System Admin Manual | Group Policy | Active Directory

SYSTEM ADMINISTRATION LABMANUAL

Student Name: ________________________ Faculty Name: ________________________ Branch Name: ________________________ Batch Date : ________________________

Windows Server 2008 - System Administration

INDEX

Sr. No. 1

Topic Installation Of Windows Operating System
Lab – 1: Installing Windows Server 2008 Operating System Or Installing Windows 7 Operating System Lab – 2: Creating Local User Accounts

Page No. 4
5 18 29

2

Active Directory
Lab – 1: Assigning IP Address Lab – 2: Installing Active Directory

31
32 35

3

Member Server/Client and User Management
Lab – 1: Configuring Client Or Configuring Member Server Lab – 2: Creating Domain User Accounts Lab – 3: Changing Default Password Policy Lab – 4: Changing Allow Logon Locally Policy Lab – 5: Enabling Account Lockout Policy

42
43 45 47 49 53 55

4

Permissions
Lab – 1: Security Level Permissions Lab – 2: Share Level Permissions Lab – 3: Configuring Offline Files in Client Or Configuring Offline Files in Member Server

59
60 62 64 66

5

Profiles
Lab – 1: Configuring Local Profiles Lab – 2: Configuring Roaming Profiles Lab – 3: Configuring Mandatory Profiles Lab – 4: Configuring Home Folder Lab – 5: Enabling Disk Quota

68
69 71 73 78 79

6

Logical Structure of Active Directory
Lab – 1: Configuring Additional Domain Controller Lab – 2: Configuring Child Domain Lab – 3: Configuring New Domain Tree in Existing Forest

81
82 90 99

2

Windows Server 2008 - System Administration

7

Roles of Active Directory
Lab – 1: Transfer of Roles Lab – 2: Seizing of Roles

108
109 117

8

Group Policies
Lab – 1: Creating an Organizational Unit (OU) Lab – 2: Applying Group Policy on OU Level Lab – 3: Applying Group Policy on Domain Level Lab – 4: Applying Group Policy on Site Level Lab – 5: Applying Group Policy Modeling Lab – 6: Delegating Control to a User Lab – 7: Applying Software Deployment Policy Lab – 8: Applying Scripts using Group Policy Lab – 9: Applying Folder Redirection

125
126 128 131 134 135 138 140 144 146

9

Trust Relationship
Lab – 1: Raising Functional Levels Lab – 2: Creating Forest Trust

149
150 152

10

Global Catalog, Sites and RODC
Lab – 1: Configuring Global Catalog Server Lab – 2: Creating Active Directory Sites Lab – 3: Creating Active Directory Site-Links Lab – 4: Creating a Pre-Create RODC Account. Lab – 5: Configuring Read-Only Domain Controller

158
159 160 163 165 172

3

A Computer and Windows Server 2008 Operating System DVD.Windows Server 2008 . 4 . you must have 1.System Administration INSTALLATION OF WINDOWS OPERATING SYSTEM Pre-requisites: Before working on this lab.

Insert Windows Server 2008DVD and Restart the system. Save the settings by Pressing F10 and click YES. 4. 5 . 2.Windows Server 2008 . 3. Set the First Boot Device as DVD ROM.System Administration Lab – 1: Installing Windows Server 2008 Operating System 1. Restart the System and go to BIOS.

System Administration 5. 6 . System copies the files from DVD.Windows Server 2008 . Press any key to boot from the CD or DVD. 6.

Windows Server 2008 - System Administration 7. Select the language to install English.

8.

Click Install now.

7

Windows Server 2008 - System Administration 9. Leave the Product Key blank, and click Next. (Product key can be entered later.)

10.

Click NO.

8

Windows Server 2008 - System Administration 11. Select the edition of Windows-Windows Server 2008 Enterprise(Full Installation)and check the box I have selected the edition of windows that I purchased.

12.

Check the box I accept the license terms

9

Click Drive options. Select Custom Installation.System Administration 13. 10 . 14.Windows Server 2008 .

Windows Server 2008 .System Administration 15. and click Apply. Enter the size for the partition. 11 . Select Unallocated Space and click New. 16.

Select the Partition and click Next. 18. 12 .Windows Server 2008 . Windows Installation will start.System Administration 17.

Windows Server 2008 - System Administration 19. System Restarts.

20.

Completes the Installation, and system will be restarted.

13

Windows Server 2008 - System Administration 21. Click OK, (User’s password must be changed before logging on the first time.)

22.

Enter the New Password and Confirm the password and Press Enter.

14

Windows Server 2008 - System Administration 23. Click OK. (Your password has been changed.)

24.

It Prepares the Desktop.

15

System Administration 25. 16 .Windows Server 2008 . Finally Administrator has logged in.

System Administration INSTALLATION OF WINDOWS 7 OPERATING SYSTEM Pre-requisites: Before working on this lab. you must have 1.Windows Server 2008 . 17 . A Computer and Windows 7 Operating System DVD.

3. Insert Windows 7DVD and Restart the system. 2. Save the settings by Pressing F10 and click YES.System Administration InstallingWindows 7 Operating System 1. Restart the System and go to BIOS. 4.Windows Server 2008 . 18 . Set the First Boot Device as DVD ROM.

Windows Server 2008 - System Administration 5. Press any key to boot from the CD or DVD.

6.

System copies the files from DVD.

19

Windows Server 2008 - System Administration 7. Select the language to install English.

8.

Click Install now.

20

Windows Server 2008 - System Administration 9. Check the box I accept the license terms

10.

Select Custom Installation.

21

Windows Server 2008 . Click Drive options. 12. Select Unallocated Space and click New. 22 .System Administration 11.

and click Apply.Windows Server 2008 . Select the Partition and click Next. 14.System Administration 13. Enter the size for the partition. 23 .

Windows Installation will start.System Administration 15.Windows Server 2008 . System Restarts. 16. 24 .

Windows Server 2008 . click Next. and system will be restarted.System Administration 17. 18. 25 . Completes the Installation. Enter the User Name and verify the Computer Name.

click Next. 26 . Configure Automatic Updates Ask me later.Windows Server 2008 . Enter the Password and Confirm.System Administration 19. 20.

27 .System Administration 21. Select the location of your computer Work network. 22.Windows Server 2008 . Select the Time zone and click Next.

It Prepares the Desktop.System Administration 23. 24. 28 .Windows Server 2008 . Finally Operating System is installed and the User has logged in.

29 . 3. Expand Computer Management Expand System Tools Expand Local Users and Groups Right click Users and then click New User.Windows Server 2008 . Click Start Programs Administrative Tools Computer Management.System Administration Lab – 2: Creating Local User Accounts 1. 2. Login as the Administrator to the Computer.

5. Verification: 1. Press Ctrl + Alt + Del Click Switch User or Logoff Administrator. and then Close Computer Management.System Administration 4. Enter User Name (User1) and set Password. Confirm Password and click Create. Login as User (User1) on same computer.Windows Server 2008 . 2. 30 . Click Close.

you must have 1.Windows Server 2008 .1 31 .System Administration ACTIVE DIRECTORY Pre-requisites: Before working on this lab.0. SYS1 MICROSOFT. A Computer with Windows Server 2008 Operating System and connected in the network.0.0.0.0 10.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS 10.0.0.1 255.

Right Click Network Icon and select Properties. 2. In the Network and Sharing Center window select Manage Network Connections 32 .Windows Server 2008 .System Administration Lab – 1: Assigning IP Address 1.

33 .Windows Server 2008 . Right click Local Area Connection and Click Properties. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.System Administration 3. 5. Select Internet Protocol Version 6 (TCP/IPv6) and uncheck the box. 4.

7.Windows Server 2008 . it will be entered automatically and select Use the following DNS Server addresses and enter the Preferred DNS Server address and Click OK. 8. Go to Network and Sharing Center. Select Use the following IP address and enter the IP address and click Subnet mask. select Customize.System Administration 6. Select Private Network and click Next Close and verify for Network discovery and File sharing options are on. and OK. 34 .

3. In the Run box.System Administration Lab – 2: Installing Active Directory 1. 2. Assign IP Address and preferred DNS Server Address. type “DCPROMO” and then click OK.Windows Server 2008 . and then click Run. Log in as Administrator to the Workgroup Computer. 4. Click Start. 35 .

System Administration 5. In Operating system compatibility Wizard click Next. click Next.Windows Server 2008 . In Welcome to the Active Directory Domain Services Installation Wizard. 36 . 6.

Select Create a new domain in a new forest and click Next. 37 .System Administration 7. 8.Windows Server 2008 . Enter the DNS Domain Name (Ex: MICROSOFT.COM) and click Next.

Windows Server 2008 . 38 . Select the Forest Functional Level (Windows 2000) and click Next. 10. Select the Domain Functional Level (Windows 2000 Native) and click Next.System Administration 9.

13. On Database and log locations page.System Administration 11. 12. 39 . Click Next.Windows Server 2008 . In Additional Domain Controller Options page. accept the default locations and click Next. Click Yes to continue.

enter the password and confirm password and click Next.System Administration 14. review the Options you selected and Next. 15. 40 .Windows Server 2008 . On Summary page. On Directory Services Restore Mode Administrator Password page.

The Active Directory Installation starts and check box Reboot on Completion.System Administration 16. 41 . Computer restarts after the Installation of Active Directory Domain Services. and workgroup settings verify for the domain name MICROSOFT. Active directory will be installed. In Computer Name.Windows Server 2008 . 17.COM. 18. 2. domain. Right click Computer Icon  Properties. After restarting the computer. Verification: 1.

0.2 255.0.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS 10.0.0. A computer running windows 2008 server or Windows 7.0. A computer running windows 2008 server Domain Controller.1 255.0. 2.0.1 42 .1 SYS2 Member Server / Client IP Address Subnet Mask Preferred DNS 10.0.0. SYS1 SYS2 MICROSOFT. you must have 1.Windows Server 2008 .System Administration MEMBER SERVER/CLIENT and USER MANAGEMENT Pre-requisites: Before working on this lab.0.0 10.0.0.0 10.

Right click Computer Icon and click Properties and click Change settings. 43 .System Administration Lab – 1: Configuring Client (Windows 7) 1. 3. In the System properties dialog box click Change. 2.Windows Server 2008 . Log in as Administrator to Workgroup Computer.

6. Click Computer Name.(Ex:Microsoft. 5. 44 .Windows Server 2008 . After restarting the computer. Select the Member of Domain and enter the Domain Name. 2. 7.COM. 8. click OK. Verification: 1. It will ask for restart. domain. Right click Computer Icon  Properties.com). click Yes. Enter the user name Administrator and his Password.System Administration 4. it will become Client. and workgroup settings and verify for the Domain Name MICROSOFT. Click OK and click Close to close the System Properties dialog box. Welcome Message appears indicating that the computer was successful in joining the Domain.

Select Member of DOMAIN and enter the Domain Name. 4.(Ex:Microsoft.System Administration Configuring Member server 1. 2.Windows Server 2008 . click OK. In the System properties dialog box click Change. 3.com) 5. Right click Computer and click Properties and click Change settings. Log in as Administrator to Workgroup Computer. 45 . Enter the user name Administrator and his Password.

It will ask for restart. After restarting the computer it will become Member Server.Windows Server 2008 . click OK. and workgroup settings and verify for the Domain Name MICROSOFT. Click Computer Name. Right click Computer Icon  Properties. click Yes. Verification: 1. 2.System Administration 6. 46 .COM. 8. Welcome Message appears indicating that the computer was successful in joining the Domain. domain. Click OK click OK and click Close to close the System Properties dialog box. 7.

COM.System Administration Lab – 2:Creating Domain User Accounts 1. expand your domain MICROSOFT. 3. 47 . 2.Windows Server 2008 . Click Start Programs Administrative Tools Active Directory Users and Computers. Log in as Administrator to the Domain Controller. In the console tree. select New User. and then Right Click Users Container.

5. Verification: 1. 48 .com) in Member Server or Client.System Administration 4. Review the configuration settings for the User Account and then click Finish. click Next. and User Logon name and then click Next. 6.Windows Server 2008 . Specify the First name. Login as User (User1@Microsoft. Enter the Password and Confirm Password for the User account.

Expand Forest Expand Domains Expand Microsoft.com Right click Default Domain Policy and select Edit. Click Start Programs Administrative Tools Group Policy Management Console. Log in as Administrator to the Domain Controller. 49 . 2.Windows Server 2008 . 3.System Administration Lab – 3: Changing Default Password Policy 1.

System Administration 4.Windows Server 2008 . 50 . Expand Computer Configuration Expand Policies Expand Windows Settings Expand Security Settings Expand Account Policies Open Password Policy. Double click Minimum Password Length. 5.

Windows Server 2008 . 7.System Administration 6. Change the length value from (7 to 0) and click Apply and OK. Double click Password must meet complexity Requirements. 51 .

Windows Server 2008 . Go to Active Directory Users and Computers and Create a User with any Password or without any Password. 52 . Click Start Run and Type GPUPDATE and It refreshes the policy changes. Verification: 1. Select Disabled and Apply and OK. 9.System Administration 8.

53 . Click Start Programs Administrative Tools Group Policy Management Console. Expand Forest Expand Domains Expand Microsoft. Log in as Administrator to the Domain Controller.System Administration Lab – 4: Changing Allow Logon Locally Policy 1.Windows Server 2008 . 2.com Expand Domain Controllers Right click Default Domain Controller Policy and select Edit. 3.

6. Log on to Domain Controller as Domain User (User1). Verification: 1.System Administration 4. 54 . Click Add User or Group Click Browse Enter the User name Click OK. 5. Expand Computer Configuration Expand Policies Expand Windows Settings Expand Security Settings Expand Local Policies Select User Rights Assignment Double click Allow logon locally.Windows Server 2008 . 7. Click OK OK Apply and OK. Click Start RUN and Type GPUPDATE and It refreshes the policy changes.

Log on to D. 2. 55 .Windows Server 2008 . Expand Forest Expand Domains Expand Microsoft. click Start Programs Administrative Tools Group Policy Management.C as Administrator.System Administration Lab – 5: EnablingAccount Lockout policy 1.com Right click Default Domain policy and select Edit.

Windows Server 2008 . Expand Computer Configuration Expand Policies Expand Windows Settings Expand Security Settings Expand Account Policies Open Account Lockout Policy. 4. Double click Account lockout threshold. 56 .System Administration 3.

Verification: 1.C as Administrator.Windows Server 2008 . click Start  Programs Administrative Tools Active Directory Users and Computers. Enter the password for user (User1) wrongly for 2 times while logging in and the user account will be locked. 7. Unlocking the locked User account Manually 1. Enter the Value for Number of invalid logon attempts(Ex: 2) 6. Log on to D. 57 . Set the Account lockout duration and click OK. Close the Group Policy Management Window.System Administration 5.

Log in as User (User1) in client or Member Server. Verification: 1. 58 . Check the box Unlock account click Apply and OK.System Administration 2.Windows Server 2008 . Right click the User (User1) and select Properties. 3.

Windows Server 2008 .COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS 10.0. A computer running windows 2008 server or Windows 7.1 255.0. you must have 1. A computer running windows 2008 server Domain Controller.0.0.0.0.2 255.0.0.System Administration PERMISSIONS Pre-requisites: Before working on this lab.1 SYS2 Member Server / Client IP Address Subnet Mask Preferred DNS 10.0 10.0.0.1 59 . 2.0. SYS1 SYS2 MICROSOFT.0.0 10.

4. 2. Right Click the folder (DATA) and Select Properties and Click Security tab click Advanced tab Click Edit Clear the box on “Include inherit permissions from this objects parent. 3. Click Remove Apply OK OK Click Edit 60 . along with some files in it. Open Computer Go to any NTFS partition and create a folder (DATA).Windows Server 2008 .System Administration Lab – 1: Security Level Permissions 1.

System Administration 5. Login as User(User1) on the same computer. and verify the respective permissions by accessing the folder. Add Administrator or Administrators and Allow Full control permission. Then Add the Users (User1) and Allow Read permission. 7. Click Apply OK OK Verification: 1. 6. 2. and Open Computer icon. 61 . The User can just read the Files and Folders.Windows Server 2008 .

Logon to a Computer as Administrator. 62 .System Administration Lab – 2: Share Level Permissions 1. 2. Select the drop down arrow mark and select Find enter the User name (User1) click OK select the User(User1)and assign Permissions (Ex: Co-Owner) click Share click Done. Right Click the folder (SALES) and Select Share 3.Windows Server 2008 . Open Computer Open any drive and create a folder (SALES) along with some files in it.

System Administration Verification: Access the Shared folder 1. 2. Access the shared folder (SALES) & verify the permissions by creating some files. 2. Click Start click Run and type the Syntax \\Servername\Sharename. Accessing Shared folders using UNC Path: 1. 3.Windows Server 2008 . Open System Name in which the shared folder is present. Logon to Member server or Client as a User. Example: \\SYS1\SALES 63 . Logon to Member Server or Client as User (User1)  Open Network.

Log on to D. 2. Log on to Client (SYS2) as Administrator open Network open the system name of DC (SYS1) Right click the shared folder and select Always Available Offline. and try to access the shared folders from network and only Sales folder will be visible and accessible.Windows Server 2008 .C as Administrator. 64 . Disconnect or Disable the Network connection. Verification: 1.System Administration Lab – 3: Configuring Offline Files in Client (Windows 7) 1. Open Computer Go to a drive and create a shared folder Sales with Everyone as Co-owner permission.

Modifications will be updated on the shared folder (In the server). 4. Open the SALES folder & make some modifications (Create some files in it).System Administration 2. Then connect or Enable the Network connection. then Right Click the shared folder & click Sync.Windows Server 2008 . 3. 65 .

Open Server Manager click Features click Add Features Next Check the box for Desktop experience Next Click Install. 2. Open Computer  Go to a drive and create a shared folder Sales with Everyone as Co-owner permission. 4.C as Administrator.System Administration Configuring Offline Files in Member Server (Windows 2008) 1. 66 .Windows Server 2008 . Click close select Yes to restart the system. Log on to D. 3. Click Start Settings Control Panel Double click the option Offline Files. Log on to Member Server SYS2 as Administrator.

Click Enable Offline Files click OK Click Yes to restart the system. then Right Click the shared folder & click Sync.System Administration 5. 4. Verification: 1. Log on to Member Server SYS2 as Administrator Open Network Open system name of DCRight click the shared folder and select Always Available Offline. Connect or Enable the Network connection. and try to access the Shared Folders from network and only SALES folder will be visible and accessible. Access the SALES folder & make some modifications (Create some files in it). 67 .Windows Server 2008 . 2. Modifications will be updated on the shared folder (In the server). Disconnect or Disable the Network connection. 6. 3.

0. A computer running windows 2008 server or Windows 7.0 10.Windows Server 2008 .0.0.2 255. 2.1 255.0.System Administration PROFILES Pre-requisites: Before working on this lab.0. SYS1 SYS2 MICROSOFT.0. you must have 1.0.1 SYS2 Member Server / Client IP Address Subnet Mask Preferred DNS 10.0.1 68 .0.0 10. A computer running windows 2008 server Domain Controller.0.0.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS 10.0.

a2). Right click Computer select Properties. 2. Select Settings of User Profiles. 69 . click Advanced System Settings. 3. Go to Active Directory Users and Computers and create Users (Ex:a1.System Administration Lab – 1: Configuring Local Profiles 1. Login as User (a1) on Client or Member Server.Windows Server 2008 . 2. Verification: 1. Log on to Domain Controller as Administrator.

Verify for User Profile Type and Status to be Local. 70 . Create some files on desktop and go to C: drive Open Users Open the user profile(a1) folder open desktop folder verify for the files created on Desktop. 5.Windows Server 2008 .System Administration 4.

Log on to D.System Administration Lab – 2: Configuring Roaming Profiles 1. Under User profile enter profile path as Syntax: Example: \\Servername\Shared Folder Name\User Name \\SYS1\roam\a1. 2. Open Computer  Go to a drive and create a shared folder roam with Everyone as Co-owner permission.COM) click Users Right click the User(a1)and select Properties and select the Profile tab. 3. Click Apply and OK. 4. 71 . Go to Active Directory Users and Computers Expand the Domain Name (MICROSOFT.C as Administrator. Login as user a1 on Client or Member Server and create some files on the Desktop. Then Right click Computer Icon and Click Properties and Select Advanced System Settings. 2.Windows Server 2008 . Verification: 1.

4. Verify for User Profile type and Status to be Roaming. we can see the files which we have created on first computer.System Administration 3. 5.Windows Server 2008 . Logoff this user (a1)& login on another computer with the same user (a1). 72 . Click Settings of User Profiles.

click Continue. Click Advanced.C) as Administrator and Open the shared folder roam.Windows Server 2008 . 5. 4. Click Security tab. 6. Log on to Server (D. In the shared folder you can find a folder with the user name (a1). 73 . Configure a User (a1) Profile as Roaming Profile and Login as the User (a1) on a Client or Member Server. When you try to open the folder a1 you will get an error You don’t currently have permission to access this folder. Create some files on Desktop and Log off. 3. 2.System Administration Lab – 3:Configuring Mandatory Profile 1.

Select Owner tab 8. 74 .Windows Server 2008 .System Administration 7. Click Edit.

75 . Select NTUSER. Now open the folder a1 you can find some folders & files. Select Administrators and check the box Replace owner on sub containers and objects.Windows Server 2008 . click Apply and Yes OK OK OK.MAN. 11.DAT file and rename to NTUSER.System Administration 9. click Yes Yes. 10.

it will not be visible directly. click Apply and OK.DAT file is an operating system protected hidden file. 13. 76 . 12. then open computer iconclick on Tools TabSelect Folder options select View Tab select Show Hidden Files and Folders Clear the check box Hide extensions for Known File Types Clear the Check box Hide protected Operating system Files click Yes click OK. 14. Click Advanced tab Edit Check the box Replace all existing inheritable permissions on all descendants with inheritable permissions from this object. if it is not visible. Right Click a1Properties. After renaming it go back to the folder a1.System Administration Note: NTUSER.Windows Server 2008 . Select the Security tab Edit Add the User a1 and check Allow Full control.

Click Settings of User Profiles. 3. Verify for Profile type and Status to be Mandatory Profile. Click Apply and OKOK. Click YES and OK. Login as User a1 on Client or Member Server. click Advanced System Settings. Right click Computer and Click Properties. 2. it will ask do you wish to continue. Click Apply. 77 . 16.Windows Server 2008 . 4.System Administration 15. Verification: 1.

78 . 4. Example: \\SYS1\home\a1. 3. Select the Profile tab Under the Home folder. Log on to D. Go to Active Directory Users and Computers select Users and Right Click User a1 and click Properties. 2.System Administration Lab – 4: ConfiguringHome Folder 1. Login as user a1 on Client or Member Server.Windows Server 2008 . Click Apply and OK. Locate Home folder under network drives. Verification: 1. Open Computer  Go to a drive and create a shared folder home with Everyone as Co-owner permission. Open Computer.C as Administrator. 2. select Connect and Select a drive letter Z: and in To: enter\\Server Name\Share Name\User Name.

Select Quota tab. 5. and check the box Deny disk space to users exceeding quota limit. click OK.System Administration Lab – 5: Enabling Disk Quota 1. Click Quota Entries click Quota New Quota Entry… Enter the User Name (a1) and Click Check names. 79 .C) as Administrator.Windows Server 2008 . Check box the box Enable quota management. Log on to the Computer (D. 4. 2. 3. Open Computer Right click NTFS Drive (which contains Home Folder)  select Properties.

Open Computer. 3. Login as User a1 on Member Server. 7. Click Apply and click OK. Verification: 1. 8. The user a1 can use only 5 MB from this quota partition. Check the capacity as 5MB and click OK.Windows Server 2008 . 2. Right click Network drive Z: (Home Folder) Properties. Select Limit disk space to and enter the quota limit for a1Click OKClose.System Administration 6. 80 .

SYS1 SYS2 MICROSOFT.0.1 ---------SYS2 Additional Domain controller IP Address Subnet Mask Preferred DNS Alternate DNS 10.2 255.1 255.0.0. you must have 1.0.0 10.0. A computer running windows 2008 server.0.0.Windows Server 2008 .1 81 .0.0.0.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS Alternate DNS 10. 2.0. A computer running windows 2008 server Domain Controller.2 10.0.0 10.System Administration LOGICAL STRUCTURE OF ACTIVE DIRECTORY CONFIGURING ADDITIONAL DOMAIN CONTROLLER Pre-requisites: Before working on this lab.0.0.

3. Click Start. and then click Run. 82 . type “DCPROMO”. Assign IP Address and DNS Server Addresses. 2. click OK. 4. In the Run box.Windows Server 2008 .System Administration Lab – 1: Configuring Additional Domain Controller 1. Log in as Administrator to the Workgroup Computer.

click Next. 6.System Administration 5. Welcome to the Active Directory Installation Wizard page appears. 83 .Windows Server 2008 . Operating system compatibility Wizard page appears. click Next.

Enter Administrator. Select Existing forest and select “Add a Domain Controller to an existing domain” and click Next. 9.com) and click Set. Enter the Forest Domain Name (Ex:MICROSOFT. 8.System Administration 7. Password (DC Credentials) click OKclick Next. 84 .Windows Server 2008 .

85 . 11.Windows Server 2008 . Select the Domain Name and click Next. Select the Site (Default-First-Site-Name) and click Next.System Administration 10.

13. 14.System Administration 12.Windows Server 2008 . accept the default locations and click Next. On Database and log locations page. 86 . Verify for DNS server and Global Catalog check boxes. Click Yes to Continue. and click Next.

review the Options you selected. 16. 87 . On Summary page.System Administration 15. Enter “Password and Confirm Password” and click Next. and clickNext.Windows Server 2008 .

then click FINISH. 2. 88 .Windows Server 2008 . Click Start Run and type CMD.System Administration 17. Click Restart Now. Verification: 1. After restarting the computer Active directory will be installed. Type NET ACCOUNTS and verify for Backup in Computer role. After the Active Directory Installation wizard is completed. 18. 19.

1 255.0 10.3 255.0.System Administration CONFIGURING CHILD DOMAIN Pre-requisites: Before working on this lab.0. you must have 1.0.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS Alternate DNS 10.1 89 .0.0.0.0.0 10.COM SYS3 MCITP.MICROSOFT.0.0. A computer running windows 2008 server Domain Controller.1 ---------- SYS3 Child Domain controller IP Address Subnet Mask Preferred DNS Alternate DNS 10.3 10.0.0.0.Windows Server 2008 . A computer running windows 2008 server.0.0. 2. SYS1 MICROSOFT.

4.System Administration Lab – 2: Configuring Child Domain 1. Assign IP Address and DNS Server Addresses. and then click Run. Click Start. Log in as Administrator to the Workgroup Computer. type “DCPROMO” and then click OK. 3. 90 .Windows Server 2008 . 2. In the Run box.

Windows Server 2008 . 91 . click Next. 6. Operating system compatibility Wizard page appears.System Administration 5. click Next. Welcome to the Active Directory Installation Wizard page appears.

Enter Administrator. Create a new domain in an existing forest click Next.System Administration 7. click Next. Select Existing Forest.Windows Server 2008 . 9. click OK. Password. 92 . (DC Credentials). 8.COM) and click Set. Enter the Forest Domain Name (Ex: MICROSOFT.

Click Browse and Select the Parent Domain Name (MICROSOFT.System Administration 10.COM). 93 .Windows Server 2008 . Enter the Child Name (MCITP) and Click Next. 11.

Windows Server 2008 . 13. Select the Site (Default-first-site-Name) and click Next.System Administration 12. 94 . Select the Domain Functional Level (Windows 2000 Native) and click NEXT.

accept the default locations and click Next.System Administration 14. 15. 16. 95 .Windows Server 2008 . On Database and log locations page. Click Yes to continue. Verify for DNS Server check box and click Next.

96 . On Summary page.Windows Server 2008 .System Administration 17. enter the password and confirm password and click Next. 18. On Directory Services Restore Mode Administrator Password page. review the Options you selected and Click Next.

Expand parent domain name and verify for child domain. In Computer Name verify for the Domain name MCITP. After the Active Directory Installation wizard is completed. Example: MICROSOFT.Windows Server 2008 . 20.COM. 3.MICROSOFT. 21. After restarting the computer Active Directory will be installed. 2.COM Select Start Programs Administrative Tools Active Directory Domains and Trusts.System Administration 19. Click Restart Now. Verification: 1. 22.COM and MCITP.MICROSOFT. The Active Directory Installation starts. 97 . then click FINISH. Right click Computer Icon  Properties. 4.

1 255.0.System Administration CONFIGURING NEW DOMAIN TREE IN EXISTING FOREST Pre-requisites: Before working on this lab.4 10.0.0.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS Alternate DNS 10.0.0.0 10.0.0.0.Windows Server 2008 .0 10.0. SYS1 SYS4 MICROSOFT. A computer running windows 2008 server.0. 2. A computer running windows 2008 server Domain Controller. you must have 1.1 ----------- SYS4 New Domain Tree IP Address Subnet Mask Preferred DNS Alternate DNS 10.0.0.4 255.0.0.COM MCTS.1 98 .

type “DCPROMO” and click OK. and then click Run. Log in as Administrator to the Workgroup Computer.Windows Server 2008 .System Administration Lab – 3: Configuring New Domain Tree in Existing Forest 1. Click Start. 3. 2. Assign IP Address and DNS Server Addresses. 99 . 4. In the Run box.

100 . Welcome to the Active Directory Installation Wizard page appears. Operating system compatibility Wizard page appears. click Next. check the box Use advanced mode installation and click Next.Windows Server 2008 . 6.System Administration 5.

System Administration 7.com) and click Set. Enter the Forest Domain Name (Ex: MICROSOFT. 101 . Select Create a new domain in an existing forest and check the box Create a new domain tree root instead of a new child domain.Windows Server 2008 . Select Existing Forest. click Next. 8.

COM) and click Next. Enter Administrator. Password. 10. Domain Name (DC Credentials) and click OK and click Next. Enter the New Domain Tree Name(Ex:MCTS. 102 .System Administration 9.Windows Server 2008 .

Select the Domain Functional Level (Windows 2000 Native) and click Next. 103 . Domain NetBIOS Name appears. 12.System Administration 11.Windows Server 2008 . On NetBIOS Domain name page. click Next.

Verify for DNS Server and Global catalog check box and click Next. Select the Site (Default-first-site-Name) and click Next.Windows Server 2008 . Click Yes to continue. 15. 104 .System Administration 13. 14.

17. click Next.Windows Server 2008 . On Database and log locations page.MICROSOFT. accept the default locations. 105 .COM click Next.System Administration 16. Select Use this specific domain controller and select SYS1.

On Directory Services Restore Mode Administrator Password page. On Summary page. enter Password and confirm password click Next. 19.System Administration 18. 20. review the Options you selected and Click Next.Windows Server 2008 . 106 . The Active Directory Installation starts.

Right click Computer Icon  Properties. 23. click FINISH. 22.Windows Server 2008 . 107 .System Administration 21. Expand Forest Domain Name and verify for New Domain Tree in Existing Forest. Click Restart Now.COM Select Start Programs Administrative Tools Active Directory Domains and Trusts. Verification: 1.COM. In Computer Name verify for the Domain name MCTS. 3.COM and MCTS. 2. Example: MICROSOFT. 4. After restarting the computer Active Directory will be installed. After the Active Directory Installation wizard is completed.

0.0.1 255.0.0.0.0.0 10.0 10.0.1 ----------- SYS2 Additional Domain controller IP Address Subnet Mask Preferred DNS Alternate DNS 10.0.2 10. A computer running windows 2008 server Domain Controller.2 255.0.0.Windows Server 2008 .1 108 .0. SYS1 SYS2 MICROSOFT.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS Alternate DNS 10. 2.System Administration ROLES OF ACTIVE DIRECTORY Pre-requisites: Before working on this lab.0. A computer running windows 2008 server Additional Domain controller.0.0. you must have 1.

Log on to Domain Controller as Administrator Click Start Run type CMD Type Net accounts and Verify for Primary in Computer role. Type Ntdsutil and Press Enter.System Administration Lab – 1: Transfer of Roles 1.Windows Server 2008 . 2. 4. 3. 109 .

System Administration 5. Type Connections and Press Enter. 110 . 6. Type Roles and Press Enter.Windows Server 2008 .

Windows Server 2008 . Type: Quit 111 .System Administration 7. 8. Type Connect to server SYS2 (ADC System name)and Press Enter.

Windows Server 2008 - System Administration 9. Type Help (or) ?To see the available syntax.

10.

Type Transfer infrastructure master and Press Enter.

11.

Click YES.

112

Windows Server 2008 - System Administration 12. Type Transfer naming master and Press Enter.

13.

Click YES

14.

Type Transfer PDC and Press Enter.

113

Windows Server 2008 - System Administration 15. Click Yes

16.

Type Transfer RID Master and Press Enter.

17.

Click YES

114

Click YES 20. 19. Type Quit and press Enter 115 .Windows Server 2008 .System Administration 18. Type Transfer Schema Master and Press Enter.

Type Quit and Press Enter.Windows Server 2008 . 116 .System Administration 21. Verification: 1. 2. Type Net accounts and Press Enter Computer role of Domain Controller will be converted to Backup and Additional Domain Controller will be converted to Primary.

117 . 4. 5. Log on to Additional Domain Controller as Administrator Shutdown the Domain Controller Click Start Run type CMD Type Net accounts and Verify for BACKUP in Computer role. Type Ntdsutil and Press Enter.System Administration Lab – 2: Seizing of Roles 1.Windows Server 2008 . 3. 2.

Type Connections and Press Enter. 118 . 7.System Administration 6.Windows Server 2008 . Type Roles and Press Enter.

Windows Server 2008 . 9. Type Connect to server SYS1(ADC System name) and Press Enter.System Administration 8. Type: Quit 119 .

System Administration 10. 120 . Type Help (or)? To view the available syntax. 11. Type Seize infrastructure master and Press Enter. Click YES.Windows Server 2008 . 12.

Click YES 15. 121 .System Administration 13. 14. Type Seize naming master and Press Enter.Windows Server 2008 . Type Seize PDC and Press Enter.

Click Yes 17. Type Seize RID Master and Press Enter. 18.Windows Server 2008 .System Administration 16. Click YES 122 .

Windows Server 2008 . Type Seize Schema Master and Press Enter. 20. Click YES 21.System Administration 19. Type Quit and press Enter 123 .

Verification: 1. Type Net accounts and Press Enter Computer role of Additional Domain Controller will be converted to Primary.System Administration 22. 124 . 2. Type Quit and Press Enter.Windows Server 2008 .

0 10.1 255.2 255.0.1 125 .COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS 10. SYS1 SYS2 MICROSOFT.1 SYS2 Member Server / Client IP Address Subnet Mask Preferred DNS 10. 2.0.0. A computer running windows 2008 server or Windows 7.0.0.System Administration GROUP POLICIES Pre-requisites: Before working on this lab.0. you must have 1.Windows Server 2008 .0.0.0.0.0. A computer running windows 2008 server Domain Controller.0.0 10.

126 .Windows Server 2008 . StartPrograms Administrative ToolsActive Directory Users and Computers 2.System Administration Lab – 1: Creating an Organizational Unit (OU) 1. Right click Domain Name New Organizational Unit.

S2. Enter the name for OU (Ex: Sales1) and (for lab) uncheck Protect container from accidental deletion and click OK. Create Users in the Sales1 OU(Ex: User1. S3) 127 .Windows Server 2008 .System Administration 3. S1. 4.

Windows Server 2008 .System Administration Lab – 2: ApplyingGroup Policy on Organizational Unit Level 1. Enter any name to GPO Link (Ex: Remove Computer Icon) and click OK. Start  Programs  Administrator tools  Group Policy Management 2. 3. Right click OU (Sales1) Create a GPO in this domain and Link it here. 128 .

Select a policy (Remove Computer icon on the Desktop) on right side of the screen.System Administration 4. Right Click and select Properties.Windows Server 2008 . Right Click created GPO Link  Edit 5. In Group Policy Management Editor Window. 6. 129 . Go to User Configuration  Policies Administrative Templates Desktop.

Select Enabled option and click Apply and OK. 130 . Logon to client system as Sales1ou user (s1) and verify the changes because of the policy.System Administration 7. Verification: 1.Windows Server 2008 .

Start Programs Administrative Tools  Group Policy Management 2. Right click Domain name (MICROSOFT.COM) and select Create a GPO in this domain and Link it here.System Administration Lab – 3: Applying Group Policy on Domain Level 1. 131 .Windows Server 2008 .

132 .System Administration 3. 4. In the Group Policy Management editor window.Windows Server 2008 . Select a policy (Hide Network Icon on desktop) right side of the screen. Select the Created GPO  Right Click Created GPO  Select Edit. Go to User Configuration Policies Administrative Templates Desktop 6. Enter New GPO Link name Ex: Remove Network Icon and click OK. Right Click and select Properties. 5.

133 . Login as User (S1) to Client or Member Server and Verify for the changes.System Administration 7. Select Enabled option and click Apply and OK Verification: 1.Windows Server 2008 .

System Administration Lab – 4: Applying Group Policy on Site Level 1. Login as a user to Client or Member Server. Right click Sites select Show Sites check Default-First-Site-Name click OK Right Click Default-First-Site-Name select Link an Existing GPO…. 134 . 4. Start Programs Administrative Tools Group Policy Management Right click Group Policy Objects Select New Group Policy Object. 2. 3.Windows Server 2008 . and Verify for the changes. Select an existing GPO. Enter the name (Remove Recycle Bin) EditUser Configuration  Policies  Administrative Templates  Desktop  Right click Remove Recycle Bin icon from Desktop Properties  Enabled  OK  Close. Verification: 1. (Remove Recycle Bin) click OK.

Windows Server 2008 . 135 . Start  Programs Administrative Tools  Group Policy Management  Right Click Group Policy Modeling and Select Group Policy Modeling Wizard.System Administration Lab – 5: Applying Group Policy Modeling 1. Click Next. 2.

System Administration 3. 4. Select the domain name and click Next. Select User and click Browse  enter the Username (S1)click OK and Next.Windows Server 2008 . 136 .

Windows Server 2008 . 137 . Click Next Finish. click Next. Click Settings on the summary page and verify the policies applied on the User. Verification: 1. 6.System Administration 5. Select the site (Default-First-site-Name) and check skip to final page.

Windows Server 2008 . StartPrograms Administrative Tools Active Directory Users and Computers Right Click OU Select Delegate Control 2.System Administration Lab – 6: Delegating Control to a User 1. Click Next. 138 .

Start Run Dsa.System Administration 3. Verification: 1.Windows Server 2008 . 139 . Check the Box Create. Log on to D. Click Finish. 4.msc Create User in OU. Click Add Add the User (User1). 5.C as User (User1). delete and manage user accounts and Next.

msi) applications in it Start Programs Administrative Tools Group Policy Management.Windows Server 2008 . Logon to D. 5. Create a Shared folder with (.C as Administrator. Right click OU (Sales1) Create a GPO in this domain and Link it here  Enter the name (Software Deployment) click OK. 3. Create OU(Sales1) along with Users. 2. User Configuration  Expand Policies Expand Software settings  Right click Software Installation  Select New  Package 140 . Right click the policy and click Edit. 4.System Administration Lab – 7: Applying Software Deployment Policy 1.

Windows Server 2008 . Click Desktop Open Network Open SYS1 (Server name containing shared folder).System Administration 6. Select the MSI Softwares Shared Folder click Open. 141 . 7.

9.Windows Server 2008 . 142 .System Administration 8. Select the Application Folder (Power Point viewer)  click Open. Select the Application (PPVIEWER) click Open.

Select the Method to Deploy Application (Published)and click OK. 2.System Administration 10. Verification: 1. Go to Member Server and login as user1.Windows Server 2008 . 3. Click Install a Program from the Network Select the Application and Install 143 . Start  Settings  Control Panel Double click Program and Features.

Enter the text wscript. Select the GPO Right Click and select Edit. Log on to D. Save the file in the Shared folder User Scripts as Logon. 3. Start  Run type Notepad. 144 .System Administration Lab – 8: Applying Scripts using Group Policy.Windows Server 2008 . 2. 5.vbe Go to Group Policy Management Right click OU (Sales1) Create a GPO in this domain and Link it here and enter the name Script. click OK.C. create a Shared Folder UserScripts with Everyone as co-owner.echo “Welcome to Microsoft” 4. 1.

8.Windows Server 2008 .System Administration 6. Enter the UNC path for the Script in the shared folder \\SYS1\Userscripts\logon. Verification: 1.vbe and click OK Apply and OK. 7. Click Add. Go to Member Server and login as USER1 and verify for the Message. Expand User Configuration Expand Policies Windows Settings Scripts Logon Properties. 145 .

Windows Server 2008 . Start  Programs Administrative Tools Group Policy Management. 2.System Administration Lab – 9: Applying Folder Redirection 1.C. Go to D. 146 . create a Shared Folder (Folder Redirection) with everyone Co-Owner.

Windows Server 2008 . Right click OU (Sales1) Select Create a GPO. select Edit.System Administration 3.. 4.. 147 . Right Click created GPO. Enter name (Ex: Folder Redirection) and click OK. 5.

2. Right Click on the folder properties and check the path. Login as user (S1) in client system. Select Basic Redirection. Create a folder on desktop. it should show Network path (\\SYS1\Folder Redirection\S1\Desktop). Expand User configuration PoliciesWindows Settings Folder Redirection  Select Desktop Right click Desktop Select Properties 7. 148 . select Create a folder for each user under the root path.System Administration 6.Windows Server 2008 . click Apply and OK. \\SYS1\Folder Redirection. Verification: 1. click Browse select the shared folder from Network.

0.0. 2.0.0.COM IP Address Subnet Mask 10.2 SYS2 Domain Controller-IBM.0.COM.0.1 255.0.0.0. SYS1 SYS2 MICROSOFT.1 10.COM.0.2 Alternate DNS 10.0.2 255. A computer running Windows Server 2008 Domain Controller for IBM.Windows Server 2008 .0.0.0 10.0.1 149 .COM IP Address Subnet Mask Preferred DNS Alternate DNS 10.COM SYS1 Domain Controller-MICROSOFT.COM IBM.0.System Administration TRUST RELATIONSHIP Pre-requisites: Before working on this lab. A computer running Windows Server 2008 Domain Controller MICROSOFT.0. you must have 1.0 Preferred DNS 10.

3. 4. Log on to Domain Controller of MICROSOFT. Right click Domain name (MICROSOFT.com as Administrator Start Programs Administrative Tools Active Directory Domains and Trusts.Windows Server 2008 .COM) Select Raise Domain Functional level. 2.System Administration Lab – 1: Raising Functional Levels 1. 150 . Select Windows Server 2008 and click Raise click OK click OK.

151 . Right click Active Directory Domains and Trusts and Select Raise Forest Functional Level. 6. Select Windows Server 2008 and click Raise click OK click OK.COM – Domain Controller) and Raise Domain and Forest Functional Levels. Note: Repeat the Lab1on SYS2 (IBM.System Administration 5.Windows Server 2008 .

Click New Trust. 2. Select Trusts tab.System Administration Lab – 2:Creating Forest Trust 1. 152 . Right click the Domain name and select Properties.Windows Server 2008 . Go to Active Directory Domains and Trusts.

5. In Trust Name.COM and click Next. On Welcome wizard. enter name of other Forest IBM. Select Forest trust and click Next 153 .System Administration 3. click Next. 4.Windows Server 2008 .

System Administration 6. Select Both this domain and the specified domain and click Next. 8. Select Two-way and click Next. Enter Administrator and Password of Specified domain:IBM.COM and click Next 154 . 7.Windows Server 2008 .

System Administration 9. 10. 11.Windows Server 2008 . 155 . Select Forest-wide authentication for Local Forest and click Next. Verify the Trust Selections and click Next. Select Forest-wide authentication for Specified Forest and click Next.

Verify the Summary and click Next. Select Yes.System Administration 12. confirm the incoming trust and click Next. 13.Windows Server 2008 . 156 . 14. confirm the outgoing trust and click Next. Select Yes.

Note: By default Users cannot log on to D.COM D.System Administration 15.C. Check Outgoing and Incoming Trusts and click OK. 1.C and allow IBM users to log on to D. 16. Click Finish. Log in as MICROSOFT Administrator to MICROSOFT.COM D.C. Verification: 1.C using Domain Controller Security Policy in Group Policy Management.COM users to log on to IBM. Try to Logon on to MICROSOFT.Windows Server 2008 .COM D.COM domain computers or IBM.COM domain computers as other Domain Users. Similarly allow MICROSOFT. 157 .C using Domain Controller Security Policy of IBM.(Allow Logon Locally Policy) 2..

2 10.2 255.COM SYS1 Domain Controller IP Address Subnet Mask Preferred DNS Alternate DNS 10.Windows Server 2008 . SITES.0. and READ ONLY DOMAIN CONTROLLER Pre-requisites: Before working on this lab.0.0.0 10.System Administration GLOBAL CATALOG. 2.0.0.1 158 .0. SYS1 SYS2 MICROSOFT.0.0.0.0. A computer running windows 2008 server. you must have 1. A computer running windows 2008 server Domain Controller.0.0 10.1 255.1 ---------- SYS2 Read Only Domain controller IP Address Subnet Mask Preferred DNS Alternate DNS 10.0.0.0.

Start Programs Administrative tools Active Directory Sites and Services. if the Checkbox Global Catalog is checked.Windows Server 2008 . Expand the Sites Default-First-Site-Name Servers Server Names NTDS Settings. 159 . 2. 3. Right Click NTDS Setting and Properties. then it is a Global Catalog Server.System Administration Lab – 1: Configuring Global Catalog Server 1.

Windows Server 2008 . Right click Sites New Site. Logon to Domain Controller as Administrator.System Administration Lab – 2: Creating Active Directory Sites 1. go to Start Programs  Administrative Tools Active Directory Sites and Services. 160 . 2.

6. click OK. Enter the site name (USA) and select DEFAULT IP SITE LINK and click OK.System Administration 3.Windows Server 2008 . Site USA will be created. 4. 5. Similarly create another site (INDIA) Expand Default-First-Site-Name Expand Servers Right click Server (SYS1) Move 161 .

Select the Site (USA) and click OK.System Administration 7.Windows Server 2008 . Server is now moved under USA site. 162 . 8.

163 . 2. Log on to D.Windows Server 2008 . select INDIA and USA sites and click Add click OK. Start Programs Administrative Tools Active Directory Sites and Services  Expand Sites Expand Inter-Site Transports  Right click IP select New Site Link.System Administration Lab – 3: Creating Active Directory Site-Links 1.C as Administrator. Enter the name (INDIA-USA Link).

Select the Interval of Time for Replication Available. 4.Windows Server 2008 . Right click INDIA-USA Link. Click Change Schedule. click OKOK. select Properties. 5.System Administration 3. 164 .

Click Start Programs Administrative Tools Active Directory Users and Computers. User5). 2. Right click Domain Controllers Select Pre-create Read-only Domain Controller account. Create Users (Ex: User1. 165 .Windows Server 2008 . User3.System Administration Lab – 4: Creating aPre-Create Read Only Domain Controller Account 1. User2. Log in as Administrator to the Domain Controller (SYS1). 3. 4. 5. User4. Raise Domain and Forest Functional Levels to Windows Server 2003 or 2008.

Check the box Use advanced mode installation and click Next. 7.System Administration 6. Click Next 166 .Windows Server 2008 . In Operating System Compatibility.

167 . 9. Select My current logged on credentials (MICROSOFT\Administrator) and click Next.System Administration 8. Enter the Computer Name(SYS2) of Read Only Domain Controller.Windows Server 2008 .

11. Select the Site (INDIA) for the Read-only Domain Controllers and click Next.System Administration 10. Global Catalog and Read-only Domain Controller (RODC) checkboxes and click Next. 168 .Windows Server 2008 . Verify the DNS.

Enter the User name (User1) and click OK and click Next. 14. and click Next. Click Set.Windows Server 2008 . Review the Summary. 169 .System Administration 12. 13.

16.Windows Server 2008 . Click Finish. 170 .System Administration 15. Account of Read-only Domain Controller will be created in Domain Controllers.

User4. Enter the Group Name Allowed RODC Password Replication Group and click OK.Windows Server 2008 .System Administration 17. User5) Right click and select Add to a Group. To cache the user account password on RODC. The Users will be added to the Group. 19. 171 . Select the Users(User1. User3. click OK. User2. 18.

172 .Windows Server 2008 . click OK. Click Start. Log in as Administrator to the Workgroup Computer(SYS2) Assign IP Address and Preferred DNS Server Address.System Administration Lab – 5:Configuring Read-Only Domain Controller 1. In the Run box. 2. type “DCPROMO”. 3. 4. and then click Run.

click Next. Operating system compatibility Wizard page appears. 6. click Next. Welcome to the Active Directory Installation Wizard page appears. 173 .Windows Server 2008 .System Administration 5.

Windows Server 2008 .com) and click Set. Select Existing forest and select Add a Domain Controller to an existing domain” and click Next. 174 . click Next. Enter User1 and Password (User Credentials) and click OK. 9. Enter the Forest Domain Name (Ex: MICROSOFT.System Administration 7. 8.

(Because the user account is having the permission to Install RODC. the installation may fail with an access denied error. Select the Domain Name and click Next. Click OK to Continue.) 12. click YES. 175 .Windows Server 2008 .System Administration 10. 11. A warning appears indicating that the user account specified is not a member of Administrators group.

On Database and log locations page. 14.System Administration 13. Enter “Password and Confirm Password” and click Next.Windows Server 2008 . 176 . accept the default locations and click Next.

review the Options you selected. 16.System Administration 15. 177 .Windows Server 2008 . then click FINISH. On Summary page. and click Next. After the Active Directory Installation wizard is completed.

2. Verification: 1.System Administration 17. Log on to Domain Controller (SYS1) as Administrator Start Programs Administrative Tools Active Directory Users and Computers select Domain Controllers and verify for SYS2 as Read-only Domain Controller. 178 . Click Restart Now.Windows Server 2008 .

Sign up to vote on this title
UsefulNot useful