- 5 переглядів
Exam
Answer needs confirmation
Question
Your network contains an Active Directory Domain Services (AD DS) forest. The forest functional level is Windows Server 2012 R2. The forest contains the domains shown in the following table.
You create a user named Admin1.
You need to ensure that Admin1 can add a new domain controller that runs Windows Server 2022 to the east.contoso.com domain. The solution must follow the principle of least privilege.
To which groups should you add Admin1?
Proposed answer
- A. EAST\Domain Admins only
- B. CONTOSO\Enterprise Admins only
- C. CONTOSO\Schema Admins and EAST\Domain Admins
- D. CONTOSO\Enterprise Admins and CONTOSO\Schema Admins
Suggested answer
- A (75%)
- D (25%)
nap61
4 months, 2 weeks ago
Selected Answer: A
According with this article https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/upgrade-domain-controllers a WS2022 DC can be installed in a FL 2008 and above without have to prepare de forest. Also is not required to runadprep. And, in this case the minimum to install a 2022DC in a 2012R2 FL would be Domain Admin of the respective domain, so East/Domain Admin.
upvoted 1 times
Kuikz
7 months ago
Selected Answer: A
https://u-tools.com/help/UpgradeRunAdprep.asp Before you can replace your old computer with a new computer that is running a new version of Windows Server, you need to first prepare the Active Directory schema by running adprep. The adprep console utility will upgrade the Active Directory schema to add new object types required by the new operating system. If you forget to run adprep, U-Move will display a warning message to remind you. Windows Server 2012-2022: Windows will automatically run adprep during the promotion of the new domain controller.
upvoted 1 times
004b54b
7 months, 1 week ago
Selected Answer: A
As mentionned by NotThatGuy242, according to https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/adprep/changes-made-by-adprep Answer is A
upvoted 1 times
SWOID
9 months ago
Selected Answer: D
The question at hand seems to lack practicality. While Domain Admins of the child domain theoretically possess the ability to add a new domain controller, the Active Directory forest and domain need to be prepared for Windows Server 2022 DC, which mandates permissions from both Enterprise Admins and Schema Admins. In a real-world scenario, it wouldn't be advisable to grant Admin1 the combined permissions of Enterprise Admins and Schema Admins simply to facilitate the addition of a new domain controller in the child domain. However, for the purposes of this hypothetical scenario, we must assume that Admin1 is the sole administrator tasked with this responsibility, thereby requiring the elevated permissions without additional administrative support for forest and domain preparation prior to the addition of the new domain controller. My answer is D
upvoted 1 times
NotThatGuy242
8 months, 3 weeks ago
I'm not so sure. As shown in this link, there are no forest-wide updates, domain-wide updates, or schema updates required to install a 2022 DC in a domain that already has a 2019 DC. https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/deploy/adprep/changes-made-by-adprep Therefore, Domain Admins in the target domain should suffice.
upvoted 5 times