Close this Advertisement

Pop Quiz

Pop Quiz: Windows Server 2008 R2, Active Directory Configuration -- Manage Certificate Templates

Applies to the "Configuring Active Directory Certificate Services" objective of Exam 70-640 TS: Windows Server 2008 Active Directory Configuration.

Q: Which Windows Server editions can be used to deploy version 3 certificate templates?

  1. Windows Server 2008 R2 all editions
  2. Windows Server 2003, all editions
  3. Windows Server 2008, Enterprise and Datacenter editions
  4. Windows Server 2003 R2, Enterprise and Datacenter editions

Answer and explanation is below.

Answer is A and C: Windows Server 2008 R2 and 2008 Enterprise and Datacenter editions support version 3 certificate templates, which provide support for Suite B cryptographic algorithms created by the U.S. National Security Agency -- Windows Server 2008 Standard does not.

Quick Tip: Windows Server 2008 R2 also supports cross-forest certificate enrollment. More information on that here.

References:

Bonus Question: What are the requirements when deploying a DHCP Split Scope? (Tweet your answer with #pop640d and get a chance to win a Redmond t-shirt! Deadline for entries is Wednesday, May 2.)

Answer to last week's bonus question: The steps required to perform an offline defragmentation of the Active Directory database: Restart the server and press F8; choose Directory Services Restore Mode; from a command line, use NTDSUTIL.

About the Author

Andy Barkl, CCNP, CCDP, CISSP, MCT, MVP, MCDST, MCSE: Security, MCSA: Security, MCSA: Messaging A+, CTT+, i-Net+, Network+, Security+, Server+, CNA, has over 20 years of experience in the IT field. He's the owner of MCT & Associates LLC, a technical training and consulting firm in Phoenix, Arizona. He enjoys dividing his time between teaching in the classroom, writing from his office and consulting on Cisco and Windows deployments. He's also the online editor for MCPMag.com, TCPMag.com, CertCities.com, and a contributing author and editor for Sybex and Cisco Press. He hosts a multitude of exam preparation chats monthly on MCPmag.com and CertCities.com.

Reader Comments:

Fri, Apr 27, 2012 Sam Namiq United States

The answer to last week pop question is only true for Windows 2003 and older. with the introduction of Windows 2008, there is no need to go to "Directory Services Restore Mode", you can do that from a normal boot by just stopping the ntds service, and this really beneficial specially in small environments, where you have only one server with multiple roles, so during the active directory offline time, users will be able to use other services (such as network shares on the server) and will not be affected by this process. please refer to http://technet.microsoft.com/en-us/library/cc794920(v=ws.10).aspx

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above