Welcome to Certifiable, your exam-prep headquarters. Here you'll find questions about some of the tricky areas that are fair game for the certification exams.

Questions (May 24, 2002)
Answers (May 24, 2002)

This week's questions cover topics for Exam 70-217: Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure.

Questions (May 24, 2002)

Question 1
Your company, OksanaTech, runs Active Directory (AD) in a single-forest Windows 2000 environment with nine domains. A few years ago, the company ran on a Windows NT 4.0 multimaster domain model. Under that model, you had two master domains and seven resource domains. When migrating, you named the new forest root domain Oksanatech.com. The Oksanatech.com domain has two Win2K domain controllers (DCs), which you house at a datacenter in San Francisco.

You upgraded the two master domains from the original NT 4.0 multimaster system to Win2K and named them sandiego.oksanatech.com and losangeles.oksanatech.com. You store the two DCs for sandiego.oksanatech.com.au at a San Diego datacenter and the two DCs for losangeles.oksanatech.com.au at a Los Angeles datacenter.

Last night, an oil truck skidded off the highway and crashed into the San Francisco datacenter. A fire resulted, and the site's two DCs and your backup tape library for the San Francisco DCs are gone. What must you do to recover your forest root domain oksanatech.com? (Choose the best answer.)

  1. You can't recover a forest root domain if all DCs and backups are lost.
  2. Use the Dcpromo utility to promote the sandiego.oksanatech.com domain or the losangeles.oksanatech.com.au domain to the new forest root domain oksanatech.com.
  3. Change the name of the sandiego.oksanatech.com.au domain or the losangeles.oksanatech.com.au domain to oksanatech.com.
  4. Seize the Operations Master roles from the non-functioning DCs and distribute them to other DCs.
  5. Use the Dcpromo utility to create a new DC for the oksanatech.com domain .

Question 2
You have a small Windows 2000 Native domain called enrioustech.com.au. You've set up your domain controller (DC), domcont.enrioustech.com.au, so that the SYSVOL and Active Directory (AD) log files are on one hard disk, the E drive, and the OS files and AD database are on another hard disk, the C drive. You want to remove the hard disk that includes the E drive and install it on a new server that you're building. As a result, you must move the SYSVOL and AD log files to the C drive. Is this transfer possible, and if so, how? (Choose the best answer.)

  1. Yes, this transfer is possible. You must enter Directory Services Restore Mode on domcont.enrioustech.com.au and use the Ntdsutil utility to move the SYSVOL and the AD log files.
  2. No, this transfer is not possible. You must reinstall AD if you want to move SYSVOL on domcont.enrioustech.com.au.
  3. Yes, this transfer is possible. You can use Windows Explorer to move the SYSVOL and the AD log files on domcont.enrioustech.com.au.
  4. Yes, this transfer is possible. You must boot into Safe Mode and use the Ntdsutil utility to move the SYSVOL and AD log files on domcont.enrioustech.com.au.

Question 3
You recently earned the Microsoft Certified Systems Administrator (MCSA) certification and now administer a small Windows 2000 network with Active Directory (AD) deployed in a domain called micktech.com. You have set up three domain controllers (DCs): dc1.micktech.com, dc2.micktech.com, and dc3.micktech.com. What's the best way to correctly back up each of the DCs and the AD database using the Win2K Backup utility? (Choose the best answer.)

  1. Be sure to include the %systemroot%\NTDS folder in any backup job on dc1, dc2 and dc3.
  2. Select the "Backup Active Directory database" checkbox in Win2K Backup for dc1, dc2, and dc3.
  3. Make sure that all backups include the System State data for dc1, dc2, and dc3.
  4. Be sure to include the %systemroot%\Sysvol folder in any backup of dc1, dc2, and dc3.
  5. Make sure that all backups are authoritative backups of dc1, dc2, and dc3.

Answers (May 24, 2002)

Answer to Question 1
The correct answer is A—You can't recover a forest root domain if all DCs and backups are lost. If a catastrophic event destroys all DCs for the forest root domain and you can't restore one or more DCs from backup, the enterprise administrators and schema administrators are permanently lost. You have no way to reinstall the forest root domain of a forest. You would have been better prepared if you had located additional DCs for the forest root domain at the San Diego and Los Angeles datacenters and kept tape backups elsewhere.

Answer to Question 2
The correct answer is B—No, this transfer is not possible. You must reinstall AD if you want to move SYSVOL on domcont.enrioustech.com.au. You can boot into Directory Services Restore Mode and use the Ntdsutil utility to move the AD database and the AD log files. However, you can't use this technique to move SYSVOL. To move SYSVOL, you must first reinstall AD. Create a second DC to host the AD database while you reinstall AD, then replicate the AD database when the reinstallation is complete.

Answer to Question 3
The correct answer is C—Make sure that all backups include the System State data for dc1, dc2, and dc3. Backup refers to certain system components as the System State data. For Win2K Server, the System State data comprises the registry, the COM+ Class Registration database, system boot files, and the Certificate Services database (if the server is a certificate server). If the server is a DC, the System State data also includes AD and the SYSVOL directory.