MOAC70 lab12

Note:These lab detailed steps are located on the Lab Review page of the course, as well as under detailed steps in the expandable LabInstructions pane of the launched lab. Both sets contain the same information, so please use the instructions from the locationyou feel is most convenient.

Note:The Server Manager console will be displayed automatically. If the Server Manager console does not appear automatically, click Start, and

then click Server Manager.

Lab Detailed Steps

Print this page.

1. To log on to RWDC01, click the Ctrl-Alt-Delete button.2. Enter the following:

User name: Contoso\AdministratorPassword: Pa$$w0rd

3. Click the Forward button. You are now connected to the RWDC01 computer.

1. To log on to RWDC02, click the Ctrl-Alt-Delete button.2. Enter the following:

User name: Contoso\AdministratorPassword: Pa$$w0rd

3. Click the Forward button. You are now connected to the RWDC02 computer.

1. On RWDC02, install the Active Directory Domain Services server role by using Server Manager.a. In the left pane, select Roles. In the right pane, click Add Roles.b. Click Next to bypass the initial Welcome screen. The Select Server Roles screen is displayed.c. Place a checkmark next to Active Directory Domain Services. Click Next. The Active Directory Domain Services screen isdisplayed.d. Read the introductory information to Active Directory Domain Services and click Next. The Confirm InstallationSelections screen is displayed.e. Read the confirmation information to prepare for the installation. Click Install to install the Active Directory DomainServices role. The Installation Results screen is displayed.

2. Install a new Windows Server 2008 Active Directory forest by using the Active Directory Domain Services InstallationWizard with the following information:

Forest root domain name: adatum.comForest functional level: Windows Server 2008Additional domain controller: DNS ServerDirectory Services Restore Mode administrator password: Pa$$w0rd

MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

Exercise 1: Installing a New Active Directory Domain

Task 1: Log on to the RWDC01 computer with the user name, Contoso\Administrator, and the password,Pa$$w0rd. Proceed to the next task.

Task 2: Log on to the RWDC02 computer with the user name, Contoso\Administrator, and the password,Pa$$w0rd. Proceed to the next task.

Task 3: Install a new Windows Server 2008 Active Directory forest.

Page 1 of 5Bagatrix Solved!

1/30/2014MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

a. Click Close This Wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe). TheWelcome to the Active Directory Domain Services Installation Wizard screen is displayed.b. Click Next twice to continue. The Choose a Deployment Configuration screen is displayed.c. Click the Create a new domain in a new forest radio button. Click Next. The Name the Forest Root Domain screen isdisplayed.d. Key adatum.com as the name of the new domain and click Next. The Set Forest Functional Level screen is displayed.e. Select Windows Server 2008 and click Next. The Additional Domain Controller Options screen is displayed.f. Verify that the DNS server checkbox is selected, and then click Next. A warning message is displayed concerning DNSdelegations.g. Read the warning message and click Yes to continue. The Location for Database, Log Files, and SYSVOL screen isdisplayed.h. Accept the default selections and click Next to continue. The Directory Services Restore Mode Administrator Passwordscreen is displayed.i. Key Pa$$w0rd in the Password and Confirm password text boxes, and click Next to continue. The Summary screen isdisplayed.j. Review your installation choices and click Next to continue. The Active Directory Domain Services Installation Wizardscreen is displayed, indicating that the Active Directory Domain Service is being installed. The Completing the ActiveDirectory Domain Services Installation Wizard screen is displayed.k. Click Finish.

3. Reboot the newly created domain controller.a. When prompted, click Restart Now to restart the newly configured domain controller.

4. Log on to the RWDC02 computer with the user name, Adatum\Administrator, and the password, Pa$$w0rd.a. When the domain controller reboots, log on to the RWDC02 computer as the default administrator of adatum.comdomain.

5. Verify the DNS name resolution for the RWDC02 computer.a. Verify that RWDC02 is configured to point only to itself for DNS name resolution. To verify, click Start and then clickControl Panel. Double-click Network and Sharing Center. In the left pane, click Manage network connections. Right-click theLocal Area Connection icon and click Properties. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.b. On the General tab, remove any DNS servers other than the loopback IP address (127.0.0.1) or the IP address of theRWDC02 computer.

1. A successful completion of this exercise results in the installation of a new Windows Server 2008 Active Directory forest.

2. To proceed to another exercise, click the desired exercise.

1. On RWDC01, open DNS Manager and view the forward and reverse lookup zones.a. Click the Start button, click Administrative Tools, and then click DNS.b. Drill down to the Forward Lookup Zones node.

Question 1 What forward lookup zones are present on your domain controller?

c. Drill down to the Reverse Lookup Zones node.

Question 2 What reverse lookup zones are present on your domain controller?

Task 4: You have completed all tasks in this exercise.

Exercise 2: Creating a Reverse Lookup Zone

Task 1: Create a reverse lookup zone.



Note:Because this is a two-part process, you will see a red X in the Validated field, indicating that the server with this IP address is not

authoritative for the required zone. You can safely disregard this error, because it will be resolved in Task 2.

2. Create a reverse lookup zone for IPv4 addresses with the following information:Zone type: PrimaryNetwork ID: 192.168.1Store the zone in Active Directory

Dynamic updates: Use default settinga. To create a reverse lookup zone, right-click Reverse Lookup Zones in the left pane and click New Zone. The New ZoneWizard is displayed.b. Click Next to bypass the initial Welcome screen. The Zone Type screen is displayed.c. Click Primary zone. Place a checkmark next to Store the zone in Active Directory (this option is available only if DNSserver is also a writeable domain controller) and click Next. The Active Directory Zone Replication Scope screen isdisplayed.

Question 3 What is the default scope of replication?

d. Accept the default selection and click Next. The Reverse Lookup Zone Name screen is displayed.e. Select IPv4 Reverse Lookup Zone and click Next.f. Enter the Network ID of your lab network; this value will be 192.168.1 or the value provided by your instructor or labproctor. Click Next. The Dynamic Update screen is displayed.

Question 4 What is the default dynamic update setting?

g. Accept the default selection and click Next.h. Click Finish. Confirm that the Reverse Lookup Zone is displayed in the DNS management console.

1. A successful completion of this exercise results in the creation of a primary reverse lookup zone on RWDC01.


1. Configure zone transfer between RWDC01.contoso.com and RWDC02.adatum.com.a. Click the Start button, click Administrative Tools, and then click DNS.b. Expand the Forward Lookup Zones node. Right-click the contoso.com node and select Properties.c. On the Zone Transfers tab, place a checkmark next to Allow zone transfers.d. Select the Only to the following servers radio button and then click Edit.e. In the IP addresses of the secondary servers section, click the Click here to add an IP Address or DNS Name option, andthen key the IP address of your partner's domain controller. For example, if you are working from RWDC01, enter the IPaddress of RWDC02, and vice versa. Press Enter and click OK.


Exercise 3: Configuring Secondary Zones and Zone Transfers

Task 1: Configure DNS zone transfers.

Task 2: Configure secondary DNS zones.



Note:If directed by your instructor:

At the end of lab exercises, the lab itself, or at other points within the lab specified by your instructor, press the Print Screen key to get a

screenshot of what youve completed. You can then paste the screenshot in an e-mail or document and provide this record of your lab

completion to your instructor.

1. Create a secondary forward lookup zone on RWDC02 by using DNS Manager.a. Right-click the Forward Lookup Zones node and select New Zone. Click Next to bypass the initial Welcome screen.b. On the Zone Type screen, select a Secondary zone and click Next. The Zone Name screen is displayed.c. Enter the name of RWDC01 Active Directory domain. For example, if your domain name is EMEA.com, keyContoso.com. Click Next. The Master DNS Servers screen is displayed.d. Enter the IP address of RWDC01 computer and press Enter. Confirm that a green checkmark is displayed next to the IPaddress and that the value of "OK" is displayed in the Validated column. Click Next. The Completing the New Zone Wizardscreen is displayed.e. Click Finish. Expand the zone for your domain and confirm that an A record is displayed for your partner's domaincontroller.

1. A successful completion of this exercise results in the following outcomes:DNS zone transfer is configured between RWDC01.contoso.com and RWDC02.adatum.com.

A secondary forward lookup zone is configured on RWDC01 and RWDC02.


1. On RWDC01, configure a service account for the Active Directory Rights Management Services server role by using thefollowing command.

dsadd user cn=RMSsvcacct,cn=users,dc=contoso,dc=com pwdPa$$w0rd

a. Click the Start button, right-click Command Prompt, and then click Run as administrator.b. From the Windows command line, enter the following command:

dsadd user cn=RMSsvcacct,cn=users,dc=contoso,dc=com pwdPa$$w0rd

c. Press Enter.d. Key exit and press Enter to close the command-prompt window.

1. On RWDC01, install the Active Directory Rights Management Services server role by using Server Manager, with thefollowing information:

Configuration Database: Windows Internal DatabaseAD RMS Cluster Key Storage: AD RMS Centrally Managed Key StoragePassword: Pa$$w0rdCluster Address: Unencrypted ConnectionFully-Qualified Domain Name: contoso.com


Exercise 4: Installing the Rights Management Service Role

Task 1: Configure a service account for the Active Directory Rights Management Services server role.

Task 2: Install the Active Directory Rights Management Services server role.



a. Open the Server Manager, in the left pane, select Roles. In the right pane, click Add Roles. Click Next to bypass theinitial Welcome screen. The Select Server Roles screen is displayed.b. Place a checkmark next to Active Directory Rights Management Services and click Next. The Add Roles Wizard screen isdisplayed, informing you that certain role services must be installed before you can install the RMS role.c. Click Add Required Role Services and click Next. The Active Directory Rights Management Services screen is displayed.d. Read the information presented about the Active Directory Rights Management Service role, and then click Next. TheSelect Role Services screen is displayed.e. Accept the default selection and click Next. The Create or Join an AD RMS Cluster screen is displayed.f. Notice that the Create a new AD RMS cluster option is the only available option. Click Next to continue. The SelectConfiguration Database screen is displayed.g. Select the Use Windows Internal Database on this server radio button, and then click Next. The Specify Service Accountscreen is displayed.h. Click Specify. The Windows Security window is displayed.i. In the Windows Security window, enter the username and password of the account you created, and click OK to close thewindow.j. Click Next. The Configure AD RMS Cluster Key Storage screen is displayed.k. Verify that the Use AD RMS centrally managed key storage radio button is selected and click Next. The Specify AD RMSCluster Key Password screen is displayed.l. Key Pa$$w0rd in the Password and the Confirm Password fields, and then click Next. The Select AD RMS Cluster WebSite screen is displayed.m. Verify that the Default Web Site is selected and then click Next. The Specify Cluster Address screen is displayed.n. Select the Use an unencrypted connection (http://) radio button. (In a production AD RMS implementation, you shouldconfigure an SSL certificate on all AD RMS IIS Web servers; we are only selecting an http:// connection for the purposes ofthis exercise.)o. Key contoso.com in the Fully-Qualified Domain Name text box, and then click Validate. Click Next. The Name theServer Licensor Certificate screen is displayed. Verify that RWDC01 is entered into the Name text box, and then click Next.The Register AD RMS Service Connection Point screen is displayed.p. Verify that the Register the AD RMS service connection point now radio button is selected, and then click Next. The WebServer (IIS) screen is displayed.q. Read the information displayed about the Internet Information Server (IIS), and then click Next. The Select RoleServices screen is displayed.r. Browse the role services that are selected for the IIS Web server role, and then click Next. The Confirm InstallationSelections screen is displayed.s. Click Install to begin the installation of the Active Directory Rights Management Service role. After the installation iscomplete, click Close to close the Add Roles wizard.

2. Log off from RWDC01.a. Log off from RWDC01.

3. Log off from RWDC02.a. Log off from RWDC02.

1. A successful completion of this exercise results in the installation of the Active Directory Rights Management Servicesserver role on RWDC01.




Documents

MOAC70 lab12