Microsoft Windows Server 2003 Expert Workshop

®

Hands-on Lab Exercises

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

Table of Contents
TABLE OF CONTENTS......................................................................................................................... 2 CLASSROOM LAYOUT......................................................................................................................... 4 COMPUTER NAMES AND IP ADDRESSES ........................................................................................ 5 LAB 01 – INSTALL & CONFIGURING DNS SERVER ......................................................................... 6 LAB 02 INSTALLING ACTIVE DIRECTORY ...................................................................................... 13 LAB 03 – INSTALLING ADDITIONAL DOMAIN CONTROLLERS IN EACH DOMAIN .................... 18 LAB 04 – ELEVATE DOMAIN FUNCTIONAL LEVEL TO WINDOWS 2000 NATIVE MODE ........... 24 LAB 05 – TESTING THE AFFECTS OF REPLICATING CHANGES TO MULTI-VALUED ATTRIBUTES ....................................................................................................................................... 27 LAB 06 – ELEVATE FOREST FUNCTIONALITY TO WINDOWS SERVER 2003 AND TEST MULTIVALUE REPLICATION ........................................................................................................................ 30 LAB 07 – CREATE MULTIPLE SITES ................................................................................................ 33 LAB 08 – TEST GLOBAL CATALOG FAILURE ................................................................................ 36 LAB 09 – ENABLE AND TEST UNIVERSAL GROUP CACHING ..................................................... 39 LAB 10 – RESET DIRECTORY SERVICES RESTORE MODE PASSWORD (OPTIONAL)............. 42 LAB 11 – CREATE AN INETORGPERSON OBJECT (OPTIONAL).................................................. 44 LAB 12 – MARK A SCHEMA OBJECT AS DEFUNCT (OPTIONAL) ................................................ 46 LAB 13 – CREATE AN APPLICATION PARTITION .......................................................................... 49 LAB 14 – RENAMING OF DOMAIN CONTROLLERS ....................................................................... 53 LAB 15 – RENAMING DOMAIN NETBIOS NAME (TO BE PERFORMED ON THE LAST DAY AS AN OPTIONAL LAB) ........................................................................................................................... 56 LAB 16 – SETUP AND TEST CROSS FOREST TRUSTS ................................................................. 59 LAB 17 – IIS APPLICATION POOLS.................................................................................................. 65 LAB 18 – TERMINAL SERVICES (OPTIONAL) ................................................................................. 73 LAB 19 – REMOTE ASSISTANT (OPTIONAL) .................................................................................. 76 LAB 20 – CREATE SOFTWARE RESTRICTION POLICY (OPTIONAL)........................................... 80 LAB 21 – RESULT SET OF POLICY (RSOP) TOOLS (OPTIONAL) ................................................. 82

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

LAB 22 – RESTORE DEFAULT GPO’S (OPTIONAL) ....................................................................... 84 LAB 23 - USING VOLUME SHADOW COPY SERVICE TO RECOVER FILES ................................ 86 LAB 24 – EFS ...................................................................................................................................... 90 LAB 25 – COMMAND LINE TOOLS (OPTIONAL) ........................................................................... 100 APPENDIX A...................................................................................................................................... 102

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

CLASSROOM LAYOUT

Instructor

W2K3.Net

Forest W2K3

Server01 Server02

Server03 Server04

Server05

Server06

Server07

Server08

DomainA

DomainB

DomainC

DomainD

Forest A

Forest B

Server09

Server10

Server11

Server12

Server13

Server14

Server15

Server16

DomainE

DomainF

DomainG

DomainH

Forest E

Forest G

All labs that are not optional must be done. This is to ensure that all labs at the end will function correctly. Optional labs are at the discretion of the instructor.

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

Computer Names and IP Addresses
Student Number 01 Computer Name Server01 IP Address 10.1.1.1 Subnet Mask 255.255.0.0 DNS Address 10.1.1.1 DomainA.com DomainA.com Forest 02 Server02 10.1.1.2 255.255.0.0 10.1.1.1 DomainA.com DomainA.com Forest 03 Server03 10.1.2.3 255.255.0.0 10.1.2.3 DomainB.com DomainA.com Forest 04 Server04 10.1.2.4 255.255.0.0 10.1.2.3 DomainB.com DomainA.com Forest 05 Server05 10.1.1.5 255.255.0.0 10.1.1.5 DomainC.com DomainC.com Forest 06 Server06 10.1.1.6 255.255.0.0 10.1.1.5 DomainC.com DomainC.com Forest 07 Server07 10.1.2.7 255.255.0.0 10.1.2.7 DomainD.com DomainC.com Forest 08 Server08 10.1.2.8 255.255.0.0 10.1.2.7 DomainD.com DomainC.com Forest 09 Server09 10.1.1.9 255.255.0.0 10.1.1.9 DomainE.com DomainE.com Forest 10 Server10 10.1.1.10 255.255.0.0 10.1.1.9 DomainE.com DomainE.com Forest 11 Server11 10.1.2.11 255.255.0.0 10.1.2.11 DomainF.com DomainE.com Forest 12 Server12 10.1.2.12 255.255.0.0 10.1.2.11 DomainF.com DomainE.com Forest 13 Server13 10.1.1.13 255.255.0.0 10.1.1.13 DomainG.com DomainG.com Forest 14 Server14 10.1.1.14 255.255.0.0 10.1.1.13 DomainG.com DomainG.com Forest 15 Server15 10.1.2.15 255.255.0.0 10.1.2.15 DomainH.com DomainG.com Forest 16 Server16 10.1.2.16 255.255.0.0 10.1.2.15 DomainH.com DomainG.com Forest Domain Forest

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

Lab 01 – Install & Configuring DNS Server

NOTE: This lab must be done before continuing with the rest of the labs.

Prerequisites
• Must be familiar with DNS concepts and operations

Objectives
• • • • Install DNS Server services Create Forward and Reverse Lookup Zones Create and configure Conditional Forwarding Test DNS by using nslookup command

Lab Setup
• • • A computer running Windows Server 2003 Enterprise Server that is configured as a standalone server. Static IP Address and subnet mask. DNS domain name. Refer to the table on page 5 for this information.

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

Detailed Steps a. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Server7. enter the zone name for example domainname. g. On the Summary of Selections page. select DNS Server and click Next. click Next. c. create a forward lookup zone now (recommended). e. click Next. Log on as Administrator with a password of password. On the Zone Name page. This screen allows you to add roles to your server and to manage your server roles. Create a Standard Primary Forward Lookup Zone for your domain. Server11. Leave defaults on Zone File page. On the Forward Lookup Zone page. review the summary and click Next. On the Server Role page. Tasks 1. NOTE: Select Only Primary Zone on the first server in each domain. f. select Create forward and reverse lookup zones (recommended for large networks) and click Next. c. f. b. Server9. Server13 and Server15. On the Welcome to the Configure a DNS Server Wizard page. Start the Windows Components wizard and install the DNS subcomponent of the Networking Services. Server5. a. (Insert Windows Server 2003 CD when required) 2. click Next. DNS will start to install. Copy the required files from the Windows Server 2003 Advanced Server compact disc. select Allow both nonsecure and secure dynamic updates. On the Preliminary Steps page. d.com and click Next. On the Zone Type page. click Next. On the Select Configuration Action page. Under Adding Roles to Your Server. d. By default a screen called Manage Your Server will open. select Yes. e.Installing the Primary DNS Server Service Goal In this exercise. select Primary Zone. NOTE: The installation of DNS services will only take place on the following servers: Server1. click Next. On the Dynamic Update page. b. Server3. click Add or remove a Role.Exercise 1 . you will configure the DNS domain name of your computer and install DNS. click Next.

1. On the This Server is Now a DNS Server page. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . 3. On the Forwarders page. Once completed open the DNS server. On the Reverse Lookup Zone page. It will start searching for Root Hints. select Allow both secure and non-secure dynamic updates. In the Primary DNS Suffix of this computer enter your DNS domain suffix. create a reverse lookup zone now. right click the server name and then select properties.1. E. Click OK to close all windows and then click Yes to restart the computer. a. Enter the Primary DNS Suffix under the My Computer properties a. select Yes. click Next. 1.com d. select Primary Zone. 4.g. select Yes. This message states that it could not configure the Root Hints. it should forward queries to DNS servers with the following IP addresses 2. c. click Next. For example 10. NOTE: The Primary Zone selection must only be used on the first server in each domain.3. DomainX. On the Completing the Configure a DNS Server Wizard.1 d. b. enter the Network ID for your zone. e. On the Reverse Lookup Zone Name page. click Finish. Click Computer Name à Change à More c.200. click Next. 4. click Next. Create a Standard Primary Reverse Lookup Zone for your Network ID. Under ServerX properties select root hints. click Finish. Enter the instructors’ server IP address in: 10. Ensure that the root hints is available.1. NOTE: If an error message appears click OK. Click Start à Right Click My Computer à Properties b. On the Dynamic Update page. and click Next. On the Zone Type page. 5. On the Zone File page leave as default. Create Forwarders to the instructors’ server.

domaina.domainname. Under IP Address. In the Server fully qualified Domain Name (FQDN). then expand reverse lookup zones d. i. Right-click your Domain name à Properties à Name Servers d. server02.x. Expand your server and then expand forward lookup zone c.x l. enter your partner’s IP Address. Start à Run à CMD At the command prompt. Open the DNS console b. and then OK. If the pointer record does not exist create a pointer record by right-clicking the subnet à New Pointer Record g. h. type NSLOOKUP You will receive the following: Default: computername.g. Add your partner’s computer and IP Address to the Name Servers Exit NSLOOKUP by typing exit at the command prompt. Click on your subnet e. click Add. Open the command prompt. f. type your partner’s computer name.1. k. 7. Ensure that a pointer record exist for your computer. Expand your Server. NOTE: DNS servers/services can still be installed using the Add/Remove Windows Components under Add/Remove Programs menu. Under Name Servers. Close all other windows. E. g. j. click Add e.6. Click à Start à Administrative Tools à DNS c. Click OK to close the Properties window. Ensure computer can resolve both forward and reverse lookups by means of NSLOOKUP a. Under the New Resource Record enter the IP address of the Host computer and enter the Host name under Host Name.com f. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Once completed click OK and close all windows. a. Logon as Administrator with the password of password b.com Address: 10.

enter the IP Address of your partners DNS server. click Next. On the Master DNS Servers page. review the summary and click Next. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . This screen allows you to add roles to your server and to manage your server roles. Server14 and Server16. Thus no secondary reverse lookup zone needs to be created. Server8. On the Select Configuration Action page. d. c.Exercise 2 – Installing the Secondary DNS Server Services Goal During this exercise you will install and configure your Server as a secondary DNS server. Log on as Administrator with a password of password. On the Zone Name page. Server4. Create a Secondary Forward Lookup Zone for your domain. On the Preliminary Steps page. select Create forward and reverse lookup zones (recommended for large networks) and click Next. e. click Add and then click Next. create a forward lookup zone now (recommended). On the Welcome to the Configure a DNS Server Wizard page. Detailed Steps a. By default a screen called Manage Your Server will open. Server6. NOTE: The installation of DNS services will only take place on the following servers: Server2. f. b. Server10. enter the Zone Name: and click Next. On the Server Role page. Only a secondary forward lookup zone will be created. click Add or remove a Role. click Next. c. f. b. On the Forward Lookup Zone page. d. click Next. DNS will start to install. On the Summary of Selections page. Under Adding Roles to Your Server. The reverse lookup zone will be kept on the primary DNS Server. Server12. select Yes. click Next. On the Zone Type page. click to select Secondary zone. Copy the required files from the Windows Server 2003 Advanced Server compact disc. Tasks 1. a. e. Start the Windows Components wizard and install the DNS subcomponent of the Networking Services. (Insert Windows Server 2003 CD when required) 2. select DNS Server and click Next.

Once completed open the DNS server. It will start searching for Root Hints. h. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . If not ask him/her to create a pointer record. j. click Finish.200. This message states that it could not configure the Root Hints.1.com d.g. click Finish. select Yes. E. 3. it should forward queries to DNS servers with the following IP addresses i. Enter the instructor’s server IP address: 10. Click Start à Right Click My Computer à Properties b. don’t create a reverse lookup zone now. k. On the Completing the Configure a DNS Server Wizard. In the Primary DNS Suffix of this computer enter your DNS domain suffix. Under ServerX properties select root hints. DomainX. Ensure that the root hints is available. Click OK to close all windows and then click Yes to restart the computer. Click Computer Name à Change à More c. On the Forwarders page. On the Reverse Lookup Zone page. NOTE: If an error message appears click OK. Enter the Primary DNS Suffix under the My Computer properties On the This Server is Now a DNS Server page. and click Next. right click the server name and then select properties. click No. Ask your partner to check to see if your pointer record has registered.1.g. a. click Next.

e. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . • Perform for each forest and domain in class.Configure Conditional Forwarding in DNS Goal Students in each domain will be working as a team when setting up and configuring conditional forwarding between multiple DNS servers.Exercise 3 . Open the DNS console. right-click your computer name à Properties and select Forwarders. Open command prompt and type NSLOOKUP b. Setup conditional forwarding between partner forests DNS zones • Use NSLOOKUP to verify resolution to partner’s forest. Use NSLOOKUP to see if you can resolve queries in your partner’s domain. g. Under Selected domain’s forwarder IP Address list: enter the DNS server IP address of your partner’s domain and click Add. c. your partners FQDN in and press ENTER. Tasks 1. Perform this for all domains in the classroom. d. f. Under DNS domain: click New and type in the domain name of all partner domains in the classroom. At the prompt type. Perform the following tasks • • Test name resolution using NSLOOKUP. Detailed Steps a.

A forward lookup zone is required that matches your domain name. you can still promote a server to become a domain controller using the DCPROMO command. Refer to the table on page 5 for this information. you will be able to install Active Directory by using the Manage Your Server Wizard. The forward lookup zone should have been created in exercise 1 of lab 01. A domain name is required. Drive C formatted with NTFS Static IP Address and subnet mask. However. NOTE: The Manage Your Server is used to familiarise yourself with the new Wizards and tasks that can be performed. Prerequisites • • Understand the logical components of Active Directory Understand the purpose and function of Domain Controllers Lab Setup • • • • • A computer running Windows Server 2003 Enterprise Server that is configured as a standalone server. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Lab 02 Installing Active Directory NOTE: This lab is depended on lab 01. Objectives After completing this lab.

This will only be done on one computer in each domain.Com Forest NOTE: These servers are the primary servers for each domain which will be containing all the FSMO roles and the global catalog service. click Next. A new domain tree. c. select the default Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . h. On the Manage Your Server page. The rest of the servers will be promoted during a different lab exercise. click Add or remove a role. click Next. In the Create New Domain page. f. j. d. Tasks 1. you will create a Windows 2003 domain by installing Active Directory. click Next.Com Forest DomainE. click Next. b. A new forest of domain trees Server1 Server5 Server9 Server13 Detailed Steps The following steps need to be performed on only these servers: Server Name Forest Name DomainA. click Next. On the Operating System Compatibility page. g. Log on as Administrator with a password of password. enter your domain name in and then click Next. review the information then click Next. Start the Active Directory Installation Wizard to create: • • • A new domain controller for a new domain. On the Preliminary Steps page. select Domain in a new forest. On the Domain Controller Type page. On the Welcome to the Active Directory Installation Wizard page. i. k.Exercise 1 – Installing Active Directory Goal In this exercise. In the NetBIOS Domain Name page. On the New Domain Name page. select Domain Controller (Active Directory). e. a.Com Forest DomainG.Com Forest DomainC. click Next. On the Summary of Selections page. select Domain Controller for a new domain. On the Server Role page.

leave as default and click Next. They will not contain the Global Catalog service at this point. On the Permissions page. On the Database and Log Folders page. q. Review the summary and click Next. Start the Active Directory Installation Wizard to create: • • A new domain controller for a new domain. click Next. m. click Next. e. On the Shared System Volume page. d. f. review the information then click Next. 2. click Next. c. Log on as Administrator and a password of password. Review the DNS Registration Diagnostics and click Next. A new domain tree in an existing forest. click Next. select the default settings and click Next. h. On the Preliminary Steps page. enter the Restore Mode Password: password and Confirm password: password. select Domain controller Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Server3 Server7 Server11 Server115 Once completed Restart the Server. On the Summary of Selections page. n.Com Forest DomainG. select Domain Controller (Active Directory). a. r. g. On the Manage Your Server page. l. select the default settings and click Next.Com Forest DomainE.Com Forest NOTE: These servers are the domain controllers for the second domains within each forest. click Add or remove a role. On the Domain Controller Type.Com Forest DomainC. On the Server Role page. On the Directory Services Restore Mode Administrator Password page. Logon as Administrator and Click Finish. p. The following steps need to be performed on only these servers: Server Name Forest Name DomainA. b. On the Welcome to the Active Directory Installation Wizard page. On the Operating System Compatibility page.Domain NetBIOS name. click Next. s. o.

j. o. On the Database and Log Folders page. enter the DNS name for the new domain. • • • k. click Next. select the default settings and click Next. l. On the Shared System Volume page. click Next. In the NetBIOS Domain Name page. On the Permissions page. For example Username = Administrator Password = password Domain = DomainA On the New Domain Tree page. i. s. Review the summary and click Next. select Domain tree in an existing forest. On the Create New Domain page. enter the administrator name and password. click Next. select the default settings and click Next. select the default Domain NetBIOS name. p. n. enter the Restore Mode Password: password and Confirm password: password. Review the DNS Registration Diagnostics and click Next. click Next. m. Enter the first domain name under Domain.for a new domain. click Next. q. Once completed Restart the Server Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . r. On the Network Credentials page. On the Directory Services Restore Mode Administrator Password page.

From the run command type the following command: gpupdate Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . click Add User or Group and add the Everyone group. Click OK and close the Group Policy Object Editor window and the Domain Controller Properties window. Select Group Policy under Domain Controller Properties. Close Mange Users and Computers in Active Directory. b. f. h. select Manage users and computers in Active Directory. k. This only needs to be done from one Domain Controller. g. Double click Allow log on locally. Under the Group Policy Object Editor page navigate to Computer Configuration à Windows Settings à Security Settings à Local Policies à User Rights Assignment. Log on as Administrator with a password of password. j. In the left pane. c. Under the Allow log on locally window. Allow everyone the rights to logon locally onto the domain controllers and update the policy. d. On the Manage Your Server page. e. Select the Default Domain Controller Policy and Click Edit. a.3. i. right click Domain Controllers and select Properties.

Lab 03 – Installing additional domain controllers in each domain NOTE: This lab is depended on lab 02. Objectives After completing this lab. Prerequisites • • • • Understanding of how to use replica from media Understanding of how to promote a server using the replica media Knowledge on performing a back ups Active Directory should have been configured in exercise 1 lab 02 Lab Setup • • • • • • A computer running Windows Server 2003 Enterprise Server that is configured as a standalone server Drive C formatted with NTFS Static IP Address and subnet mask Connectivity to your partners’ computer Sufficient disk space to keep a backup Access to the Support Tools Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . you will be able to promote a member server to become a second Domain Controller by using backup media.

b. click Next. click Next. expand My Computer on the left pane and select System State. Select the backup type: File Choose a place to save your backup: Browse to C:\Backup Type a name for this backup: AD Backup Click Next and then click Finish. The backup process will start. On the What to Back Up page. Tasks 1. deselect Always start in wizard mode. Once created. i. On the Backup Type. Start à All Programs à Accessories à System Tools à Backup e.Exercise 1 . f. click Next. select Back up files and settings.bkf file to you computer. click Next. share this folder as backup d. Open Windows Explorer.Backup Current Domain Controllers Goal During this exercise your partner will backup his/her domain controller. h. On the Items to Back Up page. Open Backup. type or select the following: • • • j. Backup the current system Detailed Steps This part of the lab only needs to be performed on the student’s state of the domain controller. k. c. On the Welcome to the Backup or Restore Wizard page. On the C:\ drive create a folder called backup. On the Backup or Restore page. select Let me choose what to back up. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Once the backup process has completed you will then copy the AD Backup. g. a. computer that contains Active Directory. Destination and Name page.

a. On the C:\ drive. On the C:\ drive. Open Windows Explorer. d.2. Connect to your partner’s computer and copy the AD Backup.bkf file to the Restore directory on your computer. create a folder called Restore. create a folder called Temp c. Create Restore folder Create Temp folder These steps only need to be performed on the student’s computers who are member servers. The following tasks needs to be performed: • • • Copy back up file to your computer. b. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

Click OK. Tasks 1. k.Bkf then select System State tick box. accept the defaults and click Next.Bkf. g.Exercise 2 – Promoting Member Servers to Domain Controllers using the Replicate from Media method Goal In this exercise the servers without Active Directory will be promoted by means of using the replicate from media method to become an Active Directory Domain Controller. e. On the What to Restore page. d. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . In the Alternative Location: Type or Browse to c:\temp. Open Backup. On the How to Restore page. a. Detailed Steps These steps only need to be performed from the member server computers. click Browse and browse to the path c:\restore\Ad Backup. select Restore files and settings. In the Items to restore pane expand File. Click Next. click Next. select Restore files to: Alternative location. Promote the server to a Domain Controller using the restored data On the Completing the Restore Wizard page. On the Advanced Restore Options page. Start à All Programs à Accessories à System Tools à Backup b. j. h. click Finish. click Next. 2. click Advanced. i. c. On the Welcome to the Active Directory Installation Wizard page. deselect Always start in wizard mode. a. click Next. On the Where to Restore page. click Next. select Leave existing files (Recommended). f. On the Completing the Restore Wizard page. From the Run command type DCPROMO /ADV b. expand AD Backup. On the Backup or Restore page. On the Welcome to the Backup or Restore Wizard page. Restore System state data to temp directory. click Next.

click Next.Wizard page. d. On the Network Credentials page. On the Shared System Volume page. type password and then click Next. enter the administrator’s username and password and confirm the domain name is correct. click OK. j. On the Directory Services Restore Mode Administrator Password page. On the Operating System Compatibility page. k. select the From these restored backup files and then Browse to C:\temp. On the Domain Controller Type page. accept the default locations by clicking Next. On the Database and Log Folders page. in the Password and Confirm password boxes. accept the default locations by clicking Next. On the Summary page. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . i. e. select Additional Domain Controller for an existing domain. select No. then Next. click Next. click Next. h. click Finish and then restart your computer. c. l. click Next. click Next. review the options you selected. g. On the Global Catalog page. When the Completing the Active Directory Installation Wizard page appears. and then click Next. This Domain Controller must NOT become a Global NOTE: Catalog server at this point in time. f. On the Copying Domain Information page.

Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . h. On the End User License Agreement page. On the Destination Directory page. Double click the Tools folder. accept the default locations and click Install Now. On the User Information page. Install Windows 2003 Server Support Tools Detailed Steps a. select I Agree then click Next. click Finish. On the Welcome to the Windows Support Tools Setup Wizard page. Tasks 1. c. i. Select the CD-Rom drive and then double click the Support folder.msi e. g. The Windows 2003 Advanced server support tools and utilities needs to be installed for later exercises. d. Open Windows Explorer b. Double click suptool. f.Exercise 3 – Install Support Tools Goal This exercise needs to be performed on all the servers. click Next. On the Completing the Windows Support Tools Setup Wizard page. select default values and click Next.

you will not be able to go back and correct your mistake! This lab is depended on lab 02. you will be able to determine in which mode the domain is in and raise the Domain functionality. Prerequisites • • Knowledge about the different Active Directory versioning Knowledge about the different Active Directory functionality levels Lab Setup To complete this lab. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Lab 04 – Elevate Domain functional level to Windows 2000 Native Mode NOTE: Do not rush through this lab exercise. If you do. you require a computer running Windows Server 2003 that is configured as a Domain Controller. Objectives After completing this lab.

j. f. 3. select ADSI Edit and click Add. Use ADSI Edit to verify that nTMixedDomain = 1 Detailed Steps This part of the exercise needs to be performed by all the students. Under Add Standalone Snap-in.DC=com (where X is your domain number) and select Properties. On the Add/Remove Snap-in page. Connection Settings window appears. then close once added. On the Console click File à Add/Remove Snap-in… c. l. Check to see if the value is set to 1. k. e.Exercise 1 Goal This exercise consists of the following steps: 1. Raising the domain functional level to enable additional functionality. a. Expand Domain. Click OK to close the Properties page. Save the console as ADSI Edit under Administrative Tools Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . click OK. h. i. This will be required for later exercises. From the Run Command type MMC then click OK. Tasks 1. Use ADSI Edit to determine the current domain mode. Use ADSI Edit to verify the change in the functional level. On ADSI Edit right click and select Connect to g. 2. b. accept default settings and click OK. Under Add/Remove Snap-in click Add d. Right click DC=DomainX. Scroll down the attributes until you find nTMixedDomain.

DC=com (where X is your domain number) and select Properties. Click OK to close the Properties page and Exit the console. Check to see if the value is set to 0. c. Use ADSI Edit to verify that nTMixedDomain = 0 a. Raise the Domain Functionality to Windows 2000 Native Only one student per domain needs to perform the following task. a. Scroll down the attributes until you find nTMixedDomain. Open Active Directory Users and Computers. 3. A Message appear stating that: This change affects the entire domain.com (where X is your domain letter) and select Raise Domain Functional Level… c. click OK.2. click OK. A second message appears stating that the Functional level was raised successfully. Right click DC=DomainX. All students need to perform the following section. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . b. Open ADSI Edit console that you saved. e. b. d. d. Right click DomainX. ensure that Windows 2000 Native is selected and then click Raise. On the Raise Domain Functional Level page. After you raise the domain functional level it cannot be reversed.

Lab 05 – Testing the affects of replicating changes to multi-valued attributes NOTE: This lab is depended on lab 02. Objectives After completing this lab. you will be able to test the affects of replicating changes to multi-valued attributes. Prerequisites • • • Be familiar with Active Directory Users and Computers Understand how replication works between domain controllers Active Directory should have been configured as in exercise 1 lab 02 Lab Setup To complete this lab. you require computers running Windows Server 2003 that is configured as a Domain Controllers. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Only one computer in each of the forests should be configured as a Global Catalog server.

click OK. f. Create the following in the User container: • Six user accounts: User1. Repeat Steps C – F until all six (6) users are created. User5. Double click the group called group1 and click the Members Tab. k. In the Group Name enter Group1 and leave the settings as default. Unplug the Network Cable form the machine that contains the Global Catalog. On the User container right click à New à Group h. click OK twice. i. j.Exercise 1 Goal In this exercise you will test the effects of replication changes between multi-valued attributes within an organization. On the User container right click à New à User c. g. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Then the server with the global catalog will be unplugged and you will then add two more users to the group from both the domain controllers. User3. click Next and then click Finish. Open Active Directory Users and Computers. On the New Object – User page. Click Add enter User1. Once completed you will plug the network cable back in and see which of these account successfully replicated across. User2 and the click Check Names. Each student needs to create three (3) user accounts and one user will need to create a global group. User4. Fill in the following details and then click Next • • • First name: User1 User logon name: User1 User logon name (pre-Windows 2000): User1 d. User6 • Global Group called Group1 Detailed Steps This part of the exercise can be performed by all students. Deselect User must change password at next logon. a. Enter a password called password and confirm the password e. Students will create several user accounts and add two of them to a group. Ensure that the users and group has replicated before continuing. User2. Expand the domain name b. Tasks 1.

2. Double click the group called group1 and click the Members Tab. b. Double click the group called group1 and click the Members Tab. Perform these steps on the second DC c. and click OK twice.exe /syncall /P What are the results on the group membership and why? Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Some icons may be shown. enter User4 and the click Check Names. From the Run command type the following syntax: repadmin. Perform the following • • Add User3 to Group1 on the first DC. Click Add. d. enter User3 and the click Check Names. Click OK. NOTE: A message appears stating that a Global Catalog cannot be located to retrieve the icons for the member list. Click Add. and click OK twice. Plug the Network Cable back in and force replication Perform the following task on any of the DC a. Add User4 to Group1 on the second DC. 3. Perform these steps on the first DC a.

Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . you will be able to: • • Elevate the forest functionality Test multi-value replication Prerequisites • • • Understand the different Forest functionalities Understand how replication works between domain controllers Domain functional level should been configured as in exercise 1 Lab 04 Lab Setup To complete this lab. you require computers running Windows Server 2003 that is configured as a Domain Controllers.Lab 06 – Elevate forest functionality to Windows Server 2003 and test multi-value replication NOTE: This lab is depended on lab 02 & lab 04 Objectives After completing this lab. Only one computer in each of the forests should be configured as a Global Catalog server.

Right click Active Directory Domains and Trusts and select Raise Forest Functional Level. b. On the Raise Forest Functional Level accept the default settings and click Raise. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .DC=com (where X is your domain number) and select Properties. Double click the group called group1 and click the Members Tab. 2. Decide between each other how will perform this task. Scroll down the attributes until you find mSDS-BehaviorVersion. c. Once this has been done you will again disconnect the network cable from the Global Catalog server and add an account to the group on both domain controllers. Perform the following • • Add User5 to Group1 on the first DC. However you will first elevate the forest functionality to . Raise the Forest Functionality to Windows. Right click DC=DomainX. Use ADSI Edit to verify that mSDS-Behavior-Version = 2 a.Net Detailed Steps Perform the following task on only one of the Domain Controllers. b. Check to see if the value is set to 2. 3. c. Two messages appear. Perform these steps on the second DC This task should be performed by all students. click OK twice. Click OK to close the Properties page and Exit the console Unplug the Network Cable form the server that contains the Global Catalog. Then plug the cable back in and replicate the information to see what effect the elevation of the forest functionality has. Tasks 1. b. Perform these steps on the first DCs a. a.Net and then test the effects of multi-valued replication. Open Active Directory Domains and Trusts. a.Exercise 1 Goaln This exercise is almost the same as in Lab 05. Open ADSI Edit console that you saved. Add User6 to Group1 on the second DC. read the messages and then click OK for each of them. Click Add enter User5 and the click Check Names. d.

click OK twice. Click Add enter User6 and the click Check Names. d.exe /syncall /P Review the group membership. From the Run command type the following syntax: repadmin. NOTE: A message appears stating that a Global Catalog cannot be located to retrieve the icons for the member list. Plug the Network Cable back in and force replication Perform the following task on any of the DC b. Click OK. Is there a difference – Why? Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .c. 4. Some icons may be shown. Double click the group called group1 and click the Members Tab.

Objectives • • Create a site and subnet Configure the properties of a site link Prerequisites • • Understanding of TCP/IP subnets Understanding of Sites and Site Links Lab Setup • • To complete this lab. User performing the tasks should have Enterprise Admin Rights Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Lab 07 – Create Multiple Sites NOTE: This lab is depended on lab 02. you require computers running Windows Server 2003 that is configured as a Domain Controllers.

In the New Object – Subnet dialog box. After completing the creation of the sites and subnet masks you will then move the appropriate servers into the correct sites.1. c.Exercise 1 Goal NOTE: Students should NOT modify their IP addresses at any stage during this lab!! In this exercise student will work in teams. Repeat steps A – D for Site2 3. In additional to this you will also create subnet masks and map these subnet masks to each of the sites that where created. Perform the following tasks on/in the Inter-Site Transport object: • Set the properties of Inter-Site Transport for the IP to Ignore Schedules. d. b.x. change the Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . a. type Site1 in and select DEFAULTIPSITELINK and click OK. Tasks 1.255. a. right click Sites and then click New Site. On the Properties page. In the Mask box. In Active Directory Sites and Service. e.0/24 (where x is 1 for forest root domain and x = 2 for second domains). select Ignore Schedule and click OK. Associate the subnet object with your site. In Active Directory Sites and Service. Right click IP and then click Properties.x. Review the message and click OK. • Change the DEFAULTIPSITELINK a. click Site1 and then click OK. In the Name box. Create two new sites with the name of Site1 and Site2 and link it to the DEFAULTSITELINK Detailed Steps Perform the following tasks on only one Domain Controller in each forest.0 d. c.255. In the IP object container right click DEFAULTIPSITELINK and click Properties. type 10.0 (where x is 1 for forest root domain and x = 2 for second domains). On the DEFAULTIPSITELINK Properties page. Under Site Name. Create a new subnet object with the network ID of 10. d. expand Inter-Site Transports. Open Active Directory Sites and Services from the Administrative Tools menu. type 255.1. where they will create several sites within the Active Directory Sites and Services. b. c. in the Address box. b. right click Subnets and then click New Subnet. e. Repeat steps B & C for Site2 2.

4. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . In the Move Server page. c. Move the server to the appropriate sites. value to 15 minutes and click OK. In Active Directory Site and Services. Replicate very. b.com (Where X is your server or domain number/letter). Repeat Steps B and C for all the domain controllers. Right click ServerX (where X is your server name in your domain) and then click Move.DEFAULTIPSITELINK replication value to 15 minutes. expand DefaultFirst-Site-Name then expand Servers. d. Run the following command on all servers: Repadmin /kcc serverX. a.domainX. click the Site to which your server needs to be moved and then click OK.

A single Global Catalog Server within each Forest Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Objectives After completing this lab. you require computers running Windows Server 2003 that is configured as a Domain Controllers.Lab 08 – Test Global Catalog Failure NOTE: This lab is depended on lab 02. you will be able to see and understand the importance of a Global Catalog server within an organization Prerequisites • • Knowledge about the role of a Global Catalog server Sites and Subnets should have been configured in exercise 1 Lab 07 Lab Setup • • To complete this lab.

exe /force a. Select the Default Domain Controller Policy and Click Edit e. Enter a password called password and confirm the password Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Expand the domain name c. You will logon as a client that does not have any administrative rights on the server to see the effects it has on a failed Global Catalog service or if no Global Catalog service is available. f. Open Active Directory Users and Computers. Ensure that the Everyone group is added. c. If not. h. On the New Object – User page. On the User container right click à New à User d. Tasks 1.Exercise 1 Goal All students that do not have a Global Catalog service on their domain controller will perform this exercise. d. Under the Group Policy Object Editor page navigate to Computer Configuration à Windows Settings à Security Settings à Local Policies à User Rights Assignment. 2. Double click Allow log on locally. g. b. Under the Allow log on locally window. b. i. Create user account in the 2 domain of the forest and force replication after the creation of the account. nd From the run command run: gpupdate. Select Group Policy on the Domain Controllers Properties page. Open Active Directory Users and Computers. add the Everyone group. Fill in the following details and then click Next • • • First name: Peter1 User logon name: Peter1 User logon name (pre-Windows 2000): Peter1 e. Expand your domain and right click Domain Controllers and select Properties. Check to see if everyone group has the rights to “Log on Locally” Detailed Steps Check to see if the Everyone group has the rights to “Log on Locally” a.

exe /syncall /P Log on with the newly created account on all GC servers. On the second domain in the forest. These servers are 1. 5. logon as the newly created user in that domain. This can take some time.as password. Unplug the Network Cable on the 1 DC/GC in the forest root domain. What was the result and Why? st Plug the Network Cable back in once the lab has been completed. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Deselect User must change password at next logon. The Global Catalog must not be available. f. 9 and 13. Force replication by running this syntax: repadmin. click Next and then click Finish. 3. Then logoff the account. g. Perform this task on all the servers that contains Global Catalogs.

Lab 09 – Enable and Test Universal Group Caching NOTE: This lab is depended on lab 02 & 07 Objectives After completing this lab. you will be able to configure and manage Universal Group Caching. you require computers running Windows Server 2003 that is configured as a Domain Controllers. A single Global Catalog Server within each Forest User performing the tasks should have Enterprise Admin Rights Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Prerequisites • • • Knowledge of Global Catalog servers Knowledge of Universal Group Caching Sites and Subnets should have been configured in exercise 1 Lab 07 Lab Setup • • • To complete this lab.

Exercise 1 Goal Only the students without a Global Catalog will be doing this exercise. logon with the user account that does not contain administrative right. a. From the Run command type the following syntax in: repadmin /syncall /P Logon to the DC in the second domain with account details that does not contain any admin rights. Select the Enable Universal Group Membership Caching check box. In Refresh Cache from. NOTE: Before you can do this exercise you require Enterprise Admin rights. b. d. expand Sites and then select the site in which you want to Enable Universal Group Membership Caching. Open Active Directory Sites and Services. Remember the Global Catalog must not be available. Use the Run As command when opening Active Directory Sites and Services. Logon as the Administrator of the root domain in your forest. From second domain in the forest. Tasks 1. In the second domain set the “NTDS Site Settings” to cache membership from the “Partner site” which is the first domain. you will enable universal group caching and test client logons once again to see the effects of universal group caching. Force Replication. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . click OK. In the Details pane on the right. Detailed Steps This should only be done from the second domain in each of the forests. Unplug the network cable from the back of the machine that hosts the Global Catalog. c. In this exercise. click Site1 from which this Site2 will refresh its cache from. right-click NTDS Site Settings and then click Properties. This will populate the cache. e.

What is the result and Why? Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

Lab 10 – Reset Directory Services Restore Mode password (Optional) Objectives After completing this lab. you will be able to reset the Directory Services Restore Mode password. Prerequisites • • Knowledge about the NTDSUTIL utility Active Directory should be configured as in exercise 1 Lab 02 Lab Setup • A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

type Reset Password on Server Null (Null is used the local server) and press ENTER. c. At the command prompt. At the Set DSRM Password prompt. Password. f. e. type NTDSUTIL and press ENTER. At the NTDSUTIL prompt type. type quit and press ENTER i. Open the Command Prompt window. g. d. Use the NTDSUTIL to rest the DSRM password to “password” Detailed Steps a. You must change the Directory Services Restore Mode Tasks 1. Close the command prompt window. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . type quit and press ENTER h. At the Please type password for DS Restore Mode Administrator Account: type password and press ENTER.Exercise 1 Goal All students will perform this exercise. At the Reset DSRM Administrator Password prompt. b. At the Please confirm new password: type password and press ENTER. set DSRM Password and press ENTER. At the NTDSUTIL prompt.

you will be able to create an InetOrgPerson. Prerequisites • • Knowledge of using Active Directory Users and Computers Active Directory should be configured in exercise 1 Lab 02 Lab Setup • A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Lab 11 – Create an InetOrgPerson Object (Optional) Objectives After completing this lab.

Exercise 1 Goal All students can perform this exercise. Expand your domain and right-click the Users container. Deselect User must change password at next logon. In the password field type password and confirm the password. Tasks 1. Detailed Steps a. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . In the New Object – InetOrgPerson windows. b. Open Active Directory Users and Computers. select New and then select InetOrgPerson. d. Here you will create an inetOrgPerson account within the Active Directory. Logoff as Administrator and logon as the newly created account. Create an inetOrgPerson account with a password of password. click Next. c. click Next and then Finish. type studentX (where X is your student number) in the First name and User Logon name boxes.

Ensure that the application called OIDGen is available in the directory. Objectives After completing this lab. Prerequisites • • Knowledge of schema objects Active Directory should be configured in exercise 1 Lab 02 Lab Setup • • • A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller Schema Administrator rights to be able to create new schema objects OIDGEN to create unique Object Identifiers Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Create a directory called OIDGen on your computer and share that directory as OIDGen. The application is available on the Windows 2000 Resource Kit. you will be able to create a schema object and mark the object as defunct.Lab 12 – Mark a Schema object as defunct (Optional) NOTE to Instructor (If not already done) .

b. Do not close the command prompt. You will also create a second attribute with the same settings as the first one to see the effects of an attribute that has already been created. In the Unique X500 Object ID: enter the Attribute Base OID number generated by the OIDGen application. b. • Remove “Attribute is active” of the newly created attribute. At the run command type the following command in: regsvr32 c:\windows\system32\schmmgmt. click Continue. h. Detailed Steps a. Perform the following tasks • • Register the Schema Management Snap-in. e. i. Create a custom MMC console and add the Active Directory Schema. Browse to the newly created Object. click Create Attribute. 3. Tasks 1. type StudentX (where X is your student name) into the following boxes.exe c. • Refresh to ensure attribute is no longer available. you will then make this object defunct. You will create an attribute within the Active Directory schema. right-click Attributes. g. From the command prompt. Perform the following task: • Create a new attribute called studentX (where X is your student number). Command Name and LDAP Display Name. d. Copy and Run OIDGen from your computer to generate an Object Identifier. Perform the following tasks • Use “Show defunct objects” in Schema a. Expand Active Directory Schema. run OIDGen. On the Create New Attribute page. f. Once you have created this attribute in the Active Directory. Refresh to verify that the attribute is not visible in Schema Management. Under the Syntax select Integer and click OK. click View and then Defunct Objects. 2.Exercise 1 Goal This exercise needs to be preformed by all students. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . On the Warning message. a. Click Yes to accept the Warning Message and click OK.dll and then press ENTER. In the Schema Management Console. c. right-click Properties and deselect Attribute is Active. Connect to you instructors computer and copy the OIDGen file to the temp directory on your local computer. d.

Browse to the object and see that the Status of the object is.Management or use ADSI Edit to locate the Attribute. right-click ADSI Edit and select Connect To. b. Create a new Attribute with the same settings as the defunct attribute. Browse for the attribute that you created. Ensure the value of isDefunct is set to TRUE. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . d. f. On the Connection Settings page. select Schema under the dropdown list of Select a well known Naming Context. click OK and close ADSI Edit. right-click Properties. Does this work? Note: While you can reuse the OID and LDAP name you cannot reuse the common name. c. e. and click OK. Open the ADSI Edit console.

Prerequisites • • • • Knowledge of application partitions Knowledge of the NTDSUTIL utility DNS should be configured as in exercise 1 Lab 01 Active Directory should be configured as in exercise 1 Lab 02 Lab Setup • • • Computers running Windows Server 2003 Enterprise Server that is configured as a Domain Controller A computer running DNS Server Network connectivity between computers within the same forest Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . you will be able to create application partitions and replicate these partitions to different domain controllers within you domain or forest.Lab 13 – Create an application partition Objectives After completing this lab.

yourDomainName.dc=com serverx. At the Domain Management prompt type. e.dc=com Null. j.dc=your domain name.dc=domainX. type NTDSUTIL and press ENTER. quit and press ENTER. list and press ENTER. c. Tasks 1. At the NTDSUTIL prompt type. At the Domain Management prompt type.dc=domainX.domainx. g.dc=your domain name. create nc dc=APPTESTX (where X is your student number). Perform the following tasks: • On each DC use NTDSUTIL to create an Application Partition called ApptestX (where X is you student number) • Add a replica of the application partition to your partners Domain Controller.Exercise 1 Goal All students can perform this exercise. press ENTER. Open the command prompt window. At the Server connections prompt. At the Domain Management prompt type. Detailed Steps a. type Connect to server [your server name]. and press ENTER. Example: Add nc replica dc=APPTESTX. list and press ENTER.com and press ENTER. connections and press ENTER. At the Domain Management prompt type. h.dc=com null i.com k. Domain Management and press ENTER. b. Example: connect to server server1 At the Server connections prompt type. Example: create nc dc=applicationpartition. Here you will create an application partition and then replicate this partition to all domain controllers with the Active Directory domain/forest. At the Domain Management prompt type. At the command prompt. At the Domain Management prompt type. d. list nc replicas Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .dc=com server2. f. This will show you all the Directory Partitions for the forest. Add nc replica dc =APPTESTX.

where x is your student number) and click Next. At the command prompt run à repadmin /kcc /serverx. m. Open the ADSI Edit Console that you created earlier. On the Dynamic Update page. 2. Net stop DNS and then Net Start DNS. (ApptestX. g. Open DNS console and expand your server name. Right-click ADSI Edit. At the Domain Management prompt type. select Connect to… c. b. Force replication between the DC/DNS servers using the repadmin /syncall /P command. a. Under Select a well known Naming Context select Configuration. At the NTDSUTIL prompt type. n. j. click Finish. On the Zone Name page.domainx. Perform the following tasks: • Create a new DNS zone and store the information into the application partition. On the Active Directory Zone Replication Scope page. e.dc=com and press ENTER. select To all domain controllers specified in the scope of the following application directory. and press OK. • • Force Replication Verify that all zones are updated on both DC/DNS servers c. click Next. i.dc=APPTESTX. type Nwtraders. On the Forward Lookup Zones. k. On the Connection Settings page. a. Use ADSI Edit to view properties of the Application partition. On the Welcome to the New Zone Wizard page. click Next.dc=domainX. select Allow only secure dynamic updates (recommended for Active Directory). quit and press ENTER. l. select Primary Zone. right-click and select New Zone. On the Completing the New Zone Wizard page. h. Open the command prompt b.com and click Next. m. On the Zone Type page. f. quit and press ENTER. Select the Application partition that you created.com Also stop and start the DNS Services by running: d. leave the Store the zone in Active Directory (available only if DNS server is a domain controller) tick box and click Next. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . l. 3.

Exit and close ADSI Edit. e. Expand the Configuration container and click Partitions. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .d. f. On the right side under Directory Partition Name find your partition you created and Browse its properties.

the command line version will be used to rename the Domain Controllers. Ask the instructor to demo the renaming of a Domain Controller using the GUI. Prerequisites • • • • Knowledge. which regards to the impact a renaming of Domain Controllers.Lab 14 – Renaming of Domain Controllers Objectives After completing this lab. Knowledge about the NETDOM utility Active Directory should be configured in exercise 1 Lab 02 Fully Qualified Domain Name (FQDN) of your domain Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . you will be able to rename Domain Controllers. NOTE: There is several ways in renaming Domain Controllers. can have. In this exercise.

Wait for the process to complete before continuing.Exercise 1 NOTE: Fully Qualified Domain Names (FQDN) must be used when performing this exercise. Old Computer Name Server1 Server2 Server3 Server4 Server5 Server6 Server7 Server8 Server9 Server10 Server11 Server12 Server13 Server14 Server15 Server16 New Computer Name Server101 Server102 Server103 Server104 Server105 Server106 Server107 Server108 Server109 Server110 Server111 Server112 Server113 Server114 Server115 Server116 Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . The table below defines the current and the new server name you must use. Perform the rename exercise on only one Domain Controller at a time.

open command prompt.domainx. Reboot the server. b. Also check to see if your computer has been successfully renamed.com /makeprimary servery. Using the Netdom command rename your server. Reboot the server. This command enumerates the old computer name. At the command prompt type. press ENTER. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . This will show you if you computer has been successfully renamed.com /remove serverx. Detailed Steps NOTE: ServerX = original server name while ServerY = New Server Name a.com. At the command prompt type: netdom computername serverx. The command below will be used to add the new server name. This command will remove the old server name. i.com /enumerate. f. netdom computername serverx. c.com and press ENTER. Logon as the administrator. h.com and press ENTER. g. Open the command prompt. Logon as administrator. j.domainx. netdom computername servery. Domainx is your domain letter). At the command prompt type. e.domainx.domainx.Tasks 1. Open the command prompt.com /add:servery. type hostname and press ENTER.domainx.domainx. Use the table above for your new computer name. (Serverx is your old server number and servery is your new server number.domainx. d. The command is used to make the new name the primary name. press ENTER. At the command prompt type: netdom computername serverx.

Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . you require computers running Windows Server 2003 that is configured as Domain Controllers. you will be able to: • Rename the NetBIOS name of the Domain Prerequisites • • • Thorough understanding of Domain Renaming DNS should be configured as in exercise 1 Lab 01 Active Directory should be configured as in exercise 1 Lab 02 Lab Setup • To complete this lab.Lab 15 – Renaming Domain NetBIOS Name (To be performed on the last day as an optional lab) Objectives After completing this lab.

Ensure there is a Host (A) record created. Close DNS Console Perform the following on all Even number Domain Controllers g. Detailed Steps Perform the following on all the odd numbered Domain Controllers. Copy all the files in the VALUEADD\MSFT\MGMT\DOMREN which is located on your Windows 2003 Advanced Server into this directory. b. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . c. Create a directory called domainrename on the c:\ drive. In the New Host page. support dynamic updates and have a Host record for the server. Under the IP address. The utility that will be used to rename the NetBIOS domain names is Tasks 1. • Copy random.exe and GPFixup. Open DNS console and create a Forward Lookup Zone called DomainrenameX. If not perform the following action: Right-click the newly created domain name and select New Host (A)… d.exe to c:\domainrename f.Exercise 1 Goal This exercise must only be done at the end of the week. enter your machines IP address in then click Add Host. e. The goal of this exercise is to rename the current NetBIOS domain name to a new NetBIOS domain name. Perform the following tasks to prepare the domain for renaming: • Configure DNS to support the New domain name called DomainRenameX (where X is your domain letter) • DNS must be AD integrated. You will be working with your partner during this exercise. a. rendom. type in your server name in the Name (uses parent domain name if blank): box. Ensure that the zone AD integrated is selected and Replicated to all DNS server in the forest is selected.exe.com (where X is your domain letter). h.

On all domain controllers within the forest run the following syntax: repadmin /syncall /P h. The following tasks need to be performed to rename the domain. Save a copy of the domainlist. If you get an error message restart the computer again and retry the command again.xml Run repadmin /syncall /P Rendom /prepare and in dclist. f. Run repadmin /syncall /P on all the domain controllers in the forest. • Rendom /execute and in dclist. Run GPFixup /oldnb:OldDomainNetBIOSName /Newnb:NewDomainNetBIOSName /dc:DCdnsName Restart all odd numbered domain controllers in the domain/forest.2. At the domainrename prompt type: random /showforest to verify that your changes are correct. Logon and run the command below. all the evenly numbered domain controllers must be restarted. At the domainrename prompt type: random /execute and verify in the dslist. Change the domain NetBIOS name by editing the sections between <NetBIOSName></NetBIOSName> in the domainlist.xml g.xml file and save the changes. At the domainrename prompt type: random /upload and view the contents of dclist.xml verify that <State> done</State> is true for all DC’s The following tasks need to be performed from all the even numbered domain controllers in each domain. After logon.xml as domainlist-save. d.xml that <STATE>prepare< /STATE > is true for all DC’s.xml verify that <State>Prepared</State > is true for all DC’s.xml that <STATE>done< /STATE > is true for all DC’s j. All the machines in the forest will automatically reboot. • • • • Rendom /showforest and verify change is correct. b.xml in the same directory. At the domainrename prompt type: random /prepare and verify in the dslist.xml • Edit NetBIOS name in domainlist. Open the command prompt and type cd\domainrename and press ENTER.xml file and save it. k. e. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . NOTE: The control station might need to be rebooted twice before the command will work.xml file as domainlistsave. i. a. However it is recommended that your partner’s follow in what you are doing. At the domainrename prompt type: random /list c. Rendom /upload and view content of dclist. • • Rendom /list Save a copy of Domainlist.

Objectives After completing this lab. Make sure they know the difference between “trusted” and “trusting”. you will be able to create cross-forest trust relationships and administer these cross-forest trusts. Prerequisites • • • Knowledge on the different types of trust relationships Multiple Active Directories should be configured as per exercise 1 Lab 02 Multiple Forest should have be created within the classroom environment Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Lab 16 – Setup and Test Cross Forest Trusts Instructor Note: review with students trust directions.

enter Administrator into the User Name box and password into the Password box. implemented between the following forests: • • • • Forest A and Forest C. On the Trust Type page. select the domain and click Properties. select Forest-wide authentication and click Next. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . c. Open Active Directory Domains and Trusts. click Next. select Both this domain and the specified domain. Create a two-way trust relationship between two forests within the classroom. click Next. On the Welcome to the New Trust Wizard page. Forest E and Forest G. On the Outgoing Trust Authentication Level – Specified Forest page.Net forest A Forest Trust relationship needs to be Tasks 1. On the Trust Creation Complete page. On Sides of Trust page. On the Outgoing Trust Authentication Level – Local Forest page. f. select Forest-wide authentication and click Next.Net forest Forest G and W2K3. Forest C and W2K3. b. On the Direction of Trust page. review settings and click Next. Detailed Steps a. click Next. e. select Forest Trust and click Next. On the Trust Selections Complete page. select Two-Way and click Next. review the settings and click Next. g. k. l. d. i. On the User Name and Password page. under Name enter the NetBIOS name of the forest root domain you want to trust.Exercise 1 Goal Students will work as a team during this exercise. h. In the Trust Name page. In Properties of the domain click Trusts and click New Trust. click Next. j.

m. click Next. On the Confirm Outgoing Trust page. On the Confirm Incoming Trust page. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . o. select Yes.com properties page and close Active Directory Domains and Trusts. select Yes. n. Click OK to close the domainx. p. confirm incoming trust. click Next. On the Completing the New Trust Wizard page. confirm the outgoing trust. click Finish.

On the servers create a directory called Forest and share the directory as Forest. From the Run command type: \\serverx\forest (where X is the server number). Computers. Logon as a user that was created earlier. click OK. select new and then select bitmap image. On the Select Users. d. Once open right-click in the blank area. Close the window. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . b. In Enter the object names to select type in Domain Users and click Check Names. Click OK to close Forest Properties. In the windows for Permissions for Domain Users select Allow – Change. Create a folder called forest and share it as forest. b. d. Give users from a different forest the Change rights permission to the directory shared directory. 2. Click DomainX. Detailed Steps a. f. This has allowed you to create a file on the server in a different forest. press ENTER. click OK. c. or Groups click Locations e. a. Click Add under Permissions for Forest. g.com (Where X is the domain letter with how you created a forest trust with) then click OK. h.Exercise 2 – Test cross forest resource access Tasks 1. c. Click Permissions in Forest Properties. click OK.

click Next. In the Enter the object names to select type Domain Admins and click Check Names. b. delete. j. click Next. Logof from the computer Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Exercise 3 – Test cross forest delegations Tasks 1. g. On the Completing the Delegation of Control Wizard page. select Create. click OK. On the Welcome to the Delegation of Control Wizard. Create an OU called DelegateX (Where X is your student number) Right-click the OU and click Delegate Control… d. click Finish. click Locations and highlight the second forest then click OK. click Add. On the Users or Groups page. On the Tasks to Delegate page. Detailed Steps a. ensure that DomainX\Domain Admins is selected. e. Open Active Directory Users and Computers and click on the Users Container. Create an OU called DelegateX (where X is your student number) and assign the Domain Admins in the trusted domain access to create and delete users. h. and Manage user accounts. i. On the Users or Groups page. c. click Next. f.

The user must not be the Administrator account. Type a user name into the following boxes: First name and User logon Name. Right-click the OU and click New à User. click Next. Type in password in the Password and Confirm password boxes. right-click your domain and select Connect to Domain. Test the Delegation by creating a User account in the OU in your partner’s forest domain.2. Expand the domain to which you connected and click the OU called DelegationX (where X is will be the student number of the user that administers that domain). c. On the Connect to Domain page. type the domain name in to which you want to connect and click OK. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . e. d. Logon as a user with Domain Admin rights before starting this exercise. Open Active Directory Users and Computers. click Next. f. a. Review the details and click Finish. b. g.

you will be able to: • • • • • Installing and Configuring IIS Determine which Isolation mode your IIS server is. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Lab 17 – IIS Objectives After completing this lab. View the different processes currently running Creating Application Pools Recycling Processes Prerequisites • Knowledge of IIS Lab Setup A computer running Windows Server 2003 Enterprise configured as a Domain Controller.

In the Application Server Option Page leave as default and click Next f. Tasks Detailed Steps This Exercise can be performed by all Students 1. On the summary page click Next g. Once completed click Finish i. On the Server Role Page click Application Server (IIS. View or change the Application Isolation Mode using IIS Manager a. On the Manage your Server page click Manage this Application Server j. Click Start à Mange Your Server b.Exercise 1 Goal The goal of this exercise is to install and configure IIS for the rest of the exercises. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . d. e. On Mange Your Server à Add or Remove a Role c. h. Browse around the interface to familiarize yourself with the interface. This starts the installation and configuration of IIS. ASP.Net) and click Next. On the Configure Server Wizard Page click Next.

View or change the Application Isolation Mode using IIS Manager a.Exercise 2 Goal The goal of this exercise is to establish in which isolation mode your current IIS server is running in. After IIS restarts. View the status of the checkbox labeled “Isolation Mode” e. Tasks Detailed Steps This Exercise can be performed by all Students 1. you are running in IIS5 Isolation Mode g. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . click OK to close the Web Sites properties sheet. If the box is checked. Click Apply i. click Administrative Tools. Right click on the “Web Sites” folder and choose “Properties” c. you are running in worker process isolation mode f. Open the IIS snap-in (Click Start. Click on the “Service” tab d. You will now be prompted to restart the Web services. Verify that the check box is unchecked – uncheck if necessary (You will be required to run in worker process isolation mode for the remainder of these exercises) h. If the box is unchecked. click Yes to restart IIS. click Programs. Verify the Application Pools folder is present. and then click Internet Information Services) b.

or you are unsure of the mode. change directory to the path containing the script file listw3wp. It should be C:\IIS b. revisit the first exercise on isolation modes. Tasks Detailed Steps This Exercise can be performed by all Students 1. Re-run listw3wp. If your configuration is running in IIS5 isolation mode. From the command prompt.exe Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . indicating “there are no running w3wp.Exercise 3 Goal In this exercise.vbs. Execute the listw3wp. To view worker processes using the script. Execute the command: listw3wp.vbs c. and for listw3wp to return information. such as http://localhost (disregard the page that is returned) e. navigate to any local URL using Internet Explorer. you will use a VBScript to view process information. If there are no worker processes running.vbs and you should see the Process ID (PID) and the Application Pool name of the running worker process.vbs to view process information a. Note: You must be running your server in worker process isolation mode for this exercise to work. you should see a message instances” d.

To use iisvdir. select Run and enter: notepad c:\tempvdir\default.Exercise 4 Goal In this exercise you will create a new application pool. Note: if Active Server Pages have not been enabled on your server. Save the file in the c:\tempvdir folder. you will receive a 404 error message. Expand your server To enable Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . d. Active Server Pages. Click the Start button.asp. f. If the Internet Explorer Enhanced Security Configuration is enabled dialog box appears select the tick box and click OK. Open a command window b. Verify that the command completed successfully by viewing the message displayed in the command window. Create a virtual directory a. and assign a virtual directory to that application. select ‘Yes’. Make sure you have correctly named it as default. This will display the command line parameters for using the tool. Tasks Detailed Steps This Exercise can be performed by all Students 1. Create a default HTML page to the virtual directory. Open IIS Manager if not already oped b. View by navigating to the URL: http://localhost/mydir/ using Internet Explorer to verify the virtual directory is working properly i. In your html page. When prompted to create the file.asp h. Execute the command: iisvdir /create “default web site” myvdir C:\tempvdir e. type the following line <H1>Application Pool Test Page</H1> g. Create a virtual directory named “myvdir”. (Do not change any settings the lab will work with the current configuration) j. do the following: a. type the following command at the command line: iisvdir /? c.

Create a new Application pool Retry http://localhost/mydir a. Browse to http://localhost/mydir b. and choose Properties. c. execute the script listw3wp. The application pool has now been created.c. At the bottom you will see a drop-down box for Application Pool. click Programs. You will see separate instances of worker processes when you run the listw3wp. The Add New Application Pool dialog box appears. then choose Application Pool. click Administrative Tools. Expand the Web Sites node. Right-click on Application Pools. At the command line. This will enable Active Service Pages. b. navigate to other web sites on the local machine that are not in the same application pool. On the right pane click Active Service Pages and click Allow e. Click on the drop-down box and choose MyAppPool. Optional Step: modify your c:\tempvdir\default.vbs script. Assign the mydir virtual directory the application pool a. you will see an instance of the worker process running your application pool. Click Apply. Click the Virtual Directory tab. Expand the Application Pools node. Click on Web Service Extensions d. Optional Step. Expand the Default Web Site.vbs. Click OK. such as http://localhost (which is in the Default Application Pool by default). and then click Internet Information Services) b. d.asp page to include the following line: My app pool ID is [<%=Request. Verify that your application is running in its own application pool a.ServerVariables(“APP_POOL_ID”)%>] Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . and then OK to save your changes. 4. Open the IIS snap-in (Click Start. 3. k. You now need to add the virtual directory you created in the previous step to this application pool. d. c. d. and choose New. e. Right-click the virtual directory named myvdir. c. 2. Enter MyAppPool for the Application Pool ID.

You should see your newly created MyAppPool in the text Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . And refresh http://localhost/mydir.e.

Test the recycling settings a. that means a new process is running in place of the original one. and then click OK. c. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . From Internet Explorer. Browse to http://localhost/mydir in Internet Explorer. 2. Run the command line script again and verify the PID has changed. Thus. click on the refresh button twice d. From Internet Explorer. On the MyAppPool Properties dialog box. right-click the MyAppPool node. d. Click Apply. Open IIS Manager if not already open b. Tasks Detailed Steps This Exercise can be performed by all Students 1. From the command line. Re-run the command line script and verify the PID is still the same e. you will configure the application pool you created in the previous exercise to recycle after a certain number of requests have been processed. Configure the application pool to recycle after 5 requests a. run listw3wp. and choose Properties.Exercise 5 Goal In this exercise. click the Recycling tab.vbs to gather the Process ID (PID) information. and remember this process ID number for MyAppPool c. Expand the Application Pools node. Check the Recycle worker process after check box. recycling of the worker process after five requests has completed successfully. Change Number of Requests from the default of 35000 to 5 e. If the PID is different. b. refresh the page 3x times f.

Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Lab Setup • A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller.Lab 18 – Terminal Services (Optional) Objectives After completing this lab. you must have knowledge of Terminal Services concepts and operations. Install Terminal Services Prerequisites • • Before working with this lab. Knowledge of Remote Desktop concepts and operations are also required. you will be able to: • • • Configure Remote Desktop on a computer running Windows Server 2003 Connect to a computer running Remote Desktop.

Right-click Remote Desktops and select Add new connection. Ask your partner to open Notepad on his/her machine and leave it open. Tasks 1. a. After you have connected to your partner’s computer you need to install Terminal Services in Application mode. • Connect to Remote Desktop Perform this exercise from the first partner and then repeat the lab for the second partner. Click to select Allow users to connect to this computer. e. Note that Terminal Server Remote Administration is installed by default. f. b. In the Add new connection page. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . type in the Server Name or IP address and give it a Connection Name. Detailed Steps This exercise can be done from both computers at the same time. c. Perform the following Tasks: • • Enable Remote Desktop Connect to server using Remote Desktop Connection. g. c. A message appears. Here you will connect to your partner’s computer by means of the Remote Desktop Connection. Connect as Administrator to your partner’s machine using the Remote Desktop Connection. Under Remote Desktop click the Connection Name you created. d.Exercise 1 Goal This exercise will be performed by all students. Disconnect form the server. b. but do not close the application. d. In Notepad add some text. e. Under the Logon information enter the administrator and domain details in. and click OK. Open System under Control Panel and select Remote. Browse your partner’s computer and then logoff. a. h. On your machine open Administrative Tools and select to open Remote Desktops. read the message and click OK to the message and then OK to close System Properties.

g. Install Terminal Services in Application Mode. On the Terminal Server Setup page. select Terminal Server and click Next. c. Logon as Administrator and close the Terminal Server help menu. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . click Finish.i. On the Windows Components page. Open Add and Remove Programs. On the Completing the Windows Components Wizard page. Your partner should see the text in Notepad that you entered. j. review the message and click Next. b. f. Restart the Computer. a. On the Terminal Server Setup page. select Full Security and click Next. e. and select Add/Remove Windows Components. Once disconnected ask your partner to logon. d.

you will be able to: • • Send a Remote Assistance invitation Respond to a Remote Assistance invitation Prerequisites • A computer running Windows Server 2003 Scenario You are responsible for providing technical support to users within your company. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . They are having trouble open or doing some of their day-to-day tasks. It is your responsibility to assist them with their problems by using Remote Assistance.Lab 19 – Remote Assistant (Optional) Objectives After completing this lab.

g. verify that Require the recipient to use a password is selected. verify that administrator appears and the expiration time is set to 2 hours and then click Continue e. b. type password and the click Save Invitation. The goal of this lap is to get familiar with the remote assistant features within Windows 2003 Advance server. Click to select Turn on Remote Assistance and allow invitations to be sent from this computer. Perform the following Tasks: • Enable Remote Assistant. click View the status of all my invitations. scroll down to the bottom of the page. Tasks 1. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . select c:\temp. On the Remote Assistance – Pick how you want to contact your assistant. On the Your invitation has been saved successfully to: page. f. b. Detailed Steps a. in the Type Password and Confirm Password boxes. and then click Save invitation as a file (Advanced). On Remote Assistance – Save Invitation page. Click Invite someone to help you. in the Save in drop-down list. d. Open System under Control Panel and select Remote. Create an Invite and save the invite to c:\temp a.Exercise 1 Gaol Students will be working in pars during this exercise. h. c. 2. Close Help and Support Center. A message appears read the message and click OK to the message and then OK to close System Properties. c. In the Save file dialog box. Click Start à All programs and then click Remote Assisstance. On Remote Assistance – Save Invitation page. In Help and Support Centre under Remote Assistance. in the filename box type your name and then click Save. click the down arrow.

Important: Task three is for the helper. a. b. and then clicking Send. Click Start. b. and then click Yes. explain to your partner the helper that you need to know how to bold text in a WordPad document. and the click Yes on the message Do you want to let this person view your screen and chat with you? c. and the click Send. In the Remote Assistance – Web Page dialog box. On the Chat History title bar. b. Respond to your partner’s chat session by typing in the box at the lower left. e. Attempt to click on any item on your partner’s computer. type password in the Password box. b. Copy the Remote assistance file to your local computer. Double click your partners remote assistance file. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . On the Remote Assistance menu. Respond to your partner’s chat session. DO you want to let Administrator take control of your computer. Start an application on your computer and then accept the invitation. and then click WordPad. a. click Yes. 3. d. In the chat box. When prompted.Exercise 2 – Responding to an Invitation Tasks Detailed Steps Important: The person responding to the invitation will be the helper. and the person who sent the invitation will be the end user. Restore the Remote Assistance dialog box if it is not in the foreground. a. a. with a password of password. Log on to the domain as Administrator. You and your partner will decide who will be the helper and who will be the end user. click All Programs. Important: Task four is for the end user. 2. In the Remote Assistance Invitation dialog box. click Yes. 4. At this point you can only view the desktop. When prompted. invitation box. 1. c. let your partner take control of your computer. click the chevron next to Hide Chat. click Accessories. Important: Task two is for the end user. Type some text in the chat session box. Logon as administrator and type in the password under the Remote Assistance c. From both machines copy the Remote Assistance file to you local machine. Each task will be for either the helper or the end user. click Take Control.

On the Remote Assistance –Web Page Dialog message box. Close all open windows. b. click OK. Important: Task six is for the end user. The helper has control of the end user’s computer. 6. d. 5. and then log off. With the WordPad document in the foreground and text entered highlight the text and then click the Bold button. Click Disconnect and then close the Help and Support Center window. and then log off. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .c. Close all open windows and then log off • Close all open windows. Restore WordPad and type some text in to the document. Both people can perform tasks on the computer. Important: Task five is for the helper. Perform tasks on your partner’s computer a. c.

Prerequisites • • Understand how Group Policy Objects works. Understand how Software Restriction Policy affects users. Lab Setup • A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .Lab 20 – Create Software Restriction Policy (Optional) Objectives After completing this lab. you will be able to create a software restriction policy for your users.

Expand Windows Settings à Security Settings. Logoff as the user and logon as Administrator. c. In this exercise you will create a policy that will not allow anyone in your domain to run the calculator application on their computers. The following tasks need to be performed: • Edit the Default Domain Controller Policy • Leave Default Security Policy as Unrestricted • Create a Software Restriction Policy that prohibits c:\windows\system32\calc. A message will appear. h. l.exe • Reboot Computer and test the policy with a user account that does not have admin rights Detailed Steps a. read the messages and click OK. e. From the Run command type. Highlight Default Domain Controller Policy and click Edit.exe g. Right-click Additional Rules. Open Active Directory Users and Computers. type in the Path box the following: c:\windows\system32\calc. On the Domain Controllers Properties page. right-click Software Restriction Policies and select New Software Restriction Policies. select New Path Rule… f. b. click Group Policy. k.exe and click OK. Close all windows and restart the computer. right-click Domain Controllers and select Properties. On the New Path Rule page. Tasks 1. c:\windows\system32\calc. d. i. Logon as a user with no admin rights. Under Computer Configuration.Exercise 1 Goal Decide between team members in each domain who will perform this exercise. In the Security Level on the New Path Rule select Disallow and click OK. j. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

Lab 21 – Result Set of Policy (RSoP) Tools (Optional)

Objectives
After completing this lab, you will be able to use different tools to determine the Result Set of Policies.

Prerequisites
• • Knowledge of RSoP, GPResult V2.0 and the use of Help Centre Active Directory should be configured as per exercise 1 Lab 02

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

Exercise 1
Goal
All students must do this exercise. Here you will be looking that the different ways group policy information can be retrieved and viewed.

Tasks 1. Use the following tools to retrieve RSOP information: • • • RSOP Snap-in GPResult v2 Help Centre HTML Report c. b.

Detailed Steps a. Open a new Microsoft Management Console and add the Resultant Set of Policy. Right-click Resultant Set of Policy and click Generate RSoP Data… On the Welcome to the Resultant Set of Policy Wizard page, click Next. d. On the Mode Selection, select Logging Mode, click OK. e. On the Computer Selection page, select This Computer and click Next. f. On the User Selection page, select Current user, click Next.

g. On the Summary of Selection page, click Next. h. On the Completing the Resultant Set of Policy Wizard, click Finish. i. Exit without saving the console.

a. Open the command prompt. b. At the command prompt type: gpresult c. Once Complete browse though the settings to see what information is given you about the machine and user. a. Click start and, then click Help and Support. b. Under Support Tasks, click Tools. c. Under Tools, click Help and Support Center Tools.

d. Under Help and Support Center Tools, click Advanced System Information. e. Under Advanced System Information, click View Group Policy Settings applied. f. Scroll to the results that you want to view.

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

Lab 22 – Restore Default GPO’s (Optional)

Objectives
After completing this lab, you will be able to restore the default Group Policy Objects to their original settings/values.

Lab Setup
• A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller.

Released: 4/16/2003

Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises

Exercise 1 Goal Decide between each other how you will perform this exercise within each domain. Open the Command prompt. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Read the warning message and then press Y and the ENTER. DCGpoFix and press ENTER. b. Reconfigure the policy to allow users to logon locally.exe and note all prompts and warning messages. f. c. Detailed Steps a. In this exercise you will restore the Group Policies to their default settings. d. Read the last message and then exit the command prompt. Tasks 1. Reconfigure the policy to allow users to logon locally. Read the second warning message and then press Y and the ENTER. 2. At the command prompt type. e. Run DCGpoFix.

Lab 23 . you will be able to use Volume Shadow copy services to recover changed data files or deleted data files.Using Volume Shadow Copy Service to Recover Files Objectives After completing this lab. Lab Setup • A computer running Windows Server 2003 Enterprise Server that configured as a Domain Controller. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

After the process of enabling volume shadow copies on the volume has been completed. (This can take a few minutes) d. i. c.Exercise 1 Goal Volume Shadow Copy allows administrators to ease the administrative burden of restoring files that users have inadvertently modified or deleted. e. Right-click C: in the folders pane and click Properties. g. configure for a 200 MB limit. On the C:\ drive. On the Permissions for shadow copy dialog box. or Groups dialog box type Authenticated Users and click OK. e. h. Click OK to close the shadow copy Properties dialog box. Share it with Authenticated Users having Change and Read permissions. click Add. b. users may revert to previous copies of a file or restore deleted files without having to contact administrators in order to obtain previous versions of the file(s). d. c. Create a folder named c:\shadowcopy. Log on as Administrator with a password of password. Tasks 1. f. j. Right-click the shadow copy folder and select Properties. On the Permissions for shadow copy dialog box. On the Settings dialog box. Ensure that C:\ is selected. Enable shadow copies for the C:\ drive. click on the Shadow Copies tab. a. click Change on Permissions for Authenticated Users (Authenticated Users should now have Change and Read) and then click OK. select Share this folder and use the default share name and click Permissions. and then click OK to close the Settings dialog Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . click Settings. Leave Windows Explorer open. 2. Detailed steps a. make sure Authenticated Users is highlighted. b. change the Maximum size. Computers. On the Local Disk (C:) Properties dialog box. click on Sharing tab. use limit to 200. Once volume shadow copy has been enabled and configured on a volume. click Enable on the Enable Shadow Copies dialog box and click Yes. create a folder called shadowcopy. On the shadow copy Properties dialog box. Open Windows Explorer. On the Select Users.

Save and close the file.txt from the File Versions and click View. View a previous version on a. In Map Network Drive. d. 4.txt. In the S: window. Click OK to close the Local Disk (C:) Properties dialog box. By default is should be enabled). From the Explorer Tool menu. 6. click Map Network Drive.msi to install the Previous Version Client. h. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . e. c. Open Test Shadow Copies. Add text to the new document and save it. a.txt document and select Properties. c. f. b.box.txt document and type This is my second copy of my shadow copy document. Modify the test document. Double-click twcli32. Right click on the Test Shadow Copies. the file. Click OK on the Local Disk (C:) Properties dialog box. Click Finish after the Previous Version Client Setup completes. in Folder. f. browse to C:\windows\system32\clients\twclient\x86 b. On the Test Shadow Copies. b. click Create Now to initiate a shadow copy. Map a drive to the local share. 7. create a new text document called Test Shadow Copies. type \\localhost\shadowcopy and click Ok.txt Properties dialog box. Open the Shadow Copies tab of the Local Disk (C:) Properties dialog box. Select Test Shadow Copies.txt extension. Create a file name Test Shadow Copies. a. Notice that it opens the first version of your document. in Drive type S. Install Previous Version Client. 3. (This can take a few seconds so please be patient). a. you must include the . Save and close the text file. c. Initiate a shadow copy. When the shadow copy process has been completed.txt and type This is the first copy of my document. select the Previous Versions tab. Open Test Shadow Copies. b. In Explorer.txt (Tip: If you have not enabled viewing of file extensions in your Explorer options. g. you should have an additional shadow copy listed in the Shadow copies of selected volume window.

Copy a previous version of a. click Restore. Verify that Test Shadow Copies. On the Copy Items dialog box. Close the file. 7. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Click OK. You will be notified that the previous version of the file was successfully restored. d. Verify successful restore of e. On the Test Shadow Copies. Click OK to close the Test Shadow Copies. Restore a previous version a. You will be warned that your subsequent version of the file will be overwritten with the previous version. 9. b. Click Yes. modified the file. g. On the Test Shadow Copies. Close the S: window. b. select Desktop and click Copy. f. click the file. The previous version will be copied to the desktop. 8.txt appears as it did before you a previous version file. and asked if you are sure that you wish to do this. and the previous version should no longer be listed in the Previous Versions property sheet.txt Properties dialog box.txt Properties dialog box. of the file.txt Properties dialog box.Close the document. Copy. c.

Lab 24 – Security Objectives After completing this lab. you will be able to: • • • Change EFS Recovery Angents Share EFS data with other users Installing and Configuring a PKI infrastructure – Optional Lab Setup • A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

Tasks Detailed Steps The Execrise can be performed by all students 1. Open Active Directory Users and Computers c. Generating a File Recovery certificate Assign both users to the Administrators group a. Click OK twise f. Right-Click the file à Properties à Advanced à Details g. e. In the encryption details dialog box. Right-Click the Users container à New à User Administrator rights (Do not user Administrator) d. Logon as as Administrator b. Right-Click the file à Properties à Advanced à and select Encrypt content to secure data e. The select user dialog box appears.confirm password and press enter. click Add. type password and press enter .cer f. Open command prompt c. i. When prompt. 3. h. Select the name of the user to whom you want to give access. Create a second user called Sue0X (Where X is your server number) f. At the command prompt type cipher /r:<Logged on Username> (Do not include a filename extention) d. 2. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Create 2 users with a.Exercise 1 Goal The goal of this exercise is to share your encrypted files with other users within your organization. Repeat steps A to E for Sue0X a. d. This will create 2 files <Logged on Username>. Create a user called Jack0X (Where X is your server number) e. Create a directory called <your servername> c.pfx and <Logged on Username>. Sharing Encrypted Files with others. Open the directory and create a text file within the directory. Log on as Jack0X b. Open Windows Explorer b.

b. Test to see if it works. Logon as the user that you selected. Browse to the directory where the file is located. If you can open and save the file you successfully shared your EFS file. Save and Close the file. c. a. 4.and click OK. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Open it and enter text in.

Click Start à Run à certmgr. Tasks Detailed Steps This exercise can be done by all students 1. e. g.pfx) and click Next. 2.cer file you created during exercise 1 of lab 24. Open Local Security Settings (Secpol. Expand Security Settings à Public Key Policies à Encrypting File System c. click Next. When the Add recovery Agent box appears click Yes to install the certificate. Click Finish. d. you will change the Recovery Agent from Administrator to your username. On the File to Import page Enter the path and the filename of the encryption certificate (. On the Select Recovery Agents page. Double Click the file. Right Click Encryption File System à Add Data Recovery Agent and click Next on the Welcome Wizard page. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .msc) b. Log on with the account that you want to designate as a data recovery agent. a. This file was created during previous exercise – exercise 1 of lab 24 f. Right-Click Personal à All Tasks à Import d. click Browse Folders and then navigate to the folder that contains the .Exercise 2 Goal In the exercise. b. h. In the Certificate Store Page select Automatically Select the certificate store based on the type of certificate and click Next. Click Next on the Import Wizard Page e. a. On the password page enter the password for this certificate and then click Mark This Key as Exportable.msc c.

Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . The Select Recovery Agents page now shows the new agent as USER_UNKNOWN.f. Don’t be alarmed by this text. Click Next h. g. Click Finish The current user is now the data recovery agent for all encrypted files on the system.

Since IIS is not installed. j. click Next. click Enterprise Root CA and click Next. Tasks Detailed Steps This exercise will be done on Servers 1. c. a warning dialog box appears to say that web enrollment won’t be available. a. In Windows Components select Certificate Services check box. Note: If you choose to do the appendix lab where the domain is renamed. In CA Type. A dialog box appears warning that the name and domain membership may not be changed. click Finish.13 1. in Common name for this CA. Install and configure Enterprise Root CA. In Windows Components click Next. In CA Identifying Information. Click Start. b. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . k. d. In Certificate Database Settings.Exercise 3 – Optional Goal Install an enterprise root certificate authority in the forest root domain. Add/Remove Programs. Control Panel. i. In Completing the Windows Components Wizard.9. e. Click OK. Click Yes to continue. Then configure an enterprise subordinate certificate authority.5. the certificate services will have to be reconfigured to match the new domain name. g. Click Add/Remove Windows Components to start the Windows Components Wizard. f. h. Close Add/Remove Programs. type DomainX Root CA and click Next.

click Next. In CA Certificate Request. g. e. Add/Remove Programs. click Next. f. then log on to the DomainA domain.7. Click Add/Remove Windows Components to start the Windows Components Wizard. In CA Identifying Information. h. Click Next. k. Install and Configure Enterprise Subordinate CA a.Tasks Detailed Steps This exercise will be done on Servers 3. In Certificate Database Settings. l. c. the user must be a member of the Enterprise Administrators group. Close Add/Remove Programs. select the root CA server for the forest. d. if you are in DomainB. In Windows Components select Certificate Services check box. b. For example. Click Yes to continue.11. In the Completing the Windows Components Wizard. In CA Type. Click Start. Click Browse. type DomainX Subordinate CA and click Next. Note: If you choose to do the appendix lab where the domain is renamed the certificate services will have to be reconfigured to match the new domain name. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . m. click Finish. Log on to the server as the administrator in the forest root. click Next. Control Panel.15 2. A dialog box appears warning that the name and domain membership may not be changed. Since IIS is not installed a warning dialog box appears to say that web enrollment won’t be available. click Enterprise subordinate CA. click Send the request directly to the CA already on the network. In Windows Components. in Common name for this CA. Click OK. In order to install a subordinate CA. i. j.

h. j. c. scroll down to find “user. These permission settings are variable. right-click Certificate Templates and click Manage.15 1. a. In the right-hand pane. Administrative Tools. in the right-hand pane. In the Certificate Authority window. b.7. Click the Security tab. select AutoEnrolled User and click OK. In Certificate Templates. Open Certification Authority. In the Group or user names field.11. depending on who you want to autoenroll for these certificates. type AutoEnrolled User. right-click Certificate Templates and click New. Click Start. In the Permissions for Authenticated Users list. In Enable Certificate Templates. b. d. e. Configure an enterprise certification authority to issue the AutoEnrolled User certificate. Close the Template Manager window. In the Display Name field.” Right-click user and click Duplicate Template. f. select the Enroll and AutoEnroll permission check boxes and then click OK. in the right-hand pane. Create auto user enrollment template. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . i. click Authenticated Users.Tasks Detailed Steps This exercise will be done on Servers 3. 2. Certification Authority. Autoenrolling Authenticated Users is an example. Make sure that the Publish Certificate in Active Directory check box is selected. a. g. Certificate Template to Issue. You will probably want to be a little bit more specific than this.

Run gpupdate to refresh group policy. a. click Add.9.com and select Users. This needs to be done on Servers 1. type gpupdate and click OK Check to see if the certificate was delivered. a. type administrator@domainX. In the left-hand pane. Windows Settings. Check to ensure the certificate was delivered to the local user. update pending certificates and remove revoked certificates check box. l.9.11. Click Start. This can be done in many different ways. Double-click Administrator in the right-hand pane. In the DomainX properties window.This needs to be done on Servers 1.com (where X is the domain with which you are working). In the Run dialog box. i. select Certificates and Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . This section will add the e-mail property to the administrator account.3. expand DomainX.7. In the Administrator Properties.15 3. Select Default Group Policy and click Edit. In Add/Remove Snap-in. Click File.7. All accounts need to have a valid e-mail address for this to work. From the File menu. Click Start. j. Right-click the domainx. e. 5. This will open the Group Policy Editor. expand Default Domain Policy.5. Active Directory Users and Computers. Run. m. n. h.15 4. d.3. g. In the Run dialog box. click Group Policy. Select the Update certificates that use certificate templates check box and click OK. under the General tab and in E-mail. b. Run. 6. click Add/Remove Snap-in. Click OK to save the changes. Select the Renew expired certificates. In the left-hand pane. Administrative Tools.com and click Properties. f. Click Start. type mmc and click OK. In the right-hand pane. b. but in this example you will modify the default domain group policy. click Exit and then click OK. double-click AutoEnrollment Settings. Open Active Directory Users and Computers. The certificates that will be distributed can be used for email signing. User Configuration. Configure Group Policy to distribute certificate to users. In Add Standalone Snap-in.5.11.13. Click Enroll certificates automatically. k. c. c. o.13. Security Settings and Public Key Policies. Run gpupdate to refresh policy.

In Certificate Snap-in. p. click Close. Personal and select Certificates. t. look for a certificate that was issued by DomainX subordinate CA. In Add/Remove Snap-in. s. click OK. click My user account and click Finish.click Add. r. Expand Certificates. u. In the right-hand pane. If no certificates appear check the application event log for errors. In Add Standalone Snap-in. The event will have a source of AutoEnrollment. q. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

Lab 25 – Command Line Tools (Optional) Objectives After completing this lab. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises . Lab Setup • A computer running Windows Server 2003 Enterprise Server that is configured as a Domain Controller. you will be able to use different command line tools create objects within the Active Directory environment.

dc=domainx. h.dc=com and press ENTER. d. To create a user in the OU you just created type: dsadd user cn=bobx. To create an OU type in dsadd ou OU=OUX. When asked are you sure you want to delete the user click Y. i. Check Active Directory Users and Computers to see if OUX has been created. Close the command prompt. At the command prompt. type in dsadd and press ENTER to see all the different options. g.DC=domainX. f. c. Check Active Directory Users and Computers to see if bobx has been created. Tasks 1. Perform the following Tasks using the utility called DSadd and DSRM: • Create an OU called OUX (Where X is your student number) • Create a User called BobX (Where X is your student number) • Deleted BobX Detailed Steps a. e.dc=domainx. The goal is to get familiar with the new command line tools/utilities that ship with Windows 2003 Server. Open the command prompt b. To delete Bobx type the following command: DSRM –u administrator –p password cn=bobx.DC=com and press ENTER.Exercise 1 Goal All students within each domain/forest can participate in this exercise.ou=oux.dc=com –fn bobx –display bobx –samid bobx –upn bobx@domainx. Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .ou=oux.com and press ENTER.

IgnoreCase = True Set providerObj = GetObject("winmgmts:{(debug)}:/root/cimv2") Set W3WPs = providerObj.CommandLine) Set SubMatches = Matches(0).SubMatches WScript. Set Re = New RegExp Re.Appendix A The creation of the listw3wp.Pattern = "-ap ""(.vbs file used in Lab 17.+)""" Re.ExecQuery("select * from Win32_Process where Name='w3wp.Echo "AppPoolID: " & SubMatches(0) count = count + 1 Next if (count < 1) then WScript.exe'") count = 0 For Each W3WP in W3WPs WScript.Echo "There are no running w3wp.Echo "PID: " & W3WP.Execute(W3WP.ProcessId Set Matches = Re.exe instances" End if Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop Hands-on Lab Exercises .

Sign up to vote on this title
UsefulNot useful