Which cmdlets should you run?

###BeginCaseStudy###
Topic 4, Northwind Traders
Overview
Northwind Traders is a retail company.
The company has offices in Montreal and San Diego. The office in Montreal has 1,000 client computers. The
office in San Diego has 100 computers. The computers in the San Diego office are often replaced. The offices
connect to each other by using a slow WAN link. Each office connects directly to the Internet.
Existing Environment
Active Directory Environment
The network contains an Active Directory forest named northwindtraders.com. The forest contains two
domains named northwindtraders.com and west.northwindtraders.com. All servers run Windows Server
2012 R2.
All client computers run Windows 7.
Each office is configured as an Active Directory site. The site in the Montreal office is named Site1. The site in
the San Diego office is named Site2.
The forest contains four domain controllers. The domain controllers are configured as shown in the following
table.

DC1, DC2, and DC3 are writable domain controllers. R0DC1 is read-only domain controller (RODC). All DNS
zones are Active Directory-integrated. All zones replicate to all of the domain controllers.
All of the computers in the San Diego office are configured to use RODC1 as their only DNS server.
The northwindtraders.com domain contains a Group Policy object (GPO) named GPO1. GP01 is applied to all
of the users in the Montreal office.
All of the user accounts for the Montreal users are in the northwindtraders.com domain. All of the user
accounts for the San Diego users are in the west.northwindtraders.com domain.
Network Environment
Site1 contains the member servers in the northwindtraders.com domain shown in the following table.

Server1 connects to SAN storage that supports Offloaded Data Transfer (ODX). All virtual hard disks (VHDs)
are stored on the SAN.
A web application named App1 is installed on Servers.
Server3 has a shared folder that contains sales reports. The sales reports are read frequently by the users in
both offices. The reports are generated automatically once per week by an enterprise resource planning
(ERP) system.
A perimeter network in the Montreal office contains two standalone servers. The servers are configured as
shown in the following table.

The servers in the perimeter network are accessible from the Internet by using a domain name suffix of
public.northwindtraders.com.
Each administrator has a management computer that runs Windows 8.1.
Requirements
Planned Changes
Northwind Traders plans to implement the following changes:

On Server1, create four virtual machines that run Windows Server 2012 R2. The servers will be configured as
shown in the following table.

 Configure IP routing between Site1 and the network services that Northwind
Traders hosts in Windows Azure.
 Place a domain controller for the northwindtraders.com domain in Windows
Azure.
 Upgrade all of the computers in the Montreal office to Windows 8.1.
 Purchase a subscription to Microsoft Office 365.
 Configure a web application proxy on Server6.
 Configure integration between VMM and IPAM.
 Apply GPO1 to all of the San Diego users.
 Connect Site1 to Windows Azure.
Technical Requirements
Northwind Traders must meet the following technical requirements:
 All virtual machines must use ODX.
 Users must be able to access App1 from the Internet.
 GPO1 must not be applied to computers that run Windows 8.1.
 All DNS zones must replicate only to DC1, DC2, and DC3.
 All computers must be able to resolve names by using a local DNS server.
 If a WAN link fails, users must be able to access all of the sales reports.
 The credentials for accessing Windows Azure must be permanently stored.
 The on-premises network must be connected to Windows Azure by using
Server4.
 The administrators must be able to manage Windows Azure by using
Windows PowerShell.
 The number of servers and services deployed in the San Diego office must
be minimized.
 Active Directory queries for the objects in the forest must not generate WAN
traffic, whenever possible.
Security Requirements
Northwind Traders identifies the following security requirements:
 Ensure that all DNS zone data is encrypted when it is replicated.
 Minimize the number of permissions assigned to users and administrators,
whenever possible. Prevent an Active Directory Domain Services (AD DS) attribute
named SSNumber from replicating to Site2. Ensure that users can use their northwindtraders.com user account to access
the resources hosted in Office 365.
 Prevent administrators from being required to re-enter their credentials
when they manage Windows Azure from approved management computers.

###EndCaseStudy###

You need to implement a solution for DNS replication.
Which cmdlets should you run?

A.
Set-DnsServer and Invoke-DnsServerZoneSign

B.
ConvertTo-DnsServerPrimaryZone and Register-DnsServerDirectoryPartition

C.
UnRegister-DnsServerDirectoryPartition and Add-DnsServerForwarder

D.
Set-DnsServerDnsSecZoneSetting and Invoke-DnsServerZoneSign

Explanation:
Currently DNS zones are replicated to all Domain Controllers, but they should only replicate only to DC1, DC2,
and DC3. We can unregister other DNS servers (RODC1) with the help of UnRegisterDnsServerDirectoryPartition cmdlet, which deregisters a Domain Name System (DNS) server from a specified
DNS application directory partition.
RODC1 is still used as a DNS server, but does not receive zone replication, but it should still function as a DNS
server as all computers need to resolve names by using a local DNS server. We configure RODC1 to forward
DNS requests to DC1, DC2 or DC3 with the help of the Add-DnsServerForwarder command.
* Scenario. Technical Requirement related to DNS:
Ensure that all DNS zone data is encrypted when it is replicated
All computers must be able to resolve names by using a local DNS server
All DNS zones must replicate only to DC1, DC2, and DC3
UnRegister-DnsServerDirectoryPartition, Add-DnsServerForwarder