Professional Documents
Culture Documents
The company has also become increasingly integrated with partner organizations, some of
which need access to shared resources and applications that are located on the A. Datum
internal network. The Security department at A. Datum wants to ensure that access for these
external users is as secure as possible.
As one of the senior network administrators at A. Datum, you are responsible for
implementing an AD DS infrastructure that meets company requirements. You are responsible
for planning an AD DS domain and forest deployment that provides optimal services for
internal and external users while addressing the security requirements at A. Datum.
1. On LON-DC1, in Server Manager, click the Tools menu, and then in the drop-down menu,
click DNS.
2. In the DNS tree pane, expand LON-DC1, click and right-click Forward Lookup Zones,and then
click New Zone.
4. On the Zone Type page, click Stub zone, and then click Next.
5. On the Active Directory Zone Replication Scope page, click To all DNS servers running on
domain controllers in this forest: adatum.com,and then click Next.
6. In the Zone name text box, type treyresearch.net,and then click Next.
7. On the Master DNS Servers page, click <Click here to add an IP Address or DNS
Name>,type 172.16.10.10,click the free space, and then click Next.
8. On the Completing the New Zone Wizard page, click Next, and then click Finish.
9. Expand Forward Lookup Zones, click and right-click the new stub zone treyresearch.net,and
then click Transfer from Master.
11. Confirm that the treyresearch.net stub zone contains records, and then close DNS Manager.
13. In Server Manager, click the Tools menu, and then in the drop-down menu, click DNS.
14. In the tree pane, expand TREY-DC1, click and right-click Forward Lookup Zones,and then
click New Zone.
15. In the New Zone Wizard, click Next.
16. On the Zone Type page, click Stub zone, and then click Next.
17. On the Active Directory Zone Replication Scope page, click To all DNS servers running on
domain controllers in this forest: Treyresearch.net,and then click Next.
18. In the Zone name text box, type adatum.com,and then click Next.
19. On the Master DNS Servers page, click <Click here to add an IP Address or DNS
Name>,type 172.16.0.10,click the free space, and then click Next.
20. On the Completing the New Zone Wizard page, click Next, and then click Finish.
21. Expand Forward Lookup Zones, click and right-click the new stub zone adatum.com,and then
click Transfer from Master.
1. On LON-DC1, on the Tools menu, click Active Directory Domain and Trusts.
2. In the Active Directory Domains and Trusts management console, right-click Adatum.com, and
then click Properties.
3. In the Adatum.com Properties dialog box, click the Trusts tab, and then click New Trust.
5. On the Trust Name page, in the Name textbox, type treyresearch.net,and then click Next.
6. On the Trust Type page, click Forest trust,and then click Next.
7. On the Direction of Trust page, click One-way: outgoing, and then click Next.
8. On the Sides of Trust page, click Both this domain and the specified domain,and then
click Next.
9. On the User Name and Password page, type Administrator as the user name and Pa55w.rd as
the password in the appropriate boxes, and then click Next.
10. On the Outgoing Trust Authentication Level-Local Forest page, click Selective
authentication,and then click Next.
11. On the Trust Selections Complete page, click Next.
14. On the Completing the New Trust Wizard page, click Finish.
15. In the Adatum.com Properties dialog box, click the Trusts tab.
16. On the Trusts tab, under Domains trusted by this domain (outgoing trusts),
click treyresearch.net,and then click Properties.
18. Review the "The trust has been validated. It is in place and active" message that displays, click OK,
and then at the prompt, click No.
19. In the TreyResearch.net Properties dialog box, click OK, and then click OK in the Adatum.com
Properties dialog box.
1. On LON-DC1, in Server Manager, on the Tools menu, click Active Directory Users and
Computers.
2. In the Active Directory Users and Computers console, on the View menu, click Advanced
Features.
5. In the LON-SVR2 Properties dialog box, click the Security tab, and then click Add.
6. On the Select Users, Computers, Service Accounts, or Groups page, click Locations.
8. In the Enter the object name to select (examples:) text box, type IT,and then click Check
Names. When prompted for credentials, type TreyResearch\Administrator with the
password Pa55w.rd, and then click OK.
9. On the Select Users, Computers, Service Accounts, or Groups page, click OK.
10. In the LON-SVR2 Properties window, ensure that IT (TreyResearch\IT) is highlighted, select
the Allow check box that is in line with Allowed to authenticate, and then click OK.
13. In the File Explorer window, expand This PC, and then click Local Disk (C).
14. Right-click in the details pane, click New, and then click Folder.
15. In the Name text box, type IT-Data,and then press Enter.
17. In the IT-Data Properties dialog box, click the Sharing tab, and then click Advanced Sharing.
18. In the Advanced Sharing dialog box, click Share this folder, and then click Permissions.
20. On the Select Users, Computers, Service Accounts, or Groups page, click Locations.
21. Click treyresearch.net,and then click OK.
22. In the Enter the object name to select (examples:) text box, type IT,and then click Check
Names. When prompted for credentials, type TreyResearch\Administrator with the
password Pa55w.rd, and then click OK.
23. On the Select Users, Computers, Service Accounts, or Groups page, click OK.
29. In the Search text box, type \\LON-SVR2.adatum.com\IT-Data , and then press Enter. The
folder opens.
3. On the Select installation type page, confirm that the Role-based or feature-based
installation option is selected, and then click Next.
4. On the Select destination server page, ensure that the Select a server from the server
pool option is selected and that TOR-DC1.adatum.com is highlighted, and then click Next.
5. On the Select server roles page, click Active Directory Domain Services.
6. On the Add features that are required for Active Directory Domain Services? page, click Add
Features.
10. On the Confirm installation selections page, click Install. This might take a few minutes to
complete.
11. When the Active Directory Domain Services (AD DS) binaries have installed, click the
blue Promote this server to a domain controller link.
12. In the Deployment Configuration window, click Add a new domain to an existing forest.
13. Verify that Select domain type is set to Child Domain and that Parent domain name is set
to Adatum.com.
15. Confirm that Supply the credentials to perform this operation is set
to ADATUM\Administrator (Current user), and then click Next.
Note: If the credentials are not set to Adatum\Administrator, use the Change button to
enter the credentials Adatum\Administrator with the password Pa55w.rd.
16. In the Domain Controller Options window, ensure that Domain functional level is set
to Windows Server 2016.
17. Ensure that both the Domain Name system (DNS) server and Global Catalog (GC) check boxes
are selected.
19. Under Type the Directory Services Restore Mode (DSRM) password, type Pa55w.rd in both
text boxes, and then click Next.
20. On the DNS Options page, click Next.
24. On the Prerequisites Check page, confirm that there are no issues, and then click Install.
Note: If you receive a "Windows Server 2016 domain controllers have a default for the
security setting named 'Allow cryptography algorithms compatible with Windows NT 4.0'"
warning, you may safely ignore it.
2. Click Start, click Server Manager, and then in Server Manager, click Local Server.
3. Verify that Windows Firewall shows Domain: Off. If it does not, perform the following steps:
• a. Click the underlined blue text next to Windows Firewall. In the Windows
Firewall window, click Turn Windows Firewall on or off.
• b. Under each section, select Turn off Windows Firewall (not recommended), and
then click OK. Ignore any warning prompts that appear regarding Windows Firewall.
• c. In Server Manager, click the Refresh "Local Server" icon, indicated by double
arrows.
• d. After the refresh completes, verify that Windows Firewall shows Public: Off.
4. In Server Manager, on the Tools menu, click Active Directory Domains and Trusts.
5. In the Active Directory Domains and Trusts console, expand Adatum.com, right-
click na.adatum.com, andthenclick Properties.
6. In the na.adatum.com Properties dialog box, click the Trusts tab, in the Domains trusted by
this domain (outgoing trusts) text box, click Adatum.com, and then click Properties.
7. In the Adatum.com Properties dialog box, click Validate,and then click Yes, validate the
incoming trust.
8. In the User name textbox, type administrator, in the Password text box, type Pa55w.rd, and
then click OK.
9. When the "The trust has been validated. It is in place and active" message appears, click OK.
Note: If you receive a message that the trust cannot be validated or that the secure channel
verification has failed, ensure that you have completed step 3, and then wait for at least 10–
15 minutes before trying again.
2. In the Virtual Machines list, right-click 20742B-LON-DC1, and then click Revert.