What should you identify?

Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and
Site2. The domains and the sites are configured as shown in following table.

When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?

Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and
Site2. The domains and the sites are configured as shown in following table.

When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?

A.
the placement of the global catalog server

B.
the placement of the PDC emulator

C.
the placement of the infrastructure master

D.
the placement of the domain naming master

Show Hint

Leave a Reply 19

Your email address will not be published. Required fields are marked *

bean

bean

I think it’s B. GC is used when you need to query other domain’s information. PDC emulator will contain the database of user and group info

Reply

Vi

Vi

Answer: A
The placement of a Global Catalog is needed.

The PDC emulator is already present in child Domain, but it doesn’t help when the WAN link fail.

Reply

Imi

Imi

I think A is correct.

If possible, you do not want users performing AD DS searches that must reach across slow, expensive WAN links to contact domain controllers at other sites. Placing a global catalog server at each site is recommended in this case.

Reply

Mike

Mike

Dude, You can only have one PDC emulator per domain. You cannot have PDC on 2 different DCs in same domain.

Forest Wide FSMO roles (can be placed on any domain controller in the forest on any domain):
Domain Naming Master
Schema Master

Domain wide FSMO roles (needed on each domain in a forest)
Infrastructure Master
RID Master
PDC Emulator

Infra, PDC, and RID are already present on both contoso.com and child.contoso.com, so right off the bat, answers “B” “C” and “D” are invalid as their placement doesnt matter.

child.contoso.com is MISSING the Global Catalog server. Its the only answer that fits.

Reply

student

student

“User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:

In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.

When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.”

http://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx

So probably A.

“The PDC Emulator FSMO role owner performs the following functions:
Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
If a logon authentication fails at a given DC in a domain due to a bad password, the DC will forward the authentication request to the PDC emulator to validate the request against the most current password. If the PDC reports an invalid password to the DC, the DC will send back a bad password failure message to the user.
Account lockout is processed on the PDC emulator.”
http://msdn.microsoft.com/en-us/library/cc223752.aspx

So PDC Emulator is involved in UPDATING and CHANGED passwords, but if all users fail to log on, it’s unlikely it’s because they all changed their passwords simultaneously.

Reply

johnny

johnny

Is this confirmed? Other dumps say B and if the question is about DC3/DC4 (other 2 just used to confuse) then B would be correct.

Reply

Mike

Mike

Dude, You can only have one PDC emulator per domain. You cannot have PDC on 2 different DCs in same domain.

Forest Wide FSMO roles (can be placed on any domain controller in the forest on any domain):
Domain Naming Master
Schema Master

Domain wide FSMO roles (needed on each domain in a forest)
Infrastructure Master
RID Master
PDC Emulator

Infra, PDC, and RID are already present on both contoso.com and child.contoso.com, so right off the bat, answers “B” “C” and “D” are invalid as their placement doesnt matter.

child.contoso.com is MISSING the Global Catalog server. Its the only answer that fits.

Reply

jo

jo

…I meant in the child domain, not site 2.

Reply

Philip

Philip

I agree with student that A is probably correct.

Reply

Markinyik

Markinyik

the answer is definitely A, child domain has a pdc emulator but at the site1 but not at the site2.

Reply

vince

vince

A is correct,NB. no password error is reported.

Supplies user principal name authentication.

A global catalog server resolves a user principal name (UPN) when the authenticating domain controller has no knowledge of the user account. For example, if a user’s account is located in sales1.cohovineyard.com and the user logs on with a UPN of [email protected] from a computer that is located in sales2.cohovineyard.com, the domain controller in sales2.cohovineyard.com cannot find the user’s account and it must contact a global catalog server to complete the logon process.

Reply

Davey

Davey

Agree with student. A is correct

Reply

mork

mork

http://technet.microsoft.com/en-us/library/dd391870(v=ws.10).aspx

The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it.

http://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx

The PDC emulator master processes password changes from client computers and replicates these updates to all domain controllers throughout the domain. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest

Reply

Stoneboy

Stoneboy

Correct Answer is: A. The placement of the global catalog server.

Explanation:
User logon. In a forest that has more than one domain, two conditions require the global catalog during user authentication:
In a domain that operates at the Windows 2000 native domain functional level or higher, domain controllers must request universal group membership enumeration from a global catalog server.
When a user principal name (UPN) is used at logon and the forest has more than one domain, a global catalog server is required to resolve the name.
http://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx

Reply

Mel

Mel

The statement says that only users in Site2 fail to logon to child.contoso.com when the link fails. That domain spans Site1 and Site2. Users in Site1 apparently have no problem logging on. They have a PDC emulator. But since only one PDC emulator per domain is allowed, the answer must be the Global Catalog Server.

Reply

Google

Google

The time to study or stop by the subject material or internet sites we have linked to beneath.

Reply

Heber

Heber

Pra mim resposta é emulador pdc. site 2 não possui nenhum serviço.

Reply