MOAC Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure 70-294 Comments and Corrections (873319)

MORE INFORMATION

Corrections To Instructor Slides

The following changes should be made to the instructor slides:

Chapter 1 slides, slide 27, in the first bullet, change:
"All domain controllers must be Windows 2000 Server or Windows Server 2003 domain controllers."
To:
"Domain controllers can be running Windows Server 2003, Windows 2000, or Windows NT 4.0 operating systems."

Chapter 3 slides, slide 22, change:
"Bridgehead servers notify bridgehead servers at other sites of changes every 80 minutes by default."
To:
"Bridgehead servers notify bridgehead servers at other sites of changes every 180 minutes by default."

Chapter 3 slides, slide 9, change:
"Forest-wide replication is not conducted separately, because this information is sent to all domains in the forest."
To:
"Forest-wide replication is conducted separately, because this information is sent to all domains in the forest."

Chapter 4 slides, slide 17, change:
"ALTERNATE TCP/IP ADDRESS CONFIGURATION"
To:
"FOREST-WIDE FSMO ROLES"

Chapter 4 slides, slide 21:
Server names in the figure are duplicated. They should be Server1 and Server2.

Chapter 4 slides, slide 22:
Server names in the figure are duplicated. They should be Server1, Server2, and Server3. Also, remove Infrastructure Master from Server3.

Chapter 8 slides:
Slide 6 shows an incorrect screenshot of "Account Lockout Policy". Please disregard this picture.

Virtual PC, Lab Manual, Page 23: Correction To "Forcing Replication"

On page 23, In Exercise 3-1, "Forcing Replication", at step 6, instead of successfully replicating, the following message is displayed:

"The following error occurred during the attempt to sychronize naming context child01.domain01.local from domain controller COMPUTER02 to domain controller COMPUTER01: The Active Directory cannot replicate with this server because the time since the last replication with this server has exceeded the tombstone lifetime. This operation will not continue. "

Cause: A virtual machine domain controller is a snapshot of the domain controller at the time the product was created. If domain controllers do not replicate with each other within the tombstone lifetime period (default 60 days), replication will fail with an error.

Resolution: To modify the registry to allow for replication when the tombstone lifetime is exceeded, perform the following steps on both virtual machines, COMPUTER01 and COMPUTER02.

1. Logon to the virtual machine domain controller using an account with administrator rights.
2. Open the Registry Editor.
3. Navigate to following registry key: HKLM\System\CurrentControlSet\Services\NTDS\Parameters.
4. Right-click in the right pane of the Registry Editor, point to New, and then click DWORD Value.
5. For the name of the value type the following name and then press Enter. Allow Replication With Divergent and Corrupt Partner
6. Double-click the new value, enter 1 in the Value data text box, and then click OK.
7. Close the Registry Editor.

This registry change takes effect immediately without the need for a reboot. Therefore, this change can be implemented after the tombstone lifetime error has occurred and the next replication will be successful.

Note This issue applies to the Lab Manual exercise in the Virtual PC environment.

Lab Manual, Page 42: Addition To Domain Controllers Section

In the Lab Manual, on page 42, in Lab 4, Exercise 4-1, under "Allowing Users to Log On to Domain Controllers", add:

"Instructor note: There seems to be a delay when giving users the rights to logon locally. You may need to wait a few minutes before users receive this right."

Lab Manual, Page 162: Windows 2000 Native Should Be Windows 2003

In the Lab Manual, on page 162, under Lab Dependencies,

Change:
"The functional level of domainxx.local must be Windows 2000 native"

To:
"The functional level of domainxx.local must be Windows 2003"

Page xiv: Incorrect Answers Location

On page xiv, in the fourth bullet,

Change:
"(Answers to these questions are in the Textbook Answers document in the Answers folder.)"

To:
"(Answers to these questions are in the TextbookAnswers document in the Answers Guide folder on the Instructor CD.)"

Page 9: Windows 2003 trees are defined as a forest

On page 9, the first sentence under the 'Forests' topic reads:

"One or more Windows 2003 domains is defined as a forest."

It should read:

"One or more Windows 2003 trees is defined as a forest."

Page 85: Object being accessed has an ACL, not the user

On page 85, the second sentence of the first paragraph under the Provision of Universal Group Membership Information heading reads:

"This information is an important part of a user's ACL."

It should read:

"This information is an important part of a user's access level."

Page 85: ACL referenced in place of token

On Page 85, the second sentence of the second paragraph under the Provision of Universal Group Membership Information heading reads:

"Without the global catalog available to query universal group memberships, a complete ACL cannot be created."

It should read:

"Without the global catalog available to query universal group memberships, a complete token cannot be created."

Pages 95 And 96: Corrections To Figure 4-3 And Figure 4-4

On page 95, in Figure 4-3, server names are duplicated.
They should be Server1 and Server2.

On page 96, in Figure 4-4, server names are duplicated.
They should be Server1, Server2, and Server3. Also, remove Infrastructure Master from Server3.

Page 176: Figure 7-10 contains a duplicate entry

On page 176, in Figure 7-10, the Education OU GPO textbox reads:

"- Prohibit access to Control Panel
- Prohibit access to Control Panel
- Add background graphic with Music / Dance image"

It should read:

"- Prohibit access to Control Panel
- Remove Folder Options from Tools menu
- Add background graphic with Music / Dance image"

Page 239: Incorrect figure

On page 239, Figure 9-16 is not correct and should be ignored.

Page 262: Remove domain controllers from statement

On page 262, the first sentence in the Logging mode bullet reads:

"This mode queries existing policies in the hierarchy that are linked to sites, domains, domain controllers, and organizational units."

It should read:

"This mode queries existing policies in the hierarchy that are linked to sites, domains, and organizational units."

Page 286: Active Directory and System State data reversed

On page 286, the first sentence in the second paragraph reads:

"When you back up Active Directory, you include the System State data."

It should read:

"When you back up System State data, you include the Active Directory."

Page 287: Clarify step to backup Active Directory

On page 287, the first sentence in the third bullet item under 'Preparing to Back Up Active Directory' reads:

"The medium is loaded in the media device."

It should read:

"Check to ensure the medium is loaded in the media device."

Page 307: There should be no space in the term Netlogon

On page 307, the seventh item in Figure 11-5 'Domain Controlller Required Services' reads:

"Net Logon"

It should read:

"Netlogon"

Microsoft Press is committed to providing informative and accurate books. All comments and corrections listed above are ready for inclusion in future printings of this book. If you have a later printing of this book, it may already contain most or all of the above corrections.