Your company has a main officeand a branch office.
The company has a single-domain Active Directory forest.
The main officehastwo domain controllersnamed DC1and DC2that runWindows Server 2008 R2.
The branch officehasa Windows Server 2008 R2read-only domain controller (RODC) named DC3.
All domain controllershold the DNS Server roleand are configuredas Active Directory-integrated zones.
The DNS zones only allow secure updates.
Youneed to enable dynamic DNS updates on DC3.
What should you do?
A.
Run the Dnscmd.exe /ZoneResetType command on DC3.
B.
Reinstall Active Directory Domain Services on DC3as a writable domain controller.
C.
Create a custom application directory partition on DC1. Configure the partition to store Active Directoryintegrated zones.
D.
Run the Ntdsutil.exe > DS Behavior commands on DC3.
Explanation:
Answer.Reinstall Active Directory Domain Services on DC3as a writable domain controller.
http://technet.microsoft.com/en-us/library/cc754218%28WS.10%29.aspx#BKMK_DDNS
Appendix A: RODC Technical Reference Topics
DNS updates for clients that are located in an RODCsite
When a client attempts a dynamic update, it sends astart of authority (SOA) query to its preferred Domain
Name System (DNS) server. Typically, clients are configured to use the DNS server in their branch siteas their
preferred DNS server. The RODC does not hold a writeable copy of the DNS zone. Therefore, when it is
queried for the SOA record, it returns the name of a writable domain controller that runs Windows Server 2008
or later and hosts the Active Directory–integrated zone, just as a secondary DNS server handles updates for
zones that are not Active Directory–integrated zones. After it receives the name of a writable domain controller
that runs Windows Server 2008 or later, the client is then responsible for performing the DNS record
registration against the writeable server. The RODCwaits a certain amount of time, as explained below, and
then it attempts to replicate the updated DNS object in Active Directory Domain Services (AD DS) from the
DNS server that it referred the client to through an RSO operation.
Note:
For the DNS server on the RODC to perform an RSO operation of the DNS record update, a DNS server that
runs Windows Server 2008 or later must host writeable copies of the zone that contains the record. That DNS
server must register a name server (NS) resource record for the zone. The Windows Server 2003 Branch
Office Guide recommended restricting name server (NS) resource record registration to a subset of the
available DNS servers. If you followed those guidelines and you do not register at least one writable DNS server
that runs Windows Server 2008 or later as a name server for the zone, the DNS server on the RODC attempts
to perform the RSO operation with a DNS server thatruns Windows Server 2003. That operation fails and
generates a 4015 Error in the DNS event log of the RODC, and replication of the DNS record update willbe
delayed until the next scheduled replication cycle.
Further information:
http://technet.microsoft.com/en-us/library/dd737255%28v=ws.10%29.aspx
Plan DNS Servers for Branch Office Environments
This topic describes best practices for installing Domain Name System (DNS) servers to support Active
Directory Domain Services (AD DS) in branch office environments.
As a best practice, use Active Directory–integratedDNS zones, which are hosted in the application directory
partitions named ForestDNSZones and DomainDNSZones.The following guidelines are based on the
assumption that you are following this best practice.
In branch offices that have a read-only domain controller (RODC), install a DNS server on each RODC sothat
client computers in the branch office can still perform DNS lookups when the wide area network (WAN) link to a
DNS server in a hub site is not available. The bestpractice is to install the DNS server when you install AD DS,
using Dcpromo.exe. Otherwise, you must use Dnscmd.exe to enlist the RODC in the DNS application directory
partitions that host Active Directory–integrated DNS zones.
Note: You also have to configure the DNS client’s setting for the RODC so that it points to itself as its preferred
DNS server.
To facilitate dynamic updates for DNS clients in branch offices that have an RODC, you should have at least
one writeable Windows Server 2008 DNS server that hosts the corresponding DNS zone for which client
computers in the branch office are attempting to make DNS updates. The writeable Windows Server 2008 DNS
server must register name server (NS) resource records for that zone.
By having the writeable Windows Server 2008 DNS server host the corresponding zone, client computers that
are in branch offices that are serviced by RODCs can make dynamic updates more efficiently. This is because
the updates replicate back to the RODCs in their respective branch offices by means of a replicate-singleobject (RSO) operation, rather than waiting for thenext scheduled replication cycle.
For example, suppose that you add a new member server in a branch office, Branch1, which includes an
RODC. The member server hosts an application that you want client computers in Branch1 to locate by using a
DNS query. When the member server attempts to register its host (A or AAAA) resource records for its IP
address to a DNS zone, it performs a dynamic updateon a writeable Windows Server 2008 or Windows Server
2008 R2 DNS server that the RODC tracks in Branch1.If a writeable Windows Server 2008 DNS server hosts
the DNS zone, the RODC in Branch1 replicates the updated zone information as soon as possible from the
writeable Windows Server 2008 DNS server. Then, client computers in Branch1 can successfully locate the
new member server by querying the RODC in Branch1 for its IP address.
If you do not have a writeable Windows Server 2008 DNS server that hosts the DNS zone, the update can still
succeed against Windows Server 2003 DNS server if one is available but the updated record in the DNS zone
will not replicate to the RODC in Branch1 until thenext scheduled replication cycle, which can delay client
computers that use the RODC DNS server for name resolution from locating the new member server.
Please use space in between two words. To difficult to read.