###BeginCaseStudy###
Topic 5, Alpine Ski
Overview
Alpine Ski House provides vacation travel accommodations. Its main office is in Vancouver. Alpine Ski House
also has branch offices in Montreal, Denver, and New York.
An additional sales office is located in Los Angeles. This office has client devices only.
All servers in each office run Windows Server 2012 R2. All client devices in each office run Windows 8.1.
Alpine Ski House plans to acquire another company named Margie’s Travel. Margies Travel has an AD DS
domain named margiestravel.com.
Danner and New York
The Denver and New York offices have their own child domain named us.alpineskihouse.com. The domain
controllers are displayed in the following table:
Vancouver and Montreal
Alpine Ski House has an Active Directory Domain Services (AD DS) domain named aplineskihouse.com for the
Vancouver and Montreal offices. The forest and domain functional levels are set to Windows Server 2008.
The domain controllers in the domain contain Dynamic Host Configuration Protocol (DHCP) servers and DNS
servers. The domain controllers are displayed in the following table:
The Vancouver office also has a certification authority (CA) installed on a server named ALP-CA01.
Business Requirements
Growth
An additional branch office is planned in an extremely remote, mountainous location that does not have
traditional access to the Internet.
The remote branch office location will use a high-latency, low-bandwidth satellite connection to the Denver
and Vancouver offices.
The Los Angeles office will be expanded to include sales and billing staff. The Los Angeles location will not
contain IT staff.
File Management
Currently, each office has a dedicated file share that is hosted on a domain controller. The company plans to
implement a new file sharing capability to synchronize data between offices and to maximize performance
for locating files that are saved in a different branch office. Sales users in the Los Angeles office must also be
able to retrieve file data from each branch office.
Recovery time objective
The business requires that the data stored in AD DS must be recovered within an hour. This data includes
user accounts, computer accounts, groups, and other objects. Any customized attributes must also be
recovered. The current backup solution uses a tape drive, which requires a minimum of two hours between
notification and recovery.Office 365
Alpine Ski House purchased Office 365 Enterprise E3 licenses for all users in the organization.
Technical Requirements
Existing environment
Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An
administrator determines that users in the Montreal location occasionally authenticate to a domain
controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.
Growth
The remote branch office must have a single domain controller named REMOTEDC01.us.aplineskihouse.com.
The replication between domains must either use best-effort or low-cost replication. After the expansion,
authentication must occur locally.
Any server placed in the Los Angeles office must not contain cached passwords.
File management
Where possible, the new file management solution must be centralized. If supported, the data must be
stored in a single location in each branch office.
Acquisition
After acquiring Margie’s Travel, all AD DS objects, including user account passwords, must be a migrated to
the alpineskihouse.com domain. Alpine Ski House plans to use the Active Directory Migration Tool (ADMT) to
complete the migration process.
The password complexity requirements for the margiestravel.com domain are unknown. Users should not be
forced to change their passwords after migrating their user accounts. Some computer objects will be
renamed during the migration.
Office 365
Alpine Ski House must use Microsoft Azure to facilitate directory synchronization (DirSync) with Office 365.
The DirSync utility must be installed on a virtual machine in Microsoft Azure.
###EndCaseStudy###
DRAG DROP
You need to resolve the Apline Ski House authentication issue.
Which objects should you create? To answer, drag the appropriate object to the correct office.
Answer: See the explanation
Explanation:
Vancouver – Domain trust
Montreal – Active Directory Domain Services IP site link
What application issue? I don’t understand this question at all…
I would guess it refers to:
“Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An administrator determines that users in the Montreal location occasionally authenticate to a domain controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the same location as the client device that is being authenticated.”
Since this is the only thing I’d call an ‘authentication issue’.
My thoughts (not an answer):
My guess would be that we’d need to place the Montreal subnet (192.168.10.0/24) in the right site. That would be done in Sites and Services, which is not available in the answers.
Assuming there’s a high speed link between Vancouver and Montreal, we wouldn’t need an SMTP link either.
Could we use a DC locator? Maybe, but that would be DNS, which is not an option.
A domain trust seems wrong, since Vancouver and Montreal are in the same domain, so a trust wouldn’t help anything. Not to mention I wonder how a trust would help this issue.
So, a GPO and a site-link?
Honestly, I’m at a loss…
FIRST: Authentication issues…. that is the question.
Clearly there is an authentication issues here when people in the Montreal office are authenticating off Domain Controllers in the Vancouver office. That is a “Sites and Subnets” issue.
Next we have 2 possible issues but the QUESTION is on Authentication.
Margie’s Travel is going to be acquired. That would be a “Domain Trust” for Authentication and the migration. But that isn’t highlighted in the scenario. I believe this is a red herring.
A GPO won’t do much in terms of Authentication in this scenario.
That makes the answer SMTP Site Link for the “extremely remote” location – I know replication isn’t an authentication issue. Read the “Growth” section: The replication between domains must either use best-effort or low-cost replication. After the expansion AUTHENTICATION MUST OCCUR LOCALLY. That remote site only connects to Denver and Vancouver. We have now isolated the Montreal issue and segregated the “Vancouver Authentication issue”. Poor connection = SMTP Site Link.
Quick recap:
Vancouver = SMTP Site Link
Montreal = Sites and Subnets
its a new question on my exam.
This is a very tricky one.
“Users in the Montreal office of Alpine Ski House report slow times to log on to their devices. An administrator determines that users in the Montreal location occasionally authenticate to a domain controller with an IP address of 172.16.0.10/24. All authentication requests must first be attempted in the
same location as the client device that is being authenticated.”
This must be SITES AND SUBNETS. Clients will always contact dc in the same site unless sites and subnes are configure wrong. GPO cannot be answer here because you use gpo to configure dc locator only when you want to configure authentication to closest site if dc in current site is not available.
Vancouver : Here I think that answer is smtp site link as well
I think there is no site and subnet for this site for Montreal.
So in Montreal we create site and subnet for this site
In Vancouver we create IP site link for this new site