Exam Reviews

Real-Life Design

The design and analysis elements in this Windows 2000 exam make sure you understand how to map out a directory service.

Is the increased difficulty of the new exams—especially the design tests—a good thing or a bad thing? It’s good if you’ve worked hard for your title, spent years plying your craft, and want to stand out in the crowd, because that’s the kind of background you’ll need to get through the exams. It’s bad if you believe you need the MCSE certification to get your first job in the industry; if that’s the case, you might want to rethink your strategy—this exam is tough. You must pass one of the design exams (70-219, reviewed here, 70-220, or 70-221) as a core requirement of the Windows 2000 MCSE certification.

Why the big challenge? Isn’t this just another test? Almost anything can be taught; however, it’s much more difficult to impart analysis and design skills than it is to teach how to perform a concrete task, such as creating a user.

Directory Services Design (70-219)
Reviewer’s Rating: “A well designed, fair, and fairly difficult exam. You need to understand how to design and integrate the various components of Active Directory based on a set of business and technical needs.”

Title: Designing a Microsoft Windows 2000 Directory Services Infrastructure

Number of questions: 5 testlets, each with 3 to 13 associated questions for a total of 44 questions on beta; fewer on live exam.

Time allowed: 220 minutes for beta; less for live exam.

Current Status: Expected to go live in July 2000.

Who should take it? This exam can either be used as a core or an elective exam for the Windows 2000 MCSE certification. Passing it makes you an MCP.

For existing Windows NT 4.0 MCSEs:

  • 1560: Updating Support Skills from NT 4.0 to Win2K; 5 days.
  • 1561: Designing a Win2K Directory Services Infrastructure;5 days.

For new MCSE candidates:

  • 2151: Win2K Network & OS Essentials; 3 days.
  • 2152: Supporting Win2K Pro; 5 days.
  • 2153: Supporting a Network Infrastructure; 5 days.
  • 2154: Implementing and Administering Directory Services; 5 days.
  • 1561: Designing a Directory Services Infrastructure; 3 days.

I also recommend the following course: 2010: Designing a Win2K Migration Strategy; 2 days.

The Case Study

This is one of the first MCSE exams to use the new case-study-based exam items. These new items present you with a very large amount of information along with several test questions. The case study and its associated test questions are called a testlet.

Each case study consists of interviews with personnel within an organization on various topics, such as workflow, business needs, and technical needs, as well as background information, a problem statement, and any additional information required. Reading one is like reviewing a thorough set of notes from a client meeting.

The combined information presented in a case study often consists of 1,000-2,000 words or more. To give you a comparison, this article has about 2,300 words in it.

Tip: Your primary focus in taking a test that includes this type of question should be reading comprehension, reading comprehension, and even more reading comprehension.

Don’t skip any of the information in the case study; the information you skip might give you the answer to one of the questions based on the case study.

Tip: Notice the All tab. When this tab is selected, the entire case study is presented in a single scrolling dialog box. I find this option to be extremely useful when trying to find specific information to answer a question after I’ve read the case study.

Once you read through the case study a couple of times, you’re ready to move on to the questions that are based on it. Several types of questions might be used in the exam you take: multiple choice; drag and drop; a new type of question called a create tree in which you drag and drop items from the left side of the screen on the appropriate node of the tree in the right pane; and another new type called a build list and reorder, where you drag the appropriate subtasks from the list at the left side of the screen to the list on the right and put them in the order needed to perform a given task.

Analyzing Business Requirements

Now you’re ready to apply your skills to the information, by analyzing the company’s business models, its information and communication flow, and so on. Although you need to be able to convert the information fed to you through the case study into business requirements, it’s more important for you to determine how the various business requirements presented apply to the design and implementation of directory services.

Tip: Pay special attention to the current and desired IT management and administrative structure of the business—it will have a huge impact on various parts of the directory services design.

At first glance, all of this business stuff might not seem to apply much to directory services, but in fact it does. How a business is organized, who it does business with, and how it does business—all have a huge effect on networking, administration, and directory services. Remember, the network is there to support the business, not the other way around!

Analyzing Technical Requirements

Analyzing Technical Requirements is another new objective type for the MCSE exams, although it has some similarity to the Windows NT 4.0 planning objectives. There are three main areas that fall under this heading: evaluating the existing and planned technical environment, analyzing the impact of Active Directory on the existing and planned technical environment, and analyzing the business requirements for client computer desktop management.

Evaluating the company’s existing and planned technical environment consists of looking into several areas, including geographic location of work sites, performance requirements, available network bandwidth, and security. In each of the aforementioned areas you have to keep three things in mind: What does the client currently have, what do they plan to add, and what are their stated requirements? Then you have to analyze all three of those items together and determine if the organization’s requirements are going to be met, and if not, what should be done or added to meet the requirements.

Keep a close watch over the existing DNS environment and DNS requirements. Consider whether the organization needs to upgrade or completely replace its DNS infrastructure. Remember that Bind, the Unix DNS service, supports SRV records and dynamic updates in both of its two most recent versions, 8.12, and 8.2, and can be used to support a Windows 2000 Active Directory environment.

Tip: Keep in mind that Unix DNS implementations have been around much longer than NT and Windows 2000, and many large organizations will simply be unwilling to change their DNS environment from Unix to Windows 2000.

Also ensure that you understand the company’s current NT 4.0 domain structure, its current organization, and any business and technical needs that will affect the implementation of Active Directory.

Tip: If you don’t understand NT 4.0 domains and trust relationships, it’s time to learn them. You’ll never fully grasp Active Directory design in a mixed environment unless you do.

Designing a Directory Service Architecture

Ah, now we get to the meat of the topic. This set of objectives covers everything you can think of, including designing a forest and domain structure, planning an organizational unit (OU) structure, designing a schema modification policy, designing an Active Directory implementation plan, and planning for coexistence with other directory services (can you say NetWare and Banyan Vines?).

When you consider designing a directory service, watch closely for anything that will influence the layout of the forest and domain structure. Things to look for that will affect this include the company’s current and planned business structure, acquisition plans, administrative requirements, and business interactions with other organizations.

Tip: If an organization consists of several business units that each do business under a different company name, and the organization doesn’t plan to change this practice, you’re probably looking at a multi-domain design. (Companies have egos too.)

When considering the OU structure for an organization, keep in mind centralized vs. decentralized administration, departmental structure, geographical structure, and business needs. For example, if most administration is handled at a departmental level, the OU design will probably need to follow the departmental design of the organization, and the department’s network administrator will probably need to be the delegated administrative authority for the OU. On the other hand, if most administration is handled on a location-by-location basis, the OU design will probably need to follow the company’s geographical distribution.

Keep in mind the various things that might cause you to have to extend the schema. These include installing an application that requires extending the schema, and storing information in Active Directory that isn’t supported by a current object class. For example, if the organization’s human resources department needs to store the name and phone number for each employee’s preferred physician in Active Directory, the schema would have to be extended to support this.

When looking at an Active Directory implementation plan, don’t forget that most domain designs will involve upgrading NT 4.0 domains. Be sure you know how NT 4.0 domains are organized, with some domains containing user accounts (account domains), and other domains containing mostly computer accounts. Be very clear on how upgrades are performed and how user accounts and computer accounts can be migrated to a new domain structure.

Tip: The PDC of an NT 4.0 domain must be the first domain controller in the domain upgraded to Windows 2000.

Many large networks use other network operating systems such as NetWare and Banyan Vines. Make sure you understand what the organization under consideration wants to do with these servers, and how long they’ll continue to be used. Also be sure you know what protocols are required to support these NOSs.

Tip: Older versions of NetWare require the NWLink IPX/SPX/NetBIOS Compatible Transport Protocol. The most recent version of NetWare uses TCP/IP.

Designing Service Locations

If you want to implement Active Directory effectively on a large network, you have to place various servers appropriately to ensure quick response and to limit traffic across WAN links. Of course, since this is important in the real world, there are several objectives on this subject. The objectives cover the placement of operations masters, global catalog servers, domain controllers, and DNS servers.

Placing operations masters is fairly straightforward. Normally, you want to place the operations masters near the administrators who manage them and, of course, near the other domain controllers they affect. Keep in mind that there’s only one of each operations master in each domain, except the Schema Master and the Domain Naming Master, of which there’s only one of each in a forest.

Tip: The Infrastructure Master shouldn’t be placed on a domain controller that also functions as a global catalog server. If you need to place both the Infrastructure Master and a global catalog server in a site, you should place at least two domain controllers in that site.

Global catalog servers are used during the logon process, so there should normally be at least one global catalog server in each site. Large sites may require more than one global catalog server.

Domain controllers are used for logging on and are also often accessed when connecting to network resources. For this reason, at least one domain controller should be located at each site. If a network has only one site, it should probably have at least two domain controllers for fault-tolerance purposes.

DNS servers are used extensively by all computers on the network. Again, there should normally be at least one DNS server located in each site. A site’s DNS server doesn’t necessarily need to have every zone that the organization uses on it, but it should have the zone or zones that are heavily used within the site in which the DNS server is located. If DNS replication needs to be optimized, consider using Active Directory integrated zones.

Additional Information
Check out the following Microsoft Web sites for more information about this exam:

Also, to learn more about Active Directory design, be sure to read chapters 9 and 10 in the Microsoft Windows 2000 Server Deployment Planning Guide (one of the books in the Windows 2000 Server Resource Kit, an essential reference for anyone working with Windows 2000.)

Hard but Appropriate

This exam is fairly hard because you have to read a lot of information in the case study and then apply that information to associated test questions. However, this is as close as a computerized test can come to the real world of consulting design. When you pass this test, you can consider yourself among an elite group of highly qualified IT professionals in this subject area. Good luck!

comments powered by Disqus

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.