Lab Setup
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V™ Manager, click 6425C-NYC-SVR-D, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Log on by using the following credentials:
• User name: Administrator
• Password: Pa$$w0rd
Exercise 1: Perform Post-Installation Configuration Tasks
Task 1: Configure the time zone.
1. In the Initial Configuration Tasks window, click the Set time zone link.
2. Click Change time zone.
3. From the Time zone drop-down list, select the time zone that is appropriate for your location, and then click OK.
4. Click OK.
Task 2: Change the IP configuration.
1. In the Initial Configuration Tasks window, click the Configure networking link. The Network Connections window appears.
2. Right-click Local Area Connection, and then click Properties.
The Local Area Connection Properties dialog box appears.
3. Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties.
The Internet Protocol Version 4 (TCP/IPv4) Properties dialog box opens.
4. Click Use the following IP address. Enter the following configuration:
• IP address: 10.0.0.11
• Subnet mask: 255.255.255.0
• Default gateway: 10.0.0.1
• Preferred DNS server: 10.0.0.11 5. Click OK, and then click Close.
6. Close the Network Connections window.
M C T U SE O N LY . S TU D EN T U SE P R O H IB IT ED
L1-2 Lab: Install an AD DS Domain Controller to Create a Single Domain Forest
Task 3: Rename the server to HQDC01.
1. In the Initial Configuration Tasks window, click the Provide computer name and domain link.
The System Properties dialog box appears.
2. Click Change. The Computer Name/Domain Changes dialog box opens.
3. In the Computer name box, type HQDC01, and then click OK.
You are prompted with the following message:
You must restart your computer to apply these changes.
4. Click OK.
5. Click Close. You are prompted with the following message:
You must restart your computer to apply these changes.
6. Click Restart Later. If you accidentally click Restart Now, wait for the server to restart, and then log on as Administrator with the password Pa$$w0rd.
Task 4: Restart the server.
1. In the Initial Configuration Tasks window, review the Add roles and Add features links.
In the next exercise, you will use Server Manager to add roles and features to HQDC01. These links help you perform the same tasks.
2. By default, the Initial Configuration Tasks window appears each time you log on to the server. To prevent the window from appearing, select the Do not show this window at logon check box. Note that if you need to open the Initial Configuration Tasks window in the future, run the Oobe.exe command.
3. Click the Close button. The Server Manager window appears. It enables you to configure and administer the roles and features of a server running Windows Server 2008. You will use Server Manager in the next exercise.
4. In the Server Manager window next to Console cannot refresh until computer is restarted, click the Restart link. Now, you are prompted with the following message:
Do you want to restart now?
5. Click Yes. The computer restarts.
Results: In this exercise, you configured a server named HQDC01 in the correct time zone, and with the IP configuration specified in Task 4.
M C T U SE O N LY . S TU D EN T U SE P R O H IB IT ED
Lab: Install an AD DS Domain Controller to Create a Single Domain Forest L1-3
Exercise 2: Install a New Windows Server 2008 R2 Forest with the Windows Interface
Task 1: Add the Active Directory Domain Services role to HQDC01.
1. Log on to HQDC01 as Administrator with the password Pa$$w0rd.
The Windows desktop appears and then the Server Manager window appears.
2. If the Server Manager window does not appear, click the Server Manager link on the Quick Launch button on the Quick Launch bar.
3. In the Roles Summary section of the Server Manager home page, click Add Roles. The Add Roles Wizard appears.
4. On the Before You Begin page, click Next.
5. On the Select Server Roles page, select the Active Directory Domain Services check box.
6. When prompted to add features required for Active Directory Domain Services, click Add Required Features, and then click Next.
7. On the Active Directory Domain Services page, click Next.
8. On the Confirm Installation Selections page, click Install. The Installation Progress page reports the status of installation tasks.
9. After the installation is complete, click Close.
Note In the Roles Summary section of the Server Manager home page, you’ll notice an error message indicated by a red circle with a white x. If you click this error message, the Active Directory Domain Services Roles page displays a warning that reminds you that it is necessary to run dcpromo.exe.
Task 2: Configure a new Windows Server 2008 R2 forest named contoso.com with HQDC01 as the first domain controller.
1. In the Server Manager window, expand the Roles node in the tree pane, and then click Active Directory Domain Services.
2. Click the Run the Active Directory Domain Services Installation Wizard (dcpromo.exe) link. The Active Directory Domain Services Installation Wizard appears.
3. On the Welcome page, click Next.
4. On the Operating System Compatibility page, review the warning about the default security settings for Windows Server 2008 domain controllers, and then click Next.
5. On the Choose a Deployment Configuration page, click Create a new domain in a new forest, and then click Next.
6. On the Name the Forest Root Domain page, under FQDN of the forest root domain, type contoso.com, and then click Next. The system checks to ensure that the DNS and NetBIOS names are not already in use on the network.
7. On the Set Forest Functional Level page, click Windows Server 2008, and then click Next.
M C T U SE O N LY . S TU D EN T U SE P R O H IB IT ED
L1-4 Lab: Install an AD DS Domain Controller to Create a Single Domain Forest
Each of the functional levels is described in the Details box. Choosing the Windows Server 2008 forest functional level ensures that all domains in the forest operate at the Windows Server 2008 domain functional level, which enables several new features provided by Windows Server 2008. In a production environment, you would choose the Windows Server 2008 R2 forest functional level if you require the features of the Windows Server 2008 R2 functional level and if you do not add any domain controllers running operating systems prior to Windows Server 2008 R2.
8. On the Set Domain Functional Level page, click Windows Server 2008, and then click Next. The Additional Domain Controller Options page appears.
Notice that the DNS Server is selected by default. The Active Directory Domain Services Installation Wizard will create a DNS infrastructure during the AD DS installation.
The first domain controller in a forest must be a global catalog server and cannot be a read-only domain controller (RODC), so these options are not configurable. Click Next. A warning message about delegation for DNS server appears. Read the text and click Yes. In the context of this exercise, you can ignore this error. Delegations of DNS domains will be discussed later in this course.
9. On the Location for Database, Log Files, and SYSVOL page, accept the default locations for the database file, the directory service log files, and the SYSVOL files, and then click Next.
Note The best practice in a production environment is to store these files on three separate volumes that do not contain applications or other files not related to AD DS. This best-practice design improves performance and increases the efficiency of backup and restore.
10. On the Directory Services Restore Mode Administrator Password page, type Pa$$w0rd in both Password and Confirm Password boxes, and then click Next.
Important In a production environment, you should use a strong password for the Directory Services Restore Mode Administrator Password. Do not forget the password you assign to the Directory Services Restore Mode Administrator.
11. On the Summary page, review your selections. If any settings are incorrect, click Back to make modifications.
12. Click Next. Configuration of AD DS begins. After several minutes of configuration, the Completing the Active Directory Domain Services Installation Wizard page appears.
13. Click Finish.
14. Click Restart Now.
The computer restarts.
Task 3: Examine the default configuration of the contoso.com forest and domain.
(Optional)
1. Log on to HQDC01 as Contoso\Administrator with the password Pa$$w0rd.
2. The Windows desktop appears, and then, the Server Manager window appears.
3. Expand the Roles node in the tree pane, and expand the Active Directory Domain Services node.
4. Expand Active Directory Users and Computers and the contoso.com domain node.
M C T U SE O N LY . S TU D EN T U SE P R O H IB IT ED
Lab: Install an AD DS Domain Controller to Create a Single Domain Forest L1-5
5. Click the Users container in the tree. The users and groups you see are available to any computer in the domain. For example, the domain's Administrator account can be used to log on to any computer in the domain, by default, and the Domain Users group is a member of the local Users group on each computer in the domain.
6. Click the Builtin container in the tree. The groups you see are shared by and available to domain controllers, but not to member servers or workstations. For example, members of the Backup Operators group can perform backup and restore tasks on domain controllers only, and the
Administrators group in the Builtin container represents the administrators of all domain controllers.
7. Click the Computers container in the tree. Notice that it is empty. This is the default container for member servers and workstations.
8. Click the Domain Controllers organizational unit (OU) in the tree. This is the OU into which domain controllers are placed. The computer object for HQDC01 appears in this OU.
Results: In this exercise, you configured a single-domain forest named contoso.com with a single domain controller named HQDC01.
M C T U SE O N LY . S TU D EN T U SE P R O H IB IT ED
L1-6 Lab: Install an AD DS Domain Controller to Create a Single Domain Forest
Exercise 3: Raise Domain and Forest Functional Levels
Task 1: Raise the domain functional level to Windows Server 2008 R2.
1. Log on to HQDC01 as Contoso\Administrator with the password Pa$$w0rd.
2. Open the Active Directory Domains and Trusts console from the Administrative Tools menu.
3. In the console tree, right-click contoso.com, and then click Raise Domain Functional Level.
4. In the Select an available domain functional level list, ensure that Windows Server 2008 R2 is selected, and then click Raise. A message appears to remind you that the action might not be possible to reverse.
5. Click OK to confirm your change. A message appears informing you that the functional level was raised successfully.
6. Click OK.
Task 2: Raise the forest functional level to Windows Server 2008 R2.
1. In the console tree, right-click Active Directory Domains and Trusts, and then click Raise Forest Functional Level. The Raise Forest Functional Level dialog box appears.
2. Ensure that the current forest functional level is Windows Server 2008.
3. In the Select an available forest functional level list, click Windows Server 2008 R2.
4. Click Raise. A message appears to remind you that the action cannot be reversed.
5. Click OK to confirm your change. A message appears informing you that the functional level was raised successfully.
6. Click OK.
Results: In this exercise, you raised the domain and forest functional levels to Windows Server 2008 R2.
Task 3: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. Right-click 6425C-NYC-SVR-D in the Virtual Machines list, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
M C T U SE O N LY . S TU D EN T U SE P R O H IB IT ED
Lab A: Administering Active Directory by Using Administrative Tools L2-1