You are an Enterprise administrator for contoso.com. The company has a head office and 250 branch offices. The corporate network of the company consists of a single Active Directory domain.
All the domain controllers on the corporate network run Windows Server 2008. You have been asked to deploy Read-only Domain Controllers (RODCs) in each designated branch offices because the physical security at branch office locations cannot be guaranteed.
While deploying the RODCs, you need to ensure that the RODC installation source files do not contain cached secrets and the bandwidth used during the initial synchronization of Active Directory Domain Services (AD DS) is minimized.
Which of the following options would you choose to accomplish the given task?
A.
Backup of the critical volumes of an existing domain controller by using Windows Server Backup. Now build the new RODCs using the backup.
B.
Using one of the domain controllers on the nework create a DFS Namespace that contains the Active Directory database and then build the new RODCs using by using an answer file.
C.
Create an RODC installation media using ntdsutil ifm and the build the RODCs from the RODC installation media.
D.
Perform a full backup of an existing domain controller using Windows Server Backup and then use the backup to build the new RODCs.
E.
None of the above
Explanation:
The new ntdsutil ifm subcommand can be used to create installation media. It can be used to remove secrets, such as passwords, from the AD DS database, so that you can install a read-only domain controller (RODC) without them. When you remove these secrets, the RODC installation media is more secure if it must be transported to a branch office for an RODC installation.
Ntbackup.exe cannot remove cached secrets from the installation media.Reference: Steps for Deploying an RODC/ Optional: Install RODC from media http://technet.microsoft.com/en-us/library/cc754629.aspx