Download Configuring Advanced Windows Server 2012 Services.70-412.ExamsKey.2019-02-05.272q.vcex

Although it is not recommended, you can use this procedure to disable security identifier (SID) filter quarantining for an external trust with the Netdom.exe tool. You should consider disabling SID filter quarantining only in the following situations:Users have been migrated to the trusted domain with their SID histories preserved, and you want to grant those users access to resources in the trusting domain (the former domain of the migrated users) based on the sIDHistory attribute. Etc. References: Disabling SID filter quarantininghttps://technet.microsoft.com/en-us/library/cc794713(v=ws.10).aspx

The contoso domain must trust the adatum domain. Note: In a One-way: incoming trust, users in your (trusted) domain can be authenticated in the other (trusting) domain. Users in the other domain cannot be authenticated in your domain.Incorrect Answers:A, B: Use realm trusts to form a trust relationship between a non-Windows Kerberos realm and a Windows Server domain.D: The resources that are to be shared are in the contoso domain.References: Trust types

In Windows Server 2012, the Group Policy Management Console (GPMC) was enhanced to provide a report for the overall health state of the Group Policy infrastructure for a domain, or to scope the health view to a single GPO. Reference: Check Group Policy Infrastructure Statushttp://technet.microsoft.com/en-us/library/jj134176.aspx

B. The Install-AdcsCertificationAuthority cmdlet performs installation and configuration of the AD CS CA role service. It can be used to install a root CA. Example:Install-AdcsCertificationAuthority –CAType StandaloneRootCA –CACommonName "ContosoRootCA" –KeyLength 2048 –HashAlgorithm SHA1–CryptoProviderName "RSA#Microsoft Software Key Storage Provider" E: The Install-AdcsWebEnrollment cmdlet performs initial installation and configuration of the Certification Authority Web Enrollment role service.Note: Prior to the availability of Certificate Enrollment Web Services, AD CS required that client computers configured for certificate auto-enrollment be connected directly to the corporate network. Certificate Enrollment Web Services allows organizations to enable AD CS using a perimeter network. This allows users and computers outside the corporate network to enroll for certificates.    Certificate Enrollment web service Reference: Deploying AD CS Using Windows PowerShell

In Windows Server 2012 R2, Windows Server 2008 R2, or Windows Server 2008, you can force replication immediately by using DFS Management, as described in Edit Replication Schedules. You can also force replication by using the Dfsrdiag SyncNow command. You can force polling by using the Dfsrdiag PollAD command. Reference: DFS Replication: Frequently Asked Questions (FAQ) http://technet.microsoft.com/en-us/library/cc773238(v=ws.10).aspx#BKMK_072

By decreasing the site link cost between SiteB and SiteC the SiteC users would be authenticated by SiteB rather than by SiteA. References: https://technet.microsoft.com/en-us/library/dd277430.aspx#XSLTsection126121120120

In Windows Server 2008 and later, you can use fine-grained password policies to specify multiple password policies and apply different password restrictions and account lockout policies to different sets of users within a single domain. Note: In Microsoft Windows 2000 and Windows Server 2003 Active Directory domains, you could apply only one password and account lockout policy, which is specified in the domain's Default Domain Policy, to all users in the domain. As a result, if you wanted different password and account lockout settings for different sets of users, you had to either create a password filter or deploy multiple domains. Both options were costly for different reasons.Reference: AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide

On the Classification tab of the file properties in Windows Server 2012, File Classification Infrastructure adds the ability to manually classify files. You can also classify folders so that any file added to the classified folder will inherit the classifications of the parent folder. Reference: What's New in File Server Resource Manager in Windows Server

Manage iSNS server registration The iSNS server registration can be done using the following cmdlets, which manages the WMI objects. To add an iSNS server:Set-WmiInstance -Namespace root\wmi -Class WT_iSNSServer Arguments @{ServerName="ISNSservername"} Note: The Set-WmiInstance cmdlet creates or updates an instance of an existing WMI class. The created or updated instance is written to the WMI repository.Reference: iSCSI Target cmdlet referencehttp://blogs.technet.com/b/filecab/archive/2012/06/08/iscsi-target-cmdlet-reference.aspx

* Configure access-denied assistance To configure access-denied assistance by using File Server Resource Manager 1. Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager. 2. Right-click File Server Resource Manager (Local), and then click Configure Options. etc. * To specify a separate access-denied message for a shared folder by using File Server Resource Manager 1. Open File Server Resource Manager. In Server Manager, click Tools, and then click File Server Resource Manager. 2. Expand File Server Resource Manager (Local), and then click Classification Management. 3. Right-click Classification Properties, and then click Set Folder Management Properties. Etc Reference: Deploy Access-Denied Assistance (Demonstration Steps)