|
Home > Archive > 70-218 > May 2002 > Wed 70-218 Question of the Day...
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Wed 70-218 Question of the Day...
|
|
| Teck Shark 2002-04-30, 4:54 pm |
| Q22. Your are the company network admin. You are migrating your NT 4.0 domain to Windows 2000. This migration requires you to remove NT workstation 4.0 computer accounts from the NT domain & adding them to a W2K Active Directory domain. You create a user account called W2Ksetup to use for migration purposes. You add 10 Windows NT workstation computer accounts. When you attempt to add another account you receive the following error:
The machine account for this computer either doesn't exist or is unavailable.
What should you do?
A. Make sure the W2Ksetup account you created has been assigned the Allow with create Computer objects permission for the Computers container.
B. Delete the computer accounts from the Windows NT 4.0 domain that have not been added to the W2K domain.
C. Make sure the W2Ksetup account you created has been assigned the Allow with create Computer objects permission for the domain controller's container.
D. Configure a DNS server for the Windows NT workstation computers that have not been added to the W2K Active Directory domain.
E. Create a computer account for each computer that has not been added yet in the Active Directory, and then join each computer to the domain.
Good Luck! | |
| allbombguy 2002-04-30, 11:28 pm |
| Ummm Not sure on this one, Id say E | |
| hianshodan 2002-05-01, 9:02 am |
| Not sure but .......
I reckon the only sure answer is E. | |
| merav21 2002-05-01, 9:25 pm |
| think it is e | |
| jakob79 2002-05-01, 11:29 pm |
| I'm going for C.. this is as without permission you can add only 10 computers.. you'll receive an error msg if you try to add more than 10.. by giving the W2Ksetup account Allow permission to create Computer objects permission for the domain controller's container.. you can add more than 10 Windows NT workstation computer accounts..
P.S: this is only if I'm not mistaken.. please correct me if I'm wrong
| |
| RunnerNJ3 2002-05-02, 1:35 pm |
| I believe the answer is C as well. | |
| Teck Shark 2002-05-03, 10:31 am |
| quote:
Originally posted by Teck Shark
Q22. Your are the company network admin. You are migrating your NT 4.0 domain to Windows 2000. This migration requires you to remove NT workstation 4.0 computer accounts from the NT domain & adding them to a W2K Active Directory domain. You create a user account called W2Ksetup to use for migration purposes. You add 10 Windows NT workstation computer accounts. When you attempt to add another account you receive the following error:
The machine account for this computer either doesn't exist or is unavailable.
What should you do?
A. Make sure the W2Ksetup account you created has been assigned the Allow with create Computer objects permission for the Computers container.
B. Delete the computer accounts from the Windows NT 4.0 domain that have not been added to the W2K domain.
C. Make sure the W2Ksetup account you created has been assigned the Allow with create Computer objects permission for the domain controller's container.
D. Configure a DNS server for the Windows NT workstation computers that have not been added to the W2K Active Directory domain.
E. Create a computer account for each computer that has not been added yet in the Active Directory, and then join each computer to the domain.
Good Luck!
The Correct answer is A!
Windows 2000 grants the "Add workstations to domain" privilege to the Authenticated Users group by default. When this privilege is enabled, authenticated users can bypass the access control list (ACL) check for up to a predefined maximum value. To prevent misuse, the maximum number of machine accounts any authenticated user can join is 10 by default.
Microsoft recommends this process:
From the the Active Directory Users and Computers snap-in, click Advanced Features on the View menu so that the Security tab is exposed when you click Properties .
Right-click the Computers container, and then click Properties .
On the Security tab, click Advanced .
On the Permissions tab, click Authenticated Users , and then click View/Edit .
NOTE : If the Authenticated Users group is not listed, click Add and add it to the list of permission entries.
Make sure the This object and all child objects option is displayed in the Apply onto box.
From the Permissions box, click to select the Allow check box next to the Create Computer Objects and Delete Computer Objects ACEs, and then click OK . |
|
|
|
|