Information Technology Reference
In-Depth Information
18. You maintain an RODC at a branch office, and you want one employee with solid computer
knowledge to perform administrative tasks, such as driver and software updates and back-
ups. How can you do this without giving her broader domain rights?
a. Use Dsmgmt.exe to add the user's domain account to the administrator role on the
RODC.
b. Create a local user on the RODC and add it to the Administrators group. Have the user
log on with that account when necessary.
c. Create a script that adds the user to the Domain Admins group each day at a certain
time, and then removes the user from the group one hour later. Tell the user to log on
and perform the necessary tasks during the specified time period.
d. Send the user to extensive Windows Server 2008 training, and then add the user to the
Domain Admins group.
19. You have installed an RODC at a branch office that also runs the DNS Server role. All DNS
zones are Active Directory integrated. What happens when a client computer attempts to
register its name with the DNS service on the RODC?
a. The DNS service rejects the registration. The client must be configured with a static DNS
entry.
b. The DNS service passes the request to another DNS server. After registration is com-
pleted, the DNS server that performed the registration sends the record to the DNS serv-
ice on the RODC.
c. The DNS service creates a temporary record in a dynamically configured primary zone.
The record is replicated to other DNS servers, and then is deleted on the RODC.
d. The DNS service sends a referral to the client. The client registers its name with the
referred DNS server.
20. You have three users who travel to four branch offices often and need to log on to the
RODCs at these offices. The branch offices are connected to the main office with slow WAN
links. You don't want domain controllers at the main office to authenticate these four users
when they log on at the branch offices. What should you do that requires the least adminis-
trative effort yet adheres to best practices?
a.
12
Create a new global group named AllBranches. Add the four users to this group, and
add the AllBranches group to the Allowed RODC Password Replication group.
b.
Add the four users to a local group on each RODC. Add the local groups to the PRP on
each RODC with an Allow setting.
c.
Add each user to the PRP on each RODC with an Allow setting.
d.
Create a group policy and set the “Allow credential caching on RODCs” policy to
Enabled. Add the four users to the policy. Link the policy to the Domain Controllers OU.
Case Project 12-1: Illustrating a Federated Web SSO Design
This project can be done in groups. Designs should be presented, with discussion of their
implementation details.
You have been asked to consult with a publishing company to come up with an AD FS
design. The publishing company, WebBooks, wants its largest business partners, several
booksellers, to be able to access purchasing and inventory Web applications running on the
WebBooks Web servers.
WebBooks has a Windows Server 2008 network with Active Directory. It has a Web
server that's publicly accessible through the perimeter network (DMZ) and plans to add a
Web server to host the purchasing and inventory Web applications. The applications are
Search WWH ::
Custom Search