Scenario
During the AD DS forest design process at A. Datum Corporation, the design team members decided that they will need to maintain a separate forest for the Treyresearch.net domain to fulfill the research
department’s isolation requirements. However, consideration is now being given as to how best to integrate the Contoso, Ltd organization into the A. Datum network infrastructure. Currently, Contoso has not deployed AD DS.
Objectives
After completing this lab, you will be able to: • Design an AD DS domain infrastructure. • Implement an AD DS domain infrastructure.
Lab Setup
Estimated Time: 60 minutes
Virtual machines 20413A-LON-DC1 20413A-TREY-DC1 20413A-CON-SVR User name Adatum\Administrator
TreyResearch\Administrator .\administrator
Password Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager. 2. In Hyper-V® Manager, click 20413A-LON-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts. 4. Log on using the following credentials:
o User name: Administrator o Password: Pa$$w0rd o Domain: Adatum
5. In Hyper-V® Manager, click 20413A-TREY-DC1, and in the Actions pane, click Start. 6. In the Actions pane, click Connect. Wait until the virtual machine starts.
MCT USE ONL
Y. STUDENT USE PROHIBITED
5-38 Designing and Implementing an Active Directory Domain Services Forest and Domain Infrastructure
7. Log on using the following credentials: o User name: Administrator
o Password: Pa$$w0rd o Domain: TreyResearch
8. In Hyper-V® Manager, click 20413A-CON-SVR, and in the Actions pane, click Start. 9. In the Actions pane, click Connect. Wait until the virtual machine starts.
10. Log on using the following credentials: o User name: Administrator
o Password: Pa$$w0rd
Exercise 1: Designing an AD DS Domain Infrastructure
Scenario
Contoso, Ltd is based solely in Europe with its head offices in Paris, and is a former partner of A. Datum Corporation. The primary goal in purchasing Contoso is to integrate the companies’ two product lines. You must consider the scenario and decide how best to deploy AD DS to Contoso, and how to integrate Contoso into the A. Datum organizational structure.
Contoso AD DS Integration Strategy Document Reference Number: BS00915/1
Document Author Date Brad Sutton 15th Sep Requirements Overview
To design an AD DS domain infrastructure to support the following objectives:
• The sales, marketing, and production groups in the two companies will be working together very closely, and they must be able to share information easily.
• The users in both the adatum.com domain and the Contoso organization must be able to access some information in the adatum.com forest. In addition, they must access user mailboxes on Exchange servers that will be deployed in London, and files on file share server, LON-SVR1, which is located in London. The users should not be required to log on with multiple accounts to access the files.
• Some users in the Contoso organization require access to resources in the Trey Research
organization. Your plan must facilitate this. The solution must not compromise the security of the treyresearch.net forest.
Additional Information
• A. Datum also is planning to hire a large number of additional staff in Paris. These new employees will be working in the sales, marketing, and distribution departments in Paris.
• Contoso has no AD DS administrators, although the company’s staff is being trained.
• The Paris office is connected to London by one 6 Megabits per second (Mbps) link that is used for all communication and data sharing. The network team at A. Datum is concerned about
MCT USE ONL
Y. STUDENT USE PROHIBITED
Designing and Implementing a Server Infrastructure 5-39
Contoso AD DS Integration Strategy
• A. Datum also has implemented a Voice over Internet Protocol (VoIP) and conferencing solution based on Microsoft Lync® Server 2010, and is planning to expand that deployment to include its London servers. The network team wants to ensure that the new AD DS deployment uses as little bandwidth as possible for AD DS–specific traffic.
Proposals
1. Should you create a separate forest to accommodate the Contoso organization? 2. What domain name will you use for Contoso?
3. Which is the forest root domain?
4. Is it a good idea to deploy additional domain controllers from the adatum.com domain in Paris? Why or why not?
5. How do you plan to address the requirement that users in Contoso need to access resources in the Trey Research organization?
The main tasks for this exercise are as follows: 1. Read the supporting documentation.
2. Update the proposal document with your planned course of action. 3. Examine the suggested proposals in the Lab Answer Key.
4. Discuss your proposed solution with the class, as guided by your instructor. Task 1: Read the supporting documentation
• Read the documentation provided.
Task 2: Update the proposal document with your planned course of action
• Answer the questions in the proposals section of the Contoso AD DS Integration Strategy document. Task 3: Examine the suggested proposals in the Lab Answer Key
• Compare your proposals with the ones in the Lab Answer Key.
Task 4: Discuss your proposed solution with the class, as guided by your instructor • Be prepared to discuss your proposals with the class.
Results: After completing this exercise, you will have successfully designed a domain infrastructure strategy for the integration of Contoso into the A. Datum organization.
Exercise 2: Implementing an AD DS Domain Infrastructure
Scenario
The management team at A. Datum Corporation has approved your Contoso integration strategy. You must now deploy a domain controller in Contoso, and add the contoso.com domain as a new domain in an existing forest.
MCT USE ONL
Y. STUDENT USE PROHIBITED
5-40 Designing and Implementing an Active Directory Domain Services Forest and Domain Infrastructure
The main tasks for this exercise are as follows:
1. Verify that the prerequisites for adding a new domain are satisfied.
2. Add CON-SVR as a domain controller in a new domain in an existing forest. Task 1: Verify that the prerequisites for adding a new domain are satisfied
1. Switch to CON-SVR, and if necessary, sign in as administrator with a password of Pa$$w0rd. This computer is a standalone server running Windows Server 2012.
2. From Server Manager, add the DNS and Active Directory Domain Services roles by using default settings.
Task 2: Add CON-SVR as a domain controller in a new domain in an existing forest
1. In Server Manager, in AD DS, run the Promote this server to a domain controller option: 2. In the Active Directory Domain Services Configuration Wizard, on the Deployment Configuration
page, click Add a new domain to an existing forest. 3. Specify the following settings:
o Domain type: Tree Domain o Forest name: adatum.com o New domain name: contoso.com o User name: Adatum\Administrator o Password: Pa$$w0rd
o Recovery password: Pa$$w0rd
4. Your computer will restart. When prompted, sign in as Contoso\Administrator with the password Pa$$w0rd.
Results: After completing this exercise, you will have successfully implemented a part of the domain infrastructure strategy that you devised.
Task: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, perform the following steps:
1. On the host computer, start Hyper-V® Manager.
2. In the Virtual Machines list, right-click 20413A-LON-DC1, and then click Revert. 3. In the Revert Virtual Machine dialog box, click Revert.
MCT USE ONL
Y. STUDENT USE PROHIBITED
Designing and Implementing a Server Infrastructure 5-41
Module Review and Takeaways
Review Question(s)
Question: What is the purpose of the resource forest model?
Question: What forest functional level must you set in AD DS to be able to establish a forest trust?
Question: Your organization has a Windows Server 2008 R2 forest environment, but it has just acquired another organization with a Microsoft Windows® 2000 operating system forest environment that contains a single domain. Users in both organizations must be able to access resources in each other’s’ forests. What type of trust should you create between the forest root domains of each forest?
Question: If you want to integrate multiple internal namespaces, which technologies would you use?
Question: A user from Contoso attempts to access a shared folder in the Tailspin Toys domain and receives an Access Denied error. A trust relationship between these two domains exists. What must you do to provide the user with access?