Добавил:

Upload Опубликованный материал нарушает ваши авторские права? Сообщите нам.

Вуз:

Алматинский университет энергетики и связи

Предмет:

[НЕСОРТИРОВАННОЕ]

Файл:

20411B-ENU-TrainerHandbook

.pdf

Скачиваний:

237

Добавлен:

01.05.2015

Размер:

16.48 Mб

Скачать

☆

<<< < Предыдущая 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 4445 / 5345 46 47 48 49 50 51 52 53 > Следующая >>>

Administering Windows Server® 2012 L2-9

10.	On the Select features page, click Next.	MCT
11.	On the DNS Server page, click Next.	MCT
12.	On the Confirm installation selections page, click Install.	USE
13.	After the role is installed, click Close.	USE
13.	After the role is installed, click Close.
 Task 2: Create the required secondary zones on LON-SVR1
1.	Pause your mouse pointer in the lower left of the display, and then click Start.
3.


4.	In Server Manager, click Tools, and then click DNS.	ONLY.
5.	From Start, click DNS.

6.	In DNS Manager, in the navigation pane, expand LON-SVR1, and then click Forward Lookup Zones.
	Notice the new zone.
4.	STUDENT
	STUDENT

5.	In DNS Manager, in the navigation pane, click Adatum.com, and then on the toolbar, click Refresh.
6.	Right-click Adatum.com, and then click Properties.	USE
7.	In the Adatum.com Properties dialog box, click the Zone Transfers tab.
8.	Click Notify, and verify that the server 172.16.0.21 is listed.
9.	Click Cancel.
9.	Click Cancel.
10.	Click OK to close the Adatum.com Properties dialog box.
1.	On LON-DC1, in DNS Manager, right-click Adatum.com, and then click Properties.
2.	In the Adatum.com Properties dialog box, click the Start of Authority (SOA) tab.
3.	In the Minimum (default) TTL box, type 2, and then click OK.
4.	Right-click LON-DC1, and then click Set Aging/Scavenging for All Zones.
5.	In the Set Aging/Scavenging Properties dialog box, select the Scavenge stale resource records
	check box, and then click OK.
6.	In the Server Aging/Scavenging Confirmation dialog box, select the Apply these settings to the
	existing Active Directory-integrated zones check box, and then click OK.	PROHIBITED
		PROHIBITED

L2-10 Configuring and Troubleshooting Domain Name System

 Task 5: Configure clients to use the new name server

1.Switch to LON-CL1.

2.Sign in to the LON-CL1 virtual machine as Adatum\Administrator with the password Pa$$w0rd.

3.On the Start screen, type Control, and then click Control Panel.

4.In Control Panel, click Network and Internet.

5.In Network and Internet, click Network and Sharing Center.

6.In Network and Sharing Center, to the right of the Adatum.com Domain network, click Local Area Connection.

7.In the Local Area Connection Status dialog box, click Properties.

8.Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.

9.In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, in the Preferred DNS server box, type 172.16.0.21, and then click OK.

10.In the Local Area Connection Properties dialog box, click Close.

11.In the Local Area Connection Status dialog box, click Close.

Results: After this exercise, you should have successfully installed and configured DNS on LON-SVR1.

Exercise 4: Troubleshooting DNS

 Task 1: Test simple and recursive queries

1.Switch to LON-DC1.

2.On LON-DC1, switch to DNS Manager.

3.In the navigation pane, right-click LON-DC1, and then click Properties.

4.Click the Monitoring tab.

5.On the Monitoring tab, select A simple query against this DNS server, and then click Test Now.

6.On the Monitoring tab, select A recursive query to other DNS servers, and then click Test Now. Notice that the Recursive test fails for LON-DC1, which is normal given that there are no forwarders configured for this DNS server to use.

7.Pause your mouse pointer in the lower-left of the display, and then click Start.

8.In Start, type cmd, and then press Enter.

9.At the command prompt, type the following command, and then press Enter:

sc stop dns

10.Switch back to DNS Manager.

11.In DNS Manager, in the LON-DC1 Properties dialog box, on the Monitoring tab, click Test Now. Now, both simple and recursive tests fail because no DNS server is available.

12.Switch to the command prompt.

PROHIBITED USE STUDENT .ONLY USE MCT

	Administering Windows Server® 2012	MCT
	Administering Windows Server® 2012	L2-11
13. At the command prompt, type the following command, and then press Enter:

	sc start dns

14.Switch back to DNS Manager.

15.On the Monitoring tab, click Test Now. The simple test completes successfully.

16.Close the LON-DC1 Properties dialog box.

 Task 2: Verify start-of-authority (SOA) resource records with Windows PowerShell

USE

1.On LON-DC1, on the taskbar, click Windows PowerShell.

2.At the Windows PowerShell® prompt, type the following command, and then press Enter:

resolve-dnsname –name Adatum.com –type SOA	ONLY
	ONLY
3. Close the Windows PowerShell prompt.	.
	.

Results: After this exercise, you should have successfully tested and verified DNS.

 To prepare for the next module	STUDENT
	STUDENT

When you finish the lab, revert the virtual machines to their initial state. To do this, perform the following steps:

1.On the host computer, start Hyper-V Manager.

2.In the Virtual Machines list, right-click 20411B-LON-DC1, and then click Revert.

3.In the Revert Virtual Machine dialog box, click Revert.

4.Repeat steps 2 and 3 for 20411B-LON-SVR1 and 20411B-LON-CL1.

PROHIBITED USE

MCT USE ONLY. STUDENT USE PROHIBITED

			MCT
		L3-13
Module 3: Maintaining Active Directory Domain Services
Lab: Maintaining AD DS			USE
Exercise 1: Installing and Configuring a RODC			USE
Exercise 1: Installing and Configuring a RODC
 Task 1: Verify requirements for installing a RODC
1.	On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers.
2.	In Active Directory Users and Computers, in the navigation pane, right-click the	Adatum.com	.ONLY
2.		Adatum.com
	domain, and then click Raise domain functional level.
3.	In the Raise domain functional level window, confirm that the Current domain functional level is set
	to Windows Server 2008 R2. The minimum level for RODC support is Windows Server 2003. Click
	Cancel.
4.	Switch to LON-SVR1.
5.	On LON-SVR1, in Server Manager, click Local Server, and then click LON-SVR1 beside Computer		STUDENT
	name.		STUDENT
	name.
6.	In the System Properties window, click Change.
7.	In the Computer Name/Domain Changes window, click the Workgroup radio button, type
	TEMPORARY into the Workgroup field, and then click OK.
8.	In the Computer Name/Domain Changes window, click OK.
9.	Click OK twice to confirm the name change and pending server restart.
10.	In the System Properties window, click Close.
11.	In the Microsoft Windows window, click Restart Now.
12.	Switch to LON-DC1.		USE
13.	On LON-DC1, in Active Directory Users and Computers, in the navigation pane, expand		USE
13.
	Adatum.com, and then click Computers.
14.	Right-click LON-SVR1, and then click Delete.
15.	Click Yes twice.
16.	In Active Directory Users and Computers, right-click Domain Controllers, and then click		PROHIBITED
	Pre-create Read-only Domain Controller account.		PROHIBITED
	Pre-create Read-only Domain Controller account.
17.	In the Active Directory Domain Services Installation Wizard window, click Next.
18.	Click Next to accept the current credentials.
19.	In the Computer name field, type LON-SVR1, and then click Next.
20.	On the Select a site page, click Next.
21.	On the Additional Domain Controller Options page, click Next.
22.	On the Delegation of RODC Installation and Administration page, type Adatum\IT in the Group
	or user field, and then click Next.
23.	On the Summary page, click Next.

L3-14 Maintaining Active Directory Domain Services

24. Click Finish to complete the wizard.		MCT
25.	Close Active Directory Users and Computers.	MCT
	Task 2: Install an RODC	USE
	Task 2: Install an RODC
1.	Log on to LON-SVR1 as Administrator with the password Pa$$w0rd.
2.	On LON-SVR1, in Server Manager, click Manage, and then click Add Roles and Features.
3.	In the Add Roles and Features Wizard, click Next.	.ONLY
4.	Ensure that Role-based or feature-based installation is selected, and then click Next.	.ONLY
4.
5.	Select LON-SVR1, and then click Next.
6.	On the Select server roles page, select the check box to select Active Directory Domain Services,
	click Add Features, and then click Next.
7.	On the Select features page, click Next.
8.	Click Next, and then click Install to continue the installation.	STUDENT
9.	When the installation completes, click Close.	STUDENT
9.	When the installation completes, click Close.
10. In Server Manager, click the Notifications icon, and then click Promote this server to a domain
	controller.
11. In the Deployment Configuration window, beside Domain, click Select.
12.	In the Windows Security window, type Adatum\April for User name and Pa$$w0rd as a password,
	and then click OK.
13.	In the Select a domain from the forest window, click Adatum.com, and then click OK.
14.	In the Deployment Configuration window, click Next.
15.	On the Domain Controller Options screen, under Type the Directory Services Restore Mode
	(DSRM) password, type Pa$$w0rd in the Password and Confirm password fields, and then click	USE
	Next.
16.	On the Additional Options page, beside Replicate from, click the drop-down box, click
16.
	LON-DC1.Adatum.com, and then click Next.
17.	On the Paths page, click Next.
18. On the Review Options page, click Next.		PROHIBITED
19. On the Prerequisites Check page, click Install.		PROHIBITED
19. On the Prerequisites Check page, click Install.
20. After the Active Directory Domain Services Wizard has completed, LON-SVR1 will restart.
1.	On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers.
2.	In the Active Directory Users and Computers window, click the Users container, double-click Allowed
	RODC Password Replication Group, click the Members tab, and then verify that there is nothing
	listed.
3.	Click OK.
4.	In Active Directory Users and Computers, click the Domain Controllers OU, right-click LON-SVR1,
	and then click Properties.

	Administering Windows Server® 2012	MCT
	Administering Windows Server® 2012	L3-15
5.	Click the Password Replication Policy tab, and confirm that Allowed RODC Password Replication
	Group and Denied RODC Password Replication Policy Group are both listed.
6.	Click OK.

Create a group to manage password replication to the remote office RODC

1.	On LON-DC1, in Active Directory Users and Computers, right-click the Research OU, click New, and
	then click Group.		USE
2.	In the New Object – Group window, type Remote Office Users in the	Group name field, confirm	USE
2.		Group name field, confirm
	that Global and Security are selected, and then click OK.
3.	In Active Directory Users and Computers, click the Research OU, and then double-click the Remote
	Office Users group.		ONLY.
4.	In the Remote Office Users Properties window, click the Members tab.
5.	Click Add, type Aziz; Colin; Lukas; Louise and then click Check Names.
6.	Click Object Types, select Computers, and then click OK.
7.	In the Enter the object names to select field, type LON-CL1, click Check names, and then click OK.
8.	Click OK to the close the Remote Office Users Properties window.
1.	On LON-DC1, in Active Directory Users and Computers, click the Domain Controllers OU, right-click
	LON-SVR1, and then click Properties.
2.	In the LON-SVR1 Properties window, click the Password Replication Policy tab, and then click Add.
3.	In the Add Groups, Users, and Computers window, click the radio button to select Allow passwords
	for the account to replicate to this RODC, and then click OK.
4.	In the search window, in the Enter the object names to select field, type Remote Office Users, click
	Check Names, and then click OK.		STUDENT
	Check Names, and then click OK.		USE
5.	In the LON-SVR1 Properties window, click Apply, and do not close the window.
1.	On LON-DC1, in the LON-SVR1 Properties window, on the Password Replication Policy tab, click
	Advanced.

2.	Click the Resultant Policy tab, click Add, type Aziz, click Check Names, and then click OK.
3.	Confirm that the Resultant Setting for Aziz is Allow.
4.	Click Close, and then click OK to close the LON-SVR1 Properties dialog box.
1.	Switch to LON-SVR1.
2.	Attempt to sign in as Adatum\Aziz with the password Pa$$w0rd. The sign in will fail, because Aziz
	does not have permission to sign in to LON-SVR1. However, the credentials for Aziz’s account were
	processed and cached on LON-SVR1.
3.	Switch to LON-DC1.
4.	In Active Directory Users and Computers, click the Domain Controllers OU, double-click LON-SVR1,
	and then click the Password Replication Policy tab.		PROHIBITED
			PROHIBITED

L3-16 Maintaining Active Directory Domain Services

5.On the Password Replication Policy tab, click Advanced. Notice that Aziz’s account’s password has been stored on LON-SVR1.

6.Click Close, and then click OK.

Prepopulate credential caching

1.On LON-DC1, in Active Directory Users and Computers, click the Domain Controllers OU, doubleclick LON-SVR1, and then click the Password Replication Policy tab.

2.On the Password Replication Policy tab, click Advanced, and then click Prepopulate Passwords.

3.Type Louise; LON-CL1, click Check names, click OK, and then click Yes.

4.Click OK, and confirm that Louise and LON-CL1 have both been added to the list of accounts with cached credentials.

5.Close all open windows on LON-DC1.

Results: After completing this exercise, you will have installed and configured a RODC.

Exercise 2: Configuring AD DS snapshots

 Task 1: Create a snapshot of AD DS

1.On LON-DC1, move your mouse to the bottom left corner, and then click the Start charm.

2.From the Start screen, type cmd, and then press Enter.

3.At the command prompt, type the following, and then press Enter:

ntdsutil

4.At the command prompt, type the following, and then press Enter:

snapshot

5.At the command prompt, type the following, and then press Enter:

activate instance ntds

6.At the command prompt, type the following, and then press Enter:

create

Either make note of the GUID number that the command returns, or copy the GUID to the clipboard.

7.After the snapshot is created, at the command prompt, type the following, and then press Enter:

quit

8.At the command prompt, type the following, and then press Enter:

quit

PROHIBITED USE STUDENT .ONLY USE MCT

1.On LON-DC1, open Server Manager, click Tools, and then click Active Directory Users and MCT Computers.

2.In Active Directory Users and Computers, double-click the Marketing OU, right-click Adam Barr, andUSE then click Delete.

3.Click Yes to confirm the deletion.

 Task 3: Mount an Active Directory snapshot, and create a new instance

1.On LON-DC1, move your mouse to the bottom left corner, and click the Start charm.

2.On the Start screen, type cmd, right-click the Command Prompt, and then click Run as Administrator.

3.At the command prompt, type the following, and then press Enter:

ntdsutil

4.At the command prompt, type the following, and then press Enter:

snapshot

5.At the command prompt, type the following, and then press Enter:

activate instance ntds

6.At the command prompt, type the following, and then press Enter:

list all

7. At the command prompt, type the following, and then press Enter: mount <GUID>

Where <GUID> is the GUID returned by the Create command in Task 1.

8.At the command prompt, type the following, and then press Enter:

quit

9.At the command prompt, type the following, and then press Enter:

quit

10. At the command prompt, type the following, and then press Enter:

dsamain /dbpath C:\$SNAP_datetime_volumec$\windows\ntds\ntds.dit /ldapport 50000

Note that datetime will be a unique value. There only should be one folder on your C:\ drive with a name that begins with $snap.

A message indicates that Active Directory Domain Services startup is complete. Leave Dsamain.exe running, and do not close the command prompt.

PROHIBITED USE STUDENT .ONLY

L3-18 Maintaining Active Directory Domain Services

	 Task 4: Explore a snapshot with Active Directory Users and Computers
1.		Switch to Active Directory Users and Computers. Right-click the root node of the snap-in, and thenMCT
		click Change Domain Controller.	USE
2.		Click <Type a Directory Server name[:port] here>, type LON-DC1:50000, and then press Enter.
		Click OK.
3.		In the navigation pane, double-click Adatum.com.
4.		In the navigation pane, double-click the Marketing OU.
4.		In the navigation pane, double-click the Marketing OU.		.ONLY
5.		Locate the Adam Barr user account object. Note that the Adam Barr object is displayed because the
		snapshot was taken prior to deleting it.
	 Task 5: Unmount an Active Directory snapshot
1.		In the command prompt, press Ctrl+C to stop DSAMain.exe.
2.		Type the following commands:

		ntdsutil
		snapshot
		activate instance ntds
		list all
		unmount guid
		list all
		quit
		Quit

		Where guid is the GUID of the snapshot.

	Results: After completing this exercise, you will have configured AD DS snapshots.				STUDENT

	Exercise 3: Configuring the Active Directory Recycle Bin		USE
	 Task 1: Enable the Active Directory Recycle Bin
1.		On LON-DC1, in Server Manager, click Tools, and then click Active Directory Administrative
1.
		Center.	PROHIBITED
2.		Click Adatum (local).
3.		In the Tasks pane, click Enable Recycle Bin, click OK on the warning message box, and then click OK
		to the refresh Active Directory Administrative Center message.
4.		Press F5 to refresh Active Directory Administrative Center.

<<< < Предыдущая 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 4445 / 5345 46 47 48 49 50 51 52 53 > Следующая >>>

Соседние файлы в предмете [НЕСОРТИРОВАННОЕ]

#
01.05.201559.39 Кб101_Diplom_Trebovania_Tekhnika_bezopasnosti.doc
#
01.05.201548.15 Кб272 д-ріс.docx
#
01.05.2015110.08 Кб152 лаба.doc
#
01.05.2015224.26 Кб52-РГР техника жне технология негіздері.doc
#
01.05.2015624.64 Кб542012215.pdf
#
01.05.201516.48 Mб23720411B-ENU-TrainerHandbook.pdf
#
01.05.2015134.66 Кб182192_srs2_politology.doc
#
10.03.2016475.65 Кб52222.doc
#
01.05.201569.93 Кб1924 билет ЗИ в ТКС.docx
#
01.05.201518.89 Кб133 д-ріс.docx
#
01.05.2015675.84 Кб123 лаба метод указ.doc