Yesterday, I gave a brief overview of the Microsoft exam 70-640 subjective 'Configuring DNS zone transfer and replication'. In today's post I will discuss a sample practice question.
Latest posts by Timothy Warner (see all)

In this blog post we continue our study overview of the Microsoft 70-640 Active Directory Configuration certification exam. More to the point, we have been approaching each exam objective one at a time; today’s subject is Windows Server 2008 DNS zone transfers and replication.

The sample question

You are the administrator of an Active Directory domain named All servers in the organization run Windows Server 2008 R2, and all client computers run Windows 7.

The domain includes 14 domain controllers, all of which also have the DNS Server role installed. To lighten administrative burden, you decide to create a delegated subdomain named and pass the zone management to a subset of the administrative staff. However, you need to ensure that only 3 domain controllers receive the DNS zone data during replication/zone transfer.

Which of the following actions should you perform in order to accomplish your goals?

A. Create the new delegation in a new application directory partition.

B. Create the new delegation in the DomainDnsZones application directory partition.

C. Create the new delegation in the ForestDnsZones application directory partition.

D. Create the new delegation in the SYSVOL share.

The correct answer, explanation, and analysis

The correct answer here is A. Application directory partitions are used to control the scope of replication for Active Directory, DNS zones, or custom application information.

We use the dnscmd command-line tool to create, manage, and delete application directory partitions. For instance, we can open an elevated command prompt and run the following command to create a custom application directory partition called EXECZONE on a Windows Server 2008 domain controller named server01:

C:\>dnscmd server01 /CreateDirectoryPartition

We can then enlist our target DNS servers in the newly created application directory partition:

C:\>dnscmd server02 /EnlistDirectoryPartition

Finally, we can change the replication scope for the new zone on all affected DNS servers:

C:\>dnscmd server02 /ZoneChangeDirectoryPartition

Okay—now that we know why the correct answer is what it is, how could we have applied logic and test-taker’s strategy to answering this question correctly?

Well, the first thing you should notice is that in this question all four answer choices have the same stem: “Create the new delegation.” So far, so good. We now can put that aside and focus on the second half of each choice.

This item requires that you understand the difference between application directory partitions and the SYSVOL share. Some test candidates, lacking sufficient background knowledge, might jump on choice D, thinking, “Well, SYSVOL is the seat of Active Directory replication. Thus, this must be where we can customize replication scope for DNS zones.

Not so fast. We aren’t discussing Active Directory replication as such. Instead, we are concerned with replicating DNS zone data to specified servers. I hope that logic would tell you that using the DomainDnsZones or ForestDnsZones partitions can be ruled out immediately because the scope on those partitions does not fit into the requirements of the scenario.

Because we have effectively ruled out choices B, C, and D, this leaves us with A as the only viable choice for this item.


Alrighty then! If you have studied all of our domain 1 blog posts, then you should feel pretty confident with DNS implementation in Windows Server 2008. As you know, most aspects of Active Directory design and function are rooted (pun intended) in DNS; you must be highly proficient with DNS theory and practice to be successful on the Microsoft IT pro certification exams.

In then next several posts we turn our attention to domain 2 in the 70-640 blueprint. Domain 2 involves configuring the Active Directory infrastructure; here is a sneak peek at the section content:

  • Configuring AD DS forests and domains
  • Configuring trust relationships
  • Configuring sites
  • Configuring AD replication
  • Configuring the global catalog
  • Configuring operations masters

Relevant links

In the next pair of posts in this series we will cover the first section of domain 2 in the 70-640 blueprint: configuring Active Directory Domain Services (AD DS) forests and domains.

Subscribe to 4sysops newsletter!

Next in this series are the Active Directory infrastructure objectives.


Leave a reply

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account