Your network contains an Active Directory domain named contoso.com.
The domain contains a main office and a branch office.
An Active Directory site exists for each office.
All domain controllers run Windows Server 2012. Thedomain contains two domain controllers.
The domain controllers are configured as shown in the following table.
DC1 hosts an Active Directory-integrated zone for contoso.com.
You add the DNS Server server role to DC2.
You discover that the contoso.com DNS zone fails toreplicate to DC2.
You verify that the domain, schema, and configuration naming contexts replicate from DC1 to DC2.
You need to ensure that DC2 replicates the contoso.com zone by using Active Directory replication.
Which tool should you use?
A.
Active Directory Sites and Services
B.
Ntdsutil
C.
DNS Manager
D.
Active Directory Domains and Trusts
Explanation:
http://serverfault.com/questions/419658/how-to-speed-up-ad-integrated-dns-zone-replication-server-2008-r2
If you want replication to occur immediately instead of waiting for the typical replication cycle, follow these
steps:
In Administrative Tools, start Active Directory Sites and Services.
Expand Sites. There should be at least one site labeled “default-first-site-name” (or others if they have been
manually configured).
Expand default-first-site-name, expand Servers, andthen expand Computer.
Expand NTDS Settings. One or more objects are listed in the right pane. One of those objects is a linkto the
domain controller you want.
To see the “friendly” name, right-click an entry and view the name. One of the objects points to the domain
controller you want.
Right-click that entry, and then click Replicate Now. The replication is performed immediately.
Note: The time it takes to update the target controllerdepends on network performance.
Sites and services provides an option to “Replicate Now”. In the question abover AD replication has already been verified. There has to be another problem. The only answer that seems plausible… is that there is a CUSTOM Aplication Directory Partition that has been created to constrain the replication of this Active Directory Integrated DNS zone. The only two ways I would know to verify or correct this condition are ntdsustil and dnscmd. I have been unable to find an technial resource that clearly establishes this as the answer.
ntdsutil
D:\Windows\system32\ntdsutil.exe: pa ma
Add NC Replica %s1 %s2
It’s (c). RODCs are a Secondary Partition, and are not replicated via NTDS. You need to set up a 2ndary zone transfer.
Agreed, DNS replication does not occur to a RODC unless specifically configured in the Zone Transfer tab of DNS manager.
Use DNS manager. C
rus is actually right.
The answer is B. Ntdsutil.
Because dns-zone on DC2 is not secondary zone. It’s Primary Read Only Zone.
https://social.technet.microsoft.com/Forums/windowsserver/en-US/32308cd6-2f79-40f1-8958-da0da7c649a5/how-to-setup-dns-on-rodc
https://technet.microsoft.com/en-us/library/cc742490(WS.10).aspx
Dnscmd or Ntdsutil
The answer must be DNS Manager.
DNS Manager – Need zone transfer
Usually in this kind of questions the order by importance is:
Active Directory Sites and Services
Repadmin
Ntdsutil
You would be correct if nothing else was being replicated, but in this case only the zone isn’t replicated.
As you can read in the question the DNS server role was added to the RODC, after the installation of ADDS. So you can read this from Microsoft:
“Install the global catalog and DNS server after the Active Directory Domain Services installation
As a best practice, you should install the Domain Name System (DNS) server role and the global catalog during the installation of Active Directory Domain Services (AD DS). However, if you do not install the DNS server role and the global catalog, you can complete the following procedures to install them after the installation of AD DS. If you install DNS server after the AD DS installation, you must also enlist the RODC in the DNS application directory partitions. The RODC is not enlisted automatically in the DNS application directory partitions by design because it is a privileged operation. If the RODC were allowed to enlist itself, it would have permissions to add or remove other DNS servers that are enlisted in the application directory partitions.”
From here: https://technet.microsoft.com/pt-pt/library/cc742490(v=ws.10).aspx
If you keep reading that article, you’ll see the correct answer would be dnscmd or ntsdutil.