Your network contains one Active Directory forest that has a root domain and three child domains.
All domain controllers run Windows Server 2003 Service Pack 1 (SP1). Each domain has a different
password policy. The domain is configured as shown in the exhibit. (Click the Exhibit button.)
You plan to reduce the number of domains in the forest. You need to plan the restructuring of the
forest to meet the following requirements:
Maintain all existing password policies.
Maintain all existing user account attributes.
What should you include in your plan?
A.
Upgrade all domains to Windows Server 2008. Redirect the users container in the root domain by
using the redirusr.exe tool, and then remove the child domains. Enable fine-grained password
policies.
B.
Upgrade all domains to Windows Server 2008 and enable SID history. Move all user accounts from
the child domains to the root domain by using the movetree.exe tool, and then remove the child
domains.
C.
Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool
(ADMT) to migrate user accounts that contain SID history from the child domains to the forest root
domain. Remove the child domains.
D.
Upgrade the forest root domain to Windows Server 2008. Use the Active Directory Migration Tool
(ADMT) to migrate user accounts from the child domains to the forest root domain, and then
remove the child domains. Enable fine-grained password policies.
Explanation:
To reduce the number of domains from the forest without loosing existing user account attributes
and existing password policies, you need to Use the Active Directory Migration Tool (ADMT) to
migrate user accounts that contain SID history from the child domains to the forest root domain.
Remove the child domains
SID history enables you to maintain user access to resources during the process of restructuring
Active Directory domains. When you migrate an object to another domain, the object is assigned a
new SID. Because you assign permissions to objects based on SIDs, when the SID changes, the user
loses access to that resource until you can reassign permissions. When you use ADMT to migrate
objects between domains, the SID history is automatically retained. In this way, the SID from the
source domain remains as an attribute of the object after the object is migrated to the target
domain.
Enable fine-grained password policies to keep existing password policies.
Restructuring Active Directory Domains Within a Forest SID History
http://209.85.175.104/search?q=cache:IIJntFlGlVcJ:download.microsoft.com/download/5/2/f/52f23
d76-7d56-44d6-ad25-
a95bf0be5516/15_CHAPTER_12_Restructuring_Active_Directory_Domains_Within_a_Forest.doc+re
duce+the+number+of+domains+ADMT&hl=en&ct=clnk&cd=10&gl=in