What should you recommend changes for the Active Directory infrastructure.?

###BeginCaseStudy###
Topic 2, Proseware, Inc
Overview
General Overview
Proseware, Inc. is a pharmaceutical services company that has a sales department, a marketing department,
an operations department, and a human resources department.
Physical Locations
Proseware has two main offices. One of the offices is located in New York. The other office is located in
Chicago. The New York office uses a 172.16.1.0/24 network ID. The Chicago office uses a 192.168.1.0/24
network ID.The offices connect to each other by using a high-bandwidth, low-latency WAN link. Each office connects
directly to the Internet.
Existing Environment
The network contains an Active Directory forest named proseware.com. The forest contains two domains
named proseware.com and chicago.proseware.com. All of the user accounts and the computer accounts in
the New York office reside in the proseware.com domain. All of the user accounts and the computer
accounts in the Chicago office reside in the chicago.proseware.com domain. All DNS zones are ActiveDirectory-integrated.
Each office is configured as an Active Directory site. The network ID for each office is associated to the
appropriate site.
Each office contains two domain controllers. The domain controllers were recently upgraded from Windows
Server 2008 R2 to Windows Server 2012 R2. The functional level of the domain and the forest is Windows
Server 2003.
The company uses Active Directory user attributes to store the personal information of its employees in
custom attributes.
Existing Servers
The relevant servers are configured as shown in the following table.

All servers run Windows Server 2012 R2.
DC01 has an IPv4 scope. The starting IP address in the range is 172.16.1.100 and the ending address is
172.16.1.199.
DC03 has an IP4v scope. The starting IP address in the range is 192.168.1.100 and the ending IP address is
192.168.1.199. There are no exclusion ranges configured on DC01 or DC03.
Requirements
Planned Changes
Proseware plans to implement the following changes:
 Deploy a read-only domain controller (RODC) to the London office.
 Give users remote access to both offices by using a VPN connection from their
laptop or tablet.
 If DC01 fails, ensure that the computers in the New York office can receive IP
addresses within 30 minutes.
 In the New York site, deploy two 50-TB, Fibre Channel SAN disk arrays. Offloaded
Data Transfer (ODX) will be used on both storage arrays. The Hyper-V hosts will use the new
SANs for virtual machine storage.
 Open three additional offices in Montreal, Atlanta, and London. The offices will
connect to each other by using a high-bandwidth, low-latency WAN link. Each office will
connect directly to the Internet.
 For legal reasons, the Montreal site will have its own forest named
montreal.proseware.com.
 The Montreal and Atlanta offices will have local IT administrators to manage the
network infrastructure of their respective office. The London office will not have a local IT
staff. Each office will have approximately 50 client computers.
Technical Requirements
Proseware identifies the following technical requirements:
 Users in the Montreal office must only be allowed to access shares that are located
on File01 and File02. The Montreal users must be prevented from accessing any other
servers in the proseware.com forest regardless of the permissions on the resources,
 Users in the New York office must be able to reconnect to the remote access VPN
servers automatically. Users in the Chicago office must use SSL to connect to the remote
access VPN servers.
 Domain controllers that run Windows Server 2012 R2 and Windows Server 2008 R2
must be able to be deployed to the proseware.com domain.
 Administrators in the New York office must be able to restore objects from the Active
Directory Recycle Bin. The DNS servers must be prevented from overwriting the existing DNS entries that
have been stored in cache.
 Each DNS server must be managed by an administrator from the same office as the
DNS server.
 The required time to create new fixed virtual hard disks (VHDs) on the SANs must be
minimized.
 The remote access servers must be able to restrict outgoing traffic based on IP
addresses.
 All certificates must be deployed to all of the client computers by using autoenrollment.
 All of the DHCP Server server roles must be installed on a domain controller.
 Only one DHCP server in each site must lease IP addresses at any given time.
 DHCP traffic must not cross site boundaries.
 RODCs must not contain personal user information.

###EndCaseStudy###

DRAG DROP
You need to recommend changes for the Active Directory infrastructure.
What should you recommend? To answer, drag the appropriate domain and forest functional levels for
proseware.com to the correct locations. Each functional level may be used once, more than once, or not at
all. You may need to drag the split bar between panes or scroll to view content.

###BeginCaseStudy###
Topic 2, Proseware, Inc
Overview
General Overview
Proseware, Inc. is a pharmaceutical services company that has a sales department, a marketing department,
an operations department, and a human resources department.
Physical Locations
Proseware has two main offices. One of the offices is located in New York. The other office is located in
Chicago. The New York office uses a 172.16.1.0/24 network ID. The Chicago office uses a 192.168.1.0/24
network ID.The offices connect to each other by using a high-bandwidth, low-latency WAN link. Each office connects
directly to the Internet.
Existing Environment
The network contains an Active Directory forest named proseware.com. The forest contains two domains
named proseware.com and chicago.proseware.com. All of the user accounts and the computer accounts in
the New York office reside in the proseware.com domain. All of the user accounts and the computer
accounts in the Chicago office reside in the chicago.proseware.com domain. All DNS zones are ActiveDirectory-integrated.
Each office is configured as an Active Directory site. The network ID for each office is associated to the
appropriate site.
Each office contains two domain controllers. The domain controllers were recently upgraded from Windows
Server 2008 R2 to Windows Server 2012 R2. The functional level of the domain and the forest is Windows
Server 2003.
The company uses Active Directory user attributes to store the personal information of its employees in
custom attributes.
Existing Servers
The relevant servers are configured as shown in the following table.

All servers run Windows Server 2012 R2.
DC01 has an IPv4 scope. The starting IP address in the range is 172.16.1.100 and the ending address is
172.16.1.199.
DC03 has an IP4v scope. The starting IP address in the range is 192.168.1.100 and the ending IP address is
192.168.1.199. There are no exclusion ranges configured on DC01 or DC03.
Requirements
Planned Changes
Proseware plans to implement the following changes:
 Deploy a read-only domain controller (RODC) to the London office.
 Give users remote access to both offices by using a VPN connection from their
laptop or tablet.
 If DC01 fails, ensure that the computers in the New York office can receive IP
addresses within 30 minutes.
 In the New York site, deploy two 50-TB, Fibre Channel SAN disk arrays. Offloaded
Data Transfer (ODX) will be used on both storage arrays. The Hyper-V hosts will use the new
SANs for virtual machine storage.
 Open three additional offices in Montreal, Atlanta, and London. The offices will
connect to each other by using a high-bandwidth, low-latency WAN link. Each office will
connect directly to the Internet.
 For legal reasons, the Montreal site will have its own forest named
montreal.proseware.com.
 The Montreal and Atlanta offices will have local IT administrators to manage the
network infrastructure of their respective office. The London office will not have a local IT
staff. Each office will have approximately 50 client computers.
Technical Requirements
Proseware identifies the following technical requirements:
 Users in the Montreal office must only be allowed to access shares that are located
on File01 and File02. The Montreal users must be prevented from accessing any other
servers in the proseware.com forest regardless of the permissions on the resources,
 Users in the New York office must be able to reconnect to the remote access VPN
servers automatically. Users in the Chicago office must use SSL to connect to the remote
access VPN servers.
 Domain controllers that run Windows Server 2012 R2 and Windows Server 2008 R2
must be able to be deployed to the proseware.com domain.
 Administrators in the New York office must be able to restore objects from the Active
Directory Recycle Bin. The DNS servers must be prevented from overwriting the existing DNS entries that
have been stored in cache.
 Each DNS server must be managed by an administrator from the same office as the
DNS server.
 The required time to create new fixed virtual hard disks (VHDs) on the SANs must be
minimized.
 The remote access servers must be able to restrict outgoing traffic based on IP
addresses.
 All certificates must be deployed to all of the client computers by using autoenrollment.
 All of the DHCP Server server roles must be installed on a domain controller.
 Only one DHCP server in each site must lease IP addresses at any given time.
 DHCP traffic must not cross site boundaries.
 RODCs must not contain personal user information.

###EndCaseStudy###

DRAG DROP
You need to recommend changes for the Active Directory infrastructure.
What should you recommend? To answer, drag the appropriate domain and forest functional levels for
proseware.com to the correct locations. Each functional level may be used once, more than once, or not at
all. You may need to drag the split bar between panes or scroll to view content.

Answer:

Explanation:
From the scenario we have that Domain controllers that run Windows Server 2012 R2 and Windows Server
2008 R2 must be able to be deployed to the proseware.com domain. We should therefore set both domain
functional level and forest functional level to Windows Server 2008 R2.
Box 1: Windows Server 2008 R2
We can set the domain functional level for proseware.com to Windows Server 2008 R2 as only Domain
controllers that run Windows Server 2012 R2 and Windows Server 2008 R2 must be able to be deployed to
the proseware.com domain.
Box 2: Windows Server 2008 R2
As we cannot set the domain functional level to a value that is lower than the forest functional level we
should set the forest function level to Windows Server 2008 R2 as well.
Understanding Active Directory Domain Services (AD DS) Functional Levels
https://technet.microsoft.com/library/understanding-active-directory-functional-levels(WS.10).aspx



Leave a Reply 1

Your email address will not be published. Required fields are marked *


NoThanks

NoThanks

Agree.

2008 R2 is needed for client requirement of AD Recycle bin.

Can’t go higher than 2008 R2 due to client requirement to be able to install new Domain controllers that are 2008 r2 and 2012 r2. Once functional level is raised to 2012 r2 in the domain you can’t install DCs that are any lower than 2012 r2.