Scribd Logo
Upload

Welcome to Scribd!

  • MCSA Lab Scenario - Erfan Taheri

    Uploaded by

    Hedieh Madah
    69 views6 pages

    Original Title

    mcsa senario - part

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    69 views6 pages

    MCSA Lab Scenario - Erfan Taheri

    Uploaded by

    Hedieh Madah

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 6

    MCSA Lab Scenario - A.

    Datum Corp – Part 3 Erfan Taheri

    Scenario
    A. Datum Corporation has deployed a single AD DS domain, with all the domain controllers
    located in the London data center. As the company has grown and added branch offices with
    large numbers of users, it has become apparent that the current AD DS environment does not
    meet the company requirements. Users in some branch offices report that it can take a long
    time for them to sign in on their computers. Access to network resources such as the company’s
    Microsoft Exchange® 2013 servers and the Microsoft SharePoint® servers can be slow, and they
    fail sporadically.
    As one of the senior network administrators, you are responsible for planning and implementing
    an AD DS infrastructure that will help address the business requirements for the organization.
    You are responsible for configuring AD DS sites and replication to optimize the user experience
    and network utilization within the organization.
    As the company has grown and added branch offices with large numbers of users, it is becoming
    increasingly apparent that the current AD DS environment does not meet company
    requirements. The network team is concerned about the amount of AD DS–related network
    traffic that is crossing WAN links, which are becoming highly utilized.
    The company has also become increasingly integrated with partner organizations, some of which
    need access to shared resources and applications that are located on the A. Datum internal
    network. The security department at A. Datum wants to ensure that the access for these
    external users is as secure as possible.
    As one of the senior network administrators at A. Datum, you are responsible for implementing
    an AD DS infrastructure that will meet the company requirements. You are responsible for
    planning an AD DS domain and forest deployment that will provide optimal services for both
    internal and external users, while addressing the security requirements at A. Datum.
    LAB Setup

    Virtual Machines Lon-DC1.Adatum.local


    TOR-DC1.Adatum.local
    NY-DC1.Adatum.local
    Lon-SRV2.Adatum.local
    TREY-DC1.TreyResearch.net
    Username Adatum\Administrator
    Password Pa$$w0rd
    Lon-DC1.Adatum.local is a promoted writable domain controllers in the London domain
    Adatum.local. TREY-DC1.TreyResearch.net is a promoted writable domain controllers in a
    separate forest TreyResearch.net.

    1
    MCSA Lab Scenario - A. Datum Corp – Part 3 Erfan Taheri

    Exercise 1: Promote Domain Controller for Toronto


    Task 1: Install the Toronto domain controller
    1. On TOR-DC1, use Server Manager to install Active Directory Domain Services.
    2. When the AD DS binaries have installed, use the Active Directory Domain Services
    Configuration Wizard to install and configure TOR-DC1 as an additional domain controller for
    Adatum.com.
    3. After the server restarts, sign in as Adatum\Administrator with the password of Pa$$w0rd.
    Task 2: Rename the default site
    1. If necessary, on LON-DC1, open the Server Manager console.
    2. Open Active Directory Sites and Services, and then rename the Default-First-Site-Name site to
    LondonHQ.
    3. Verify that both LON-DC1 and TOR-DC1 are members of the LondonHQ site.
    Task 3: Configure IP subnets associated with the default site
    1. If necessary, on LON-DC1, open the Server Manager console, and then open Active Directory
    Sites and Services.
    2. Create a new subnet with the following configuration:
    • Prefix: 172.16.0.0/24
    • Site object: LondonHQ

    Exercise 2: Creating Additional Sites and Subnets Scenario


    The next step you take to implement the AD DS site design is to configure the new AD DS site.
    The first site that you need to implement is the Toronto site for the North American datacenter.
    The network team in Toronto would also like to dedicate a site called TestSite in the Toronto
    datacenter. You have been instructed that the Toronto IP subnet address is 172.16.1.0/24, and
    the test network IP subnet address is 172.16.100.0/24.
    Task 1: Create the AD DS sites for Toronto
    1. If necessary, on LON-DC1, open the Server Manager console, and then open Active Directory
    Sites and Services.
    2. Create a new site with the following configuration:
    • Name: Toronto

    2
    MCSA Lab Scenario - A. Datum Corp – Part 3 Erfan Taheri

    • Site link object: DEFAULTIPSITELINK


    3. Create another new site with the following configuration:
    • Name: TestSite
    • Site link object: DEFAULTIPSITELINK
    Task 2: Create IP subnets associated with the Toronto sites
    1. If necessary, on LON-DC1, open Active Directory Sites and Services.
    2. Create a new subnet with the following configuration:
    • Prefix: 172.16.1.0/24
    • Site object: Toronto
    3. Create another new subnet with the following configuration:
    • Prefix: 172.16.100.0/24
    • Site object: TestSite
    4. In the navigation pane, click the Subnets folder. Verify in the details pane that the two subnets
    are created and associated with their appropriate site.

    Exercise 3: Configuring AD DS Replication


    Now that the AD DS sites have been configured for Toronto, your next step is to configure the
    site-links to manage replication between the sites, and then to move the TOR-DC1 domain
    controller to the Toronto site. Currently, all sites belong to DEFAULTIPSITELINK.
    You need to modify site-linking so that LondonHQ and Toronto belong to one common site-link
    called LON-TOR. You should configure this link to replicate every hour. Additionally, you should
    link the TestSite site only to the Toronto site using a site-link named TOR-TEST. Replication
    should not be available from the Toronto site to the TestSite during the working hours of 9 a.m.
    to 3 p.m. You then will use tools to monitor replication between the sites.
    Task 1: Configure site-links between AD DS sites
    1. If necessary, on LON-DC1, open Active Directory Sites and Services.
    2. Create a new IP-based site-link with the following configuration:
    • Name: TOR-TEST
    • Sites: Toronto, TestSite

    3
    MCSA Lab Scenario - A. Datum Corp – Part 3 Erfan Taheri

    • Modify the schedule to only allow replication from Monday 9 AM to Friday 3 PM


    3. Rename DEFAULTIPSITELINK, and configure it with the following settings:
    • Name: LON-TOR
    • Sites: LondonHQ, Toronto
    • Replication: Every 60 minutes
    Task 2: Move TOR-DC1 to the Toronto site
    1. If necessary, on LON-DC1, open Active Directory Sites and Services.
    2. Move TOR-DC1 from the LondonHQ site to the Toronto site.
    3. Verify that TOR-DC1 is located under the Servers node in the Toronto site.
    replication topology for the server.
    Repadmin /showrepl
    Verify that the last replication with TOR-DC1 was successful.
    Repadmin /bridgeheads
    This command displays the bridgehead servers for the site topology.
    Repadmin /replsummary
    This command displays a summary of replication tasks. Verify that no errors appear.
    DCDiag /test:replications
    Verify that all connectivity and replication tests pass successfully.
    3. Switch to TOR-DC1, and then repeat the commands to view information from the TOR-DC1
    perspective.

    4
    MCSA Lab Scenario - A. Datum Corp – Part 3 Erfan Taheri

    Exercise 4: Implementing Child Domains in AD DS


    A. Datum has decided to deploy a new domain in the adatum.com forest for the United States
    region. The first domain controller will be deployed in New York, and the domain name will be
    us.adatum.com. You need to configure and install the new domain controller.
    Task 1: Install a domain controller in a child domain
    1. On NY-DC1, use the Server Manager to install the AD DS binaries.
    2. When the AD DS binaries have installed, use the Active Directory Domain Services
    Configuration Wizard to install and configure NY-DC1 as an AD DS domain controller for a new
    child domain named us.adatum.com.
    3. When prompted, use Pa$$w0rd as the Directory Services Restore Mode (DSRM) password.
    Task 2: Verify the default trust configuration
    Sign in to NY-DC1 as NA\Administrator with the password Pa$$w0rd.
    1. When the Server Manager opens, click Local Server. Verify that Windows Firewall shows
    Domain: Off. If it does not, then next to Local Area Connection, click 172.16.0.25, IPv6 enabled.
    Right-click Local Area Connection, and then click Disable. Right-click Local Area Connection, and
    then click Enable. The Local Area Connection should now show Adatum.com.
    2. From the Server Manager, launch the Active Directory Domains and Trusts management
    console, and verify the parent child trusts.

    Exercise 5: Implementing Forest Trusts


    A. Datum is working on several high-priority projects with a partner organization named Trey
    Research. To simplify the process of enabling access to resources located in the two
    organizations, companies have deployed a WAN between London and Munich, where Trey
    Research is located. You now need to implement and validate a forest trust between the two
    forests, and configure the trust to allow access to only selected servers in London.
    Task 1: Configure stub zones for DNS name resolution
    1. On LON-DC1 using the DNS management console, configure a DNS stub zone for
    TreyResearch.net.
    2. Use 172.16.10.10 as the Master DNS server.
    3. Close DNS Manager.
    4. Sign in to TREY-DC1 as TreyResearch\Administrator with the password Pa$$w0rd.

    5
    MCSA Lab Scenario - A. Datum Corp – Part 3 Erfan Taheri

    5. Using the DNS management console, configure a DNS stub zone for adatum.com.
    6. Use 172.16.0.10 as the Master DNS server.
    7. Close DNS Manager.
    Task 2: Configure a forest trust with selective authentication
    1. On LON-DC1, create a one-way outgoing trust between the treyresearch.net AD DS forest and
    the adatum.com forest. Configure the trust to use Selective authentication.
    2. On LON-DC1, confirm and validate the trust from TreyResearch.net.
    3. Close Active Directory Domains and Trusts.
    Task 3: Configure a server for selective authentication
    1. On LON-DC1, from the Server Manager, open Active Directory Users and Computers.
    2. On LON-SVR2, configure the members of TreyResearch\IT group with the Allowed to
    authenticate permission. If you are prompted for credentials, type TreyResearch\administrator
    with the password Pa$$w0rd.
    3. On LON-SVR2, create a shared folder named IT-Data, and grant Read and Write access to
    members of the TreyResearch\IT group. If you are prompted for credentials, type
    TreyResearch\administrator with the password Pa$$w0rd.
    4. Sign out of TREY-DC1.
    5. Sign in to TREY-DC1 as TreyResearch\Alice with the password Pa$$w0rd, and verify that you
    can access the shared folder on LON-SVR2.

    You might also like