Your company has two main offices and 10 branch offices. Each office is configured as a
separate Active Directory site.
The main offices sites are named Site1 and Site2. Each office connects to Site1 and Site2
by using a WAN link. Each site contains a domain controller that runs Windows Server 2008.
You are redesigning the Active Directory infrastructure.
You plan to implement domain controllers that run Windows Server 2012 and decommission
all of the domain controllers that run Windows Server 2008.
You need to recommend a placement plan for the Windows Server 2012 domain controllers
to meet the following requirements:
Ensure that users can log on to the domain if a domain controller or a WAN link fails.
Minimize the number of domain controllers implemented.
What should you include in the recommendation? (Each correct answer presents part of the
solution. Choose all that apply.)
A.
Read-only domain controllers (RODCs) in the branch office sites
B.
A writable domain controller in Site1
C.
A writable domain controller in Site2
D.
Writable domain controllers in the branch office sites
I believe this should be ABC. You wouldn’t need a writable domain controller in the branch offices.
Correct answer: A, B, C
A (not D) Writeable domain controllers are not needed to authenticate users at the branch offices
Wouldn’t you need to specify all the users who’s passwords would be cached on each RODC? In their Password Replication Policy (PRP)? I think it creates an unneeded administrative nightmare.
https://technet.microsoft.com/en-us/library/cc770320%28v=ws.10%29.aspx – RODC’s defined
The question does not say anything about security so I’m not sure RODC’s would be appropriate. Setting up DC’s everywhere satisfies the conditions and makes the most sense administratively. You have to be careful as an engineer to not “over-engineer” something. And the answers on these tests (unless conditions say otherwise) seems to want the path of least resistance.
Given Answer is correct in my opinion.
Forgot to include the point that by-default (unless specified) RODC’s don’t include cached users passwords so that’s why you would need to specify the Password Replication Policy for each site and it’s set of users.
And also think that users may go from one office to another (i.e. an admin travels to an office to work on something and the WAN link goes down, he can’t login because he was not specified in the PRP.)
Just doesn’t make sense.
Don`t forget that each branch office is connected to BOTH main offices and the question is “… if a domain controller or a WAN link fails”. In my opinion there is always a second site with a writeable domain controller available. Isn`t it?
So I think ABC are the correct answers.
In Microsft language, branch office means RODC
BC
1.A site without DC is allowed.
2.Since every branch has a WAN link to each main office, branch users will always have a connection with a main office when a domain controller or a WAN link fails.
3.There is no difference between A and D in this question.
The correct answer should be just B and C.
1. We have a WAN connection to BOTH Site1 AND Site2.
2. “Ensure that users can log on to the domain if a domain controller OR a WAN link fails.” The question specifically spells out OR here. So we do not need to plan for a failure of both simultaneously. So if the DC in Site 1 fails, then the users in branch offices just connect to DC in Site 2. If the WAN link to Site 2 fails, then the users in the branch office just connect to DC in Site 1.
3. The question specifically asks to minimize the number of DCs. If you just replace all DCs with 2012 DCs, you are not accomplishing this.
Folks
a.) “Ensure that users can log on to the domain if a domain controller OR a WAN link fails.”
b.) You need to satisfy either one
c.) If site 1 or 2 down or vice versa – this is easy to accompolished
d.) What if both site 1/2 down – How – so we need to test DC
d.) Next one is the domain controller
So i believe is BCD
You wrote the reason: “… if a domain controller OR a WAN link fails.”
So, also if it’s possible that a both DC or WAN link fails, the specific requirement is ONE DC or ONE LINK …
It’s B,C
I believe it is B & C
Ensure that users can log onto the domain if “A” controller or “A” WAN link fails.
The main offices are Site1 & Site2. Each office connects to Site1 and Site2 by using a WAN link. The scenario does not say if the WAN links are VPN or PSTN connections. So if “A” WAN link drops the office is still connected to the other main office site.
By only installing 2 DCs that fulfills the other requirement.