Questions for Course 6043: Implementing Active Directory Domain Services in Windows Server 2008

  • Article

As I mentioned in a previous blog post, I am delivering a private, newsgroup-based, Microsoft-sponsored training for Microsoft MVPs. We are reaching the end of the second of five parts of this training, covering Course 6043: Implementing Active Directory Domain Services in Windows Server 2008 (see course description). At the end of each course I pose some questions to the students for discussion. Here are the questions for Course 6043:

01) Do you need to configure a DNS Server before installing Active Directory Domain Services in Windows Server 2008?
02) In a Full install of Windows Server 2008, should I use Server Manager or DCPROMO to install a Domain Controller role? Same in a Core install, OCSETUP or DCPROMO?
03) What are the MMC-based and command-line options to enable auditing of Active Directory domain access?
04) You enabled auditing of Active Directory access, but no records show in event viewer after you change a user property. What are you likely missing?
05) If you have multiple Active Directory domain controller in your domain, what is the easiest way to consolidate your auditing logs?
06) Describe one or more Active-Directory-related activities that you can perform in Windows Server 2008 without a restart that required a restart in Windows Server 2003.
07) Describe one or more Active-Directory-related activities that still require you to restart the Windows Server 2008 server.
08) Describe a few features of Windows Server 2008 that are enabled by the new Windows Server 2008 domain functional level.
09) If there are no changes in the Windows Server 2008 at the forest functional level, why is there a new “Windows Server 2008 forest functional level”?
10) When installing using DCPROMO in Windows Server 2008, you don't see an option to install a Read-Only-Domain-Controller (RODC). What should you do?
11) By default, what credentials are cached in a Read-Only-Domain-Controller in Windows Server 2008?
12) What specific option in what specific tool do you use to configure password replication policies for a Read-Only domain controller? Can you run that tool from a RODC?
13) Is there any special object or attribute that you can update on a Read-Only-Domain-Controller that will replicate back to the other domain controllers?
14) What is the minimum forest functional level required to have Read-Only domain controllers? Explain why.
15) Do you need any Windows Server 2008 domain controllers at all to have a Read-Only domain controllers? Explain why or why not.
16) A Read-Only domain controller that cached user secrets was stolen. What actions should you perform to protect the security of the domain?
17) When you try to use the backup tool, the option is not available in a Windows Server 2008 domain controller. How to make it available?
18) What do you need to backup in a domain controller to make sure you can restore the Active Directory database?
19) Do you need to stop active directory to perform a consistent backup of its database? Explain why or why not.
20) What is an authoritative restore and what are the steps to perform one?

If I have time, I will post answers in September, after the training is completed.