[Free] 2018(Aug) Dumps4cert Microsoft 70-640 Dumps with VCE and PDF Download 281-290

Dumps4cert.com : Latest Dumps with PDF and VCE Files
2018 Aug Microsoft Official New Released 70-640
100% Free Download! 100% Pass Guaranteed!

Windows Server 2008 Active Directory, Configuring

Question No: 281 – (Topic 3)

Your company has a main office and a branch office. The branch office contains a read- only domain controller named RODC1.

You need to ensure that a user named Admin1 can install updates on RODC1. The solution must prevent Admin1 from logging on to other domain controllers.

What should you do?

  1. Run ntdsutil.exe and use the Roles option.

  2. Run dsmgmt.exe and use the Local Roles option.

  3. From Active Directory Sites and Services, modify the NTDS Site Settings.

  4. From Active Directory Users and Computers, add the user to the Server Operators group.

    Answer: B

    Reference:

    http://technet.microsoft.com/en-us/library/cc732301.aspx Administrator Role Separation Configuration

    This section provides procedures for creating a local administrator role for an RODC and for adding a user to that role.

    To configure Administrator Role Separation for an RODC

    1. Click Start, click Run, type cmd, and then press ENTER.

    2. At the command prompt, type dsmgmt.exe, and then press ENTER.

    3. At the DSMGMT prompt, type local roles, and then press ENTER.

      Question No: 282 – (Topic 3)

      Your network contains an Active Directory domain named contoso.com. All domain controllers and member servers run Windows Server 2008. All client computers run Windows 7.

      From a client computer, you create an audit policy by using the Advanced Audit Policy Configuration settings in the Default Domain Policy Group Policy object (GPO).

      You discover that the audit policy is not applied to the member servers. The audit policy is applied to the client computers.

      You need to ensure that the audit policy is applied to all member servers and all client computers.

      What should you do?

      1. Add a WMI filter to the Default Domain Policy GPO.

      2. Modify the security settings of the Default Domain Policy GPO.

      3. Configure a startup script that runs auditpol.exe on the member servers.

      4. Configure a startup script that runs auditpol.exe on the domain controllers.

Answer: C Explanation:

Advanced audit policy settings cannot be applied using group policy to Windows Server 2008 servers. To circumvent that we have to use a logon script to apply the audit policy to the Windows Server 2008 member servers.

Reference1:

http://technet.microsoft.com/en-us/library/ff182311.aspx Advanced Security Auditing FAQ

The advanced audit policy settings were introduced in Windows Vista and Windows Server 2008. The advanced settings can only be used on computers running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008.

Note

In Windows Vista and Windows Server 2008, advanced audit event settings were not integrated withGroup Policy and could only be deployed by using logon scripts generated with the Auditpol.exe command-line tool. In Windows Server 2008 R2 and Windows 7, all auditing capabilities are integrated with Group Policy. This allows administrators to configure, deploy, and manage these settings in the Group Policy Management Console (GPMC) or Local Security Policy snap-in for a domain, site, or organizational unit (OU).

Question No: 283 – (Topic 3)

Your network contains an Active Directory domain. The domain contains five domain controllers. A domain controller named DC1 has the DHCP role and the file server role installed.

You need to move the Active Directory database on DC1 to an alternate location.The solution must minimize impact on the network during the database move.

What should you do first?

  1. Restart DC1 in Safe Mode.

  2. Restart DC1 in Directory Services Restore Mode.

  3. Start DC1 from Windows PE.

  4. Stop the Active Directory Domain Services service on DC1.

Answer: D Explanation:

http://technet.microsoft.com/en-us/library/cc794895(v=ws.10).aspx Relocating the Active Directory Database Files

Applies To: Windows Server 2008, Windows Server 2008 R2

Relocating Active Directory database files usually involves moving files to a temporary location while hardware updates are being performed and then moving the files to a permanent location. On domain controllers that are running versions of Windows 2000 Server and Windows Server 2003, moving database files requires restarting the domain controller in Directory Services Restore Mode (DSRM). Windows Server 2008 introduces restartable Active Directory Domain Services (AD DS), which you can use to perform database management tasks without restarting the domain controller in DSRM. Before you move database files, you must stop AD DS as a service.

Question No: 284 – (Topic 3)

Your network contains an Active Directory forest. The forest contains two domain controllers. The domain controllers are configured as shown in the following table.

Dumps4Cert 2018 PDF and VCE

All client computers run Windows 7.

You need to ensure that all client computers in the domain keep the same time as an external time server.

What should you do?

  1. From DC1, run the time command.

  2. From DC2, run the time command.

  3. From DC1, run the w32tm.exe command.

  4. From DC2, run the w32tm.exe command.

Answer: D Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/cc816748.aspx

Change the Windows Time Service Configuration on the PDC Emulator in the Forest Root Domain

The domain controller in the forest root domain that holds the primary domain controller (PDC) emulator operations master (also known as flexible single master operations or FSMO) role is the default time source for the domain hierarchy of time sources in the forest.

Reference 2:

http://technet.microsoft.com/en-us/library/cc773263.aspx Windows Time Service Tools and Settings

Most domain member computers have a time client type of NT5DS, which means that they synchronize time from the domain hierarchy. The only typical exception to this is the domain controller that functions as the primary domain controller (PDC) emulator operations master of the forest root domain, which is usually configured to synchronize time with an external time source.

W32tm.exe is used to configure Windows Time service settings. It can also be used to diagnose problems with the time service. W32tm.exe is the preferred command line tool for configuring, monitoring, or troubleshooting the Windows Time service.

Question No: 285 – (Topic 3)

Your network contains an Active Directory domain named contoso.com. You need to identify whether the Active Directory Recycle Bin is enabled.

What should you do?

  1. From Ldp, search for the Reanimate-Tombstones object.

  2. From Ldp, search for the LostAndFound container.

  3. From Windows PowerShell, run the Get-ADObject cmdlet.

  4. From Windows PowerShell, run the Get-ADOptionalFeature cmdlet.

Answer: D

Reference: http://www.frickelsoft.net/blog/?p=224

How can I check whether the AD Recycle-Bin is enabled in my R2 forest?

[He shows how to use the PowerShell cmdlet Get- ADOptionalFeature to determine if the AD Recycle Bin is enabled.]

Question No: 286 – (Topic 3)

Your network contains an Active Directory forest.

You add an additional user principal name (UPN) suffix to the forest.

You need to modify the UPN suffix of all users. You want to achieve this goal by using the minimum amount of administrative effort.

What should you use?

  1. the Active Directory Domains and Trusts console

  2. the Active Directory Users and Computers console

  3. the Csvde tool

  4. the Ldifde tool

Answer: D

Question No: 287 – (Topic 3)

Your network contains a server named Server1 that runs Windows Server 2008 R2. Server1 is configured as an Active Directory Federation Services (AD FS) 2.0 standalone

server.

You plan to add a new token-signing certificate to Server1.

You import the certificate to the server as shown in the exhibit. (Click the Exhibit button.)

Dumps4Cert 2018 PDF and VCE

When you run the Add Token-Signing Certificate wizard, you discover that the new certificate is unavailable.

You need to ensure that you can use the new certificate for AD FS. What should you do?

  1. From the properties of the certificate, modify the Certificate Policy OIDs setting.

  2. Import the certificate to the AD FS 2.0 Windows Service personal certificate store.

  3. From the properties of the certificate, modify the Certificate purposes setting.

  4. Import the certificate to the local computer personal certificate store.

Answer: D

Reference:

http://technet.microsoft.com/en-us/library/hh341466.aspx

When you deploy the first federation server in a new AD FS 2.0 installation, you must obtain a token-signing certificate and install it in the local computer personal certificate store on that federation server.

Question No: 288 – (Topic 3)

You install a read-only domain controller (RODC) named RODC1.

You need to ensure that a user named User1 can administer RODC1. The solution must minimize the number of permissions assigned to User1.

Which tool should you use?

  1. Active Directory Administrative Center

  2. Active Directory Users and Computers

  3. Dsadd

  4. Dsmgmt

Answer: B Explanation:

Reference 1:

http://technet.microsoft.com/en-us/library/cc755310.aspx

Delegating local administration of an RODC

Administrator Role Separation (ARS) is an RODC feature that you can use to delegate the ability to administer an RODC to a user or a security group. When you delegate the ability to log on to an RODC to a user or a security group, the user or group is not added the Domain Admins group and therefore does not have additional rights to perform directory service operations.

Steps and best practices for setting up ARS

You can specify a delegated RODC administrator during an RODC installation or after it.

To specify the delegated RODC administrator after installation, you can use either of the following options:

Modify the Managed By tab of the RODC account properties in theActive Directory Users and Computerssnap-in, as shown in the following figure. You can click Change to change which security principal is the delegated RODC administrator. You can choose only one security principal. Specify a security group rather than an individual user so you can control RODC administration permissions most efficiently. This method changes the managedBy

attribute of the computer object that corresponds to the RODC to the SID of the security principal that you specify. This is the recommended way to specify the delegated RODC administrator account because the information is stored in AD DS, where it can be centrally managed by domain administrators.

Dumps4Cert 2018 PDF and VCE

Use the ntdsutil local roles command or thedsmgmtlocal roles command. You can use this command to view, add, or remove members from the Administrators group and other built- in groups on the RODC.[See also the second reference for more information on how to use dsmgmt.]

Using ntdsutil or dsmgmt to specify the delegated RODC administrator account is not recommendedbecause the information is stored only locally on the RODC. Therefore, when you use ntdsutil local roles to delegate an administrator for the RODC, the account that you specify does not appear on the Managed By tab of the RODC account properties. As a result, using the Active Directory Users and Computers snap-in or a similar tool will not reveal that the RODC has a delegated administrator.

In addition, if you demote an RODC, any security principal that you specified by using ntdsutil local roles remains stored in the registry of the server. This can be a security concern if you demote an RODC in one domain and then promote it to be an RODC again

in a different domain. In that case, the original security principal would have administrative rights on the new RODC in the different domain.

Reference 2:

http://technet.microsoft.com/en-us/library/cc732301.aspx

Administrator Role Separation Configuration

This section provides procedures for creating a local administrator role for an RODC and for adding a user to that role.

To configure Administrator Role Separation for an RODC

->Click Start, click Run, type cmd, and then press ENTER.

->At the command prompt, typedsmgmt.exe, and then press ENTER.

->At the DSMGMT prompt, typelocal roles, and then press ENTER.

->For a list of valid parameters, type ?, and then press ENTER.

By default, no local administrator role is defined on the RODC after AD DS installation. To add the local administrator role, use the Add parameter.

->Type add lt;DOMAINgt;\lt;usergt;lt;administrative rolegt;

For example, type add CONTOSO\testuser administrators

Question No: 289 – (Topic 3)

Your network contains a single Active Directory domain. All servers run Windows Server 2008 R2.

You deploy a new server that runs Windows Server 2008 R2. The server is not connected to the internal network.

You need to ensure that the new server is already joined to the domain when it first connects to the internal network.

What should you do?

  1. From a domain controller, run sysprep.exe and specify the /oobe parameter. From the new server, run sysprep.exe and specify the /generalize parameter.

  2. From a domain controller, run sysprep.exe and specify the /generalize parameter. From the new server, run sysprep.exe and specify the /oobe parameter.

  3. From a domain-joined computer, run djoin.exe and specify the /provision parameter. From the new server, run djoin.exe and specify the /requestodj parameter.

  4. From a domain-joined computer, run djoin.exe and specify the /requestodj parameter. From the new server, run djoin.exe and specify the /provision parameter.

    Answer: C Explanation:

    Reference 1:

    MS Press – Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) pages 217, 218 Offline Domain Join

    Offline domain join is also useful when a computer is deployed in a lab or other disconnected environment.

    When the computer is connected to the domain network and started for the first time, it will already be a member of the domain. This also helps to ensure that Group Policy settings are applied at the first startup. Four major steps are required to join a computer to the domain by using offline domain join:

    1. Log on to a computer in the domain that is running Windows Server 2008 R2 or Windows 7 with an account that has permissions to join computers to the domain.

    2. Use the DJoin command to provision a computer for offline domain join. This step prepopulates Active

      Directory with the information that Active Directory needs to join the computer to the domain, and exports the information called a blob to a text file.

    3. At the offline computer that you want to join the domain use DJoin to import the blob into the Windows directory.

    4. When you start or restart the computer, it will be a member of the domain. Reference 2:

http://technet.microsoft.com/nl-nl/library/offline-domain-join-djoin-step-by-step.aspx Steps for performing an offline domain join

The offline domain join process includes the following steps:

  1. Run the djoin.exe /provision command to create computer account metadata for the destination computer (the computer that you want to join to the domain). As part of this command, you must specify the name of the domain that you want the computer to join.

  2. Run the djoin.exe /requestODJ command to insert the computer account metadata into the Windows directory of the destination computer.

  3. When you start the destination computer, either as a virtual machine or after a complete operating system installation, the computer will be joined to the domain that you specify.

    Question No: 290 – (Topic 3)

    Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects.

    You need to give the human resources department a file that contains the last logon time and the custom attribute values for each user in the forest.

    What should you use?

    1. the Dsquery tool

    2. the Export-CSV cmdlet

    3. the Get-ADUser cmdlet

    4. the Net.exe user command

Answer: C Explanation:

References:

https://devcentral.f5.com/weblogs/Joe/archive/2009/01/09/powershell-abcs–o-is-for- output.aspx

http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/8d8649d9- f591-4b44-b838-e0f5f3a591d7

http://kpytko.wordpress.com/2012/07/30/lastlogon-vs-lastlogontimestamp/

Export-Csv Reference:

http://technet.microsoft.com/en-us/library/ee176825.aspx Saving Data as a Comma-Separated Values File

The Export-Csv cmdlet makes it easy to export data as a comma-separated values (CSV) file; all you need to do is call Export-Csv followed by the path to the CSV file. For example, thiscommand uses Get-Process to grab information about all the processes running on the computer,then uses Export-Csv to write that data to a file named C:\Scripts\Test.txt:

Get-Process | Export-Csv c:\scripts\test.txt. Net User

Reference:

http://technet.microsoft.com/en-us/library/cc771865.aspx

Adds or modifies user accounts, or displays user account information.

DSQUERY

Reference 1:

http://technet.microsoft.com/en-us/library/cc754232.aspx

Parameters

{lt;StartNodegt; | forestroot | domainroot}

Specifies the node in the console tree where the search starts. You can specify the forest root (forestroot), domain root (domainroot), or distinguished name of a node as the start node lt;StartNodegt;. If you specify

forestroot, AD DS searches by using the global catalog.

-attr {lt;AttributeListgt; | *}

Specifies that the semicolon separated LDAP display names included in lt;AttributeListgt; for each entry in the result set. If you specify the value of this parameter as a wildcard character (*), this parameter displays all attributes that are present on the object in the result set. In addition, if you specify a *, this parameter uses the default output format (a list), regardless of whether you specify the -l parameter. The default lt;AttributeListgt; is a distinguished name.

Reference 2:

http://social.technet.microsoft.com/Forums/eu/winserverDS/thread/dda5fcd6-1a10-4d47- 9379-02ca38aaa65b

Gives an example of how to find a user with certain attributes using Dsquery. Note that it uses domainroot as the startnode, instead of forestroot what we need.

Reference 3:

http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/c6fc3826-78e1- 48fd-ab6f-690378e0f787/

List all last login times for all users, regardless of whether they are disabled.

dsquery * -filter quot;(amp;(objectCategory=user)(objectClass=user))quot; -limit 0 -attr givenName sn sAMAccountName

lastLogongt;gt;c:\last_logon_for_all.txt

100% Dumps4cert Free Download!
70-640 PDF
100% Dumps4cert Pass Guaranteed!
70-640 Dumps

Dumps4cert ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
PDF VCE Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No


Leave a Reply

Your email address will not be published. Required fields are marked *

  • Categories

  • Tags

  • Hot Exams

  • Hot Exams

  • Hot Catageories

  • microsoft dumps

    62-193 Dumps
    70-243 Dumps
    70-246 Dumps
    70-247 Dumps
    70-331 Dumps
    70-332 Dumps
    70-333 Dumps
    70-334 Dumps
    70-339 Dumps
    70-341 Dumps
    70-342 Dumps
    70-345 Dumps
    70-346 Dumps
    70-347 Dumps
    70-348 Dumps
    70-354 Dumps
    70-355 Dumps
    70-357 Dumps
    70-383 Dumps
    70-384 Dumps
    70-385 Dumps
    70-398 Dumps
    70-410 Dumps
    70-411 Dumps
    70-412 Dumps
    70-413 Dumps
    70-414 Dumps
    70-417 Dumps
    70-461 Dumps
    70-462 Dumps
    70-463 Dumps
    70-464 Dumps
    70-465 Dumps
    70-466 Dumps
    70-467 Dumps
    70-469 Dumps
    70-470 Dumps
    70-473 Dumps
    70-475 Dumps
    70-480 Dumps
    70-481 Dumps
    70-482 Dumps
    70-483 Dumps
    70-484 Dumps
    70-485 Dumps
    70-486 Dumps
    70-487 Dumps
    70-488 Dumps
    70-489 Dumps
    70-490 Dumps
    70-491 Dumps
    70-492 Dumps
    70-494 Dumps
    70-496 Dumps
    70-497 Dumps
    70-498 Dumps
    70-499 Dumps
    70-517 Dumps
    70-532 Dumps
    70-533 Dumps
    70-534 Dumps
    70-535 Dumps
    70-537 Dumps
    70-640 Dumps
    70-642 Dumps
    70-646 Dumps
    70-673 Dumps
    70-680 Dumps
    70-681 Dumps
    70-682 Dumps
    70-684 Dumps
    70-685 Dumps
    70-686 Dumps
    70-687 Dumps
    70-688 Dumps
    70-689 Dumps
    70-692 Dumps
    70-694 Dumps
    70-695 Dumps
    70-696 Dumps
    70-697 Dumps
    70-698 Dumps
    70-703 Dumps
    70-705 Dumps
    70-713 Dumps
    70-734 Dumps
    70-735 Dumps
    70-740 Dumps
    70-741 Dumps
    70-742 Dumps
    70-743 Dumps
    70-744 Dumps
    70-745 Dumps
    70-761 Dumps
    70-762 Dumps
    70-764 Dumps
    70-765 Dumps
    70-767 Dumps
    70-768 Dumps
    70-773 Dumps
    70-774 Dumps
    70-775 Dumps
    70-776 Dumps
    70-778 Dumps
    70-779 Dumps
    70-980 Dumps
    70-981 Dumps
    70-982 Dumps
    74-343 Dumps
    74-344 Dumps
    74-409 Dumps
    74-678 Dumps
    74-697 Dumps
    77-418 Dumps
    77-419 Dumps
    77-420 Dumps
    77-421 Dumps
    77-422 Dumps
    77-423 Dumps
    77-424 Dumps
    77-425 Dumps
    77-426 Dumps
    77-427 Dumps
    77-428 Dumps
    77-600 Dumps
    77-601 Dumps
    77-602 Dumps
    77-603 Dumps
    77-604 Dumps
    77-605 Dumps
    77-725 Dumps
    77-726 Dumps
    77-727 Dumps
    77-728 Dumps
    77-729 Dumps
    77-730 Dumps
    77-731 Dumps
    77-853 Dumps
    77-881 Dumps
    77-882 Dumps
    77-883 Dumps
    77-884 Dumps
    77-885 Dumps
    77-886 Dumps
    77-887 Dumps
    77-888 Dumps
    77-891 Dumps
    98-349 Dumps
    98-361 Dumps
    98-362 Dumps
    98-363 Dumps
    98-364 Dumps
    98-365 Dumps
    98-366 Dumps
    98-367 Dumps
    98-368 Dumps
    98-369 Dumps
    98-372 Dumps
    98-373 Dumps
    98-374 Dumps
    98-375 Dumps
    98-379 Dumps
    98-380 Dumps
    98-381 Dumps
    98-382 Dumps
    98-383 Dumps
    98-388 Dumps
    AZ-100 Dumps
    AZ-101 Dumps
    AZ-102 Dumps
    INF-203x Dumps
    INF-204x Dumps
    INF-205x Dumps
    INF-206x Dumps
    MB2-700 Dumps
    MB2-701 Dumps
    MB2-702 Dumps
    MB2-703 Dumps
    MB2-704 Dumps
    MB2-706 Dumps
    MB2-707 Dumps
    MB2-708 Dumps
    MB2-709 Dumps
    MB2-710 Dumps
    MB2-711 Dumps
    MB2-712 Dumps
    MB2-713 Dumps
    MB2-714 Dumps
    MB2-715 Dumps
    MB2-716 Dumps
    MB2-717 Dumps
    MB2-718 Dumps
    MB2-719 Dumps
    MB2-877 Dumps
    MB5-705 Dumps
    MB6-700 Dumps
    MB6-701 Dumps
    MB6-702 Dumps
    MB6-703 Dumps
    MB6-704 Dumps
    MB6-705 Dumps
    MB6-884 Dumps
    MB6-885 Dumps
    MB6-886 Dumps
    MB6-889 Dumps
    MB6-890 Dumps
    MB6-892 Dumps
    MB6-893 Dumps
    MB6-894 Dumps
    MB6-895 Dumps
    MB6-896 Dumps
    MB6-897 Dumps
    MB6-898 Dumps