1. What is an example of a scenario when you would need to rename a domain controller?
2. What tool is required to make any changes in Windows Time Service?
3. Five people in Accounting have the need to print checks on a network computer. No one else should have access to this printer. What is the best way to set this up?
4. Members of which of the following groups can perform actions in multiple domains within a forest?
5. An Active Directory Forest is ___________________
6. The ADSIEDIT tool is used to:
7. Which one of the following is NOT one of the 5 Operation Master (FSMO) Roles?
8. What two operations masters roles exist in each forest?
9. What two ways can trust relationships be defined?
10. What is Windows Time Service responsible for?
11. What does it mean when a “trust” exists?
12. How must drives containing database files, or log files, be formatted?
13. Which of the following is NOT an Active Directory object?
14. What is LDAP?
15. A user is complaining that they can't login to the domain because they have tried to login too many times with their password
16. What is an OU?
17. What do Domain Controllers do?
18. You update a GPO and return to the users computer to see the results but they don't show up. What is the least disruptive way to see the results?
19. In relation to backup and restore procedures, what provides a default location for files that must be shared for common access throughout a domain?
20. What is Kerberos?
21. What command is used to check whether the policy is applied or not?
22. Which of the following are NOT a logical component of Active Directory?
23. Fred in Marketing needs to share files with his small team on a confidential project. What should you do to help?
24. A domain computer is no longer authenticating on the domain. How do you fix the problem?
25. To add a new user via Windows PowerShell you would use the following cmdlet:
26. Command to create / run Active Directory Services
27. When creating a domain for the first time, what must be configured properly to easily join computers to your domain?
28. One can change the Active Directory Path while creation of the Active Directory
29. What is SYSVOL referring to in the context of Active Directory?
30. How are multiple sites connected for replication in Active Directory?
31. When is it necessary to manage domain and forest trusts?
32. Which one is NOT FSMO role?
33. What is a Global Catalog?
34. What best practice ensures that all trust relationships are preserved within a domain?
35. The Active Directory database is stored in the ______ directory.
36. What version of Windows Server was the Read Only Domain Controller (RODC) introduced?
37. Which of the following is NOT a DNS Zone?
38. Which of the following is NOT an Active Directory role?
39. Are the different types of trusts set automatically, or must they be set manually?
40. When you move the database file, where are registry entries that Ntdsutil.exe edits located?
41. If you need to change the default file size of the staging folder, where do you change the staging space limit registry entry?
42. Should you log in to your computer as an administrator to complete administrative tasks?
43. What is a DSRM password used for?
44. What benefit is gained from using global or universal groups when specifying permissions on domain directory objects?
45. Why is documentation one of the most critical aspects of Active Directory security administration?
46. You are trying to determine the name of a host but only have the IP Address, what command can you run to finds it's name?
47. What is KCC?
48. Your company and its partner want to share files on servers in both of their laboratories. What's the easiest way to make this happen?
49. What security practice does not involve the configuration of software or hardware?
50. An Active Directory Forest comprised of Windows 2008 R2 domain controllers will need to incorporate a Windows 2003 R2 Domain controller. What version level will the Forest function?
51. You are deploying a new web based application that only company personnel will use to submit their hours when out of the office. What Active Directory Service would you deploy to enable login security.
52. What command line tool can you use to remove and object from the Active Directory
53. What group must you be a member of to configure the site link schedule?
54. What kind of trust is a parent-child trust?
55. To protect the Active Directory schema, how should users be managed?
56. How much maintenance does the Active Directory database require on a daily basis?
57. What is an alternative to disabling administrative and guest accounts on domains for security purposes?
58. With the launch of Windows Server 2003, comes a tool to make trust configuration easier. What is it?
59. What does Windows Time Service use to manage time settings?
60. What does FSMO stand for?
61. In the following list, which methods can NOT be used to manage Active Directory tasks?
62. What is used to enable and optimize replication traffic?
63. You are having difficulty with remote domain controllers not syncing. What tool would you use to investigate the problem?
64. What is a NetBIOS name?
65. What happens if the global catalog is removed?
66. What is unique about the tasks that operations masters perform?
67. What is Active Directory's global catalog used for?
68. Should all system state components be backed up together?
69. If you needed to know the default number of days that a domain controller preserves knowledge of a deleted object, how would you find the answer?
70. Which of the following protocols are NOT needed for Replication?
71. If you want to see a list of users from the command line or in a script you would use the ______ utility.
72. What database engine is used to house the Active Directory?
73. What command line tool can you use to manage Domain Trusts?
74. You have need to check on a security property in the Systems folder in Active Directory Users and Groups but you are having a hard time finding it.
75. A Schema Partition in Active Directory is the:
76. When Windows Server receives a file through replication, or prior to being replicated, where must it be stored?
77. What does the ISTG do?
78. Why should default users be granted equal rights across the system?
79. What policy would you implement to rid the system of LM hashes?
80. Which virus scanning software is known to cause problems when installed on an Active Directory domain controller?
81. For which of the following reasons would you NOT deploy a Read Only Domain Controller (RODC)?
82. Which of the following protocols is used for communications in Active Directory Domains and Trusts?
83. Default time interval of Group Policy in Domain Controllers
84. You need to remove a large number of user accounts in the Active Directory because of an acquisition. Which utility would you use?
85. To install a new Active Directory Domain Services (AD DS) Forest you need to be a:
86. What are Group Policies?
87. An application you are installing has a service that needs to run on a server where it will interact and modify other network services and components. How do you set it up?
88. How many operations masters roles are allocated to each domain?
89. How many roles are available in Windows Server 2008?
90. How many levels of readiness are allocated for the global catalog?
91. Range of Group Policy time interval?
92. Which command is useful for troubleshooting Active Directory replication failure due to incorrect DNS configuration?
93. You are the network administrator, and your network consists of various branch offices located at different locations which are: Location 1 Location 2 Location 3 Location 4 You want to allow secure dynamic updates in DNS in Location 1, 2 and 3. But Location 4 should not be able to edit DNS. Which of the following statements will fit in this scenario?
94. You are the network administrator responsible for handling and troubleshooting the DNS server configured in Windows Server 2003. You figure out later on that the DNS server is consuming high CPU usage. Which of the following checks will you do to restrict DNS usage?
95. ways of viewing RSoP reports?
96. As the network administrator of a Windows 2003 network, when you were monitoring your network securities, you discovered that most of the users have been using the same password ever since their accounts were created. You want to secure your password policies so that users must change their passwords periodically. What will be your course of action?
97. Which are the other aspects that an administrator must consider for the network to run effectively after running metadata clean-up to delete the remains of a removed domain controller in Windows Server 2003?
98. You work as a Network Administrator for your company running on Windows 2000 Active Directory based network. One day you discover that the partition having Active Directory database is out of space. How will you move Active Directory database and log files to a new volume on a different disk?
99. Which command can be used to promote the DC (Domain Controller) from a backup of the system state data of an existing DC (Domain Controller)?
100. DNS SRV resource records map the name of a service to the name of a server offering that service.Which of the following SRV entry helps clients to find a Windows Server 2003 dom PDC FSMO role holder in a mixed-mode environment.
101. You are the network administrator for your company. One user account named Mike often needs to be moved between sales and marketing group. But the changes are not taking effect. Which of the following FSMO role may be responsible for that?
102. Your Company has different OUs named sales, production and finance. All are child objects under Departments OU. You created a new GPO used to assign software required for all departments. Sales and production users can see the shortcut in start menu and can successfully install the software but finance users report that this shortcut is not appearing in their start menu. What will you do?
103. Once DNS Advanced option is enabled from DNS console View tab in Windows Server 2003, which of the following things can be done ?
104. Which thing can be done once the DNS Advanced option is enabled from DNS console View tab in Windows Server 2003?
105. You are the administrator of your company.Your network is running on Windows Server 2003 domain controller and Windows XP as a clients.You have configured Software Deployment to distribute softwares to users. You have published softwares but by using Group Policies. Softwares appear in Add/remove Programs in control Panel but when users try to install them, they get an error message "The feature you are trying to install cannot be found in the setup directory" and the setup fails. Identify the cause.
106. You are the network administrator of a company. Your company's network has Windows 2003 Server and Windows 2000 Professional computers. You use a security policy to configure a server named Delta1. Now you have to deploy the security configuration on server Delta1 to the computers on your company's network. How will you accomplish this task by using minimum efforts?
107. You want to transfer the FSMO role. When you tried to transfer it, the transfer was unsuccessful. What will you do now?
108. You are the network administrator of a company running on Windows Server 2003 environment.The network consists of a single forest that contains two domains named Domain-A and Domain-B.You are responsible for handling Domain-A having one Active-Directory Integrated zone server .Your company policies state that name resolution traffic from Domain-B should be locally resolved by Domain-A. What should you do ?
109. You are the administrator of an OU named WebServers, created in Windows Server 2003 domain. The IPSec policies are defined at Domain level and No Override is not selected. All websites are configured to allow only anonymous users. A new GPO is applied at WebServers OU restricting local Administrators group to login locally. Users report that they are unable to access any of the Web Sites on the servers. What will you do for allowing users access to the websites from the servers in WebServers OU without affecting overall security?
110. You are the network administrator of a company called Expertrating. Your company's network has a single Active Directory forest with a single domain named expertrating.com. Windows Server 2003 is running on all the servers and all the clients are Windows XP Professional computers. Your company has a test lab that contains a separate forest. You created a GPO (Group Policy Object) for testing and tested it successfully in that lab. Now, you want to implement this GPO on the network for all the computers and users in the domain. How will you accomplish this task by using minimum efforts?
111. A network consists of one Windows Server 2003 running as Domain Controller and 100 Windows XP Clients. The network administrator has created many OUs in domain and delegated control of OU to relevant administrators. His domain is configured with one OU, named sales, having one child, OU marketing. Two different administrators are appointed to be responsible for their respective OUs. But the marketing OU administrator complains that their OU is inheriting the Group Policies of its parent domain, even when they have blocked the inheritence. What may be the reason for that?
112. You use Software deployment in Windows Server 2003 to distribute company's softwares on your Windows XP clients. The software image is clean and successfully published to clients. Clients have installed softwares in their desktops. But, when they run the setup from desktop shortcut, it gives an error message. Which of the following may be the reason for this error?
113. You are the network administrator for your company running Domain Controller on Windows Server 2003. The domain has a Windows 2000 server named production. The production server is not a domain controller. You are allowed to logon locally for making the configuration. You want to run a script that will change the current environment variables setting when users log in.What would be the appropriate course of action?
114. Which FSMO roles mostly affects the network users functionality immediately?
115. Your company has three domains located at different locations: perl.com geneva.perl.com portland.perl.com All three domains are in the Native Mode. Your geneva.perl.com branch is going to shut down and you want to migrate all users in that domain to perl.com. How will you move the users?
116. The network of ABC TOYS company consists of Windows Server 2003 and 5000 Windows XP Clients. Sometimes, users report missing data from the server. The network administrator wants to find the user deleting the files. He created a GPO and assigned it on the ABC Toys domain. Which actions should he audit?
117. You are the network administrator of Windows 2003 domain. The domain has one OU named Sales.You are using Windows Installer to publish sales relevant software to user's workstations. Currently, only members of Sales OU can run the software.But you want all users in the domain to be able to use the software from Start menu. What should you do ?
118. The administrator for company ABC Toys configured RIS server in Windows Server 2003 for installing operating system Image to newly branded computers. But when he started the computers for obtaining addresses from RIS, they all are unable to connect to DHCP server. Later on, he discovered all branded computers were using network adapters that were not PXE compliant. How will he connect these computers to RIS server?
119. You are the administrator of a Windows 2003 domain. The domain has 100 users working on Windows XP. You want to allow all users to change their desktop setting if they try to work on any Windows XP computer. But their altered desktops should not be saved once they log off. What should you do in this scenario?
120. Which is a recommended tool for populating Active Directory with data from other directory services?
121. You are the back-up operator in a company and responsible for system-state data backup which is residing at two Windows Server 2003 domain controllers. How should you automate the process for every day at 12:00 mid-night?
122. When an administrator runs dcpromo command in Windows Server 2003 to install Domain, setup fails with the following message 'Active Directory installation failed. The network location could not be reached.' What may be the problem ?
123. You are the administrator for ExpertRating's Branch office. Your company domain is running on Windows Server 2003. Your company's HQ is located at Atlanta and contains one Active-Directory Integrated DNS Server. An administrator at HQ instructs you to install and configure the DNS server as Active Directory Integrated zone. But when DNS is installed at the Branch office and a zone is tried to be created, the option to create Active-Directory Integrated zone is unavailable. What should be done in this scenario?
124. You are the network administrator responsible for handling DNS server running on Windows server 2003. You receive a report that Windows Server 2003 CPU utilization rate is constantly exceeding 85 % of the CPU.How will you check if this problem arises only because of the DNS server?
125. Your network consists of one parent domain running on Windows Server 2003 and 1000 Windows XP clients.Your company's growth demands a child domain to be installed in one of the Branch Location.But when you run dcpromo command to join the child domain in parent,you get an error message that the existing domain cannot be contacted.What will you do to correct this problem?
126. Suppose there are network connectivity problems between your HQ at Atlanta and Branch office in Atlanta which are causing packets to drop. How will you check where and what percentage of packets is dropped from the HQ?
127. You are planning to deploy Windows XP professional to client computers using RIS. What should you do to find out the GUIDs of all client computers?
128. We can only seize a role if the domain controller that holds that role fails.
129. Your company's domain consists of one OU named Sales. Sales OU consists of users from Sales Department. You need to assign one of the user of Sales OU named Paul, to create, add and modify user's objects only.They should not be able to change group's object properties.What should you do ?
130. Which role is responsible for the uniqueness of Active Directory objects in each domain?
131. You are the network administrator of a Windows 2003 network having Windows XP clients.You want to secure your network by implementing a policy that supports encrypted TCP/IP communication. Which of the following is most secured?
132. The administrator is trying to reset the external trust. But clients are unable to access resources in the domain outside of the forest. Which of the following FSMO role must be available for this reset?
133. Some applications are deployed that uses protocols that requires knowledge of the user's password for authentication purposes. Which policy can provide the best result in this scenario ?
134. When running dcpromo command in Windows Server 2003, the administrator changed the NetBIOS name to production. But the real FQDN is sales.microsoft.com. After setup, what would be the FQDN?
135. Once the forest functional level is raised to Windows Server 2003, one cannot add a Windows 2000 domain controller to the forest.
136. You are the network administrator for a company called ExpertRating. Your network contains one Windows Server 2003 Domain Controller. One day, when you reboot your DC, you receive an error message 'Cannot find NTOSKERNL.EXE'. Which of the following actions will you employ?
137. You are the network administrator of a company. Your company's network has a single Active Directory domain named expertrating.com. This domain has two sites and each site contains two domain controllers. You purchase two servers and use each new server as a domain controller in each site, making a total of three domain controllers at each site. You want to configure the inter site replication to flow through these new domain controllers. What will you do?
138. After running authoritative restore command on crash Windows Server 2003 domain controller, how will it be checked if authoritative restore was successful by checking the version number increase in the directory?
139. Which command provide maximum information related to capacity statistics such as megabytes per server and per object class, and information on how to compare two directory trees across replicas in the same domain?
140. You are the network administrator of an Aerospace Company. Your company's policy clearly states renaming of Guest account on all computers in domain. What would you do if you do not have the time to edit each name manually on each computer but you need to do it immediately?
141. You are the network administrator of a company. Your company's network has a single Active Directory domain. It has an OU named sales. You want to give permissions to a company's junior network administrator to create child OUs for sales OU. He should also be able to verify the existence of the OUs created by him. Which of the following permission set will be enough to accomplish this if you want to give him minimum permissions?
142. You are the network administrator of a company. Your company's network has Windows 2003 Server and Windows XP Professional computers. The network consists of a single Active Directory Domain named Expertrating.com. All user computers have computer accounts in an OU named expertrating users. You want to configure the network in such a way that all user computers are automatically updated when new critical updates are issued. Servers need to be updated manually. How will you perform this task?
143. Which role is responsible for allowing schema changes to Active directory objects?
144. How can an administrator predict the physical requirements for installing Windows Server 2003 Domain Controller ?
145. Your company is planning to deploy Windows XP Professional on 200 computers. The network has one Windows Server 2003 domain controller (DC). You want the installation to be automated and centralized, and to be done only on authorized computers. What should you do?
146. A PDC Emulator is required for authentication purposes for Windows NT 4.0 clients.
147. You are a network administrator and responsible for handling your company's domain, sales.microsoft.com running in Windows Server 2003. Your domain crashes accidentally and when you re-run the dcpromo command to promote it again, as domain controller with the same name, it fails. What can be the problem?
148. Your company is running on Windows Server 2003 DNS server with slaves.You changed DNS file manually on DNS server.But slave still doesn't pick up any changes. What will you do to apply those changes to slave?
149. Which is FSMO roles?
150. You are the network administrator for the Big North Fishing Company. The network consists of one Windows Server 2003 domain named bignorthfishingco.com. You are installing a new domain bignorthfishingco1.com but during promotion you get an error message: The domain name specified is already in use on the network. What is the cause of the problem?
151. You are the administrator of a Windows 2003 domain. According to company policy, you created an OU and applied a GPO restricting Control Panel access to users. Later on, your company policy changed and you allow Control Panel access to some of the users in that OU. The policy also states that their membership be kept as it is without moving them to other groups or OUs.How will you allow Control Panel access to some users thereby restricting access to others in the same OU?
152. Your network consists of three Windows 2003 Domain Controllers named DC-1, DC-2 and DC-3. DC-3 doesnot hold any FSMO roles. After backing-up the System State Data Back-up of all DCs, DC-3 disk failed. You replaced the failed disk with a new disk and installed Server 2003 on the new disk. What should you do next on DC-3?
153. Which partition information gets replicated during active directory replication?
154. Which component is contained in the sysvol folder?
155. Your company's network has a single Active Directory domain. All servers run Windows Server 2003. You want to make an application available for all the users to install. You want to configure GPO for this. How will you complete this task?