Your network contains an Active Directory forest named contoso.com.
The forest contains two domains named contoso.com and child.contoso.com and two sites named Site1 and
Site2. The domains and the sites are configured as shown in following table.
When the link between Site1 and Site2 fails, users fail to log on to Site2.
You need to identify what prevents the users in Site2 from logging on to the child.contoso.com domain.
What should you identify?
A.
The placement of the infrastructure master
B.
The placement of the global catalog server
C.
The placement of the domain naming master
D.
The placement of the PDC emulator
Explanation:
Correct NOT PDC Emulator. This role is not necessary to perform logon. PDC emulator needs to be available
if user needs to change password or when he/she type incorrect one. Also time synchronization (PDC is acting
as time server) is not the issue. I don’t think, that after link failure, every computer immediately gets wrong time
(more than standard 5 minutes).
Global catalog is the key here. There isn’t one in Site2, so when link between sites fails, there is no possibility to
properly check group membership for particular user. That action is performed during logon process (proper
Kerberos ticket containing information about group membership needs to be issued).
The key is that this is a MULTI-DOMAIN forest, which requires connectivity to a global catalog at logon. PDC is not correct because A)There is only 1 per domain, B) it is only required for password CHANGES (and NT5DS), not logon. Besides…if you moved the PDC to site 2 and lost connectivity, the entire SITE1 would be unable to log on, e.g. you just made the problem worse.