This chapter is from the book
This chapter is from the book
This chapter is from the book
This chapter is from the book
Exam Cram Questions
- Jon is the network administrator for a company that is looking to migrate directly from Windows NT 4 to Windows Server 2003 and Active Directory. The company currently has four domains to support one location because of varying administrative requirements. The CIO has asked Jon for a proposal for the new Windows Server 2003 deployment. What type of structure would be best for him to recommend?
- A. Jon should recommend upgrading each of the four domains in order to maintain their existing structure.
- B. Jon should recommend collapsing the four domains into a single domain and using OUs to create the organizational structure.
- C. Jon should recommend moving all the user accounts into a single account domain for administrative purposes, leaving the other three domains as resource domains.
- D. Jon should recommend upgrading each domain to Windows Server 2003 and using OUs within each domain to define the administrative structure.
-
Which of the following are benefits of using OUs in Windows Server 2003? [Choose the three best answers]
- A. Simplified domain structures
- B. Faster domain logons
- C. More granular permission delegation
- D. The ability to link specific Group Policies to subsets of a domain
-
You are the senior network administrator for a software development company. The Quality Assurance (QA) group has requested the capability to add and remove its own lab computers from the tailspintoys.com domain and to create and manage their own test user accounts on the domain for various testing situations. What steps should you take to grant their request, yet minimize the amount of administrative control they have and prevent them from managing their regular domain user accounts? [Choose the three best answers]
- A. Delegate Create, Delete, and Manage User Accounts and Reset user passwords and force password change at next login to the QA group to the tailspintoys.com domain.
- B. Delegate Create, Delete, and Manage User Accounts and force password change at next login to the QA group to the QA OU.
- C. Create a QA OU.
- D. Move QA users, groups, and computers to the new OU.
- E. Create a QA security group.
-
Brian is teaching a class on Windows Server 2003 administration. A student coming from a Windows NT 4 background just isn't getting the concept of OUs, and he asks Brian why he wouldn't just create the forests and domains necessary to support an organization's administration requirements. What should Brian tell the student? [Choose the three best answers]
- A. OUs provide easier access to network resources than using multiple domains.
- B. Group Policies are easier to manage using OUs than domains.
- C. Complex multidomain models increase the chances of security problems.
- D. The multidomain model is less efficient to administer than OUs.
-
You are an Active Directory consultant who has been hired by a government agency to analyze administrative access in the single domain environment. Because of regulations, the agency requires that not all five network administrators can administer administrator-equivalent accounts (all accounts with administrative access, including the built-in administrator account as well as all service accounts and the domain accounts of the network admins themselves). Instead, only the two admins with top-secret clearances are allowed to administer administrator level accounts. What would you recommend to allow all five admins to administer all 500 or so general accounts and groups, yet restricting administration of admin accounts to the two admins with proper clearance? [Choose the three best answers]
- A. Create a security group for the "super admins."
- B. Create an OU for the managed accounts.
- C. Place all nonadmin accounts in the new OU.
- D. Place all admin accounts in the new OU.
-
Louise is the senior network administrator and has been asked by her CIO to create an OU structure so that the human resources department can administer its own user accounts, and so that the IT department personnel other than Louise don't have permissions to their OU. Louise is the only member of the Enterprise Admins group, other than the domain's administrator account, whose password is known only by Louise and the CIO. Louise creates an HR Admins security group and HR OU, delegates administrative permissions to HR Admins, and removes the IT security group from the permissions list. Later she finds out that another network admin has been resetting user accounts for HR personnel. What has she missed?
- A. She needs to change the password on the domain administrator account because obviously the other network administrator is using that account.
- B. She needs to remove the Domain Admins group from the permissions list.
- C. She needs to create a separate domain for HR to isolate it from the main domain.
- D. She needs to remove the Enterprise Admins group from having permissions to the HR OU.
-
Bill is studying for Windows Server 2003 certification and is practicing on his home lab. He creates an OU using Active Directory Users and Computers and now needs to move his user accounts from the Users container to his new OU. What can he do to get the desired user accounts into the new OU? [Choose the two best answers]
- A. Bill can drag and drop the users between containers.
- B. Bill needs to grant his user account the necessary permissions to move user accounts from one container to another.
- C. Bill needs to select all the desired user accounts and use the Move command from the context menu.
- D. Bill needs to move the desired user account while he is creating the OU.
-
Holly is a network administrator for a Windows Server 2003 network. She wants to configure an HR Admins group to manage the user accounts for the HR department. She creates an HR Admins OU in the HR OU and moves the user accounts for the HR administrators into the OU. Then she delegates control of the HR Admins OU to the individual HR administrators' user accounts. She receives a call a few days later, though, from one of the HR admins, who complains that he can't reset a user's password. What might be wrong?
- A. Holly should have added the HR admins user accounts to the HR OU, not its own OU.
- B. Jeff hasn't logged off and logged back in since the change. He needs to do so to gain his new permissions.
- C. Holly did not delegate permission to the correct OU.
- D. Holly should have delegated permissions to a security group and not individual user accounts.
-
Charles has been asked to give an executive presentation on restructuring his company's Windows NT domains into a single Windows Server 2003 Active Directory domain utilizing OUs. During the presentation, the CEO asks Charles how having a hierarchy of OUs will affect people logging in to the domain and accessing resources compared to the current system. What should Charles tell the CEO?
- A. User accounts will be assigned to the OUs that they need to log on to.
- B. OUs have nothing to do with logging in to the domain.
- C. Because all the OUs will be in the same domain, users will have access to any domain resources.
- D. OUs can trust each other just like domains currently do.
-
Robert is the network administrator for a Windows Server 2003 network. He has delegated the control of the Developers OU to the Developer Admins security group, but after he completes the wizard he realizes he gave permission only to reset passwords and not to create and delete user accounts. What does Robert need to do to fix the problem?
- A. Robert needs to open the properties of the OU and go to the Security tab.
- B. Robert needs to run the Delegation of Control Wizard a second time to grant the desired permissions.
- C. Robert needs to edit the properties of the Developer Admins security group and change the permissions.
- D. Robert needs to remove the Developer Admins security group and recreate it, then run the Delegation of Control Wizard to set the permissions back up.