***Your network contains an Active Directory domain named contoso.com. All servers run Windows Server
2012 R2.
The domain contains a domain controller named DC1 that is configured as an enterprise root certification
authority (CA).
All users in the domain are issued a smart card and are required to log on to their domain-joined client
computer by using their smart card.
A user named User1 resigned and started to work for a competing company.
You need to prevent User1 immediately from logging on to any computer in the domain. The solution must not
prevent other users from logging on to the domain.
Which tool should you use?
A.
Active Directory Users and Computers
B.
Server Manager
C.
The Certificates snap-in
D.
The Certification Authority console
It’s D. They use smarty card. You revoke the cert and publish the CRL. The question asks for “immediate” revocation.
ADUC *can* take up to 15 mins(+) to replicate across the Domain
Shut up
If you chose D, you would also have to publish the delta CRL.
The biggest issue though is that the question does not state anything about multiple sites or anything, so you have to assume they only have one site. Because they only have one site, their DCs will use intersite replication. This does not have a 15 minute interval, but mostly occurs on change notification. This means that it would probably happen immediately.
Answer is A – Active Directory Users and Computers
https://technet.microsoft.com/en-us/library/cc753390(v=ws.11).aspx
You can prevent a user to from logging on to any computer in the domain by using either ADUC or AD AC
https://technet.microsoft.com/en-us/library/dd861307(v=ws.11).aspx