Sie sind auf Seite 1von 14

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

This Answer Key provides the detailed steps for completing ìLab B:

Implementing the Active Directory Infrastructure for Tailspin Toysî in Module 11, ìPlanning and Implementing an Active Directory Infrastructure.î

Exercise 1 Removing Active Directory and Renaming Your Server

In this exercise, you will remove the existing Active Directory installation on your computer in preparation for implementing the plan that you developed in the previous lab. You will then rename your server according to the role it will perform after implementation.

Task 1

! Remove Active Directory from your domain controller

1. Log on to your domain as Administrator

2. Click Start, click Run, type dcpromo and then click OK.

3. On the Welcome to the Active Directory Installation Wizard page, click Next.

4. On the Remove Active Directory page, select the This server is the last domain controller in the domain check box, and then click Next.

5. On the Application Directory Partitions page, click Next.

6. On the Confirm Deletion page, select the Delete all application directory partitions on this domain controller check box, and then click Next.

7. On the Network Credentials page, in the User name box, type Administrator

8. In the Password box, type P@ssw0rd and then click Next.

9. On the Administrator Password page, in both the Password and the Confirm Password boxes, type P@ssw0rd and then click Next.

10. On the Summary page, review the summary information, and then click Next.

11. On the Completing the Active Directory Installation Wizard page, click Finish.

The Active Directory Installation Wizard removes components from the Active Directory database, and then prompts you to restart Windows.

12. Click Restart Now.

2

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

Task 2

! Rename your server as shown in the table in Exercise 1

1. Log on to your server as Administrator

2. Click Start, right-click My Computer, and then click Properties.

3. On the Computer Name tab, click Change.

4. Type your computer name as shown in the table.

5. Click OK.

6. In the System Properties dialog box, click OK.

7. Restart the computer.

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

3

Exercise 2 Creating Forests and Trees

In this exercise, you will use the implementation plan from Lab A to create the appropriate forests and domain trees.

Task 1

! Install Active Directory on the six forest root servers and then create domains

1. Log on to your server as Administrator with a password of P@ssw0rd if you are not already logged on.

2. Click Start, click Run, type dcpromo and then click OK.

3. On the Welcome to the Active Directory Installation Wizard page, click Next.

4. On the Operating System Compatibility page, click Next.

5. On the Domain Controller Type page, click Domain Controller for a New Domain, and then click Next.

6. On the Create New Domain page, click Domain in a new forest, and then click Next.

7. On the New Domain Name page, type your assigned domain name as shown in the first table in Exercise 2, and then click Next.

8. On the NetBIOS Domain Name page, click Next to accept the default.

9. On the Database and Log Folders page, click Next to accept the defaults.

10. On the Shared System Volume page, click Next to accept the default.

11. On the DNS Registration Diagnostics page, click Next to accept the default to install and configure DNS on this server.

12. On the Permissions page, click Next to accept the default.

13. On the Directory Services Restore Mode Administrator Password page, in both the Password and the Confirm password boxes, type P@ssw0rd and then click Next.

14. On the Summary page, click Next.

15. On the Completing the Active Directory Installation Wizard page, click Finish.

16. When prompted, click Restart Now.

4

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

Task 2

! Install Active Directory to create the six additional trees in the existing forests and then create domains

1. Log on to your server as Administrator with a password of P@ssw0rd if you are not already logged on.

The child domain controller must have its DNS resolver pointed either to the partnerís forest root domain controller or to London.

2. Click Start, click Run, type dcpromo and then click OK.

3. On the Welcome to the Active Directory Installation Wizard page, click Next.

4. On the Operating System Compatibility page, click Next.

5. On the Domain Controller Type page, click Domain Controller for a New Domain, and then click Next.

6. On the Create New Domain page, click Domain tree in an existing forest, and then click Next.

7. On the Network Credentials page, in the User name box, type Administrator and then, in the Domain box, type your partnerís forest root domain name, and then click Next.

8. On the New Domain Tree page, type your assigned domain name as shown in the second table in Exercise 2, and then click Next.

9. On the NetBIOS Domain Name page, click Next to accept the default.

10. On the Database and Log Folders page, click Next to accept the defaults.

11. On the Shared System Volume page, click Next to accept the default.

12. On the DNS Registration Diagnostics page, click Install and configure the DNS server on this computer, and set this computer to use this DNS server as its preferred DNS server, and then click Next.

13. On the Permissions page, click Next to accept the default.

14. On the Directory Services Restore Mode Administrator Password page, in the Password and Confirm password boxes, type P@ssw0rd and then click Next.

15. On the Summary page, click Next.

16. On the Completing the Active Directory Installation Wizard page, click Finish.

17. When prompted, click Restart Now.

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

5

Task 3

! Install Active Directory on the remaining computers in the classroom and configure each one as an additional server in the existing domains

1. Log on to your server as Administrator with a password of P@ssw0rd if you are not already logged on.

The additional domain controller must have its DNS resolver pointed either to the domain controller for the domain it is joining or to London.

2. Click Start, click Run, type dcpromo and then click OK.

3. On the Welcome to the Active Directory Installation Wizard page, click Next.

4. On the Operating System Compatibility page, click Next.

5. On the Domain Controller Type page, click Additional domain controller for an existing domain, and then click Next.

6. On the Network Credentials page, in the User name box, type Administrator and then, in the Password box, type P@ssw0rd

7. In the Domain box, type the name of the domain that you are adding a domain controller to, and then click Next.

8. On the Database and Log Folders page, click Next to accept the defaults.

9. On the Shared System Volume page, click Next to accept the default.

10. On the Directory Services Restore Mode Administrator Password page, in the Password and Confirm password boxes, type P@ssw0rd and then click Next.

11. On the Summary page, click Next.

12. On the Completing the Active Directory Installation Wizard page, click Finish.

6

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

Exercise 3 Creating the Organizational Unit Structure

In this exercise, you will create an organizational unit structure from your Active Directory implementation plan.

Task 1

! Create the organizational unit structure from your Active Directory implementation plan

1. Click Start, point to Administrative Tools, and then click Active Directory Users and Computers.

2. Browse to the domain that you will manage, right-click New, and then click Organizational Unit.

3. On the New Object ñ Organizational Unit page, type the name of an organizational unit from your plan in Lab A, and then click OK.

4. Repeat steps 1 through 3 for each organizational unit in your plan from Lab

A.

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

7

Exercise 4 Creating User, Group, and Computer Accounts

In this exercise, you will create user, group, and computer accounts according to the plan that you developed in Lab A.

Task 1

! Create user, group, and computer accounts

1. Log on as Administrator with a password of P@ssw0rd

2. Click Start, and then click Run.

3. In the Run box, type csvde ñi ñf C:\MOC\2279\Labfiles\Setup\lab11users.csv ñk and then click OK.

8

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

Exercise 5 Creating Group Policy

In this exercise, you will create Group Policy objects to configure Group Policy settings.

Task 1

! Open Group Policy Management

1. Click Start, point to Administrative Tools, right-click Group Policy Management, and then click Run as.

2. In the Run As dialog box, click The following user, type YourDomain\Administrator as the user name with a password of P@ssw0rd and then click OK.

Task 2

! Browse to your domain and create a new policy

1. Right-click Group Policy Objects, click New, type a name for the GPO, and then click OK.

2. Right-click the GPO, then click Edit.

3. In Group Policy Object Editor, select the appropriate settings based on the plan from Lab A.

Task 3

! Link the GPO to your domain

Browse to your domain, right-click Link an existing GPO, click the GPO that you created in the previous step, and then click OK.

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

9

Exercise 6 Deploying Software Using Group Policy

In this exercise, you will create a software installation package to deploy Office XP to a group in your domain.

Task 1

! Open Group Policy Management

1. Click Start, point to Administrative Tools, right-click Group Policy Management, and then click Run as.

2. In the Run As dialog box, click The following user, type YourDomain\Administrator as the user name with a password of P@ssw0rd and then click OK.

Task 2

! Browse to the domain policy for your domain and edit the policy

1. Expand Forest, expand Domains, browse to your assigned domain, and then click the GPO that you created in the last exercise.

2. Right-click the GPO, and then click Edit.

Task 3

! Create a software installation package in order to assign Office XP to a group in your domain

1. In Group Policy Object Editor, under User Configuration, expand Software Settings, and then click Software Installation.

2. Right-click Software Installation, point to New, and then click Package.

3. In the Open window, browse to the Instructorís software distribution point, select PROPLUS.MSI from the available packages, and then click Open.

4. In the Deploy Software dialog box, click Assigned, and then click OK.

10

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

Exercise 7 Placing Operations Master Roles and Global Catalog Servers

In this exercise, you will transfer some of the operations master roles and then enable global catalog server.

Important

PADC2, SRDC2, HEDC2, FADC2, DADC2, EPDC2, CHDC2, and LJDC2.

Perform the following task on NYDC2, FYDC2, HODC2, AUDC2,

Task 1

! Transfer the PDC, RID, and infrastructure master roles to the second server in each location

1. Log on to your server as Administrator with a password of P@ssw0rd if you are not already logged on.

2. In Active Directory Users and Computers, in the console tree, right-click Active Directory Users and Computers, and then click Connect to Domain Controller.

3. In the list of available domain controllers, click your server name, and then click OK.

4. In the console tree, right-click your domain name, and then click Operations Masters.

5. On the RID tab, click Change, and then, in the Active Directory dialog box, click Yes, and then click OK.

6. On the PDC tab, click Change, and then, in the Active Directory dialog box, click Yes, and then click OK.

7. On the Infrastructure tab, click Change, and then, in the Active Directory dialog box, click Yes, and then click OK.

8. Click Close, and then close Active Directory Users and Computers.

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

11

Exercise 8 Creating Forest Trusts

In this exercise, you will raise the functional level of each domain and forest, and then create forest trusts.

Important

Perform the following task on the first domain controller in each

domain.

Task 1

! Raise the functional level of each domain to Windows Server 2003

1. Log on to your server as Administrator with a password of P@ssw0rd if you are not already logged on.

2. Open Active Directory Domains and Trusts.

3. In the console tree, right-click your domain name, and then click Raise Domain Functional Level.

4. In the Select an available domain functional level box, click Windows Server 2003, and then click Raise.

5. In the Raise Domain Functional Level dialog box, click OK, and then click OK again.

Task 2

! On the root server of each forest, raise the functional level of each forest to Windows Server 2003

Important

houston.wingtiptoys.msft. Create an additional two-way forest trust between

newyork.tailspintoys.msft and paloalto.contoso.msft. Perform the following task on NYDC1, with the help of the administrators of HODC1 and PADC1.

Create a two-way forest trust between newyork.tailspintoys.msft and

1. In Active Directory Domains and Trusts, in the console tree, right-click Active Directory Domains and Trusts, and then click Raise Forest Functional Level.

2. In the Select an available forest functional level box, select Windows Server 2003, and then click Raise.

3. In the Raise Forest Functional Level dialog box, click OK, and then click OK again.

12

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

Task 3

! Create two-way forest trusts

1. In Active Directory Domains and Trusts, in the console tree, right-click newyork.tailspintoys.msft, and then click Properties.

2. On the Trusts tab, click New Trust.

3. On the Welcome to the New Trust Wizard page, click Next.

4. On the Trust Name page, in the Name box, type houston.wingtiptoys.msft and then click Next.

5. On the Trust Type page, click Forest trust, and then click Next.

6. On the Direction of Trust page, click Two-way, and then click Next.

7. On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.

8. On the User Name and Password page, have the administrator of HODC1 type a user name of Administrator and the password for the administrator of the houston.wingtiptoys.com domain, and then click Next.

9. On the Outgoing Trust Authentication Level--Local Forest page, click Forest-wide authentication, and then click Next.

10. On the Outgoing Trust Authentication Level--Specified Forest page, click Forest-wide authentication, and then click Next.

11. On the Trust Selections Complete page, click Next.

12. On the Trust Creation Complete page, click Next.

13. On the Confirm Outgoing Trust page, click Yes, confirm the outgoing trust, and then click Next.

14. On the Confirm Incoming Trust page, click Yes, confirm the incoming trust, and then click Next.

15. On the Completing the New Trust Wizard page, click Finish.

16. Repeat steps 2 through 15 to create the second two-way trust. Enter different information in steps d and h as appropriate.

17. In the newyork.tailspintoys.msft Properties dialog box, click OK.

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

13

Task 4

! Create one-way forest trusts

Important

davenport.adatum.msft, and chicago.consolidatedmessenger.msft each trust newyork.tailspintoys.msft. Perform this task on NYDC1, with the help of the administrators of HEDC1, DADC1, and CHDC1.

Create one-way trusts so that helena.treyresearch.msft,

1. In Active Directory Domains and Trusts, in the console tree, right-click newyork.tailspintoys.msft, and then click Properties.

2. On the Trusts tab, click New Trust.

3. On the Welcome to the New Trust Wizard page, click Next.

4. On the Trust Name page, in the Name box, type helena.treyresearch.msft and then click Next.

5. On the Trust Type page, click Forest trust, and then click Next.

6. On the Direction of Trust page, click One-way: incoming, and then click Next.

7. On the Sides of Trust page, click Both this domain and the specified domain, and then click Next.

8. On the User Name and Password page, have the administrator of HEDC1 type a user name of Administrator, and a password for the administrator of the helena.treyresearch.msft domain, and then click Next.

9. On the Incoming Trust Authentication Level--Specified Forest page, click Forest-wide authentication, and then click Next.

10. On the Trust Selections Complete page, click Next.

11. On the Trust Creation Complete page, click Next.

12. On the Confirm Incoming Trust page, click Yes, confirm the incoming trust, and then click Next.

13. On the Routed Name Suffixes--Local Forest page, click Next.

14. On the Completing the New Trust Wizard page, click Finish.

15. Repeat steps 2 through 14 to create the two additional one-way trusts. Enter different information in steps d and h as appropriate.

16. In the newyork.tailspintoys.msft Properties dialog box, click OK.

14

Lab B: Implementing the Active Directory Infrastructure for Tailspin Toys Answer Key

Exercise 9 Verifying the Active Directory Implementation

In this exercise, you will verify the Active Directory implementation to ensure that the key components of the infrastructure work as expected. Use the test plan that you created in Lab A to complete this exercise.

Task 1

! Log on as a user from Tailspin Toys

Log on as a user from Tailspin toys and verify that the key components work as expected.

Task 2

! Verify resource access

Try to access a resource and verify that you are successful.