20411B-ENU-TrainerHandbook
.pdfAdministering Windows Server® 2012 L2-9
10. |
On the Select features page, click Next. |
MCT |
||
11. |
On the DNS Server page, click Next. |
|||
12. |
On the Confirm installation selections page, click Install. |
USE |
||
13. |
After the role is installed, click Close. |
|||
|
|
|||
Task 2: Create the required secondary zones on LON-SVR1 |
|
|
||
1. |
Pause your mouse pointer in the lower left of the display, and then click Start. |
|
|
|
3. |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
4. |
In Server Manager, click Tools, and then click DNS. |
ONLY. |
||
5. |
From Start, click DNS. |
|||
|
|
|||
6. |
In DNS Manager, in the navigation pane, expand LON-SVR1, and then click Forward Lookup Zones. |
|||
|
Notice the new zone. |
|
|
|
4. |
STUDENT |
|||
|
||||
|
|
|
|
|
5. |
In DNS Manager, in the navigation pane, click Adatum.com, and then on the toolbar, click Refresh. |
|||
6. |
Right-click Adatum.com, and then click Properties. |
USE |
||
7. |
In the Adatum.com Properties dialog box, click the Zone Transfers tab. |
|||
8. |
Click Notify, and verify that the server 172.16.0.21 is listed. |
|||
9. |
Click Cancel. |
|||
|
|
|||
10. |
Click OK to close the Adatum.com Properties dialog box. |
|
|
|
1. |
On LON-DC1, in DNS Manager, right-click Adatum.com, and then click Properties. |
|
|
|
2. |
In the Adatum.com Properties dialog box, click the Start of Authority (SOA) tab. |
|
|
|
3. |
In the Minimum (default) TTL box, type 2, and then click OK. |
|
|
|
4. |
Right-click LON-DC1, and then click Set Aging/Scavenging for All Zones. |
|
|
|
5. |
In the Set Aging/Scavenging Properties dialog box, select the Scavenge stale resource records |
|
|
|
|
check box, and then click OK. |
|
|
|
6. |
In the Server Aging/Scavenging Confirmation dialog box, select the Apply these settings to the |
|||
|
existing Active Directory-integrated zones check box, and then click OK. |
PROHIBITED |
||
|
|
MCT USE ONLY. STUDENT USE PROHIBITED
|
|
|
MCT |
|
|
|
L3-13 |
||
Module 3: Maintaining Active Directory Domain Services |
|
|||
Lab: Maintaining AD DS |
|
USE |
||
Exercise 1: Installing and Configuring a RODC |
|
|||
|
|
|||
Task 1: Verify requirements for installing a RODC |
|
|
||
1. |
On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers. |
|||
2. |
In Active Directory Users and Computers, in the navigation pane, right-click the |
Adatum.com |
.ONLY |
|
|
||||
|
domain, and then click Raise domain functional level. |
|
|
|
3. |
In the Raise domain functional level window, confirm that the Current domain functional level is set |
|||
|
to Windows Server 2008 R2. The minimum level for RODC support is Windows Server 2003. Click |
|
||
|
Cancel. |
|
|
|
4. |
Switch to LON-SVR1. |
|
|
|
5. |
On LON-SVR1, in Server Manager, click Local Server, and then click LON-SVR1 beside Computer |
STUDENT |
||
|
name. |
|
||
|
|
|
||
6. |
In the System Properties window, click Change. |
|
|
|
7. |
In the Computer Name/Domain Changes window, click the Workgroup radio button, type |
|
||
|
TEMPORARY into the Workgroup field, and then click OK. |
|
|
|
8. |
In the Computer Name/Domain Changes window, click OK. |
|
|
|
9. |
Click OK twice to confirm the name change and pending server restart. |
|
|
|
10. |
In the System Properties window, click Close. |
|
|
|
11. |
In the Microsoft Windows window, click Restart Now. |
|
|
|
12. |
Switch to LON-DC1. |
|
USE |
|
13. |
On LON-DC1, in Active Directory Users and Computers, in the navigation pane, expand |
|||
|
||||
|
Adatum.com, and then click Computers. |
|
|
|
14. |
Right-click LON-SVR1, and then click Delete. |
|
|
|
15. |
Click Yes twice. |
|
|
|
16. |
In Active Directory Users and Computers, right-click Domain Controllers, and then click |
PROHIBITED |
||
|
Pre-create Read-only Domain Controller account. |
|
||
|
|
|
||
17. |
In the Active Directory Domain Services Installation Wizard window, click Next. |
|
|
|
18. |
Click Next to accept the current credentials. |
|
|
|
19. |
In the Computer name field, type LON-SVR1, and then click Next. |
|
|
|
20. |
On the Select a site page, click Next. |
|
|
|
21. |
On the Additional Domain Controller Options page, click Next. |
|
|
|
22. |
On the Delegation of RODC Installation and Administration page, type Adatum\IT in the Group |
|||
|
or user field, and then click Next. |
|
|
|
23. |
On the Summary page, click Next. |
|
|
L3-14 Maintaining Active Directory Domain Services
24. Click Finish to complete the wizard. |
MCT |
||
25. |
Close Active Directory Users and Computers. |
||
|
Task 2: Install an RODC |
USE |
|
|
|||
1. |
Log on to LON-SVR1 as Administrator with the password Pa$$w0rd. |
|
|
2. |
On LON-SVR1, in Server Manager, click Manage, and then click Add Roles and Features. |
|
|
3. |
In the Add Roles and Features Wizard, click Next. |
.ONLY |
|
4. |
Ensure that Role-based or feature-based installation is selected, and then click Next. |
||
|
|||
5. |
Select LON-SVR1, and then click Next. |
|
|
6. |
On the Select server roles page, select the check box to select Active Directory Domain Services, |
|
|
|
click Add Features, and then click Next. |
|
|
7. |
On the Select features page, click Next. |
|
|
8. |
Click Next, and then click Install to continue the installation. |
STUDENT |
|
9. |
When the installation completes, click Close. |
||
|
|||
10. In Server Manager, click the Notifications icon, and then click Promote this server to a domain |
|
||
|
controller. |
|
|
11. In the Deployment Configuration window, beside Domain, click Select. |
|
||
12. |
In the Windows Security window, type Adatum\April for User name and Pa$$w0rd as a password, |
|
|
|
and then click OK. |
|
|
13. |
In the Select a domain from the forest window, click Adatum.com, and then click OK. |
|
|
14. |
In the Deployment Configuration window, click Next. |
|
|
15. |
On the Domain Controller Options screen, under Type the Directory Services Restore Mode |
|
|
|
(DSRM) password, type Pa$$w0rd in the Password and Confirm password fields, and then click |
USE |
|
|
Next. |
||
16. |
On the Additional Options page, beside Replicate from, click the drop-down box, click |
||
|
|||
|
LON-DC1.Adatum.com, and then click Next. |
|
|
17. |
On the Paths page, click Next. |
|
|
18. On the Review Options page, click Next. |
PROHIBITED |
||
19. On the Prerequisites Check page, click Install. |
|||
|
|||
20. After the Active Directory Domain Services Wizard has completed, LON-SVR1 will restart. |
|
||
1. |
On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers. |
||
2. |
In the Active Directory Users and Computers window, click the Users container, double-click Allowed |
||
|
RODC Password Replication Group, click the Members tab, and then verify that there is nothing |
|
|
|
listed. |
|
|
3. |
Click OK. |
|
|
4. |
In Active Directory Users and Computers, click the Domain Controllers OU, right-click LON-SVR1, |
||
|
and then click Properties. |
|
|
Administering Windows Server® 2012 |
MCT |
|
|
L3-15 |
|
|
5. |
Click the Password Replication Policy tab, and confirm that Allowed RODC Password Replication |
||
|
Group and Denied RODC Password Replication Policy Group are both listed. |
|
|
6. |
Click OK. |
|
|
Create a group to manage password replication to the remote office RODC
1. |
On LON-DC1, in Active Directory Users and Computers, right-click the Research OU, click New, and |
|||
|
then click Group. |
|
USE |
|
2. |
In the New Object – Group window, type Remote Office Users in the |
Group name field, confirm |
||
|
||||
|
that Global and Security are selected, and then click OK. |
|
|
|
3. |
In Active Directory Users and Computers, click the Research OU, and then double-click the Remote |
|||
|
Office Users group. |
|
ONLY. |
|
4. |
In the Remote Office Users Properties window, click the Members tab. |
|
||
5. |
Click Add, type Aziz; Colin; Lukas; Louise and then click Check Names. |
|||
6. |
Click Object Types, select Computers, and then click OK. |
|
||
7. |
In the Enter the object names to select field, type LON-CL1, click Check names, and then click OK. |
|||
8. |
Click OK to the close the Remote Office Users Properties window. |
|
|
|
1. |
On LON-DC1, in Active Directory Users and Computers, click the Domain Controllers OU, right-click |
|||
|
LON-SVR1, and then click Properties. |
|
|
|
2. |
In the LON-SVR1 Properties window, click the Password Replication Policy tab, and then click Add. |
|||
3. |
In the Add Groups, Users, and Computers window, click the radio button to select Allow passwords |
|||
|
for the account to replicate to this RODC, and then click OK. |
|
|
|
4. |
In the search window, in the Enter the object names to select field, type Remote Office Users, click |
|||
|
Check Names, and then click OK. |
|
STUDENT |
|
|
|
USE |
||
5. |
In the LON-SVR1 Properties window, click Apply, and do not close the window. |
|||
1. |
On LON-DC1, in the LON-SVR1 Properties window, on the Password Replication Policy tab, click |
|||
|
Advanced. |
|
||
|
|
|
||
2. |
Click the Resultant Policy tab, click Add, type Aziz, click Check Names, and then click OK. |
|
||
3. |
Confirm that the Resultant Setting for Aziz is Allow. |
|
|
|
4. |
Click Close, and then click OK to close the LON-SVR1 Properties dialog box. |
|
||
1. |
Switch to LON-SVR1. |
|
|
|
2. |
Attempt to sign in as Adatum\Aziz with the password Pa$$w0rd. The sign in will fail, because Aziz |
|||
|
does not have permission to sign in to LON-SVR1. However, the credentials for Aziz’s account were |
|
||
|
processed and cached on LON-SVR1. |
|
|
|
3. |
Switch to LON-DC1. |
|
|
|
4. |
In Active Directory Users and Computers, click the Domain Controllers OU, double-click LON-SVR1, |
|||
|
and then click the Password Replication Policy tab. |
|
PROHIBITED |
|
|
|
|
L3-18 Maintaining Active Directory Domain Services
|
Task 4: Explore a snapshot with Active Directory Users and Computers |
|
|
|
||
1. |
Switch to Active Directory Users and Computers. Right-click the root node of the snap-in, and thenMCT |
|||||
|
|
click Change Domain Controller. |
USE |
|||
2. |
Click <Type a Directory Server name[:port] here>, type LON-DC1:50000, and then press Enter. |
|||||
|
|
Click OK. |
||||
3. |
In the navigation pane, double-click Adatum.com. |
|||||
4. |
In the navigation pane, double-click the Marketing OU. |
|||||
|
.ONLY |
|||||
5. |
Locate the Adam Barr user account object. Note that the Adam Barr object is displayed because the |
|
||||
|
|
snapshot was taken prior to deleting it. |
|
|||
|
Task 5: Unmount an Active Directory snapshot |
|
||||
1. |
In the command prompt, press Ctrl+C to stop DSAMain.exe. |
|
||||
2. |
Type the following commands: |
|
||||
|
|
|
|
|||
|
|
ntdsutil |
|
|
|
|
|
|
snapshot |
|
|
|
|
|
|
activate instance ntds |
|
|
|
|
|
|
list all |
|
|
|
|
|
|
unmount guid |
|
|
|
|
|
|
list all |
|
|
|
|
|
|
quit |
|
|
|
|
|
|
Quit |
|
|
|
|
|
|
|
|
|
|
|
|
|
Where guid is the GUID of the snapshot. |
|
|
|
|
|
|
|
|
|
||
|
Results: After completing this exercise, you will have configured AD DS snapshots. |
|
|
STUDENT |
||
|
|
|
|
|
||
|
Exercise 3: Configuring the Active Directory Recycle Bin |
USE |
||||
|
Task 1: Enable the Active Directory Recycle Bin |
|||||
1. |
On LON-DC1, in Server Manager, click Tools, and then click Active Directory Administrative |
|||||
|
|
|
||||
|
|
Center. |
PROHIBITED |
|||
2. |
Click Adatum (local). |
|||||
3. |
In the Tasks pane, click Enable Recycle Bin, click OK on the warning message box, and then click OK |
|||||
|
|
to the refresh Active Directory Administrative Center message. |
||||
4. |
Press F5 to refresh Active Directory Administrative Center. |
|||||
|
|
|