Module 2: Implementing an Active Directory Forest and Domain Structure
Overview Creating a Forest and Domain Structure Examining Active Directory Integrated DNS Raising Forest and Domain Functional Levels Creating Trust Relationships
Lesson: Creating a Forest and Domain Structure Requirements for Installing Active Directory The Active Directory Installation Process How to Create a Forest and Domain Structure How to Add a Replica Domain Controller How to Rename a Domain Controller How to Remove a Domain Controller from Active Directory How to Verify the Active Directory Installation How to Troubleshoot the Installation of Active Directory
Requirements for Installing Active Directory A computer running Windows Server 2003 Minimum disk space of 250 MB and a partition formatted with NTFS Administrative privileges for creating a domain TCP/IP that is installed and configured to use DNS An authoritative DNS server that supports SRV resource records
The installation process Starts the security protocol and sets the security policy Creates the: Active Directory partitions, database, and log files Forest root domain SYSVOL folder Configures the site membership of the domain controller Enables security on the directory service and the file replication folders Applies the password for restore mode Starts the security protocol and sets the security policy Creates the: Active Directory partitions, database, and log files Forest root domain SYSVOL folder Configures the site membership of the domain controller Enables security on the directory service and the file replication folders Applies the password for restore mode The Active Directory Installation Process
How to Create a Forest and Domain Structure You can refer to the following procedure when you create a forest and domain structure in the lab
How to Add a Replica Domain Controller You can refer to the following procedure when you add a replica domain controller to a domain in the practice
How to Rename a Domain Controller Your instructor will demonstrate how to rename a domain controller
How to Remove a Domain Controller from Active Directory You can refer to the following procedure when you remove a domain controller in the lab
How to Verify the Active Directory Installation Your instructor will demonstrate how to: Verify the creation of SYSVOL and its shares The directory database and log files The default Active Directory structure Verify the installation results by examining the event logs Verify the creation of SYSVOL and its shares The directory database and log files The default Active Directory structure Verify the installation results by examining the event logs
How to Troubleshoot the Installation of Active Directory Symptom Possible causes Access denied when creating or adding a domain controller You are not logged on using an account in the Local Administrators group Your credentials are not from a user account that is a member of the Domain Admins or Enterprise Admins group DNS or NetBIOS domain names are not unique Another domain has the same DNS or NetBIOS name Domain cannot be contacted Network error DNS error Insufficient disk space Available disk space is less than the minimum required to install Active Directory
Practice: Creating a Child Domain In this practice, you will Install Active Directory and create a child domain in nwtraders.msft Verify the installation of Active Directory
Lesson: Examining Active Directory Integrated DNS DNS and Active Directory Namespaces What Are Active Directory Integrated Zones? What Are SRV Resource Records? SRV Records Registered by Domain Controllers How to Examine the Records Registered by a Domain Controller Multimedia: How Client Computers Use DNS to Locate Domain Controllers and Services
DNS and Active Directory Namespaces training microsoft = DNS node (domain or computer)= Active Directory domain sales computer1 DNS Root Domain “.”“.” com.com. DNS Namespace Active Directory Namespace microsoft.msft sales. microsoft.msft training. microsoft.msft
What Are Active Directory Integrated Zones? Active Directory Integrated Zones Are primary and stub DNS zones that are stored as objects in the Active Directory database Can be stored in an application or a domain partition Offer the following benefits Multimaster replication Secure dynamic updates Standard zone transfers to other DNS servers Are primary and stub DNS zones that are stored as objects in the Active Directory database Can be stored in an application or a domain partition Offer the following benefits Multimaster replication Secure dynamic updates Standard zone transfers to other DNS servers
What Are SRV Resource Records? SRV resource records are DNS records that map a service to the computer that provides the service Format of SRV records Example _ldap._tcp.contoso.msft 600 IN SRV london.contoso.msft _Service_.Protocol.Name Ttl Class SRV Priority Weight Port Target
SRV Records Registered by Domain Controllers Domain controllers running Windows Server 2003 register SRV records in the _msdcs subdomain in the following format: Examples _ldap._tcp. DnsDomainName _ldap._tcp. SiteName._sites.dc _msdcs. DnsDomainName _gc._tcp. DnsForestName _gc._tcp. SiteName._sites. DnsForestName _kerberos._tcp. DnsDomainName _kerberos._tcp. SiteName _ sites. DnsDomainName _ Service. _ Protocol.DcType._ msdcs. DnsDomainName
How to Examine the Records Registered by a Domain Controller Your instructor will demonstrate how to examine the records registered by a domain controller by using the DNS console or the NSLookup utility
Multimedia: How Client Computers Use DNS to Locate Domain Controllers and Services DNS Server Client Domain Controller
Practice: Verifying SRV Records In this practice, you will examine the SRV records that are registered by your domain controller
Lesson: Raising Forest and Domain Functional Levels What Is Forest and Domain Functionality? Requirements for Enabling New Windows Server 2003 Features How to Raise the Functional Level
What Is Forest and Domain Functionality? Network environment Domain functional levels Forest functional levels Windows 2000 mixed-mode domain Windows 2000 native-mode domain Windows Server 2003 Domain Windows Server 2003 Interim Enable forest-wide or domain-wide Active Directory features
Requirements for Enabling New Windows Server 2003 Features RequirementDomainForest Domain controllers must run: Windows Server 2003 Domain functional level must be: Raised to Windows Server 2003 Able to be raised to Windows Server 2003 Administrator: Domain administrator to raise domain functional level Enterprise administrator to raise forest functional level
How to Raise the Functional Level Your instructor will demonstrate how to raise the forest and domain functional levels
Practice: Raising the Domain Functional Level In this practice, you will raise the functional level of your domain
Lesson: Creating Trust Relationships Types of Trusts What Are Trusted Domain Objects? How Trusts Work in a Forest How Trusts Work Across Forests How to Create Trusts How to Verify and Revoke a Trust
Types of Trusts Forest (root) Tree/Root Trust Tree/Root Trust Forest Trust Forest Trust Shortcut Trust External Trust External Trust Kerberos Realm Realm Trust Realm Trust Domain D Forest 1 Domain B Domain A Domain E Domain F Forest (root) Domain P Domain Q Parent/Child Trust Forest 2 Domain C
Trusted domain objects Represent each trust relationship in a particular domain Store information such as transitivity and trust type Represent each trust relationship in a particular domain Store information such as transitivity and trust type What Are Trusted Domain Objects?
How Trusts Work in a Forest Tree One Tree Two Domain 1 Tree Root Domain Forest Root Domain Domain 2 Domain C Domain A Domain B
How Trusts Work Across Forests nwtraders.msftcontoso.msft Forest trust Global catalog Seattle vancouver.nwtraders.msft seattle.contoso.msft Vancouver Forest 1 Forest 2
How to Create Trusts Your instructor will demonstrate how to create trusts by using Active Directory Domains and Trusts
How to Verify and Revoke a Trust Your instructor will demonstrate how to verify and revoke a trust by using Active Directory Domains and Trusts
Practice: Creating a Shortcut Trust In this practice, you will Create a shortcut trust between your domain and another domain in your forest Validate the shortcut trust
Lab A: Implementing Active Directory Removing a Child Domain from Active Directory Creating an Active Directory Forest Root Domain Creating an Active Directory Child Domain Raising Domain and Forest Functional Level Creating a Forest Trust