Exam 70-742 topic 1 question 226 discussion

answer D is correct . ADFS in Windows Server 2016 includes a new feature "Access Control Policies" which is not available in Windows Server 2012 R2, this new feature achieves roles separation as demanded by this question. https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/access-control-policies-in-ad-fs https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016 Administrators can add new, Windows Server 2016 federation servers to an existing Windows Server 2012 R2 farm. As a result, the farm is in "mixed mode" and operates the Windows Server 2012 R2 farm behavior level. To ensure consistent behavior across the farm, new Windows Server 2016 features cannot be configured or used in this mode. Be aware that while in mixed farm mode, the AD FS farm is not capable of any new features or functionality introduced in AD FS in Windows Server 2016. This means organizations that want to try out new features cannot do this until the Farm Behavior Level is raised. Use the "Invoke-AdfsFarmBahaviorLevelRaise cmdlet to raise the Farm's feature and function as provided by Windows Server 2016

Invoke-AdfsFarmBehaviorLevelRaise? Because you want to use the new features?

Invoke-AdfsFarmBehaviorLevelRaise Correct Use this to raise the farm level to 2016, which will allow role separation

D is correct

Answer is: D. Invoke-AdfsFarmBehaviorLevelRaise

Please hepl me. I don't understand the relation between role separation and Invoke-AdfsFarmBehaviorLevelRaise.

B and D; AD FS for Windows Server 2016 introduces the ability to have separation between server administrators and AD FS service administrators. After upgrading our ADFS servers to Windows Server 2016, the last step is to raise the Farm Behavior Level using the Invoke-AdfsFarmBehaviorLevelRaise PowerShell cmdlet. To upgrade the farm behavior level from Windows Server 2012 R2 to Windows Server 2016 use the InvokeADFSFarmBehaviorLevelRaise cmdlet. References: https://technet.microsoft.com/en-us/library/mt605334(v=ws.11).aspx

Good article spud, but notice in this question it says they removed server 1 from the farm, so you dont have to change owners like in your article, you just have to invoke-adfsfarmbehavior. The anwser would be D.

I thin the answer is correct - please see following link which gives you steps on moving the primary role https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server

Correct answer is : Invoke-AdfsFarmBehaviorLevelRaise The Invoke-AdfsFarmBehaviorLevelRaise cmdlet raises the behavior level of an Active Directory Federation Services (AD FS) farm to enable the new features that are available in later versions of the Windows operating system. https://docs.microsoft.com/en-us/powershell/module/adfs/invoke-adfsfarmbehaviorlevelraise?view=win10-ps

"You need to ensure that you can use role separation to manage the farm." Means that need to use (enable) new feature and cmdlet to enable new feature is "Invoke-AdfsFarmBehaviorLevelRaise" Refer to below link for what differences of the cmdlets nvoke-AdfsFarmBehaviorLevelRaise : https://docs.microsoft.com/en-us/powershell/module/adfs/invoke-adfsfarmbehaviorlevelraise?view=win10-ps Set-AdfsFarmInformation : https://docs.microsoft.com/en-us/powershell/module/adfs/set-adfsfarminformation?view=win10-ps