This article contains comments, corrections, and information about known errors relating to the Microsoft Press book MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server 2008 Active Directory, 978-0-7356-2513-6.

The following topics are covered:

•	Page 28: dns should be dnsserver
•	Page 29: Command incorrect
•	Page 94: "%username%" should be "$username$"
•	Page 94: Command line incorrect
•	Page 95: Three shouold be two
•	Page 122: "%username%" should be "$username$"
•	Page 122: DSMOD should be DSQUERY
•	Page 198: Figure 5-4 is incorrect
•	Page 198: Reference to Dsacls.exe should be removed
•	Page 214: "value" misplaced in code sample
•	Page 215: TargetOUDN should be ComputerDN and vice versa
•	Page 265: GPME should be GPMC
•	Page 280: "Gpupdate.exe" should be "Ggpresult.exe"
•	Page 470: "performed by" missing
•	Page 518: "TCP" should be "UDP"
•	Page 566: "forest" should be "domain"
•	Page 672: resources should be utilization
•	Page 797: private should be public
•	Page 859: "Token Signing Certificate" should be "Server Authentication"
•	Page 862: Minimize should be removed
•	Page 863: Claimapp should be claimapplication01
•	Page 882: Answers marked as correct are incorrect
•	Page 888: On page 888, the answer to question 2 is incorrect
•	Page 909: "forest" should be "domain"
•	Page 910: Answer C should be incorrect

Back to the top

Page 28: dns should be dnsserver

On page 28, the command given in step 2 of exercise 2 is incorrect.

Change:
"netsh interface ipv4 set dns name="Local Area Connection""

To:
"netsh interface ipv4 set dnsserver name="Local Area Connection""

Back to the top

Page 29: Command incorrect

On page 29, in Step 3 of Exercise 3 the command to add and configure the AD DS role is partially incorrect.

Change:
"dcpromo /unattend /replicaOrNewDomain:replica /replicaDomainDNSName:contoso.com /ConfirmGC:Yes /UserName:CONTOSO\Adminsitrator /Password:* /safeModeAdminPassword:P@ssword"

To:
"dcpromo /unattend /replicaornewdomain:replica /replicaDomainDNSName:contoso.com /ConfirmGC:Yes /UserName:Administrator /userDomain:Contoso /Password:* /safeModeAdminPassword:P@ssword"

Back to the top

Page 94: "%username%" should be "$username$"

On page 94, in the command under Step 2 an incorrect token is used.

Change:

dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"
-samid mike.fitz –pwd * -mustchpwd yes –hmdir
\\server01\users\%username%\documents -hmdrv U:

To:

dsadd user "cn=Mike Fitzmaurice,ou=People,dc=contoso,dc=com"
-samid mike.fitz –pwd * -mustchpwd yes –hmdir
\\server01\users\$username$\documents -hmdrv U:

Back to the top

Page 94: Command line incorrect

On page 94, the first line of the command under Step 1 is incorrectly formatted.

Change:
"DN,objectClass,sAMAccountName,sn,givenName,userPrincipalName"

To:
"DN,objectClass,sAMAccountName,givenName,sn,userPrincipalName"

Back to the top

Page 95: Three shouold be two

On page 95, the second sentence of step 5 refers to three users rather than two.

Change:
"The three users are imported."

To:
"The two users are imported."

Back to the top

Page 122: "%username%" should be "$username$"

On page 122, the second full command and fourth full paragraph down contain an incorrect token.

Change:
"

dsquery user "ou=People,dc=contoso,dc=com" | dsmod user
-hmdir "\\server01\users\%username%\documents" –hmdrv "U:"

As mentioned in Lesson 1, the special %username% token can be used to represent the sAMAccountName of user objects when using DS commands to configure the value of the -email, -hmdir, -profile, and -webpg parameters."

To:
"

dsquery user "ou=People,dc=contoso,dc=com" | dsmod user
-hmdir "\\server01\users\$username$\documents" –hmdrv "U:"

As mentioned in Lesson 1, the special $username$ token can be used to represent the sAMAccountName of user objects when using DS commands to configure the value of the -email, -hmdir, -profile, and -webpg parameters."

Back to the top

Page 122: DSMOD should be DSQUERY

On page 122, the first sentence of the third paragraph is incorrect.

Change:
"The DSMOD USER command searches Active Directory for users whose names end with Mitchell."

To:
"The DSQUERY USER command searches Active Directory for users whose names end with Mitchell."

Back to the top

Page 198: Figure 5-4 is incorrect

On page 198, Figure 5-4 is incorrect and should be disregarded.

Back to the top

Page 198: Reference to Dsacls.exe should be removed

On page 198, the last sentence contains an incorrect reference to Dsacls.exe.

Change:
"You will delegate permission to create computer objects, using the Dsacls.exe command, and you will redirect the default computer container."

To:
"You will delegate permission to create computer objects and you will redirect the default computer container."

Back to the top

Page 214: "value" misplaced in code sample

On page 214, the last two lines of the last code sample are incorrect.

Change:

objComputer.Put "property",
value objComputer.SetInfo

To:

objComputer.Put "property", value
objComputer.SetInfo

Back to the top

Page 215: TargetOUDN should be ComputerDN and vice versa

On page 215, the last code sample is incorrect.

Change:

Set objOU = GetObject("LDAP://TargetOUDN")
objOU.MoveHere "LDAP://ComputerDN", vbNullString

To:

Set objOU = GetObject("LDAP://ComputerDN")
objOU.MoveHere "LDAP://TargetOUDN", vbNullString

Back to the top

Page 265: GPME should be GPMC

On page 265, the first sentence of the fourth paragraph refers to GPME rather than GPMC.

Change:
"To create a WMI filter, right-click the WMI Filters node in the GPME and choose New."

To:
"To create a WMI filter, right-click the WMI Filters node in the GPMC and choose New."

Back to the top

Page 280: "Gpupdate.exe" should be "Ggpresult.exe"

On page 280, the command in the Quick Check Answer bullet point is incorrect.

Change:
"The Group Policy Results Wizard and Gpupdate.exe can be used to perform your top analysis on a remote system."

To:
"The Group Policy Results Wizard and Gpresult.exe can be used to perform your top analysis on a remote system."

Back to the top

Page 470: "performed by" missing

On page 470, the second sentence of the "Attach the server to the RODC account" is missing the phrase "performed by."

Change:
"These steps can be the users or groups specified when the RODC account was prestaged; these users do not require any privileged group membership."

To:
"These steps can be performed by the users or groups specified when the RODC account was prestaged; these users do not require any privileged group membership."

Back to the top

Page 518: "TCP" should be "UDP"

On page 518, the last sentence of the first bullet point references an incorrect protocol.

Change:
"Microsoft clients use only TCP, but UNIX clients can use TCP."

To:
"Microsoft clients use only TCP, but UNIX clients can use UDP."

Back to the top

Page 566: "forest" should be "domain"

On page 566, answer C of Question 3 is incorrect.

Change:
"C. Raise the forest functional level."

To:
"C. Raise the domain functional level."

Back to the top

Page 672: resources should be utilization

On page 672, the last sentence of the second paragraph of the "Working with Windows System Resource Manager" section refers to processor resources rather than processor utilization.

Change:
"This means that when processor resources are low, WSRM does not affect any application."

To:
"This means that when processor utilization is low, WSRM does not affect any application."

Back to the top

Page 797: private should be public

On page 797, the second-to-last sentence of the "Rights account certificate (RAC)" section of Table 16-3 refers to the computer's private key rather than public key.

Change:
"The private key is encrypted with the computer’s private key."

To:
"The private key is encrypted with the computer’s public key."

Back to the top

Page 859: "Token Signing Certificate" should be "Server Authentication"

On page 859, in the Legend for Figure 17-7 "Token Signing Certificate" and "Server Authentication" are switched.

Change:
"Token Signing Certificate
Server Authentication
Client Authentication"

To:
"Server Authentication
Token Signing Certificate
Client Authentication"

Back to the top

Page 862: Minimize should be removed

On page 862, the first sentence of step 5 of the first procedure is incorrect.

Change:
"Paste the certificate into the Minimize Windows Explorer folder."

To:
"Paste the certificate into the Windows Explorer folder."

Back to the top

Page 863: Claimapp should be claimapplication01

On page 863, the last sentence of the More Info box contains an incorrect path.

Change:
"After these files are created, copy them into the C:\Inetpub\Wwwroot\Claimapp folder."

To:
"After these files are created, copy them into the C:\Inetpub\Wwwroot\claimapplication01 folder."

Back to the top

Page 882: Answers marked as correct are incorrect

On page 882, answers C and D for question 3 are marked as correct when they should be incorrect.

Change:
"C. Correct: Global groups can contain users in the same forest.
D. Correct: Global groups can contain users in trusted domains."

To:
"C. Incorrect: Global groups cannot contain users in the same forest.
D. Incorrect: Global groups cannot contain users in trusted domains."

Back to the top

Page 888: On page 888, the answer to question 2 is incorrect

On page 888, the answer given for question 2 is a repeat of the answer to question 1.

Change:
"2. Correct Answers: B and D
A. Incorrect: The central store is used to centralize administrative templates so that they do not have to be maintained on administrators’ workstations.
B. Correct: To create GPOs, the business unit administrators must have permission to access the Group Policy Objects container. By default, the Group Policy Creator Owners group has permission, so adding the administrators to this group will allow them to create new GPOs.
C. Incorrect: Business unit administrators require permission to link GPOs only to their business unit OU, not to the entire domain. Therefore, delegating permission to link GPOs to the domain grants too much permission to the administrators.
D. Correct: After creating a GPO, business unit administrators must be able to scope the GPO to users and computers in their OU; therefore, they must have the Link GPOs permission."

To:
"2. Correct Answer: B"

Back to the top

Page 909: "forest" should be "domain"

On page 909, answer C to quesiton 3 has an incorrect explanation.

Change:
"C. Correct: Windows Server 2008 forest functional level is required for fine-grained password policies."

To:
"C. Correct: Windows Server 2008 domain functional level is required for fine-grained password policies."

Back to the top

Page 910: Answer C should be incorrect

On page 910, Answer C of question 2 is incorrectly marked as correct.

Change:
"C. Correct: The /verify parameter verifies the health of an existing trust relationship. Some trusted users are able to access the resources, so the trust relationship is known to be healthy."

To:
"C. Incorrect: The /verify parameter verifies the health of an existing trust relationship. Some trusted users are able to access the resources, so the trust relationship is known to be healthy."

Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.

Back to the top