###BeginCaseStudy###
Case Study: 3
Litware, Inc
Overview
Litware, Inc., is a manufacturing company. The company has a main office and two branch
offices. The main office is located in Seattle. The branch offices are located in Los Angeles
and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a
child domain for each office. The child domains are named boston.litwareinc.com and
la.litwareinc.com. An Active Directory site exists for each office.
In each domain, all of the client computer accounts reside in an organizational unit (OU)
named AllComputers and all of the user accounts reside in an OU named AllUsers.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
• Five physical Hyper-V hosts that run Windows Server 2012
• Three virtual file servers that run Windows Server 2008 R2
• One physical DHCP server that runs Windows Server 2008 R2
• Ten physical application servers that run Windows Server 2012
• One virtual IP Address Management (IPAM) server that runs Windows Server 2012
• One virtual Windows Server Update Services (WSUS) server that runs Windows
Server 2008 R2
• One physical domain controller and two virtual domain controllers that run Windows
Server 2008 R2
Each branch office has following servers:
• One virtual file server that runs Windows Server 2008 R2
• Two physical Hyper-V hosts that run Windows Server 2012
• One physical DHCP server that runs Windows Server 2008 R2
• One physical domain controller and two virtual domain controllers that run Windows
Server 2008 R2
All of the offices have a high-speed connection to the Internet. The offices connect to each
other by using T1 leased lines.
The IPAM server in the main office gathers data from the DNS servers and the DHCP servers
in all of the offices.
Requirements
Planned Changes
The company plans to implement the following changes:
• Implement the Active Directory Recycle Bin.
• Implement Network Access Protection (NAP).
• Implement Folder Redirection in the Boston office only.
• Deploy an application named Appl to all of the users in the Boston office only.
• Migrate to IPv6 addressing on all of the servers in the Los Angeles office. Some
application servers in the Los Angeles office will have only IPv6 addresses.
Technical Requirements
The company identifies the following technical requirements:
• Minimize the amount of administrative effort whenever possible.
• Ensure that NAP with IPSec enforcement can be configured.
• Rename boston.litwareinc.com domain to bos.litwareinc.com.
• Migrate the DHCP servers from the physical servers to a virtual server that runs
Windows Server 2012.
• Ensure that the members of the Operators groups in all three domains can manage the
IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be
configured as RADIUS clients. A server that runs Windows Server 2012 will perform
RADIUS authentication for all of the VPN connections.
Visualization Requirements
The company identifies the following visualization requirements:
• Virtualize the application servers.
• Ensure that the additional domain controllers for the branch offices can
be deployed by using domain controller cloning.
• Automatically distribute the new virtual machines to Hyper-V hosts
based on the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the
network:
• Deploy the new servers over the network.
• Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single readonly domain controller (RODC). Confidential attributes must not be replicated to the Chicago
office.
###EndCaseStudy###
You need to recommend changes to the Active Directory site topology to support on the
company’s planned changes.
What should you include in the recommendation?
A.
A new site
B.
A new site link bridge
C.
A new site link
D.
A new subnet
Sites overview
Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses
network topology information, which is stored in the directory as site, subnet, and site link
objects, to build the most efficient replication topology. The replication topology itself
consists of the set of connection objects that enable inbound replication from a source
domain controller to the destination domain controller that stores the connection object. The
Knowledge
Consistency Checker (KCC) creates these connection objects automatically on each domain
controller.
http://technet.microsoft.com/en-us/library/cc754697.aspx
A is correct! A new site is needed since a new branch office will be opened in Chicago and the policy is to have a site for every office.
Agree with Piet
Even in the explanation it underlines
” An Active Directory Site exists for each office”
and one of the requirements is to open a new office in Chicago and as per company policy a new site will be required.
Correct Answer is A.
answer is A
Answer is D
On the surface A would seem to be correct, but the question says specifically to support the company’s planned changes. One of the changes is implementing NAP. For NAP you will need another subnet for remediation of non compliant machines.
Where hoy see that remediation subnet or network is demanded? One of possibilities for NAP is not allowing to connect. Remediation is possibility to have not a requirement to comply with.
Its a tricky one. The requirement is also to migrate to IPV6 addressing in Los Angeles which means a new IP subnet needs to be linked to the existing AD site. So answer D seems to be correct.
Creation of new branch office in Chicago will demand creation of new site for sure, thats company policy.
You don’t HAVE to set an IP for a site. However, you’re really going to want to set the site for Chicago or the RODC won’t know who is closest to replicate with and the london clients will authenticate to all the other DCs.
August 24, 2016 at 7:12 am
You don’t need another subnet. You can use the existing one for migration to IPv6.
On dual-stack systems (ones with both IPv4 and IPv6 stacks active), you can represent IPv4 using IPv6 mechanics. They call it “IPv4-mapped IPv6 addresses”. The pattern is all-zeroes, followed by FFFF, followed by the 32-bit IPv4 address.
So, 192.168.100.21 becomes ::FFFF:C0A8:6415 — or more simply: ::FFFF:192.168.100.21. Since that right-hand bit represents an IPv4 address, it’s traditionally written out using dotted-decimal form.
As this is an actual IPv4 address, it still uses IPv4 headers etc., which means that an IPv4 stack must be present, IPv4 routes must be set, and all that. The advantage is that you can represent both IPv4 and IPv6 addresses using a single address structure.
So A (A new site) is the correct answer.
Plus, the explanation seems to explain the correct answer as A.