Note: This questions is part of series of questions that use the same or similar answer choices.
An answer choice may be correct for more than one question in the series.
Each question is independent of the other questions in this series.
Information and details provided in a question apply only to that question.
Your network contains one Active Directory forest named contoso.com.
The forest contains two child domains and six domain controllers.
The domain controllers are configured as shown in the following table.
You need to replicate users who haven’t authenticated against any domain controllers for the last
7 days.
What should you use?
A.
Set-ADSite
B.
Set-ADReplicationSite
C.
Set-ADDomain
D.
Set-ADReplicationSiteLink
E.
Set-ADGroup
F.
Set-ADForest
G.
Netdom
Explanation:
https://technet.microsoft.com/en-us/library/ee617212.aspx
Surely you would need to use a Get-ADUser command in conjunction with a replicate command to accomplish this. The Set-ADDomain account cannot locate users. The answers may have changed on this question.
Set-ADDomain using option -LastLogonReplicationInterval, no Get-ADUser is needed.
Specifies the time, in days, within which the last logon time of an account must be replicated across all domain controllers in the domain. This parameter sets the LastLogonReplicationInterval property for a domain. The LDAP display name (ldapDisplayName) for this property is msDS-LogonTimeSyncInterval. The last logon replication interval must be at least one day. Setting the last logon replication interval to a low value can significantly increase domain-wide replication.
The following example shows how to set this parameter to 10 days.
-LastLogonReplicationInterval “10”
Yes, i think you’re right.
Something like this would probably work:
Set-ADDomain -identity contoso.com -LastLogonReplicationInterval “10”
How this command replicate users?
This question is similar to the 361 of this same exam.
The explanation used by the user JohnnyDivin’Duck is clear:
“JohnnyDivin’Duck says:
October 26, 2015 at 2:25 pm
Default value for msDS-LogonTimeSyncInterval is 14 days. It means that if LastLogonTimeStamp attribute is older than 14 days then it represents accurate value for LastLogon attribute on any DC. In this question we need to set msDS-LogonTimeSyncInterval smaller than 7 days, for example 6 to be sure that we can filter users who hasn’t logged on for 7 days. Cmdlet Set-AdDomain should be run in every domain in the forest.
https://technet.microsoft.com/en-us/library/ee617212.aspx
http://blogs.technet.com/b/askds/archive/2009/04/15/the-lastlogontimestamp-attribute-what-it-was-designed-for-and-how-it-works.aspx“
This question is similar to the 361 of this same exam.
The explanation used by the user JohnnyDivin’Duck is clear:
“JohnnyDivin’Duck says:
October 26, 2015 at 2:25 pm
Default value for msDS-LogonTimeSyncInterval is 14 days. It means that if LastLogonTimeStamp attribute is older than 14 days then it represents accurate value for LastLogon attribute on any DC. In this question we need to set msDS-LogonTimeSyncInterval smaller than 7 days, for example 6 to be sure that we can filter users who hasn’t logged on for 7 days. Cmdlet Set-AdDomain should be run in every domain in the forest.