Windows Server 2008 Configuration Part 1 Lab Manual Presented by

Table of Contents Module 1 - Creating a Windows Server 2008 Forest Module 2 - Install the Server Domain Controller Module 3 – Creating and Managing a Custom MMC Module 4 – Creating and Locating Objects in Active Directory Module 5 – Delegating Administrative Tasks Module 7– Automating The Creation of User Accounts Module 8– Creating Users with Windows PowerShell and VBScript Module 9– Creating and Managing Groups Module 10– Automating the Creation and Management of Groups Module 11– Administering Groups in an Enterprise Module 12– Create and Manage a Custom MMC Module 13– Supporting Computer Objects and Acccounts 3 5 7 9 12 13 16 20 21 24 27 30

©Copyright 2010 - Idea Dudes LLC

Page 2

©Copyright 2010 - Idea Dudes LLC

Page 3

Wait for the desktop for the Administrator account to appear 2. Click Custom 8. Time Zone (appropriate for your area) b. Click use the following IP address a.0.0 c. regional settings and keyboard layout that are correct for your system and Click Next 4. Select Local Area Connection 5. Click the Close Button on the Initial Configuration Tasks window ©Copyright 2010 . Click Next 10. Exercise 1: Install Windows Server 2008 1. Use the Initial Configuration Tasks window to configure a. IP address: 10.0.10 b. Power on the system 3. Click OK Exercise 2: Perform Post-Installation Configuration 1. Click OK and the close 9. Click Install Now 5. Subnet mask: 255. Select Internet Protocol version 4 and click Properties 7. Default gateway: 10. Change Settings of this connection Click on the Toolbar 6.Module 1 – Creating a Windows Server 2008 Forest Requirements For this exercise you will need a Virtual Machine with at least one hard-drive. Select the Do Not Show This At Logon check box 10.Idea Dudes LLC Page 4 . Preferred DNS Server: 10. Computer name: DC1 (do not restart) 3. Select Volume to install the Operating System 9. Type an Administrator Password and Confirm it. Insert the Windows Server 2008 installation DVD 2. Click the Configure Networking link in the Initial Configuration Tasks window 4.255.0. Select the I Accept The License Terms check box and click Next 7. This can be used for the whole course. Select the Windows Server 2008 Enterprise (Full Installation) and Click Next 6.1 d. (Pa$$w0rd) 12. Click OK 11.0.10. Select the language.10 8.10.10.

7. 11. review selections Click Next (Installation will continue and Finish ©Copyright 2010 . 5. type dcpromo Click next Review the warning on the Operating Systems Compatibility page On the Choose a Deployment Configuration page.Exercise 3: Install a New Windows Server 2008 Forest using dcpromo 1. Database. The Computer Will Use A Dynamically Assigned IP Address (Not recommended) Click Yes to close to close the Active Directory Domain Services Installation Wizard warning message On the location for SYSVOL. type Finalvision.Idea Dudes LLC Page 5 . 2. 6. Log Files page. 4. type Pa$$w0rd in both spaces and Click Next On the Summary Page.com and Click Next On the Set Forest Functional Level Choose Windows Server 2008 Click Next Click Yes. accept the defaults and Click Next On the Directory Restore Mode Password page. 9. 3. 12. Click Start. 8. 10. click Run.

Sets the Preferred DNS 5. regional settings. Exercise 1: Install Server Core 1. 3. Confirm the IP configuration 6. Type oclist a. 2. Must be followed directory . Log on as Administrator 8. Restarts the server 7.12 mask=255. 6. Click OK Exercise 1: Perform Post-Installation Configuration on Server Core 1.Idea Dudes LLC Page 6 . Observer DNS Role is installed ©Copyright 2010 .10 primary Press ENTER a. Type netdom join %computername% /domain: finalvision.Module 2 – Install the Server Domain Controller Requirements Use the DC1 that was created in Exercise 1. commands are case sensitive b. 4.0. Also you will need another blank VM that can you will use to install the Core Server on.10.1 1 and Press ENTER a. Type ocsetup and Press ENTER 12. Type netsh interface ipv4 set address name=”Local Area Connection” source=static address=10. Type netdom renamecomputer %computername% /newname:ServerCore and Press ENTER 2. Installs the DNS Server role on the Core Server 14. 7. Confirm the operation press Y 3. Enter Pa$$word in each New Password and Confirm Password boxes and Press ENTER 11. and keyboard and click next Click Install Now Select Windows Server 2008 Enterprise (Server Core Installation) and Click Next Accept the EULA and Click Next Click Custom (Advanced) Select the Disk to install the Operating System and Click Next Logon to the system after installation is completed Change the password .10. 10.0.255.10. 5. 9. Restart by typing shutdown –r –t 0 10. Type oclist a. Insert the Windows Server 2008 installation DVD Power System On Select the language. Lists the server roles that are installed 11.com a. Type netsh interface ipv4 set dns name=”Local Area Connection” source=static address=10. 8. Click OK 13. Type ocsetup DNS-Server-Core-Role Press ENTER a.0. Joins the server to the finalvision. Type shutdown –r –t 0 a. Type ipconfig /all and Press ENTER a. Sets the IP address for NIC 4.0.0 gateway=10.com domain 9.

com /ConfirmGC: Yes /UserName:Finalvision\Administrator /Password: * /SafeModeAdminPassword:Pa$$w0rd Press Enter a. Type dcpromo /unattend /replicaOrNewDomain: replica /replicaDomainDNSName: finalvision. Logon to the Server Core 2. This will remove the Domain Controller ©Copyright 2010 .Exercise 2: Create a Domain Controller with Server Core 1.com in the FinalVision. Type dcpromo /unattend /AdministratorPassword:Pa$$w0rd a. Domain Controller will be installed Exercise 3: Remove a Domain Controller 1.com domain and Click OK a.Idea Dudes LLC Page 7 . This will start the Domain Controller install 2. When prompted to enter credentials . type Pa$$w0rd for the administrator account in FinalVision.

2. 5. 3.Exercise 1. 4. Notice Active Directory Schema is not presented Click OK to close the Add/Remove Snap-in Dialog Box Click Start Button and type cmd At the command prompt type regsvr32 schmmgmt and press ENTER Click OK Return the MMC Add the Active Directory Schema Snap-In Add the Computer Management Snap-In and direct it to Local Computer Click on Finish Click on OK to close Add/Remove Snap-In Choose Save from the File and save menu and save the console to the desktop with the name Admin.Idea Dudes LLC Page 8 . 9.Module 3 – Creating and Managing a Custom MMC Requirements Use the DC1 that was created in Module 1 . 15. 11. 7.msc Choose Add/Remove Snap-in from the File Menu Add the Event Viewer and direct it to the Local Computer Click OK to close the Add/Remove Snap-In Save and close the console ©Copyright 2010 . 14. 3. 5. Exercise 1: Create a Custom MMC 1. 4. Logon to the DC1 as Administrator (Pa$$w0rd) Click Start button and in Start Search box type MMC and Press ENTER Choose Add/Remove Snap-in from File Menu Select Active Directory Users and Computers and click Add a. 10. Open the Admin.msc Close the console Exercise 2: Add a Snap-in to a MMC 1. 13. 8. 2. 12. 6.

10. There is not an Add/Remove Snap-ins option Close the console Right-Click the console and choose Author Click the File Menu a. Open the Admin. 11. 6. 8. 3.Idea Dudes LLC Page 9 . 7. 8. Open Admin. 3. 9. 2. 11. 5. 10. 9.Exercise 3: Manage the Snap-ins of an MMC 1.msc Choose Add/Remove Snap-ins from the File Menu Select Event Viewer from the list of Selected snap-ins Click Move Up button Select Active Directory Schema Click Remove Button Select Computer Management Click Edit Extensions Select Enable Only Selected Extensions Deselect Event Viewer Click OK to close the Extensions For Computer Management Click OK to close the Add/Remove Snap-ins Dialog box Save and Close the console Exercise 4: Prepare a Console for Distribution to Users 1. 2. choose User Mode-Full Access Click OK Save and close the console Open the console by double-clicking it Click the File menu a. 6. 13.msc Choose Options from the File Menu In the Console Mode drop-down list. 4. 12. Add/Remove Snap-ins option appears Close the Console ©Copyright 2010 . 7. 4. 5.

9. 10. 6. 3. 5. Logon to DC1 as an Administrator Open the Active Directory User and Computers snap-in Expand the Domain node Right-Click the Domain Node and choose New and Select Organizational Unit Type the name of the Organizational Unit: Employee Select Protect Container from Accidental Deletion Click OK Right-Click the OU and Choose Properties In the Description Field. 11. Right-Click Employees OU and Select New User Input the following information remember to click Next to Continue First Name Dan Robert Barbara Linda Jackie Last Name Holme Redford Bush Mills Roberts Logon Name dholme rredford bbush lmills jroberts Password Pa$$w0rd Pa$$w0rd Pa$$w0rd Pa$$w0rd Pa$$w0rd Change Password Yes Yes Yes Yes Yes ©Copyright 2010 .Idea Dudes LLC Page 10 . 8.Module 4 – Creating and Locating Objects in Active Directory Requirements Use the DC1 that was created in Exercise 1. type Non-administrative user identities Click OK Create the following OU name Desktops Groups Admins Server Laptops OU Description Desktop Computers Non-administrative groups Administrative groups Server Laptop computers Exercise 2: Create Users 1. 4. 2. Exercise 1: Create Organizational Units 1. 7.

7. 3. 4. 10. Right-Click Servers OU FinalVision and Select New Computer Computer name box type SVR1 and Click OK Right-Click the computer and choose Properties Just look at properties do not change any Click OK Create the following OU Server Server Desktops Desktops Laptops Laptops Computer Name EX1 SharePoint01 Desktop01 Desktop02 Laptop01 Laptop02 Exercise 4: Create Groups 1. 6. 9.Idea Dudes LLC Page 11 . 2. 6. 8. 5. Right-Click the Groups OU and Select New Group Type Finance for the Group Name Do not change the name of the Group Name (Pre-Windows) Select Security for Group Type Select Global for the Group Scope Click OK Right-Click Finance Group and select Properties Examine the Properties but do not change them Click OK Create the following groups in Groups OU Group Type Security Security Security Group Scope Global Global Global Group name GG_Finance_Managers GG_Sales APP_Office 2007 11.Exercise 3: Create Computers 1. 2. Create the following groups in Admins OU Group name GG_Help Desk GG_Windows Administrators Group Type Security Security Group Scope Global Global ©Copyright 2010 . 4. 5. 3.

choose Has A Value Click OK twice to close the dialog boxes Choose View and the click Add/Remove Columns In the Available columns list. 10. 16. 11. type Robert Click Check Names Select Robert Redford Click OK to close the Select dialog box Click OK again to close the group properties Open the properties of the APP_Office 2007 Click the Members Tab Click Add Select Desktop01 Click Check Names Click Cancel a. 14. 15. 4. 7. Name Not Found Box In the Select box. 11. 17. 2. 10. 13. Select Type and click the Remove button Click OK Drag the Last Name Colum heading so that it is between Name and Description Click the Last Name column heading to sort it alphabetically by last name ©Copyright 2010 . 8. 14. Click Object Types Select Computers as an object Click OK Click Check Names a. 15. 12. Select Last Name and click the Add Button In the Displayed columns list. in the Name box. 5. 9. 18. 3. 9. type Barb Click Find Now Right-Click Saved Queries Node Choose New and choose Query Type All Users in the Name Box Description box type User for the entire domain Click Define Query On the Users tab. 8. Right-Click the Domain FinalVision click Find Objects In the Name Box. 4. 6. 16. 13.Exercise 5: Add Users and Computers to Groups 1.Idea Dudes LLC Page 12 . 7. 6. 12. Right-Click GG_Help Desk and Select Properties Click the Members Tab Click Add Button Select dialog box. Name will resolve Click OK Exercise 6: Find Objects in Active Directory 1. 2. 3. 5.

4. 5. 11. 3. 9. 6. Exercise 1: Delegate Administrative Tasks 1.Idea Dudes LLC Page 13 . 3. 7. 4. 2. 6. click the Add button Using the Select dialog. Logon to DC1 with Administrative Permissions Right-Click Employees OU and choose Delegate Control to launch the Delegation of Control Wizard Click Next On the Users Or Groups page. select the first permission assigned to the Help Desk Click the Edit Button In the Permission Entry dialog box. type Help Desl and then click OK Click Next On the Tasks To Delegate page. locate the permission that is assigned. Right-Click the Employees OU and Choose Properties Click OK to close the Properties dialog box Click the View menu and Select Advanced Features Right-Click the Employees OU and choose Properties Click the Security tab Click the Advanced button In the Permission Entries list. 2. Locate the permission assigned to the Help Desk ©Copyright 2010 . and then click OK Repeat steps 7-9 for the second permission entry assigned to the Help Desk Repeat steps 2 – 10 to view the ACL of a user in the Employees OU and to examine the inherited permissions assigned to the Help Desk 12.Module 5 – Delegating Administrative Tasks Requirements Use the DC1 that was created in Exercise 1.dc=contoso. 8. 7. Open the command prompt type dsacls “ou=employees.dc=com” and press Enter 13. select Reset User Passwords And Force Password Change At Next Logon task 8. Click Next 9. 5. 10. Review the summary of the actions that have been performed and click Finish Exercise 2: View Delegated Permissions 1.

Type Pa$$w0rd 4. Type dsadd user “cn=Mike Tyson. Log on to DC1 as Administrator Open ADUC and expand the domain Right-Click Employees OU and choose New and select User First Name Box type _Sales Last Name Box type Template User Logon Name type _salestemplate click Next Type Pa$$w0rd in the Password box and Confirm Password box Select Account Is Disabled check box . 19. Inc. Groups A global security group in the Groups OU named Sales Exercise 1: Create Users with a User Account Template 1. 7.dc=finalvision. 10. 18. 16. You will be prompted to enter a password a password for the user twice. 3. 13. 17. Open ADUC and confirm Mike’s account is configured as entered ©Copyright 2010 .Module 6– Automating The Creation of User Accounts Requirements Use the DC1 that was created in Exercise 1 First Level Employees. 4. Open a command prompt 2. type Final Vision. 14. type Sales In the Company box. Click the MemberOf tab Click Add Button Type Sales and click OK Click Profile Tab Profile Path box.Idea Dudes LLC Page 14 . 6. 2. 12.ou=Employees.Tyson –pwd * -mustchpwd yes –hmdir \\DC1\users\%username%\documents -hmdir U: 3. 8.dc=com” –samid Mike. 5. 9. type \\DC1\profiles\%username% Click OK Exercise 2: Create a User with the Dsadd Command 1. 15. 11. Click Next Click Finish Bring up Properties of the _salestemplate account Click Organization Tab In the Department box .

sn.csv –k a.lisa.user. Tony mail: Tony.DC=FinalVision.com description: Sales Representative in India title: Sales Representative department: Sales company: Final Vision.austin.DC=Com changeType: add CN: April Vow objectClass: user sAMAccountName: april. 3. Inc. sAMAccountName.com givenName: April sn: Vow displayName: Vow. 4.steve.givenName.user.OU=Employees. Open Notepad and create the following file . Examine accounts to ensure all information was created Exercise 4: Import Users with LDIFDE 1. DC=FinalVision.Gupta userPrincipalName: tony. April mail: april.vow userPrincipalName: april.turro@finalvision.DC=Com”.Turro.turro.Austin.DC=FinalVision.austin@finalvision.DC=Com”.vow@finalvision. Open Notepad and create the following file .com description: Sales Representative in USA title: Sales Representative department: Sales company: Final Vision.userPrincipalName “cn=Lisa Turro.lisa.Lisa.Steve. DN: CN=April Vow.com “cn=Steve Austin. OU=Employees.Gupta@finalvision. ©Copyright 2010 . OU=Employees.Idea Dudes LLC Page 15 .DC=Com changeType: add CN: Tony Gupta objectClass: user sAMAccountName: Tony. DC=FinalVision.com 2.OU=Employees. Open ADUC snapin and confirm that users were created 7.vow@finalvision.gupta@finalvision. Inc. Enter the following lines DN. –k continues when an error occurs 6.Exercise 3: Import Users with CSVDE 1.com givenName: Tony sn: Gupta displayName: Gupta. Enter the following lines DN: CN=April Vow.steve. Save the file to your Documents folder as Newusers. 5.objectClass.csv Open a command prompt Type cd %userprofile%\Documents and press ENTER Csvde –I –f Newusers.

5.ldf Open a command prompt Type cd %userprofile%\Documents and Press ENTER Type ldifde –I –f newusers. 6. Save the file to your Documents folder as Newusers. 4.Idea Dudes LLC Page 16 . 3. 7.ldf –k and Press ENTER Open ADUC and verify accounts have been created Confirm the user properties are populated ©Copyright 2010 .2.

Click Next Click Install When the installation is complete. click Close Right-Click Windows PowerShell in the Windows PowerShell program group and Pin it the Start Menu Exercise 2: Create a User with Windows PowerShell 1. Writes account into Active Directory 6.DC=FinalVision. 3. Type $objUser.SetInfo() a. Type $objOU=[ADSI]”LDAP://OU=Employees.Put(“sAMAccountName”.Module 7– Creating Users with Windows PowerShell and VBScript Requirements Use the DC1 that was created in Exercise 1 First Level Employees.Idea Dudes LLC Page 17 . Lists the populated attributes ©Copyright 2010 . 2.DC=Com” a. 7. 5. Type $objUser.Create(“user”.”CN=Mary Star”) a. Type $objUser. Create Mary Star object 4.star”) a. Type $objuser | get-member a. Logon to DC1 as Administrator Click the Features node of the Server Manager Click Add Features link Select Windows PowerShell from the Features list. Type $objUser=$objOU. Groups A global security group in the Groups OU named Sales Exercise 1: Install Windows PowerShell 1. Open Windows PowerShell 2. 6.distinguishedName 7. 4.”mary. Populates the Pre-Windows 2000 5. Connect to the Employees OU 3.

vbs 7. Type cd %userprofile%\documents and press ENTER 6. This will enable script execution 8. Type cd documents and press ENTER 7. Type the following Set objOU = GetObject(LDAP://OU=Employees.vbs”.Create(“user”.Setinfo() 4. Type .Exercise 3: Create a New User with a Windows PowerShell Script 1.Put(“sAMAccountName”. Open Notepad 2.exe newuser.ps1 and press ENTER 9.Setinfo() 3.jackson”) objUser.”scott.DC=Com” $objUser = objUser. Save the script to your Documents folder as “Newuser. Log on to DC1 as Administrator 2. Open the command prompt 5. Save the script in your Documents folder as “Newuser. Type the following $objOU = *ADSI+”LDAP://OU=Employees.Create(“user”. Type set-executionpolicy remotesigned a.DC=FinalVision. including the quotes so that it is a nontext document 4. Confirm that the user was created successfully in Active Directory ©Copyright 2010 .”toya. Confirm that the user was created in Active Directory Exercise 4: Create a New User with a VBScript Script 1.”CN=Toya Jackson”) objUser.DC=Com) Set objUser = objUser.ps1”. Open Notepad 3.milner”) $objUser.DC=FinalVision.”CN=Scott Milner”) $objUser. with quotes to save as a non-text document 5.Idea Dudes LLC Page 18 .\newuser. Open Windows PowerShell 6.Put(“sAMAccountName”. Type cscript.

16. 6. 13. 5. State/Province and Zip/Postal Code boxes and Enter fictitious information Click the Profile tab and configure the \\DC1\%username%\documents home folder Click the Organizational tab and configure the company name. 9. 7. 17. 7. 2. 4. Logon to DC1 as an Administrator Open ADUC Open Employees OU and Right-Click Scott Milner Choose Properties Examine the tabs of the Properties dialog box Click the Telephone tab and enter information into the Notes field. Groups A global security group in the Groups OU named Sales Scott Milner Toya Jackson Mary Star Exercise 1: View All Attributes of a User 1. 13. select the Street. type 12345678 and then click OK Examine the other attributes Click OK to close the Properties dialog box Exercise 2: Manage Attributes of Multiple Objects 1. 8. 5. Inc. 12. 6. Select the Office box and type Miami Click the Account Tab Click on the Logon Hours button Click Sunday and click the Logon Denied option Click Saturday and click the Logon Denied option then click OK Select the Computer Restrictions button and click the Log On to button Select the following option In the Computer Name box type DESKTOP01 and click Add Repeat the process for DESKTOP02 and DESKTOP03 then click OK On the Address tab. 11. 11. 3. double click it.Module 8– Supporting User Objects and Accounts Requirements Use the DC1 that was created in Exercise 1 First Level Employees. 10. 12. type Subsidiary and click OK Locate the employeeID attribute. In the Employees OU . 10. City.Idea Dudes LLC Page 19 . Final Vision. 2. select Scott Milner Hold the CTRL key and select Mary Star and Toya Jackson Right-Click any of the selected users and choose Properties On the General Tab. 3. Click OK Open the user objects to confirm that the changes were applied ©Copyright 2010 . 15. 8. 14. 4. 9. Click OK Click View menu and select Advanced Features Open the Properties of Scott Milner and Click the Attribute Editor tab Scroll to locate the info attribute Locate the division attribute.

Confirm changes in ADUC ©Copyright 2010 .Idea Dudes LLC Page 20 .OU=Employees. Open Windows PowerShell 2. Type dsquery user –name “* Milner” | dsget user –samid –upn a. This will return the Pre-Windows 2000 account and the UPN of Scott Milner 5. Confirm the changes in ADUC 4. Modifies the location and account is disabled 3.Exercise 3: Manage User Attributes with DS Commands 1. Type dsquery user –name “* Milner” | dsmod user –office “Sydney” –disabled “Yes” a.DC=FinalVision.Setinfo() 6.DC=Com” $objUser.InvokeSet(‘AccountDisabled’. Type the following lines in Windows PowerShell $objOU = *ADSI+”LDAP://CN=Scott Milner.psbase.$false) $objUser.

20. Logon to DC1 as an Administrator Open ADUC and Select the Groups OU Right-Click Groups OU. Groups A global security group in the Groups OU named Sales Scott Milner Toya Jackson Mary Star Exercise 1: Create Groups 1. 8. 15. 14. 16. 11. 10. 2. Right-Click the Christmas List and choose Properties Change the group type to Distribution Click Apply Change the group scope to Universal click Apply Change the group scope to Global click Apply Click OK to close the Properties dialog box ©Copyright 2010 . 21.Toya and click OK Click OK to close the Properties box Create two global groups Marketing and Consultants Create a Domain Local group named ACL_Sales_Folder_Read Open the properties of the ACL_Sales_Folder_Read group Add Sales. 6.Idea Dudes LLC Page 21 . 19.Module 9– Creating and Managing Groups Requirements Use the DC1 that was created in Exercise 1 First Level Employees. Marketing and Consultants to the ACL_Sales_Folder_Read group Add Linda Open the properties for the Marketing group Add the ACL_Sales_Folder_Read group Create a Sales folder on the C:\ Bring up the Advanced Security properties for the Sales Click Edit and click Add Click Advanced . 12. Create a new groups called Christmas List and make it a Distribution Group Exercise 2: Convert Group Type and Scope 1. 5. 5. 2. 13. 6. 3. 4. 9. 18. 4. choose New and then Select Group In the Group Name type Sales Select the Global group scope and Security group type Click OK Right-Click the Sales group and choose Properties Click the Members tab Click the Add button Type: Linda. 3. 7. and then click Find Now a. 17. Notice groups with ACL_ prefix to assist in finding the groups faster 22.

csv” Open a command prompt Type csvde –I –f “%userprofile%\importgroups. DC=FinalVision.Dc=Com ©Copyright 2010 .”CN=Accounting.OU=Employees.DC=FinalVision.DC=FinalVision. Logon to DC1 as an Administrator 2. OU=Groups.OU=Employees. OU=Groups. “CN=Scott Milner. Confirm that group was created by using ADUC Exercise 2: Import Groups with CSVDE 1. 5. DC=Com changeType: modify add: member member: CN=Toya Jackson.DC=Com” –samid Finance Group secgrp yes –scope g 4. DC=FinalVision.DC=FinalVision.csv” Confirm the changes in ADUC Exercise 3: Modify Group Membership with LDIFDE 1.OU=Employees. Groups A global security group in the Groups OU named Sales Scott Milner Toya Jackson Mary Star Exercise 1: Create a Group with Dsadd 1.OU=Employees. “CN=Mary Star.OU=Groups.DC=FinalVision. DC=FinalVision.Module 10– Automating the Creation and Management of Groups Requirements Use the DC1 that was created in Exercise 1 First Level Employees. DC=Com changeType: modify add: member member: CN=Mary Star. DN. sAMAccountName.Accounting. DC=FinalVision.DC=Com dn: CN=Accounting. Type dsadd group “CN=Finance.Dc=Com member:CN=Scott Milner. member group.Idea Dudes LLC Page 22 .DC=Com”.DC=Com”.DC=Com” 2. Open Notepad and type the following dn: CN=Accounting. OU=Groups. Open a command prompt 3. Open Notepad and type the following objectClass.OU=Employees. 3. 4. Save the file to your Documents folder with the name “Importgroups.DC=FinalVision.

OU=Groups.DC=Com” –members Press ENTER Type dsget group “CN=Finance.2. DC=FinalVision. Press ENTER ©Copyright 2010 .DC=Com” – members Press ENTER Type dsget group “CN=Finance. 6. OU=Groups. 10. OU=Groups. DC=Com” –memberof Press ENTER Type dsget user “CN=Scott Milner. Open a command prompt 2. 4. 8. 4. OU=Employees.OU=Groups. 2. Save the file to your Documents folder as “Membershipchange. DC=FinalVision. DC=Com” “CN=Acccounting. 9. 3.ldf” Confirm that membership of Accounting group has been changed Exercise 4: Modify Group Membership with Dsmod 1. Confirm the changes in ADUC Exercise 5: Confirm Group Membership with Dsget 1. DC=Com” 3. DC=Com” –memberof expand 11.Idea Dudes LLC Page 23 . 7. OU=Employees. 5.ldf” Open a command prompt Type ldifde –I –f “%userprofile%\documents\membershipchange. 5.DC=FinalVision. DC=FinalVision. Open a command prompt Type dsget group “CN=Accounting. 3.DC=FinalVision. OU=Groups. DC=FinalVision. DC=FinalVision.DC=Com” –members –expand Press ENTER Type dsget user “CN=Scott Milner. OU=Employees. Type dsmod group “CN=Finance. DC=FinalVision. DC=Com” –addmbr “CN=Scott Milner.

Groups A global security group in the Groups OU named Sales Scott Milner Toya Jackson Mary Star Exercise 1: Create a Well-Documented Group 1. 12. 2. 8. 10. 11.Module 11– Administering Groups in an Enterprise Requirements Use the DC1 that was created in Exercise 1 First Level Employees. 4. 3. Click OK Exercise 2: Delegate Management of Group Membership 1. 9. and click OK Click the View menu and ensure Advanced Features is selected Right-Click the ACL_Budget_Edit group and choose Properties Click the Object Tab Select the Protect Object From Accidental Deletion check box and Click OK Open the group’s Properties again Description box type BUDGET (EDIT) Notes field type the following \\SRV1\data$\finance\budget \\SVR2\data$\finance\revenue projections 13.Idea Dudes LLC Page 24 . 5. 5. 2. Logon to DC1 as an Administrator Select the Groups OU in the console tree Right-Click the Groups OU. 4. Open the Properties dialog box of ACL_Budget_Edit group Click the Manage by tab Click the Change button Type the user name for Scott Milner and click OK Select the Manager Can Update Membership List check box Click OK ©Copyright 2010 . 6. 3. 7. choose New and then select Group Group Name Box type ACL_Budget_Edit Select Domain Local in the Group Scope section and Security in the Group Type section.

DC=Com” 5. OU=Groups. Open a command prompt Type runas /user:Scott cmd. DC=FinalVision. 4.exe Enter the Password Pa$$w0rd Type the following dsmod group “CN=ACL_Budget_Edit. Close command prompt 6. 2.Idea Dudes LLC Page 25 . Confirm the changes in ADUC ©Copyright 2010 . DC=FinalVision. OU=Groups. 3. DC=Com” –addmbr “CN=Finance.Exercise 3: Validate the Delegation of Membership Management 1.

Type redircmp “OU=Desktops. 8. 4. 9. 7. 3. 9. 5. Logon to DC1 as an Administrator 2. DC=FinalVision. 11. 2. Create Desktops and Servers OUs Exercise 2: Create Computers Objects 1.Module 11– Creating Computers and Joining the Domain Requirements Use the DC1 that was created in Mod 1 Exercise 1 First Level Admins. 12. 7. 3. 5. Groups A global security group in the Admins\Groups OU named Server Admins A global security group in the Admins\Groups OU named Help Desk Employees OU Scott Milner member of Domain Users and Server Admins Toya Jackson Mary Star member of Domain Users and Help Desk Exercise 1: Create OUs for Client and Server Computer Objects 1. DC=Com” ©Copyright 2010 . 6. Open ADUC and expand the domain 3. 2. 6. Open a command prompt 2. Logon to DC1 as an Administrator Open ADUC Click View menu and ensure Advanced Features is selected Bring up the properties of Desktops OU Click the Security tab Click Advanced Click Add Type Help Desk Click the Object tab Select This Object and All Descendant Objects from the Drop-Down list In the Permissions list select Allow next to Create Computer Objects Click OK three times Exercise 4: Redirect the Default Computer Container 1. Right-Click the Desktops OU and select Computer Computer Name box DESKTOP101 Click the Change button next to the User or Group box Type Help Desk in the Select User Or Group dialog box that will be allowed to join the computer to the domain Click OK Create a New Computer in Server OU named Server02 Click Change button next to User or Group box Type Server Admins Click OK Click OK Exercise 3: Delegate the Ability to Create Computer Objects 1. 10.Idea Dudes LLC Page 26 . 10. 8. 4.

Module 12– Create and Manage a Custom MMC Requirements Use the DC1 that was created in Mod 1 Exercise 1 First Level Admins. 4096. Groups A global security group in the Admins\Groups OU named Server Admins A global security group in the Admins\Groups OU named Help Desk Employees OU Scott Milner member of Domain Users and Server Admins Toya Jackson Mary Star member of Domain Users and Help Desk Windows PowerShell must be installed Exercise 1: Create a Computer with Dsadd 1.userAccountControl. DESKTOP153$ “CN=DESKTOP154.csv” Confirm changes with ADUC ©Copyright 2010 . Logon to DC1 as an Administrator Open a command prompt Type dsadd computer “CN=DESKTOP100.DC=FinalVision. DESKTOP153. DC=FinalVision.csv” Open a command prompt Type csvde –I –f “%userprofile%\documents\computers. 3. OU=Employees.DC=Com”. computer.DC=Com”.objectClass. 5. 3. Save the file to your Documents folder as “Computers. computer. 4096.Idea Dudes LLC Page 27 .DC=FinalVision.sAMAccountName “CN=DESKTOP153. DC=Com” Confirm the computer was created Exercise 2: Import Computers by Using CSVDE 1. Open Notepad DN. 4. DESKTOP154. Server03$ 2. 2. 4096.name. Server03.OU=Desktops.DC=FinalVision. computer.DC=Com”.OU=Servers. 4. DESKTOP154$ “CN=SERVER03.OU=Desktops.

DC=Com” changeType: add objectClass: Top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: Server11 userAccountControl: 4096 sAMAccountName: SERVER11$ 2. DC=FinalVision. 3.ldf” Open a command prompt Type ldifde –I –f “%userprofile%\documents\computers. OU=Servers. Save file to Documents folder as “Computers. 4. DC=Com” changeType: add objectClass: Top objectClass: person objectClass: organizationalPerson objectClass: user objectClass: computer cn: Server10 userAccountControl: 4096 sAMAccountName: SERVER10$ dn: CN=Server11. OU=Servers. Open Notepad 2.ldf” Confirm with ADUC that computer account was created ©Copyright 2010 .Idea Dudes LLC Page 28 . DC=FinalVision. Enter the following information dn: CN=Server10.Exercise 3: Import Computers by Using LDIF file 1. 5.

Exercise 4: Create a Computer with Windows PowerShell 1.vbs” 4.”CN=DESKTOP300”) $objComputer. Confirm with ADUC that computer was created Exercise 5: Create a Computer with VBscript 1. Type the following Set objOU =GetObject(”LDAP:// OU=Desktops.Put “sAMAccountName”.DC=FinalVision.”DESKTOP300$”) $objComputer. 4096 objComputer. Type the following $objOU = *ADSI+”LDAP:// OU=Desktops.Put(“sAMAccountName”.DC=FinalVision. Type cscript “%userprofile%\documents\createcomputer.Put(“userAccountControl”.”CN=DESKTOP400”) objComputer. Confirm with ADUC that computer was created ©Copyright 2010 .SetInfo() 3.Create(“computer”.Put “userAccountControl”.DC=Com” $objComputer = $objOU. 4096) $objComputer. Open Notepad 2.SetInfo() 3. Open Windows PowerShell 2.vbs” 5.DC=Com”) Set objComputer = $objOU.Create(“computer”.”DESKTOP400$” objComputer.Idea Dudes LLC Page 29 . Save the file to your Documents folder as “CreateComputer.

Type netdom /? and Press ENTER 4. Groups A global security group in the Admins\Groups OU named Server Admins A global security group in the Admins\Groups OU named Help Desk Employees OU Scott Milner member of Domain Users and Server Admins Toya Jackson Mary Star member of Domain Users and Help Desk Windows PowerShell must be installed All computers from Module 12 Exercise 1: Manage Computers Objects 1. Type nltest /? and Press ENTER a. Open a command prompt 2. Displays the settings for nltest 3. Simulate a reset by typing netdom reset desktop300 a. Notice this is the same as the group 6. 4.Module 13– Supporting Computer Objects and Acccounts Requirements Use the DC1 that was created in Mod 1 Exercise 1 First Level Admins. An error will show because the computer is not available ©Copyright 2010 .Idea Dudes LLC Page 30 . Logon to DC1 as an Administrator Open ADUC Select Desktops OU Bring up the properties of one of the computers Click Manage By Tab a. 3. 2. Change the Description to Sales Desktop for All of the Desktops Exercise 2: Troubleshoot Computer Acccounts 1. 5.

Master your semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master your semester with Scribd & The New York Times

Cancel anytime.