DSQUERY Reference 1:
2. In the console tree, double-click Group Policy Objects in the forest and domain containing the Default Domain Policy Group Policy object (GPO) that you want to edit
3. (...)
QUESTION 11
Your network contains a server that has the Active Directory Lightweight Directory Services (AD LDS) role installed.
You need to perform an automated installation of an AD LDS instance.
Which tool should you use?
A. Dism.exe
B. Servermanagercmd.exe C. Adaminstall.exe
D. Ocsetup.exe Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference:
http://technet.microsoft.com/en-us/library/cc816774.aspx To perform an unattended install of an AD LDS instance
1. Create a new text file by using any text editor.
2. Specify the installation parameters.
3. At a command prompt (or in a batch or script file), change to the drive and directory that contains the AD LDS setup files.
4. At the command prompt, type the following command, and then press ENTER: %systemroot%\ADAM
\adaminstall.exe /answer:drive:\<pathname>\<filename>.txt"
QUESTION 12
Your network contains an Active Directory domain named contoso.com. A partner company has an Active Directory domain named nwtraders.com. The networks for contoso.com and nwtraders.com connect to each other by using a WAN link.
You need to ensure that users in contoso.com can access resources in nwtraders.com and resources on the Internet.
What should you do first?
A. Modify the Trusted Root Certification Authorities store.
B. Modify the Intermediate Certification Authorities store.
C. Create conditional forwarders.
D. Add a root hint to the DNS server.
Correct Answer: C Section: (none) Explanation
Explanation/Reference:
Reference:
MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring (Pearson IT Certification, 2010) pages 114-115
Conditional Forwarders
You can configure a DNS server as a conditional forwarder. This is a DNS server that handles name resolution for specified domains only. In other words, the local DNS server will forward all the queries that it receives for names ending with a specific domain name to the conditional forwarder. This is especially useful in situations where users in your company need access to resources in another company with a separate AD DS forest and DNS zones, such as a partner company. In such a case, specify a conditional forwarder that directs such queries to the DNS server in the partner company while other queries are forwarded to the Internet. Doing so reduces the need for adding secondary zones for partner companies on your DNS servers.
QUESTION 13
Your network contains an Active Directory forest. The forest contains multiple domains.
You need to ensure that users in the human resources department can search for employees by using the employeeNumber attribute.
What should you do?
A. From Active Directory Sites and Services, modify the properties of each global catalog server.
B. From the Active Directory Schema snap-in, modify the properties of the user object class.
C. From Active Directory Sites and Services, modify the NTDS Settings objectof each global catalog server.
D. From the Active Directory Schema snap-in, modify the properties of the employeeNumber attribute.
Correct Answer: D Section: (none) Explanation
Explanation/Reference:
Reference:
http://technet.microsoft.com/en-us/library/how-global-catalog-servers-work.aspx Global Catalog Replication of Additions to the Partial Attribute Set
Each global catalog server in an AD DS forest hosts a copy of every existing object in that forest. For the objects of its own domain, a global catalog server has information related to all attributes that are associated with those objects. For the objects in domains other than its own, a global catalog server has only information that is related to the set of attributes that are marked in the AD DS schema to be included in the partial attribute set (PAS). As described earlier, the PAS is defined by Microsoft as those attributes that are most likely to be used for searches. These attributes are replicated to every global catalog server in an AD DS forest."
"The attributes that are replicated to the global catalog by default include a base set that have been defined by Microsoft as the attributes that are most likely to be used in searches. Administrators can use the Microsoft Management Console (MMC) Active Directory Schema snap-in to specify additional attributes to meet the needs of their installation. In the Active Directory Schema snap-in, you can select the Replicate this attribute to the global catalog check box to designate an attributeSchema object as a member of the PAS, which sets the value of the isMemberOfPartialAttributeSet attribute to TRUE.
QUESTION 14
Your network contains a single Active Directory domain. The domain contains an enterprise certification authority (CA).
You need to ensure that the encryption keys for e-mail certificates can be recovered from the CA database.
You modify the e-mail certificate template to support key archival.
What should you do next?
A. Issue the key recovery agent certificate template.
B. Run certutil.exe -recoverkey.
C. Run certreq.exe-policy.
D. Modify the location of the Authority Information Access (AIA) distribution point.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference:
http://technet.microsoft.com/en-us/library/cc770588.aspx Identify a Key Recovery Agent
A key recovery agent is a person who is authorized to recover a certificate on behalf of an end user. Because the role of key recovery agents can involve sensitive data, only highly trusted individuals should be assigned to this role.
To identify a key recovery agent, you must configure the Key Recovery Agent certificate template to allow the person assigned to this role to enroll for a key recovery agent certificate.
QUESTION 15
Your network contains an Active Directory-integrated DNS zone named contoso.com.
You discover that the zone includes DNS records for computers that were removed from the network.
You need to ensure that the DNS records are deleted automatically from the zone.
What should you do?
A. From DNS Manager, set the aging properties.
B. Create a scheduled task that runs dnslint.exe /v /d contoso.com.
C. From DNS Manager, modify the refresh interval of the start of authority (SOA) record.
D. Create a scheduled task that runs ipconfig.exe /flushdns.
Correct Answer: A Section: (none) Explanation
Explanation/Reference:
Reference:
http://technet.microsoft.com/en-us/library/cc753217.aspx Set Aging and Scavenging Properties for the DNS Server
The DNS Server service supports aging and scavenging features. These features are provided as a
mechanism for performing cleanup and removal of stale resource records, which can accumulate in zone data over time. You can use this procedure to set the default aging and scavenging properties for the zones on a server.
To set aging and scavenging properties for the DNS server using the Windows interface 1. Open DNS Manager.
2. In the console tree, right-click the applicable DNS server, and then click Set Aging/Scavenging for all zones.
3. Select the Scavenge stale resource records check box.