###BeginCaseStudy###
Case Study: 4
Woodgrove Bank
Scenario:
COMPANY OVERVIEW
Overview
Woodgrove Bank is an international financial organization.
Physical Location
The company has a main office and multiple branch offices.
EXISTING ENVIRONMENT
Active Directory Environment
The network contains one Active Directory forest. A separate domain exists for each office.
Network Infrastructure
All offices have domain controllers that are configured as DNS servers. All client computers
are configured to connect to the DNS servers in their respective office only.
The main office has the following servers and client computers:
• One Windows Server Update Services (WSUS) server.
• Client computers that run either Windows XP Service Pack 3 (SP3) or Windows 7.
• Ten file servers that host multiple shared folders. The file servers run either Windows
Server 2003 or Windows Server 2008 R2.
• One domain-based Distributed File System (DFS) namespace that has two replicas.
The DFS servers run Windows Server 2008 R2. The DFS namespace is configured to use
Windows 2000 Server mode.
Each branch office has a WAN link to the main office. The WAN links are highly saturated.
Each office has a dedicated high-speed Internet connection.
All of the client computers in the branch offices run Windows 7.
User Problems
Users report that it is difficult to find the shared folders on the network.
REQUIREMENTS
Planned Changes
Woodgrove Bank plans to implement the following changes:
• Deploy a new Application named App1 on each client computer. App1 has a
Windows Installer package and is compatible with Windows XP, Windows Vista, and
Windows 7.
• Designate a user in each office to manage the address information of the user accounts
in that office.
• Deploy a new branch office named Branch22 that has the following servers:
• One file server named Server1.
• Two domain controllers named DC10 and DC11 that are configured as DNS servers.
Technical Requirements
Woodgrove Bank must meet the following technical requirements:
• Minimize hardware and software costs, whenever possible.
• Encrypt all DNS replication traffic between the DNS servers.
• Ensure that users in the branch offices can access the DFS targets if a WAN link fails.
• Ensure that users can only view the list of DFS targets to which they are assigned
permissions.
• Minimize the amount of network traffic between the main office and the branch
offices, whenever possible.
• Minimize the amount of name resolution traffic from the branch offices to the DNS
servers in the main office.
• Ensure that the administrators in the main office manage all Windows update
approvals and all computer groups.
• Manage all of the share permissions and the folder permissions for the file servers
from a single management console.
• Ensure that if a file on a file server is deleted accidentally, users can revert to a
previous version of the file without administrator intervention.
• Ensure that administrators are notified by e-mail each time a user successfully copies
a file that has an .avi extension to one of the file servers.
Security Requirements
Woodgrove Bank must meet the following security requirements:
• Access rights and user rights must be minimized.
• The Guest account mustoe disabled on all servers.
• Internet Information Services (IIS) must only be installed on authorized servers.
###EndCaseStudy###
You need to recommend changes to the name resolution infrastructure that meet the company’s
technical requirements. What should you recommend?
A.
Create a stub zone on all of the DNS servers in the branch offices.
B.
Create a secondary zone on all of the DNS servers in the branch offices.
C.
Move the DNS zone of the root domain to the ForestDnsZones Application directory partition.
D.
Move the DNS zone of each branch office to the ForestDnsZones Application directory partition.
Explanation:
To reduce replication traffic and the amount of data stored in the global catalog, you can use
application directory partitions for Active Directory–integrated DNS zones.
http ://technet.microsoft.com/en-us/library/cc772101.aspx
All domain controllers in a specified application directory partition
Replicates zone data according to the replication scope of the specified application directory
partition. For a zone to be stored in the specified application directory partition, the DNS server
hosting the zone must be enlisted in the specified application directory partition. Use this scope
when you want zone data to be replicated to domain controllers in multiple domains but you do not
want the data to replicate to the entire forest.