- 1 view
Exam
Answer confirmed
Question
Your network contains two Active Directory Domain Services (AD DS) forests as shown in the following exhibit.
The forests contain the domain controllers shown in the following table.
You perform the following actions on DC1:
• Create a user named User1.
• Extend the schema with a new attribute named Attribute1.
To which domain controllers are User1 and Attribute1 replicated? To answer, select the appropriate options in the answer area.
NOTE: Each correct selection is worth one point.
Proposed answer
Suggested answer
Correct answer
The suggested answer is incorrect
Correct answer:
- User1 - will be replicated to DC2 and DC3
- Attribute1 - will be replicated to DC2 and DC3
- User1: This is a domain-level object. Since DC1 and DC2 are in the same domain (adatum.com), User1 will be replicated to DC2. DC3 is in a different domain (west.adatum.com), but it is in the same forest. Since it's a Global Catalog (GC) server, it will receive a partial replica of the adatum.com domain, including the newly created User1. DC4 is in a completely different forest (contoso.com) and there is no direct trust relationship between contoso.com and west.adatum.com, so User1 will not be replicated to DC4.
- Attribute1: This is a schema-level object. The schema is a forest-wide object. The schema master for the adatum.com forest is DC1, so any changes to the schema (such as adding a new attribute) are initially made on DC1. These changes are then replicated to all other domain controllers in the adatum.com forest, which includes DC2 and DC3. However, DC4 is in a different forest, so it will not receive the schema changes made in the adatum.com forest. In summary, User1 and Attribute1 will be replicated to DC2 and DC3
Mikepsperu
Highly Voted 1 year, 2 months ago
upvoted 26 times
sardonique
3 months, 3 weeks ago
"DC4 is in a completely different forest (contoso.com) and there is no direct trust relationship between contoso.com and west.adatum.com, so User1 will not be replicated to DC4." this is true, it will not be replicated however the reason you mentioned is wrong. A forest is a logical boundary, replication process does not cross the forest boundaries by design. the Trust has barely anything to do with replication, the Trust is meant to grant access to foreign security principals
upvoted 1 times
formacaotismic
Most Recent 2 days, 4 hours ago
DC2 Only Quando se cria um novo user em parent domain, esse user não é automaticamente replicado para um child domain. Cada domínio no Active Directory mantém seu próprio conjunto de objetos de users e outros objetos de diretório. A replicação ocorre apenas dentro do mesmo domínio. Se precisar que o user esteja disponível em ambos os domínios, você precisará criar o user separadamente em cada domínio. DC2 and DC3 Only Quando você estende o esquema com um novo atributo, como o Attribute1, em uma floresta do AD, essa alteração é replicada para todos os controladores de domínio dentro dessa mesma floresta. No entanto, essa replicação não se estende automaticamente para outras florestas, mesmo que haja uma relação de confiança (forest trust) entre elas. Portanto, se você precisar que o Attribute1 esteja disponível em outra floresta, será necessário estender o esquema também nessa floresta separadamente.
upvoted 1 times
Ksk08
3 weeks, 2 days ago
User1: DC2 and DC3 only Reason: User1 replicates within adatum.com (DC2) and to GC servers in the same forest (DC3) Attribute1: DC2 and DC3 only Reason: Schema changes replicate to all DCs within the same forest only
upvoted 1 times
starseed
2 months ago
answer is dc2 for user1 and for attribute dc2 and dc3
upvoted 3 times
004b54b
3 months ago
https://serverfault.com/questions/280570/will-the-global-catalogs-in-two-forests-with-transitive-trust-replicate-data
Global Catalogs are not synced between forests (even with a trust relationship)
upvoted 1 times
rasmart
6 months, 1 week ago
Based on Active Directory structure: DC1 is part of the adatum.com domain and holds the Schema Master role. DC2 and DC3 are also part of the adatum.com domain. DC4 is part of the contoso.com domain and therefore in a different forest. Answers User1: Since User1 was created in the adatum.com domain, User1 will be replicated to all domain controllers within the same domain. Therefore, DC2 and DC3 will have User1's information. Attribute1: Since Attribute1 is a schema extension and schema is replicated across the entire forest, all domain controllers in the adatum.com forest (which includes DC1, DC2, and DC3) will get the schema update. DC4 will not get this update as it is in a different forest. User1: DC2, DC3 Attribute1: DC2, DC3
upvoted 4 times
SIAMIANJI
6 months, 3 weeks ago
Based on the information provided, let’s analyze the actions performed on DC1: User Creation: You created a user named User1 on DC1. Schema Extension: You extended the schema with a new attribute named Attribute1 on DC1. Now let’s determine the replication behavior for User1 and Attribute1: User1 Replication: Since User1 was created on DC1, it will be replicated to other domain controllers within the same domain (adatum.com). Therefore, User1 will be replicated to DC2 (contoso.com) and DC3 (contoso.com). Attribute1 Replication: When you extend the schema with a new attribute, the schema update is replicated to all domain controllers in the forest. Therefore, Attribute1 will be replicated to all domain controllers in both forests: adatum.com and contoso.com (including DC1, DC2, DC3, and DC4). In summary: User1 will be replicated within the adatum.com domain. Attribute1 will be replicated across all domain controllers in both forests.
upvoted 2 times
Vallion
6 months, 3 weeks ago
This question begs questions
upvoted 1 times
dfguss
6 months, 3 weeks ago
User1: DC2 and DC3: User1 is created within the adatum.com domain. Object replication is standard within a domain, ensuring that DC2 and DC3 receive an update. DC4: Because DC4 is in a separate forest (contoso.com) and it is not specified that there is a direct trust relationship between contoso.com and west.adatum.com, User1 would not replicate to DC4. Attribute1: DC2 and DC3: Schema changes are applied at the forest level. As DC2 and DC3 have the function of Global Catalog (GC), they receive replication from Attribute1. DC4: Although DC4 is also a GC, it resides in a separate forest (contoso.com). Schema changes do not automatically propagate between multiple forests.
upvoted 1 times
JhonyTrujillo
9 months ago
User1 = DC2 Only Atribute1 = DC2 and DC3 Only
upvoted 4 times
janshal
10 months, 1 week ago
Box1: To whom who think that the user is sync to the subdomain, please explain in what OU or container in the sub domain the user will be sync to, and maybe you will understand that the user will be sync only to it local domOn...
upvoted 2 times
NotThatGuy242
10 months ago
User1 will replicate to DC3 because, even though it's a DC in the child domain, it's a global catalog. "The global catalog of a forest includes a partial replica of every object in the forest." Source: https://learn.microsoft.com/en-us/windows/win32/ad/attributes-included-in-the-global-catalog
upvoted 1 times
RichardChris
12 months ago
Why are people giving different answers?? It’s very confusing which one to chose in this case
upvoted 3 times
SantaClaws
1 year ago
User1 is replicated to: * DC2 in the adatum.com domain: User objects are part of the domain partition, which is replicated to all domain controllers in the same domain. * DC3 in the west.adatum.com domain: Because there’s a parent-child trust between west.adatum.com and adatum.com, user objects are replicated between the two domains. Attribute1 is replicated to: * DC2 in the adatum.com domain: Schema updates are part of the schema partition, which is replicated to all domain controllers in the same forest. * DC3 in the west.adatum.com domain: Because west.adatum.com is a child domain of adatum.com, it’s part of the same forest, and schema updates are replicated to all domain controllers in the forest. * DC4 in the contoso.com forest: Because there’s a forest trust between contoso.com and adatum.com, schema updates are replicated between the two forests.
upvoted 2 times
SantaClaws
1 year ago
I take this back. DC4 will not have the attribute replicated because schema updates are not replicated across forest trusts. Answer is DC2 and DC3 for both.
upvoted 1 times
JhonyTrujillo
1 year ago
User1 - D2 Atribute1 - D2, D3, D4
upvoted 2 times
MR_Eliot
1 year, 2 months ago
Contoso: - DC-4: > Nothing replicated, another forest. Adatum: - DC1 (ADATUM): > Create User1, Schema Extended with a new attribute - DC2 (ADATUM): > User + Attribute is replicated - DC3 (WEST.ADATAUM): > User + Attribute is replicated Schema master FSMO role The schema master FSMO role holder is the DC responsible for performing updates to the directory schema, that is, the schema naming context or LDAP://cn=schema,cn=configuration,dc=<domain>. This DC is the only one that can process updates to the directory schema. Once the Schema update is complete, it's replicated from the schema master to all other DCs in the directory. There's only one schema master per forest. https://www.windows-active-directory.com/global-catalog-server.html https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-roles
upvoted 2 times
MR_Eliot
1 year, 2 months ago
For both boxes, answer should be DC2 & DC3
upvoted 5 times