AZ-800 / Q18 / T1

empee1977

Highly Voted 10 months, 3 weeks ago 

No, Configuring the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1 will not ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1. The Try Next Closest Site GPO setting controls how a client computer attempts to locate a domain controller if it is unable to locate one in its own site. It causes the client to try to find a domain controller in the next closest site, rather than trying to authenticate with a domain controller in a remote site. To achieve the goal of ensuring that the client computers in the new office are primarily authenticated by the domain controllers in Site1, you would need to configure the site link and site link costs between Site1 and the new office site so that the new office site has a higher cost to communicate with other sites than Site1. This way, the clients will prefer to authenticate with the domain controllers in Site1.

upvoted 11 times 

syu31svc

Most Recent 8 months, 3 weeks ago 

Selected Answer: B

Still on the same site link so answer is No

upvoted 2 times 

LemonBana

9 months, 4 weeks ago 

Selected Answer: B

See the correct explanation in Q #26.

upvoted 3 times 

[Removed]

10 months, 2 weeks ago 

it does meet the goal the answer is A.

upvoted 2 times 

SwissGuy

11 months, 1 week ago 

See the correct explanation in Q #26.

upvoted 1 times 

SwissGuy

11 months, 1 week ago 

I don't think this meets the goal. The new branch office almost certainly has a different subnet to any of those defined in Sites 1, 2 or 3. There’s no mention of adding that new subnet to Site 1 nor any other site. The GPO is linked to Site 1, so only affects clients in Site 1. "You open a new branch office that contains only client computers. You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1". Solution: You configure the Try Next Closest Site Group Policy Object (GPO) setting in a GPO that is linked to Site1. The documentation linked by joehoesofat gives the example of adding the GPO setting to the Default Domain Policy (bad practice imho) or creating/linking a new GPO at domain level. If offered, this option would be the answer. So, No, B in my opinion. Doesn’t meet the goal. But the question is badly written.

upvoted 2 times 

Lu5ck

11 months, 4 weeks ago 

Selected Answer: B

The sites are all using the same site link which means they are of the same cost. There is no way to differentiate which site is nearer or further when the cost are the same. The only way for these computers to see site1 as their primary DC is for these computers to be placed in the same site as site1. This is done so via subnet.

upvoted 4 times 

Burnie

1 year ago 

Selected Answer: A

This does meet the goal https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller - keeps the request in the same site1

upvoted 2 times 

Benjam

1 year ago 

Looks Like A is the correct answer

upvoted 1 times 

joehoesofat

1 year, 1 month ago 

This does meet the goal https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/enabling-clients-to-locate-the-next-closest-domain-controller - keeps the request in the same site1

upvoted 1 times