Your network contains an Active Directory domain named contoso.com.
The domain contains two servers named SERVER1 and SERVER2 that run Windows Server 2012.
SERVER1 has the IP Address Management (IPAM) Serverfeature installed.
SERVER2 has the DHCP Server server role installed.
A user named User1 is a member of the IPAM Users group on SERVER1.
You need to ensure that User1 can use IPAM to modify the DHCP scopes on SERVER2.
The solution must minimize the number of permissions assigned to User1.
To which group should you add User1?
A.
IPAM ASM Administrators on SERVER1
B.
IPAMUG in Active Directory
C.
DHCP Administrators on SERVER2
D.
IPAM MSM Administrators on SERVER1
The correct answer is D. Rights are controled on the IPAM server itself by using roles (RBAC). IPAM MSM administrators can be used to manage DHCP and DNS within IPAM (MSM = Managed Service Management). IPAM ASM Administrators is also a role within IPAM, but only used to manage the Adres space ( ASM = Adress space management) IPAMUG is a AD group in order for IPAM itself the function within the enviorment and should not be adjusted.
2012r2 has a group called “DHCP Scope Administrators”. ASM may be right as the scope is an address space which can be administered by the ASM group.
http://technet.microsoft.com/en-us/library/dn268500.aspx
Role
IPAM DHCP administrator – Completely manages DHCP servers
Role
IPAM MSM administrator – Completely manages DHCP and DNS servers
So IPAM MSM would work, but it also give rights for DNS servers, so it’s to much. IPAM DHCP Administrator would be the better choice, but I don’t know about DHCP Administrator, without the IPAM in the name..
My gues would also be D. DHCP Administrator is not for using IPAM.
i would go with C as the correct answer..
DNS record administrator
Manages DNS resource records
IP address record administrator
Manages IP addresses but not IP address spaces, ranges, blocks, or subnets.
IPAM administrator
Manages all settings and objects in IPAM
IPAM ASM administrator
Completely manages IP addresses
IPAM DHCP administrator
Completely manages DHCP servers
IPAM DHCP reservations administrator
Manages DHCP reservations
IPAM DHCP scope administrator
Manages DHCP scopes
IPAM MSM administrator
Completely manages DHCP and DNS servers
So the “D” MUST be correct!
the answer is DHCP Administrators on SERVER2
Why nicola? What is your argument for this choice?
User1 can use IPAM to modify the DHCP scopes on Server2.
C answer correct
Not a valid answer !
BS
IPAM ASM administrator
Completely manages IP addresses
So should be A
You third world cuck it’s IPAM MSM
https://technet.microsoft.com/en-us/library/jj878348(v=ws.11).aspx
“IPAM MSM Administrators: IPAM multi-server management (MSM) administrators can manage DNS and DHCP servers.”
ASM does the following: “IPAM ASM Administrators: IPAM address space management (ASM) administrators can manage IP address blocks, ranges, and addresses.” Does not state DHCP servers.
Now stay cucked.
Answer is D. Tested in my lab. Membership in IPAM MSM Administrators group is only one that allowed user1 to modify DHCP scopes via IPAM on the DHCP server.
A, B and C all got “Operation not allowed”.
Redo your test.
The answer is C
“The solution must minimize the number of permissions assigned to user1”
User 1 is already member of IPAM users group so by gaving him access to DHCP Administrator on SERVER 2 he will be able to manage the DHCP scope on server 2 only!.
By adding him to IPAM MSM Administrators he will have too many permission
The correct answer is C
The answer is C.
Because the question clearly states the user must be able to modify DHCP Scopes BUT must minimize the number of permissions assigned. Choosing anything else would give them unrequired access and break the permissions clause.
I would say that correct answer is D.
IPAM MSM administrators – Completely manages DHCP and DNS servers. IPAM MSM Administrators is a local security group on an IPAM server that is created when you
install the IPAM feature. Members of this group have all the privileges of the IPAM Users security group, and can perform server monitoring and management tasks
in addition to IPAM common management tasks.IPAM multi-server management (MSM) administrators can manage DNS and DHCP servers.
IPAM ASM Administrators on Server1 – Completely manages IP addresses.IPAM address space management (ASM) administrators can manage IP address blocks, ranges, and
addresses.
IPAM Users Group (IPAMUG) – To access configuration data and server event logs, the IPAM server must be a member of the domain IPAM Users Group (IPAMUG).
DHCP Administrators – Members of the DHCP Administrators group can view and modify any settings on the DHCP server. DHCP Administrators can create and delete
scopes, add reservations, change option values, create superscopes, or perform any other task required to administer the DHCP server, including export or
import of the DHCP server configuration and database.
IPAM Users group – IPAM Users is a local security group on an IPAM server that is created when you install the IPAM feature. Members of this group can view all
information in server inventory, IP address space, and the monitor and manage IPAM console nodes. IPAM Users can view IPAM and DHCP operational events under in
the Event Catalog node, but cannot view IP address tracking data.
More info : https://technet.microsoft.com/en-us/library/dn268500.aspx
https://technet.microsoft.com/en-us/library/jj878311.aspx
https://technet.microsoft.com/en-us/library/dd759157.aspx
https://technet.microsoft.com/en-us/library/jj878342.aspx
https://technet.microsoft.com/en-us/library/jj878348.aspx
I can’t bent the answer over here. Where is Hassan when I need someone to ask for the answer for me?
Wrote my 70-412 exam few days ago and passed with a good score!
File and Storage Solutions and Identity and Access Solutions (ADFS, RMS, etc.) were the most difficult parts of the 70-412 exam.
Some study materials that I used:
Books:
Microsoft Official Academic Course: Configuring Advanced Windows Server 2012 R2 Services (highly recommend, for it has more details and more Powershell and more sensible labs than other boos)
Mastering Windows Server 2012 R2
Windows Server 2012 R2: Inside-Out
Training Videos:
Pluralsight
Practice Tests:
PassLeader 70-412 exam dumps (pdf and vce: https://tr.im/Dkbt1, I got it with 10% free), really helpful for testing my knowledge before taking real exam.
All are just FYI, hope all can pass the exam easily. Good Luck!
REALLY??? 😀
and do you want us to click on the link from PassLeader?! 😀
come on guys read this
https://technet.microsoft.com/en-gb/library/cc737716(v=ws.10).aspx
clearly the answer is C
read the question!!
Article is from 2005, applies to server 2003!!
There’s a slight trick in the wording here:
C. DHCP Administrators on SERVER2
Is a security group and Is NOT the same as IPAM’s Access Role:
“IPAM DHCP Administrator Role”
If “IPAM DHCP Administrator Role on Server1” was an option, that would be the better answer.
But the question is asking to ensure User1 can use ***IPAM*** to modify the scopes. So the best answer we have to pick from HAS to be an IPAM Access Role, which leaves us with “D. IPAM MSM Administrators on Server1” as it allows both DHCP and DNS administration from IPAM.
If the question were to ask us to make changes directly on the DHCP server, then we’d want to be in the security group “DHCP Administrators on Server2”
Absolutely spot on. A lot of people are missing the fact that you need to manage DHCP Scopes within IPAM, as this is what the question is asking.
“Rights are controlled on the IPAM server itself by using roles (RBAC). IPAM MSM administrators can be used to manage DHCP and DNS within IPAM”
As for why we choose MSM instead of ASM, look at Micro’s comments. Also, 2 of the users have confirmed that ASM does not allow you to modify DHCP Scopes in their lab.
So why is the answer not A? he only needs to manage the scopes, not the DHCP or DNS servers config.
IPAM ASM Administrators – manage IP address spaces, IP address blocks, IP address subnets. IP address ranges and IP addresses.
That’s from ACCESS CONTROL from IPAM. Under OPERATIONS, there’s no EDIT DHCP SCOPE or EDIT DHCP SCOPE OPTIONS operations available.
I’ve made a mistake!
I just tried … It’s IPAM ASM can’t edit dhcp scope, but can create reservations…
I’ve made a lab, made that test user a member of DHCP Administrators, no good …
IPAM MSM Admin, creates scopes, modify scopes, …
ANSWER: D !
CONFIRMED 1000000000000%
ANSWER IS FUCKING “D”
Tested this in my lab just now
I made a user named “Contoso\Cunt” and added them to
DHCP Administrators on DHCP01 – NO ACCESS TO MODIFY DHCP SCOPES FROM IPAM
IPAM ASM Administrators on IPAM01 – NO ACCESS TO MODIFY DHCP SCOPES FROM IPAM
IPAMUG in Active Directory – NO ACCESS TO MODIFY DHCP SCOPES FROM IPAM
IPAM MSM Administrators on IPAM01 – HOLY FUCK IT WORKS!!!!!!!!!!!!
If anyone debates this any longer please do us a favour and do not do your MCSA. The world doesnt need you hacks.
Awesome… nothing is better then a lab exercise, or real world.
Thanks!
Why are you always so bitter and angry? The majority of your comments that I’ve read are either bitter or sour. Take a chill pill man.
Answer is C
Redo your test and read question correctly before jumping to conclusion.
Add user to IPAM Users group as mentioned in the question and then add it to DHCP Administrators of Server 2
IPAM MSN Adminsitrator give too much access.
Question also show “The solution must minimize the number of permissions assigned to User1”
Passed 70-412 exam on 1/Dec/2016!
6 new questions on:
DHCP Multicast
Azure Backup
Password Replication Policy
…etc.
I used below link and PassLeader 70-412 dumps (391 Q&As)
PassLeader 70-412 dumps (391 Q&As): http://www.passleader.com/70-412.html
p.s.
Free 391q dumps from Google Drive:
https://drive.google.com/open?id=0B-ob6L_QjGLpfm94alk1eU9xWjFYRkVoNkl0cjRiOXZRRjVkUXNXTklicDdKZDJwRGJCM1k
P.S. go fuck yourself!
Congra and Txs for ur contribution !!!
Imfusio is 100% correct. Common sense- DHCP Administrators, while appearing to be correct, is wrong. Add IPAM in front of that, maybe. Or IPAM DHCP Scope Administrators even better.
MSM…just go with it.Out of everything, not only does it work with IPAM, it allows you to manage DHCP and make scopes.
ASM only allows you to manage IP address, ranges (not scopes), subnets…