What should you include in the recommendation?

###BeginCaseStudy###
Topic 3, Litware, Inc
Overview
Litware, Inc., is a manufacturing company. The company has a main office and two branch offices. The main
office is located in Seattle. The branch offices are located in Los Angeles and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a child domain
for each office. The child domains are named boston.litwareinc.com and la.litwareinc.com. An Active
Directory site exists for each office.
In each domain, all of the client computer accounts reside in an organizational unit (OU) named
AllComputers and all of the user accounts reside in an OU named AllUsers.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
 Five physical Hyper-V hosts that run Windows Server 2012
 Three virtual file servers that run Windows Server 2008 R2
 One physical DHCP server that runs Windows Server 2008 R2
 Ten physical application servers that run Windows Server 2012
 One virtual IP Address Management (IPAM) server that runs Windows Server
2012
 One virtual Windows Server Update Services (WSUS) server that runs
Windows Server 2008 R2
 One physical domain controller and two virtual domain controllers that run
Windows Server 2008 R2
Each branch office has following servers:
 One virtual file server that runs Windows Server 2008 R2
 Two physical Hyper-V hosts that run Windows Server 2012
 One physical DHCP server that runs Windows Server 2008 R2
 One physical domain controller and two virtual domain controllers that run
Windows Server 2008 R2
All of the offices have a high-speed connection to the Internet. The offices connect to each other by using T1
leased lines.The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the
offices.
Requirements
Planned Changes
The company plans to implement the following changes:
 Implement the Active Directory Recycle Bin.
 Implement Network Access Protection (NAP).
 Implement Folder Redirection in the Boston office only.
 Deploy an application named Appl to all of the users in the Boston office
only.
 Migrate to IPv6 addressing on all of the servers in the Los Angeles office.
Some application servers in the Los Angeles office will have only IPv6 addresses.
Technical Requirements
The company identifies the following technical requirements:
 Minimize the amount of administrative effort whenever possible.
 Ensure that NAP with IPSec enforcement can be configured.
 Rename boston.litwareinc.com domain to bos.litwareinc.com.
 Migrate the DHCP servers from the physical servers to a virtual server that
runs Windows Server 2012.
 Ensure that the members of the Operators groups in all three domains can
manage the IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be configured as RADIUS
clients. A server that runs Windows Server 2012 will perform RADIUS authentication for all of the VPN
connections.
Visualization Requirements
The company identifies the following visualization requirements:
 Virtualize the application servers.
 Ensure that the additional domain controllers for the branch offices can be
deployed by using domain controller cloning.
 Automatically distribute the new virtual machines to Hyper-V hosts based on
the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the network:
 Deploy the new servers over the network. Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only domain
controller (RODC). Confidential attributes must not be replicated to the Chicago office.

###EndCaseStudy###

You need to recommend changes to the Active Directory environment to support the virtualization
requirements.
What should you include in the recommendation?

###BeginCaseStudy###
Topic 3, Litware, Inc
Overview
Litware, Inc., is a manufacturing company. The company has a main office and two branch offices. The main
office is located in Seattle. The branch offices are located in Los Angeles and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a child domain
for each office. The child domains are named boston.litwareinc.com and la.litwareinc.com. An Active
Directory site exists for each office.
In each domain, all of the client computer accounts reside in an organizational unit (OU) named
AllComputers and all of the user accounts reside in an OU named AllUsers.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
 Five physical Hyper-V hosts that run Windows Server 2012
 Three virtual file servers that run Windows Server 2008 R2
 One physical DHCP server that runs Windows Server 2008 R2
 Ten physical application servers that run Windows Server 2012
 One virtual IP Address Management (IPAM) server that runs Windows Server
2012
 One virtual Windows Server Update Services (WSUS) server that runs
Windows Server 2008 R2
 One physical domain controller and two virtual domain controllers that run
Windows Server 2008 R2
Each branch office has following servers:
 One virtual file server that runs Windows Server 2008 R2
 Two physical Hyper-V hosts that run Windows Server 2012
 One physical DHCP server that runs Windows Server 2008 R2
 One physical domain controller and two virtual domain controllers that run
Windows Server 2008 R2
All of the offices have a high-speed connection to the Internet. The offices connect to each other by using T1
leased lines.The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the
offices.
Requirements
Planned Changes
The company plans to implement the following changes:
 Implement the Active Directory Recycle Bin.
 Implement Network Access Protection (NAP).
 Implement Folder Redirection in the Boston office only.
 Deploy an application named Appl to all of the users in the Boston office
only.
 Migrate to IPv6 addressing on all of the servers in the Los Angeles office.
Some application servers in the Los Angeles office will have only IPv6 addresses.
Technical Requirements
The company identifies the following technical requirements:
 Minimize the amount of administrative effort whenever possible.
 Ensure that NAP with IPSec enforcement can be configured.
 Rename boston.litwareinc.com domain to bos.litwareinc.com.
 Migrate the DHCP servers from the physical servers to a virtual server that
runs Windows Server 2012.
 Ensure that the members of the Operators groups in all three domains can
manage the IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be configured as RADIUS
clients. A server that runs Windows Server 2012 will perform RADIUS authentication for all of the VPN
connections.
Visualization Requirements
The company identifies the following visualization requirements:
 Virtualize the application servers.
 Ensure that the additional domain controllers for the branch offices can be
deployed by using domain controller cloning.
 Automatically distribute the new virtual machines to Hyper-V hosts based on
the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the network:
 Deploy the new servers over the network. Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only domain
controller (RODC). Confidential attributes must not be replicated to the Chicago office.

###EndCaseStudy###

You need to recommend changes to the Active Directory environment to support the virtualization
requirements.
What should you include in the recommendation?

A.
Raise the functional level of the domain and the forest.

B.
Upgrade the domain controller that has the domain naming master role to Windows Server 2012.

C.
Implement Administrator Role Separation.

D.
Upgrade the domain controllers that have the PDC emulator master role to Windows Server 2012.

Explanation:
* From case study: Ensure that the additional domain controllers for the branch offices can be deployed by
using domain controller cloning.
* To support DC cloning the PDC emulator role holder must be online and available to the cloned DC and
must be running Windows Server 2012.
Virtual Domain Controller Cloning in Windows Server 2012
https://blogs.technet.microsoft.com/askpfeplat/2012/10/01/virtual-domain-controller-cloning-in-windowsserver-2012/



Leave a Reply 3

Your email address will not be published. Required fields are marked *


NoThanks

NoThanks

Agree. Technically speaking PDC role needs to be on a virtual 2012 server or higher to work with a AD schema version of 56, which mandates a domain functional level of 2012. Lastly the Virtualization host platform has to support VM-Generation ID (VMGID). Forest functional level can be as low as 2003 and still allow for DC cloning given that the above requirements are met.

Thoughts:
Although, technically to support other client’s request of AD recycle bin the domain & forest functional levels should be raised to at least 2008 r2 so why not just raise them to 2012 r2?