Upload
joanesdc
View
249
Download
0
Embed Size (px)
Citation preview
7/26/2019 Laboratory Exercise 1.docx
1/46
Laboratory Exercise 1
Domain Controller Promotion
Prerequisites:
1. Set-up permanent hostname/ computer name of
server. Click Start. Right click Computer. ClickManage.Click Change System Propertieson the right side.
2. Congure static !P "ddress of server. #e sure toreserve a private !P address $ith su%net mask and
gate$a&. 'n ()S settings put 12*.+.+.1
,. Run $indo$s updates.
DC Promotion
7/26/2019 Laboratory Exercise 1.docx
2/46
. Click Start. 'n search %o t&pe dcpromoordcpromo.exe
0. ait for "ctive (irector& !nstallation to load.
. 'n the $elcome screen click Next.
*. Click Nextfor Operating System Compatibility
Page.
7/26/2019 Laboratory Exercise 1.docx
3/46
3. Choose 4Create a ne domain in a ne !orest5 on
4Choose a (eplo&ment Conguration Page5. Click
Next.
6. 7nter "#DN $!ully %uali&ed domain name'of &ourrst domain controller. Click Next.
1+. Set forest functional level as (indos Ser)er *++,.
Click Next.
7/26/2019 Laboratory Exercise 1.docx
4/46
11.(o the same for domain functional level. Click Next.
12.Click Nexton "dditional (omain Controller 'ptions.
1,." ne$ $indo$ $ill pop-up for ()S delegation. Click
-esto continue.
7/26/2019 Laboratory Exercise 1.docx
5/46
1.8or "((S data%ase logle and s&svol location acceptdefault %& clicking Next.
10. 8ill out (irector& Services restore 9ode "dministrator
Pass$ord.
1.'n the summar& page click Next.1*.Check eboot on Completion.
7/26/2019 Laboratory Exercise 1.docx
6/46
7/26/2019 Laboratory Exercise 1.docx
7/46
Laboratory Exercise *
Domain Controller Promotion using an /nser &le !or
dc*.
1. "ollo Step 10 1 on pre)ious exercise.2. Click 7port Settings on the summar& page. Save
the le on &our drive C:. !n our case name the ledcpromo.tt. Click Cancel.
,. 'pen dcpromo.tt and edit
Safe9ode"dminPass$ord entr&. !nput &our
pass$ord and save the document.
. 'n command prompt run the follo$ing command.dcpromo.exe 2unattend3C34dcpromo.txt
0. ait for the command to nish. Server $ill restart
automaticall&.
7/26/2019 Laboratory Exercise 1.docx
8/46
Laboratory Exercise 5
Creating to0ay "orest 6rust
1. 'n (C1 ping ip address of (C2. ;ou should also %ea%le to reach (C1 on (C2 server.
Creating Stub 7one on DC1 and DC*
2. Click Start< "dministrative =ools< ()S.
,. 7pand (C1. )avigate to 8or$ard >ookup ?one. Right
Click and select )e$ ?one.
. )e$ ?one i@ard appears. Click Next.
7/26/2019 Laboratory Exercise 1.docx
9/46
0. 'n ?one =&pe page choose Stub 8one. Click Next.
. Choose default: 6o all DNS ser)ers on domaincontrollers in this domain. Click Next
*. !nput domain name of (C2Ain this case fa%rikam.com.
Click Next.
7/26/2019 Laboratory Exercise 1.docx
10/46
3. !nput !P address of (C2 !P address. Click Next.
6. Click "inishupon Completing the )e$ ?one i@ard.
1+.(o the same for (C2. 8ollo$ step ,-6 Bust changedomain name to (C1s domain. !n this case (c1
domain is contoso.com.
11. Do %ack to (C1 click Start< "dministrative=ools< /cti)e Directory Domains and 6rusts.
7/26/2019 Laboratory Exercise 1.docx
11/46
12. 'n the "((S console right click domain and clickproperties.
1,.Click =rusts =a%. Click Ne 6rustat the %ottom left
corner of the ne$ $indo$.
1.Click Nexton the elcome Page. Click Next.
10.7nter )et%ios name of (C2Ain this case fa%rikam.Click Next.
7/26/2019 Laboratory Exercise 1.docx
12/46
1.Choose "orest truston the trust t&pe. Click Next.
1*.Choose t$o-$a& for direction of trust. Click Next.
13.'n the sides of trust choose %oth domains. Click
Next.
7/26/2019 Laboratory Exercise 1.docx
13/46
16.7nter administrator username and pass$ord for (C2.Click Next.
2+.Select forest-$ide authentication. Click Next.
21.Click Next on summar& page.
22.Choose )o do not conrm the outgoing trust. ClickNext.
7/26/2019 Laboratory Exercise 1.docx
14/46
2,. Choose )o do not conrm incoming trust. Click Next.
2.)e$ =rust should no$ appear on outgoing EupperF andincoming Elo$erF trust %o.
Laboratory Exercise 9
:nstallation o! /cti)e Directory Certi&cate Ser)ices
7/26/2019 Laboratory Exercise 1.docx
15/46
1. Do to Server 9angager < Roles < "dd Roles i@ard.
2. Select "ctive (irector& Certicate Services.
,. Check Certication "uthorit& and Certication"uthorit& e% 7nrollment.
. 'n Setup =&pe Click 7nterprise Root.
0. Select create a ne$ private ke&.
7/26/2019 Laboratory Exercise 1.docx
16/46
. 'n congure C" name Bust leave default.
*. "lso leave default on Galidit& period.
3. Click default on conguring C" data%ase.
6. Click 8inish.
Laboratory Exercise ;
7/26/2019 Laboratory Exercise 1.docx
17/46
!ssue certicate on e% !!S Server.
1. Choose Start < "dministrative =ools < !nternet!nformation Services E!!SF 9anager
2. !n the !!S 9anager choose &our server name,. !n the 8eatures pane Ethe middle paneF dou%le-click
the Server Certicates option E8igure "F located under
the Securit& heading.
. =o %egin the process of requesting a ne$ certicate
from the "ctions pane choose the Create Certifcate
Requestoption.
0. =he rst screen of the $i@ard asks for details regarding
the ne$ site. =he common name should match the
full&-qualied domain name for the site. Click )et to
7/26/2019 Laboratory Exercise 1.docx
18/46
continue. . =he net screen of the $i@ard asks &ou to choose
cr&ptograph& options. =he defaultMicrosot RSA
SChannel Cryptography Provideris ne. " ke& length
of 1+2 %its is the default option and is ne as $ell.
*. 8inall& provide a lename to $hich to save thecerticate request. ;ou $ill need the contents of this
le in the net step so make sure &ou kno$ $here to
nd it.
7/26/2019 Laboratory Exercise 1.docx
19/46
HereIs some of the CSR mum%o Bum%o associate $ith this
certicate request:
-----#7D!) )7 C7R=!8!C"=7 R7JK7S=-----
9!!(d(CC"t+C"J"$g;7C@"L#g)G#";="lG=9R7$($;(GJJ!
("h)aM)@%,G&a=7P
9"+D"1K7#$$DRnGsdD6u9R$$Dg;(GJJN(#)M?M)+%luc,Rlci#(%2s?dl9Js$
...
a1eJo'eND"DKu3&is6,qai@D"7fJ6,uS#+GoSg6!;%CM'
ef7au"2u"p(t6ve
,@J9$tC(8d(%%NC)6gNalLk7D@qMr6
-----7)( )7 C7R=!8!C"=7 R7JK7S=-----
3. Request a certicate from our installed C" server.
http://localhost/certsvr
http://localhost/certsvrhttp://localhost/certsvr7/26/2019 Laboratory Exercise 1.docx
20/46
:nstall the certi&cate
"fter making sure that &our e% server can access the
certicate les &ou need to install the ne$ certicate so that
it can %e used %& &our e% site.
Choose Start O "dministrative =ools O !nternet
!nformation Services E!!SF 9anager.
!n the !!S 9anager choose &our server name.
!n the 8eatures pane Ethe middle paneF dou%le-click
the Server Certicates option located under the Securit&
heading.
=o complete the process of requesting a ne$
certicate from the "ctions pane choose the Complete
Certifcate Requestoption.
=he Complete Certicate Request $indo$ opens and
asks &ou to provide the location at $hich the certicate
le can %e located E"igure
7/26/2019 Laboratory Exercise 1.docx
21/46
!n the !!S 9anager %ro$se toyour server nameO Sites
O Your SSL-ased site. ;ou ma& need to create a ne$ site
notice that m& site is named ssltest. =he full !nternet path
to this site is ssltest.$estminster-mo.edu. Since this
indo$s Server 2++3 machine is running in a la% &ou $ill
see that it is a mem%er of the Contoso domain %ut ! have
added $estminster-mo.edu sites to this server and
appropriatel& congured ()S.
" look at a site to $hich H==PS $ill %e %ound
8rom the "ctions pane choose #indings. =his opens
the Site #indings $indo$.
=he Site #indings $indo$
!n the Site #indings $indo$ choose "dd. =his opens
the "dd Site #inding $indo$.
8rom the Site #indings $indo$ provide the %inding
t&pe EH==P or H==PS %ut for this purpose use H==PSF the
!P address that $ill %e used for this site E162.13.+.1 for
meF and the port that $ill %e used for SS>.
)et choose the SS> certicate that &ou $ant to use
to protect this site. )ote that ! have chosen
ssltest.$estminster-mo.edu. Kse the #ro$se %utton tolocate the right certicate.
7/26/2019 Laboratory Exercise 1.docx
22/46
Provide the appropriate details for the "dd Site #inding dialog%o
Click the 'N %utton.
=he results of the ne$ %inding
6est your certi&cate
)o$ test &our certicate %& %ro$sing to the ne$ site. ;ou
should not get an& certicate errors. )ote that ! havesuccessfull& %ro$sed to the ne$ site and that there is a lock
icon indicating that SS> is active.
=he site is %eing protected %& SS>
7/26/2019 Laboratory Exercise 1.docx
23/46
Laboratory Exercise 0/
6rans!er o! Operations Master> (indos Ser)er *++,
7/26/2019 Laboratory Exercise 1.docx
24/46
*. Right click "ctive (irector& Schema then click Change
"ctive (irector& (omain Controller.
3. 8rom the listed (omain Controllers click on thedomain controller that &ou $ant to %e the schema
master role holder and then click on 'N.
6. !n the console tree right click "ctive (irector& Schema(omainController.(omain)ameQ and then click
'perations 9aster.
1+.'n the Change Schema 9aster page the current
schema master role holder $ill %e displa&ed. 'nce &ou
7/26/2019 Laboratory Exercise 1.docx
25/46
click Change the schema master holder $ill %ecome7>9"L-(C2N3.7>9"L(">.)7=.
11.Click ;es to conrm the role transfer.
12.=he role $ill %e transferred and a conrmation
message $ill %e displa&ed. Click 'N.
Laboratory Exercise 0@
6rans!er o! Operations Master> (indos Ser)er *++,
7/26/2019 Laboratory Exercise 1.docx
26/46
,. 8rom the listed (omain Controllers click on the
domain controller that &ou $ant to %e the (omain)aming master role holder and then click on 'N.
. Right click "ctive (irector& (omains and =rusts thenclick 'perations 9aster.
0. 'n the 'perations 9aster page $e are going tochange the (omain )aming role holder from 7>9"L-
(C.7>9"L(">.)7= to 7>9"L-(C2N3.7>9"L(">.)7=Click Change.
. Click ;7S to conrm the transfer of the (omain)aming role.
7/26/2019 Laboratory Exercise 1.docx
27/46
Laboratory Exercise 0C
6rans!er o! Operations Master> (indos Ser)er *++,
7/26/2019 Laboratory Exercise 1.docx
28/46
. Click ;es to conrm the role transfer.
0. =he role $ill %e transferred and a conrmationmessage $ill %e displa&ed. Click 'N.
. "s for the !nfrastructure role once &ou click on the
Change %utton &ou $ill receive the %elo$ message.
*. #& default $hen &ou rst install &our rst (omainController it holds the ve roles and %eside that it is a
Dlo%al Catalog. !f &our environment is a multi-domain/forest then &ou should think a%out structuring
&our 8S9' roles and transfer the !nfrastructure role to
a none Dlo%al Catalog domain controller. 7lse if &ouhave small num%er of domain controllers Ee. t$o
domain controllersF then &ou should not $orr& a%out
this. Click ;es.
3. =he =a%s should no$ look like this.
7/26/2019 Laboratory Exercise 1.docx
29/46
6. =hatIs it %& no$ &ou have successfull& transferred theve 8S9' roles to the indo$s Server 2++3 (omain
Controller.
Laboratory Exercise 0C
Sei8e o! Operations Master using Ntdsutil.
1. Click Start un t&pe ntdsutil.
2. ill sho$ ntdsutil3=&pe roles and thenpress EN6E.
,. ill sho$ !smo maintenance3=&pe connections
and then press EN6E.
. ill sho$ ser)er connections3=&pe connect to
ser)er $servername'and then press EN6E.
here servernameis the name of the domaincontroller that &ou $ant to assign the 8S9' role
to.
7/26/2019 Laboratory Exercise 1.docx
30/46
0. "t theser)er connections3=&pe% and then
press EN6E
. =&pe sei8e role $here role is the role that &ou $ant
to sei@e.
8or a list of roles that &ou can sei@e t&peAat
the!smo maintenance3and then pressEN6E
'r see the list of roles %elo$:
Sei8e in!rastructure master
Sei8e naming master
Sei8e PDC
Sei8e :D master
Sei8e schema master
8or eample to sei@e the R!( master role t&pe !smo
maintenance3 sei8e rid master
=he one EBCEP6:ONis for the PDC emulator role>$hose
s&nta is sei8e pdc not sei@e pdc emulator.
7/26/2019 Laboratory Exercise 1.docx
31/46
Laboratory Exercise
?sing CSDE to export /cti)e Directory users.
1. >ogin to server (C1 as domain administrator.
2. Create folder on drive C named scripts.
,. Run the follo$ing on command prompt.cs)de 0! c34scripts4cs)usr.cs) 0p subtree 0r
$F$obGectCategoryHperson'$obGectClassH?ser'$gi)ennameHI'' 0l
cn>gi)enName>obGectclass>sam/ccountName
. 'pen the c:scriptscsvuser.csv in 7cel.
;ou $ill have an ecel le like this. 7port is complete.
7/26/2019 Laboratory Exercise 1.docx
32/46
Laboratory Exercise ,
?sing CSDE to import /cti)e Directory users.
1. Kse same ecel le that $e eported on >a% 3. 7dit the
follo$ing eld for ne$ users.
a. ()
%. Sam"ccount)ame
Create column for additional elds.
c. given)ame Erst nameF
d. sn Elast nameF
2. Save ecel le on c:scripts.
,. !mport ne$ users using %elo$ command.
cs)de 0i 0! c34scripts4cs)usr.cs)
7/26/2019 Laboratory Exercise 1.docx
33/46
. )e$ users should appear on "ctive (irector& Ksers
and Computers.
Laboratory Exercise J
?sing LD:"DE to export /cti)e Directory users.
1. >ogin to server (C1 as domain administrator.
2. Create folder on drive C named scripts.
,. Run the follo$ing on command prompt.ldi!de 0! c34scripts4Exportuser.ld! 0s dcnugget1 0p
subtree 0r $F$obGectCategoryHperson'
$obGectClassH?ser'$gi)ennameHI'' 0l
cn>gi)enName>obGectClass>sam/ccountName>p
d
. 'pen the c:scripts7portuser.ldf on notepad
;ou $ill have a le like this. 7port is complete.
7/26/2019 Laboratory Exercise 1.docx
34/46
Laboratory Exercise 1+
?sing LD:"DE to import /cti)e Directory users.
0. Kse same notepad le E.ldfF that $e eported on >a% 6.
7dit the follo$ing eld for ne$ users.
a. (n:
%. given)ame
c. sam"ccounr)ame
. Save ldf le on c:scripts.
*. !mport ne$ users using %elo$ command.
Ldi!de 0i 0! c34scripts4:mport?ser.ld!
3. )e$ users should appear on "ctive (irector& Ksers
and Computers.
>a%orator& 7ercise 11
7/26/2019 Laboratory Exercise 1.docx
35/46
Creating Secondary DNS Ser)er $"orard LooKup
7one'
:nstall (indos DNS Ser)er
1. Click on the Start 9enu "dministrative =ools and >aunch
Server 9anager.
2. Select the Roles node and click the "dd Roles link.
,. Select the ()S Server role check %o and click )et.
. Click !nstall to %egin installation.
0. Click on the Start 9enu "dministrative =ools ()S.
7/26/2019 Laboratory Exercise 1.docx
36/46
2. Create a 8or$ard >ookup ?one )o$ ERecommendedF andclick )et.
,. Select the t&pe of @one to %e created choose secondar&@one and Click )et.
7/26/2019 Laboratory Exercise 1.docx
37/46
. =&pe the 8J() of the @one in the @one name %o and clicknet
0. ;ou can create a ne$ @one tet le or import one from an
eisting @one le. Choose create a ne$ le $ith this le nameand then click )et.
. (o not allo$ d&namic updates and then click )et.
7/26/2019 Laboratory Exercise 1.docx
38/46
7/26/2019 Laboratory Exercise 1.docx
39/46
>a%orator& 7ercise 12
Creating Primary DNS Ser)er $e)erse LooKup 7one'
1. Create a reverse lookup @one and click )et.
3. Select primar& @one for the reverse lookup @one t&pe andclick )et.
6. "ccept the default !Pv Reverse >ookup ?one andclick )et.
7/26/2019 Laboratory Exercise 1.docx
40/46
1+.=&pe NetorK :Dand then Click Next.
11.Click Nextat the 7one "ile. E8ile name $ill %e
generated automaticall&F
12.Click Nextat the Dynamic ?pdate.
1,.Click "inishat the Completing the Ne 7one
(i8ard
7/26/2019 Laboratory Exercise 1.docx
41/46
>a%orator& 7ercise 1,Create P6 record
1. Select reverse lookup zone nameQ
2. Right click zone nameand then Select Ne
Pointer$P6'in the popup menu
,. Click @rose
. (ou%le click server name
7/26/2019 Laboratory Exercise 1.docx
42/46
0. (ou%le click "orard LooKup 7ones
. (ou%le click zone nameQ
*. Select =ost $/'record and then Click O
3. Check =ost :P /ddressand =ost nameand then
Click O
7/26/2019 Laboratory Exercise 1.docx
43/46
6. =est : nslookup ip addressa%orator& 7ercise 1
Creating DNS Stub 7one
1. 'n ()S 9anager i@ard right-click on &our Server)ame and choose to T"dd )e$ ?oneT.
*. )o$ the )e$ ?one i@ard $ill %e opened $here rstsome information a%out this ?one $ill %e providedclick on the T)etT %utton to start the process ofadding the ?one.
7/26/2019 Laboratory Exercise 1.docx
44/46
5. )o$ &ou $ill %e asked to select a ?one t&pe here three?one t&pes $ill %e availa%leU Primar& ?one Secondar& ?oneand Stu% ?one so select the third option in other $ordsStu% ?one.
9. )o$ &ou $ill %e asked ho$ &ou $ant the ?one data to %ereplicated. ! had chosen the second option &ou can choose$hichever &ou require.
;. )o$ &ou $ill %e asked to select a t&pe of >ookup ?onethat can %e either a 8or$ard >ookup ?one or a Reverse>ookup ?one.
7/26/2019 Laboratory Exercise 1.docx
45/46
. 'n the net page &ou $ill need to provide the namefor this ne$ ?one after providing the name click onthe T)etT %utton.
. =he net page $ill ask &ou a%out the 9aster Server$here &ou can either provide the !P "ddress for this?one or can provide itIs )ame.
7/26/2019 Laboratory Exercise 1.docx
46/46
,. )o$ a %rief description of &our selection $ill %e sho$nto &ou click on the T)etT %utton to complete theprocess.