As you may remember from the 70-640 MCTS Windows Server 2008 Active Directory exam, a global catalog server is a server that contains a master list of all the objects in a domain or forest. The global catalog itself is the master list, and it is transmitted across servers for the purpose of informing individual machines throughout the environment of what objects actually exist and, more importantly, where they can be found. The Sybex 70-640 book Windows Server 2008 Active Directory Configuration Study Guide calls this list the ?universal phone book?of Active Directory. Not only is that pretty clever, it’s also very accurate.

The global catalog serves two more functions. First, it enables users to log on because it informs a domain controller of the universal group membership of the rest of the servers. Second, it resolves user principal names of which a particular domain controller may not be aware.

Deciding which server is going to contain your global catalog is one of the most important decisions you will make when you are beginning to design a network. Depending on its location, it can directly affect the speed of your site replication, the amount of time your servers spend updating themselves with the latest objects, and how quickly the rest of the environment becomes aware of changes.

By default, the first tree (domain) in a forest is always a global catalog server. This is because if a forest didn?t have a copy of the global catalog, it really wouldn?t achieve much, because no credentials would be cached and it wouldn?t have a list of what user accounts existed. Beyond the initial global catalog servers, here are a couple of other reasons you might want to add a global catalog server: users of custom applications, unavailable WAN links, and roaming users.

Just like the global catalog server location, the operations master location is one of the most important design decisions you will have to make when creating your network infrastructure. However, unlike the global catalog server, the operations master server is broken down into ?ve separate roles that have to be considered.

If you have a choice in the matter, the best decision for the schema master is to use it as little as possible. Modifying the schema isn?t something you want to do very often, because it tends to be very heavy handed and can cause a lot of problems if you aren?t careful. When placing the schema master, the main thing you have to keep in mind is the location of your schema administrators. They will be the sole benefactors of this location, and therefore you need to plan accordingly.

No matter where you work, there will come a point in your administrative life where you simply have to break things down. As I alluded to earlier, it’s rare that you will see a large enterprise using only one domain, or even one forest, to administer an entire facility. Unfor- tunately (or fortunately if you?d like to consider it in terms of job security), the real world is a lot more complex. Accordingly, designs and topologies become more complex as compa- nies grow.

The main question that comes up as this process continues is this: how can you utilize resources that aren?t part of your individual infrastructure? The answer, which originally came about in Windows Server 2000, is a trust. By now, you probably are familiar with trusts and the various types of trusts that can be implemented in Windows Server 2008. In the following sections, I will review the various types of trusts, cover their strengths and weak- nesses, and discuss strategies for implementing trusts in your environment. The MCITP certification exam will ask a lot of questions on trusts from both your previous study and what you will learn here. It’s a good idea to review what you’ve learned in the past before you take the exam. It could save your grade!

Authentication    In security administration, authentication is the process of verifying a user?s identity. Is John Q. Smith really John Q. Smith? Or is he another user pretending to be John Q. Smith?
Authorization    Authorization is the process of determining what access a particular user has. For example, this is the process of determining whether John Q. Smith has access to the Shared folder on an office server located in the main building.

As mentioned earlier, trusts are connections?between either domains or forests?that allow various objects within Active Directory to access, modify, and utilize resources. In general, trusts exist on two levels: forest and domain.

With the release of Windows Server 2003, Microsoft made a previously unavailable function available to administrators. Forest trusts allow an administrator to connect two forests and establish a trust between them at the forest level. This is a big change from the previous iteration, which allowed this only on the domain level. Forest trusts can be either one-way, two-way, or transitive. In a two-way transitive forest, each forest trusts the other completely. Forest trusts offer several bene?ts, such as simpli?ed resource access, improved authentica- tion, improved security, and improved administrative overhead.

It’s important to note that, unlike domain trusts (discussed next), forest trusts can be created only between two forests. They cannot be extended or joined to a third. This function is slightly limiting; however, this is utilized for security purposes and for administra- tive reasons. By accident, an administrator could easily end up making all components of a multitiered forest trust each other completely!

Defects in materials and workmanship shall be limited to replacement of the Software Media, which may be returned to WPI with a copy of your receipt at the fol- lowing address: Software Media Fulfillment Depart-ment, Attn.: MCITP: Windows Server 2008 Enterprise Administrator Study Guide    , Wiley Publishing, Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, or call 1-800- 762-2974. Please allow four to six weeks for delivery. This Limited Warranty is void if failure of the Software Media has resulted from accident, abuse, or misapplication. Any replacement Software Media will be warranted for the remainder of the original warranty period or thirty (30) days, whichever is longer.

In no event shall WPI or the author be liable for any damages whatsoever (including without limitation dam- ages for loss of business profits, business interruption, loss of business information, or any other pecuniary loss) arising from the use of or inability to use the Book or the Software, even if WPI has been advised of the possibility of such damages.

Because some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation or exclusion may not apply to you. U.S. Government Restricted Rights. Use, duplication, or disclosure of the Software for or on behalf of the United States of America, its agencies and/or instrumentalities paragraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause of DFARS 252.227-7013, or subparagraphs (c) (1) and (2) of the Commercial Computer Software – Restricted Rights clause at FAR 52.227-19, and in similar clauses in the NASA FAR supplement, as applicable.

General. This Agreement constitutes the entire under- standing of the parties and revokes and supersedes all prior agreements, oral or written, between them and may not be modified or amended except in a writing signed by both parties hereto that specifically refers to this Agreement. This Agreement shall take precedence over any other documents that may be in conflict herewith. If any one or more provisions contained in this Agreement are held by any court or tribunal to be invalid, illegal, or other- wise unenforceable, each and every other provision shall remain in full force and effect.

(a)    WPI warrants that the Software and Software Media are free from defects in materials and workmanship under normal use for a period of sixty (60) days from the date of purchase of this Book. If WPI receives notification within the warranty period of defects in materials or workman- ship, WPI will replace the defective Software Media.

(b)    WPI AND THE AUTHOR(S) OF THE BOOK DIS-CLAIM ALL OTHER WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE SOFTWARE, THE PROGRAMS, THE SOURCE CODE CONTAINED THEREIN, AND/ OR THE TECHNIQUES DESCRIBED IN THIS BOOK. WPI DOES NOT WARRANT THAT THE FUNCTIONS CONTAINED IN THE SOFTWARE WILL MEET YOUR REQUIREMENTS OR THAT THE OPERATION OF THE SOFTWARE WILL BE ERROR FREE.

(c)    This limited warranty gives you specific legal rights, and you may have other rights that vary from jurisdiction to jurisdiction. Remedies.

You are the administrator of AnimalCorp, a large business responsible for the placement of endangered species and the preservation of the environment. AnimalCorp currently runs SQL and a MySQL database that runs off a centralized server that is under consistent secu- rity risks. AnimalCorp would like to install Linux on this server as well as Windows Server  Security and reliability are of extreme concern. What should you do?

Perform a full install of Windows Server 2008 behind a firewall, and run Hyper-V on the local hard drive. Perform a Server Core install of Windows Server 2008, and install Hyper-V on the local hard drive. Perform a Server Core install of Windows Server 2008 behind a firewall. Install Hyper-V, and store the install on a secure network-attached location. Do not install Hyper-V.

Which of the following are not benefits of SCVMM 2007?
Easily create virtual machines.
Swap VM from one Hyper-V to another.
Move virtual machines.
Delegate permissions.
None of the above.

What is the maximum amount of memory supported by Hyper-V?
.5TB
1TB
2TB
4TB

Which of the following supports remote management and administration of the Hyper-V Manager through the addition of an administration download that is available from  Microsoft?
Windows XP Home edition
Windows XP Pro
Windows Vista
Windows Vista x64
Windows Server 2008

In an installation where the reliability of four virtual machines is critical and the implementa- tion of an iSCSI device is recommended through the use of a SAN, what setup would you use?
One RAID 0 implementation on the SAN with four unique LUNs
Four RAID 0 implementations with four LUNs
One RAID 1 implementation with four LUNs
RAID 5 implementation with one LUN

You are the administrator for OmniCorp, and OmniCorp has just recently installed a cen- tralized server that contains six virtualized machines that are backed up through RAID 1 redundancy on an iSCSI device. Because of security reasons, executives have asked you to create a system of recovery to support the possible loss of data in the case of system failure. What should you do?