Laboratory Exercise 1.docx

7/26/2019 Laboratory Exercise 1.docx

1/46

Laboratory Exercise 1

Domain Controller Promotion

Prerequisites:

1. Set-up permanent hostname/ computer name of

server. Click Start. Right click Computer. ClickManage.Click Change System Propertieson the right side.

2. Congure static !P "ddress of server. #e sure toreserve a private !P address $ith su%net mask and

gate$a&. 'n ()S settings put 12*.+.+.1

,. Run $indo$s updates.

DC Promotion


2/46

. Click Start. 'n search %o t&pe dcpromoordcpromo.exe

0. ait for "ctive (irector& !nstallation to load.

. 'n the $elcome screen click Next.

*. Click Nextfor Operating System Compatibility

Page.


3/46

3. Choose 4Create a ne domain in a ne !orest5 on

4Choose a (eplo&ment Conguration Page5. Click

Next.

6. 7nter "#DN $!ully %uali&ed domain name'of &ourrst domain controller. Click Next.

1+. Set forest functional level as (indos Ser)er *++,.

Click Next.


4/46

11.(o the same for domain functional level. Click Next.

12.Click Nexton "dditional (omain Controller 'ptions.

1,." ne$ $indo$ $ill pop-up for ()S delegation. Click

-esto continue.


5/46

1.8or "((S data%ase logle and s&svol location acceptdefault %& clicking Next.

10. 8ill out (irector& Services restore 9ode "dministrator

Pass$ord.

1.'n the summar& page click Next.1*.Check eboot on Completion.


6/46


7/46

Laboratory Exercise *

Domain Controller Promotion using an /nser &le !or

dc*.

1. "ollo Step 10 1 on pre)ious exercise.2. Click 7port Settings on the summar& page. Save

the le on &our drive C:. !n our case name the ledcpromo.tt. Click Cancel.

,. 'pen dcpromo.tt and edit

Safe9ode"dminPass$ord entr&. !nput &our

pass$ord and save the document.

. 'n command prompt run the follo$ing command.dcpromo.exe 2unattend3C34dcpromo.txt

0. ait for the command to nish. Server $ill restart

automaticall&.


8/46


Creating to0ay "orest 6rust

1. 'n (C1 ping ip address of (C2. ;ou should also %ea%le to reach (C1 on (C2 server.

Creating Stub 7one on DC1 and DC*

2. Click Start< "dministrative =ools< ()S.

,. 7pand (C1. )avigate to 8or$ard >ookup ?one. Right

Click and select )e$ ?one.

. )e$ ?one i@ard appears. Click Next.


9/46

0. 'n ?one =&pe page choose Stub 8one. Click Next.

. Choose default: 6o all DNS ser)ers on domaincontrollers in this domain. Click Next

*. !nput domain name of (C2Ain this case fa%rikam.com.

Click Next.


10/46

3. !nput !P address of (C2 !P address. Click Next.

6. Click "inishupon Completing the )e$ ?one i@ard.

1+.(o the same for (C2. 8ollo$ step ,-6 Bust changedomain name to (C1s domain. !n this case (c1

domain is contoso.com.

11. Do %ack to (C1 click Start< "dministrative=ools< /cti)e Directory Domains and 6rusts.


11/46

12. 'n the "((S console right click domain and clickproperties.

1,.Click =rusts =a%. Click Ne 6rustat the %ottom left

corner of the ne$ $indo$.

1.Click Nexton the elcome Page. Click Next.

10.7nter )et%ios name of (C2Ain this case fa%rikam.Click Next.


12/46

1.Choose "orest truston the trust t&pe. Click Next.

1*.Choose t$o-$a& for direction of trust. Click Next.

13.'n the sides of trust choose %oth domains. Click

Next.


13/46

16.7nter administrator username and pass$ord for (C2.Click Next.

2+.Select forest-$ide authentication. Click Next.

21.Click Next on summar& page.

22.Choose )o do not conrm the outgoing trust. ClickNext.


14/46

2,. Choose )o do not conrm incoming trust. Click Next.

2.)e$ =rust should no$ appear on outgoing EupperF andincoming Elo$erF trust %o.


:nstallation o! /cti)e Directory Certi&cate Ser)ices


15/46

1. Do to Server 9angager < Roles < "dd Roles i@ard.

2. Select "ctive (irector& Certicate Services.

,. Check Certication "uthorit& and Certication"uthorit& e% 7nrollment.

. 'n Setup =&pe Click 7nterprise Root.

0. Select create a ne$ private ke&.


16/46

. 'n congure C" name Bust leave default.

*. "lso leave default on Galidit& period.

3. Click default on conguring C" data%ase.

6. Click 8inish.

Laboratory Exercise ;


17/46

!ssue certicate on e% !!S Server.

1. Choose Start < "dministrative =ools < !nternet!nformation Services E!!SF 9anager

2. !n the !!S 9anager choose &our server name,. !n the 8eatures pane Ethe middle paneF dou%le-click

the Server Certicates option E8igure "F located under

the Securit& heading.

. =o %egin the process of requesting a ne$ certicate

from the "ctions pane choose the Create Certifcate

Requestoption.

0. =he rst screen of the $i@ard asks for details regarding

the ne$ site. =he common name should match the

full&-qualied domain name for the site. Click )et to


18/46

continue. . =he net screen of the $i@ard asks &ou to choose

cr&ptograph& options. =he defaultMicrosot RSA

SChannel Cryptography Provideris ne. " ke& length

of 1+2 %its is the default option and is ne as $ell.

*. 8inall& provide a lename to $hich to save thecerticate request. ;ou $ill need the contents of this

le in the net step so make sure &ou kno$ $here to

nd it.


19/46

HereIs some of the CSR mum%o Bum%o associate $ith this

certicate request:

-----#7D!) )7 C7R=!8!C"=7 R7JK7S=-----

9!!(d(CC"t+C"J"$g;7C@"L#g)G#";="lG=9R7$($;(GJJ!

("h)aM)@%,G&a=7P

9"+D"1K7#$$DRnGsdD6u9R$$Dg;(GJJN(#)M?M)+%luc,Rlci#(%2s?dl9Js$

...

a1eJo'eND"DKu3&is6,qai@D"7fJ6,uS#+GoSg6!;%CM'

ef7au"2u"p(t6ve

,@J9$tC(8d(%%NC)6gNalLk7D@qMr6

-----7)( )7 C7R=!8!C"=7 R7JK7S=-----

3. Request a certicate from our installed C" server.

http://localhost/certsvr
http://localhost/certsvrhttp://localhost/certsvr


20/46

:nstall the certi&cate

"fter making sure that &our e% server can access the

certicate les &ou need to install the ne$ certicate so that

it can %e used %& &our e% site.

Choose Start O "dministrative =ools O !nternet

!nformation Services E!!SF 9anager.

!n the !!S 9anager choose &our server name.

!n the 8eatures pane Ethe middle paneF dou%le-click

the Server Certicates option located under the Securit&

heading.

=o complete the process of requesting a ne$

certicate from the "ctions pane choose the Complete

Certifcate Requestoption.

=he Complete Certicate Request $indo$ opens and

asks &ou to provide the location at $hich the certicate

le can %e located E"igure


21/46

!n the !!S 9anager %ro$se toyour server nameO Sites

O Your SSL-ased site. ;ou ma& need to create a ne$ site

notice that m& site is named ssltest. =he full !nternet path

to this site is ssltest.$estminster-mo.edu. Since this

indo$s Server 2++3 machine is running in a la% &ou $ill

see that it is a mem%er of the Contoso domain %ut ! have

added $estminster-mo.edu sites to this server and

appropriatel& congured ()S.

" look at a site to $hich H==PS $ill %e %ound

8rom the "ctions pane choose #indings. =his opens

the Site #indings $indo$.

=he Site #indings $indo$

!n the Site #indings $indo$ choose "dd. =his opens

the "dd Site #inding $indo$.

8rom the Site #indings $indo$ provide the %inding

t&pe EH==P or H==PS %ut for this purpose use H==PSF the

!P address that $ill %e used for this site E162.13.+.1 for

meF and the port that $ill %e used for SS>.

)et choose the SS> certicate that &ou $ant to use

to protect this site. )ote that ! have chosen

ssltest.$estminster-mo.edu. Kse the #ro$se %utton tolocate the right certicate.


22/46

Provide the appropriate details for the "dd Site #inding dialog%o

Click the 'N %utton.

=he results of the ne$ %inding

6est your certi&cate

)o$ test &our certicate %& %ro$sing to the ne$ site. ;ou

should not get an& certicate errors. )ote that ! havesuccessfull& %ro$sed to the ne$ site and that there is a lock

icon indicating that SS> is active.

=he site is %eing protected %& SS>


23/46

Laboratory Exercise 0/

6rans!er o! Operations Master> (indos Ser)er *++,


24/46

*. Right click "ctive (irector& Schema then click Change

"ctive (irector& (omain Controller.

3. 8rom the listed (omain Controllers click on thedomain controller that &ou $ant to %e the schema

master role holder and then click on 'N.

6. !n the console tree right click "ctive (irector& Schema(omainController.(omain)ameQ and then click

'perations 9aster.

1+.'n the Change Schema 9aster page the current

schema master role holder $ill %e displa&ed. 'nce &ou


25/46

click Change the schema master holder $ill %ecome7>9"L-(C2N3.7>9"L(">.)7=.

11.Click ;es to conrm the role transfer.

12.=he role $ill %e transferred and a conrmation

message $ill %e displa&ed. Click 'N.

Laboratory Exercise 0@



26/46

,. 8rom the listed (omain Controllers click on the

domain controller that &ou $ant to %e the (omain)aming master role holder and then click on 'N.

. Right click "ctive (irector& (omains and =rusts thenclick 'perations 9aster.

0. 'n the 'perations 9aster page $e are going tochange the (omain )aming role holder from 7>9"L-

(C.7>9"L(">.)7= to 7>9"L-(C2N3.7>9"L(">.)7=Click Change.

. Click ;7S to conrm the transfer of the (omain)aming role.


27/46

Laboratory Exercise 0C



28/46

. Click ;es to conrm the role transfer.

0. =he role $ill %e transferred and a conrmationmessage $ill %e displa&ed. Click 'N.

. "s for the !nfrastructure role once &ou click on the

Change %utton &ou $ill receive the %elo$ message.

*. #& default $hen &ou rst install &our rst (omainController it holds the ve roles and %eside that it is a

Dlo%al Catalog. !f &our environment is a multi-domain/forest then &ou should think a%out structuring

&our 8S9' roles and transfer the !nfrastructure role to

a none Dlo%al Catalog domain controller. 7lse if &ouhave small num%er of domain controllers Ee. t$o

domain controllersF then &ou should not $orr& a%out

this. Click ;es.

3. =he =a%s should no$ look like this.


29/46

6. =hatIs it %& no$ &ou have successfull& transferred theve 8S9' roles to the indo$s Server 2++3 (omain

Controller.

Laboratory Exercise 0C

Sei8e o! Operations Master using Ntdsutil.

1. Click Start un t&pe ntdsutil.

2. ill sho$ ntdsutil3=&pe roles and thenpress EN6E.

,. ill sho$ !smo maintenance3=&pe connections

and then press EN6E.

. ill sho$ ser)er connections3=&pe connect to

ser)er $servername'and then press EN6E.

here servernameis the name of the domaincontroller that &ou $ant to assign the 8S9' role

to.


30/46

0. "t theser)er connections3=&pe% and then

press EN6E

. =&pe sei8e role $here role is the role that &ou $ant

to sei@e.

8or a list of roles that &ou can sei@e t&peAat

the!smo maintenance3and then pressEN6E

'r see the list of roles %elo$:

Sei8e in!rastructure master

Sei8e naming master

Sei8e PDC

Sei8e :D master

Sei8e schema master

8or eample to sei@e the R!( master role t&pe !smo

maintenance3 sei8e rid master

=he one EBCEP6:ONis for the PDC emulator role>$hose

s&nta is sei8e pdc not sei@e pdc emulator.


31/46

Laboratory Exercise

?sing CSDE to export /cti)e Directory users.

1. >ogin to server (C1 as domain administrator.

2. Create folder on drive C named scripts.

,. Run the follo$ing on command prompt.cs)de 0! c34scripts4cs)usr.cs) 0p subtree 0r

$F$obGectCategoryHperson'$obGectClassH?ser'$gi)ennameHI'' 0l

cn>gi)enName>obGectclass>sam/ccountName

. 'pen the c:scriptscsvuser.csv in 7cel.

;ou $ill have an ecel le like this. 7port is complete.


32/46

Laboratory Exercise ,

?sing CSDE to import /cti)e Directory users.

1. Kse same ecel le that $e eported on >a% 3. 7dit the

follo$ing eld for ne$ users.

a. ()

%. Sam"ccount)ame

Create column for additional elds.

c. given)ame Erst nameF

d. sn Elast nameF

2. Save ecel le on c:scripts.

,. !mport ne$ users using %elo$ command.

cs)de 0i 0! c34scripts4cs)usr.cs)


33/46

. )e$ users should appear on "ctive (irector& Ksers

and Computers.

Laboratory Exercise J

?sing LD:"DE to export /cti)e Directory users.

1. >ogin to server (C1 as domain administrator.

2. Create folder on drive C named scripts.

,. Run the follo$ing on command prompt.ldi!de 0! c34scripts4Exportuser.ld! 0s dcnugget1 0p

subtree 0r $F$obGectCategoryHperson'

$obGectClassH?ser'$gi)ennameHI'' 0l

cn>gi)enName>obGectClass>sam/ccountName>p

d

. 'pen the c:scripts7portuser.ldf on notepad

;ou $ill have a le like this. 7port is complete.


34/46

Laboratory Exercise 1+

?sing LD:"DE to import /cti)e Directory users.

0. Kse same notepad le E.ldfF that $e eported on >a% 6.

7dit the follo$ing eld for ne$ users.

a. (n:

%. given)ame

c. sam"ccounr)ame

. Save ldf le on c:scripts.

*. !mport ne$ users using %elo$ command.

Ldi!de 0i 0! c34scripts4:mport?ser.ld!

3. )e$ users should appear on "ctive (irector& Ksers

and Computers.

>a%orator& 7ercise 11


35/46

Creating Secondary DNS Ser)er $"orard LooKup

7one'

:nstall (indos DNS Ser)er

1. Click on the Start 9enu "dministrative =ools and >aunch

Server 9anager.

2. Select the Roles node and click the "dd Roles link.

,. Select the ()S Server role check %o and click )et.

. Click !nstall to %egin installation.

0. Click on the Start 9enu "dministrative =ools ()S.


36/46

2. Create a 8or$ard >ookup ?one )o$ ERecommendedF andclick )et.

,. Select the t&pe of @one to %e created choose secondar&@one and Click )et.


37/46

. =&pe the 8J() of the @one in the @one name %o and clicknet

0. ;ou can create a ne$ @one tet le or import one from an

eisting @one le. Choose create a ne$ le $ith this le nameand then click )et.

. (o not allo$ d&namic updates and then click )et.


38/46


39/46

>a%orator& 7ercise 12

Creating Primary DNS Ser)er $e)erse LooKup 7one'

1. Create a reverse lookup @one and click )et.

3. Select primar& @one for the reverse lookup @one t&pe andclick )et.

6. "ccept the default !Pv Reverse >ookup ?one andclick )et.


40/46

1+.=&pe NetorK :Dand then Click Next.

11.Click Nextat the 7one "ile. E8ile name $ill %e

generated automaticall&F

12.Click Nextat the Dynamic ?pdate.

1,.Click "inishat the Completing the Ne 7one

(i8ard


41/46

>a%orator& 7ercise 1,Create P6 record

1. Select reverse lookup zone nameQ

2. Right click zone nameand then Select Ne

Pointer$P6'in the popup menu

,. Click @rose

. (ou%le click server name


42/46

0. (ou%le click "orard LooKup 7ones

. (ou%le click zone nameQ

*. Select =ost $/'record and then Click O

3. Check =ost :P /ddressand =ost nameand then

Click O


43/46

6. =est : nslookup ip addressa%orator& 7ercise 1

Creating DNS Stub 7one

1. 'n ()S 9anager i@ard right-click on &our Server)ame and choose to T"dd )e$ ?oneT.

*. )o$ the )e$ ?one i@ard $ill %e opened $here rstsome information a%out this ?one $ill %e providedclick on the T)etT %utton to start the process ofadding the ?one.


44/46

5. )o$ &ou $ill %e asked to select a ?one t&pe here three?one t&pes $ill %e availa%leU Primar& ?one Secondar& ?oneand Stu% ?one so select the third option in other $ordsStu% ?one.

9. )o$ &ou $ill %e asked ho$ &ou $ant the ?one data to %ereplicated. ! had chosen the second option &ou can choose$hichever &ou require.

;. )o$ &ou $ill %e asked to select a t&pe of >ookup ?onethat can %e either a 8or$ard >ookup ?one or a Reverse>ookup ?one.


45/46

. 'n the net page &ou $ill need to provide the namefor this ne$ ?one after providing the name click onthe T)etT %utton.

. =he net page $ill ask &ou a%out the 9aster Server$here &ou can either provide the !P "ddress for this?one or can provide itIs )ame.


46/46

,. )o$ a %rief description of &our selection $ill %e sho$nto &ou click on the T)etT %utton to complete theprocess.

Documents

Laboratory Exercise 1.docx