Which schema attribute properties should you recommend modifying?

###BeginCaseStudy###
Case Study: 3
Litware, Inc
Overview
Litware, Inc., is a manufacturing company. The company has a main office and two branch
offices. The main office is located in Seattle. The branch offices are located in Los Angeles
and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a
child domain for each office. The child domains are named boston.litwareinc.com and
la.litwareinc.com. An Active Directory site exists for each office.
In each domain, all of the client computer accounts reside in an organizational unit (OU)
named AllComputers and all of the user accounts reside in an OU named AllUsers.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
• Five physical Hyper-V hosts that run Windows Server 2012
• Three virtual file servers that run Windows Server 2008 R2
• One physical DHCP server that runs Windows Server 2008 R2
• Ten physical application servers that run Windows Server 2012
• One virtual IP Address Management (IPAM) server that runs Windows
Server 2012
• One virtual Windows Server Update Services (WSUS) server that runs
Windows Server 2008 R2
• One physical domain controller and two virtual domain controllers that
run Windows Server 2008 R2
Each branch office has following servers:
• One virtual file server that runs Windows Server 2008 R2
• Two physical Hyper-V hosts that run Windows Server 2012
• One physical DHCP server that runs Windows Server 2008 R2
• One physical domain controller and two virtual domain controllers that
run Windows Server 2008 R2
All of the offices have a high-speed connection to the Internet. The offices connect to each
other by using T1 leased lines.

The IPAM server in the main office gathers data from the DNS servers and the DHCP
servers in all of the offices.
Requirements
Planned Changes
The company plans to implement the following changes:
• Implement the Active Directory Recycle Bin.
• Implement Network Access Protection (NAP).
• Implement Folder Redirection in the Boston office only.
• Deploy an application named Appl to all of the users in the Boston
office only.
• Migrate to IPv6 addressing on all of the servers in the Los Angeles
office. Some application servers in the Los Angeles office will have only IPv6
addresses.
Technical Requirements
The company identifies the following technical requirements:
• Minimize the amount of administrative effort whenever possible.
• Ensure that NAP with IPSec enforcement can be configured.
• Rename boston.litwareinc.com domain to bos.litwareinc.com.
• Migrate the DHCP servers from the physical servers to a virtual server
that runs Windows Server 2012.
• Ensure that the members of the Operators groups in all three domains
can manage the IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be
configured as RADIUS clients. A server that runs Windows Server 2012 will perform
RADIUS authentication for all of the VPN connections.
Visualization Requirements
The company identifies the following visualization requirements:
• Virtualize the application servers.
• Ensure that the additional domain controllers for the branch offices
can be deployed by using domain controller cloning.
• Automatically distribute the new virtual machines to Hyper-V hosts
based on the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the
network:

• Deploy the new servers over the network.
• Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only
domain controller (RODC). Confidential attributes must not be replicated to the Chicago
office.

###EndCaseStudy###

You need to recommend a solution that meets the security requirements.
Which schema attribute properties should you recommend modifying?

###BeginCaseStudy###
Case Study: 3
Litware, Inc
Overview
Litware, Inc., is a manufacturing company. The company has a main office and two branch
offices. The main office is located in Seattle. The branch offices are located in Los Angeles
and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a
child domain for each office. The child domains are named boston.litwareinc.com and
la.litwareinc.com. An Active Directory site exists for each office.
In each domain, all of the client computer accounts reside in an organizational unit (OU)
named AllComputers and all of the user accounts reside in an OU named AllUsers.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
• Five physical Hyper-V hosts that run Windows Server 2012
• Three virtual file servers that run Windows Server 2008 R2
• One physical DHCP server that runs Windows Server 2008 R2
• Ten physical application servers that run Windows Server 2012
• One virtual IP Address Management (IPAM) server that runs Windows
Server 2012
• One virtual Windows Server Update Services (WSUS) server that runs
Windows Server 2008 R2
• One physical domain controller and two virtual domain controllers that
run Windows Server 2008 R2
Each branch office has following servers:
• One virtual file server that runs Windows Server 2008 R2
• Two physical Hyper-V hosts that run Windows Server 2012
• One physical DHCP server that runs Windows Server 2008 R2
• One physical domain controller and two virtual domain controllers that
run Windows Server 2008 R2
All of the offices have a high-speed connection to the Internet. The offices connect to each
other by using T1 leased lines.

The IPAM server in the main office gathers data from the DNS servers and the DHCP
servers in all of the offices.
Requirements
Planned Changes
The company plans to implement the following changes:
• Implement the Active Directory Recycle Bin.
• Implement Network Access Protection (NAP).
• Implement Folder Redirection in the Boston office only.
• Deploy an application named Appl to all of the users in the Boston
office only.
• Migrate to IPv6 addressing on all of the servers in the Los Angeles
office. Some application servers in the Los Angeles office will have only IPv6
addresses.
Technical Requirements
The company identifies the following technical requirements:
• Minimize the amount of administrative effort whenever possible.
• Ensure that NAP with IPSec enforcement can be configured.
• Rename boston.litwareinc.com domain to bos.litwareinc.com.
• Migrate the DHCP servers from the physical servers to a virtual server
that runs Windows Server 2012.
• Ensure that the members of the Operators groups in all three domains
can manage the IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be
configured as RADIUS clients. A server that runs Windows Server 2012 will perform
RADIUS authentication for all of the VPN connections.
Visualization Requirements
The company identifies the following visualization requirements:
• Virtualize the application servers.
• Ensure that the additional domain controllers for the branch offices
can be deployed by using domain controller cloning.
• Automatically distribute the new virtual machines to Hyper-V hosts
based on the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the
network:

• Deploy the new servers over the network.
• Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only
domain controller (RODC). Confidential attributes must not be replicated to the Chicago
office.

###EndCaseStudy###

You need to recommend a solution that meets the security requirements.
Which schema attribute properties should you recommend modifying?

A.
isIndexed

B.
searchFlags

C.
isCriticalSystemObject

D.
schemaFlagsEx

Explanation:

Applies To: Windows Server 2008, Windows Server 2012
This topic includes procedures for adding an attribute to the filtered attribute set (FAS) for a
readonly domain controller (RODC) and marking the attribute as confidential data. You can
perform these procedures to exclude specific data from replicating to RODCs in the forest.
Because the data is not replicated to any RODCs, you can be assured that the data will not
be revealed to an attacker who manages to successfully compromise an RODC. In most
cases, adding an attribute to the RODC FAS is completed by the developer of the
application that added the attribute to the schema.
• Determine and then modify the current searchFlags value of an attribute
• Verify that an attribute is added to the RODC FAS
– Determine and then modify the current searchFlags value of an attribute

To add an attribute to an RODC FAS, you must first determine the current searchFlags value
of the attribute that you want to add, and then set the following values for searchflags:
• To add the attribute to the RODC FAS, set the 10th bit to 0x200.
• To mark the attribute as confidential, set the 7th bit to 0x080.
http://technet.microsoft.com/en-us/library/cc754794(v=ws.10).aspx



Leave a Reply 0

Your email address will not be published. Required fields are marked *