MCSE Core Required Exams in a Nutshell: The required 70: 290, 291, 293 and 294 Exams (In a Nutshell (OReilly))

12.2. Exam 70-294 Suggested Exercises

Exam 70-294 expects you to know how to plan, implement, manage, and maintain Active Directory infrastructure for Windows Server 2003. You'll need plenty of hands-on previous experience to pass the exam. You'll need to review the study guide closely and review closely any areas with which you are unfamiliar. This section provides a numbered list of exercises that you can follow to gain experience in the exam's subject areas. Performing the exercises will be useful for help to ensure that you have hands-on experience with all areas of the exam.

For this exam, I recommend setting up a three-computer test network with two servers running Windows Server 2003 and one workstation running Windows XP Professional. One of your servers should be configured as a domain controller with DNS. The other should be configured as your DHCP server and as your Routing and Remote Access Server (RRAS). The workstation will need to be used in several roles. You'll need to configure it to be a member of the domain when you test TCP/IP, DHCP, and DNS client configurations. When you test RRAS, you'll want to configure the workstation as a RRAS client.

To help prepare for this exam, I recommend setting up a test environment that creates a forest root domain and a child domain with four servers running Windows Server 2003. In the forest root domain, install two domain controllers to handle the forest and parent domain roles. In a child domain, install two domain controllers to handle child domain roles. This configuration should help ensure that you can practice all the management and maintenance tasks measured by the exam.

In addition to performing the exercises below, you should also have experience using each of the Windows Server 2003 administrative tools described in the Study Guide.


Tip: Perform the exercises in this section in an isolated test environment. Do not perform these exercises on your organization's network.

12.2.1. Creating a Forest and Domain Plan

  1. Create a plan for deploying a new forest using a dedicated root.

  2. Create a plan for deploying a new forest using a nondedicated root.

  3. Plan the placement of DNS servers.

  4. Plan the placement of operations masters.

  5. Plan the placement of global catalogs.

  6. Plan the placement of bridgehead servers.

12.2.2. Installing an Active Directory Domain Controller

  1. Prepare a test environment.

  2. Install an Active Director domain controller in a new forest.

  3. Add an additional domain controller to the forest.

  4. Use DCPROMO /ADV promote a DC from backup.

  5. Install a child domain in a new forest.

  6. Install an additional domain controller to the child domain.

  7. Demote one of the domain controllers in the child domain by uninstalling Active Directory.

  8. Install an application data partition on one of the domain controllers.

  9. Configure an application partition replica on another domain controller.

  10. Remove the application partition replica.

  11. Remove the application partition.

12.2.3. Setting Forest and Domain Functional Levels

  1. View the current forest functional level.

  2. Based on the server operating systems being used, determine whether you can raise the forest functional level.

  3. View the current domain functional level.

  4. Based on the server operating systems being used, determine whether you can raise the domain functional level.

12.2.4. Optimizing the Active Directory Infrastructure

  1. Prepare a test environment.

  2. Configure the UPN suffix for all users.

  3. Update replication settings so the wWWHomePage attribute is replicated.

  4. Update replication settings so the wWWHomePage attribute is indexed for searches.

  5. Enable universal group membership caching.

  6. Designate a global catalog server.

12.2.5. Transferring Operations Master Roles

  1. Prepare a test environment.

  2. Locate the current operations masters for all roles.

  3. Transfer the schema master role to a new owner.

  4. Transfer the PDC emulator master role to a new owner.

12.2.6. Creating Organizational Units

  1. Prepare a test environment.

  2. Create a new domain.

  3. Create organizational units for each business unit in the company.

  4. Modify the OU hierarchy so the top-level OU is for enterprise administration.

  5. Create user and computer accounts and move these accounts to an OU.

  6. Delegate control over an OU so a user can create, delete, and manage accounts in the OU.

12.2.7. Creating and Configuring Sites

  1. Prepare a test environment.

  2. Create two sites.

  3. Create one or more subnets and associate them with each site.

  4. Link one site to other site using site links.

  5. Associate a domain controller with each site.

  6. Specify a site license server for each site.

12.2.8. Configuring Intersite Replication

  1. Prepare a test environment.

  2. Create the site links for connecting two or more sites.

  3. Configure site link properties for replication cost, interval, and schedule as appropriate.

  4. Disable site link transitivity for IP and SMTP.

  5. Create a site link bridges between sites.

  6. Enable site link transitivity for IP and SMTP.

  7. Determine a site's Inter-Site Topology Generator.

  8. Determine a site's bridgehead servers.

  9. Specify preferred bridgehead servers.

12.2.9. Configuring Trust Relationships

  1. Prepare a test environment.

  2. Examine the current trust relationships for all domains in a forest.

  3. List the types of trusts, the trusting domains, and the trusted domains.

  4. Establish a shortcut trust between two child domains in separate domain trees.

12.2.10. Monitoring Active Directory

  1. Prepare a test environment.

  2. Ensure that the dependent services are running.

  3. Examine firewalls to ensure that TCP and UDP ports are open as appropriate for Active Directory.

  4. Use Repadmin to examine all aspects of replication.

  5. Use Replmon to synchronize a domain controller's domain partition with all other domain controllers in a domain.

  6. Use Replmon to search for replication errors.

  7. Use the Performance console to monitor the Directory Replication Agent in Active Directory.

  8. Use the Performance console to monitor FRS.

  9. Check the event logs for Active Directory errors.

  10. Check the event logs for FRS errors.

12.2.11. Backing up and Restoring Active Directory

  1. Prepare a test environment.

  2. Back up a domain controller.

  3. Perform a nonauthoritative restore of a domain controller.

  4. Perform an authoritative restore of a domain controller.

  5. Perform a primary restore of the Sysvol.

12.2.12. Planning Security Groups

  1. Create a security group plan for a new network with 5,000 users.

  2. Create a security group hierarchy that encompasses all resources and includes universal groups.

  3. Create a distribution group hierarchy for users and includes universal groups.

12.2.13. Planning an Authentication Strategy That Uses Smart Cards and Group Policy

  1. Prepare a test environment.

  2. Configure an enterprise CA hierarchy.

  3. Enable autoenrollment in Group Policy.

  4. Configure user accounts to require smart cards for log on and authentication.

  5. Configure remote access to require Extensible Authentication Protocol (EAP).

  6. Configure domain-wide account password and account lockout policies in Group Policy.

  7. Configure domain-wide policy for renaming the Administrator and Guest accounts.

12.2.14. Working with Local Group Policy

  1. Prepare a test environment.

  2. Access local group policy on a local computer.

  3. Enable Automatic Updates policy on the local computer.

  4. Access local group policy on a remote computer.

  5. Enable Automatic Updates policy on the remote computer.

12.2.15. Managing Active Directory Group Policy

  1. Prepare a test environment.

  2. Create a GPO and link it to a site.

  3. Configure the site GPO so that its setting cannot be overridden.

  4. Edit the site GPO and configure policy settings.

  5. Create a GPO and link it to a domain.

  6. Configure the domain GPO to block inheritance.

  7. Edit the domain GPO and configure policy settings.

  8. Create a GPO and link it to an OU.

  9. Configure the OU's GPO so user settings are disabled.

12.2.16. Configuring User and Computer Environments Using Group Policy

  1. Prepare a test environment.

  2. Create a GPO and link it to an OU.

  3. Configure a startup script for computers in the OU.

  4. Configure a logon script for users in the OU.

  5. Configure folder redirection for AppData and My Documents.

12.2.17. Distributing Software by Using Group Policy

  1. Prepare a test environment.

  2. Deploy software using user publishing. Adminpak.msi is in the %SystemRoot%\System32 folder on the servers.

  3. Deploy a new version of the deployed software. If you've deployed the Adminpak.msi for Windows Server 2003, you can try deploying the Adminpak.msi for Windows Server 2003 Service Pack 1 as an update.

12.2.18. Troubleshooting the Application of Group Policy Security Settings

  1. Prepare a test environment.

  2. Use the Resultant Set Of Policy in planning mode to determine settings for a user and computer in a new OU.

  3. Move the user and computer to the new OU.

  4. Refresh Group Policy using gpupdate.

  5. Use the Resultant Set Of Policy in logging mode to determine the applied policy settings.

  6. Use Gpresult to determine the complete list of GPOs applied to a user and computer.

  7. Use Gpresult to determine the security groups of which a user and computer are members.

  8. Use Gpresult in verbose mode and store the results in a text file.

12.2.19. Restoring the Default Domain Policy and Default Domain Controller Policy GPOs

  1. Prepare a test environment.

  2. Examine the Default Domain Policy and the Default Domain Controller Policy for a domain.

  3. Configure Account Lockout Policy and Password Policy in the Default Domain Policy in a nonstandard way.

  4. Configure Audit Policy in the Default Domain Controller Policy in a nonstandard way.

  5. Use Dcgpofix to restore the Default Domain Policy and the Default Domain Controller Policy for a domain.

  6. Examine the Default Domain Policy and the Default Domain Controller Policy for the domain.

Категории