Managing Active Directory and Sysvol Replication: This Lab Contains The Following Exercises and Activities

Download as docx, pdf, or txt
Download as docx, pdf, or txt
You are on page 1of 13

MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

LAB 17
MANAGING ACTIVE
DIRECTORY AND
SYSVOL REPLICATION

THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES:

Exercise 17.1 Demoting a Domain Controller

Exercise 17.2 Promoting a Domain Controller

Exercise 17.3 Replicating with Active Directory Sites and Services

Exercise 17.4 Using REPADMIN

Exercise 17.5 Configuring Password Replication Policies for an RODC

Challenge Upgrading SYSVOL Replication to DFSR

BEFORE YOU BEGIN

The lab environment consists of student workstations connected to a local area


network, along with a server that functions as the domain controller for a domain
called contoso.com. The computers required for this lab are listed in Table 17-1.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

Table 17-1
Computers required for Lab 17
Computer Operating System Computer Name
Server (VM 1) Windows Server 2012 R2 RWDC01
Server (VM 4) Windows Server 2012 R2 Storage01

In addition to the computers, you will also require the software listed in Table 17-2 to
complete Lab 17.

Table 17-2
Software required for Lab 17
Software Location
Lab 17 student worksheet Lab17_worksheet.docx (provided by instructor)

Working with Lab Worksheets


Each lab in this manual requires that you answer questions, shoot screen shots, and
perform other activities that you will document in a worksheet named for the lab, such
as Lab17_worksheet.docx. You will find these worksheets on the book companion
site. It is recommended that you use a USB flash drive to store your worksheets, so
you can submit them to your instructor for review. As you perform the exercises in
each lab, open the appropriate worksheet file, fill in the required information, and save
the file to your flash drive.

After completing this lab, you will be able to:

 Demote and promote a domain controller

 Monitor and manage Active Directory replication

 Use REPADMIN

 Configure password replication policies for an RODC

 Upgrade SYSVOL replication to DFSR

Estimated lab time: 115 minutes


MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

Exercise 17.1 Demoting a Domain Controller


Overview In this exercise, you will remove the adatum.com domain so that
you can use Storage01 as a second domain controller for the
contoso.com domain.
Mindset You are in the middle of removing a domain controller from the
domain. However, the domain controller completely failed
before you had a chance to remove the domain controller. What
can you do to remove the domain controller from the domain?
Completion time 15 minutes

1. Log in to Storage01 as adatum\administrator with the password of Pa$$w0rd.


In Server Manager, click Manage > Remove Roles and Features.

2. In the Remove Roles and Features Wizard, click Next.

3. On the Select destination server page, click Next.

4. On the Remove server roles, deselect Active Directory Domain Services. When
a message displays, indicating that you have to remove features, click Remove
Features.

5. In the Validation Results dialog box, click Demote this domain controller.

6. On the Credentials page, click to select Force the removal of this domain
controller.

7. Take a screen shot of the Active Directory Sites and Services console by pressing
Alt+Prt Scr and then paste it into your Lab 17 worksheet file in the page
provided by pressing Ctrl+V.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

8. Click Next.

9. On the Warnings page, click to select the Proceed with removal and then click
Next.

10. On the New Administrator Password page, type Pa$$w0rd in the Password text
box and the Confirm password text box. Click Next.

11. On the Review options page, click Demote. Windows will reboot when done.

End of exercise.

Exercise 17.2 Promoting a Domain Controller


Overview In this exercise, you will promote Storage01 as a second domain
controller for contoso.com.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

Mindset You need to promote a member server to a domain controller.


What are the requirements to promote the server to a domain
controller of an existing domain?
Completion time 20 minutes

1. Log in to Storage01 as the local Administrator with the password of Pa$$w0rd.

2. On Storage01, right-click the Network Status icon on the task bar and choose
Open Network and Sharing Center.

3. In the Open Network and Sharing Center, click Ethernet.

4. In the Ethernet Status dialog box, click Properties.

5. Double-click Internet Protocol Version 4 (TCP/IPv4).

6. In the Internet Protocol Version 4 TCP/IPv4) Properties dialog box, change the
Preferred DNS server to 192.168.1.50.

7. Take a screen shot of the Internet Protocol Version 4 (TCP/IPv4) Properties


dialog box by pressing Alt+Prt Scr and then paste it into your Lab 17 worksheet
file in the page provided by pressing Ctrl+V.

8. Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties dialog


box.

9. Click OK to close the Ethernet Properties dialog box.

10. Click Close to close the Ethernet Status dialog box.

11. Close the Network and Sharing Center window.

12. In Server Manager, click the yellow triangle with the black exclamation point (!)
and then click Promote this server to a domain controller.

13. In the Active Directory Domain Services Configuration wizard, Add a domain
controller to an existing domain is already selected. In the Domain text box, type
contoso.com.

14. Click Change. In the Windows Security dialog box, type the following and then
click OK:

User name: contoso\administrator

Password: Pa$$w0rd

15. Back on the Deployment Configuration page, click Next.


MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

16. On the Domain Controller Options page, Corporate is already selected for the site
name. Type Pa$$w0rd in the Password text box and the Confirm password text
box and then click Next.

17. On the DNS Options page, click Next.

18. On the Additional Options page, click Next.

19. On the Paths page, click Next.

20. On the Review Options page, click Next.

21. On the Prerequisite Check page, when the check is finished, click Install.

22. After a couple of minutes, Windows will reboot.

End of exercise.

Replicating with Active Directory Sites and


Exercise 17.3 Services
Overview In this exercise, you will replicate Active Directory between two
domain controllers using the Active Directory Sites and Services
console.
Mindset What is used to determine how Active Directory is replicated
between domain controllers?
Completion time 10 minutes

1. Log in to RWDC01 as contoso\administrator with the password of Pa$$w0rd.

2. In Server Manager, click Tools > Active Directory Sites and Services.

3. In the Active Directory Sites and Services window, expand Sites, expand
Corporate, and then expand Servers.

4. Expand RWDC01 and then click NTDS Settings.

Question What replication connection is already made for Storage01


1 and how is the connection generated?

5. Right-click Storage01 in the right pane and choose Replicate Now. In the dialog
box, click OK. If RWDC01 is not available, go on to the next step. If RWDC01
is available, skip to Step 7.

6. Right-click NTDS Settings under Storage01 and choose New Active Directory
Domain Services Connection.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

7. In the Find Active Directory Domain Controllers dialog box, click RWDC01 and
then click OK. If a message indicates that there is already a connection and
prompts you to confirm that you want to create another connection, click Yes.

8. On the New Object – Connection dialog box, click OK.

9. Take a screen shot of Active Directory Sites and Services window by pressing
Alt+Prt Scr and then paste it into your Lab 17 worksheet file in the page
provided by pressing Ctrl+V.

10. Close the Active Directory Sites and Services window.

End of exercise. Close any open windows before you begin the next exercise.

Exercise 17.4 Using REPADMIN


Overview In this exercise, you will use REPADMIN to monitor Active
Directory replication.

Mindset What tools can you use to control Active Directory replication?
Completion time 10 minutes

1. On RWDC01, right-click the Start button and choose Command Prompt


(Administrator).

2. In the Administrator: Command Prompt window, execute the following


command:

REPADMIN /SyncAll /APed

3. Look for errors and then press Enter.

4. To see a replication summary, execute the following command:

REPADMIN.EXE /ReplSummary

5. To display the current inbound connections, execute the following command:

REPADMIN.EXE /Queue

6. Close the Command Prompt window.

End of exercise. Close any open windows before you begin the next exercise.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

Configuring Password Replication Policies for


Exercise 17.5 RODCs
Overview In this exercise, you will configure the password replication
policies for read-only domain controllers (RODCs).

Mindset Why should you configure a password replication policy for


RODCs?
Completion time 30 minutes

1. On RWDC01, using Server Manager, click Tools > Active Directory Users and
Computers.

2. In the Active Directory Users and Computers window, right-click the


Computers container and choose New > Computer.

3. In the New Object – Computer dialog box, in the Computer name text box, type
Computer01. Click OK.

4. Right-click the Users container and choose New > User.

5. In the New Object – User dialog box, type the following and then click Next.

First Name: User01

User logon name: User01

6. In the in the Password text box and the Confirm password text box, type
Pa$$w0rd.

7. Click to select Password never expires.

8. Click Next.

9. When the wizard is complete, click Finish.

10. Right-click on the Domain Controllers OU and choose Pre-create Read-only


Domain Controller Account.

11. In the Active Directory Domain Services Installation Wizard, click Next.

12. On the Network Credentials page, click Next.

13. On the Specify Computer Name page, in the Computer name text box, type
RODC01 and then click Next.

14. On the Select a site page, click Corporate and then click Next.

15. On the Additional Domain Controller Options page, verify that DNS Server and
Global catalog are selected and then click Next.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

16. On the Delegation of RODC Installation and Administration page, click Next.

17. In the Summary window, review the selections and then click Next.

18. On the Completing the Active Directory Domain Services Installation Wizard
window, click Finish.

19. In the Active Directory Users and Computers console, click the Domain
Controllers OU.

Question
What is the status of the RODC01, as indicated by the icon?
2

20. Within the Domain Controllers OU, double-click the first RODC01.

21. From the RODC01 Properties window, click the Password Replication Policy
tab, as shown in Figure 17-1.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

Figure 17-1
Viewing the current Password Replication Policy

Question
Which group is allowed password replication?
3

22. Double-click Allowed RODC Password Replication Group.

23. In the Allowed RODC Password Replication Group Properties dialog box, click
the Members tab.

24. On the Members tab, click Add.

25. In the Select Users, Contacts Computers, Service Accounts window, click
Object Types. Click to select Computers and then click OK.

26. In the Enter the object names to select text box, type user01;computer01 and
then click OK.
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

27. Click OK to close the Allowed RODC Password Replication Group.

28. In the RODC01 Properties dialog box, click the Advanced button.

29. In the Advanced Password Replication Policy for RODC01 dialog box (as shown
in Figure 17-2), click the Prepopulate Passwords button.

Figure 17-2
Selecting images to use

30. In the Select Users or Computers account text box, type user01;computer01 and
then click OK.

31. When you are prompted to confirm that you want to send the current passwords
for these accounts to this read-only domain controller now, click Yes.

Question
Why did it fail?
4
MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

32. Click OK to close the error.

33. Click Close to close the Advanced Password Replication Policy for RODC01.

34. Click OK to close the RODC01 Properties dialog box.

35. Right-click on the first RODC01 and choose Delete.

36. When you are prompted to confirm that you want to delete the account, click
Yes.

37. In the Deleting Domain Controller dialog box, deselect Export this list of
accounts that were cached on this Read-Only Domain Controllers to this file
and then click Delete.

38. In the Delete Domain Controller dialog, click OK.

39. When you are prompted to confirm that you want to continue with the deletion,
click Yes.

40. Close the Active Directory Users and Computers console.

End of exercise. Close any open windows before you begin the next exercise.

LAB REVIEW QUESTIONS

Completion 10 minutes
time

1. In Exercise 17.3, what tool is used to replicate between two domain controllers?

2. In Exercise 17.4, what tool is used to force Active Directory replication?

3. In Exercise 17.4, what tool is used to check the status of Active Directory
replication?

4. In Exercise 17.5, how are Password Replication Properties configured?


MOAC 70-412: Configuring Advanced Windows Server 2012 R2 Services

Lab
Challenge Upgrading SYSVOL Replication to DFSR
Overview To complete this challenge, you will describe how to implement
thin provisioning by writing the steps for the following scenario.

Mindset A year ago, you upgraded a domain controller from Windows


Server 2003 to Windows Server 2008 and then to Window Server
2008 R2. Last week, you upgraded the domain controller to
Windows Server 2012 R2. The server is still using File Replication
Services (FRS) for the SYSVOL folder. How would you upgrade
SYSVOL to use Distributed File System Replication (DFSR)?
Completion time 10 minutes

Write out the steps you performed to complete the challenge.

End of lab. You can log off or start a different lab. If you want to restart this lab,
you’ll need to click the End Lab button in order for the lab to be reset.

You might also like