Managing Active Directory and Sysvol Replication: This Lab Contains The Following Exercises and Activities
Managing Active Directory and Sysvol Replication: This Lab Contains The Following Exercises and Activities
Managing Active Directory and Sysvol Replication: This Lab Contains The Following Exercises and Activities
LAB 17
MANAGING ACTIVE
DIRECTORY AND
SYSVOL REPLICATION
Table 17-1
Computers required for Lab 17
Computer Operating System Computer Name
Server (VM 1) Windows Server 2012 R2 RWDC01
Server (VM 4) Windows Server 2012 R2 Storage01
In addition to the computers, you will also require the software listed in Table 17-2 to
complete Lab 17.
Table 17-2
Software required for Lab 17
Software Location
Lab 17 student worksheet Lab17_worksheet.docx (provided by instructor)
Use REPADMIN
4. On the Remove server roles, deselect Active Directory Domain Services. When
a message displays, indicating that you have to remove features, click Remove
Features.
5. In the Validation Results dialog box, click Demote this domain controller.
6. On the Credentials page, click to select Force the removal of this domain
controller.
7. Take a screen shot of the Active Directory Sites and Services console by pressing
Alt+Prt Scr and then paste it into your Lab 17 worksheet file in the page
provided by pressing Ctrl+V.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services
8. Click Next.
9. On the Warnings page, click to select the Proceed with removal and then click
Next.
10. On the New Administrator Password page, type Pa$$w0rd in the Password text
box and the Confirm password text box. Click Next.
11. On the Review options page, click Demote. Windows will reboot when done.
End of exercise.
2. On Storage01, right-click the Network Status icon on the task bar and choose
Open Network and Sharing Center.
6. In the Internet Protocol Version 4 TCP/IPv4) Properties dialog box, change the
Preferred DNS server to 192.168.1.50.
12. In Server Manager, click the yellow triangle with the black exclamation point (!)
and then click Promote this server to a domain controller.
13. In the Active Directory Domain Services Configuration wizard, Add a domain
controller to an existing domain is already selected. In the Domain text box, type
contoso.com.
14. Click Change. In the Windows Security dialog box, type the following and then
click OK:
Password: Pa$$w0rd
16. On the Domain Controller Options page, Corporate is already selected for the site
name. Type Pa$$w0rd in the Password text box and the Confirm password text
box and then click Next.
21. On the Prerequisite Check page, when the check is finished, click Install.
End of exercise.
2. In Server Manager, click Tools > Active Directory Sites and Services.
3. In the Active Directory Sites and Services window, expand Sites, expand
Corporate, and then expand Servers.
5. Right-click Storage01 in the right pane and choose Replicate Now. In the dialog
box, click OK. If RWDC01 is not available, go on to the next step. If RWDC01
is available, skip to Step 7.
6. Right-click NTDS Settings under Storage01 and choose New Active Directory
Domain Services Connection.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services
7. In the Find Active Directory Domain Controllers dialog box, click RWDC01 and
then click OK. If a message indicates that there is already a connection and
prompts you to confirm that you want to create another connection, click Yes.
9. Take a screen shot of Active Directory Sites and Services window by pressing
Alt+Prt Scr and then paste it into your Lab 17 worksheet file in the page
provided by pressing Ctrl+V.
End of exercise. Close any open windows before you begin the next exercise.
Mindset What tools can you use to control Active Directory replication?
Completion time 10 minutes
REPADMIN.EXE /ReplSummary
REPADMIN.EXE /Queue
End of exercise. Close any open windows before you begin the next exercise.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services
1. On RWDC01, using Server Manager, click Tools > Active Directory Users and
Computers.
3. In the New Object – Computer dialog box, in the Computer name text box, type
Computer01. Click OK.
5. In the New Object – User dialog box, type the following and then click Next.
6. In the in the Password text box and the Confirm password text box, type
Pa$$w0rd.
8. Click Next.
11. In the Active Directory Domain Services Installation Wizard, click Next.
13. On the Specify Computer Name page, in the Computer name text box, type
RODC01 and then click Next.
14. On the Select a site page, click Corporate and then click Next.
15. On the Additional Domain Controller Options page, verify that DNS Server and
Global catalog are selected and then click Next.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services
16. On the Delegation of RODC Installation and Administration page, click Next.
17. In the Summary window, review the selections and then click Next.
18. On the Completing the Active Directory Domain Services Installation Wizard
window, click Finish.
19. In the Active Directory Users and Computers console, click the Domain
Controllers OU.
Question
What is the status of the RODC01, as indicated by the icon?
2
20. Within the Domain Controllers OU, double-click the first RODC01.
21. From the RODC01 Properties window, click the Password Replication Policy
tab, as shown in Figure 17-1.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services
Figure 17-1
Viewing the current Password Replication Policy
Question
Which group is allowed password replication?
3
23. In the Allowed RODC Password Replication Group Properties dialog box, click
the Members tab.
25. In the Select Users, Contacts Computers, Service Accounts window, click
Object Types. Click to select Computers and then click OK.
26. In the Enter the object names to select text box, type user01;computer01 and
then click OK.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services
28. In the RODC01 Properties dialog box, click the Advanced button.
29. In the Advanced Password Replication Policy for RODC01 dialog box (as shown
in Figure 17-2), click the Prepopulate Passwords button.
Figure 17-2
Selecting images to use
30. In the Select Users or Computers account text box, type user01;computer01 and
then click OK.
31. When you are prompted to confirm that you want to send the current passwords
for these accounts to this read-only domain controller now, click Yes.
Question
Why did it fail?
4
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services
33. Click Close to close the Advanced Password Replication Policy for RODC01.
36. When you are prompted to confirm that you want to delete the account, click
Yes.
37. In the Deleting Domain Controller dialog box, deselect Export this list of
accounts that were cached on this Read-Only Domain Controllers to this file
and then click Delete.
39. When you are prompted to confirm that you want to continue with the deletion,
click Yes.
End of exercise. Close any open windows before you begin the next exercise.
Completion 10 minutes
time
1. In Exercise 17.3, what tool is used to replicate between two domain controllers?
3. In Exercise 17.4, what tool is used to check the status of Active Directory
replication?
Lab
Challenge Upgrading SYSVOL Replication to DFSR
Overview To complete this challenge, you will describe how to implement
thin provisioning by writing the steps for the following scenario.
End of lab. You can log off or start a different lab. If you want to restart this lab,
you’ll need to click the End Lab button in order for the lab to be reset.