windows server 2003 expert workshop
TRANSCRIPT
-
7/31/2019 Windows Server 2003 Expert Workshop
1/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Microsoft Windows Server 2003Expert Workshop
Hands-on Lab Exercises
-
7/31/2019 Windows Server 2003 Expert Workshop
2/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Table of Contents
TABLE OF CONTENTS......................................................................................................................... 2CLASSROOM LAYOUT......................................................................................................................... 4COMPUTER NAMES AND IP ADDRESSES ........................................................................................ 5LAB 01 INSTALL & CONFIGURING DNS SERVER ......................................................................... 6LAB 02 INSTALLING ACTIVE DIRECTORY...................................................................................... 13LAB 03 INSTALLING ADDITIONAL DOMAIN CONTROLLERS IN EACH DOMAIN .................... 18LAB 04 ELEVATE DOMAIN FUNCTIONAL LEVEL TO WINDOWS 2000 NATIVE MODE ........... 24LAB 05 TESTING THE AFFECTS OF REPLICATING CHANGES TO MULTI-VALUED
ATTRIBUTES ....................................................................................................................................... 27LAB 06 ELEVATE FOREST FUNCTIONALITY TO WINDOWS SERVER 2003 AND TEST MULTI-
VALUE REPLICATION ........................................................................................................................ 30LAB 07 CREATE MULTIPLE SITES ................................................................................................ 33LAB 08 TEST GLOBAL CATALOG FAILURE ................................................................................ 36LAB 09 ENABLE AND TEST UNIVERSAL GROUP CACHING ..................................................... 39LAB 10 RESET DIRECTORY SERVICES RESTORE MODE PASSWORD (OPTIONAL)............. 42LAB 11 CREATE AN INETORGPERSON OBJECT (OPTIONAL).................................................. 44LAB 12 MARK A SCHEMA OBJECT AS DEFUNCT (OPTIONAL) ................................................ 46LAB 13 CREATE AN APPLICATION PARTITION .......................................................................... 49LAB 14 RENAMING OF DOMAIN CONTROLLERS ....................................................................... 53LAB 15 RENAMING DOMAIN NETBIOS NAME (TO BE PERFORMED ON THE LAST DAY AS
AN OPTIONAL LAB) ........................................................................................................................... 56LAB 16 SETUP AND TEST CROSS FOREST TRUSTS ................................................................. 59LAB 17 IIS APPLICATION POOLS.................................................................................................. 65LAB 18 TERMINAL SERVICES (OPTIONAL) ................................................................................. 73LAB 19 REMOTE ASSISTANT (OPTIONAL) .................................................................................. 76LAB 20 CREATE SOFTWARE RESTRICTION POLICY (OPTIONAL)........................................... 80LAB 21 RESULT SET OF POLICY (RSOP) TOOLS (OPTIONAL) ................................................. 82
-
7/31/2019 Windows Server 2003 Expert Workshop
3/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
LAB 22 RESTORE DEFAULT GPOS (OPTIONAL) ....................................................................... 84LAB 23 - USING VOLUME SHADOW COPY SERVICE TO RECOVER FILES ................................ 86LAB 24 EFS ...................................................................................................................................... 90LAB 25 COMMAND LINE TOOLS (OPTIONAL) ........................................................................... 100APPENDIX A...................................................................................................................................... 102
-
7/31/2019 Windows Server 2003 Expert Workshop
4/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
CLASSROOM LAYOUT
DomainBDomainA DomainC DomainD
DomainFDomainE DomainHDomainG
W2K3.Net
Forest A Forest B
Forest E Forest G
Server01 Server02
Server16Server15Server14Server13Server12Server11Server10Server09
Server08Server07Server06Server05Server04Server03
Instructor
Forest
W2K3
All labs that are not optional must be done. This is to ensure that all labs at the end will function
correctly. Optional labs are at the discretion of the instructor.
-
7/31/2019 Windows Server 2003 Expert Workshop
5/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Computer Names and IP AddressesStudent
Number
Computer
Name
IP
Address
Subnet
Mask
DNS
Address
Domain Forest
01 Server01 10.1.1.1 255.255.0.0 10.1.1.1 DomainA.com DomainA.com
Forest
02 Server02 10.1.1.2 255.255.0.0 10.1.1.1 DomainA.com DomainA.com
Forest
03 Server03 10.1.2.3 255.255.0.0 10.1.2.3 DomainB.com DomainA.com
Forest
04 Server04 10.1.2.4 255.255.0.0 10.1.2.3 DomainB.com DomainA.com
Forest
05 Server05 10.1.1.5 255.255.0.0 10.1.1.5 DomainC.com DomainC.com
Forest
06 Server06 10.1.1.6 255.255.0.0 10.1.1.5 DomainC.com DomainC.com
Forest
07 Server07 10.1.2.7 255.255.0.0 10.1.2.7 DomainD.com DomainC.com
Forest
08 Server08 10.1.2.8 255.255.0.0 10.1.2.7 DomainD.com DomainC.com
Forest
09 Server09 10.1.1.9 255.255.0.0 10.1.1.9 DomainE.com DomainE.com
Forest
10 Server10 10.1.1.10 255.255.0.0 10.1.1.9 DomainE.com DomainE.com
Forest
11 Server11 10.1.2.11 255.255.0.0 10.1.2.11 DomainF.com DomainE.com
Forest
12 Server12 10.1.2.12 255.255.0.0 10.1.2.11 DomainF.com DomainE.com
Forest
13 Server13 10.1.1.13 255.255.0.0 10.1.1.13 DomainG.com DomainG.com
Forest
14 Server14 10.1.1.14 255.255.0.0 10.1.1.13 DomainG.com DomainG.com
Forest
15 Server15 10.1.2.15 255.255.0.0 10.1.2.15 DomainH.com DomainG.com
Forest
16 Server16 10.1.2.16 255.255.0.0 10.1.2.15 DomainH.com DomainG.com
Forest
-
7/31/2019 Windows Server 2003 Expert Workshop
6/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 01 Install & Configuring DNS Server
NOTE: This lab must be done before continuing with the rest of the labs.
Prerequisites
Must be familiar with DNS concepts and operations
Objectives
Install DNS Server services
Create Forward and Reverse Lookup Zones
Create and configure Conditional Forwarding
Test DNS by using nslookup command
Lab Setup
A computer running Windows Server 2003 Enterprise Server that is configured as astandalone server.
Static IP Address and subnet mask.
DNS domain name. Refer to the table on page 5 for this information.
-
7/31/2019 Windows Server 2003 Expert Workshop
7/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1 - Installing the Primary DNS Server Service
Goal
In this exercise, you will configure the DNS domain name of your computer and install DNS.
NOTE: The installation of DNS services will only take place on the following servers: Server1,
Server3, Server5, Server7, Server9, Server11, Server13 and Server15.
Tasks Detailed Steps
1. Start the Windows
Components wizard and
install the DNS
subcomponent of the
Networking Services. Copy
the required files from the
Windows Server 2003
Advanced Server compact
disc.
a. Log on as Administrator with a password ofpassword.
b. By default a screen called Manage Your Server will open.
This screen allows you to add roles to your server and to
manage your server roles.
c. UnderAdding Roles to Your Server, click Add or remove a
Role.
d. On the Preliminary Steps page, click Next.
e. On the Server Role page, select DNS Server and click Next.
f. On the Summary of Selections page, review the summary
and click Next.
DNS will start to install.(Insert Windows Server 2003 CD
when required)
2. Create a Standard Primary
Forward Lookup Zone for
your domain.
a. On the Welcome to the Configure a DNS Server Wizard
page, click Next.
b. On the Select Configuration Action page, select Create
forward and reverse lookup zones (recommended for
large networks) and click Next.
c. On the Forward Lookup Zone page, select Yes, create a
forward lookup zone now (recommended), click Next.
d. On the Zone Type page, select Primary Zone, click Next.
NOTE:SelectOnlyPrimary Zone on the first server in each
domain.
e. On the Zone Name page, enter the zone name for example
domainname.com and click Next.
f. Leave defaults on Zone File page, click Next.
g. On the Dynamic Update page, select Allow both non-
secure and secure dynamic updates, click Next.
-
7/31/2019 Windows Server 2003 Expert Workshop
8/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
3. Create a Standard Primary
Reverse Lookup Zone for
your Network ID.
a. On the Reverse Lookup Zone page, select Yes, create a
reverse lookup zone now, and click Next.
b. On the Zone Type page, select Primary Zone, click Next.
NOTE:The Primary Zone selection must only be used on the
first server in each domain.
c. On the Reverse Lookup Zone Name page, enter the
Network ID for your zone. For example 10.1.1
d. On the Zone File page leave as default, click Next.
e. On the Dynamic Update page, select Allow both secure
and non-secure dynamic updates, click Next.
4. Create Forwarders to the
instructors server.
1. On the Forwarders page, select Yes, it should forward
queries to DNS servers with the following IP addresses
2. Enter the instructors server IP address in: 10.1.200.1, click
Next.
It will start searching for Root Hints.
3. On the Completing the Configure a DNS Server Wizard,
click Finish.
NOTE: If an error message appears click OK. This message
states that it could not configure the Root Hints. Once completed
open the DNS server, right click the server name and then
select properties. UnderServerX properties select root hints.Ensure that the root hints is available.
4. On the This Server is Now a DNS Server page, click Finish.
5. Enter the Primary DNS Suffix
under the My Computer
properties
a. Click Start Right Click My ComputerProperties
b. Click Computer NameChangeMore
c. In the Primary DNS Suffix of this computer enter your DNS
domain suffix. E.g. DomainX.com
d. Click OK to close all windows and then click Yes to restart
the computer.
-
7/31/2019 Windows Server 2003 Expert Workshop
9/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
6. Ensure computer can resolve
both forward and reverse
lookups by means of
NSLOOKUP
a. Logon as Administrator with the password of password
b. Click Start Administrative Tools DNS
c. Expand your Server, then expand reverse lookup zones
d. Click on yoursubnet
e. Ensure that a pointer record exist for your computer.
f. If the pointer record does not exist create a pointer record by
right-clicking the subnet New Pointer Record
g. Under the New Resource Record enter the IP address of
the Host computer and enter the Host name under Host
Name.
h. Once completed click OK and close all windows.
i. Open the command prompt. Start Run CMD
j. At the command prompt, type NSLOOKUP
k. You will receive the following:
Default: computername.domainname.com
Address: 10.1.x.x
l. Exit NSLOOKUP by typing exit at the command prompt.
7. Add your partners computer
and IP Address to the Name
Servers
a. Open the DNS console
b. Expand your server and then expand forward lookup zone
c. Right-click your Domain name Properties Name
Servers
d. UnderName Servers, click Add
e. In the Server fully qualified Domain Name (FQDN), type
your partners computer name. E.g. server02.domaina.com
f. Under IP Address, enter your partners IP Address, click
Add, and then OK.
g. Click OK to close the Properties window. Close all otherwindows.
NOTE: DNS servers/services can still be installed using the Add/Remove Windows Components
underAdd/Remove Programs menu.
-
7/31/2019 Windows Server 2003 Expert Workshop
10/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 2 Installing the Secondary DNS Server Services
Goal
During this exercise you will install and configure your Server as a secondary DNS server. Only asecondary forward lookup zone will be created. The reverse lookup zone will be kept on the primary
DNS Server. Thus no secondary reverse lookup zone needs to be created.
NOTE: The installation of DNS services will only take place on the following servers: Server2,
Server4, Server6, Server8, Server10, Server12, Server14 and Server16.
Tasks Detailed Steps
1. Start the Windows
Components wizard and
install the DNS
subcomponent of the
Networking Services. Copy
the required files from the
Windows Server 2003
Advanced Server compact
disc.
a. Log on as Administrator with a password ofpassword.
b. By default a screen called Manage Your Server will open.This screen allows you to add roles to your server and to
manage your server roles.
c. UnderAdding Roles to Your Server, click Add or remove a
Role.
d. On the Preliminary Steps page, click Next.
e. On the Server Role page, select DNS Server and click Next.
f. On the Summary of Selections page, review the summary
and click Next.
DNS will start to install.(Insert Windows Server 2003 CD
when required)
2. Create a Secondary Forward
Lookup Zone for your
domain.
a. On the Welcome to the Configure a DNS Server Wizard
page, click Next.
b. On the Select Configuration Action page, select Create
forward and reverse lookup zones (recommended for
large networks) and click Next.
c. On the Forward Lookup Zone page, select Yes, create a
forward lookup zone now (recommended), click Next.
d. On the Zone Type page, click to select Secondary zone,
click Next.
e. On the Zone Name page, enter the Zone Name: and click
Next.
f. On the Master DNS Servers page, enter the IP Address of
your partners DNS server, click Add and then click Next.
-
7/31/2019 Windows Server 2003 Expert Workshop
11/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
g. On the Reverse Lookup Zone page, click No, dont create a
reverse lookup zone now, and click Next.
h. On the Forwarders page, select Yes, it should forward
queries to DNS servers with the following IP addresses
i. Enter the instructors server IP address: 10.1.200.1, click
Next.
It will start searching for Root Hints.
j. On the Completing the Configure a DNS Server Wizard,
click Finish.
NOTE: If an error message appears click OK. This message
states that it could not configure the Root Hints. Once
completed open the DNS server, right click the server name
and then select properties. UnderServerX propertiesselect root hints. Ensure that the root hints is available.
k. On the This Server is Now a DNS Server page, click Finish.
3. Enter the Primary DNS Suffix
under the My Computer
properties
a. Click Start Right Click My ComputerProperties
b. Click Computer NameChangeMore
c. In the Primary DNS Suffix of this computer enter your DNS
domain suffix. E.g. DomainX.com
d. Click OK to close all windows and then click Yes to restart
the computer.
Ask your partner to check to see if your pointer record has registered. If not ask him/her to create a
pointer record.
-
7/31/2019 Windows Server 2003 Expert Workshop
12/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 3 - Configure Conditional Forwarding in DNS
Goal
Students in each domain will be working as a team when setting up and configuring conditionalforwarding between multiple DNS servers.
Tasks Detailed Steps
1. Perform the following tasks
Test name resolution
using NSLOOKUP.
Setup conditional
forwarding betweenpartner forests DNS
zones
Use NSLOOKUP to
verify resolution to
partners forest.
Perform for each forest
and domain in class.
a. Open command prompt and type NSLOOKUP
b. At the prompt type, your partners FQDN in and press ENTER.
c. Open the DNS console, right-click your computer name
Properties and select Forwarders.
d. UnderDNS domain: click New and type in the domain name
of all partner domains in the classroom.
e. UnderSelected domains forwarder IP Address list: enter
the DNS server IP address of your partners domain and click
Add.
f. Use NSLOOKUP to see if you can resolve queries in your
partners domain.
g. Perform this for all domains in the classroom.
-
7/31/2019 Windows Server 2003 Expert Workshop
13/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 02 Installing Active Directory
NOTE: This lab is depended on lab 01.
Objectives
After completing this lab, you will be able to install Active Directory by using the Manage Your Server
Wizard.
NOTE: The Manage Your Server is used to familiarise yourself with the new Wizards and tasks that
can be performed. However, you can still promote a server to become a domain controller using the
DCPROMO command.
Prerequisites
Understand the logical components of Active Directory
Understand the purpose and function of Domain Controllers
Lab Setup
A computer running Windows Server 2003 Enterprise Server that is configured as a
standalone server.
Drive C formatted with NTFS
Static IP Address and subnet mask.
A domain name is required. Refer to the table on page 5 for this information.
A forward lookup zone is required that matches your domain name. The forward lookup zone
should have been created in exercise 1 of lab 01.
-
7/31/2019 Windows Server 2003 Expert Workshop
14/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1 Installing Active Directory
Goal
In this exercise, you will create a Windows 2003 domain by installing Active Directory. This will onlybe done on one computer in each domain. The rest of the servers will be promoted during a different
lab exercise.
Tasks Detailed Steps
1. Start the Active Directory
Installation Wizard to create:
A new domain controller
for a new domain.
A new domain tree.
A new forest of domain
trees
The following steps need to be performed on only these servers:
Server Name Forest Name
Server1 DomainA.Com Forest
Server5 DomainC.Com Forest
Server9 DomainE.Com Forest
Server13 DomainG.Com Forest
NOTE: These servers are the primary servers for each domain
which will be containing all the FSMO roles and the global catalog
service.
a. Log on as Administrator with a password ofpassword.
b. On the Manage Your Server page, click Add or remove arole.
c. On the Preliminary Steps page, click Next.
d. On the Server Role page, select Domain Controller (Active
Directory), click Next.
e. On the Summary of Selections page, click Next.
f. On the Welcome to the Active Directory Installation
Wizard page, click Next.
g. On the Operating System Compatibility page, review theinformation then click Next.
h. On the Domain Controller Type page, select Domain
Controller for a new domain, click Next.
i. In the Create New Domain page, select Domain in a new
forest, click Next.
j. On the New Domain Name page, enter your domain name in
and then click Next.
k. In the NetBIOS Domain Name page, select the default
-
7/31/2019 Windows Server 2003 Expert Workshop
15/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Domain NetBIOS name, click Next.
l. On the Database and Log Folders page, select the default
settings and click Next.
m. On the Shared System Volume page, select the default
settings and click Next.
n. Review the DNS Registration Diagnostics and click Next.
o. On the Permissions page, leave as default and click Next.
p. On the Directory Services Restore Mode Administrator
Password page, enter the Restore Mode Password:
password and Confirm password: password.
q. Review the summary and click Next.
r. Once completed Restart the Server.
s. Logon as Administrator and Click Finish.
2. Start the Active Directory
Installation Wizard to create:
A new domain controller
for a new domain.
A new domain tree in an
existing forest.
The following steps need to be performed on only these servers:
Server Name Forest Name
Server3 DomainA.Com Forest
Server7 DomainC.Com Forest
Server11 DomainE.Com Forest
Server115 DomainG.Com Forest
NOTE: These servers are the domain controllers for the second
domains within each forest. They will not contain the Global
Catalog service at this point.
a. Log on as Administrator and a password ofpassword.
b. On the Manage Your Server page, click Add or remove a
role.
c. On the Preliminary Steps page, click Next.
d. On the Server Role page, select Domain Controller (ActiveDirectory), click Next.
e. On the Summary of Selections page, click Next.
f. On the Welcome to the Active Directory Installation
Wizard page, click Next.
g. On the Operating System Compatibility page, review the
information then click Next.
h. On the Domain Controller Type, select Domain controller
-
7/31/2019 Windows Server 2003 Expert Workshop
16/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
for a new domain, click Next.
i. On the Create New Domain page, select Domain tree in an
existing forest, click Next.
j. On the Network Credentials page, enter the administrator
name and password. Enter the first domain name under
Domain. For example
Username = Administrator
Password = password
Domain = DomainA
k. On the New Domain Tree page, enter the DNS name for the
new domain, click Next.
l. In the NetBIOS Domain Name page, select the default
Domain NetBIOS name, click Next.
m. On the Database and Log Folders page, select the default
settings and click Next.
n. On the Shared System Volume page, select the default
settings and click Next.
o. Review the DNS Registration Diagnostics and click Next.
p. On the Permissions page, click Next.
q. On the Directory Services Restore Mode Administrator
Password page, enter the Restore Mode Password:
password and Confirm password: password.
r. Review the summary and click Next.
s. Once completed Restart the Server
-
7/31/2019 Windows Server 2003 Expert Workshop
17/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
3. Allow everyone the rights to
logon locally onto the domain
controllers and update the
policy.
This only needs to be done from one Domain Controller.
a. Log on as Administrator with a password of password.
b. On the Manage Your Server page, select Manage users
and computers in Active Directory.
c. In the left pane, right click Domain Controllers and select
Properties.
d. Select Group Policy underDomain Controller Properties.
e. Select the Default Domain Controller Policy and Click Edit.
f. Under the Group Policy Object Editor page navigate to
Computer ConfigurationWindows SettingsSecurity
Settings Local PoliciesUser Rights Assignment.
g. Double click Allow log on locally.
h. Under the Allow log on locally window, click Add User or
Group and add the Everyone group.
i. Click OK and close the Group Policy Object Editor window
and the Domain Controller Properties window.
j. Close Mange Users and Computers in Active Directory.
k. From the run command type the following command:gpupdate
-
7/31/2019 Windows Server 2003 Expert Workshop
18/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 03 Installing additional domain controllers ineach domain
NOTE: This lab is depended on lab 02.
Objectives
After completing this lab, you will be able to promote a member server to become a second Domain
Controller by using backup media.
Prerequisites
Understanding of how to use replica from media
Understanding of how to promote a server using the replica media
Knowledge on performing a back ups
Active Directory should have been configured in exercise 1 lab 02
Lab Setup
A computer running Windows Server 2003 Enterprise Server that is configured as a
standalone server
Drive C formatted with NTFS
Static IP Address and subnet mask
Connectivity to your partners computer
Sufficient disk space to keep a backup
Access to the Support Tools
-
7/31/2019 Windows Server 2003 Expert Workshop
19/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1 - Backup Current Domain Controllers
Goal
During this exercise your partner will backup his/her domain controller. Once the backup process hascompleted you will then copy the AD Backup.bkf file to you computer.
Tasks Detailed Steps
1. Backup the current system
state of the domain controller.
This part of the lab only needs to be performed on the students
computer that contains Active Directory.
a. Open Windows Explorer.
b. On the C:\drive create a folder called backup.
c. Once created, share this folder as backup
d. Open Backup. Start All Programs Accessories
System Tools Backup
e. On the Welcome to the Backup or Restore Wizard page,
deselect Always start in wizard mode, click Next.
f. On the Backup or Restore page, select Back up files and
settings, click Next.
g. On the What to Back Up page, select Let me choose what
to back up, click Next.
h. On the Items to Back Up page, expand My Computer on the
left pane and select System State, click Next.
i. On the Backup Type, Destination and Name page, type or
select the following:
Select the backup type: File
Choose a place to save your backup: Browse to
C:\Backup
Type a name for this backup: AD Backup
j. Click Next and then click Finish.
k. The backup process will start.
-
7/31/2019 Windows Server 2003 Expert Workshop
20/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
2. The following tasks needs to
be performed:
Copy back up file to your
computer.
Create Restore folder
Create Temp folder
These steps only need to be performed on the students
computers who are member servers.
a. Open Windows Explorer.
b. On the C:\drive, create a folder called Temp
c. On the C:\drive, create a folder called Restore.
d. Connect to your partners computer and copy the AD
Backup.bkf file to the Restore directory on your computer.
-
7/31/2019 Windows Server 2003 Expert Workshop
21/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 2 Promoting Member Servers to Domain Controllers
using the Replicate from Media method
Goal
In this exercise the servers without Active Directory will be promoted by means of using the replicate
from media method to become an Active Directory Domain Controller.
Tasks Detailed Steps
1. Restore System state data to
temp directory.
These steps only need to be performed from the member server
computers.
a. Open Backup. Start All Programs Accessories
System Tools Backup
b. On the Welcome to the Backup or Restore Wizard page,
deselect Always start in wizard mode, click Next.
c. On the Backup or Restore page, select Restore files and
settings, click Next.
d. On the What to Restore page, click Browse and browse to
the path c:\restore\Ad Backup.Bkf. Click OK.
e. In the Items to restore pane expand File, expand AD
Backup.Bkf then select System State tick box. Click Next.
f. On the Completing the Restore Wizard page, click
Advanced.
g. On the Where to Restore page, select Restore files to:
Alternative location.
h. In the Alternative Location: Type or Browse to c:\temp, click
Next.
i. On the How to Restore page, select Leave existing files(Recommended), click Next.
j. On the Advanced Restore Options page, accept the
defaults and click Next.
k. On the Completing the Restore Wizard page, click Finish.
2. Promote the server to a
Domain Controller using the
restored data
a. From the Run command type DCPROMO /ADV
b. On the Welcome to the Active Directory Installation
Wizard page, click Next.
-
7/31/2019 Windows Server 2003 Expert Workshop
22/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Wizard page, click Next.
c. On the Operating System Compatibility page, click Next.
d. On the Domain Controller Type page, select Additional
Domain Controller for an existing domain, click Next.
e. On the Copying Domain Information page, select the From
these restored backup files and then Browse to C:\temp,
click OK, then Next.
f. On the Global Catalog page, select No, click Next.
NOTE: This Domain Controller must NOT become a Global
Catalog server at this point in time.
g. On the Network Credentials page, enter the administrators
username and password and confirm the domain name is
correct, click Next.
h. On the Database and Log Folders page, accept the default
locations by clicking Next.
i. On the Shared System Volume page, accept the default
locations by clicking Next.
j. On the Directory Services Restore Mode Administrator
Password page, in the Password and Confirm password
boxes, type password and then click Next.
k. On the Summary page, review the options you selected, andthen click Next.
l. When the Completing the Active Directory Installation
Wizard page appears, click Finish and then restart your
computer.
-
7/31/2019 Windows Server 2003 Expert Workshop
23/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 3 Install Support Tools
Goal
This exercise needs to be performed on all the servers. The Windows 2003 Advanced server supporttools and utilities needs to be installed for later exercises.
Tasks Detailed Steps
1. Install Windows 2003 Server
Support Tools
a. Open Windows Explorer
b. Select the CD-Rom drive and then double click the Support
folder.
c. Double click the Tools folder.
d. Double click suptool.msi
e. On the Welcome to the Windows Support Tools Setup
Wizard page, click Next.
f. On the End User License Agreement page, select I Agree
then click Next.
g. On the User Information page, select default values and
click Next.
h. On the Destination Directory page, accept the default
locations and click Install Now.
i. On the Completing the Windows Support Tools Setup
Wizard page, click Finish.
-
7/31/2019 Windows Server 2003 Expert Workshop
24/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 04 Elevate Domain functional level toWindows 2000 Native Mode
NOTE: Do not rush through this lab exercise. If you do, you will not be able to go back and
correct your mistake! This lab is depended on lab 02.
Objectives
After completing this lab, you will be able to determine in which mode the domain is in and raise the
Domain functionality.
Prerequisites
Knowledge about the different Active Directory versioning
Knowledge about the different Active Directory functionality levels
Lab Setup
To complete this lab, you require a computer running Windows Server 2003 that is configured as a
Domain Controller.
-
7/31/2019 Windows Server 2003 Expert Workshop
25/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
This exercise consists of the following steps:
1. Use ADSI Edit to determine the current domain mode.
2. Raising the domain functional level to enable additional functionality. This will be required for
later exercises.
3. Use ADSI Edit to verify the change in the functional level.
Tasks Detailed Steps
1. Use ADSI Edit to verify that
nTMixedDomain = 1
This part of the exercise needs to be performed by all the
students.
a. From the Run Command type MMC then click OK.
b. On the Console click FileAdd/Remove Snap-in
c. UnderAdd/Remove Snap-in click Add
d. UnderAdd Standalone Snap-in, select ADSI Edit and click
Add, then close once added.
e. On the Add/Remove Snap-in page, click OK.
f. On ADSI Edit right click and select Connect to
g. Connection Settings window appears, accept default
settings and click OK.
h. Expand Domain.
i. Right click DC=DomainX,DC=com (where X is your domain
number) and select Properties.
j. Scroll down the attributes until you find nTMixedDomain.
Check to see if the value is set to 1.
k. Click OK to close the Properties page.
l. Save the console as ADSI Edit underAdministrative Tools
-
7/31/2019 Windows Server 2003 Expert Workshop
26/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
2. Raise the Domain
Functionality to Windows
2000 Native
Only one student per domain needs to perform the following task.
a. Open Active Directory Users and Computers.
b. Right click DomainX.com (where X is your domain letter) andselect Raise Domain Functional Level
c. On the Raise Domain Functional Level page, ensure that
Windows 2000 Native is selected and then click Raise.
d. A Message appear stating that: This change affects the
entire domain. After you raise the domain functional level
it cannot be reversed, click OK.
e. A second message appears stating that the Functional level
was raised successfully, click OK.
3. Use ADSI Edit to verify that
nTMixedDomain = 0
All students need to perform the following section.
a. Open ADSI Edit console that you saved.
b. Right click DC=DomainX,DC=com (where X is your domain
number) and select Properties.
c. Scroll down the attributes until you find nTMixedDomain.
Check to see if the value is set to 0.
d. Click OK to close the Properties page and Exit the console.
-
7/31/2019 Windows Server 2003 Expert Workshop
27/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 05 Testing the affects of replicating changesto multi-valued attributes
NOTE: This lab is depended on lab 02.
Objectives
After completing this lab, you will be able to test the affects of replicating changes to multi-valued
attributes.
Prerequisites
Be familiar with Active Directory Users and Computers
Understand how replication works between domain controllers
Active Directory should have been configured as in exercise 1 lab 02
Lab Setup
To complete this lab, you require computers running Windows Server 2003 that is configured as a
Domain Controllers. Only one computer in each of the forests should be configured as a Global
Catalog server.
-
7/31/2019 Windows Server 2003 Expert Workshop
28/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
In this exercise you will test the effects of replication changes between multi-valued attributes withinan organization. Students will create several user accounts and add two of them to a group. Then
the server with the global catalog will be unplugged and you will then add two more users to the group
from both the domain controllers. Once completed you will plug the network cable back in and see
which of these account successfully replicated across.
Tasks Detailed Steps
1. Create the following in the
User container:
Six user accounts:
User1, User2, User3,
User4, User5, User6
Global Group called
Group1
This part of the exercise can be performed by all students. Each
student needs to create three (3) user accounts and one user will
need to create a global group.
Open Active Directory Users and Computers.
a. Expand the domain name
b. On the User container right click New User
c. On the New Object User page, Fill in the following details
and then click Next
First name: User1
User logon name: User1
User logon name (pre-Windows 2000): User1
d. Enter a password called password and confirm the password
e. Deselect User must change password at next logon, click
Next and then click Finish.
f. Repeat Steps C F until all six (6) users are created.
g. On the User container right click New Group
h. In the Group Name enter Group1 and leave the settings as
default, click OK.
i. Double click the group called group1 and click the Members
Tab.
j. Click Add enter User1; User2 and the click Check Names,
click OK twice.
k. Ensure that the users and group has replicated before
continuing.
Unplug the Network Cable form the machine that contains the Global Catalog.
-
7/31/2019 Windows Server 2003 Expert Workshop
29/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
2. Perform the following
Add User3 to Group1 on
the first DC.
Add User4 to Group1 on
the second DC.
Perform these steps on the first DC
a. Double click the group called group1 and click the Members
Tab.
b. Click Add, enter User3 and the click Check Names, and click
OK twice.
Perform these steps on the second DC
c. Double click the group called group1 and click the Members
Tab.
NOTE: A message appears stating that a Global Catalog
cannot be located to retrieve the icons for the member list.
Some icons may be shown. Click OK.
d. Click Add, enter User4 and the click Check Names, and click
OK twice.
3. Plug the Network Cable back
in and force replication
Perform the following task on any of the DC
a. From the Run command type the following syntax:
repadmin.exe /syncall /P
What are the results on the group membership and why?
-
7/31/2019 Windows Server 2003 Expert Workshop
30/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 06 Elevate forest functionality to WindowsServer 2003 and test multi-value replication
NOTE: This lab is depended on lab 02 & lab 04
Objectives
After completing this lab, you will be able to:
Elevate the forest functionality
Test multi-value replication
Prerequisites
Understand the different Forest functionalities
Understand how replication works between domain controllers
Domain functional level should been configured as in exercise 1 Lab 04
Lab Setup
To complete this lab, you require computers running Windows Server 2003 that is configured as a
Domain Controllers. Only one computer in each of the forests should be configured as a Global
Catalog server.
-
7/31/2019 Windows Server 2003 Expert Workshop
31/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goaln
This exercise is almost the same as in Lab 05. However you will first elevate the forest functionality to.Net and then test the effects of multi-valued replication. Once this has been done you will again
disconnect the network cable from the Global Catalog server and add an account to the group on both
domain controllers. Then plug the cable back in and replicate the information to see what effect the
elevation of the forest functionality has.
Tasks Detailed Steps
1. Raise the Forest
Functionality to Windows.Net
Perform the following task on only one of the Domain Controllers.
Decide between each other how will perform this task.
a. Open Active Directory Domains and Trusts.
b. Right click Active Directory Domains and Trusts and select
Raise Forest Functional Level.
c. On the Raise Forest Functional Level accept the default
settings and click Raise.
d. Two messages appear, read the messages and then click
OK for each of them.
2. Use ADSI Edit to verify that
mSDS-Behavior-Version = 2
This task should be performed by all students.
a. Open ADSI Edit console that you saved.
b. Right click DC=DomainX,DC=com (where X is your domain
number) and select Properties.
c. Scroll down the attributes until you find mSDS-Behavior-
Version. Check to see if the value is set to 2.
a. Click OK to close the Properties page and Exit the console
Unplug the Network Cable form the server that contains the Global Catalog.
3. Perform the following
Add User5 to Group1 on
the first DC.
Add User6 to Group1 on
the second DC.
Perform these steps on the first DCs
a. Double click the group called group1 and click the Members
Tab.
b. Click Add enter User5 and the click Check Names, click OK
twice.
Perform these steps on the second DC
-
7/31/2019 Windows Server 2003 Expert Workshop
32/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
c. Double click the group called group1 and click the Members
Tab.
NOTE: A message appears stating that a Global Catalog
cannot be located to retrieve the icons for the member list.
Some icons may be shown. Click OK.
d. Click Add enter User6 and the click Check Names, click OK
twice.
4. Plug the Network Cable back
in and force replication
Perform the following task on any of the DC
b. From the Run command type the following syntax:
repadmin.exe /syncall /P
Review the group membership. Is there a difference Why?
-
7/31/2019 Windows Server 2003 Expert Workshop
33/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 07 Create Multiple Sites
NOTE: This lab is depended on lab 02.
Objectives
Create a site and subnet
Configure the properties of a site link
Prerequisites
Understanding of TCP/IP subnets
Understanding of Sites and Site Links
Lab Setup
To complete this lab, you require computers running Windows Server 2003 that is configured
as a Domain Controllers.
User performing the tasks should have Enterprise Admin Rights
-
7/31/2019 Windows Server 2003 Expert Workshop
34/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
NOTE: Students should NOT modify their IP addresses at any stage during this lab!!
In this exercise student will work in teams, where they will create several sites within the Active
Directory Sites and Services. In additional to this you will also create subnet masks and map these
subnet masks to each of the sites that where created. After completing the creation of the sites and
subnet masks you will then move the appropriate servers into the correct sites.
Tasks Detailed Steps
1. Create two new sites with
the name of Site1 and Site2
and link it to the
DEFAULTSITELINK
Perform the following tasks on only one Domain Controller in
each forest.
a. Open Active Directory Sites and Services from the
Administrative Tools menu, right click Sites and then click
New Site.
b. In the Name box, type Site1 in and select
DEFAULTIPSITELINK and click OK.
c. Review the message and click OK.
d. Repeat steps B & C for Site2
2. Create a new subnet object
with the network ID of
10.1.x.0/24 (where x is 1 for
forest root domain and x = 2
for second domains).
Associate the subnet object
with your site.
a. In Active Directory Sites and Service, right click Subnets and
then click New Subnet.
b. In the New Object Subnet dialog box, in the Address box,
type 10.1.x.0 (where x is 1 for forest root domain and x = 2 for
second domains).
c. In the Mask box, type 255.255.255.0
d. UnderSite Name, click Site1 and then click OK.
e. Repeat steps A D forSite2
3. Perform the following tasks
on/in the Inter-Site Transport
object:
Set the properties of
Inter-Site Transport for
the IP to Ignore
Schedules.
Change the
a. In Active Directory Sites and Service, expand Inter-Site
Transports.
b. Right click IP and then click Properties.
c. On the Properties page, select Ignore Schedule and click
OK.
d. In the IP object container right click DEFAULTIPSITELINK
and click Properties.
e. On the DEFAULTIPSITELINK Properties page, change the
-
7/31/2019 Windows Server 2003 Expert Workshop
35/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
DEFAULTIPSITELINK
replication value to 15
minutes.
Replicate very, value to 15 minutes and click OK.
4. Move the server to the
appropriate sites.
a. In Active Directory Site and Services, expand Default-
First-Site-Name then expand Servers.
b. Right click ServerX (where X is your server name in your
domain) and then click Move.
c. In the Move Server page, click the Site to which your server
needs to be moved and then click OK.
d. Repeat Steps B and C for all the domain controllers.
Run the following command on all servers: Repadmin /kcc serverX.domainX.com
(Where X is your server or domain number/letter).
-
7/31/2019 Windows Server 2003 Expert Workshop
36/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 08 Test Global Catalog Failure
NOTE: This lab is depended on lab 02.
Objectives
After completing this lab, you will be able to see and understand the importance of a Global Catalog
server within an organization
Prerequisites
Knowledge about the role of a Global Catalog server
Sites and Subnets should have been configured in exercise 1 Lab 07
Lab Setup
To complete this lab, you require computers running Windows Server 2003 that is configured
as a Domain Controllers.
A single Global Catalog Server within each Forest
-
7/31/2019 Windows Server 2003 Expert Workshop
37/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
All students that do not have a Global Catalog service on their domain controller will perform thisexercise. You will logon as a client that does not have any administrative rights on the server to see
the effects it has on a failed Global Catalog service or if no Global Catalog service is available.
Tasks Detailed Steps
1. Check to see if everyone
group has the rights to Log
on Locally
Check to see if the Everyone group has the rights to Log on
Locally
a. Open Active Directory Users and Computers.
b. Expand your domain and right click Domain Controllers and
select Properties.
c. Select Group Policy on the Domain Controllers Properties
page.
d. Select the Default Domain Controller Policy and Click Edit
e. Under the Group Policy Object Editor page navigate to
Computer ConfigurationWindows SettingsSecurity
Settings
Local Policies
User Rights Assignment.
f. Double click Allow log on locally.
g. Under the Allow log on locally window, Ensure that the
Everyone group is added.
h. If not, add the Everyone group.
i. From the run command run: gpupdate.exe /force
2. Create user account in the
2nd
domain of the forest and
force replication after thecreation of the account.
a. Open Active Directory Users and Computers.
b. Expand the domain name
c. On the User container right click New User
d. On the New Object User page, Fill in the following details
and then click Next
First name: Peter1
User logon name: Peter1
User logon name (pre-Windows 2000): Peter1
e. Enter a password called password and confirm the password
-
7/31/2019 Windows Server 2003 Expert Workshop
38/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
as password.
f. Deselect User must change password at next logon, click
Next and then click Finish.
g. Force replication by running this syntax: repadmin.exe
/syncall /P
Log on with the newly created account on all GC servers. Then logoff the account.
Unplug the Network Cable on the 1st
DC/GC in the forest root domain. Perform this task on all the
servers that contains Global Catalogs. These servers are 1, 5, 9 and 13.
3. On the second domain in the forest, logon as the newly created user in that domain. The Global
Catalog must not be available. This can take some time.
What was the result and Why?
Plug the Network Cable back in once the lab has been completed.
-
7/31/2019 Windows Server 2003 Expert Workshop
39/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 09 Enable and Test Universal Group Caching
NOTE: This lab is depended on lab 02 & 07
Objectives
After completing this lab, you will be able to configure and manage Universal Group Caching.
Prerequisites
Knowledge of Global Catalog servers
Knowledge of Universal Group Caching
Sites and Subnets should have been configured in exercise 1 Lab 07
Lab Setup
To complete this lab, you require computers running Windows Server 2003 that is configured
as a Domain Controllers.
A single Global Catalog Server within each Forest
User performing the tasks should have Enterprise Admin Rights
-
7/31/2019 Windows Server 2003 Expert Workshop
40/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
Only the students without a Global Catalog will be doing this exercise. In this exercise, you willenable universal group caching and test client logons once again to see the effects of universal group
caching.
Tasks Detailed Steps
1. In the second domain set the
NTDS Site Settings to
cache membership from the
Partner site which is the
first domain. Force
Replication.
This should only be done from the second domain in each of the
forests.
NOTE: Before you can do this exercise you require Enterprise
Admin rights. Use the Run As command when opening Active
Directory Sites and Services. Logon as the Administrator of the
root domain in your forest.
a. Open Active Directory Sites and Services, expand Sites
and then select the site in which you want to Enable
Universal Group Membership Caching.
b. In the Details pane on the right, right-click NTDS Site
Settings and then click Properties.
c. Select the Enable Universal Group Membership Caching
check box.
d. In Refresh Cache from, click Site1 from which this Site2 will
refresh its cache from, click OK.
e. From the Run command type the following syntax in:
repadmin /syncall /P
Logon to the DC in the second domain with account details that does not contain any admin rights.
This will populate the cache.
Unplug the network cable from the back of the machine that hosts the Global Catalog.
From second domain in the forest, logon with the user account that does not contain administrative
right. Remember the Global Catalog must not be available.
-
7/31/2019 Windows Server 2003 Expert Workshop
41/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
What is the result and Why?
-
7/31/2019 Windows Server 2003 Expert Workshop
42/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 10 Reset Directory Services Restore Modepassword (Optional)
Objectives
After completing this lab, you will be able to reset the Directory Services Restore Mode password.
Prerequisites
Knowledge about the NTDSUTIL utility
Active Directory should be configured as in exercise 1 Lab 02
Lab Setup
A computer running Windows Server 2003 Enterprise Server that is configured as a Domain
Controller
-
7/31/2019 Windows Server 2003 Expert Workshop
43/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
All students will perform this exercise. You must change the Directory Services Restore ModePassword.
Tasks Detailed Steps
1. Use the NTDSUTIL to rest
the DSRM password to
password
a. Open the Command Prompt window.
b. At the command prompt, type NTDSUTIL and press
ENTER.
c. At the NTDSUTIL prompt type, set DSRM Password and
press ENTER.
d. At the Set DSRM Password prompt, type Reset Password
on Server Null (Null is used the local server) and press
ENTER.
e. At the Please type password for DS Restore Mode
Administrator Account: type password and press ENTER.
f. At the Please confirm new password: type password and
press ENTER.
g. At the Reset DSRM Administrator Password prompt, typequit and press ENTER
h. At the NTDSUTIL prompt, type quit and press ENTER
i. Close the command prompt window.
-
7/31/2019 Windows Server 2003 Expert Workshop
44/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 11 Create an InetOrgPerson Object (Optional)
Objectives
After completing this lab, you will be able to create an InetOrgPerson.
Prerequisites
Knowledge of using Active Directory Users and Computers
Active Directory should be configured in exercise 1 Lab 02
Lab Setup
A computer running Windows Server 2003 Enterprise Server that is configured as a Domain
Controller
-
7/31/2019 Windows Server 2003 Expert Workshop
45/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
All students can perform this exercise. Here you will create an inetOrgPerson account within theActive Directory.
Tasks Detailed Steps
1. Create an inetOrgPerson
account with a password of
password.
a. Open Active Directory Users and Computers.
b. Expand yourdomain and right-click the Users container,
select New and then select InetOrgPerson.
c. In the New Object InetOrgPerson windows, type studentX
(where X is your student number) in the First name and UserLogon name boxes, click Next.
d. In the password field type password and confirm the
password. Deselect User must change password at next
logon, click Next and then Finish.
Logoff as Administrator and logon as the newly created account.
-
7/31/2019 Windows Server 2003 Expert Workshop
46/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 12 Mark a Schema object as defunct (Optional)
NOTE to Instructor (If not already done) - Create a directory called OIDGen on your computer and
share that directory as OIDGen. Ensure that the application called OIDGen is available in the
directory. The application is available on the Windows 2000 Resource Kit.
Objectives
After completing this lab, you will be able to create a schema object and mark the object as defunct.
Prerequisites
Knowledge of schema objects
Active Directory should be configured in exercise 1 Lab 02
Lab Setup
A computer running Windows Server 2003 Enterprise Server that is configured as a DomainController
Schema Administrator rights to be able to create new schema objects
OIDGEN to create unique Object Identifiers
-
7/31/2019 Windows Server 2003 Expert Workshop
47/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
This exercise needs to be preformed by all students. You will create an attribute within the ActiveDirectory schema. Once you have created this attribute in the Active Directory, you will then make
this object defunct. You will also create a second attribute with the same settings as the first one to
see the effects of an attribute that has already been created.
Tasks Detailed Steps
1. Perform the following tasks
Register the Schema
Management Snap-in.
Copy and Run OIDGen
from your computer to
generate an Object
Identifier.
a. Connect to you instructors computer and copy the OIDGen
file to the temp directory on your local computer.
b. From the command prompt, run OIDGen.exe
c. Do not close the command prompt.
d. At the run command type the following command in: regsvr32
c:\windows\system32\schmmgmt.dll and then press
ENTER.
2. Perform the following task:
Create a new attribute
called studentX (where X
is your student number).
Remove Attribute is
active of the newly
created attribute.
Refresh to ensure
attribute is no longer
available.
a. Create a custom MMC console and add the Active
Directory Schema.
b. Expand Active Directory Schema, right-click Attributes,
click Create Attribute.
c. On the Warning message, click Continue.
d. On the Create New Attribute page, type StudentX (where X
is your student name) into the following boxes, Command
Name and LDAP Display Name.
e. In the Unique X500 Object ID: enter the Attribute Base OID
number generated by the OIDGen application.
f. Under the Syntax select Integer and click OK.
g. Browse to the newly created Object, right-click Properties
and deselect Attribute is Active.
h. Click Yes to accept the Warning Message and click OK.
i. Refresh to verify that the attribute is not visible in Schema
Management.
3. Perform the following tasks
Use Show defunct
objects in Schema
a. In the Schema Management Console, click View and then
Defunct Objects.
-
7/31/2019 Windows Server 2003 Expert Workshop
48/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Management or use
ADSI Edit to locate the
Attribute.
b. Browse to the object and see that the Status of the object is.
c. Open the ADSI Edit console, right-click ADSI Edit and select
Connect To.
d. On the Connection Settings page, select Schema under the
dropdown list ofSelect a well known Naming Context, and
click OK.
e. Browse for the attribute that you created, right-click
Properties.
f. Ensure the value ofisDefunct is set to TRUE, click OK and
close ADSI Edit.
Create a new Attribute with the same settings as the defunct attribute.
Does this work?
Note: While you can reuse the OID and LDAP name you cannot reuse the common name.
-
7/31/2019 Windows Server 2003 Expert Workshop
49/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 13 Create an application partition
Objectives
After completing this lab, you will be able to create application partitions and replicate these partitions
to different domain controllers within you domain or forest.
Prerequisites
Knowledge of application partitions
Knowledge of the NTDSUTIL utility
DNS should be configured as in exercise 1 Lab 01
Active Directory should be configured as in exercise 1 Lab 02
Lab Setup
Computers running Windows Server 2003 Enterprise Server that is configured as a Domain
Controller
A computer running DNS Server
Network connectivity between computers within the same forest
-
7/31/2019 Windows Server 2003 Expert Workshop
50/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
All students can perform this exercise. Here you will create an application partition and then replicatethis partition to all domain controllers with the Active Directory domain/forest.
Tasks Detailed Steps
1. Perform the following tasks:
On each DC use
NTDSUTIL to create an
Application Partition
called ApptestX (where
X is you student number)
Add a replica of the
application partition to
your partners Domain
Controller.
a. Open the command prompt window.
b. At the command prompt, type NTDSUTIL and press
ENTER.
c. At the NTDSUTIL prompt type, Domain Management and
press ENTER.
d. At the Domain Management prompt type, connections and
press ENTER.
e. At the Server connections prompt, type Connect to server
[your server name], and press ENTER. Example: connect to
server server1
f. At the Server connections prompt type, quit and press
ENTER.
g. At the Domain Management prompt type, list and pressENTER.
This will show you all the Directory Partitions for the forest.
h. At the Domain Management prompt type, create nc
dc=APPTESTX (where X is your student number),dc=your
domain name,dc=com Null, press ENTER. Example:
create nc dc=applicationpartition,dc=domainX,dc=com null
i. At the Domain Management prompt type, list and press
ENTER.
j. At the Domain Management prompt type, Add nc replica dc
=APPTESTX,dc=your domain name,dc=com
server2.yourDomainName.com and press ENTER.
Example: Add nc replica
dc=APPTESTX.dc=domainX,dc=com serverx.domainx.com
k. At the Domain Management prompt type, list nc replicas
-
7/31/2019 Windows Server 2003 Expert Workshop
51/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
dc=APPTESTX,dc=domainX,dc=com and press ENTER.
l. At the Domain Management prompt type, quit and press
ENTER.
m. At the NTDSUTIL prompt type, quit and press ENTER.
2. Perform the following tasks:
Create a new DNS zone
and store the information
into the application
partition.
Force Replication
Verify that all zones are
updated on both
DC/DNS servers
a. Open the command prompt
b. At the command prompt runrepadmin /kcc
/serverx.domainx.com
c. Also stop and start the DNS Services by running:
d. Net stop DNS and then Net Start DNS.
e. Open DNS console and expand your server name.
f. On the Forward Lookup Zones, right-click and select New
Zone.
g. On the Welcome to the New Zone Wizard page, click Next.
h. On the Zone Type page, select Primary Zone, leave the
Store the zone in Active Directory (available only if DNS
server is a domain controller) tick box and click Next.
i. On the Active Directory Zone Replication Scope page,
select To all domain controllers specified in the scope of
the following application directory.
j. Select the Application partition that you created, (ApptestX,
where x is your student number) and click Next.
k. On the Zone Name page, type Nwtraders.com and click
Next.
l. On the Dynamic Update page, select Allow only secure
dynamic updates (recommended for Active Directory),
click Next.
m. On the Completing the New Zone Wizard page, click
Finish.
n. Force replication between the DC/DNS servers using the
repadmin /syncall /P command.
3. Use ADSI Edit to view
properties of the Application
partition.
a. Open the ADSI Edit Console that you created earlier.
b. Right-click ADSI Edit, select Connect to
c. On the Connection Settings page, UnderSelect a well
known Naming Context select Configuration, and press
OK.
-
7/31/2019 Windows Server 2003 Expert Workshop
52/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
d. Expand the Configuration container and click Partitions.
e. On the right side underDirectory Partition Name find your
partition you created and Browse its properties.
f. Exit and close ADSI Edit.
-
7/31/2019 Windows Server 2003 Expert Workshop
53/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 14 Renaming of Domain Controllers
Objectives
After completing this lab, you will be able to rename Domain Controllers.
NOTE: There is several ways in renaming Domain Controllers. In this exercise, the command line
version will be used to rename the Domain Controllers. Ask the instructor to demo the renaming of a
Domain Controller using the GUI.
Prerequisites
Knowledge, which regards to the impact a renaming of Domain Controllers, can have.
Knowledge about the NETDOM utility
Active Directory should be configured in exercise 1 Lab 02
Fully Qualified Domain Name (FQDN) of your domain
-
7/31/2019 Windows Server 2003 Expert Workshop
54/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
NOTE: Fully Qualified Domain Names (FQDN) must be used when performing this exercise.
Perform the rename exercise on only one Domain Controller at a time. Wait for the process to
complete before continuing. The table below defines the current and the new server name you mustuse.
Old Computer Name New Computer Name
Server1 Server101
Server2 Server102
Server3 Server103
Server4 Server104
Server5 Server105
Server6 Server106
Server7 Server107
Server8 Server108
Server9 Server109
Server10 Server110
Server11 Server111
Server12 Server112
Server13 Server113
Server14 Server114
Server15 Server115
Server16 Server116
-
7/31/2019 Windows Server 2003 Expert Workshop
55/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Tasks Detailed Steps
1. Using the Netdom command
rename your server. Use the
table above for your new
computer name. Also checkto see if your computer has
been successfully renamed.
NOTE: ServerX = original server name while ServerY = New
Server Name
a. Open the command prompt.
The command below will be used to add the new server
name.
b. At the command prompt type: netdom computername
serverx.domainx.com /add:servery.domainx.com and
press ENTER. (Serverx is your old server number and
servery is your new server number. Domainx is your domain
letter).
The command is used to make the new name the primaryname.
c. At the command prompt type: netdom computername
serverx.domainx.com /makeprimary
servery.domainx.com and press ENTER.
This command enumerates the old computer name.
d. At the command prompt type, netdom computername
serverx.domainx.com /enumerate, press ENTER.
e. Reboot the server.
f. Logon as the administrator.
g. Open the command prompt.
This command will remove the old server name.
h. At the command prompt type, netdom computername
servery.domainx.com /remove serverx.domainx.com,
press ENTER.
i. Reboot the server.
j. Logon as administrator, open command prompt, type
hostname and press ENTER.
This will show you if you computer has been successfully
renamed.
-
7/31/2019 Windows Server 2003 Expert Workshop
56/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 15 Renaming Domain NetBIOS Name (To beperformed on the last day as an optional lab)
Objectives
After completing this lab, you will be able to:
Rename the NetBIOS name of the Domain
Prerequisites
Thorough understanding of Domain Renaming
DNS should be configured as in exercise 1 Lab 01
Active Directory should be configured as in exercise 1 Lab 02
Lab Setup
To complete this lab, you require computers running Windows Server 2003 that is configured
as Domain Controllers.
-
7/31/2019 Windows Server 2003 Expert Workshop
57/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
This exercise must only be done at the end of the week. You will be working with your partner duringthis exercise. The goal of this exercise is to rename the current NetBIOS domain name to a new
NetBIOS domain name. The utility that will be used to rename the NetBIOS domain names is
rendom.exe.
Tasks Detailed Steps
1. Perform the following tasks
to prepare the domain for
renaming:
Configure DNS to
support the New domain
name called
DomainRenameX
(where X is your domain
letter)
DNS must be AD
integrated, support
dynamic updates and
have a Host record for
the server.
Copy random.exe and
GPFixup.exe to
c:\domainrename
Perform the following on all the odd numbered Domain
Controllers.
a. Open DNS console and create a Forward Lookup Zone
called DomainrenameX.com (where X is your domain letter).
Ensure that the zone AD integrated is selected and
Replicated to all DNS server in the forest is selected.
b. Ensure there is a Host (A) record created. If not perform the
following action:
c. Right-click the newly created domain name and select New
Host (A)
d. In the New Host page, type in your server name in the
Name (uses parent domain name if blank): box.
e. Under the IP address, enteryour machines IP address in
then click Add Host.
f. Close DNS Console
Perform the following on all Even number Domain Controllers
g. Create a directory called domainrename on the c:\ drive.
h. Copy all the files in the VALUEADD\MSFT\MGMT\DOMREN
which is located on your Windows 2003 Advanced Server into
this directory.
-
7/31/2019 Windows Server 2003 Expert Workshop
58/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
2. The following tasks need to
be performed to rename the
domain.
Rendom /list
Save a copy of
Domainlist.xml as
domainlist-save.xml
Edit NetBIOS name in
domainlist.xml file and
save it.
Rendom /showforest and
verify change is correct.
Rendom /upload and
view content of dclist.xml
Run repadmin /syncall /P
Rendom /prepare and in
dclist.xml verify that
Prepared is true for all DCs.
Rendom /execute and in
dclist.xml verify that
done is
true for all DCs
The following tasks need to be performed from all the even
numbered domain controllers in each domain. However it is
recommended that your partners follow in what you are doing.
a. Open the command prompt and type cd\domainrename
and press ENTER.
b. At the domainrename prompt type: random /list
c. Save a copy of the domainlist.xml file as domainlistsave.xml
in the same directory.
d. Change the domain NetBIOS name by editing the sections
between in the
domainlist.xml file and save the changes.
e. At the domainrename prompt type: random /showforest toverify that your changes are correct.
f. At the domainrename prompt type: random /upload and view
the contents ofdclist.xml
g. On all domain controllers within the forest run the following
syntax: repadmin /syncall /P
h. At the domainrename prompt type: random /prepare and
verify in the dslist.xml that prepare< /STATE > is
true for all DCs.
i. At the domainrename prompt type: random /execute and
verify in the dslist.xml that done< /STATE > is true
for all DCs
j. All the machines in the forest will automatically reboot.
k. Logon and run the command below.
Run GPFixup /oldnb:OldDomainNetBIOSName /Newnb:NewDomainNetBIOSName
/dc:DCdnsName
Restart all odd numbered domain controllers in the domain/forest. After logon, all the evenly
numbered domain controllers must be restarted.
Run repadmin /syncall /P on all the domain controllers in the forest. If you get an error message
restart the computer again and retry the command again.
NOTE: The control station might need to be rebooted twice before the command will work.
-
7/31/2019 Windows Server 2003 Expert Workshop
59/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 16 Setup and Test Cross Forest Trusts
Instructor Note: review with students trust directions. Make sure they know the difference between
trusted and trusting.
Objectives
After completing this lab, you will be able to create cross-forest trust relationships and administer
these cross-forest trusts.
Prerequisites
Knowledge on the different types of trust relationships
Multiple Active Directories should be configured as per exercise 1 Lab 02
Multiple Forest should have be created within the classroom environment
-
7/31/2019 Windows Server 2003 Expert Workshop
60/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
Students will work as a team during this exercise. A Forest Trust relationship needs to beimplemented between the following forests:
Forest A and Forest C.
Forest E and Forest G.
Forest C and W2K3.Net forest
Forest G and W2K3.Net forest
Tasks Detailed Steps
1. Create a two-way trust
relationship between two
forests within the classroom.
a. Open Active Directory Domains and Trusts, select the
domain and click Properties.
b. In Properties of the domain click Trusts and click New
Trust.
c. On the Welcome to the New Trust Wizard page, click Next.
d. In the Trust Name page, under Name enter the NetBIOS
name of the forest root domain you want to trust, click Next.
e. On the Trust Type page, select Forest Trust and click Next.
f. On the Direction of Trust page, select Two-Way and click
Next.
g. On Sides of Trust page, select Both this domain and the
specified domain, click Next.
h. On the User Name and Password page, enter
Administrator into the User Name box and password into
the Password box, click Next.
i. On the Outgoing Trust Authentication Level Local
Forest page, select Forest-wide authentication and click
Next.
j. On the Outgoing Trust Authentication Level Specified
Forest page, select Forest-wide authentication and click
Next.
k. On the Trust Selections Complete page, review the settings
and click Next.
l. On the Trust Creation Complete page, review settings and
click Next.
-
7/31/2019 Windows Server 2003 Expert Workshop
61/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
m. On the Confirm Outgoing Trust page, select Yes, confirm
the outgoing trust, click Next.
n. On the Confirm Incoming Trust page, select Yes, confirm
incoming trust, click Next.
o. On the Completing the New Trust Wizard page, click
Finish.
p. Click OK to close the domainx.com properties page and close
Active Directory Domains and Trusts.
-
7/31/2019 Windows Server 2003 Expert Workshop
62/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 2 Test cross forest resource access
Tasks Detailed Steps
1. Create a folder called forest
and share it as forest. Give
users from a different forest
the Change rights
permission to the directory
shared directory.
a. On the servers create a directory called Forest and share the
directory as Forest.
b. Click Permissions in Forest Properties.
c. Click Add underPermissions for Forest.
d. On the Select Users, Computers, or Groups click
Locations
e. Click DomainX.com (Where X is the domain letter with how
you created a forest trust with) then click OK.
f. In Enter the object names to select type in Domain Usersand click Check Names, click OK.
g. In the windows forPermissions for Domain Users select
Allow Change, click OK.
h. Click OK to close Forest Properties.
2. a. Logon as a user that was created earlier.
b. From the Run command type: \\serverx\forest (where X is the
server number), click OK.
c. Once open right-click in the blank area, select new and thenselect bitmap image, press ENTER.
d. Close the window. This has allowed you to create a file on
the server in a different forest.
-
7/31/2019 Windows Server 2003 Expert Workshop
63/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 3 Test cross forest delegations
Tasks Detailed Steps
1. Create an OU called
DelegateX (where X is your
student number) and assign
the Domain Admins in the
trusted domain access to
create and delete users.
a. Open Active Directory Users and Computers and click on
the Users Container.
b. Create an OU called DelegateX (Where X is your student
number)
c. Right-click the OU and click Delegate Control
d. On the Welcome to the Delegation of Control Wizard, click
Next.
e. On the Users or Groups page, click Add, click Locations
and highlight the second forest then click OK.
f. In the Enter the object names to select type Domain Admins
and click Check Names, click OK.
g. On the Users or Groups page, ensure that
DomainX\Domain Admins is selected, click Next.
h. On the Tasks to Delegate page, select Create, delete, and
Manage user accounts, click Next.
i. On the Completing the Delegation of Control Wizard page,
click Finish.
j. Logof from the computer
-
7/31/2019 Windows Server 2003 Expert Workshop
64/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
2. Test the Delegation by
creating a User account in
the OU in your partners
forest domain.
Logon as a user with Domain Admin rights before starting this
exercise. The user must not be the Administrator account.
a. Open Active Directory Users and Computers, right-click
your domain and select Connect to Domain.
b. On the Connect to Domain page, type the domain name in
to which you want to connect and click OK.
c. Expand the domain to which you connected and click the OU
called DelegationX (where X is will be the student number of
the user that administers that domain).
d. Right-click the OU and click New User.
e. Type a user name into the following boxes: First name and
User logon Name, click Next.
f. Type in password in the Password and Confirm password
boxes, click Next.
g. Review the details and click Finish.
-
7/31/2019 Windows Server 2003 Expert Workshop
65/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Lab 17 IIS
Objectives
After completing this lab, you will be able to:
Installing and Configuring IIS
Determine which Isolation mode your IIS server is.
View the different processes currently running
Creating Application Pools
Recycling Processes
Prerequisites
Knowledge of IIS
Lab Setup
A computer running Windows Server 2003 Enterprise configured as a Domain Controller.
-
7/31/2019 Windows Server 2003 Expert Workshop
66/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 1
Goal
The goal of this exercise is to install and configure IIS for the rest of the exercises.
Tasks Detailed Steps
This Exercise can be performed by all Students
1. View or change the
Application Isolation Mode
using IIS Manager
a. Click StartMange Your Server
b. On Mange Your ServerAdd or Remove a Role
c. On the Configure Server Wizard Page click Next.
d. On the Server Role Page click Application Server (IIS,ASP.Net) and click Next.
e. In the Application Server Option Page leave as default and
click Next
f. On the summary page click Next
g. This starts the installation and configuration of IIS.
h. Once completed click Finish
i. On the Manage your Server page click Manage this
Application Server
j. Browse around the interface to familiarize yourself with the
interface.
-
7/31/2019 Windows Server 2003 Expert Workshop
67/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 2
Goal
The goal of this exercise is to establish in which isolation mode your current IIS server is running in.
Tasks Detailed Steps
This Exercise can be performed by all Students
1. View or change the
Application Isolation Mode
using IIS Manager
a. Open the IIS snap-in (Click Start, click Programs, click
Administrative Tools, and then click Internet Information
Services)
b. Right click on the Web Sites folder and choose Properties
c. Click on the Service tab
d. View the status of the checkbox labeled Isolation Mode
e. If the box is unchecked, you are running in worker process
isolation mode
f. If the box is checked, you are running in IIS5 Isolation Mode
g. Verify that the check box is unchecked uncheck if
necessary
(You will be required to run in worker process isolation mode forthe remainder of these exercises)
h. Click Apply
i. You will now be prompted to restart the Web services; click
Yes to restart IIS. After IIS restarts, click OK to close the
Web Sites properties sheet. Verify the Application Pools
folder is present.
-
7/31/2019 Windows Server 2003 Expert Workshop
68/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 3
Goal
In this exercise, you will use a VBScript to view process information.
Tasks Detailed Steps
This Exercise can be performed by all Students
1. Execute the listw3wp.vbs to
view process information
a. From the command prompt, change directory to the path
containing the script file listw3wp.vbs. It should be C:\IIS
b. Execute the command: listw3wp.vbs
c. If there are no worker processes running, you should see a
message indicating there are no running w3wp.exe
instances
d. To view worker processes using the script, navigate to any
local URL using Internet Explorer, such as http://localhost
(disregard the page that is returned)
e. Re-run listw3wp.vbs and you should see the Process ID (PID)
and the Application Pool name of the running worker process.
Note: You must be running your server in worker process
isolation mode for this exercise to work, and for listw3wp to returninformation. If your configuration is running in IIS5 isolation
mode, or you are unsure of the mode, revisit the first exercise on
isolation modes.
-
7/31/2019 Windows Server 2003 Expert Workshop
69/102
Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop
Hands-on Lab Exercises
Exercise 4
Goal
In