root directory of the C: drive.

2.

Use dsadd to create an OU called "OU=LanStudents,OU=Phoenix,DC=70-290,DC=int".

3.

Type a csvde command to create a list of the user accounts in the OU=Users,OU= Phoenix,DC=70-290,DC=int OU. Use the parameter -l l,company,objectclass,name,title,company,l,telephoneNumber,userAccountControl,samaccountname to limit the number of fields displayed. Send the output to csvde-out.txt. Copy the file to csvde-in.txt.

4.

Use a spreadsheet program, a database program, or Notepad to modify csvde-in.txt. Retain the first record (it has the field names we'll need), but replace the data lines with data from the preceding table. Ensure that the fields are in the proper columns.

5.

Use csvde to input the data in csvde-in.txt into Active Directory. Confirm that the records were created with Active Directory Users and Computers (csvde -i -f csvde-in.csv -j c:\).

6.

Use dsquery to display all the users in the LanTrainers OU, and pipe the result as input to a dsmod command that sets the password for all users to Secur1ty and enables the account (dsquery user "OU=LanStudents,OU= Phoenix,DC=70-290,DC=int" | dsmod user -pwd Secur1ty -mustchpwd yes -disabled no).

7.

Open Active Directory Users and Computers and navigate to the LanStudents OU to see the user accounts.

You want to create a user account for Joan Myles using a command from the command prompt. The account is to be a member of the Engineers group in the Vancouver container, disabled when created, have Secur1ty as its password, and be placed in the "ou=Users,ou=Vancouver,ou=LTI,dc=Lantrainers,dc=int" container. Which of the following tools or combination of tools can do the job?

A manager tells you one of his staff has taken a job in another company. The manager wants to ensure that the user cannot access his computer or his files on the network file server. What is your best course of action?

A manager tells you that his administrative assistant has left the company. The manager wants to ensure that her replacement has access to her computer and her files on the network file server. What is your best course of action?

You need to explain profiles to your management, and you realize that you need to start your presentation with definitions of the three profile types. Choose the three profile types.

You are the network administrator for a small company that provides customer service operators for other companies. One of your users calls to complain that the photograph of her grandson that she added to her desktop yesterday wasn't there when she logged on this morning. What is the most likely cause of her problem?

Due to economic circumstances, your company had to lay off 200 people. The Human Resources Department has provided you with a list of names in a text file. Which command can be used to delete these user accounts?

Your company has recently purchased a small company. The other company runs Unix with an LDAP-compatible directory. Your job is to create user accounts in Active Directory for the employees from this company. What is the best tool to use for this task?

You are the administrator for a small university. As usual for this type of environment, bored students try to hack into the university billing system every night between 10 p.m. and 2 a.m. What two steps can you take to ensure that a dictionary attack will fail, while still allowing your user to log on at 8 a.m.?

You are the network administrator for a small company that provides customer service operators for other companies. One of your users calls to complain that she can't see any files in her My Documents folder. She was able to get to them with no problem yesterday. Group Policy is not in use. What is the most likely cause of her problem?

You are the administrator for a small, family-owned firm. Because of the firm's size and informality, it has been tough to get users to understand the need for security. You want to change the password policy so that the users will be required to change their passwords every 30 days and can't reuse a password more than every two years. Which of the following choices will accomplish this?

B, C. ldifde (with the appropriate data file as input) followed by dsmod (to change the password) does the job, as does dsadd by itself. Net User cannot create a group membership. csvde cannot create group memberships, and dsmove is unnecessary because csvde can create the user account in any container. dsquery cannot create a user account. See the "Creating Accounts Using Automation" section for more information.

C. It is best to disable the account immediately and then reset the password and enable the account again when someone is ready to review the files held by the account. Deleting the user account makes the review of files very difficult. Renaming the account without changing the logon name or password does not stop the user from accessing the account. Changing the value in the Account Expires field would work, but it is inappropriate to the situation and hence would confuse other administrators. See the "Creating and Modifying User Accounts Using Active Directory Users and Computers" section for more information.

B. The easiest way to give the new user the proper access is to just rename the old account with the new user's name because they will be performing the same duties and need access to the same files. See the "Creating and Modifying User Accounts Using Active Directory Users and Computers" section for more information.

B, E, F. These are the profile types. Local, Roaming and Mandatory are the only valid types of profiles listed in Windows Server 2003; the other types listed don't exist. See the "Managing Local, Roaming and Mandatory User Profiles" section for more information.

D. Although all the other choices are possibilities, in a customer service environment, it's most likely that mandatory profiles are in use. A mandatory profile allows you to make changes; however, those changes are not saved when you log off. See the "Creating and Enforcing Mandatory User Profiles" section for more information.

D. The dsrm command can be used to delete Active Directory objects, using a text file as input. The csvde command can be used only to import or export accounts, the dsmod command can be used only to change the properties of accounts, and the dsadd command doesn't have a delete option. See the "Creating Accounts Using Automation" section for more information.

B. ldifde is the best tool to use for this task. It allows you to extract the user list from the LDAP-compatible directory on the Unix server. Next, it allows you to change the distinguished name in the exported file to match your AD structure. Then it imports the new users into AD. See the "Creating Accounts Using Automation" section for more information.

B, D. Setting the lockout threshold to 3 locks the account after three failed attempts to log on. Setting the lockout duration to 60 reenables the account after 60 minutes. Setting the lockout threshold to 0 allows an indefinite number of logon attemptsdefinitely not what you want. Setting the lockout duration to 0 will keep the account locked until the administrator manually reenables it. See the "Creating and Modifying User Accounts Using Active Directory Users and Computers" section for more information.

B. The most likely problem is that she logged on to a different computer, and roaming profiles are not in use. See the "Managing Local, Roaming and Mandatory User Profiles" section for more information.

D. With the maximum age set to 30 days, users are prompted to change their passwords every 30 days. The history setting will retain 24 passwords, approximately two years' worth. See the "Creating and Modifying User Accounts Using Active Directory Users and Computers" section for more information.