DRAG DROP
Your network contains an Active Directory forest named contoso.com. All domain controllers run
Windows Server 2008 R2.
The schema is upgraded to Windows Server 2012 R2.
Contoso.com contains two servers. The servers are configured as shown in the following table.
Server1 and Server2 host a load-balanced application pool named AppPool1.
You need to ensure that AppPool1 uses a group Managed Service Account as its identity.
Which three actions should you perform?
To answer, move the three appropriate actions from the list of actions to the answer area and
arrange them in the correct order.
Answer: See the explanation
Explanation:
Box 1:Box 2:
Box 3: Modify the settings of AppPool1.
Note:
Box 1:
Group Managed Service Accounts Requirements:
At least one Windows Server 2012 Domain Controller
A Windows Server 2012 or Windows 8 machine with the ActiveDirectory PowerShell module, to
create/manage the gMSA.
A Windows Server 2012 or Windows 8 domain member to run/use the gMSA.
Box 2:
To create a new managed service account
On the domain controller, click Start, and then click Run. In the Open box, type ds
a. msc, and then click OK to open the Active Directory Users and Computers snap-in. Confirm that
the Managed Service Account container exists.
Click Start, click All Programs, click Windows PowerShell 2.0, and then click the Windows PowerShell
icon.
Run the following command: New-ADServiceAccount [-SAMAccountName<String>] [-Path <String>].
Box 3:
Configure a service account for Internet Information Services
Organizations that want to enhance the isolation of IIS applications can configure IIS application
pools to run managed service accounts.
To use the Internet Information Services (IIS) Manager snap-in to configure a service to use a
managed service account
Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
Double-click <Computer name>, double-click Application Pools, right-click <Pool Name>, and click
Advanced Settings.
In the Identity box, click …, click Custom Account, and then click Set.
Type the name of the managed service account in the format domainname\accountname.Service Accounts Step-by-Step Guide
Provided answer is correct, since you need a DC running Server 2012 to manage gMSA’s.
Despite de Schema has been upgraded to Server 2012 R2, that doesn’t mean therer’s already a DC running Server 2012 R2, since you can upgrade the schema manually without having a DC running Server 2012 R2.
Source: http://social.technet.microsoft.com/wiki/contents/articles/13422.manual-schema-upgrade-for-windows-server-2012windows-server-2012-r2.aspx
“Why you need to update schema manually? If you dont require the 2012 DC but you need schema version 56.”
note this part of the question : — “All domain controllers run
Windows Server 2008 R2.” needs 2012 to have managed service accounts , schema upgrade is not enuff..
You do need the
1. Install Win 2012 DC
2. Run New-ADServiceAccount
3. Install-ADServiceAccount
Then you can configure the settings for AppPool1.
https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/
???
http://www.microsoft4shared.com/wp-content/uploads/2014/07/70-411-demo-109.jpg
no. you can skip 3.Install-ADServiceAccount, it is an application pool. so install-adserviceaccount may not be required. It isn’t always necessary
1. Install Win 2012 DC
2. Run New-ADServiceAccount
3. Modify the settings of AppPool1
check comment from Kurt here for more information:
http://www.aiotestking.com/microsoft/which-three-actions-should-you-perform-171/#comments