CertCities.com -- The Ultimate Site for Certified IT Professionals
Free CertCities.com Newsletter via E-mail Share share | bookmark | e-mail
  Microsoft®
  Cisco®
  Security
  Oracle®
  A+/Network+"
  Linux/Unix
  More Certs
  Newsletters
  Salary Surveys
  Forums
  News
  Exam Reviews
  Tips
  Columns
  Features
  PopQuiz
  RSS Feeds
  Press Releases
  Contributors
  About Us
  Search
 

Advanced Search
  Free Newsletter
  Sign-up for the #1 Weekly IT
Certification News
and Advice.
Subscribe to CertCities.com Free Weekly E-mail Newsletter
CertCities.com

See What's New on
Redmondmag.com!

Cover Story: IE8: Behind the 8 Ball

Tech-Ed: Let's (Third) Party!

A Secure Leap into the Cloud

Windows Mobile's New Moves

SQL Speed Secrets

CertCities.com
Let us know what you
think! E-mail us at:
 
 
...Home ... Editorial ... Tips ..Tips Article Friday: April 4, 2014


My Top Top 10 Study Tips for the Designing a Win2K Directory Services Exam (70-219)
Greg Neilson walks you through the major study points for this MCSE Win2K exam.

by Greg Neilson

5/16/2001 -- This exam is an elective for the Windows 2000 MCSE stream and tests your knowledge of Active Directory design concepts in applying them to specific design scenarios. In this exam you won't get the same detailed technical treatment as you would during the Win2K MCSE core exams, but at the same time this isn't an exam you can fake it through. In order to pass you will need a good knowledge of AD design concepts and be able to apply them to the situations presented. Here is my list of top 10 tips for this exam:

1. Understand the New Exam Format
 Microsoft's design exams use a scenario-based exam format that you need to be familiar with before you take the exam. Fortunately there are a couple of resources on Microsoft's Web site that can assist. Click here for a sample exam for these new kind of questions. Click here for a FAQ relating to the question format.
The exam itself has four scenarios, each with approximately 10 related questions to answer. The amount of text you will need to read is very, very large (see tip #2) -- the last thing you want to do is waste time trying to understand the question formats.

2. Take Good Notes During the Exam
 As you read your way through each case study, make good use of the writing paper supplied at the testing center. There is so much to read in each of the four case studies that you can't afford the time to read the case study again completely when attempting to answer every question. Of course, you may be forced to do this due to the unexpected nature of some of the questions, but it would be handy to be able to refer to your notes. As you read through the case study, keep track of the relevant factors in the information provided that will affect your AD design. Much of the design rules of thumb you'll need to consider are presented in the next few points.

3. See the Forest Through the Trees
 As you probably know, both forests and trees are domains in Win2K. Obviously, for this exam you need to know the difference between the two.

A tree features a contiguous namespace -- that is, all lower-level domains are based on the name of the root domain. For example, in a given tree you might have mycompany.com as the root domain, with eng.mycompany.com and mktg.mycompany.com as the lower domains. In contrast, if you have two domains called mycompany.com and yourcompany.com, these can't be in the same tree and would need to be in a forest instead.

A forest is a collection of one of more AD trees. Automatically each domain in a forest has a two-way trust with every other domain in the forest. If this isn't satisfactory and you need to have more control over trusts created between domains, then you need to put these domains into different forests.

Similarly, each forest has a common schema, which is only updateable by members of the Schema Admins group in the root domain of the forest. Conversely, if you need to have different schemas then this means you must be considering different forests.

Know both in and out before attempting to sit this exam.

4. Always Start with a Single Domain
 As a starting point with any network design, look to use a single domain. This is both the preferred and simplest option.

Domains were the building block of Windows NT. All changes in account details in the domain and are replicated to all domain controllers in the domain. If the underlying network isn't able to handle the replication traffic along a relatively slow link, then this may mean that you need to create smaller domains so that this link isn't wasted with domain replication traffic.

Account polices, audit policies and Kerberos ticket policies are configured at the domain level, which means that if you need different policies in these areas then you are considering multiple domains. Also, you may have multiple domains if you upgrade in place from NT 4.0. One option you typically might consider when upgrading is to convert your existing NT 4.0 resource domains into OUs. This reduces the number of domains to support (and keep in mind each additional domain costs more and more resources) and instead you can delegate admin control of those resources to the OU.

5. See the Sites
 If you have worked with Exchange in the past, then this concept of sites will be familiar to you already. If not, here's the lowdown: A site is one or more TCP/IP subnets that are connected by a permanent high-speed link. Exactly how fast is not often directly specified, but clearly a 56Kbps link is not and a 1.5Mbps link could be, depending on the existing link usage. Look for something close to LAN speeds (say 10Mbps) as a rule of thumb when looking at whether or not the two connected subnets can be part of the same site.

Within a site, communications between domain controllers are configured automatically. You need to explicitly configure links between sites.

6. Remember Domain Controller Redundancy
 Domain controllers are, of course, used to process logons to AD. You would typically design for at least one domain controller per site to ensure responsive logons. For redundancy purposes, it is also a good idea to have at least two domain controllers per domain.

7. Know the What, When and Why of Operations Masters
 You need to know what each of these actually do, then which are per-forest (schema master and domain naming master) and which are per-domain (infrastructure master, RID master and PDC emulator). Don't forget that because these are AD functions, all operations masters must already be domain controllers. The infrastructure master, which maintains user to group to user references, is typically the most loaded server, so it is recommended NOT to place this on the same server as the Global Catalog.

8. DNS, DNS and More DNS!
 Active Directory needs DNS in order to operate, so you are going to need a good grasp of your options when considering DNS. Whatever DNS you use, it needs to be able to support SRV resource records so that your servers can be located, and also preferably dynamic DNS as well.

For this exam, you need to know whether an existing DNS is available for the company, and whether it can use SRV records and DDNS (UNIX hosts need to use BIND 8.2.1 and above to support this). If it doesn't support these or can't be reasonably upgraded, then an option is to delegate a subdomain that is used by AD and hosted on Win2K servers. This subdomain can then support DDNS and SRV records. For example, you might have to create a subdomain called win2k.mycompany.com.

Another decision point is whether you have an Internet presence and whether your internal DNS should share the same name as the external DNS. If they are, this makes things easy for the users to access the company Web site on the Internet, but makes more work for the firewall configuration. If the names are different, your users will be confused about having to access, for example, www.mycompany.com for the external site and www.myco.com for the internal site.

9. Roll Out the Organizational Units (OUs)
 These allow us to delegate the management of users and computers to others, and can also be used to hide the existence of objects. By and large, your OU design will follow your admin model --- which can be by location, function, organization or a hybrid of these. OUs are an administration construct, so you needn't worry about users having to navigate your OU structure to locate resources. OUs are also useful when using Group Policy to make changes to multiple users or computers.

As an aside, one of the many differences between Microsoft's OUs in AD and Novell's OUs in NDS is that, in NDS, you can assign rights to the OU, which then means that all users within the OU then have these rights as well (since an object is always the security equivalent of the container object in which it belongs). Unfortunately, AD uses groups for this instead of OUs, so you can't assign rights to an OU in Windows 2000 and expect these to be available to the objects contained within it.

10. Read the Windows 2000 Server Resource Kit
 Regardless of what study resource you use, I would recommend you check out two chapters from the Windows 2000 Server Resource Kit, Deployment Planning Guide: Chapter 9 (Designing the Active Directory Structure) and Chapter 10 (Determining Domain Migration Strategies ). These are good summaries of the task at hand in producing your AD design. The MOC for course 1561 is also worth viewing -- it has a number of decision trees that are worth memorizing for making your key design decisions, such as for DNS.

Well, there we have it. This should be a good start for your exam preparations. Good luck!

Greg Neilson, MCSE+Internet, MCNE, PCLP, is a Contributing Editor for Microsoft Certified Professional Magazine and a manager at a large IT services firm in Australia. He's the author of Lotus Domino Administration in a Nutshell (O'Reilly and Associates, ISBN 1-56592-717-6). You can reach him at Attn: Greg.
More articles by Greg Neilson:

There are 41 CertCities.com user Comments for “My Top Top 10 Study Tips for the Designing a Win2K Directory Services Exam (70-219)”
Page 1 of 5
6/30/01: Anonymous says: Great article. I am just a pup as I am preparing for 70-210, but I put this in my study material for later reference. Thanks
12/22/01: udaya says: iam happy
4/6/02: NDS from Long Island says: Took this one yesterday .........PASSED You need to be prepared for this one. The scenario based questions are tough to extract the data they are looking for from. All in all if you know FSMO roles, and GPO you should do alright.
12/13/02: nilesh from india says: pl. send me the free product nad new realeted to this.
12/30/02: Anonymous says: v.Good
1/15/03: Cris Cusack from New York City says: Thanks, Greg, for this terrific article. But what is a MOC and how do I get hold of the one you mention?
1/17/03: Becky Nagel from Editor, CertCities.com says: Hi Cris -- Sorry, we should have spelled that out in the article. MOC is Microsoft Authorized Curriculum. I'm not sure if you have to take a training class to get this...I'll check with Greg when he gets back from vacation. If anyone knows in the meantime, please post! -- Becky
2/10/03: Claus Liebl from Germany - Munich says: Hi Cris, Becky, I took the training. From my point of view you need not to take the course. I saw that the MOC-book is very good to prepare. Especially the CD "eLearning" is very good. It contains the complete course material plus interactive questions after each lesson. For this exam I guess it is the most important to learn the 70-217 course. Not just to learn... also to understand it. Then I think the test for designing is passable without big problems. Anyway DNS and Group Policy are the central points in both of the tests. By the way, Becky, your article is great ;-))
4/25/03: mohammad from tehran says: iam all tips for passing the microsoft windows 2000 server (plese) here you are
5/26/03: sachin from mumbai says: please supply me lotus domino 5 system administratin guides as i am preparing for exams
First Page   Next Page   Last Page
Your comment about: “My Top Top 10 Study Tips for the Designing a Win2K Directory Services Exam (70-219)”
Name: (optional)
Location: (optional)
E-mail Address: (optional)
Comment:
   

-- advertisement (story continued below) --

top
Home | Microsoft® | Cisco® | Oracle® | A+/Network+" | Linux/Unix | MOS | Security | List of Certs
Advertise | Contact Us | Contributors | Features | Forums | News | Pop Quiz | Tips | Press Releases | RSS Feeds RSS Feeds from CertCities.com
Search | Site Map | Redmond Media Group | TechMentor Conferences | Tech Library Webcasts
This Web site is not sponsored by, endorsed by or affiliated with Cisco Systems, Inc., Microsoft Corp., Oracle Corp., The Computing Technology Industry Association, Linus Torvolds, or any other certification or technology vendor. CiscoÆ and Cisco SystemsÆ are registered trademarks of Cisco Systems, Inc. Microsoft, Windows and Windows NT are either registered trademarks or trademarks of Microsoft Corp. OracleÆ is a registered trademark of Oracle Corp. A+Æ, i-Net+T, Network+T, and Server+T are trademarks and registered trademarks of The Computing Technology Industry Association. (CompTIA). LinuxT is a registered trademark of Linus Torvalds. All other trademarks belong to their respective owners.
Reprints allowed with written permission from the publisher. For more information, e-mail
Application Development Trends | Campus Technology | CertCities.com | The Data Warehousing Institute
E-Gov | EduHound | ENTmag.com | Enterprise Systems | Federal Computer Week | FTPOnline.com | Government Health IT
IT Compliance Institute | MCPmag.com | Recharger | Redmond Developer News | Redmond | Redmond Events | Redmond Channel Partner | Redmond Report
TCPmag.com | T.H.E. Journal | Virtualization Review | Visual Studio Magazine | VSLive!
Copyright 1996-2009 1105 Media, Inc. See our Privacy Policy.
1105 Redmond Media Group