Lab A: Implementing Active Directory

Exercise 1 Removing a Child Domain from Active Directory

In this exercise, you will remove Active Directory from your domain controller to prepare for the creation of an Active Directory forest and domain structure. Task 1

! Remove Active Directory from your domain controller

1. Log on as Nwtraders\ComputerNameUser with a password of P@ssw0rd 2. Click Start, right-click Command Prompt, and then click Run as. 3. In the Run As dialog box, click The following user, type a user name of Nwtraders\Adminstrator, a password of P@ssw0rd and then click OK. 4. At the command prompt, type dcpromo and press ENTER. 5. On the Welcome to the Active Directory Installation Wizard page, click Next. 6. On the Remove Active Directory page, select the This server is the last domain controller in the domain check box, and then click Next. 7. On the Network Credentials page, type Administrator as the user name and P@ssw0rd as the password, and then click Next. 8. On the Administrator Password page, type P@ssw0rd in both fields, and then click Next. 9. On the Summary page, click Next. 10. On the Completing the Active Directory Installation Wizard page, click Finish. The Active Directory Installation Wizard removes components from the Active Directory database, and then prompts you to restart Windows. 11. Click Restart Now.

Task 2

! Verify that Active Directory has been removed from your server
1. Log on as Administrator with a password of P@ssw0rd 2. Click Start, click Run, type %systemroot% and then click OK. 3. Verify that the SYSVOL and ntds folders are no longer present. 4. Close Windows Explorer. 5. At the command prompt, type net share and then press ENTER. 6. Verify that the NETLOGON and SYSVOL shares no longer exist.

Lab A: Implementing Active Directory

Exercise 2 Creating an Active Directory Forest Root Domain

In this exercise, you will work with a partner to create your own Active Directory forest. One of you will create the forest root domain and the other will create a child domain in the newly created forest root. Task 1

! Create a new forest root domain

1. Log on as the local Administrator with a password of P@ssw0rd if you are not already logged on. 2. Click Start, point to Control Panel, point to Network Connections, rightclick Local Area Connection, and then click Properties. 3. Click Internet Protocol(TCP/IP), and then click Properties. 4. In the Preferred DNS server box, type your computers IP address, and then click OK twice. 5. Click Start, click Run, type dcpromo and then click OK. 6. On the Welcome to the Active Directory Installation Wizard page, click Next. 7. On the Operating System Compatibility page, click Next. 8. On the Domain Controller Type page, click Domain Controller for a New Domain, and then click Next. 9. On the Create New Domain page, click Domain in a new forest, and then click Next. 10. On the New Domain Name page, type nwtradersx.msft, where x is the number for your domain assigned by your instructor, and then click Next. 11. On the NetBIOS Domain Name page, click Next. 12. On the Database and Log Folders page, click Next. 13. On the Shared System Volume page, click Next. 14. On the DNS Registration Diagnostics page, click Install and configure the DNS server on this computer, and set the computer to use this DNS server as its preferred DNS server check box, and then click Next. 15. On the Permissions page, click Next. 16. On the Directory Services Restore Mode Administrator Password page, type P@ssw0rd in both boxes, and then click Next. 17. On the Summary page, click Next. 18. In the Insert Disk dialog box, click OK. 19. In the Files Needed dialog box, type \\London\OS\i386 and then click OK. 20. On the Completing the Active Directory Installation Wizard page, click Finish. 21. When prompted to restart Windows, click Restart Now.

Lab A: Implementing Active Directory

Task 2

! Create two user accounts for logon purposes

1. Log on as Nwtradersx\Administrator with a password of P@ssw0rd 2. In Active Directory Users and Computers, in the console tree, expand nwtradersx.msft, and then click Users. 3. Right-click Users, point to New, and then click User. 4. In the New Object User dialog box, create a user with a first name of ComputerName and a last name of User and a logon name of ComputerNameUser, and then click Next. 5. In the New Object User dialog box, type P@ssw0rd in both boxes, select the Password never expires check box, click OK, click Next, and then click Finish. 6. Repeat steps 3 - 5 to create a ComputerNameUser account for your partners computer. 7. Close Active Directory Users and Computers. 8. Click Start, point to Administrative Tools, and then click Domain Controller Security Policy. 9. In the console tree, expand Local Policies, and then click User Rights Assignment. 10. In the details pane, double-click Allow log on locally. 11. In the Allow log on locally Properties dialog box, click Add User or Group. 12. In the Add User or Group dialog box, type Nwtradersx\ComputerNameUser (where ComputerName is the name of the computer you are working on), and then click OK. 13. Repeat steps 11 & 12 for your partners ComputerNameUser account. 14. In the Allow log on locally Properties dialog box, click OK. 15. Click Start, click Run, type gpupdate and then click OK. 16. Log off and then log on as Nwtradersx\ComputerNameUser with a password of P@ssw0rd

Task 3

! Verify that the new forest was created

1. Log on as Nwtradersx\ComputerNameUser with a password of P@ssw0rd 2. In Active Directory Users and Computers, verify that the only domain listed is the forest root domain. 3. Close Active Directory Users and Computers.

Lab A: Implementing Active Directory

Exercise 3 Creating an Active Directory Child Domain

In this exercise, you will finish creating the Active Directory forest by creating a child domain within the forest root. Task 1

! Create a new child domain

1. Log on as the local Administrator with a password of P@ssw0rd The child domain controller must have its DNS resolver pointed to the partners forest root domain controller. 2. In Control Panel, point to Network Connections, right-click Local Area Connection, and then click Properties. 3. Click Internet Protocol(TCP/IP), and then click Properties. 4. In the Preferred DNS server box, type your partners computer IP address, and then click OK twice. 5. Click Start, click Run, type dcpromo and then click OK. 6. On the Welcome to the Active Directory Installation Wizard page, click Next. 7. On the Operating System Compatibility page, click Next. 8. On the Domain Controller Type page, click Domain Controller for a New Domain, and then click Next. 9. On the Create New Domain page, click Child domain in an existing domain tree, and then click Next. 10. On the Network Credentials page, type Administrator as the user name, P@ssw0rd as the password, and your partners forest root domain name in the domain box, and then click Next. 11. On the Child Domain Installation page, in the Parent domain box, type your partners domain name, and in the Child domain box, type corpx (where x is the number assigned to your partners domain), and then click Next. 12. On the NetBIOS Domain Name page, click Next. 13. On the Database and Log Folders page, click Next. 14. On the Shared System Volume page, click Next 15. On the DNS Registration Diagnostics page, click Next. 16. On the Permissions page, click Next. 17. On the Directory Services Restore Mode Administrator Password page, type P@ssw0rd in both boxes, and then click Next. 18. On the Summary page, click Next. 19. On the Completing the Active Directory Installation Wizard page, click Finish. 20. When prompted to restart Windows, click Restart Now.

Lab A: Implementing Active Directory

Task 2

Verify the installation of the child domain

1. Log on as corpx\Administrator with a password of P@ssw0rd 2. Click Start, point to Administrative Tools, and then click Domain Controller Security Policy. 3. In the console tree, expand Local Policies, and then click User Rights Assignment. 4. In the details pane, double-click Allow log on locally. 5. In the Allow log on locally Properties dialog box, click Add User or Group. 6. In the Add User or Group dialog box, type Nwtradersx\ComputerNameUser (where CoumputerName is the name of the computer you are working on), and then click OK. 7. In the Allow log on locally Properties dialog box, click OK 8. Click Start, click Run, type gpupdate and then click OK. 9. Log off and then log on as Nwtradersx\ComputerNameUser with a password of P@ssw0rd 10. In Active Directory Domains and Trusts, expand Nwtradersx.msft and verify that the corpx.nwtradersx.msft domain is listed. 11. Close Active Directory Domains and Trusts.

Lab A: Implementing Active Directory

Exercise 4 Raising Domain and Forest Functional Level

In this exercise, you will raise the domain and forest functional levels to Windows Server 2003. Task 1

! Raise the domain functional level

1. Log on as Nwtradersx\ComputerNameUser with a password of P@ssw0rd 2. Click Start, point to Administrative Tools, right-click Active Directory Domains and Trusts, and then click Run as. 3. In the Run as dialog box, click The following user, type Nwtradersx\Administrator with a password of P@ssw0rd and then click OK. 4. In the console tree, expand nwtradersx.msft, right-click your domain name, and then click Raise Domain Functional Level. 5. In the Raise Domain Functional Level dialog box, select Windows Server 2003, click Raise, and then click OK twice. 6. Click Start, point to Administrative Tools, right-click Active Directory Sites and Services, and then click Run as. 7. In the Run as dialog box, click The following user, type Nwtradersx\Administrator with a password of P@ssw0rd and then click OK. 8. Expand Sites, expand Default-First-Site-Name, expand Servers, expand your server, and then click NTDS Settings. 9. In the details pane, right-click the connection object listed, click Replicate Now, and then click OK. 10. Close Active Directory Sites and Services.

Task 2

! Raise the forest functional level

Only one member of the forest can perform this task. 1. In Active Directory Domains and Trusts, right-click Active Directory Domains and Trusts, and then click Raise Forest Functional Level. 2. In the Raise Forest Functional Level dialog box, select Windows Server 2003, and then click Raise. 3. Click OK twice. 4. Close Active Directory Domains and Trusts.

Lab A: Implementing Active Directory

Exercise 5 Creating a Forest Trust

In this exercise, you will create a two-way trust between your forest and the nwtraders.msft forest. Task 1

! Configure DNS forwarding

Perform this task on the forest root domain controller. 1. Log on as Nwtradersx\ComputerNameUser. 2. Click Start, point to Administrative Tools, right-click DNS and then click Run as. 3. In the Run As dialog box, click The following user, type Nwtradersx\Administrator with a password of P@ssw0rd and then click OK. 4. In the DNS Management console tree, expand and right-click your server name, and then click Properties. 5. On the Forwarders tab, in the Selected domains forwarder IP address list box, type the London servers IP address, click Add, and then click OK. 6. Close DNS Management.

Task 2

! Create trusts between the classroom forest and your forest, and then
verify that the trust has been created Perform this task on the child domain controller. 1. Log on as Nwtradersx\ComputerNameUser with a password of P@ssw0rd 2. Click Start, point to Administrative Tools, right-click Active Directory Domains and Trusts, and then click Run as. 3. In the Run As dialog box, click The following user, type Nwtradersx\Administrator with a password of P@ssw0rd and then click OK. 4. Right-click the forest root domain for your forest, and then click Properties. 5. In the nwtradersx.msft Properties dialog box, on the Trusts tab, click New Trust. 6. On the Welcome to the New Trust Wizard page, click Next. 7. On the Trust Name page, type nwtraders.msft and then click Next. 8. On the Trust Type page, click Forest trust, and then click Next. 9. On the Direction of Trust page, click Two-way, and then click Next. 10. On the Sides of Trust page, click Both this domain and the specified domain, and then click Next. 11. On the User Name and Password page, type Nwtraders\Administrator as the user name and P@ssw0rd as the password, and then click Next. 12. On the Outgoing Trust Authentication LevelLocal Forest page, click Forest-wide authentication, and then click Next. 13. On the Outgoing Trust Authentication LevelSpecified Forest page, click Forest-wide authentication, and then click Next.

Lab A: Implementing Active Directory

14. On the Trust Selections Complete page, click Next. 15. On the Trust Creation Complete page, click Next. 16. On the Confirm Outgoing Trust page, click Yes, confirm the outgoing trust, and then click Next. 17. On the Confirm Incoming Trust page, click Yes, confirm the incoming trust, and then click Next. 18. On the Completing the New Trust Wizard page, ensure that the trust was successfully created and confirmed, and then click Finish. 19. In the nwtradersx.msft Properties dialog box, click OK. 20. Close Active Directory Domains and Trusts.