###BeginCaseStudy###
Topic 3, Litware, Inc
Overview
Litware, Inc., is a manufacturing company. The company has a main office and two branch offices. The main office is located in Seattle. The branch offices are
located in Los Angeles and Boston.
Existing Environment
Active Directory
The network contains an Active Directory forest named litwareinc.com. The forest contains a child domain for each office. The child domains are named
boston.litwareinc.com and la.litwareinc.com. An Active Directory site exists for each office.
In each domain, all of the client computer accounts reside in an organizational unit (OU) named AllComputers and all of the user accounts reside in an OU named
AllUsers.
All domain controllers run Windows Server 2008 R2 and are configured as DNS servers.
The functional level of the domain and the forest is Windows Server 2008.
Network Infrastructure
The main office has the following servers:
Five physical Hyper-V hosts that run Windows Server 2012
Three virtual file servers that run Windows Server 2008 R2
One physical DHCP server that runs Windows Server 2008 R2
Ten physical application servers that run Windows Server 2012
One virtual IP Address Management (IPAM) server that runs Windows Server 2012
One virtual Windows Server Update Services (WSUS) server that runs Windows Server 2008 R2
One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2
Each branch office has following servers:
One virtual file server that runs Windows Server 2008 R2
Two physical Hyper-V hosts that run Windows Server 2012
One physical DHCP server that runs Windows Server 2008 R2
One physical domain controller and two virtual domain controllers that run Windows Server 2008 R2
All of the offices have a high-speed connection to the Internet. The offices connect to each other by using T1 leased lines.
The IPAM server in the main office gathers data from the DNS servers and the DHCP servers in all of the offices.
Requirements
Planned Changes
The company plans to implement the following changes:
Implement the Active Directory Recycle Bin.
Implement Network Access Protection (NAP).
Implement Folder Redirection in the Boston office only.
Deploy an application named Appl to all of the users in the Boston office only.
Migrate to IPv6 addressing on all of the servers in the Los Angeles office. Some application servers in the Los Angeles office will have only IPv6 addresses.
Technical Requirements
The company identifies the following technical requirements:
Minimize the amount of administrative effort whenever possible.
Ensure that NAP with IPSec enforcement can be configured.
Rename boston.litwareinc.com domain to bos.litwareinc.com.
Migrate the DHCP servers from the physical servers to a virtual server that runs Windows Server 2012.
Ensure that the members of the Operators groups in all three domains can manage the IPAM server from their client computer.
VPN Requirements
You plan to implement a third-party VPN server in each office. The VPN servers will be configured as RADIUS clients. A server that runs Windows Server 2012 will
perform RADIUS authentication for all of the VPN connections.
Visualization Requirements
The company identifies the following visualization requirements:
Virtualize the application servers.
Ensure that the additional domain controllers for the branch offices can be deployed by using domain controller cloning.
Automatically distribute the new virtual machines to Hyper-V hosts based on the current resource usage of the Hyper-V hosts.
Server Deployment Requirements
The company identifies the following requirements for the deployment of new servers on the network:
Deploy the new servers over the network.
Ensure that all of the server deployments are done by using multicast.
Security Requirements
A new branch office will open in Chicago. The new branch office will have a single read-only domain controller (RODC). Confidential attributes must not be
replicated to the Chicago office.
###EndCaseStudy###
You need to recommend changes to the Active Directory site topology to support on the company’s planned changes.
What should you include in the recommendation?
A.
A new site
B.
A new site link bridge
C.
A new site link
D.
A new subnet
Explanation:
* Scenario:
The forest contains a child domain for each office. An Active Directory site exists for each office.
* Sites overview
Sites in AD DS represent the physical structure, or topology, of your network. AD DS uses network topology information, which is stored in the directory as site,
subnet, and site link objects, to build the most efficient replication topology. The replication topology itself consists of the set of connection objects that enable
inbound replication from a source domain controller to the destination domain controller that stores the connection object. The Knowledge Consistency Checker
(KCC) creates these connection objects automatically on each domain controller.
Understanding Sites, Subnets, and Site Links http://technet.microsoft.com/en-us/library/cc754697.aspx
Mmmm I don´t understand it.
If the question is regarding to the following statement:
“…A new branch office will open in Chicago. The new branch office will have a single read-only domain controller (RODC)…”
Then the answer would be “A) A new site”, a new site to place the RODC and to perform local validations.
Maybe the new subnet for the 3rd party VPN?
Still not sure.
First they specify:
“An Active Directory site exists for each office”
Then they say:
“…A new branch office will open in Chicago. The new branch office will have a single read-only domain controller (RODC)…”
So Chicago doesn´t have nor a Site neither a Subnet.
I think both have to be created, but a new site for Chicago should be created first to have it available for selection when creating the Chicago new subnet (although the new subnet could be assigned to an already existing site).
Maybe some information fell off this case study description.
I get it.. Sites are added to subnets.. First create the subnet and then add the site.
you’d have to create the site first. so then you can create a subnet, and assign the site into the subnet.
you can’t create a subnet and assign it to no site, so it would either have to be created against an incorrect site, and then the site created. You can get around this by using powershell to create the subnet.
sounds messy, why not just make the site then subnet.
A.
The key on this question is: “to support on the company’s planned changes.”. If you’re talking about RODC means “Security Requirements”.
D. You’d have to create a new subnet for support IPV6.