In this section, you’ll see one or more sets of questions with the same scenario and problem. Each
question presents a unique solution to the problem, and you must determine whether the solution
meets the stated goals Any of the solutions might solve the problem. It is also possible that none
of the solutions solve the problem. Once you answer a question in this section, you will NOT be
able to return to it. As a result, these questions will not appear in the review screen.
Note: This question is part of a series of questions that present the same scenario. Each
question in the series contains a unique solution Determine whether the solution meets the
stated goals.
Your network contains an Active Directory forest named contoso.com. The forest contains a
member server named Server1 that runs Windows Server 2016. All domain controllers run
Windows Server 2012 R2. contoso.com has the following configuration.
You plan to deploy an Active Directory Federation Services (AD FS) farm on Server1 and to
configure device registration. You need to configure Active Directory to support the planned
deployment. Solution: You raise the domain functional level to Windows Server 2012 R2. Does this
meet the goal?
A.
Yes
B.
No
I think the right answer is no –> B
There is a Windows Server 2016 and to allow Device Registration for Win10 and Server 2016 it is a requirement to have a 2016 Domain Controller.
Answer: B.
Schema requirements
New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85).
Raising the AD FS farm behavior level (FBL) to the 2016 level requires the Active Directory 2016 schema (minimum version 85).
source: https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/overview/ad-fs-2016-requirements#BKMK_4
A?
This Doc; Configure a federation server with Device Registration Service https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service
States: Your Active Directory forest must have the Windows Server 2012 R2 schema
But to raise DFL to 2012 R2, 2012 R2 schema update must already be in place.
Additionally, while this doc states: https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/overview/ad-fs-2016-requirements
Schema requirements
•New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85).
•Raising the AD FS farm behavior level (FBL) to the 2016 level requires the Active Directory 2016 schema (minimum version 85).
You can have 2016 schema update in place on the 2012 Domain
so I say A.
Hi dermot,
The next question I came across had the same environment and goal, but a different “solution” (You run adprep.exe from a Windows Server 2016 installation media. Does this meet the goal?” And the correct answer to that was “no”, and the reason/explanation is that Adprep just prepares the domain for a Windows Server 2016 (it extends the schema in the process), but it does not actually raise the domain function level to Windows Server 2016, which is required for Device Registration.
So from the above I make the assumption that upgrading the schema to 2016 alone is not good enough to deploy an AD FS farm and enable device registration for Server1 (A Server 2016 O/S) in this particular question, so the answer should by B: No.
Any further assistance or corrections to my assumption more than welcome.
Thanks,
Reinhard
Domain controller requirements
– AD FS requires Domain controllers running Windows Server 2008 or later.
– At least one Windows Server 2016 domain controller is required for Microsoft Passport for Work.
Domain functional-level requirements
– All user account domains and the domain to which the AD FS servers are joined must be operating at the domain functional level of Windows Server 2003 or higher.
– A Windows Server 2008 domain functional level or higher is required for client certificate authentication if the certificate is explicitly mapped to a user’s account in AD DS.
Schema requirements
– New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85).
– Raising the AD FS farm behavior level (FBL) to the 2016 level requires the Active Directory 2016 schema (minimum version 85).
THE ANSWER IS B. NO
https://technet.microsoft.com/en-us/windows-server-docs/identity/ad-fs/overview/ad-fs-2016-requirements#BKMK_4
I agree with Dermot. Windows 2016 work in mixed mode in a 2012 farm. Device registration already exists in 2012 ADFS
It’s difficult to find the good answer for this question. Raise the domain functional level to Windows Server 2012 R2 doesn’t means the AD schema was in 2016 version 85. We have a 2016 server but it’s only a member server. So i think the answer is B.
Answer: B. No
To use Device Registration Service (previously known as ‘Workplace Join’) functionality, the schema of the forest that the AD FS servers are joined to must be set to Windows Server 2012 R2. I.e., the Forest Functional Level MUST be Windows Server 2012 R2 or higher.
Note that is is possible to set the Domain Functional Level to a value that is higher than the Forest Functional Level, so in this case, the DFL is Windows Server 2012 R2, but the FFL is still Windows Server 2008 R2.
I agree on answer B as stated by Tetra.
The answer only states to raise de DFL to 2012R2 (which can be done). However the FFL is still indeed 2008R2. So it’s still not complying to the requirements.
Actually you can add Windows 2016 ADFS server to Windows server 2012 Domain Functional Level, but it will work on Windows 2012 R2 FBL.Thats called mixed farm.
Only if you want to use new features from ADFS on Windows server 2016, you need to raise not only DFL, but also FFL too. In that case you need atleast one Windows 2016 domain controller.
” A Windows Server 2016 AD FS server can be added to a Windows Server 2012 R2 farm and it will operate at the same FBL as a Windows Server 2012 R2. When you have a Windows Server 2016 AD FS server operating in this fashion, your farm is said to be “mixed”. However, you will not be able to take advantage of the new Windows Server 2016 features until the FBL is raised to Windows Server 2016. With a mixed farm.”
So I think the answer is A.
Work Place = Windows server 2012
Devise Registration = Windows Server 2016
In this question we want to install a new Farm –>> A is Correct
**************
Moving from AD FS in Windows Server 2012 R2 to AD FS in Windows Server 2016 is easier
**************
Previously, migrating to a new version of AD FS required exporting configuration from the old farm and importing to a brand new, parallel farm.
Now, moving from AD FS on Windows Server 2012 R2 to AD FS on Windows Server 2016 has become much easier. Simply add a new Windows Server 2016 server to a Windows Server 2012 R2 farm, and the farm will act at the Windows Server 2012 R2 farm behavior level, so it looks and behaves just like a Windows Server 2012 R2 farm.
Then, add new Windows Server 2016 servers to the farm, verify the functionality and remove the older servers from the load balancer. Once all farm nodes are running Windows Server 2016, you are ready to upgrade the farm behavior level to 2016 and begin using the new features.
I believe the answer id A) yes
New in AD FS for Windows Server 2016 is the farm behavior level feature (FBL). This features is farm wide and determines the features that the AD FS farm can use. By default, the FBL in a Windows Server 2012 R2 AD FS farm is at the Windows Server 2012 R2 FBL.
A Windows Server 2016 AD FS server can be added to a Windows Server 2012 R2 farm and it will operate at the same FBL as a Windows Server 2012 R2. When you have a Windows Server 2016 AD FS server operating in this fashion, your farm is said to be “mixed”. However, you will not be able to take advantage of the new Windows Server 2016 features until the FBL is raised to Windows Server 2016. With a mixed farm:
Administrators can add new, Windows Server 2016 federation servers to an existing Windows Server 2012 R2 farm. As a result, the farm is in “mixed mode” and operates the Windows Server 2012 R2 farm behavior level. To ensure consistent behavior across the farm, new Windows Server 2016 features cannot be configured or used in this mode.
Configure a federation server with Device Registration Service
Prepare your Active Directory forest to support devices
Note
This is a one-time operation that you must run to prepare your Active Directory forest to support devices. You must be logged on with enterprise administrator permissions and your Active Directory forest must have the Windows Server 2012 R2 schema to complete this procedure. Additionally, DRS requires that you have at least one global catalog server in your forest root domain.
Additionally, DRS requires that you have at least one global catalog server in your forest root domain. The global catalog server is required in order to run Initialize-ADDeviceRegistration and during AD FS authentication. AD FS initializes an in-memory representation of the DRS config object on each authentication request and if the DRS config object cannot be found on a DC in the current domain, the request is attempted against the GC on which the DRS objects were provisioned during Initialize-ADDeviceRegistration.
https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/configure-a-federation-server-with-device-registration-service
After further research it looks like devicewill make the answer B)no
I think the biggest confusion comes from the fact people think you need to raise the FFL/DFL to 2012 R2 in order for Device Registration to work. According to article https://technet.microsoft.com/en-us/library/dn550982(v=ws.11).aspx:
“You do not need a domain controller running Windows Server 2012 R2 for this solution. All you need is a schema update from your current AD DS installation. You can update the schema on existing domain controllers without installing a domain controller that runs Windows Server 2012 R2 by Running Adprep.exe.”
According to information from question:
1. All domain controllers run Windows Server 2012 R2. (Schema has been extended to Windows Server 2012 R2 in the process of installing the DCs).
2. The forest contains a member server named Server1 that runs Windows Server 2016. (This will be the future ADFS server).
Device Registration requirements:
1. Active Directory forest must have the Windows Server 2012 R2 schema.
2. DRS requires that you have at least one global catalog server in your forest root domain.
ADFS 2016 requirements:
1. AD FS requires Domain controllers running Windows Server 2008 or later. (Already present).
2. At least one Windows Server 2016 domain controller is required for Microsoft Passport for Work. (We do not need MS Passport for Work).
3. All user account domains and the domain to which the AD FS servers are joined must be operating at the domain functional level of Windows Server 2003 or higher. (Already present).
3. A Windows Server 2008 domain functional level or higher is required for client certificate authentication if the certificate is explicitly mapped to a user’s account in AD DS. (Already available).
4. New installations of AD FS 2016 require the Active Directory 2016 schema (minimum version 85). (Not present, should be considered).
5. Raising the AD FS farm behavior level (FBL) to the 2016 level requires the Active Directory 2016 schema (minimum version 85). (Not present, should be considered).
Conclusion:
In order to deploy ADFS 2016 with Device Registration you will need:
1. AD schema extended to Active Directory 2016 (minimum version 85). (Required)
2. Domain Controllers should be 2016 only if you need MS Passport for Work. (Optional)
3. A Windows Server 2008 domain functional level or higher is required for client certificate authentication if the certificate is explicitly mapped to a user’s account in AD DS. (Optional)
Answer:
NO. Raising the DFL to 2012R2 will not be sufficient to implement ADFS 2016, because it requires AD schema to be extended to Active Directory 2016 (minimum version 85).
Answer –> B
I tested this in my LAB.
1. Installed a Windows 2012R2 DC with Forest and Domain mode Windows 2008R2.
2. Installed A Windows 2016 member server
3. Configured AD FS. (This is still working).
4. When I try to enable device registration with the Powershell command Initialize-ADDeviceRegistration I get the following error:
Initialize-ADDeviceRegistration : Active Directory schema needs to be upgraded to Windows Server 2016 before the
federation service can be installed.
At line:1 char:1
+ Initialize-ADDeviceRegistration
Yes, but you can upgrade the schema at this point without raise the FFL.
So A is correct
Tough question. As I understand, 1) Raising the domain functional level would not be sufficient enough, because the forest functional level must also be raised in order to support Device Registration and 2) The first server in the ADFS Farm, as indicated in the question, will be running Server 2016. There are no DCs running Server 2016, so the schema will have to be extended first (either running ADPrep or just promoting a new Server 2016 DC) before you can complete this config.
So I say B) No
Also, you do not need to raise the domain functional level because the schema has already been extended to 2012 R2 since the domain controllers are 2012 R2. ADPrep.exe runs automatically on 2012 R2 during the promotion process. So the solution to raise the domain functional level accomplishes nothing, when really ADprep needs to be run from 2016 installation media to support ADFS 2016
New MCSA (Server 2016) 70-743 Exam Questions Updated Recently (1/Dec/2017):
NEW QUESTION 154
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After you answer a question in this sections, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory domain named contoso.com. You need to create a Nano Server image named Nano1 that will be used as a virtualization host. The Windows Server 2016 source files are located in Drive D.
Solution: You run the following cmdlet:
New-NanoServerImage -Edition Datacenter -DeploymentType Host -Package Microsoft-NanoServer-SCVMM-Package -MediaPath D:\ -TargetPath C:\Nano1\Nano1.wim -ComputerName Nano1 -Domainname contoso.com
Does this meet the goal?
A. Yes
B. No
Answer: A
NEW QUESTION 155
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server. Server1 is configured to allow domain users to establish VPN connections from 06:00 to 18:00 everyday of the week. You need to ensure that domain users can establish VPN connections only between Monday and Friday.
Solution: From Routing and Remote Access, you configure the Properties of Server1.
Does this meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 156
Your network contains three subnets, a production subnet that contains production servers, a development network that contains development servers, and a client network that contains client computers. The development network is used to test applications and reproduces servers that are located on the production network. The development network and the production network use the same IP address range. A developer has a client computer on the client network. The developer reports that when he attempts to connect to the IP address 10.10.1.6 from his computer, he connects to a server on the production network. You need to ensure that when the developer connects to 10.10.1.6, he connects to a sever on the development network. Which cmdlet should you use?
A. New-NetNeighbor
B. New-NetRoute
C. Set-NetTcpSetting
D. Set-NetNeighbir
Answer: B
NEW QUESTION 157
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin. The London site contains a web server named Web1 that runs Windows Server 2016. You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.
Solution: You install the DFS Replication role service, and then you start the Network Connections service.
Does this meet the goal?
A. Yes
B. No
Answer: A
NEW QUESTION 158
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin. The London site contains a web server named Web1 that runs Windows Server 2016. You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.
Solution: You install the BranchCache feature, and then you start the BranchCache service.
Does this meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 159
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. The forest has three sites located in London, Paris and Berlin. The London site contains a web server named Web1 that runs Windows Server 2016. You need to configure Web1 as an HTTP content server for the hosted cache servers located in the Paris and Berlin sites.
Solution: You install the Deployment Server role service, and then you restart the World Wide Web Publishing Service.
Does this meet the goal?
A. Yes
B. No
Answer: A
NEW QUESTION 160
You are implementing a new network. The network contains a DHCP server named DHCP1 that runs Windows Server 2016. DHCP1 contains a scope named Scope1 for the 192.168.0/24 subnet. Your company has the following policy for allocating IP addresses:
– All server addresses must be excluded from DHCP scopes.
– All client computer must receive IP addresses from Scope1.
– All Windows servers must have IP addresses in the range of 192.168.0.200 to 192.168.0.240.
– All other network devices must have IP addresses in the range of 192.168.0.180 to 192.168.0.199.
You deploy a print device named Print1. You need to ensure that Print1 adheres to the policy for allocating IP addresses. Which command should you use?
A. Add-DhcpServerv4Lease
B. Add-DhcpServerv4ExclusionRange
C. Add-DhcpServerv4Filter
D. Add-DhcpServerv4Reservation
Answer: B
NEW QUESTION 161
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution. After your answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory forest named contoso.com. You need to identify which server is the schema master.
Solution: From Windows PowerShell, you run Get-ADDomainController -Discover -Service 2 cmdlet.
Does this meet the goal?
A. Yes
B. No
Answer: B
NEW QUESTION 162
You have a Scale-Out File Server that has a share named Share1. Share1 contains a virtual disk file named Disk1.vhd. You plan to create a guest failover cluster. You need to ensure that you can use the virtual disk as a shared virtual disk for the gust failover cluster. Which cmdlet should you use?
A. Optimize VHD
B. Optimize VHDSet
C. Convert-VHD
D. Set-VHD
Answer: A
NEW QUESTION 163
You plan to deploy several Hyper-V hosts that run Windows Server 2016. The deployment will use Software Defined Networking (SDN) and VXLAN. Which server role should you install on the network to support the planned deployment?
A. Network Controller
B. Network Policy and Access Services
C. Remote Access
D. Host Guardian Service
Answer: D
NEW QUESTION 164
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some questions sets might have more than one correct solutions, while others might not have a correct solution. After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You have a server named Server1 that runs Windows Server 2016. Server1 is configured as a VPN server. Server1 is configured to allow domain users to establish VPN connections from 06:00 to 18:00 everyday of the week. You need to ensure that domain users can establish VPN connections only between Monday and Friday.
Solution: From Network Policy Server, you modify the Network Policies on Server1.
Does this meet the goal?
A. Yes
B. No
Answer: A
NEW QUESTION 165
……
P.S. These New 70-743 Exam Questions Were Just Updated From The Real 70-743 Exam, You Can Get The Newest 70-743 Dumps In PDF And VCE From — https://www.passleader.com/70-743.html (187q VCE and PDF)
Good Luck!
BTW, part of that new 187Q MCSA (Server 2016) 70-743 dumps FYI:
https://drive.google.com/open?id=0B-ob6L_QjGLpdUZlRVBrYVdFb28
Best Regards!