You need to plan the expansion of the Los Angeles office

###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:

Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:

The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.

###EndCaseStudy###

You need to plan the expansion of the Los Angeles office.
What should you do?A. Install a read-only domain controller in Los Angeles.

###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:

Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:

The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.

###EndCaseStudy###

You need to plan the expansion of the Los Angeles office.
What should you do?A. Install a read-only domain controller in Los Angeles.

B.
Install a domain controller in Los Angeles.

C.
Create and apply a filtered attribute set to the Los Angeles site.

D.
Create and apply a Group Policy object to the Los Angeles site.

Show Hint

Leave a Reply 8

Your email address will not be published. Required fields are marked *

sdquirra

sdquirra

Due to the expantion plan, any office will have a server.
So a better choice is:

A. Install a read-only domain controller in Los Angeles

then configure the Password Replication Policy for the RODC server.

Reply

NoThanks

NoThanks

@sdquirra A) is NOT correct. RODCs store cached passwords. Client stated that Los Angeles office servers (if any) can’t contain cached passwords.

Agree with answer: D

Reply

Wei

Wei

Actually, by default RODC will cache nothing for anyone, unless you configure Password Replication Policy on its replication partner to allow it to cache password for specific account or group of accounts.

Reply

Rogue

Rogue

I’m going to agree with NoThanks. Originally I was of the same mindset as Wei and SDQuirra in that it should be an RODC. But the RODC does cache credentials. The situation states that any server in LA must not cache credentials. Since the RODC can cache creds, then a GPO to not make that happen is the correct way to go.

Agree with answer…

Reply

Saleh

Saleh

You don’t need a GPO to prevent credentials caching on RODC. Just don’t configure any PRP and you are done (aka. Leave the RODC on the default config after deployment).

So I am in favor of A.

Reply

Saleh

Saleh

Also the extra number of users specially billing staff will require some sort of better infrastructure in the office more than just a GPO…

Reply

Aberdeen Angus

Aberdeen Angus

The case study says “After the expansion, authentication must occur locally”. It also says “The Los Angeles office will be expanded to include sales and billing staff”, so I think this local authentication requirement includes LA and it needs its own DC.

As Wei said, an RODC doesn’t HAVE to cache passwords, so my vote goes for A (RODC)

Reply

senshi

senshi

Though my choice would be RODC ( since we can not cache passwords), the requirement states that they should authenticate locally. We cannot satisfy that requirement without a RWDC. Does not having any IT staff affect the choice in any way?

Reply