/* */

Errata - Windows Server 2008 Active Directory

Click to Download a PDF of this file. 

Last modified 4/12/2011

Please check back regularly to see if any new items have been added.  You can get the latest copy from http://books.tomsho.com.

If you find additional errata or have any comments or suggestions, please leave the comments on http://books.tomsho.com or e-mail the author directly at This email address is being protected from spambots. You need JavaScript enabled to view it..


System Requirements

The client OS requirements state Windows Vista: Any edition except Home Edition.  However, Activity 8-7 has you install Services for NFS which is only available on Windows Vista Ultimate or Windows Vista Enterprise.

Chapter 1

Activity 1-5, p. 10

Step 7: If you are using Disk 1 instead of Disk 0, you may need to right-click on the disk and click Online and then initialize the disk before creating a new volume.

Chapter 2

  1. 69 last sentence of the chapter states “You delve into this topic in more detail in Chapter 13”.  This is not the case.    At best, you could say that Appendix F covers it some more.

Chapter 3

After Active Directory is installed along with DNS, it is best to create a reverse lookup zone for the IP subnets used by members of the domain.  This book addresses reverse lookup zones in Chapter 9, but does not have students create one for the subnet.  Ideally, this reverse lookup zone should be created immediately after DNS is installed on the DC.  In most cases, it will not affect things except that nslookup will report “Unknown” for the name of the Default Server.

  1. 81 3rd sentence, change to read “The Sysvol folder is a shared folder that stores file-based information that’s replicated to other domain controllers.”

Activity 3-10, p. 102

Step 5:, should read “In the left pane, click TestOU.  In the right pane…”

Chapter 4

                Solutions file: Case Project 4-3:

                                Bill: Allow Full Control except Deny delete all child objects

Chapter 5

Activity 5-5, p. 171

The Note before Step 1 states that an evaluation virtual machine for Vista can be downloaded from the Microsoft download site.  This evaluation VM is no longer available but a Windows 7 evaluation VM has replaced it.  You can search for “Windows 7 eval” at the download site.

Activity 5-8, p. 174 – this additional step is needed to delete the roaming default profile so Activities 7-9 and 7-19 will work correctly:

Add step 16 to the end of activity 5-8: On your server, open the netlogon share: click Start and type \\ServerXX\netlogon in the Start Search box and press Enter.  Delete the default roaming profile folder by clicking Default User.v2 and pressingDelete.  Click Yes on all the subsequent prompts.

Chapter 6

Activities 6-2, 6-5, 6-7, 6-9: testuser1’s password is Password02, not Password01 since it was changed in Activity 3-10.  Use Password02 to logon as testuser1.

Activity 6-4, p. 211

Step 8: 2nd sentence should read: Click the Shared folder in left pane, right-click in the right pane, point to New and click Text Document.

Activity 6-13, p. 227

Step 5: sentence 2 should read “Open the Marketing share.”

Activity 6-19 , p. 244

Step 3: 3rd sentence should read: Right-click the printer, click Properties and then click Print Test Page.

Instructor’s manual for Chapter 6.  Quick Quiz 2, question 3, Answer should be B, IPC$

                Instructor’s manual for Chapter 6.  Quick Quiz 2, question 5, Answer should be C, Read and Execute

Chapter 7

Activity 7-4, p. 266

Step 13: TestOUGPO was never linked to TestGP1.  There is no need to delete the link.

Activities 7-9 and 7-19. You must delete the roaming default profile(see Chapter 5, Activity 5-8 above) in order for Testuser1 to see the Control Panel in 7-9 and Documents in 7-19.

Activity 7-10, p. 279

Synctoy 1.4 is no longer available from the MS download site.  Synctoy 2.0 (or later) is available but not distributed in an .msi file.  Students can extract the .msi file from the .exe file or the instructor can do so and make the file available on a local server. To extract the .msi file, do the following:

Run SyncToySetupPackage.exe. When the setup screen appears, open Windows Explorer.  Navigate to “C:/[generated hash]” and double-click to open.  Right-click on the Windows Installer file “SyncToySetup” and copy.

Activities 7-9 and 7-19. You must delete the roaming default profile(see Chapter 5, Activity 5-8 above) in order for Testuser1 to see the Control Panel in 7-9 and Documents in 7-19.

Activity 7-22, p. 301

1st sentence should be: Type cd \users\administrator\w2k8adXX\documents\security\database

The documents portion of the path was omitted.


Chapter 8

Activity 8-6, p. 340

Step 4:  You may need to turn on Network Discovery on your Vista computer before you will see any computers when you click View Computers and Devices.

Activity 8-7 – see lab notes for this activity if you are using VMWare for virtualization.

Activity 8-7, p. 343

The installation of Services for NFS requires Windows Vista Ultimate or Enterprise.

Chapter 9

Activity 9-2: p. 358

Since DNS was installed separately from AD DS, the default action of creating a Forwarder to ServerXX was bypassed.  This will cause problems when you try to uninstall the domain in Chapter 10.  Add the following after step 6:

“To create a forwarder that points to a DC for W2k8adXX, in DNS Manager, right-click Server1XX and click Properties.  Click the Forwarders tab.  Click Edit.  Type where it says Click here to add an IP Address or DNS Name and press Enter.  Click OK.  Click OK again.

Activity 9-3, p. 360

Step 15:  You may not see the GTLD servers. When you install AD/DNS on Windows Server 2008, if the IP configuration already has a DNS server address configured, Windows Server 2008 automatically installs that address as a DNS Forwarder. 

To change this: right-click ServerXX in DNS Manager and click Properties.  Click the Forwarders tab.  If a forwarder is listed, click Edit.  Click the IP address of each forwarder and  click Delete.

Activity 9-7, p. 374

Step 14: After typing in the FQDN, rather than click Resolve,  you should type in the IP address of Server1XX. 

Change the 2nd  and 3rd sentences to: In the Server fully qualified domain name (FQDN) text box, type server1XX.subXX.w2k8adXX.com.  Then click <Click here to add an IP Address> and type

Chapter 9  solution file for case project 9-3,  it is suggested that the batch file used for the DNS stress test include the command “ipconfig /flushdns” to clear the local cache.  However, NSLOOKUP does not reference the local cache when doing a DNS lookup so that statement is not necessary (although it will not harm anything).

Chapter 10

Activity 10-2, p. 404

-You need a Forwarder on Server1XX pointing to ServerXX – See errata for Activity 9-2

-After AD removal, Server1XX is made a Workgroup member so you can no longer logon to the domain as Administrator.

Step 8: change to: “After your computer restarts, log on to Server1XX as Administrator and then open Server Manager.”

Step 11: change to: “After the computer restarts, log on to Server1XX as Administrator…”

Step 14: change to: “After the computer restarts, log on to Server1XX as Administrator…”


                Activity 10-6, p. 415

Step 11: 2nd sentence, change to

Activity 10-14, p. 431

Step 4: ServerXX may not appear in the “Replicate To” text box immediately.  You may need to wait a little while or logoff and log back on.

Step 9: It may take a while before the schedule reflects the change

Activity 10-15, p. 433

Step 4: A minimum of two sites are required for a site link.  Since there are only two sites defined, both Site100 and Site200 are included in the “Sites in this site link” box so there is no need to add them.

Activity 10-16, p. 439

Step 2: If you did not do Activity 4-6, you will need to register the schema management dll by typing regsvr32 schmmgmt.dll from the command line.

Page 438, under Transferring Operations Master Roles

It should be noted that when a DC that holds FSMO roles is demoted, its FSMO roles are automatically transferred to another DC.

Chapter 11


Activity 11-5, p. 467

Step 1: The password for salesperson1 is not mentioned – it should be Password02.

Step 4: The certificate may not appear to be issued right away.  Wait a few minutes and refresh the Certificates snap-in if necessary.

Activity 11-6, p. 470

Step 10: “click Bindings” should be changed to ”click Edit Bindings”.

Chapter 12

Activity 12-5, p. 504

If you get a message indicating that the domain could not be found, verify your DNS settings and try to lookup the domain using nslookup.  If the Ipv6 loopback address is being used as the default DNS server, disable the Ipv6 protocol on Server1XX.

Chapter 13

Activity 13-11, p. 543

Step 3: the command to join the domain requires a user and password.  Change the command to:

netdom join ServerCoreXX /domain:w2k8adXX.com /userD:administrator /passwordD:Password01

Activity 13-12, p. 544

Step 3: the dcpromo command shows a space before ‘Password01’  - there should not be any spaces after the : in each option.


Under DNS, the web link for Stub Zones is incorrect – should be: http://technet.microsoft.com/en-us/library/cc779197.aspx

Under AD Related; Correct URL for Federation trusts: http://technet.microsoft.com/en-us/library/cc738707.aspx

You are here: Home Windows Server 2008 (70-640) Errata