Active Directory

Question 1

What PowerShell cmdlet gets the resultant password replication policy for an account?

Answer 1

The Get-ADAccountResultantPasswordReplicationPolicy cmdlet

Question 2

While the graphical version of dcpromo.exe has been deprecated in Windows Server 2012, what command line function of dcpromo.exe can you still perform in Windows Server 2012 R2?

Answer 2

You can still run dcpromo /unattend from a command prompt, and perform unattended installations

Question 3

What tools can you use to view the contents of a mounted Active Directory snapshot?

Answer 3

Active Directory Users and Computers (DSA.msc), ADSIEDIT.msc, or LDP.exe

Question 4

What setspn.exe command is used to delete an SPN?

Answer 4

the setspn -d command

Question 5

What GUI tool will allow you to enable the Active Directory Recycle Bin?

Answer 5

Active Directory Administrative Center

Question 6

In what location is a sample DCCloneConfig.xml file that can be edited and used for cloning?

Answer 6

%windir%\system32

Question 7

What command is used to mount a snapshot?

Answer 7

ntdsutil

Question 8

Why should you use the CustomDCCloneAllowList.xml file when cloning a virtual domain controller?

Answer 8

This file is required if there are applications or services that were not recognized by the system as supporting cloning, and therefore were not added to the DefaultDCCloneAllowList.xml file

Question 9

Which forest functional level is required to enable the Active Directory Recycle Bin?

Answer 9

Windows Server 2008 R2 or higher

Question 10

Which type of account in Windows Server 2008 R2 and above is a “managed local account” that provides the ability to access the network with a computer identity in a domain environment with no password management required?

Answer 10

virtual account