ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam 70-742 All Questions

View all questions & answers for the 70-742 exam
Go to Exam

Exam 70-742 topic 1 question 81 discussion

Actual exam question from Microsoft's 70-742
Question #: 81
Topic #: 1
[All 70-742 Questions]

Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
You deploy a new Active Directory forest.
You need to ensure that you can create a group Managed Service Account (gMSA) for multiple member servers.
Solution: From Windows PowerShell on a domain controller, you run the Set-KdsConfiguration cmdlet.
Does this meet the goal?

  • A. Yes
  • B. No
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Paz at Sept. 20, 2019, 11:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
psycho202
Highly Voted 5 years, 9 months ago
You need to have added a KDS Root Key via Add-KdsRootKey ( https://docs.microsoft.com/en-us/powershell/module/kds/add-kdsrootkey?view=win10-ps ) before you can create gMSA's.
upvoted 9 times
...
Pitch09
Most Recent 4 years, 5 months ago
In order to start the configuration process, we need to create KDS root key. This need to run from domain controller with domain admin or enterprise admin privileges. Add-KdsRootKey –EffectiveImmediately https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-how-to-work-with-group-managed-service-accounts/ba-p/329864
upvoted 1 times
...
Samuelpn96
4 years, 8 months ago
I think the answer should be "Yes" "If the first master root key for Active Directory is not deployed in the domain or has not been created, then create it. The result of its creation can be verified in the KdsSvc Operational log, Event ID 4004". https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts
upvoted 2 times
Samuelpn96
4 years, 8 months ago
Actually the command to be run is only this one, according to the link provided just below the text "If the first master root for Active Directory is not deployed...": Add-KdsRootKey -EffectiveTime ((get-date).addhours(-10)) https://docs.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key So I change my answer to "No"
upvoted 3 times
...
...
coleman
5 years, 6 months ago
right https://blogs.technet.microsoft.com/askpfeplat/2012/12/16/windows-server-2012-group-managed-service-accounts/
upvoted 2 times
...
Paz
5 years, 9 months ago
https://docs.microsoft.com/en-us/powershell/module/addsadministration/new-adserviceaccount?view=win10-ps
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel