###BeginCaseStudy###
Case Study: 2
Northwind Traders
COMPANY OVERVIEW
Northwind Traders is a manufacturing company that has a main office and three branch offices.
PLANNED CHANGES
• Northwind Traders plans to implement the following changes:
• Implement a remote access solution.
• Upgrade all of the client computers in the shipping department to Windows 7 Enterprise.
• Deny the users in east.northwindtraders.com access to the shared resources in contoso.com.
• Provide the users in the northwindtraders.com domain access to a shared folder in contoso.com.
• Deploy test computers that run either Windows 7 or Windows Server 2008 R2 in a lab
environment.
• Deny the users in contoso.com access to the shared resources in both northwindtraders.com and
east.northwindtraders.com.
• Evaluate whether to migrate all of the users in contoso.com to east.northwindtraders.com.
EXISTING ENVIRONMFNT
Northwind Traders has five departments, including a shipping department. All of the client
computers in the shipping department run windows XP Service Pack 3 (SP3). All of the users in the
shipping department run a-line-of-business application named App1 that only runs on Windows XP.
Existing Active Directory Environment
The network contains two Active Directory forests named north wind traders.com and contoso.com.
Northwindtrades.com contains two domains named northwindtraders.com and
east.northwindtraders.com. Contoso.com contains one domain.
Forest trust relationships do not exist between the forests.
Existing Network infrastructure
The network and the Internet are separated by a firewall. The network contains the IPv4 subnets
shown in the following table.
Technical Requirements
• Centrally manage all client computers.
• Only open ports 80 and 443 on the external firewall.
• Ensure that only smart card authentication is used for remote access.
• Reduce the security risk of having a domain controller in an unsecure location.
• Minimize the amount of Active Directory replication traffic between the offices.
• Minimize the amount of time it takes to restore deleted Active Directory objects.
• Perform all operations by using an account that has the minimum number of rights.
• Ensure that App1 is available to users who are either connected to or disconnected from the
network.
• Prevent Active Directory attributes that contain sensitive information from being stored in the
branch offices.
• Ensure that when client computers authenticate, they always attempt to connect to a domain
controller in their respective local office first.
###EndCaseStudy###
You are evaluating the procedures for recovering Active Directory in the event of a forest-wide
failure. You need to recommend a forest recovery strategy. What should you include in the
recommendation?
A.
Recover one global catalog server from each domain in the forest, and then modify the
tombstone lifetime.
B.
Recover all of the domain controllers in the forest root domain, and then modify the garbage
collection interval.
C.
Recover one domain controller in the forest, and then transfer all of the operation master roles
from the recovered domain controller.
D.
Recover one domain controller from each domain in the forest, and then seize all of the operation
master roles from the recovered domain controllers.