You have a single Active Directory domain. All domain controllers run Windows Server 2003 with ServicePack
1 (SP1).
You plan to store Windows BitLocker Drive Encryption recovery passwords in Active Directory.
You need to recommend the solution that uses the least amount of administrative effort.
What should you recommend?
A.
Upgrade the domain controller that has the role of operations master to Windows Server 2008 R2.
B.
Upgrade all domain controllers to Windows Server 2008 R2.
C.
Upgrade all domain controllers to Windows Server 2003 SP2.
D.
Extend the Active Directory schema.
Explanation:
BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active
Directory
This section provides information about how BitLocker and TPM recovery information can be backed up in
Active Directory. By default, no recovery information is backed up. Administrators can configure GroupPolicy
settings to enable backup of BitLocker or TPM recovery information. Before configuring these settings,as a
domain administrator you must ensure that the Active Directory schema has been extended with the necessary
storage locations and that access permissions have been granted to perform the backup.
http://technet.microsoft.com/en-us/library/cc766015(v=ws.10).aspx