What should you include in the recommendation?

###BeginCaseStudy###
Topic 1, Contoso Ltd Case A
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is migrating to Windows
Server 2012.
The company has two main offices and two branch offices. The main offices are located in Paris and
Amsterdam. One of the branch offices is a sales office located in Berlin. The other branch office is a research
office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each
office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain controllers for
the research.contoso.com domain. The domain controllers run Windows Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.The company has 10 file servers that have the following disk configurations:
 A simple volume named C that is the System and Boot volume and is formatted NTFS
 A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
 A simple volume named D that is formatted FAT32
 A simple volume named E that is formatted NTFS
 A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server named AM1.
Both servers have the following server roles installed:
 DNS Server
 DHCP Server
 Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service Provider (ISP) as
forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
 Create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain
controllers in sales.contoso.com will run Windows Server 2012. The client computers in
sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
 Implement two servers in the Amsterdam office and two servers in the Paris office to
replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have
shared storage.
 Decommission the research.contoso.com domain. All of the users and the Group
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
 Migrate the existing print queues to virtualized instances of Windows Server 2012.
 Migrate the file servers to new servers that run Windows Server 2012.
 Implement RADIUS authentication for VPN connections.
 Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
 All changes to Group Policies must be logged.
 Network Access Protection (NAP) policies must be managed centrally.
 Core networking services in each office must be redundant if a server fails. The possibility of IP address conflicts during the DHCP migration must be
minimized.
 A central log of the IP address leases and the users associated to those
leases must be created.
 All of the client computers must be able to resolve internal names and
internet names.
 Administrators in the Paris office need to deploy a series of desktop
restrictions to the entire company by using Group Policy.
 The new sales.contoso.com domain will contain a web application that will
access data from a Microsoft SQL Server located in the contoso.com domain. The
web application must use integrated Windows authentication. Users’ credentials
must be passed from the web applications to the SQL Server.

###EndCaseStudy###

You need to recommend which changes must be implemented to the network before you can deploy the
new web application.
What should you include in the recommendation?

###BeginCaseStudy###
Topic 1, Contoso Ltd Case A
Overview
Contoso, Ltd., is a healthcare company in Europe that has 2,000 users. The company is migrating to Windows
Server 2012.
The company has two main offices and two branch offices. The main offices are located in Paris and
Amsterdam. One of the branch offices is a sales office located in Berlin. The other branch office is a research
office located in Brussels.
The offices connect to each other by using a WAN link.
Current Environment
Active Directory
The network contains an Active Directory forest named contoso.com. An Active Directory site exists for each
office.
The forest contains a child domain named research.contoso.com.
The functional level of both the domains is Windows Server 2008.
In each site, there are two domain controllers for the contoso.com domain and two domain controllers for
the research.contoso.com domain. The domain controllers run Windows Server 2008 R2.
All of the domain controllers are global catalog servers.
The FSMO roles were not moved since the domains were deployed.
Network Infrastructure
All servers run Windows Server 2008 R2.
Each user has a laptop computer that runs Windows 7.
The company has 10 print servers. Each print server contains several shared printers.The company has 10 file servers that have the following disk configurations:
 A simple volume named C that is the System and Boot volume and is formatted NTFS
 A mounted virtual hard disk (VHD) named DATA that is formatted NTFS
 A simple volume named D that is formatted FAT32
 A simple volume named E that is formatted NTFS
 A Clustered Shared Volume (CSV)
The Paris office contains a server named PA1. The Amsterdam office contains a server named AM1.
Both servers have the following server roles installed:
 DNS Server
 DHCP Server
 Remote Access
The DNS servers are configured to use the DNS servers of the company’s Internet Service Provider (ISP) as
forwarders.
Users often work remotely. The users access the internal network by using an SSTP-based VPN connection.
Requirements
Planned Changes
The company plans to implement the following changes:
 Create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain
controllers in sales.contoso.com will run Windows Server 2012. The client computers in
sales.contoso.com will use the sales.contoso.com domain controllers as their DNS servers.
 Implement two servers in the Amsterdam office and two servers in the Paris office to
replace PA1 and AMI. These new servers will run Windows Server 2012 and will not have
shared storage.
 Decommission the research.contoso.com domain. All of the users and the Group
Policy objects (GPOs) in research.contoso.com will be migrated to contoso.com.
 Migrate the existing print queues to virtualized instances of Windows Server 2012.
 Migrate the file servers to new servers that run Windows Server 2012.
 Implement RADIUS authentication for VPN connections.
 Deploy Windows Server 2012 to all new servers.
Technical Requirements
The company identifies following technical requirements:
 All changes to Group Policies must be logged.
 Network Access Protection (NAP) policies must be managed centrally.
 Core networking services in each office must be redundant if a server fails. The possibility of IP address conflicts during the DHCP migration must be
minimized.
 A central log of the IP address leases and the users associated to those
leases must be created.
 All of the client computers must be able to resolve internal names and
internet names.
 Administrators in the Paris office need to deploy a series of desktop
restrictions to the entire company by using Group Policy.
 The new sales.contoso.com domain will contain a web application that will
access data from a Microsoft SQL Server located in the contoso.com domain. The
web application must use integrated Windows authentication. Users’ credentials
must be passed from the web applications to the SQL Server.

###EndCaseStudy###

You need to recommend which changes must be implemented to the network before you can deploy the
new web application.
What should you include in the recommendation?

A.
Change the forest functional level to Windows Server 2008 R2.

B.
Upgrade the DNS servers to Windows Server 2012.

C.
Change the functional level of both the domains to Windows Server 2008 R2.

D.
Upgrade the domain controllers to Windows Server 2012.

Explanation:
The web application is in the sales.contoso.com domain, which will have Windows Server 2012 Domain
controllers. We should therefore upgrade the other domain controller to Windows Server 2012.
Scenario:
* The new sales.contoso.com domain will contain a web application that will access data from a Microsoft
SQL Server located in the contoso.com domain. The web application must use integrated Windows
authentication. Users’ credentials must be passed from the web applications to the SQL Server.
* Planned changes include: create a child domain named sales.contoso.com. Only the domain controllers in
sales.contoso.com will host a zone for the sales.contoso.com domain. The domain controllers in
sales.contoso.com will run Windows Server 2012.



Leave a Reply 3

Your email address will not be published. Required fields are marked *


Nothanks

Nothanks

I maybe wrong, but I think this question is more pointing towards claims based authentication and delegation. Claims based since the question states:

‘…a web application that will access data from a Microsoft SQL Server located in the contoso.com domain. The
web application must use .. Users’ credentials must be passed from the web applications to the SQL Server.’

IF claims based auth is needed then I believe ‘C’ is correct. As both the root and sub domain will need at least 2008 R2 functional level to allow claims based auth.

IF claims based auth is NOT needed then I believe answer above is correct by a matter of work flow default. In short because 2012 is a company requirement for this case study.

Musings: Question does not state what should you do first and as such you can raise the domain level from 2008 without installing any 2012 boxes, but as a work flow item most would install new 2012 r2 boxes and then upgrade functional level.

Long winded rebuttal, but I agree with answer.

Franc

Franc

I think it needs to be answer C.
Explaination:

contoso.com contains the SQL database and runs on 2008R2 as all servers in contoso.com do.
sales.contoso.com will contain the sales web app and the servers in the newly created child-domain are running 2012.

what changes are needed to make the web app requirements (User credentials must be passed from the web app to the SQL DB => claims?

A) only upgrading the FFL to 2008R2 is not enough;
B) upgrade DNS to 2012 is silly;
C) upgrade FFL and DFL does the trick;
D) upgrade the domain controllers (why? in sales all are 2012 and in contoso.com it is not necessary)

So answer C would be the best and correct answer.

Rus

Rus

correct is D –
Upgrade the domain controllers to Windows Server 2012.

but correct explanation is because need to use claims. Why are you thinking that 2008R2 ffl and DFL does the trick???

Claim is Windows 2012 feature https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/windows-server-2016-functional-levels:
Windows Server 2012 domain functional level features

All default Active Directory features, all features from the Windows Server 2008R2 domain functional level, plus the following features:
The KDC support for claims, compound authentication, and Kerberos armoring KDC administrative template policy has two settings (Always provide claims and Fail unarmored authentication requests) that require Windows Server 2012 domain functional level. For more information, see What’s New in Kerberos Authentication

So I think coorect is D