Case Study: Graphic Design Institute

Exhibit, Existing Domain Model 

Exhibit, Existing Network Infrastructure 

Overview 

Graphic Design Institute is a graphical design company that creates animated graphics for several advertising companies and move theaters. 

The hours of operation are 8:00 A.M. to 5:00 P.M., Monday through Friday. 

Physical Locations 

The company’s main office is located in Los Angeles. The company has five branch offices in the 

following locations: 

• Atlanta 
  
• Dallas 
  
• Denver 
  
• New York 
  
• San Francisco 
  

The number of users in each office is shown in the following table. 

Office                  Number of users 

Los Angeles           550 

Atlanta                300 

Dallas                 30 

Denver               210 

Planned Changes 

To meet new security and customer requirements, the company wants to implement a Windows Server 2003 Active Directory environment. 

Existing Environment 

Business Processes 

Graphic Design Institute consists of the following primary departments: 

• Human Resources (HR) 
  
• Finance 
  
• Information Technology (IT) 
  
• Advertising 
  
• Movies 
  
• Animation 
  

The IT department is responsible for all network management. 

Users often work on multiple projects at the same time. A strong administrative structure based on each user’s office location and department is being used. 

Infrastructure 

Directory Services 

The existing domains and trust relationships are shown in the Existing Domain Model exhibit. 

The company has one Windows 2000 domain located in the Los Angeles office. The name of the domain is graphicdesigninstitute.com. The domain is a Windows 20000 mixed-mode domain that contains Windows 2000 Server computers configured as domain controllers, Windows NT Server 4.0 computers configured as BDCs, and Windows 2000 Server computers configured as member servers. 

Currently, this domain is the only Active Directory domain. The domain consists of the following three top-level OUs: 

• Movies 
  
• Animation 
  
• Advertising 
  

The default site configuration has been implemented in the existing Active Directory environment. 

Problem statements 

The following business problems must be considered: 

• There is currently no enforcement of frequent password changes and logon hours. 
  
• The ISP can only supply a single subnet, which consists of 32 IP addresses, for the Internet link. 
  
• It is very difficult to manage users and groups and their necessary permissions. 
  
• The finance and HR department cannot agree on a mutual security policy to implement. 
  
• NetBIOS name resolution is saturating the WAN links. 
  

Interviews 

Chief Execute Offices 

Graphic Design Institute has lost a number of contracts due to deadlines that have not been met. Decreasing the amount of time we spend administering the network, along with increasing the amount of time we spend on customers, is my primary reason for requesting the upgrade of the entire network. 

Funds are available for critical hardware requirements. I do not want any downtime for users. I also want strict business hours enforced. Employees should not be at the office or work from home outside normal business hours. 

Chief Information Officer 

Currently, we have problems as a result of all the merges and acquisitions. I want all the servers to be installed with Windows Server 2003 to resolve these problems. I also want all client computers upgraded to Windows XP Professional over the next two years. 

The current IT response level is leading to a lot of lost production hours. Each office will continue to manage its own users and computers, with the exception of the finance and HR departments, which have their own requirements. We need to ensure that no production time is lost as a result of an interruption in the network connectivity. 

Network Administrator 

We are currently expected to resolve issues within 24 hours, although this sometimes is not achieved. Because most high-level administrative work can only be done when users are not in the office, network administrators often work after hours or on weekends. 

Domain administrators are responsible for managing the private IP addresses of every computer that belongs to their respective domains. 

Help desk staff exists in each branch office to assist users with software-related problems, as well as with basic network problems. Each domain has its own help desk staff with personnel located in each office. In the future, the help desk staff will be responsible for resetting passwords if users forget them. 

Office Worker 

Only selected users have Internet access. This prevents us from remaining competitive because we cannot perform the necessary research about new technologies or software available. 

Business Requirements 

Business Drivers 

The following business requirements must be considered: 

• A single internal namespace is required to minimize administrative effort. 
  
• A Web site exists outside the firewall to provide company contact information. 
  

Organizational Goals 

The following organizational requirements must be considered: 

• The new design must accommodate the finance and HR departments, which have requirements not addressed by the company’s planned password policy. 
• All computers must have the latest service packs and hot fixes installed. In addition, computers in the advertising department must be updated to have the latest versions of graphics and audio drivers installed. 

Security 

The following security requirements must be considered: 

• Specific security groups must be set up to address security requirements. 
  
• Security must be based on departments and groups of individuals within the departments. 
  
• Users in the finance department need access to payroll information on a server named Payroll, which is located in the HR department. 

Customer Requirements 

The following customer requirements must be considered: 

• A new service-level agreement that requires a response from the IT department to users within one hour must go into effect. 
• Personal information about employees must remain secure. 
  
• All client computers, regardless of office location, must be able to access all other computers. 
  

Technical Requirements 

Active Directory 

The following Active Directory requirements must be considered: 

• The company requires a new Active Directory environment that enables the security requirements of various departments to be met. This must be accomplished by installing a Windows Server 2003 on all domain controllers. 
• A completely decentralized administrative approach will be used. Each group of administrators will be responsible for its own departmental environment. 
• Only one operations master role will be allowed per domain controller. This is required for fault tolerance. 
• DNS replication of the forest root domain must be limited to forest domain controllers only. 
  

Network Infrastructure 

The following infrastructure requirements must be considered: 

• A new Routing and Remote Access solution must be installed: 
  
• A DHCP solution that is fault tolerant within each office must be implemented 
  
• All WAN links must be fault tolerant 
  
• Name resolution must be localized on the local network 
  

Graphic Design Institute (10 Questions) 

QUESTION NO: 1 

You are designing a strategy to address the requirements of the advertising department. What should you do? 

A. Create a GPO and link it to the Denver site. 

B. Create a GPO and link it to the Advertising OU. 

C. Create a GPO and link it to the graphicdesigninstitute.com domain. 

D. Configure the Default Domain Policy to have the No Override option. 

E. Use block inheritance to prevent the GPO from applying to members of the advertising department. 

QUESTION NO: 2 

You are deploying a NetBIOS name resolution strategy to meet the business and technical requirements. What should you do? 

A. Install one WINS server in each branch office. Configure the WINS servers to use push/pull replication with the WINS server in Los Angeles. Configure all computers to have the IP address of the local WINS server. 

B. Install two additional WINS servers in Los Angeles. Configure the WINS servers to use push/pull replication. Configure all computers to have the IP addresses of the WINS servers. 

C. Install the DNS Server service on one domain controller on each branch office. Configure the DNS server to forward all unanswered queries to the WINS server. Configure all computers to have the IP address of the DNS servers. 

D. Configure the DNS servers in each branch office to forward all unanswered queries to a local WINS server. Configure all computers to have the IP addresses of the DNS server in 

graphicdesigninstitute.com forest root. 

QUESTION NO: 3 

You are designing a DHCP strategy to meet the business and technical requirements. What should you do? 

A. Install one DHCP server in each branch office and one DHCP server in Los Angeles. 

B. Install one DHCP server in each branch office and two DHCP servers in Los Angeles. 

C. Install two DHCP servers in each branch office and one DHCP server in Los Angeles. 

D. Install two DHCP servers in each branch office and two DHCP servers in Los Angeles. 

QUESTION NO: 4 

You are designing a DNS strategy to meet the business and technical requirements. What should you do? 

A. Install the DNS Server service on all domain controllers. Create Active Directory-integrated zones. Replicate the zones to all DNS servers in the forest. 

B. Install the DNS Server service on all domain controllers. Create Active Directory-integrated zones. Replicate the zones to all DNS servers in the domain. 

C. Install the DNS Server service on all domain controllers. Create primary zones and secondary zones. 

D. Create application partitions for the different zones on one domain controller. Configure replication to occur on all DNS servers. 

QUESTION NO: 5 

You need to identify the number of servers that will be used specifically for operations master roles. How many servers should you recommend? 

A. 5 

B. 11 

C. 14 

D. 17 

E. 20 

QUESTION NO: 6 

You are designing a strategy to provide Internet access to all users. What should you do? 

A. Configure Internet Connection Sharing on all client computers. 

B. Configure Automatic Private IP Addressing (APIPA) on all client computers. 

C. Configure one server as a Routing and Remote Access VPN server. 

D. Configure one server as a Routing and Remote Access NAT router. 

QUESTION NO: 7 

You are designing an Active Directory forest structure to meet the business and technical requirements. What should you do? 

A.Create a single forest that has one domain. Use OUs to separate the departments. 

B. Create a single forest that has multiple domains to represent every department. 

C. Create a single forest that has three domains: one for finance, one for HR, and one for the remaining departments. 

D. Create multiple forests that have a single domain in each forest to represent the departments. 

There are a number of reasons that you might need to define multiple domains. These reasons include the following: 

• You need to implement different domain-level security policies. 
  
• You need to provide decentralized administration. 
  
• You need to optimize replication traffic across WAN links more than you can by dividing a domain into multiple sites. 
• You need to provide a different namespace for different locations, departments, or functions. 
  
• You need to retain an existing Windows NT domain architecture. 
  
• You want to put the schema master in a different domain than the domains that contain users or other resources. 

QUESTION NO: 8 

You are designing a WAN implementation strategy to meet the business and technical requirements. What should you do? 

A. Configure a demand-dial router. 

B. Create multiple Active Directory site links. 

C. Configure a VPN connection between each branch office. 

D. Install an Internet Authentication Service (IAS) server in each branch office. 

QUESTION NO: 9 

You are designing a strategy to provide the required security for the Payroll server. You need to identify the actions that you should perform to achieve this goal. What should you do? 

Move, and arrange the actions in the proper order. Use only actions that apply. 

QUESTION NO: 10 

You are designing a password management solution to meet the business and technical requirements. 

Which two actions should you perform? (Each correct answer presents part of the solution.) (Choosetwo.) 

A. Delegate the password management controls to the help desk staff. 

B. Delegate the password management controls to the Domain Users group. 

C. Configure the Default Domain Policy to enforce password expiration settings. 

D. Configure the Default Domain Controller Policy to enforce password expiration settings.