Professional Documents
Culture Documents
2.
3.
4.
5.
Add the server to the domain. ( This is Done is Exercise TWO after adding Server Core)
2.
Configure the DVD drive to use the Windows Server 2012 R2 image file named
3.
In the Windows Setup Wizard, on the Windows Server 2012 R2 page, verify the following
settings, click Next, and then click Install Now:
o
4.
Click to install the Windows Server Windows Server 2012 R2 Datacenter Evaluation (Server
with a GUI) operating system.
5.
Accept the license terms, click Next, and then click Custom: Install Windows only (advanced).
6.
7.
2.
In Server Manager, on the Local Server node, click the randomly generated name next to
Computer name.
3.
In the System Properties dialog box, on the Computer Name tab, click Change.
4.
In the Computer name box, type SVR1, and then click OK.
5.
6.
2.
On the taskbar, click the time display, and then click Change date and time settings.
3.
Click Change Time Zone, and set the time zone to your current time zone.
4.
Click Change Date and Time, and verify that the date and time that display in the Date and
Time Settings dialog box match those in your classroom.
5.
2.
3.
In the Network Connections dialog box, right-click Ethernet, and then click Properties.
4.
5.
Default Gateway:
2.
3.
4.
2.
3.
4.
5.
6.
After the computer restarts, sign in to server LON-CORE using the Administrator account with
the password Pa$$w0rd.
7.
At the command prompt, type hostname, and then press Enter to verify the computers name.
Ensure you are signed in to server LON-CORE as Administrator with the password Pa$$w0rd.
2.
3.
4.
Click Change time zone, and then set the time zone to the same time zone that your classroom
uses.
5.
In the Date and Time dialog box, click Change Date and Time, and verify that the date and
time match those in your location.
6.
Exit sconfig.cmd.
Ensure that you are signed in to server LON-CORE using the account Administrator and
the password Pa$$w0rd.
2.
3.
4.
Type the number of the network adapter that you want to configure.
5.
6.
Click static IP address configuration, and then enter the address 192.168.1.2.
7.
8.
9.
Ensure that you are signed in to server LON-CORE using the account Administrator with the
password Pa$$w0rd.
2.
3.
4.
5.
6.
7.
At the Type the password associated with the domain user prompt, type Pa$$w0rd.
8.
9.
10. Sign in to server LON-CORE with the Adatum\Administrator account using the password
Pa$$w0rd.
2.
3.
Sign in to LON-DC1 with the Administrator account and the password Pa$$w0rd.
2.
In the Server Manager console, click Dashboard, and then click Create a server group.
3.
Click the Active Directory tab, and then click Find Now.
4.
5.
6.
7.
Scroll down, and under the Performance section, select both LON-CORE and LON-SVR3.
8.
In Server Manager on LON-DC1, click the LAB-1 server group, right-click LON-CORE, and
then click Add Roles and Features.
2.
In the Add Roles and Features Wizard, click Next, click Role-based or feature-based
installation, and then click Next.
3.
4.
5.
6.
Add the Windows Authentication role service, and then click Next.
7.
Select the Restart the destination server automatically if required check box, and then
click Install.
8.
Click Close.
9.
Right-click LON-SVR3, click Add Roles and Features, and then click Next.
10. In the Add Roles and Features Wizard, click Role-based or feature-based installation, and
Sign in to LON-CORE with the Adatum\Administrator account and the password Pa$$w0rd.
2.
3.
4.
In Server Manager, click LAB-1, right-click LON-CORE, and then click Computer Management.
5.
6.
Verify that the Startup type of the World Wide Web Publishing service is set to Automatic.
7.
Verify that the service is configured to use the Local System account.
8.
9.
Configure the Restart Computer option to 2 minutes, and then close the World Wide Web
Publishing Services Properties dialog box.
2.
Task 1: Use Windows PowerShell to connect remotely to servers and view information
1.
Sign in to LON-DC1 with the Adatum\Administrator account and the password Pa$$w0rd.
2.
3.
4.
5.
6.
7.
8.
Review the IP addresses assigned to the server by typing the following command:
Get-NetIPAddress | Format-table
9.
Review the most recent 10 items in the security log by typing the following command:
Get-EventLog Security -Newest 10
2.
Type the following command to verify that the XPS Viewer feature has not been
installed on LON-SVR3:
Get-WindowsFeature -ComputerName LON-SVR3
3.
To deploy the XPS Viewer feature on LON-SVR3, type the following command, and then press
Enter:
Install-WindowsFeature XPS-Viewer -ComputerName LON-SVR3
4.
Type the following command to verify that the XPS Viewer feature has been deployed on LONSVR3:
Get-WindowsFeature -ComputerName LON-SVR3
5.
In the Server Manager console, in the Tools drop-down menu, click Windows PowerShell ISE.
6.
7.
8.
Resize volumes.
2.
3.
2.
In Server Manager, open Computer Management, and then access Disk Management.
3.
Initialize Disk2, and then configure it to use GPT (GUID Partition Table).
2.
In the Computer Management console, on Disk 2, create a Simple Volume with the following
attributes:
o
Drive Letter: F
In the Computer Management console, on Disk 2, create a Simple Volume with the following
attributes:
o
Drive Letter: G
2.
Use File Explorer to make sure you can access the following volumes:
o
Volume1 (F:)
Volume2 (G:)
Shrink Volume1.
2.
Extend Volume2.
2.
Use File Explorer to verify that the folder Folder1 is still on drive G.
Create a storage pool from five disks that are attached to the server.
2.
3.
Copy a file to the volume, and verify that it is visible in File Explorer.
4.
5.
6.
Add a new disk to the storage pool and remove a broken disk.
Task 1: Create a storage pool from five disks that are attached to the server
1.
2.
In the left pane, click File and Storage Services, and then in the Servers pane, click Storage Pools.
3.
Name: StoragePool1
Physical disks:
PhysicalDisk3
PhysicalDisk4
PhysicalDisk5
PhysicalDisk6
PhysicalDisk7
On LON-SVR1, in Server Manager, in the VIRTUAL DISKS pane, create a virtual disk with the
following settings:
o
2.
In the New Volume Wizard, create a volume with the following settings:
o
Drive letter: H
Task 3: Copy a file to the volume, and verify that it is visible in File Explorer
1.
2.
On the host computer, in Hyper-V Manager, in the Virtual Machines pane, change the
Switch to LON-SVR1.
2.
Open File Explorer, and then browse to H:\write.exe to ensure access to the file is still
available.
3.
In Server Manager, in the STORAGE POOLS pane, on the menu bar, click the Refresh Storage
Pools button.
Open the Mirrored Disk Properties dialog box, and then access the Health pane.
that the Health Status indicates a Warning. The Operational Status should indicate
Notice
Task 6: Add a new disk to the storage pool and remove a broken disk
1.
On LON-SVR1, in Server Manager, in the STORAGE POOLS pane, on the menu bar, click the
Refresh Storage Pools button.
2.
In the STORAGE POOLS pane, right-click StoragePool1, click Add Physical Disk, and then click
PhysicalDisk8 (LON-SVR1).
3.
Open Windows PowerShell, and then run the following commands to remove the
disconnected disk:
a.
Get-PhysicalDisk
Note the FriendlyName for the disk that shows an OperationalStatus of Lost Communication.
b.
Replace diskname with the name of the disk that you noted previously
a.
4.
If you get a warning that the disk cannot be removed, wait five minutes, and then run the
last command again. It can take some time for the mirrored disk to resynchronize after a disk
is removed and another is added. If you cannot remove the disk after five minutes, restart
LON-SVR1, sign in as Adatum\Administrator by using the password Pa$$w0rd, and then
repeat step 3.
5.
In Server Manager, refresh the storage pools view to see the warnings disappear.
2.
3.
4.
5.
6.
7.
E:\Data
E:\Data\Development
E:\Data\Marketing
In File Explorer, block the file permissions inheritance for E:\Data\Development and
E:\Data\Marketing, and when prompted, convert inherited permissions into explicit permissions.
2.
E:\Data\Marketing.
3.
In File Explorer, add the following file permissions for the folder structure.
Folder
Permissions
E:\Data
No change
E:\Data\Development
Modify: Adatum\Development
E:\Data\Marketing
Modify: Adatum\Marketing
2.
Sign in to LON-CL1 as Adatum\Bernard with the password Pa$$w0rd. Notice that Bernard is
a member of the Development group.
2.
3.
Navigate to \\LON-SVR1\Data.
4.
Bernard should have access to the Development folder. However, although Bernard can still see the
Marketing folder, he does not have access to its contents.
5.
Switch to LON-SVR1.
2.
3.
4.
Click Shares.
5.
Open the Properties dialog box for the Data share, and then on the Settings page, enable
Access-based enumeration.
Task 6: Test access to the share
1.
2.
Bernard can now view only the Development folder, the folder for which he has permissions.
3.
4.
Switch to LON-SVR1.
2.
3.
Navigate to drive E.
4.
Open the Properties dialog box for the Data folder, and then disable offline file caching.
2.
3.
On LON-SVR1.
2.
3.
Navigate to drive E, right-click Allfiles (E:), and then click Configure Shadow Copies.
4.
5.
2.
3.
Switch back to the Allfiles (E:) Properties dialog box. It should be opened on the Shadow Copies
2.
3.
Open the Properties dialog box for E:\Data\Development, and then click the Previous Versions
4.
Open the most recent version of the Development folder, and then copy the Report.txt file.
5.
6.
tab.
2.
3.
4.
Test synchronization
On LON-SVR1, use Windows PowerShell to run the following command to install the Work
Folders
role service:
Add-WindowsFeature FS-SyncShareService
Note that the name of the feature is case-sensitive.
Task 2: Create a sync share on the file server
1.
On LON-SVR1, use Windows PowerShell to run the following command to create the sync
share named Corp:
Open Server Manager, and then view the Work Folders to ensure the sync share was created.
On LON-DC1, create a GPO named Work Folders, and then link it to the Adatum.com
domain.
2.
3.
Templates\Windows
Enable the Specify Work Folders settings policy, and then specify the Work Folders URL
as http://lon-svr1.Adatum.com.
2.
Use File Explorer to navigate to C:\Labfiles\Mod10, and then double-click WorkFolders.bat. This
adds a registry entry to allow unsecured connections to the work folders.
3.
4.
5.
In File Explorer, open Work Folders, and then create a new text document named TestFile2.
6.
Switch to LON-SVR1, and then use File Explorer to open C:\CorpData\Administrator. Ensure the
new text file you created exists.
2.
Install a printer.
3.
4.
2.
Install the Print and Document Services role, and then accept the default settings.
On LON-SVR1, use the Print Management console to install a printer with following parameters:
IP Address: 172.16.0.200
o
2.
3.
4.
On LON-SVR1, in the Print Management console, create a new port with the following
configuration:
o
IP Address: 172.16.0.201
o
2.
Open the Branch Office Printer Properties dialog box, and then on the Ports tab, enable
printer pooling.
3.
On LON-CL1, add a printer by selecting the Branch Office Printer on LON-SVR1 printer.
The DNS server in the branch office will be a domain controller. The Active Directory integrated zones
required to support logons will be replicated automatically to the branch office.
The main tasks for this exercise are as follows:
1.
Configure LON-SVR1 as a domain controller without installing the Domain Name System
(DNS) server role.
2.
Review configuration settings on the existing DNS server to confirm root hints.
3.
Add the DNS server role for the branch office on the domain controller.
4.
5.
6.
7.
8.
Task 1: Configure LON-SVR1 as a domain controller without installing the Domain Name System (DNS)
server role
1.
Use Add roles and features in Server Manager to add the Active Directory Domain Services
role to LON-SVR1.
2.
3.
4.
Choose to not install the DNS server by clearing the DNS check box, which is selected by
default.
Task 2: Review configuration settings on the existing DNS server to confirm root hints
1.
In DNS Manager on LON-DC1, open the Properties dialog box for LON-DC1.
2.
Task 3: Add the DNS server role for the branch office on the domain controller
2.
Expand Forward Lookup Zones, and verify that both the Adatum.com and
_msdcs.Adatum.com zones are replicated.
2.
1.
On LON-SVR1, make 127.0.0.1 the preferred DNS server for LON-SVR1 using the following
Windows PowerShell cmdlet, where X is the Interface Index number, which you can find in the
Get-DnsClient cmdlet:
Resolve-DNSName cmdlet.
You should receive an error message in red text. This is expected.
3.
Perform an nslookup command within Windows PowerShell for the www.contoso.com address.
This command should also fail.
4.
Type the following two cmdlets, and then press Enter after each one:
2.
In Windows PowerShell, type the following cmdlet, and then press Enter:
nslookup www.contoso.com
You should get a non-authoritative reply and an IP address.
2.
Create several host records for web apps in the Adatum.com domain.
3.
4.
2.
3.
4.
Task 2: Create several host records for web apps in the Adatum.com domain
1.
2.
3.
4.
2.
3.
Note: If the www and ftp resource records do not display within several minutes, refresh the Adatum.com
zone.
Task 4: Use the ping command to locate new records from LON-CL1
1.
2.
3.
2.
3.
4.
Task 1: Use the ping command to locate an Internet record from LON-CL1
1.
2.
Ensure that the name resolves to an IP address, and then document the IP address.
2.
3.
4.
Note that this record is still resolved with the old IP.
Task 3: Examine the content of the DNS cache
1.
2.
Browse the content of the Cached Lookups container for the com namespace, and note the IP
address for www record.
3.
ipconfig /displaydns
4.
Examine the cached content and notice the IP address for the www record.
Clear the cache on the LON-SVR1 DNS server, by using the Clear-DNSServerCache cmdlet.
2.
Retry the ping to www.contoso.com on LON-CL1. The result still returns the old IP address.
3.
Clear the client resolver cache on LON-CL1 by typing the following in the Command Prompt
window at a command prompt:
ipconfig /flushdns
4.
who works onsite to be configured as an administrator when required. Each branch office has a
branch administrators group that can perform full administration within the branch office OU.
There is also a branch office help desk group that is able to manage users in the branch office
OU, but not other objects. You need to create these groups for the new branch office and
delegate permissions to the groups.
2.
3.
4.
On LON-DC1, open Active Directory Users and Computers, and then in the Adatum.com
domain, create a new OU named Branch Office 1.
2.
Create the following global security groups in the Branch Office 1 OU:
o
Branch 1 Administrators
Branch 1 Users
3.
4.
Development\Bart Duncan
Managers\Ed Meadows
Sales\Arlene Huff
5.
Move the LON-CL1 computer to the Branch Office 1 OU, and then restart the LON-CL1
computer.
6.
7.
On LON-DC1, in Active Directory Users and Computers, use the Delegate Control Wizard to
delegate administration of the Branch Office 1 OU to the Branch 1 Administrators security
group by delegating the following common and custom tasks:
a.
b.
Task 2: Delegate a user administrator for the Branch Office Help Desk
1.
On LON-DC1, in Active Directory Users and Computers, use the Delegate Control Wizard to
delegate administration of the Branch Office 1 OU to the Branch 1 Help Desk security group.
2.
2.
Add the Branch 1 Administrators global group to the Server Operators domain local group.
3.
4.
You can sign in locally at a domain controller because Holly belongs indirectly to the Server Operators
domain local group.
5.
Confirm Hollys current credentials in the User Account Control dialog box.
6.
On LON-DC1, add Bart Duncan to the Branch 1 Help Desk global group.
2.
Close Active Directory Users and Computers, and then close Server Manager.
3.
Open Server Manager, and then open Active Directory Users and Computers.
4.
In the User Account Control dialog box, specify Adatum\Administrator and Pa$$w0rd as the
required credentials.
To modify the Server Operators membership list, you must have permissions beyond those available to
the Branch 1 Administrators group.
5.
Add the Branch 1 Help Desk global group to the Server Operators domain local group.
6.
7.
You can sign in locally at a domain controller because Bart belongs indirectly to the Server Operators
domain local group.
8.
9.
Open Server Manager, and then open Active Directory Users and Computers. Confirm your
current credentials in the User Account Control dialog box.
Try to delete Branch Office 1\Connie Vrettos.
11.
After confirming the password reset is successful, sign out from LON-DC1.
12.
2.
3.
Create a new user for the branch office, based on the template.
4.
2.
Modify the shared folder permissions so that the Everyone group has Full Control Allow
permissions.
3.
In Server Manager, open Active Directory Users and Computers, and then create a new user
with the following properties in the Branch Office 1 OU:
o
Password: Pa$$w0rd
Account is disabled
City: Slough
Task 3: Create a new user for the branch office, based on the template
1.
On LON-DC1, copy the _Branch_template user account, and then configure the following
properties:
o
First name: Ed
Password: Pa$$w0rd
1.
Verify that the following properties have been copied during account creation:
City: Slough
2.
2.
Sign in to LON-CL1 as Adatum\Ed with the password Pa$$w0rd. You are able to sign in
successfully.
3.
Verify that you have a drive mapping for drive Z to Eds home folder on LON-DC1.
4.
2.
3.
2.
3.
4.
5.
Switch to LON-CL1, and attempt to sign in as Adatum\Ed with the password Pa$$w0rd.
A message appears stating that The trust relationship between this workstation and the primary domain
failed.
2.
2.
Open the Control Panel, switch to Large icons view, and then open System.
3.
View the Advanced system settings, and then click the Computer Name tab.
4.
In the System Properties dialog box, use the Network ID button to rejoin the computer to
the domain.
5.
Password: Pa$$w0rd
Domain: Adatum
6.
7.
You are successful because the computer had been successfully rejoined.