★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Relying on excellent technology, much better service for customers. Pass4sure offer Round the clock customer service for Microsoft examinee and you can get what you would like realize anytime. The fulfillment of our 70-640 is our service purpose, their combined improvement together with customers is our persistent pursuit in the large part. Thus please do not wait to make contact with us all if you have any questions associated with 70-640 examination.
2016 Jun 70-640 training
Your network contains an Active Directory forest named contoso.com. The forest contains two Active Directory sites named Seattle and Montreal. The Montreal site is a branch office that contains only a single read-only domain controller (RODC).
You accidentally delete the site link between the two sites.
You recreate the site link while you are connected to a domain controller in Seattle.
You need to replicate the change to the RODC in Montreal.
Which node in Active Directory Sites and Services should you use?To answer, select the
appropriate node in the answer area.
Q112. Your company has a main office and a branch office. The branch office has an Active Directory site that contains a read-only domain controller (RODC).
A user from the branch office reports that his account is locked out.
From a writable domain controller in the main office, you discover that the user's account is not locked out. You need to ensure that the user can log on to the domain.
What should you do?
A. Modify the Password Replication Policy.
B. Reset the password of the user account.
C. Run the Knowledge Consistency Checker (KCC) on the RODC.
D. Restore network communication between the branch office and the main office.
Not sure if:
Run the Knowledge Consistency Checker (KCC) on the RODC.
Restore network communication between the branch office and the main office.
Q113. A user in a branch office of your company attempts to join a computer to the domain, but the attempt fails.
You need to enable the user to join a single computer to the domain.
You must ensure that the user is denied any additional rights beyond those required to complete the task.
What should you do?
A. Prestage the computer account in the Active Directory domain.
B. Add the user to the Domain Administrators group for one day.
C. Add the user to the Server Operators group in the Active Directory domain.
D. Grant the user the right to log on locally by using a Group Policy Object (GPO).
http://technet.microsoft.com/en-us/library/cc770832%28v=ws.10%29.aspx#BKMK_1 Prestaging Client Computers Benefits of Prestaging Client Computers Prestaging clients provides three main benefits: An additional layer of security. You can configure Windows Deployment Services to answer only prestaged clients, therefore ensuring that clients that are not prestaged will not be able to boot from the network. Additional flexibility. Prestaging clients increases flexibility by enabling you to control the following. For instructions on performing these tasks, see the “Prestage Computers” section of How to Manage Client Computers.
* The computer account name and location within AD DS.
* Which server the client should network boot from.
* Which network boot program the client should receive.
* Other advanced options — for example, what boot image a client will receive or what
Windows Deployment Services client unattend file the client should use.
The ability for multiple Windows Deployment Services servers to service the same network
segment. You can do this by restricting the server to answer only a particular set of clients.
Note that the prestaged client must be in the same forest as the Windows Deployment
Services server (trusted forests do not work).
http://www.windows-noob.com/forums/index.php?/topic/506-how-can-i-prestage-a-computer-for-wds/howcan I PRESTAGE a computer for WDS?
Your network contains an Active Directory forest named contoso.com. The forest contains two sites named Seattle and Montreal. The Seattle site contains two domain controllers. The domain controllers are configured as shown in the following table.
The Montreal site contains a domain controller named DC3. DC3 is the only global catalog server in the forest.
You need to configure DC2 as a global catalog server.
Which object's properties should you modify? To answer, select the appropriate object in the answer area.
Q115. Your network contains an Active Directory forest.
You need to add a new user principal name (UPN) suffix to the forest.
Which tool should you use?
A. Active Directory Administrative Center
B. Active Directory Domains and Trusts
C. Active Directory Sites and Services
D. Active Directory Users and Computers
Demonstration adding a UPN Suffix
To add or modify a UPN suffix for your forest, open Active Directory Domains and Trusts from the start menu. Right click Active Directory Domains and Trusts at the top and open the properties. From here you can add and remove additional domain UPN suffixes for the forest.
Improved 70-640 windows server 2008 active directory:
Q116. Your network contains an Active Directory domain named contoso.com. All domain controllers run Windows Server 2008 R2. The functional level of the domain is Windows Server 2008 R2. The functional level of the forest is Windows Server 2008.
You have a member server named Server1 that runs Windows Server 2008.
You need to ensure that you can add Server1 to contoso.com as a domain controller.
What should you run before you promote Server1?
A. dcpromo.exe /CreateDCAccount
B. dcpromo.exe /ReplicaOrNewDomain:replica
C. Set-ADDomainMode -Identity contoso.com -DomainMode Windows2008Domain
D. Set-ADForestMode -Identity contoso.com -ForestMode Windows2008R2Forest
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels.aspx After you set the domain functional level to a certain value in Windows Server 2008 R2, you cannot roll back or lower the domain functional level, with one exception: when you raise the domain functional level to Windows Server 2008 R2 and if the forest functional level is Windows Server 2008 or lower, you have the option of rolling the domain functional level back to Windows Server 2008. You can lower the domain functional level only from Windows Server 2008 R2 to Windows Server 2008. If the domain functional level is set to Windows Server 2008 R2, it cannot be rolled back, for example, to Windows Server 2003.
Q117. Your network contains an Active Directory forest. The forest schema contains a custom attribute for user objects.
You need to modify the custom attribute value of 500 user accounts.
Which tool should you use?
We cannot use Dsmod here, because it supports only a subset of commonly used object
Csvde can only import and export data.
Dsrm is used to delete objects from the directory.
Creates, modifies, and deletes directory objects.
Q118. Your network contains a domain controller that runs Windows Server 2008 R2. You run the following command on the domain controller:
dsamain.exe -dbpath c:\$SNAP_201006170326_VOLUMEC$\Windows\NTDS\ntds.dit -ldapport 389 -allowNonAdminAccess
The command fails.
You need to ensure that the command completes successfully.
How should you modify the command?
A. Include the path to Dsamain.
B. Change the value of the -dbpath parameter.
C. Change the value of the -ldapport parameter.
D. Remove the allowNonAdminAccess
Explanation: MS Press - Self-Paced Training Kit (Exam 70-640) (2nd Edition, July 2012) page 690 Use the AD DS database mounting tool to load the snapshot as an LDAP server. dsamain -dbpath c:\$SNAP_datetime_VOLUMEC$\windows\ntds\ntds.dit -ldapport portnumber Be sure to use ALL CAPS for the -dbpath value and use any number beyond 40,000 for the
-ldapport value to ensure that you do not conflict with AD DS.
Also note that you can use the minus (–) sign or the slash (/) for the options in the
Q119. Your company has an Active Directory domain. The company has two domain controllers named DC1 and DC2. DC1 holds the Schema Master role.
DC1 fails. You log on to Active Directory by using the administrator account. You are not able to transfer the Schema Master operations role.
You need to ensure that DC2 holds the Schema Master role.
What should you do?
A. Configure DC2 as a bridgehead server.
B. On DC2, seize the Schema Master role.
C. Log off and log on again to Active Directory by using an account that is a member of the Schema Administrators group. Start the Active Directory Schema snap-in.
D. Register the Schmmgmt.dll. Start the Active Directory Schema snap-in.
Answer: On DC2, seize the Schema Master role.
http://technet.microsoft.com/en-us/library/cc816645%28v=ws.10%29.aspx Transfer the Schema Master You can use this procedure to transfer the schema operations master role if the domain controller that currently hosts the role is inadequate, has failed, or is being decommissioned. The schema master is a forest-wide operations master (also known as flexible single master operations or FSMO) role.
Note: You perform this procedure by using a Microsoft Management Console (MMC) snap-in, although you can also transfer this role by using Ntdsutil.exe. Membership in Schema Admins, or equivalent, is the minimum required to complete this procedure. http://technet.microsoft.com/en-us/library/cc794853%28v=ws.10%29.aspx Seize the AD LDS Schema Master Role The schema master is responsible for performing updates to the Active Directory Lightweight Directory Services (AD LDS) schema. Each configuration set has only one schema master. All write operations to the AD LDS schema can be performed only when connected to the AD LDS instance that holds the schema master role within its configuration set. Those schema updates are replicated from the schema master to all other instances in the configuration set. Membership in the AD LDS Administrators group, or equivalent, is the minimum required to complete this procedure. Caution: Do not seize the schema master role if you can transfer it instead. Seizing the schema master role is a drastic step that should be considered only if the current operations master will never be available again.
Q120. Your network consists of a single Active Directory domain. All domain controllers run Windows Server 2003.
You upgrade all domain controllers to Windows Server 2008.
You need to configure the Active Directory environment to support the application of multiple password policies.
What should you do?
A. Raise the functional level of the domain to Windows Server 2008.
B. On one domain controller, run dcpromo /adv.
C. Create multiple Active Directory sites.
D. On all domain controllers, run dcpromo /adv.
http://technet.microsoft.com/en-us/library/cc770842%28v=ws.10%29.aspx AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide This step-by-step guide provides instructions for configuring and applying fine-grained password and account lockout policies for different sets of users in Windows Server. 2008 domains. In Microsoft. Windows. 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain's Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons. In Windows Server 2008, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. Requirements and special considerations for fine-grained password and account lockout policies Domain functional level: The domain functional level must be set to Windows Server 2008 or higher.
see more TS: Windows Server 2008 Active Directory. Configuring