The errata list is a list of errors and their corrections that were found after the product was released.
The following errata were submitted by our customers and have not yet been approved or disproved by the author or editor. They solely represent the opinion of the customer.
| Version |
Location |
Description |
Submitted by |
Date submitted |
| Printed, PDF |
Page 12,22
Fourth point, Lesson Review Question #1 |
On page 12 it states:
"Additionally, the domain controller must be configured
with a DNS server address to perform name resolution."
Page 22 has a question regarding the successful creation of a Win08 DC, yet D is an incorrect answer because the reader is supposed to assume that the AD installation wizard will install/configure it despite no previous mention of this fact. This seems a bit strange considering the third point on page 12 went out of its way to state it "must" be configured.
Page 12 should probably be re-worded to something along the lines of "Additionally, the domain controller must be configured with a DNS server address to perform name resolution. In the absence of a DNS server, the Active Directory Installation Wizard will install and configure DNS service on the domain controller.", as stated in the answer on page 921.
|
Aray Gerami |
Oct 26, 2012 |
| Printed |
Page 24
2da. line |
Active Directory Certificate Services is not supported in Windows Server 2008 core installation
|
carlos mejia |
Feb 17, 2012 |
| Printed |
Page 28
Step 10 |
The command:
net user administrator *
should be referenced. I was not prompted to change password on login after install. The above command changes the admin password
|
Michael Wiles |
May 03, 2012 |
| Printed |
Page 29
Point 6 |
If yout type only what the book says: netdom join %computername% /domain:contoso.com
the comand not works and fail, you must add user and password of the domain in Server01 pc:
netdom join %computername% /domain:contoso.com /userd:contoso.com\administrator /passwordd:P@assword
|
Ra?l |
Jun 12, 2012 |
| Printed |
Page 29
Exercise 2, Step 2 |
In Exercice 2 step 2 the gateway address is typed as "10.0.0.1 1" with a space between the last two ones.The command does not produce any errors,but it misconfigure the server with a dfault gateway of 10.0.0.1 instead of the intended address of 10.0.0.11.
The ip adress should be typed without spaces between the numbers.
|
Jaime Ortiz |
Aug 19, 2012 |
| Printed |
Page 29
Exercise 2, Step 6 |
If you use the command as typed in step 6,you will get an error message saying "unknown username or bad password".This is because the command is missing the parameter to specify the domain user account and password.
|
Jaime Ortiz |
Aug 19, 2012 |
| Printed |
Page 29
1st paragraph |
It says in the excercise Server01 needs to be running, but how do I do that ?
I have server 2008 standard installed on partion1
I have servercore installed on partition 2
How do I run Server01 when I'm working on another partition ? do I need to run servercore with vmware ( If so how does it work) I have no experience whatsoever with VMWARE
|
Anonymous |
Aug 21, 2012 |
| Printed |
Page 29
Exersise 2 point 7. |
Change:
Restart by typing:
shutdown /r /t0
in: shutdown /r /t 0
There must be a space between the /t end the 0
|
Theone72 |
Dec 10, 2012 |
| Printed |
Page 29
Exercise 2 Lines 4 & 7 |
Lines 4 & 7 of Exercise 2 give shut down command of
'shutdown /r /t0'
There must be a space between the /t & its value.
'shutdown /r /t 0'
|
William Sawyer |
Jan 21, 2013 |
| Printed |
Page 31
Review question 2 |
Page 31 review question 2: Answer is in my viwe not correct, the AD CS can be installed on a core server according to the MS page http://gallery.technet.microsoft.com/scriptcenter/Setup-Certification-bd2aff3e
|
Microsoft Press |
May 22, 2013 |
| PDF |
Page 42
Top of Page |
The tip at the top of page 42 offers a suggestion on reducing the steps necessary to have a shortcut request administrative credentials, however that is for local administrator access, not for the domain admin access required to administer active directory objects.
I have researched this and there does not appear to be a reliable solution for this that I have found. Even configuring the shortcut to use the runas command does not work with saved mmc consoles during my testing. I also found a script posted on a Microsoft blog that does not work either.
|
Abraham Guerrero |
Jun 29, 2012 |
| PDF |
Page 58
1st paragraph |
Extract from the book: "You do not need to enter the full name; you can enter either the user?s first or last name, or even just part of the first or last name."
Here must be Display name (or User logon Name (pre-Windows 2000) ) instead of "last name". Select dialog box will not found anything if you try to search by last name.
|
Aleksandr Zhelnitskiy |
Jan 24, 2013 |
| Printed, PDF |
Page 70
13th point |
On the 13th point of (chapter 2, exercise 6) it is written that the saved query would show users from both the User Accounts OU and Admins OU but actually the output of this query is only the "guest " user.
|
trivender |
Jun 06, 2012 |
| Printed |
Page 85
Last Paragraph |
The technet documentation has been followed to the tee. If I browse to the Domain Users Group and add it, an error is generated. The error says - "Windows cannot process the object with the name "Domain Users" because of the following error - The specified domain either does not exist or could not be contacted. If I type in "CONTOSO\Domain Users" manually and also add Administrators manually, the information saves but when I try and logon as bmayer, I see the error message "You cannot log on because the log on method you are using is not allowed on this computer. Please see your network administrator for more information.
This is obviously going to hold me up for the remaining 900 pages as it says you need to log on locally for many exercises. Need a fix for this ASAP as just spent the last hour trying to sort it but to no avail.
So the technet article isn't good enough. Why Oh Why haven't the instructions been included in detail in the book???
As someone who is fairly new to all this I expect everything to be layed out precisely and not have to find stuff on the internet.
|
Anonymous |
May 22, 2012 |
| Printed |
Page 85
Last Paragraph |
In the last paragraph, the link provided for the "Grant a Member the Right to Logon Locally should be updated to from
http://technet.microsoft.com/en-us/library/ee957044WS.10).aspx to
http://technet.microsoft.com/en-us/library/ee957044(v=ws.10).aspx
|
Jack Smith |
Jan 16, 2013 |
| Printed |
Page 86
Practice 1 |
In Practice 1 first error is that you have to log on to CONTOSO domain as barbara mayer (CONTOSO\bmayer), in SERVER01 as the book says yo can't log on (SERVER01\bmayer).
Second error is that if you try to reset the password of any user you get an 'Access denied' error due to in page 85 the book says that you add Domain Users group to Print Operators group. When you do that all users get an extra protection even if you leave the print operators group. Solution: just add only barbara mayer to print operators group (in order to can logon to CONTOSO), create a new user un User accounts OU and then try to reset their password--> now works.
|
Raul |
Jun 14, 2012 |
| Printed, PDF |
Page 106
5th paragraph |
at page 106 , at 5th paragraph ,
change :
" To list all processes running on a computer, type the following command: Get-Service "
to
" To list all processes running on a computer, type the following command: Get-Process "
|
hamed zargham |
Mar 12, 2012 |
| Printed |
Page 114
Bottom of page, the new-aduser using the instance $user |
Throws a password error "The password does not meet the length...". Did I miss a step about turning password complexity off or is this from some other issue. Thanks!
|
Robert Cowling |
Oct 03, 2012 |
| Printed |
Page 122
Exercise 4 Step 5 |
"Type the following command to create an OU called Employees in the User Accounts OU"
Should be:
"Type the following command to create an OU called New Hires in the User Accounts OU"
|
Anonymous |
Feb 20, 2013 |
| Printed |
Page 122
Exercise 5 |
Step 1-3 does not show any kind of confirmation after typing each command in that exercise so it does not show anything as suppose too in Number 4 step. I tried it serveral times. All you get after each line of command is the double >> (arrows)
|
Eric Acosta |
Sep 03, 2013 |
|
140
3rd sentence from the top of the page |
The book states that "In Windows PowerShell, you can use the Move-ADObject or Move-Item cmdlets to move
a user to another OU." But, Move-Item cannot be used for Active Directroy items.
|
Hwal Park |
Jul 16, 2012 |
| Printed, PDF |
Page 163
Universal Groups - Membership at the top |
P163 No mention of computers as members of Universal Groups but on P164 says computers can be members of Universal Groups. Which is correct?
|
Anonymous |
May 25, 2012 |
| PDF |
Page 164, 927
table 4-1 in 164 and Answer for question 3 on 927 |
Table 4-1 states that Global group can contain users, computers, and Global groups from the same domain.
Answers for question 3 on page 927 state that users from a different domain in the same forest and users from a trusted external domain can be members of Global group.
Which is right?
|
Hwal Park |
Jul 18, 2012 |
| PDF |
Page 174, 927
Chatper 4, Lesson 1, Answer 3 |
The Chapter 4, Lesson1, Question 3 Reads:
You have created a global security group in the contoso.com domain named Corporate
Managers. Which members can be added to the group? (Choose all that apply.)
A. Sales Managers, a global group in the fabrikam.com domain, a trusted domain of
a partner company
B. Sales Managers, a global group in the tailspintoys.com domain, a domain
in the contoso.com forest
C. Linda Mitchell, a user in the tailspintoys.com domain, a domain in
the contoso.com forest
D. Jeff Ford, a user in the fabrikam.com domain, a trusted domain of a partner
company
E. Mike Danseglio, a user in the contoso.com domain
F. Sales Executives, a global group in the contoso.com domain
G. Sales Directors, a domain local group in the contoso.com domain
H. European Sales Managers, a universal group in the contoso.com forest
On the answers page, the correct answers are listed as C,D,E, and F
Shouldn't the answers read E and F only? Options C and D are not in the same domain of the Gloal Group being created.
|
Anonymous |
Jun 01, 2012 |
| PDF |
Page 176
DSadd -memberof bullet point |
The -memberof attribute is listed as "-member of" with an incorrect space between member and of.
|
Ronan Fahy |
Mar 28, 2012 |
| Printed, PDF |
Page 182
Exercise 2 description |
At the description of exercise 2 you write:
"DSAdd can create a group, and even populate its membership, with a single command."
The command you write below does not use the -members parameter to populate membership. So either delete the sentence above or change the command to add some existing members to the group.
|
Vassilis Stathopoulos |
Oct 11, 2012 |
| PDF |
Page 188
2nd par |
While discussing the "protect object from accidental deletion" option, you say:
"This is one of the few places in Windows in which you must click OK instead of Apply.
Clicking Apply does not modify the ACL based on your selection."
This is not strictly speaking true - it implies that ONLY if you click OK does the ACL get updated. It is true that at the point you click Apply, it does not perform the update, but even if you click Apply and then click Cancel, the ACL is updated as can be verified when you next open the object and view its ACL.
|
Ronan Fahy |
Mar 28, 2012 |
| Printed |
Page 190
Shaded area "NOTE Click OK" |
Similar to the error already mentioned on page 188... clicking Apply by itself does not immediately apply the change to the ACL. But in addition to the OK button, clicking Apply and then the X in the upper-right corner or the Cancel button also updates the ACL. When you reopen properties for the group you'll notice that the Managed By tab reflects the change even if you never click OK. Also the Allow::Write Members permission is checked even though you never clicked on OK.
So the text should reflect that the Apply button does not work as one might expect. The ACL does not immediately reflect the change you've made. Either click OK to implement the change or if you select Apply you'll need to also click Cancel or close the properties dialog box using the X in the upper right corner. Then, when you re-open the Properties for the group you will find the changes have stuck.
|
Russ |
Jan 30, 2014 |
| Printed, PDF |
Page 195
Account Operators Description |
On P195 printed and PDF the Account Operators description needs to state that it can shut down servers (assuming that it can???). The answer to Q3 on P929 needs careful review in both PDF and printed versions as it's different in both and actually STILL incorrect in both (Check the wording in the printed answer 3a!!!).
|
Lenny Davis |
May 25, 2012 |
| Printed, PDF |
Page 203
Practive 3 |
On the first part of typing the command to add members I got the error, "dsget failed:Directory object not found." After removing OU=Groups, for the dsget command, the command succeeded.
Also, on the second command, to add the members back, on the dsmod section I had to remove, "OU=Groups" to get the command to succeed.
|
Anonymous |
Mar 29, 2012 |
| PDF |
Page 203
United Kingdom |
See confirmed Errata for P203, PDF version still incorrect. Should read:-
dsquery user "OU=User Accounts,DC=contoso,DC=com" |
dsmod group "CN=All Users,OU=Groups,DC=contoso,DC=com" -addmbr
NOT
dsquery user "OU=User Accounts,DC=contoso,DC=com" |
dsmod group "CN=User Accounts,OU=Groups,DC=contoso,DC=com" -addmbr
|
Lenny Davis |
May 25, 2012 |
| Printed |
Page 208
3rd section 'The Default Computers Container' |
Sentence reads 'you cannot create an OU within a container so you cannot subdivide the Computers OU'. The Computers object type is 'container', it is not a OU.
|
Anthea Jack |
Mar 19, 2012 |
| Printed |
Page 227
Bottom |
The last section of the page "Creating Computers with NetDom" contains no information about netdom. Instead, text from the previous section about DSAdd is repeated here.
|
Jeremy Peake |
Apr 06, 2012 |
| Printed |
Page 227
Section titled "Creating Computers with NetDom" |
The section titled "Creating Computers with NetDom" does not contain any information regarding this command. Instead, it contains the corrected information for the section titled "Creating Computers with DSAdd" which was a result of the errata submitted by Chris on September 12, 2011, and supposedly "corrected" on February 17, 2012. The publisher placed the corrected information in the wrong section, and removed the instruction material for using NetDom to create computers in AD.
|
Derek Hansell |
Aug 04, 2012 |
| Printed |
Page 227
Creating Computers wtih NetDom Section |
The previously suggested corrections for the:
Creating Computers with DSAdd section
have been applied to the:
Creating Computers with NetDom section.
This has resulted in duplicate material for the DSAdd process, and no information at all for the NetDom process.
The text (page 228 - paragraphs above "Creating Computers with Windows PowerShell) also includes commentary unlikely to have been intended for inclusion in the instructions.
|
Victoria |
Jan 31, 2013 |
| Printed |
Page 227
From title: Creating Computers with NetDom |
Found in a revised and updated version with errata changes included (purchased 2013)
Under the Creating Computers with NetDom title the same text from above in the section titled Creating Computers with DSAdd repeats itself.
I have been also referring to an older PDF version of the 70-640 (2008 R2) and the NetDom section is correct in this.
Surprised to see this considering was correct in an older version.
Thanks.
|
Eli |
Feb 23, 2013 |
| Printed |
Page 227
United Kingdom |
CREATING COMPUTERS WITH NETDOM
The wording under this header is a copy of the wording under CREATING COMPUTERS WITH NETDOM, this is obviously wrong.
example wording should be:-
To use netdom, you must run the netdom command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
Syntax
netdom add <Computer> {/d: | /domain:} <Domain> [{/ud: | /userd:}[ <Domain>\]<User> {/pd: | /passwordd:}{ <Password>|*}] [{/s: | /server:} <Server>] [/ou: <OUPath>] [/dc] [/help | /?]
example
netdom add /d:devgroup.example.com mywksta /OU:OU=Dsys,OU=Workstations,DC=contoso,DC=com
Note:
If you do not specify the /ou parameter, netdom creates the account in the Computers container.
|
Paul McCherry |
Sep 24, 2013 |
| Printed, PDF |
Page 230
Exercise 4 |
The exercise instructs the user to perform the New-ADComputer cmdlet in Windows Powershell to add a computer named "DESKTOP154".
The command will fail at in the standard Powershell window. The user must either start the Active Directory Module for Windows Powershell, or run the 'import-module activedirectory' cmdlet first, in order for the command to work.
|
greenstarthree |
Sep 30, 2013 |
| Printed |
Page 260
Back up and Restore from Back up section |
Its specified that GPO links are also backed up, when backing up GPO. And can be restored, when restoring. That is not true. Links are part of the OU (gpLink attribute), and not the GPO itself.
|
Shabaz Hussain |
Jun 26, 2012 |
| PDF |
Page 261
GPO replication paragraph 3 |
If the reverse happens, and the GPO replicates to a domain controller before the GPC"
Shouldn't GPO here be GPT?
|
Ronan Fahy |
Feb 14, 2012 |
| PDF |
Page 261
4th paragraph |
The book says that the Group Policy Verification Tool (gpotool) is available at the Microsoft Download Center.
OK. No problem. But there is no version of gpotool for Windows Server 2008 and also for the R2.
The gpotool is part of the Windows Resource Kits for the Windows Server 2003, and there isn't a version for Windows Server 2008 R2. Also i need to say that this book is amazing and it is helping me so much!!!
|
Marcos Turato |
Jun 28, 2012 |
| PDF |
Page 269
Bottom of page |
Incorrect location given for the Policies folder when creating the central store.
The correct location is
\\contoso.com\SYSVOL\sysvol\contoso.com\Policies\
|
Jose |
Apr 12, 2012 |
| Printed |
Page 281
3rd paragraph |
When you say "A GPO that is applied later in the process, because it has higher precedence, overrides settings applied earlier in the process. This default order of applying GPOs is illustrate in Figure 6-8.". it's wrong. It's exactly the opposite. And also the figure confirm this.
|
Anonymous |
Dec 12, 2012 |
| Printed |
Page 281
3rd paragraph |
I've send you this wrong errata warning:
-----------------------------------------------------------------------------------------
"When you say "A GPO that is applied later in the process, because it has higher precedence, overrides settings applied earlier in the process. This default order of applying GPOs is illustrate in Figure 6-8.". it's wrong. It's exactly the opposite."
-----------------------------------------------------------------------------------------
The text is ok, sorry.
But the figure is wrong.
ERRATA:
GPO processing order for Contractors OU = 1,2,3,4,5
CORRECT:
GPO processing order for Contractors OU = 5,4,3,2,1
ERRATA:
GPO processing order for Laptops OU = 1,2,6,7
CORRECT:
GPO processing order for Laptops OU = 7,6,2,1
Otherwise, by reading the uncorrect text, it seems that first domain policy setting are applied, and local gpo's are applied later.
Thanks and sorry again.
|
Anonymous |
Dec 12, 2012 |
| Printed |
Page 281
3rd paragraph |
I was too tired, i don't know how to excuse me again. Please delete the warning from "anonymous" about page 281, 3rd paragraph, 12 Dec 2012. There aren't errors in this page.
Thanks.
|
Anonymous |
Dec 12, 2012 |
| Printed, PDF |
Page 286, 299
Note on page 286 and 299 Lesson Summary, fifth point |
The wrong crictical statement on page 286:
NOTE USE GLOBAL SECURITY GROUPS TO FILTER GPOs
GPOs can be filtered only with global security groups?not with domain local security groups.
Page 299 - Lesson Summary, fifth point - Only global security groups can be used to filter GPOs.
You could filter GPO with all 3 security group scopes (Domain Local, Global, Universal) in parent domain of Group. For Example, in test domain Adatum.com, 3 different GPOs, each filters with different Security Scope Group. All GPOs work fine and applied!
|
Alex |
Nov 11, 2013 |
| PDF |
Page 296
Point 7 |
There is
"Expand User Configuration\Policies\Administrative Templates\Control Panel"
Should be
"Expand User Configuration\Policies\Administrative Templates\Personalization"
|
PT |
Feb 21, 2012 |
| Printed, PDF |
Page 309
United Kingdom |
Excercise 2, no 5. Had to remove quotes for this command to work.
|
Lenny Davis |
May 26, 2012 |
| Printed, PDF |
Page 315
Practice 4 |
The suggested method to prevent a domain level GPO (CONTOSO Standards) from applying a screen saver by denying the computer account the Apply Group Policy permission, will not have the suggested/desired effect.
The domain level GPO is still inherited by the computer account and therefore one of it's GPOs. While the computer account is unable to apply the domain level GPO (as expected) the user that logs on WILL be able to apply the domain level GPO. Thus the screen saver policy will still take effect. This can be verified by explicitly denying a test user permission to apply the domain level GPO.
The computer OU either needs to block inheritance or otherwise not inherit the domain level GPO (i.e. move it to the user accounts OU). Alternatively overriding the settings for the screensaver in the computer OU GPO to 'disabled' would have the same effect as it has a higher precedence in this example (i.e. no enforcement).
In any of the mentioned situations, denying the computer account 'apply' permissions will have no real effect as the user is the security principle that provides authentication for GPO application.
|
Andrew Morgan |
Jan 01, 2013 |
| Printed, PDF |
Page 350
Exercise 5 |
Step 5 fails giving the same response as Step 4
Copy the .xml file to have the same name, but with the spaces removed, correct the parameter - still as Step 4
Remove the Quotes around the filename - It Works
Eg -
FAILS -
scwcmd transform /p:?DC Security Policy.xml? /g:?DC Security Policy?
FAILS -
scwcmd transform /p:?DCSecurityPolicy.xml? /g:?DC Security Policy?
WORKS -
scwcmd transform /p:DCSecurityPolicy.xml /g:?DC Security Policy?
Note: scwcmd.exe Version 6.1.7601.17514
|
Anonymous |
May 24, 2012 |
| PDF |
Page 409
Question 1 |
Question 1.
There is not correct answer, because questions are wrong.
The end of answer B should be ".... Default Domain Controllers Policy GPO".
|
PT |
Sep 19, 2012 |
| PDF, ePub, Mobi, , Other Digital Version |
Page 409
Question 1 |
All options, A/B/C/D, for question 1 mention defining an Audit Policy in the Default Domain Policy GPO, however as answers A and B mention auditing Account Logon Events, the setting should be defined in the Default Domain CONTROLLERS Policy GPO, as is suggested as a best practice in the Training Kit.
Answers A and B in question 1 should be changed to:
"... in the Default Domain Controllers Policy GPO."
|
Adam Throp |
Oct 27, 2013 |
| Printed, PDF |
Page 414
United Kingdom |
Under Heading "Running ADPrep /RODCPrep"
If you are upgrading an existing forest to include domain controllers running Windows Server 2008 or Windows Server 2008 R2, you must run ADPrep /RODCPrep
Shouldn't this read Windows server 2003, as per steps on bottom of page 412?
|
Lenny Davis |
May 27, 2012 |
| PDF |
Page 425
5th paragraph |
on page 425 5th paragraph the autor writes about Managed Service Accounts:
After you create a domain account for a service, you can assign the account to the service on more than one system. For example, an enterprise backup service can be configured to run on multiple servers under a single domain account.
MSA can be linked only to one computer at time, as described by the autor on page 429 2nd paragraph:
Each managed service account can be used on only one computer. Services on multiple computers cannot use a single managed service account
|
Bruno Centonze |
Dec 26, 2013 |
| Printed |
Page 475
After point 23 of excersize 4 |
After point 23 of excersize 4, the final DS should be created, but I get the error "Directory Configurationm Information indicates that the domain "northwindtraders.com" already exist. Do you want to reinstall the domain?... If I select "yes", this message is coming back over and over; if I select "No", the generation of DS is aborted. I'm running SERVER10 and SERVER20 on MS HYPER-V, and they can communicate with eachother (configured both servers with static IPs in the same IP-Range..). I tried to find known issues about this, but could not find anything. Did I miss something, or is this issue unknown to you?
Thanks
Rienus van Hees
Switzerland
|
Rienus van Hees |
Mar 23, 2012 |
| Printed |
Page 475
After point 23 of excersize 4 |
I just found out how to solve the problem; I justed the same MS HYPER-V VHD Files to "clone" the servers used in the excersize.
"This problem occurs when you are using cloned virtual machines that have the same SID. You can renew your SID using a tool. Please consult this website: http://technet.microsoft.com/en-us/s.../bb897418.aspx
Could be interesting to notice ;-)
Greetings
Rienus van Hees
|
Anonymous |
Mar 23, 2012 |
| Printed, PDF |
Page 500
Step 11 |
On Step 11, the command line is
dnscmd /config /enableglobalnamessupport 1
The correct statement should be
dnscmd <servername> /config /enableglobalnamessupport 1
where <servername> is SERVER10, SERVER20, SERVER30
|
Tom Lam |
Oct 21, 2013 |
| Printed |
Page 508
Line 3, first paragraph. |
"...and a member server named SERVER02, with a full installation of Windows Server 2008 R2."
At the beginning of the book we do a core installation of SERVER02, so this line left me a bit confused because there's a clear distinction between "Full Installation" and "Server Core Installation" in the Windows 2008 R2 setup. SERVER02 is removed in Exercise 4, Chapter 2, Lesson 2 but due to the naming of the server (SERVER02) it did slightly confuse me until I saw the actual exercises for Chapter 10.
Perhaps it could be more clear to some future readers if this particular full installation was renamed to something other than SERVER02.
|
Aray Gerami |
May 28, 2012 |
| Printed, PDF |
Page 523
United States |
To perform this exercise, you need a second server running Windows Server 2008 full installation. The server must be named SERVER02, and it should be joined to the contoso.com
domain. Its configuration should be as follows:
- Computer Name: SERVER02
- Domain Membership: contoso.com
- IPv4 address: 10.0.0.12
- Subnet Mask: 255.255.255.0
- Default Gateway: 10.0.0.1
- DNS Server: 10.0.0.11
The problem is that this exercise should be performed on a member server, not a domain controller. Running dcpromo on a domain controller will not allow you to create an answer file, it will demote the domain controller.
|
Hank Lambert |
Sep 09, 2012 |
| Printed, PDF |
Page 525
Exercise 2 Step 5 |
The command does not appear to work. I receive the error:-
"You must supply the name of the domain to which this user account belongs"
I have copied and pasted the command from the Adobe file into Notepad and ensured it's one big line.
|
Lenny |
May 31, 2012 |
| Printed |
Page 537
Step 6. |
Wrong syntax:
Should be naming master instead of domain naming master
|
J?n Arnar |
Feb 22, 2012 |
| Printed |
Page 601
Chapter summary |
Within a site, domain controllers replicate quickly, using a topology generated by the Knowlegde Consistency Checker (KCC), which is adjusted dynamically to ensure effective intersite replication.
Intersite replication should be intrasite replication.
|
Ren? V?gler |
Jan 20, 2013 |
| Printed |
Page 607
NOTE section, bottom of the page. |
The author states, "It's important to note that raising a functional level is a one-way operation: you cannot lower a domain or forest functional level."
Starting with 2008 R2 you can indeed roll back, but only as far as Windows Server 2008 DFL and FFL. You cannot roll back any earlier than Windows Server 2008 and you would need to be at Windows 2008 R2 (or higher) DFL or FFL in order to roll back. An additional requirement is that you have not enabled the Active Directory Recycle Bin.
http://technet.microsoft.com/library/understanding-active-directory-functional-levels(v=WS.10).aspx
http://social.technet.microsoft.com/wiki/contents/articles/850.how-to-revert-back-or-lower-the-active-directory-forest-and-domain-functional-levels-in-windows-server-2008-r2.aspx
|
Russell Halfar |
Feb 17, 2014 |
| Printed, PDF |
Page 609
2nd and 3rd paragraph |
The second paragraph lists the following supported OS's
The Windows 2000 Native domain functional level
===============================================
Supported operating systems:
Windows 2000 Server
Windows Server 2003 ******************
Windows Server 2008
Windows Server 2008 R2
##################################################
The third paragraph lists the following supported OS's
Windows Server 2003 domain functional level
===============================================
Supported operating systems:
Windows Server 2003 ******************
Windows Server 2003 R2 ******************
Windows Server 2008
Windows Server 2008 R2
##################################################
It is very unlikely that "Windows Server 2003 R2" is not supported in "Windows 2000 Native" domain functional level so it should either not have been mentioned in paragraph 3 or it should have been mentioned in paragraph 2, to mention it in one but not in the other is misleading.
On this Microsoft Technet web page:
http://technet.microsoft.com/en-us/library/understanding-active-directory-functional-levels%28v=ws.10%29.aspx
Windows Server 2003 is the only "2003" server OS mentioned, they choose not to mention 2003 R2.
Hope this helps someone.
Rob. (Scotland)
|
Robert Brown |
Apr 16, 2012 |
| PDF |
Page 609
1st paragraph |
Explanation of 'lastLogonTimestamp' attribute in Windows 2003 functional level states that this attribute is replicated within the domain. This is not true - each DC maintains its own value of this attribute and does not replicate it.
|
Rastislav Habala |
Jun 21, 2012 |
| Printed |
Page 611
Top of the page "IMPORTANT ONE-WAY OPERATION" |
Author states, "Raising the domain functional level is a one-way operation. You cannot roll back to a previous domain functional level."
This is true for all functional levels prior to Windows Server 2008 R2. Starting in R2 you can revert back only as far as Windows Server 2008 DFL or FFL.
http://technet.microsoft.com/library/understanding-active-directory-functional-levels(v=WS.10).aspx
Refer to the section called "Guidelines for raising domain and forest functional levels" and in particular note the "Rollback options" in the 2 tables. One table addresses Current domain functional level while the other table addresses Current forest functional level.
Step-by-Step how-to...
http://social.technet.microsoft.com/wiki/contents/articles/850.how-to-revert-back-or-lower-the-active-directory-forest-and-domain-functional-levels-in-windows-server-2008-r2.aspx
|
Russell Halfar |
Feb 17, 2014 |
| Printed, PDF |
Page 617
Question 3, option C |
On question 3, option C, it should say 'domain' rather than 'forest'.
Fine grained password polices only require 2008 domain functional level.
Note that the answer for this question displays 'domain' in the latest printing. However the latest PDF that came with the latest printing has the answer including the word 'forest', and the older printed texts have 'forest'.
Answers are on page 953.
The latest printed edition we have has the date:
[2011-09-23]
Printed on the 4th page of the book.
|
Chris Harrow |
Mar 26, 2012 |
| Printed |
Page 619
Figure 12-3 |
The child domain in Figure 12-3 is shown as CORP.CONTSO.COM. It is expected to be CORP.CONTOSO.COM so that it is an accurate depiction of the Forest structure in the picture.
|
Tim |
May 20, 2013 |
| Printed |
Page 712
Working with Windows Reliability Monitor |
I'm not sure if I am doing something wrong. The issue may be that I am using Windows Server 2008 R2 and the text is reflecting instructions for (and showing screenshots of) Windows Server 2008. In my installation of R2 I am not finding Reliability Monitor "located under the Diagnostic\Reliability and Performance\Monitoring Tools node in Server Manager"
"Reliability and Performance" appears to have been replaced with "Performance"
I have Performance Monitor listed under Monitoring Tools, but Reliability Monitor is absent.
The tool can still be accessed by typing "reliability" into the START searchbox, or by going through Control Panel and clicking the link for "View Reliability History" in Action Center.
|
Russell Halfar |
Feb 18, 2014 |
| Printed |
Page 845
Table 16-1 |
Processor requirment is written
"One Pentium, 4.3 GHz or higher "
under both the requirement and recommended columns.
It should be
" One Pentium 4, 3 GHz or higher "
|
Anonymous |
Nov 11, 2012 |
| Printed, PDF |
Page 923
at the top of the page, answer D to question 1 of lesson 1 |
at the page 923 , at the top of the page, answer D to question 1 of lesson 1 ,
" D. Incorrect: DSMOD USER with the -p switch can be used to reset a user?s password; however...... ".
this sentence has problem and will lead to mislearn. change it to
" D. Incorrect: DSMOD USER UserDN -pwd -u -p switch can be used to reset a user?s password; however...... ".
|
hamed zargham |
Feb 19, 2012 |
| PDF |
Page 925
Lesson 3 Question 1 |
The book says that answer 'a' is incorrect because the users are in two OUs. However, you can update the description field on objects that are in different OUs as along as you do it from the query section of ADUC.
In fact, this is the only field that you can update from the queries section which made this question seem as if it were testing for knowledge of that fact.
|
Abraham Guerrero |
Jun 29, 2012 |
| Printed |
Page 925
Lesson 3 Question 1 |
I add a detail to errata reported by Abraham Guerrero. If the answer 'a' was really incorrect, It's necessary to correct also the section "Managing Attributes of Multiple Users" at page 128 because it's written
"Be certain that you select only objects of one class, such as users" and not "Be certain that you select only objects of one class and of one OU"
|
Anonymous |
Mar 25, 2013 |
| PDF |
Page 929
Question 3 |
Wrong answer.
The right answare should be A,B,C,D.
Members of Account Operators group can log on locally to domain controllers in the domain and shut them down.
|
PT |
Feb 13, 2012 |
| Printed, PDF |
Page 929
Case Scenario, Answer 3 |
The case scenario mentioned that "Several interns are currently working in the Marketing department, and you want to prevent them from gaining access" to the shared folders for Sliced Bread.
However, in Answer 3 of the case scenario solution it appears this requirement hasn't been addressed, as it suggests granting write access to the whole Marketing group.
Would the solution be to put in place a third, "Deny" domain local group and put selected Marketing interns in there?
|
Paul C |
Mar 25, 2012 |
| Printed, PDF |
Page 929
Lesson 3, Answer 3 |
Replace "does not have" for "has"
A. Correct: Account Operators does not have the right to shut down a domain controller.
Should be:
A. Correct: Account Operators has the right to shut down a domain controller.
|
Danny |
Sep 13, 2012 |
| Printed |
Page 929
Chapter 4, Lesson 3, Question 3 |
The book states the following:
3. Correct Answers: A, B, C, and D
A. Correct: Account Operators does not have the right to shut down a domain controller.
B. Correct: Print Operators has the right to shut down a domain controller.
C. Correct: Backup Operators has the right to shut down a domain controller.
D. Correct: Server Operators has the right to shut down a domain controller.
E. Incorrect: The Interactive special identity group does not have the right to shut down a domain controller.
Instead of:
3. Correct Answers: B, C, and D
A. Incorrect: Account Operators does not have the right to shut down a domain controller.
B. Correct: Print Operators has the right to shut down a domain controller.
C. Correct: Backup Operators has the right to shut down a domain controller.
D. Correct: Server Operators has the right to shut down a domain controller.
E. Incorrect: The Interactive special identity group does not have the right to shut down a domain controller.
Hope this helps.
|
Anonymous |
Nov 03, 2012 |
| PDF |
Page 933
Lesson 2 Answare 1 |
I think correct answer should be only C.
Answer B - blocking inheritance on the OU contains all users in the Domain Admins group we prevent ALL policy settings from applying to those users, not the only Northwind Lockdown.
|
PT |
Jul 20, 2012 |
| Printed, PDF |
Page 941
Chapter 8, Lesson 1, Question 1 (answer) |
The answer to the question states:
1. Correct Answers: C, D, and E
A. Incorrect: The password policies in the Default Domain Policy GPO define policies for all users in the domain, not just for service accounts.
However, In the question itself (pg 403) it states:
" Your Active Directory domain includes an OU called Service Accounts that contains all user accounts."
Surely, changing the Default Domain Policy to require passwords with 40 characters is the simplest and most effective method here.
All user accounts are in the Service Accounts OU, ergo the question is asking to change the password policy for all User accounts. Why go to the extent of creating fine-grained policy, that then applies to all users?
|
Phil Burchell |
Jun 18, 2013 |
| PDF |
Page 944
Case scenario 2, answer 1 |
The answer number 1 says :
Ensure that all domains are at the Windows Server 2003 domain functional level and that
the forest is at the Windows Server 2003 forest functional level. On the schema master,
run Adprep /rodcprep. Upgrade at least one Windows Server 2003 domain controller to
Windows Server 2008.
The question says thet the DC are 2003, so before you can promote a windows 2008 to DC, you need to run adprep /forestprep and adprep /domainprep, so three adprep needed to add a RODC.
|
Fabio Maccari |
Sep 18, 2012 |
| PDF |
Page 10000000
HOSUR |
|
Anonymous |
Jan 24, 2014 |