How to Ensure Client Computers in a New Branch Office are Authenticated by Domain Controllers in Site1 | AZ-800 Exam Solution
Question
Note: This question is part of a series of questions that present the same scenario. Each question in the series contains a unique solution that might meet the stated goals. Some question sets might have more than one correct solution, while others might not have a correct solution.
After you answer a question in this section, you will NOT be able to return to it. As a result, these questions will not appear in the review screen.
Your network contains an Active Directory Domain Services (AD DS) forest. The forest contains three Active Directory sites named Site1, Site2, and Site3. Each site contains two domain controllers. The sites are connected by using DEFAULTIPSITELINK.
You open a new branch office that contains only client computers.
You need to ensure that the client computers in the new office are primarily authenticated by the domain controllers in Site1.
Solution: You create an organization unit (OU) that contains the client computers in the branch office. You configure the Try Next Closest Site Group Policy Object
(GPO) setting in a GPO that is linked to the new OU.
Does this meet the goal?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B.B
The proposed solution may partially meet the stated goal of ensuring that the client computers in the new branch office are primarily authenticated by the domain controllers in Site1, but it may not be sufficient.
The "Try Next Closest Site" Group Policy setting is used to control how client computers attempt to locate domain controllers when they cannot reach a domain controller in their current site. By default, the setting is enabled and configured to attempt to locate a domain controller in the same site as the client first, and then progressively expand the search to other sites until a domain controller is found.
By configuring the "Try Next Closest Site" setting in a GPO that is linked to the new OU, the client computers in the branch office will be instructed to primarily authenticate with domain controllers in Site1, as long as at least one domain controller in that site is available. If none of the domain controllers in Site1 are available, the clients will attempt to locate a domain controller in Site2 or Site3, according to the DEFAULTIPSITELINK.
However, the proposed solution does not guarantee that the client computers will always be authenticated by domain controllers in Site1. For example, if all domain controllers in Site1 are unavailable or overloaded, the clients may authenticate with domain controllers in Site2 or Site3. To further improve the likelihood that clients authenticate with domain controllers in Site1, other measures such as adjusting site link costs or configuring Active Directory sites and subnets may be necessary.
Therefore, the proposed solution may partially meet the goal of ensuring that the client computers in the new branch office are primarily authenticated by the domain controllers in Site1, but it may not be sufficient in all scenarios. The correct answer to the question is therefore B. No, the solution may not fully meet the goal.
