ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-417 All Questions

View all questions & answers for the 70-417 exam
Go to Exam

Exam 70-417 topic 1 question 667 discussion

Actual exam question from Microsoft's 70-417
Question #: 667
Topic #: 1
[All 70-417 Questions]

You have a RODC named Server1 running Server 2012. You need to add a RODC Administrator.
How do you complete the task?

  • A. dsmgmt.exe
  • B. ntdsutil
  • C. Add user to Local Administrator Group on Server1
  • D. Use Security Group and modify RODC Delegated Administrator
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
A read-only domain controller (RODC) offers the possibility of dividing the Administrator role. This means that each domain user or security group can be used as a local administrator of an RODC without the user or group must be granted rights to the domain or other domain controllers. A delegated administrator can log on to an RODC to maintenance work on the Server execute to update z. B. to a driver. The delegated administrator is not, however, be able to log on to another domain controller, or perform other administrative tasks in the domain. In this way, the effective management of RODCs a branch office to a security group from branch office users, instead of individual members of the Domain Admins group are delegated, without jeopardizing the safety of the rest of the domain. Before you install a read-only domain controller can in the wizard for making a account for a read-only domain controller, a user or a group Wreden defined as delegated
RODC Administrator.
To grant a user or a group after you install a read-only domain controller local administrator rights for a read-only domain controller (RODC), the settings on the tab can Maintained by be configured in the properties of the computer account of RODC1 can open the Utilities dsmgmt and Ntdsutil for adding a delegated RODC administrator be used.
Microsoft recommends expressly that utilities dsmgmt and Ntdsutil not to be used for this purpose and instead specify a group which the Administrator Role
Separation can be controlled.
The background is that the user, the password have been set with the help of dsmgmt or Ntdsutil as delegated RODC administrator cannot be easily determined in retrospect.
References: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc755310(v=ws.10)
by [deleted] at April 4, 2025, 11:02 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Currently there are no comments in this discussion, be the first to comment!
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel