What should you recommend for Branch2?

###BeginCaseStudy###
Case Study: 3
Baldwin Museum of Science
Scenario:
COMPANY OVERVIEW

The Baldwin Museum of Science is an internationally renowned museum of science history.
Physical Location
The museum has a main office and a branch office named Branch1. The main office has
5,000 users. Branch1 has 1,000 users. The main office connects to Branch1 by using a WAN
link. The WAN link is highly saturated. The museum has a sales department. All of the users
in the sales department have client computers that run Windows XP Service Pack 3 (SP3).
EXISTING ENVIRONMENT
Active Directory Environment
The network contains one Active Directory forest. The forest contains two domains named
baldwinmuseumofscience.com and ad.baldwinmuseumofscience.com. All user accounts and
computer accounts for all employees are in the ad.baldwinmuseumofscience.com domain.
The organizational unit (OU) structure for ad.baldwinmuseumofscience.com is shown in the
exhibit. (Click the Case Study Exhibits button.)

Network Infrastructure
The network contains the following servers and Applications:
• Application servers that run either Windows Server 2003 Service Pack 2 (SP2), Windows
Server 2008 SP2, or Windows Server 2008 R2.
• A custom Application named App1 that runs on all of the Application servers. App1 writes
events to the Application log.
• A line-of-business Application named App2 that requires Internet Explorer 6. All of the
users in the sales department run App2.
• File servers that run Windows Server 2008 R2.
The main office has the following:

• A two-node failover cluster that runs Windows Server 2008 R2 and has the Hyper-V role
installed and a Clustered Shared Volume. The failover cluster hosts four virtual machines
(VM) that run Windows Server 2008 R2. The VMs are stored on the Clustered Shared
Volume. Each VM runs Microsoft SQL Server 2008.
• A server named Server1 that hosts two shared folders named Sharel and Share2. Sharel
hosts 50,000 research documents that are shared by multiple users. Share2 hosts documents
that are created by users in the sales department.
Administration Model
All users in Branch 1 are members of global groups and universal groups. The groups are
located in an OU named Groups in the ad.baldwinmuseumofscience.com domain.
REQUIREMENTS
Planned Changes
The Baldwin Museum of Science plans to implement a new branch office named Branch2.
Branch2 wi and will be configured as a separate Active Directory site. Branch2 will be
configured to meet the following requirements:
• Minimize the cost of deploying new servers.
• Contain only client computers that run Windows 7.
• Connect to the main office by using a saturated WAN link.
• Contain only servers that run Windows Server 2008 R2. The servers will be configured as
either file servers or Web servers. The file shares on the file servers must be available if a
single file server fails.
In Branch2, if a single domain controller or a WAN link fails, users in the branch must be
able to:
• Change their passwords.
• Log on to their client computers.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Hardware and software costs must be minimized whenever possible.
• All VMs must be backed up twice a day.
• All VM backups must include the VM configuration information.
• Events generated by App1 must be stored in a central location.
• An administrator must be notified by e-mail when App1 generates an error.
• The number of permissions assigned to help desk technicians must be minimized.
• The help desk technicians must be able to reset the passwords and modify the membership
of all users in Branch1.
• If a user overwrites another user’s research document, the user must be able to recover a
previous version of the document.
• When users in the sales department work remotely, they must be able to access the files in
Share1 in the minimum amount of time.
Security
The Baldwin Museum of Science must meet the following security requirements:
• All scripts that run on production servers must be signed.
• Managers in Branch1 must be allowed to access the Internet at all times.
• Web site administrators must not be required to log on interactively to Web servers.
• Users in Branch1 must only be allowed to access the Internet between 12:00 and
13:00.

• Users and managers must be prevented from downloading executable files from the
Internet.
• Administration of the corporate Web sites must support all bulk changes and
scheduled content updates.
###EndCaseStudy###

You need to recommend a domain controller deployment strategy for Branch2 that meets the
museum’s technical requirements. What should you recommend for Branch2?

###BeginCaseStudy###
Case Study: 3
Baldwin Museum of Science
Scenario:
COMPANY OVERVIEW

The Baldwin Museum of Science is an internationally renowned museum of science history.
Physical Location
The museum has a main office and a branch office named Branch1. The main office has
5,000 users. Branch1 has 1,000 users. The main office connects to Branch1 by using a WAN
link. The WAN link is highly saturated. The museum has a sales department. All of the users
in the sales department have client computers that run Windows XP Service Pack 3 (SP3).
EXISTING ENVIRONMENT
Active Directory Environment
The network contains one Active Directory forest. The forest contains two domains named
baldwinmuseumofscience.com and ad.baldwinmuseumofscience.com. All user accounts and
computer accounts for all employees are in the ad.baldwinmuseumofscience.com domain.
The organizational unit (OU) structure for ad.baldwinmuseumofscience.com is shown in the
exhibit. (Click the Case Study Exhibits button.)

Network Infrastructure
The network contains the following servers and Applications:
• Application servers that run either Windows Server 2003 Service Pack 2 (SP2), Windows
Server 2008 SP2, or Windows Server 2008 R2.
• A custom Application named App1 that runs on all of the Application servers. App1 writes
events to the Application log.
• A line-of-business Application named App2 that requires Internet Explorer 6. All of the
users in the sales department run App2.
• File servers that run Windows Server 2008 R2.
The main office has the following:

• A two-node failover cluster that runs Windows Server 2008 R2 and has the Hyper-V role
installed and a Clustered Shared Volume. The failover cluster hosts four virtual machines
(VM) that run Windows Server 2008 R2. The VMs are stored on the Clustered Shared
Volume. Each VM runs Microsoft SQL Server 2008.
• A server named Server1 that hosts two shared folders named Sharel and Share2. Sharel
hosts 50,000 research documents that are shared by multiple users. Share2 hosts documents
that are created by users in the sales department.
Administration Model
All users in Branch 1 are members of global groups and universal groups. The groups are
located in an OU named Groups in the ad.baldwinmuseumofscience.com domain.
REQUIREMENTS
Planned Changes
The Baldwin Museum of Science plans to implement a new branch office named Branch2.
Branch2 wi and will be configured as a separate Active Directory site. Branch2 will be
configured to meet the following requirements:
• Minimize the cost of deploying new servers.
• Contain only client computers that run Windows 7.
• Connect to the main office by using a saturated WAN link.
• Contain only servers that run Windows Server 2008 R2. The servers will be configured as
either file servers or Web servers. The file shares on the file servers must be available if a
single file server fails.
In Branch2, if a single domain controller or a WAN link fails, users in the branch must be
able to:
• Change their passwords.
• Log on to their client computers.
Technical Requirements
The Baldwin Museum of Science must meet the following technical requirements:
• Hardware and software costs must be minimized whenever possible.
• All VMs must be backed up twice a day.
• All VM backups must include the VM configuration information.
• Events generated by App1 must be stored in a central location.
• An administrator must be notified by e-mail when App1 generates an error.
• The number of permissions assigned to help desk technicians must be minimized.
• The help desk technicians must be able to reset the passwords and modify the membership
of all users in Branch1.
• If a user overwrites another user’s research document, the user must be able to recover a
previous version of the document.
• When users in the sales department work remotely, they must be able to access the files in
Share1 in the minimum amount of time.
Security
The Baldwin Museum of Science must meet the following security requirements:
• All scripts that run on production servers must be signed.
• Managers in Branch1 must be allowed to access the Internet at all times.
• Web site administrators must not be required to log on interactively to Web servers.
• Users in Branch1 must only be allowed to access the Internet between 12:00 and
13:00.

• Users and managers must be prevented from downloading executable files from the
Internet.
• Administration of the corporate Web sites must support all bulk changes and
scheduled content updates.
###EndCaseStudy###

You need to recommend a domain controller deployment strategy for Branch2 that meets the
museum’s technical requirements. What should you recommend for Branch2?

A.
Deploy two writable domain controllers in ad.baldwinmuseumofscience. Configure both domain
controllers as global catalog servers.

B.
Deploy two read only domain controllers (RODCs) in ad.baldwin museum of science. Configure
both RODCs as global catalog servers.

C.
Deploy one writable domain controller in baldwinmuseumofscience.com and one writable domain
controller in ad.baldwinmuseumofscience. Enable universal group membership caching.

D.
Deploy one read only domain controller (RODC) in baldwinmuseumofscience.com and one
writable domain controller in ad.baldwinmuseumofscience. Enable universal group membership
caching.

Explanation:

http ://technet.microsoft.com/en-us/library/dd735489%28WS.10%29.aspx
Read-only domain controllers (RODCs) do not introduce any significant new considerations for
determining whether to make a branch domain controller a global catalog server. Global catalog
placement generally requires planning unless you have a single-domain forest. In a single-domain
forest, you can configure all domain controllers as global catalog servers without causing any
additional replication or an increase in disk size or CPU usage.
However, only domain controllers that are designated as global catalog servers can respond to
global catalog queries on the global catalog Lightweight Directory Access Protocol (LDAP) port 3268.
Designating all domain controllers as global catalog servers eliminates server or network capacity
planning concerns about which domain controllers can respond to global catalog queries by
applications or other domain controllers.
In a multiple-domain forest, deciding whether a domain controller should be a global catalog server
takes extra planning. As a general rule, it is best to make branch-office domain controllers (including
branch-office RODCs) be global catalog servers so that authentication—and, generally, any global
catalog query—can be performed by using just the RODC. This comes, however, at the price of
replicating the partial attribute set for objects from every domain in the forest to the branch office,
which may be expensive in terms of network and disk usage if some domains have large amounts of
users, computers, or groups with a high rate of updates.
If you determine that you cannot make the branch-office domain controller a global catalog server,
you should enable universal group caching in that site. With universal group membership enabled, a
domain controller must connect to a global catalog server across a wide area network (WAN) link
only for initial logons in the site.
Thereafter, universal group membership can be checked from a local cache.



Leave a Reply 0

Your email address will not be published. Required fields are marked *