Hotspot Question
Your network contains one Active Directory forest named contoso.com and one Active Directory
forest named adatum.com. Each forest contains a single domain.
You have the domain controllers configured as shown in the following table.
You perform the following three actions:
– Create a user named User1 on DC3.
– Create a file named File1.txt in the SYSVOL folder on DC1.
– Create a Group Policy object (GPO) named GPO1 on DC1 and link GPO1 to
Site2.
You need to identify on which domain controller or controllers each object is stored.
What should you identify? To answer, select the appropriate options in the answer area.
Explanation:
The wording comes in conflict with the exhibit. Apparently there is only one forest which contains two domains. In that case Global Catalog DC’s have objects from other domains after replications, but since .txt file is not an AD object it doesn’t replicate through GC replication. And since GPO1 is linked to a site it has got its copy on every DC in the forest (read more at http://blogs.msdn.com/b/canberrapfe/archive/2012/11/15/where-are-site-linked-group-policy-objects-stored-and-why-should-you-care.aspx).
Answer is
file1.txt User1 GPO1
DC1 v v v
DC2 v v
DC3 v v
DC4 v v
correct answer
file1.txt User1 GPO1
DC1 v_ v v
DC2 v _ _ v
DC3 _ _ v v
DC4 _ _ v v
The user object and GPO surely only exist in each domain.
The GC’s contain a subset of attributes about the user not the actual user object itself.
Also the site information for the GPO (gplink information) will replicate forest wide but the actual GPO object only exists in the domain so is not replicated outside the domain. Have indicated the summary in the article that was linked to below.
for me the answers are :
DC1 v _ v
DC2 v _ v
DC3 _ v _
DC4 _ v _
Perhaps it depends on your definition of what an “object” is in the question. Happy to be corrected on this one.
GPO = GPT + GPC
•GPC – Stored in the Active Directory Domain partition under System\Policies. Replicated to all DCs in the domain. (not forest)
•GPC – Stored in SYSVOL and replicated by FRS or DFSR to all DCs in the same domain. (not forest)
•GPLink – Stored in Active Directory on the object where a GPO is linked.
◦If a GPO is linked to the domain or OU object the GPLINK is replicated domain-wide (with the Domain partition).
◦If a GPO is linked to a site object it is replicated Forest-wide (with the Configuration partition.)
I caveat all of that with the assumption that the two domains are in fact in same forest and not as the question states in two separate forests. (though my answers would be the same in both instances).
https://technet.microsoft.com/en-gb/library/cc736934(v=ws.10).aspx
Think this article gets across the distinction between objects and attributes.
May be you right.
I wasn’t paying attention reading article about GPO links I provided.
And about user attribute in GC – makes sense. BUT. This is debatable. Because, read this carefully https://technet.microsoft.com/en-us/library/cc728188(v=ws.10).aspx
“…every object in every domain in even the largest forest can be represented in the database of a single global catalog server.”
In my opinion object roughly is a set of attributes and associated with it object name. Suppose you have object with 20 attributes on MEL-DC and its representation with 19 attributes on SYD-DC. Do you have objects on both DC’s or just object on one DC and some copy of its attributes on another?
By the way if this is two separate forests then this question is really weird.
Your own link states that GPO’s are NOT replicated throughout domains.
“Since the local DC (DC1) does not store a copy of the Corp.contoso.com partition, the client will have to find the closest DC that does.”
“Duplicate the “VeryImportantSiteSettings” GPO in each domain. Link both to the BRISBANE site but use some clever security filtering to ensure that computers in the Contoso domain get the GPO that is stored in Contoso and computers in the corp domain only have access to the Corp GPO. Im talking about computer settings here, if there were some user settings in this GPO you would have to apply Security groups that contain Users, Not computers.
Avoid linking GPOs to sites at all. This is my preference. Instead of linking the GPO to the BRISBANE site, just create a new GPO in each domain and link it to an appropriate OU. You could use a child BRISBANE OU, Security or WMI filtering to ensure that this GPO is only applied by computers in the BRISBANE site.”
again
correct answer
file1.txt User1 GPO1
DC1 v v v
DC2 v _ v
DC3 _ v v
DC4 _ v v
agree with you
Question is confusing because there could be 2 forests, rather than 2 domains in 1 forest.
If 2 Forests, I think:
file1.txt User1 GPO1
DC1 v v v
DC2 v _ v
DC3 _ v _
DC4 _ v _
GPO1 will not be replicated to another Forest IMO
“If 2 Forests, I think:
file1.txt User1 GPO1
DC1 v v v
DC2 v _ v
DC3 _ v _
DC4 _ v _”
How the hell did you pass 410? Why would creating a user in one domain, also create the same user in another domain? Regardless if there is 1 or 2 forests, domains are separate and actions within each domain are separate. SYSVOL replication are within domain as well, but regardless creating AD objects should be very easy and clear to understand – IT IS DOMAIN SPECIFIC.
I’m amazed at some of you idiots that actually made it to 412.
Actually, to be fair I think I know why you gave that answer.
You probably thought that DC1 is a GC and thought that it would keep a partial copy of the user object.
The question asks which DC(s) the object is stored. GCs contain a subset of attributes about the user, not the actual user object itself. So again your answer is still wrong.
This one is confusing. But judging by the question we have 2 forest not one
“Your network contains ONE Active Directory FOREST named contoso.com AND ONE Active Directory FOREST named adatum.com.” It doesn’t say One Active directory forest with two domains.
Imo, how the servers are set in the sites it doesn’t really matter for what’s been asked here, this and the wording about the forest is for confusing us.
So I’m with Watcher:
F:File
U:User
G:GPO
— F-U-G
DC1 v _ v
DC2 v _ v
DC3 _ v _
DC4 _ v _
i approve this message.
2 forests, no forest trusts or anything. so right answer should be:
F:File
U:User
G:GPO
— F-U-G
DC1 v _ v
DC2 v _ v
DC3 _ v _
DC4 _ v _
I agree!
“Your network contains one Active Directory forest named contoso.com and one Active Directory forest named adatum.com. Each forest contains a single domain.”
FOREST CONTOSO.COM FOREST ADATUM.COM
domain contoso.com domain adatum.com
/ \ / \
SITE 1 SITE 2 SITE 1 SITE 2
So the result will be:
____file1.txt User1 GPO1
DC1 v v v
DC2 v _ v
DC3 _ v _
DC4 _ v _
I agree!
“Your network contains one Active Directory forest named contoso.com and one Active Directory forest named adatum.com. Each forest contains a single domain.”
……FOREST CONTOSO.COM… ……. …..FOREST ADATUM.COM
……domain contoso.com… ……. …..domain adatum.com
………. ../….\……….. ……. …………/…\
…….SITE 1……SITE 2 …… …… …. SITE 1…..SITE 2
So the result should be:
____file1.txt User1 GPO1
DC1 v v v
DC2 v _ v
DC3 _ v _
DC4 _ v _
* I hope that this time it is better formated…
I agree with this answer
If domains are in same forest:
— F-U-G
DC1 v v v
DC2 v _ v
DC3 _ v _
DC4 _ v _
If domains are in different forests:
— F-U-G
DC1 v _ v
DC2 v _ v
DC3 _ v _
DC4 _ v _
sysvol is simply a folder which resides within the domain. So DC1 and DC2.
User 1 will be stored on DC3 and DC4 and the global catalog server in contoso.com(DC1).
GPO1 will be stored on the global catalog servers DC1 and DC3.
Ref.: https://technet.microsoft.com/en-us/library/cc730749.aspx
Wait, there are 2 forest, so 2 differents domains and sites&services.
I agree with QWE
F:File
U:User
G:GPO
— F-U-G
DC1 v _ v (File1.txt and GPO –>Forest&Domain Contoso.com)
DC2 v _ v (File1.txt and GPO –>Forest&Domain Contoso.com)
DC3 _ v _ (user1 –>Forest&Domain Adatum)
DC4 _ v _ (user1 –>Forest&Domain Adatum)
qwe is right
This one is really easy, some of you apparently don’t even know what GC’s are or GPO’s…
In this example, you have two forests. There is only one GC per forest by default. In this example, you have two forests, so you have two GC’s. The purpose of global catalogs is as follows: Store backup of AD objects in the forest. Store complete replicas of the domain in the forest.
The question states:
“You need to identify on which domain controller or controllers each object is stored.”
So now, knowing what you know about Global Catlogs, you’ll know that if you create an file, user, or other object on one DC, it will be replicated automatically to the DC which hosts the Global Catalog.
This part of the quesiton:
“– Create a Group Policy object (GPO) named GPO1 on DC1 and link GPO1 to
Site2.” Ok, yay. Good for the GPO. By linking the GPO you are allowing that GPO to set permissions to the schema. Has nothing to do with STORING. Also, the GC in the contoso forest will not replicate to the adatum forest GC just because you link the GPO to it…because they are two different forests.
The correct answer is:
File 1 > DC 1 & 2
User 1 > DC 3 & 4
GPO 1 > DC 1 & 2
thanks jaf for really clear explanation…
I am Hassan! And I say it is as follows:
FUG
x-x
x-x
-x-
-x-
Maybe what is confusing most of you is that in the question User is stated before File and in the answer section it is other way around.