###BeginCaseStudy###
Topic 1, Contoso Ltd Case A
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is migrating to Windows
Server 2012.
The company has two main offices and two branch offices. The main offices are located in Paris and
Amsterdam. One of the branch offices is a sales office located in Berlin. The other branch office is a research
office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each
office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain controllers for
the research.contoso.com domain. The domain controllers run Windows Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.The company has 10 file servers that have the following disk configurations:
A simple volume named C that is the System and Boot volume and is formatted NTFS
A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
A simple volume named D that is formatted FAT32
A simple volume named E that is formatted NTFS
A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server named AM1.
Both servers have the following server roles installed:
DNS Server
DHCP Server
Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service Provider (ISP) as
forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
Create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain
controllers in sales.contoso.com will run Windows Server 2012. The client computers in
sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
Implement two servers in the Amsterdam office and two servers in the Paris office to
replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have
shared storage.
Decommission the research.contoso.com domain. All of the users and the Group
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
Migrate the existing print queues to virtualized instances of Windows Server 2012.
Migrate the file servers to new servers that run Windows Server 2012.
Implement RADIUS authentication for VPN connections.
Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
All changes to Group Policies must be logged.
Network Access Protection (NAP) policies must be managed centrally.
Core networking services in each office must be redundant if a server fails. The possibility of IP address conflicts during the DHCP migration must be
minimized.
A central log of the IP address leases and the users associated to those
leases must be created.
All of the client computers must be able to resolve internal names and
internet names.
Administrators in the Paris office need to deploy a series of desktop
restrictions to the entire company by using Group Policy.
The new sales.contoso.com domain will contain a web application that will
access data from a Microsoft SQL Server located in the contoso.com domain. The
web application must use integrated Windows authentication. Users’ credentials
must be passed from the web applications to the SQL Server.
###EndCaseStudy###
You are planning the implementation of two new servers that will be configured as RADIUS servers.
You need to recommend which configuration must be performed on the VPN servers. The solution must
meet the technical requirements.
What should you do on each VPN server?
A.
Add a RADIUS client.
B.
Install the Health Registration Authority role service.
C.
Enable DirectAccess.
D.
Modify the authentication provider.
Explanation:
* Implement RADIUS authentication for VPN connections.
* The new sales.contoso.com domain will contain a web application that will access data from a Microsoft
SQL Server located in the contoso.com domain. The web application must use integrated Windows
authentication. Users’ credentials must be passed from the web applications to the SQL Server.
Agree with answer:
To use RADIUS Authentication
Open the Routing and Remote Access MMC snap-in.
Right-click the server name for which you want to configure RADIUS authentication, and then click Properties.
On the Security tab, in Authentication provider, click RADIUS Authentication, and then click Configure.
In the RADIUS Authentication dialog box, click Add.
In the Add RADIUS Server dialog box, configure the settings for your RADIUS authentication server, and then click OK.