Deploying Windows Server 2012 and Windows Server 2012 R2 Domain Controllers

  • 4/24/2014
Contents

Answers

This section contains the answers to the lesson review questions in this chapter.

Lesson 1

  1. Correct answer: A

    1. Correct: Having only one writeable domain controller in a domain is not a best practice. You should have at least two writeable domain controllers in each domain so that if one of them fails, users will still be able to log on and you will still be able to perform AD DS management tasks.
    2. Incorrect: Making sure that each site in your domain has a sufficient number of domain controllers to service the needs of users for logging on and accessing network resources is a best practice.
    3. Incorrect: Keeping the design of your forest simple by having only one domain is a best practice.
    4. Incorrect: Installing only the AD DS and DNS Server roles on your domain controllers is a best practice.

  2. Correct answers: A, B, and C

    1. Correct: The fully qualified domain name (FQDN) for the root domain of your new forest is required information when planning the deployment of the first domain controller in a new forest.
    2. Correct: The forest and domain functional levels are required information when planning the deployment of the first domain controller in a new forest.
    3. Correct: The location for the AD DS database, log files, and SYSVOL folder is required information when planning the deployment of the first domain controller in a new forest.
    4. Incorrect: There is no Domain Admins security group if you haven’t yet deployed the first domain controller in a new forest. Instead, you need the credentials of a member of the local Administrators security group on the server you are promoting to a domain controller.

  3. Correct answers: A and D

    1. Correct: Creating a DNS delegation is not a required step for AD DS deployments if no external DNS servers will be used to reference the FQDN of your organization’s internal forest.
    2. Incorrect: A best practice is for all domain controllers in a domain to have the DNS Server role installed and configured to ensure high availability in distributed environments.
    3. Incorrect: A best practice is for all domain controllers in a domain to be configured as global catalog servers to ensure high availability in distributed environments.
    4. Correct: Read-only domain controllers require that there be at least one writeable domain controller running Windows Server 2008 or later installed in the domain. Having only writeable domain controllers running Windows Server 2003 is insufficient.

Lesson 2

  1. Correct answer: C

    1. Incorrect: You need to run the Add Roles And Features Wizard to install the AD DS role on the server before you can run the AD DS Configuration Wizard to promote the server to a domain controller.
    2. Incorrect: The Add Roles And Features Wizard is used to install the AD DS role on a server, not to promote the server to a domain controller.
    3. Correct: This is the correct procedure.
    4. Incorrect: The Add Roles And Features Wizard is used to install the AD DS role on a server, not to promote the server to a domain controller. The AD DS Configuration Wizard is used to promote a server to a domain controller, not to install the AD DS role on the server.

  2. Correct answers: A and C

    1. Correct: When you use the AD DS Configuration Wizard to deploy the first Windows Server 2012 R2 domain controllers in a domain of a forest whose domain controllers are running earlier Windows Server versions, the Adprep tool automatically runs to prepare the forest and domain by extending the schema to its latest version.
    2. Incorrect: Add A Domain Controller To An Existing Domain is the correct option to select on the Deployment Configuration page of the AD DS Configuration Wizard to deploy the first Windows Server 2012 R2 domain controller in an existing forest running an earlier version of Windows Server.
    3. Correct: Install From Media (IFM) is a supported deployment method to deploy the first Windows Server 2012 R2 domain controller in an existing forest running an earlier version of Windows Server.
    4. Incorrect: You can specify different credentials on the Deployment Configuration page of the AD DS Configuration Wizard if your current logon credentials have insufficient privileges to deploy the first Windows Server 2012 R2 domain controller in an existing forest running an earlier version of Windows Server.

  3. Correct answer: D

    1. Incorrect: This command is missing the –scope base parameter and therefore does not return the correct result.
    2. Incorrect: This command returns the value of the sAMAccountName attribute, which has nothing to do with the schema level.
    3. Incorrect: This command works because it returns the values of all attributes for the specified LDAP path, including the desired attribute objectVersion, but it is not the best syntax because it returns too much unnecessary information.
    4. Correct: This is the correct command syntax to verify that Adprep has successfully extended your forest’s schema.

Lesson 3

  1. Correct answer: B

    1. Incorrect: This command displays the contents of the TrustedHosts list on the local server.
    2. Correct: This is the correct command syntax.
    3. Incorrect: You need to use Set-Item, not Get-Item, to configure the TrustedHosts list on the local server. In addition, the wsman:\ path is incorrect in this command—it should be wsman:\localhost\Client\TrustedHosts.
    4. Incorrect: The wsman:\ path is incorrect in this command—it should be wsman:\localhost\Client\TrustedHosts.

  2. Correct answer: D

    1. Incorrect: Install-ADDSDomain is a cmdlet from the ADDSDeployment module.
    2. Incorrect: Install-ADDSDomainController is a cmdlet from the ADDSDeployment module.
    3. Incorrect: Uninstall-ADDSDomainController is a cmdlet from the ADDSDeployment module.
    4. Correct: Get-ADForest is not a cmdlet from the ADDSDeployment module; it is a cmdlet from the ActiveDirectory module.

  3. Correct answer: C

    1. Incorrect: The Install-ADDSDomainController cmdlet doesn’t have a –Prerequisites parameter.
    2. Incorrect: This command performs a BPA scan on the server and is intended for use after the server has been promoted as a domain controller, not before.
    3. Correct: This is the correct command because it runs only the prerequisites check for deploying a domain controller.
    4. Incorrect: This command only summarizes the changes that would occur during the deployment process; it doesn’t actually test whether those changes are possible given the current environment like the Test-ADDSDomainControllerInstallation command does.
Save to your account

This chapter is from the book