Answers to the Chapter Review Questions
1. A. Active Directory is used to keep track of Network resources and allow
users to access gain access to those resources.
2. D. Group Policy is now used to configure and control Windows 2000 systems on your network.
3. A. LDAP is an industry standard protocol that Microsoft decided to use when designing Active Directory.
4. D. Internet Connection Sharing, or ICS, is used to allow multiple systems to share a single Internet Connection.
5. C. Windows 2000 uses DNS as its naming convention protocol.
6. B. In Windows 2000, all DC can read and write to Active Directory. They use the multimaster replication model to allow this to happen.
7. C. Active Directory will not install unless DNS is installed and configured first.
8. D. Encrypted File System allows users to encrypt their data files.
9. B. False, Windows 2000 Professional can only handle 2 processors.
10. C. When only Windows 2000 systems are on the network, then the network operates in Native mode.
11. A. Remote Installation Service allows systems using the PXE ROM chip to boot to the network and automatically install the operating system.
12. A, B, C, D. Disk Quotas is a function of the new version of the NTFS file system. Since all the version of Windows 2000 support this version of NTFS, they all support disk quotas.
13. D. Windows 2000 DataCenter Server is the only version to support up to 32 processors.
14. A. Windows 2000 Professional replaces Windows NT Workstation.
15. C. Windows 2000 Advanced Server replaces Windows NT Server Enterprise Edition.
16. D. When both Windows NT and Windows 2000 system exist on the network, the network must run in Mixed mode.
17. B, C, D. All the Server version of Windows 2000 support Terminal Services which was only supported in Windows NT Server - Terminal Server Edition.
18. B. Windows 2000 Server is the replacement for Windows NT Server.
19. A. Plug and Play allows Windows 2000 systems to automatically detect new hardware and search for their drivers.
20. D. The Active Directory Schema controls what types of objects can be created in Active Directory and their properties.
Answers to Case Projects
1. Windows 2000 DataCentre Server
2. Windows 2000 Server, Advanced Server, or DataCentre Server
3. Domain Name Service (DNS)
Chapter 2 Solutions
Answers to the Chapter Review Questions
1. D. DNS is used to resolve names in a Windows 2000 network.
2. C. A domain is defined as a logical collection of computers, users, and other objects that share the same security boundary.
3. A, C. OUs are used to logically divide a domain along geographical, departmental, administrative, or any other boundary that makes sense.
4. B. Dynamic DNS (DDNS) is the new version of DNS used in Windows 2000 networks.
5. D. The PDC Emulator communicates with non-Windows 2000 systems for authentication and logon.
6. A. The Schema Master controls all changes to the Active Directory Schema.
7. E. The Infrastructure Master is responsible for maintaining all interdomain object references.
8. C. The Relative ID Master assigns RIDs to the DCs in the domain.
9. B. The Domain Naming Master controls the addition and removal of domains from the forest.
10. D. Domains within the same tree share the same Global Catalog, Schema, and Namespace.
11. B. False. Once objects and attributes are created in the Active Directory Schema, they cannot be deleted. They can only be marked as inactive.
12. B. A PDC Emulator must exist in a Mixed-Mode network to authenticate and log on the Windows NT workstations and servers.
13. C, D, E. The RID Master, the PDC Emulator, and the Infrastructure Master can have only one instance in each domain.
14. A, B. The Schema Master and the Domain Naming Master can have only one instance in each tree.
15. C. All computers within a Site are connected via a high-speed network.
16. C. An object has attributes associated with it.
17. B. The Knowledge Consistency Checker creates, maintains, and controls the replication topology between and among Windows 2000 sites.
18. D. All intersite replication flows through the bridgehead servers.
19. A. The hostname of the server is Mail1, the name on the far left of the FQDN.\
Answers to Case Projects
1. A PDC Emulator is not installed or is not running on the network… Since
Windows NT systems are not aware of Windows 2000 domain controllers, this must
exist in the domain in a Mixed-Mode Environment.
Chapter 3 Solutions
Answers to the Chapter Review Questions
1. C. A site is a group of computers connected by a high-speed connection.
2. D. All of the answers are correct. Another answer would be the lack of physical security.
3. A. The period of time a site link is available for replication purposes.
4. A. A DC in a remote site in not required in high bandwidth situations.
5. B. A domain controller does not need to exist in a site.
6. E. The Object Model separates AD objects by object type.
7. D. The Geographic Model separates AD objects by physical network location.
8. C. The Departmental Model separates AD objects by departments.
9. A. The Administrative Model separates AD objects by the organization's administrative groups.
10. B. The Business Unit Model separates AD objects by the organization's business units.
11. D. An OU is a container that exists in a single domain.
12. B. False. OUs are used to grant administrative control over AD objects.
13. B. A Windows 2000 network requires less bandwidth than a Windows NT network.
14. A. True.
15. C. A domain must be registered with an ICAAN-accredited registrar.
16. B. False. Windows 2000 trust relationships are transitive while Windows NT trust relationships are non-transitive.
17. B. False. The same domain name can be used for both internal and external access.
18. C. The logon name would be joe@domain.com.
19. A. The first step should be to map out the current infrastructure.
20. B. False. AD integrates closely with DNS not WINS
Answers to Case Projects
1. No DCs are installed in the remote sites. All authentication takes place
over the low bandwidth links.
Chapter 4 Solutions
Answers to the Chapter Review Questions
1. A. DDNS stands for Dynamic Domain Name Service.
2. B. An NS record (Name Server) creates a name server record.
3. D. An MX record (Mail exchanger) creates a mail server record.
4. B. A CNAME record (Canonical Name) creates an alias for a host record.
5. D. An A record (Address) creates a host name record.
6. C. A PTR record (Pointer) creates an IP address to hostname record.
7. A. An SRV record (Service) creates a service record for a service that exists on the specified system.
8. C. 7.168.192.in-addr.arpa would be the correct reverse lookup name.
9. B. The nslookup utility is the one most commonly used for troubleshooting name resolution problems.
10. B. A Forward lookup zone resolves host names to IP addresses.
11. C. A Reverse lookup zone resolves IP addresses to hostnames.
12. D. The serial number is used to determine when a zone transfer is necessary.
13. D. A Caching-only DNS server does not contain any zone databases.
14. B. A secondary server acts as a backup to the zone master server.
15. A. A primary server contains the read/write version of the database.
16. B. Originally, the HOSTS file was used to manually specify the IP to host name resolutions.
17. B. www.microsoft.com is the FQDN.
18. D. Com, Org, and Edu are all Top-level domains.
19. A. Natively, only Windows 2000 clients can use DDNS.
20. A. A simple query resolves the address on the local server.
Answers to Case Projects
1. Configure one of the DNS servers as a Forwarding DNS Server and configure
the rest to forward requests to it. Then allow that DNS server through the firewall
on port 53.
2. Configure a second server as the Secondary DNS server and assign its IP address to the clients as the secondary server. If the primary server goes offline and the clients cannot contact it, then they will forward the query to the secondary server for resolution.
Chapter 5 SolutionsAnswers to the Chapter Review Questions
1. D. AD can support over 1 million objects.
2. C. The Shared System Volume is stored in the %systemroot%\SYSVOL folder.
3. B. The current ntds.dit file is stored in the %systemroot%\NTDS folder.
4. D. The default ntds.dit file is stored in the %systemroot%\System32 folder.
5. B. DCPromo.exe is used to install AD and promote the system to a DC.
6. C. The Directory Services Restore Mode is used to restore AD and the Shared System Volume data from a backup.
7. B. False. A Windows 2000 domain runs in Mixed mode by default and must be manually changed to Native mode.
8. D. The Shared System Volume must be installed on an NTFS 5 partition.
9. A. True. Dcpromo.exe will ask you to install DNS if it is not already installed.
10. B. Circular logging must be disabled to ensure that the AD transactions are available.
11. C. The only way to recover the Directory Services Restore Mode password is by reinstalling Active Directory.
12. D. Edit the Registry and set the Registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\CircularLogging value to 1
13. C. Running dcpromo.exe on a DC simply removes Active Directory.
14. B. Windows 2000 and AD use the multi-master domain model.
15. B. False. In Windows 2000, member servers can be promoted to DCs using the dcpromo.exe application. The same application can also demote a DC to a member server.
16. A. Support for NETLOGON replication is stopped.
Answers to Case Projects
1. The most likely scenario is that you changed the operations mode on the domain
from Mixed to Native. Since in Native mode, Windows NT systems cannot access
the Windows 2000 DCs, they cannot log on. There are a couple of ways to solve
this problem, neither of which is easy. First, you can upgrade all the non-Windows
2000 systems to Windows 2000. Second, you can uninstall AD from the domain and
reinstall it.