6425A_12 Implemente AD Domain Services Infrastructure

8/14/2019 6425A_12 Implemente AD Domain Services Infrastructure

1/18

Module 12:Implementing an

Active DirectoryDomain Services

Infrastructure


2/18

Module Overview

Overview of the AD DS Domain

Planning a Group Policy Strategy


3/18

Lesson 1: Overview of the AD DS Domain

Overview of the Current AD DS Domain Design

Overview of the Required AD DS Domain Design

Overview of the AD DS Site Design


4/18

Overview of the Current AD DS Domain Design

Forest RootDomain

Asia.WoodgroveBank.comEMEA.WoodgroveBank.com

WoodgroveBank.com


5/18

Overview of the Required AD DS Domain Design

Contoso.com

Separate Tree

Contoso.com will join the WoodgroveBank forest in a separate tree

Forest RootDomain

Asia.WoodgroveBank.com

WoodgroveBank.com

EMEA.WoodgroveBank.com


6/18

Overview of the AD DS Site Design

London_Site

NYC-Branch-Office

Miami_Site

Tokyo_Site

New Site

Contoso

New Site

NYC-Head-Office

Two new sites will be created

Contoso site

NYC-Branch-Office site


7/18

Lesson 2: Planning a Group Policy Strategy

Overview of Domain Controller Deployment

Overview of Forest Trust Relationship

Overview of the AD DS Group Policy Object Design


8/18

Overview of Domain Controller Deployment

London_Site

RODC

RODCNYC-DC3

NYC-Branch-Office

Miami_Site

Tokyo_Site

New

Contoso

New

NYC_Site

ContosoDC


9/18

Lab A: Deploying Active DirectoryDomain Services

Exercise 1: Installing a Read-only Domain Controller(RODC) onto Server Core, and Creating a Branch Office

Site

Exercise 2: Creating a Domain in a Separate Tree andSeparate Site

Logon information

Virtual machine NYC-DC1, NYC-DC1, NYC-DC3, NYC-SRV1

User name Administrator

Password Pa$$w0rd

Estimated time: 120 minutes


10/18

Lab A: Review

How do sites control logon traffic?

What is the advantage of having separate trees in theforest for Woodgrove Bank?


11/18

Overview of Forest Trust Relationship

Forest Root

Domain

Asia.WoodgroveBank.com

WoodgroveBank.com

EMEA.WoodgroveBank.com

Fabrikam.com

Forest Root

Domain

Contoso.com

Forest TrustSeparate Tree

The Fabrikam.com forest will have a forest trust relationship with theWoodgroveBank forest


12/18

Lab B: Configuring Forest Trust Relationships

Exercise: Upgrading the Fabrikam Domain, and Creating aForest Trust with Woodgrove Bank

Logon information

Virtual machine NYC-DC1, VAN-DC1, NYC-SRV1, NYC-RAS

User name Administrator

Password Pa$$w0rd



13/18

Lab B Review

What tasks must be performed before a Windows Server2008 can be added to a Windows 2003 domain as a

member server?

What tasks must be performed before a Windows Server2008 can be added to a Windows 2003 domain as adomain controller?

f h l


14/18

Overview of the AD DS Group PolicyObject Design

ITAdmins

WoodgroveBank.com

ExecutivesTorontoNYCMiami

BranchManagers BranchManagers BranchManagers

Investments Workstations

CustomerService Computers

Users

CustomerService CustomerService

Marketing

Workstations

Investments

Marketing

Workstations


15/18

Lab C: Designing a Group Policy Strategy

Exercise 1: Planning Group Policy

Exercise 2: Implementing the Corporate Desktop Policy

Logon information

Virtual machine NYC-DC1User name Administrator

Password Pa$$w0rd



16/18

Lab C: Review

How would you ensure that a policy will always beapplied?

How would you exempt certain users or computers frombeing affected by a GPO?


17/18

Module Review and Takeaways

Considerations


18/18

Course Evaluation

Documents

6425A_12 Implemente AD Domain Services Infrastructure