MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory® comments and corrections

Article ID: 955243 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

This article contains comments, corrections, and information about known errors relating to the Microsoft Press book MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server 2008 Active Directory, 978-0-7356-2513-6.

The following topics are covered:

  • Page 28: dns should be dnsserver
  • Page 28: Steps 4 and 7 contain incorrect command switches
  • Page 29: Command incorrect
  • Page 90: Command line incorrect
  • Page 92: Incorrect information regarding LDIFDE
  • Page 94: "%username%" should be "$username$"
  • Page 94: Command line incorrect
  • Page 95: Three should be two
  • Page 112: Command incorrect
  • Page 121: "user" missing from command
  • Page 122: "%username%" should be "$username$"
  • Page 122: DSMOD should be DSQUERY
  • Page 122: dsget example is incorrect and needs to be replaced
  • Page 123: Parenthesis missing from VBScript example
  • Page 124: "office" should be "physicalDeliveryOfficeName"
  • Page 127: Unnecessary space in script
  • Page 127: Code example is missing a line of code to function correctly
  • Page 133: Incorrect information regarding deleting and creating user accounts
  • Page 137: "Chapter" should be "Lesson"
  • Page 152: "Options" should be "Object Types"
  • Page 155: Sales group already exists
  • Page 156: "Distribution" should be "Security"
  • Page 165: Command in Step 4 is incomplete
  • Page 174: "OU" should be "name"
  • Page 184: Group scopes incorrect
  • Page 198: Figure 5-4 is incorrect
  • Page 198: Reference to Dsacls.exe should be removed
  • Page 209: "Create and Manage a Custom MMC" should be "Automate Importing and Creating Computer Objects"
  • Page 214: "value" misplaced in code sample
  • Page 215: TargetOUDN should be ComputerDN and vice versa
  • Page 239: "GPME" should be "GPMC"
  • Page 261: "No Override" should be "Enforced"
  • Page 265: GPME should be GPMC
  • Page 265: "class" should be "namespace"
  • Page 266: Incorrect result description of a setting
  • Page 273: computer should be user
  • Page 275: Additional steps needed
  • Page 280: "Gpupdate.exe" should be "Ggpresult.exe"
  • Page 294: "Computer Configuration\" should be "Computer Configuration\Policies\"
  • Page 346: 5136 should be 4662
  • Page 364: "Security Settings" should be "Windows Settings\Security Settings"
  • Page 365: "DomainAdmins" should be "Domain Admins"
  • Page 383: "Ddsmgmt.exe" should be "dsmgmt.exe"
  • Page 400: Figure 9-3 uses an incorrect header
  • Page 416: Question 5 in Quick Check needs to be removed
  • Page 470: "performed by" missing
  • Page 471: "attache" should be "attach"
  • Page 518: "TCP" should be "UDP"
  • Page 522: "object" and "attribute" need to be reversed
  • Page 566: "forest" should be "domain"
  • Page 620: "Dsbutil.exe" should be "DSDButil.exe"
  • Page 621: Description of Repadmin.exe tool incorrect
  • Page 624: Incorrect information regarding AD DS features
  • Page 649: Incorrect guidance for restoring a DC from a snapshot
  • Page 656: Backslash needs to be removed before command
  • Page 656: NTDS should be originalntds
  • Page 672: resources should be utilization
  • Page 797: private should be public
  • Page 853: 433 should be 443
  • Page 859: "Token Signing Certificate" should be "Server Authentication"
  • Page 862: Minimize should be removed
  • Page 863: Claimapp should be claimapplication01
  • Page 882: Answers marked as correct are incorrect
  • Page 882: Answer marked as correct is incorrect
  • Page 884: Answer A should be correct
  • Page 888: On page 888, the answer to question 2 is incorrect
  • Page 909: "forest" should be "domain"
  • Page 910: Answer C should be incorrect
Back to the top | Give Feedback

MORE INFORMATION

Page 28: dns should be dnsserver

On page 28, the command given in step 2 of exercise 2 is incorrect.

Change:
"netsh interface ipv4 set dns name="Local Area Connection""

To:
"netsh interface ipv4 set dnsserver name="Local Area Connection""

Page 28: Steps 4 and 7 contain incorrect command switches

On page 28, steps 4 and 7 in Exercise 2 include invalid command line swtiches for the shutdown command.

Change:
"4. Restart by typing shutdown –r –t 0."

To:
"4. Restart by typing shutdown /r /t0."

Change:
"7. Restart by typing shutdown –r –t 0, and then log on again as Administrator."

To:
"7. Restart by typing shutdown /r /t0, and then log on again as Administrator."

Page 29: Command incorrect

On page 29, in Step 3 of Exercise 3 the command to add and configure the AD DS role is partially incorrect.

Change:
"dcpromo /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:contoso.com /ConfirmGC:Yes /UserName:CONTOSO\Adminsitrator /Password:* /safeModeAdminPassword:P@ssword"

To:
"dcpromo /unattend /replicaornewdomain:replica /replicaDomainDNSName:contoso.com /ConfirmGC:Yes /UserName:Administrator /userDomain:Contoso /Password:* /safeModeAdminPassword:P@ssword"

Page 90: Command line incorrect

On page 90, the first line of the command under the third paragraph is incorrectly formatted.

Change:
"DN,objectClass,sAMAccountName,sn,givenName,userPrincipalName"

To:
"DN,objectClass,sAMAccountName,givenName,sn,userPrincipalName"

Page 92: Incorrect information regarding LDIFDE

On page 92, the 4th line down in the Exam Tip box includes incorrect information about importing passwords.

Change:
"Neither command enables you to import a user’s password."

To:
"LDIFDE is the only command that enables you to import a user's password."

Page 94: "%username%" should be "$username$"

On page 94, in the command under Step 2 an incorrect token is used.

Change: 
dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"
-samid mike.fitz –pwd * -mustchpwd yes –hmdir
\\server01\users\%username%\documents -hmdrv U:

To: 
dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"
-samid mike.fitz –pwd * -mustchpwd yes –hmdir
\\server01\users\$username$\documents -hmdrv U:

Page 94: Command line incorrect

On page 94, the first line of the command under Step 1 is incorrectly formatted.

Change:
"DN,objectClass,sAMAccountName,sn,givenName,userPrincipalName"

To:
"DN,objectClass,sAMAccountName,givenName,sn,userPrincipalName"

Page 95: Three should be two

On page 95, the second sentence of step 5 refers to three users rather than two.

Change:
"The three users are imported."

To:
"The two users are imported."

Page 112: Command incorrect

On page 112, the command under Step 7 is misspelled and will not function.

Change:
"set-exceutionpolicy remotesigned"

To:
"set-executionpolicy remotesigned"

Page 121: "user" missing from command

On page 121, the first full command on the page is missing the word "user".

Change: 
dsmod "cn=Tony Krijnen,ou=People,dc=contoso,dc=com" –office "Amsterdam"

To: 
dsmod user "cn=Tony Krijnen,ou=People,dc=contoso,dc=com" –office "Amsterdam"

Page 122: "%username%" should be "$username$"

On page 122, the second full command and fourth full paragraph down contain an incorrect token.

Change:
"
dsquery user "ou=People,dc=contoso,dc=com" | dsmod user
-hmdir "\\server01\users\%username%\documents" –hmdrv "U:"
As mentioned in Lesson 1, the special %username% token can be used to represent the sAMAccountName of user objects when using DS commands to configure the value of the -email, -hmdir, -profile, and -webpg parameters."

To:
"
dsquery user "ou=People,dc=contoso,dc=com" | dsmod user
-hmdir "\\server01\users\$username$\documents" –hmdrv "U:"
As mentioned in Lesson 1, the special $username$ token can be used to represent the sAMAccountName of user objects when using DS commands to configure the value of the -email, -hmdir, -profile, and -webpg parameters."

Page 122: DSMOD should be DSQUERY

On page 122, the first sentence of the third paragraph is incorrect.

Change:
"The DSMOD USER command searches Active Directory for users whose names end with Mitchell."

To:
"The DSQUERY USER command searches Active Directory for users whose names end with Mitchell."

Page 122: dsget example is incorrect and needs to be replaced

On page 122, the dsget example at the bottom of the page is not correct and needs to be replaced.

Change:
"To display the pre-Windows 2000 logon names of all users in the Sydney office, use this command: dsquery user –office "Sydney" | dsget user –samid"

To:
"To display the pre-Windows 2000 logon names of all users whose description is "Accountant," use this command: dsquery user -desc "Accountant" | dsget user -samid"

Page 123: Parenthesis missing from VBScript example

On page 123, the first VBScript example at the top of the page is missing the closing parenthesis.

Change: 
Set objUser=GetObject("LDAP://cn=Jeff Ford,ou=People,dc=contoso,dc=com"

To: 
Set objUser=GetObject("LDAP://cn=Jeff Ford,ou=People,dc=contoso,dc=com")

Page 124: "office" should be "physicalDeliveryOfficeName"

On page 124, the last 2 VB script examples on the page are incorrect.

Change: 
$objUser.PutEx(1, "office", 0)
$objUser.SetInfo()

To:
$objUser.PutEx (1, "physicalDeliveryOfficeName", 0)
$objUser.SetInfo()

Change:
objUser.PutEx 1, "office", 0
objUser.SetInfo()

To: 
objUser.PutEx 1, "physicalDeliveryOfficeName", 0
objUser.SetInfo()

Page 127: Unnecessary space in script

On page 127, the 3rd script example from the bottom contains an unneccesarry space.

Change: 
$objUser=[ADSI]”LDAP://UserDN”
$objuser.psbase.InvokeSet(‘Account Disabled’ ,$true)
$objuser.SetInfo()

To: 
$objUser=[ADSI]”LDAP://UserDN”
$objuser.psbase.InvokeSet(“AccountDisabled” ,$true)
$objuser.SetInfo()

Page 127: Code example is missing a line of code to function correctly

On page 127, the VBScript code example near the bottom of the page is missing a line of code.

Change: 
Set objUser = GetObject("LDAP://UserDN")
objUser.AccountDisabled=TRUE

To: 
Set objUser = GetObject("LDAP://UserDN")
objUser.AccountDisabled=TRUE
objUser.SetInfo()

Page 133: Incorrect information regarding deleting and creating user accounts

On page 133, the first sentence in the 4th bullet point down in the Lesson Summary is incorrect.

Change:
"When you delete a user account, you cannot create an account with the same name; the new account will not belong to the same groups or have the same resource access."

To:
"When you delete a user account, you can create an account with the same name; but the new account will not belong to the same groups or have the same resource access."

Page 137: "Chapter" should be "Lesson"

On page 137, the first bullet point on the page references an incorrect location.

Change:
"In Chapter 2, you examined a script that can use a .csv file to create users. Modify the script to import users from your .csv file. Construct attributes such as userPrincipalName and displayName in the script, as the sample in Chapter 2 illustrated."

To:
"In Lesson 2, you examined a script that can use a .csv file to create users. Modify the script to import users from your .csv file. Construct attributes such as userPrincipalName and displayName in the script, as the sample in Lesson 2 illustrated."

Page 152: "Options" should be "Object Types"

On page 152, the second sentence of the 3rd bullet point contains an incorrect name for a button.

Change:
"If you want to add computers to a group, you must click the Options button and select Computers."

To:
"If you want to add computers to a group, you must click the Object Types button and select Computers."

Page 155: Sales group already exists

On page 155, Exercise 1 requires that you create a group called Sales and add users to it. A group called Sales was previously created in Chapter 2 and needs to be removed in order to successfully complete this exercise.

Add the following Note before the first step in Exercise 1.

NOTE: If you have performed the exercises in Chapters 2 and 3 the group Sales may have already been created and the user Jeff Ford may already be added to it. To perform this exercise correctly you will need to delete the Sales group prior to performing any of the steps.

Page 156: "Distribution" should be "Security"

On page 156, Step 2 of Exercise 2 references the wrong Group type.

Change:
"2. Change the group type to Distribution."

To:
"2. Change the group type to Security."

Page 165: Command in Step 4 is incomplete

On page 165, the command used in Step 4 is incomplete and will not work.

Change: 
csvde –i –f "%userprofile%\importgroups.csv"

To: 
csvde –i –f "%userprofile%\documents\importgroups.csv"

Page 174: "OU" should be "name"

On page 174, Step 2 contains incorrect information.

Change:
"2. Right-click the groups’ OU and choose Properties."

To:
"2. Right-click the groups’ name and choose Properties."

Page 184: Group scopes incorrect

On page 184, the first bullet under Chapter Summary contains incorrect Group scope names.

Change:
"Group scopes (global, universal, domain local, and universal) define group characteristics related to membership, replication, and availability of the group."

To:
"Group scopes (global, domain local, local, and universal) define group characteristics related to membership, replication, and availability of the group."

Page 198: Figure 5-4 is incorrect

On page 198, Figure 5-4 is incorrect and should be disregarded.

Page 198: Reference to Dsacls.exe should be removed

On page 198, the last sentence contains an incorrect reference to Dsacls.exe.

Change:
"You will delegate permission to create computer objects, using the Dsacls.exe command, and you will redirect the default computer container."

To:
"You will delegate permission to create computer objects and you will redirect the default computer container."

Page 209: "Create and Manage a Custom MMC" should be "Automate Importing and Creating Computer Objects"

On page 209, the title of the practice is incorrect.

Change:
"Create and Manage a Custom MMC"

To:
"Automate Importing and Creating Computer Objects"

Page 214: "value" misplaced in code sample

On page 214, the last two lines of the last code sample are incorrect.

Change: 
objComputer.Put "property",
value objComputer.SetInfo

To: 
objComputer.Put "property", value
objComputer.SetInfo

Page 215: TargetOUDN should be ComputerDN and vice versa

On page 215, the last code sample is incorrect.

Change: 
Set objOU = GetObject("LDAP://TargetOUDN")
objOU.MoveHere "LDAP://ComputerDN", vbNullString

To: 
Set objOU = GetObject("LDAP://ComputerDN")
objOU.MoveHere "LDAP://TargetOUDN", vbNullString

Page 239: "GPME" should be "GPMC"

On page 239, the second sentence of the second paragraph under "Creating, Linking, and Editing GPOs" contains an incorrect acronym.

Change:
"To delegate permission to other groups, select the Group Policy Objects container in the GPME console tree and then click the Delegation tab in the console details pane."

To:
"To delegate permission to other groups, select the Group Policy Objects container in the GPMC console tree and then click the Delegation tab in the console details pane."

Page 261: "No Override" should be "Enforced"

On page 261, Figure 6-11 incorrectly uses No Override near the top of the figure.

Change:
"No Override"

To:
"Enforced"

Page 265: GPME should be GPMC

On page 265, the first sentence of the fourth paragraph refers to GPME rather than GPMC.

Change:
"To create a WMI filter, right-click the WMI Filters node in the GPME and choose New."

To:
"To create a WMI filter, right-click the WMI Filters node in the GPMC and choose New."

Page 265: "class" should be "namespace"

On page 265, the second sentence of the third paragraph is partially incorrect.

Change:
"Many useful classes, including Win32_Operating System, are found in a class called root\CIMv2."

To:
"Many useful classes, including Win32_Operating System, are found in a namespace called root\CIMv2."

Page 266: Incorrect result description of a setting

On page 266, the first sentences in the 3rd and 4th bullet points under the heading "Enabling or Disabling GPOs and GPO Nodes" are incorrect.

Change:
"Computer Configuration Settings Disabled During computer policy refresh, computer configuration settings in the GPO will be applied."

To:
"Computer Configuration Settings Disabled During computer policy refresh, computer configuration settings in the GPO will not be applied."

Change:
"User Configuration Settings Disabled During user policy refresh, user configuration settings in the GPO will be applied."

To:
"User Configuration Settings Disabled During user policy refresh, user configuration settings in the GPO will not be applied."

Page 273: computer should be user

On page 273, the last sentence of step 12 is incorrect.

Change:
"If any user requires exemption from the policies in the CONTOSO Standards GPO, you can simply add the computer to the group."

To:
"If any user requires exemption from the policies in the CONTOSO Standards GPO, you can simply add the user to the group."

Page 275: Additional steps needed

On page 275, two steps are needed before step 21.

The steps to add are:
"20a. Click the Add button in the Security Filtering section
20b. Type the group name, Domain Users, and click OK."

Page 280: "Gpupdate.exe" should be "Ggpresult.exe"

On page 280, the command in the Quick Check Answer bullet point is incorrect.

Change:
"The Group Policy Results Wizard and Gpupdate.exe can be used to perform your top analysis on a remote system."

To:
"The Group Policy Results Wizard and Gpresult.exe can be used to perform your top analysis on a remote system."

Page 294: "Computer Configuration\" should be "Computer Configuration\Policies\"

On page 294, step 1 at the bottom of the page contains an incorrect path.

Change:
"In Group Policy Management Editor, navigate to Computer Configuration\Windows Settings\Security Settings\Restricted Groups."

To:
"In Group Policy Management Editor, navigate to Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups."

Page 346: 5136 should be 4662

On page 346, the second sentence of step 19 contains an incorrect Event ID.

Change:
"You should see both a Directory Service Access event (Event ID 5136) and a Directory Service Changes event (Event ID 5136)."

To:
"You should see both a Directory Service Access event (Event ID 4662) and a Directory Service Changes event (Event ID 5136)."

Page 364: "Security Settings" should be "Windows Settings\Security Settings"

On page 364, step 6 of Exercise 1 is incorrect.

Change:
"Expand Computer Configuration\Policies\Security Settings\Account Policies, and then select Password Policy."

To:
"Expand Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies, and then select Password Policy."

Page 365: "DomainAdmins" should be "Domain Admins"

On page 365, step 11 is missing a space between Domain and Admins.

Change:
"11. In the Edit Attributes box, type CN=DomainAdmins,CN=Users,DC=contoso,DC=com and click OK."

To:
"11. In the Edit Attributes box, type CN=Domain Admins,CN=Users,DC=contoso,DC=com and click OK."

Page 383: "Ddsmgmt.exe" should be "dsmgmt.exe"

On page 383, the first sentence in the second paragraph includes an incorrectly spelled command.

Change:
"You can configure administrative role separation by using the Ddsmgmt.exe command."

To:
"You can configure administrative role separation by using the dsmgmt.exe command."

Page 400: Figure 9-3 uses an incorrect header

On page 400, in the last box to the right in Figure 9-3 the heading is incorrect.

Change:
"Internal Network"

To:
"External Network"

Page 416: Question 5 in Quick Check needs to be removed

On page 416, question 5 in the Quick Check at the bottom of the page hasn't been covered up until this point in the book. It should be removed.

Page 470: "performed by" missing

On page 470, the second sentence of the "Attach the server to the RODC account" is missing the phrase "performed by."

Change:
"These steps can be the users or groups specified when the RODC account was prestaged; these users do not require any privileged group membership."

To:
"These steps can be performed by the users or groups specified when the RODC account was prestaged; these users do not require any privileged group membership."

Page 471: "attache" should be "attach"

On page 471, the second to the last dcpromo command on the page is partially incorrect.

Change: 
dcpromo /useexistingaccount:attache /unattend:"c:\rodcanswer.txt"

To: 
dcpromo /useexistingaccount:attach /unattend:"c:\rodcanswer.txt"

Page 518: "TCP" should be "UDP"

On page 518, the last sentence of the first bullet point references an incorrect protocol.

Change:
"Microsoft clients use only TCP, but UNIX clients can use TCP."

To:
"Microsoft clients use only TCP, but UNIX clients can use UDP."

Page 522: "object" and "attribute" need to be reversed

On page 522, the first sentence in the last paragraph is partially incorrect.

Change:
"Traditionally, replicas have been complete replicas, containing every object of an attribute, and replicas have been writable on all DCs."

To:
"Traditionally, replicas have been complete replicas, containing every attribute of an object, and replicas have been writable on all DCs."

Page 566: "forest" should be "domain"

On page 566, answer C of Question 3 is incorrect.

Change:
"C. Raise the forest functional level."

To:
"C. Raise the domain functional level."

Page 620: "Dsbutil.exe" should be "DSDButil.exe"

On page 620, the 8th tool down in Table 13-2 is spelled incorrectly.

Change:
"Dsbutil.exe (installed with AD LDS and AD DS)"

To:
"DSDButil.exe (installed with AD LDS and AD DS)"

Page 621: Description of Repadmin.exe tool incorrect

On page 621, in Table 13-2 the description for Repadmin.exe is incorrect.

Change:
"Troubleshoot and diagnose replication between DCs that use the File Replication Service (FRS), which is the system used when the forest does not run in Windows Server 2008 full functional mode."

To:
"Repadmin helps administrators diagnose Active Directory replication problems between domain controllers running Microsoft Windows operating systems."

Page 624: Incorrect information regarding AD DS features

On page 624, the last sentence of the last paragraph on the page incorrectly states that AD DS has four features that enable you to recover information without resorting to backups. The last bullet also needs to be removed.

Change:
"However, AD DS includes four features that enable you to recover information without resorting to backups:"

To:
"However, AD DS includes three features that enable you to recover information without resorting to backups:"

Remove the following bullet point:
"The backup and restore feature supported by Windows Server Backup."

Page 649 Incorrect guidance for restoring a DC from a snapshot

This section contains in accurate guidance about how to restore a DC on a VM. For more updated guidance, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/dd363545(WS.10).aspx
(http://technet.microsoft.com/en-us/library/dd363545(WS.10).aspx)


Page 656: Backslash needs to be removed before command

On page 656, the 5th command down under step 5 incorrectly places a backslash before the command.

Change: 
\cd \windows\ntds

To: 
cd \windows\ntds

Page 656: NTDS should be originalntds

On page 656, the first sentence of step 2 contains an incorrect path.

Change:
"Also, make sure both a C:\Temp folder and a C:\NTDS folder exist on your server and that both folders are empty."

To:
"Also, make sure both a C:\Temp folder and a C:\originalntds folder exist on your server and that both folders are empty."

Page 672: resources should be utilization

On page 672, the last sentence of the second paragraph of the "Working with Windows System Resource Manager" section refers to processor resources rather than processor utilization.

Change:
"This means that when processor resources are low, WSRM does not affect any application."

To:
"This means that when processor utilization is low, WSRM does not affect any application."

Page 797: private should be public

On page 797, the second-to-last sentence of the "Rights account certificate (RAC)" section of Table 16-3 refers to the computer's private key rather than public key.

Change:
"The private key is encrypted with the computer’s private key."

To:
"The private key is encrypted with the computer’s public key."

Page 853: 433 should be 443

On page 853, the last sentence of the second bullet point refers to the incorrect port.

Change:
"Because of this, all communications occur through port 433 over HTTPS."

To:
"Because of this, all communications occur through port 443 over HTTPS."

Page 859: "Token Signing Certificate" should be "Server Authentication"

On page 859, in the Legend for Figure 17-7 "Token Signing Certificate" and "Server Authentication" are switched.

Change:
"Token Signing Certificate
Server Authentication
Client Authentication"

To:
"Server Authentication
Token Signing Certificate
Client Authentication"

Page 862: Minimize should be removed

On page 862, the first sentence of step 5 of the first procedure is incorrect.

Change:
"Paste the certificate into the Minimize Windows Explorer folder."

To:
"Paste the certificate into the Windows Explorer folder."

Page 863: Claimapp should be claimapplication01

On page 863, the last sentence of the More Info box contains an incorrect path.

Change:
"After these files are created, copy them into the C:\Inetpub\Wwwroot\Claimapp folder."

To:
"After these files are created, copy them into the C:\Inetpub\Wwwroot\claimapplication01 folder."

Page 882: Answers marked as correct are incorrect

On page 882, answers C and D for question 3 are marked as correct when they should be incorrect.

Change:
"C. Correct: Global groups can contain users in the same forest.
D. Correct: Global groups can contain users in trusted domains."

To:
"C. Incorrect: Global groups cannot contain users in the same forest.
D. Incorrect: Global groups cannot contain users in trusted domains."

Page 882: Answer marked as correct is incorrect

On page 882, answer B of Lesson 2, question 1 is incorrect marked as correct.

Change:
"B. Correct: Dsrm is used to delete a group."

To:
"B. Incorrect: Dsrm is used to delete a group not members from a group."

Page 884: Answer A should be correct

On page 884, Question 3 of Lesson 3 has Answer A marked as Incorrect, it should be Correct.

Change:
"A. Incorrect: Account Operators does not have the right to shut down a domain controller."

To:
"A. Correct: Account Operators has the right to shut down a domain controller."

Page 888: On page 888, the answer to question 2 is incorrect

On page 888, the answer given for question 2 is a repeat of the answer to question 1.

Change:
"2. Correct Answers: B and D
A. Incorrect: The central store is used to centralize administrative templates so that they do not have to be maintained on administrators’ workstations.
B. Correct: To create GPOs, the business unit administrators must have permission to access the Group Policy Objects container. By default, the Group Policy Creator Owners group has permission, so adding the administrators to this group will allow them to create new GPOs.
C. Incorrect: Business unit administrators require permission to link GPOs only to their business unit OU, not to the entire domain. Therefore, delegating permission to link GPOs to the domain grants too much permission to the administrators.
D. Correct: After creating a GPO, business unit administrators must be able to scope the GPO to users and computers in their OU; therefore, they must have the Link GPOs permission."

To:
"2. Correct Answer: B"

Page 909: "forest" should be "domain"

On page 909, answer C to quesiton 3 has an incorrect explanation.

Change:
"C. Correct: Windows Server 2008 forest functional level is required for fine-grained password policies."

To:
"C. Correct: Windows Server 2008 domain functional level is required for fine-grained password policies."

Page 910: Answer C should be incorrect

On page 910, Answer C of question 2 is incorrectly marked as correct.

Change:
"C. Correct: The /verify parameter verifies the health of an existing trust relationship. Some trusted users are able to access the resources, so the trust relationship is known to be healthy."

To:
"C. Incorrect: The /verify parameter verifies the health of an existing trust relationship. Some trusted users are able to access the resources, so the trust relationship is known to be healthy."

Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.
Back to the top | Give Feedback

Properties

Article ID: 955243 - Last Review: July 9, 2008 - Revision: 1.23
APPLIES TO
  • MSPRESS MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory®, ISBN 978-0-7356-2513-6
Keywords: 
KB955243
Back to the top | Give Feedback

Give Feedback

 
Back to the topBack to the top