- 17 views
Overview
Contoso, Ltd. is a company that has a main office in Seattle and two branch offices in Los Angeles and Montreal.
Existing Environment
AD DS Environment
The network contains an on premises Active Directory Domain Services (AD DS) forest named contoso.com.
The forest contains two domains named contoso.com and canada.contoso.com.
The forest contains the domain controllers shown in the following table.
All the domain controllers are global catalog servers.
Server infrastructure
The network contains the servers shown in the following table.
A server named Server4 runs Windows Server and is in a workgroup. Windows Firewall on Server4 uses the private profile.
Server2 hosts three virtual machines named VM1, VM2, and VM3.
VM3 is a file server that stores data in the volumes shown in the following table.
Group Policies
The contoso.com domain has the Group Policies Objects (GPOs) shown in the following table.
Existing Identities
The forest contains the users shown in the following table.
The forest contains the groups shown in the following table.
Current Problems
When an administrator signs in to the console of VM2 by using Virtual Machine Connection, and then disconnects from the session without signing out, another administrator can connect to the console session as the currently signed in user.
Requirements
Technical Requirements
Contoso identifies the following technical requirements:
- Change the replication schedule for all site links to 30 minutes.
- Promote Server1 to a domain controller in canada.contoso.com.
- Install and authorize Server3 as a DHCP server.
- Ensure that User1 can manage the membership of all the groups in Contoso\OU3.
- Ensure that you can manage Server4 from Server1 by using PowerShell remoting.
- Ensure that you can run virtual machines on VM1.
- Force users to provide credentials when they connect to VM2.
- On VM3, ensure that Data Deduplication on all volumes is possible.
You need to meet the technical requirements for Server1.
Which users can currently perform the required tasks?
- A. Admin3 only
- B. Admin1 and Admin3 only
- C. Admin1 only
- D. Admin1, Admin2, and Admin3
- B. Admin1 and Admin3 only
The suggested answer is correct
To promote new domain controller you need to be a member of forest Enerprise Admins group, or local Domain Admins group
Trupix
Highly Voted 2 years ago
Selected Answer: B
B Because Admin1 is in Enterprise Admins group. Which are then part of the Administrators group in all the domains in the forest, including Canada. Therefore both Admin1 and Admin3 perform the task.
upvoted 8 times
edykss
Highly Voted 2 years, 2 months ago
Answer is A. Admin 3 only as he is part of canada domain.
upvoted 6 times
spike8384
2 years, 2 months ago
I think B is correct. Because Admin1 is in Enterprise Admins group. Which are then part of the Administrators group in all the domains in the forest, including Canada. Therefore both Admin1 and Admin3 perform the task.
upvoted 12 times
Joedn
Most Recent 6 months ago
Valid 05/28/2024
upvoted 1 times
MR_Eliot
1 year, 2 months ago
CORRECT.
upvoted 1 times
memorial
1 year, 2 months ago
For authorize DHCP server must be Enterprise Admin, right? Why then Admin 3 if is Domain Admin?
upvoted 1 times
syu31svc
1 year, 8 months ago
Selected Answer: B
Tried it hands on Answer is B
upvoted 5 times
mcclurewj
1 year, 10 months ago
Canada domain in detail. Typo?
upvoted 2 times
johosofat
2 years ago
Selected Answer: B
if they start chaing OU or groups this question gets too hard to answrer- dread - agree admin1 and admin 3 - Enterprise admin can promote in a child domain https://social.technet.microsoft.com/Forums/windows/en-US/bf8bb2dc-bedf-488e-8aa3-1c93dd833bba/promoting-a-member-server-of-a-child-domain-in-ad-to-read-only-domain-controller?forum=winserverDS
upvoted 4 times