Lab For Module 2
Lab For Module 2
Scenario
Your manager has asked you to install a new domain controller in the datacenter to improve sign-in
performance and to create a new domain controller for a branch office by using IFM.
Objectives
After performing this lab, you should be able to:
• Install a domain controller.
• Install a domain controller by using IFM.
Lab Setup
Estimated Time: 50 minutes
Password Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click 20410D-LON-DC1, and then in the Actions pane, click Start.
In the Actions pane, click Connect.
3.
Wait until the virtual machine starts.
Sign in by using the following credentials:
o User name: Administrator
4.
o Password: Pa$$w0rd
o Domain: Adatum
5. Repeat steps 2 through 4 for 20410D-LON-SVR1, 20410D-LON-RTR, and 20410D-LON-SVR2.
Exercise 1: Installing a Domain Controller
Scenario
Users are experiencing slow sign-ins in London during peak use times. The server team has determined
that the domain controllers are overwhelmed when many users authenticate simultaneously. To improve
sign-in performance, you will add a new domain controller in the London data center.
The main tasks for this exercise are as follows:
1. Add an Active Directory Domain Services (AD DS) role to a member server.
2. Configure a server as a domain controller.
3. Configure a server as a global catalog server.
Task 1: Add an Active Directory Domain Services (AD DS) role to a member server
1. On LON-DC1, in Server Manager, add LON-SVR1 to the server list.
Add the Active Directory Domain Services server role to LON-SVR1. Add all required features as
2. prompted.
Installation will take several minutes.
3. When the installation completes, click Close to close the Add Roles and Features Wizard.
Task 2: Configure a server as a domain controller
On LON-DC1, use Server Manager to promote LON-SVR1 to a domain controller, and choose the
following options:
o Add a domain controller to the existing Adatum.com domain
•
o Use the credentials Adatum\Administrator with the password Pa$$w0rd
For Domain Controller Options, install the Domain Name System, but remove the selection to install
o
the global catalog
o The DSRM password is Pa$$w0rd
o For all other options, use the default options
Task 3: Configure a server as a global catalog server
1. Sign in to LON-SVR1 as Adatum\Administrator with the password Pa$$w0rd.
2. Use Active Directory Sites and Services to make LON-SVR1 a global catalog server.
Results: After completing this exercise, you will have explored Server Manager and promoted a
member server to be a domain controller.
Exercise 2: Installing a Domain Controller by Using IFM
Scenario
Your manager has assigned you to manage one of the new branch offices that are being configured. A
faster network connection will be installed in a few weeks. Until then, network connectivity will be very
slow.
The branch office requires a domain controller to support local sign-ins. To avoid problems with the slow
network connection, you will use IFM to install the domain controller in the branch office.
The main tasks for this exercise are as follows:
1. Use the ntdsutil tool to generate IFM.
2. Add the AD DS role to the member server.
3. Use IFM to configure a member server as a new domain controller.
Task 1: Use the ntdsutil tool to generate IFM
On LON-DC1, open an administrative command-line interface, and then use ntdsutil to create an IFM
backup of both the AD DS database and the SYSVOL folder. The commands to create the backup
are as follows:
1. Ntdsutil
Activate instance ntds
Ifm
Create sysvol full c:\ifm
2. Wait for the IFM command to complete, and then close the command prompt.
Task 2: Add the AD DS role to the member server
1. Switch to LON-SVR2, and sign in as Adatum\Administrator with the password Pa$$w0rd.
2. Open a command prompt, and then map the drive letter K: to \\LON-DC1\C$\IFM.
3. Use Server Manager to install the AD DS server role on LON-SVR2.
Task 3: Use IFM to configure a member server as a new domain controller
LON-SVR2, at the command prompt, copy the IFM backup from K: to C:\ifm.
LON-SVR2, use Server Manager with the following options to perform the post-deployment configuration of
D DS:
Add a domain controller to the existing Adatum.com domain
Use Adatum\Administrator with the password Pa$$w0rd for credentials
Use Pa$$w0rd for the DSRM password
Use the IFM media to configure and install AD DS. Use the location C:\IFM for the IFM media
Accept all other defaults
start LON-SVR2 to complete the AD DS installation.
Results: After completing this exercise, you will have installed an additional domain controller for the
branch office by using IFM.
Lab Review Questions
Question: Why did you use Server Manager and not dcpromo when you promoted a server to be a
domain controller?
Question: What are the three operations masters found in each domain?
Question: What are the two operations masters that are present in a forest?
Question: What is the benefit of performing an IFM install of a domain controller?
Prepare for the next module
When you have completed the lab, revert the virtual machines to their initial state. To do this, complete
the following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20410D-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20410D-LON-SVR1, 20410D-LON-RTR, and 20410D-LON-SVR2.
Module Review and Takeaways
Review Questions
Question: What are the two main purposes of OUs?
Question: Why would you need to deploy an additional tree in the AD DS forest?
Question: Which deployment method would you use if you had to install an additional domain controller
in a remote location that had a limited WAN connection?
Question: If you needed to promote a Server Core installation of Windows Server 2012 to be a domain
controller, which tool or tools could you use?
Question: If you wish to run a Domain Controller in the cloud, which service should you consider using,
Windows Azure AD or Windows Azure IaaS virtual machines?