Bagatrix Solved!

Lab Detailed Steps

Page 1 of 5

MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

Print this page.

Note:
These lab detailed steps are located on the Lab Review page of the course, as well as under detailed steps in the expandable Lab Instructions pane of the launched lab. Both sets contain the same information, so please use the instructions from the location you feel is most convenient.

Exercise 1: Installing a New Active Directory Domain Task 1: Log on to the RWDC01 computer with the user name, Contoso\Administrator, and the password, Pa$$w0rd. Proceed to the next task.
1. To log on to RWDC01, click the Ctrl-Alt-Delete button. 2. Enter the following: User name: Contoso\Administrator Password: Pa$$w0rd 3. Click the Forward button. You are now connected to the RWDC01 computer.

Task 2: Log on to the RWDC02 computer with the user name, Contoso\Administrator, and the password, Pa$$w0rd. Proceed to the next task.
1. To log on to RWDC02, click the Ctrl-Alt-Delete button. 2. Enter the following: User name: Contoso\Administrator Password: Pa$$w0rd 3. Click the Forward button. You are now connected to the RWDC02 computer.

Note:
The Server Manager console will be displayed automatically. If the Server Manager console does not appear automatically, click Start, and then click Server Manager.

Task 3: Install a new Windows Server 2008 Active Directory forest.

1. On RWDC02, install the Active Directory Domain Services server role by using Server Manager. a. In the left pane, select Roles. In the right pane, click Add Roles. b. Click Next to bypass the initial Welcome screen. The Select Server Roles screen is displayed. c. Place a checkmark next to Active Directory Domain Services. Click Next. The Active Directory Domain Services screen is displayed. d. Read the introductory information to Active Directory Domain Services and click Next. The Confirm Installation Selections screen is displayed. e. Read the confirmation information to prepare for the installation. Click Install to install the Active Directory Domain Services role. The Installation Results screen is displayed. 2. Install a new Windows Server 2008 Active Directory forest by using the Active Directory Domain Services Installation Wizard with the following information: Forest root domain name: adatum.com Forest functional level: Windows Server 2008 Additional domain controller: DNS Server Directory Services Restore Mode administrator password: Pa$$w0rd

MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

1/30/2014

Bagatrix Solved!
Welcome to the Active Directory Domain Services Installation Wizard screen is displayed. b. Click Next twice to continue. The Choose a Deployment Configuration screen is displayed.

Page 2 of 5

a. Click Close This Wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe). The

c. Click the Create a new domain in a new forest radio button. Click Next. The Name the Forest Root Domain screen is displayed. d. Key adatum.com as the name of the new domain and click Next. The Set Forest Functional Level screen is displayed. e. Select Windows Server 2008 and click Next. The Additional Domain Controller Options screen is displayed. f. Verify that the DNS server checkbox is selected, and then click Next. A warning message is displayed concerning DNS delegations. g. Read the warning message and click Yes to continue. The Location for Database, Log Files, and SYSVOL screen is displayed. h. Accept the default selections and click Next to continue. The Directory Services Restore Mode Administrator Password screen is displayed. i. Key Pa$$w0rd in the Password and Confirm password text boxes, and click Next to continue. The Summary screen is displayed. j. Review your installation choices and click Next to continue. The Active Directory Domain Services Installation Wizard screen is displayed, indicating that the Active Directory Domain Service is being installed. The Completing the Active Directory Domain Services Installation Wizard screen is displayed. k. Click Finish. 3. Reboot the newly created domain controller. a. When prompted, click Restart Now to restart the newly configured domain controller. 4. Log on to the RWDC02 computer with the user name, Adatum\Administrator, and the password, Pa$$w0rd. a. When the domain controller reboots, log on to the RWDC02 computer as the default administrator of adatum.com domain. 5. Verify the DNS name resolution for the RWDC02 computer. a. Verify that RWDC02 is configured to point only to itself for DNS name resolution. To verify, click Start and then click Control Panel. Double-click Network and Sharing Center. In the left pane, click Manage network connections. Right-click the Local Area Connection icon and click Properties. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties. b. On the General tab, remove any DNS servers other than the loopback IP address (127.0.0.1) or the IP address of the RWDC02 computer.

Task 4: You have completed all tasks in this exercise.

1. A successful completion of this exercise results in the installation of a new Windows Server 2008 Active Directory forest. 2. To proceed to another exercise, click the desired exercise.

Exercise 2: Creating a Reverse Lookup Zone Task 1: Create a reverse lookup zone.
1. On RWDC01, open DNS Manager and view the forward and reverse lookup zones. a. Click the Start button, click Administrative Tools, and then click DNS. b. Drill down to the Forward Lookup Zones node.

Question 1

What forward lookup zones are present on your domain controller?

c. Drill down to the Reverse Lookup Zones node.

Question 2

What reverse lookup zones are present on your domain controller?

MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

1/30/2014

Bagatrix Solved!
2. Create a reverse lookup zone for IPv4 addresses with the following information: Zone type: Primary Network ID: 192.168.1 Store the zone in Active Directory Dynamic updates: Use default setting

Page 3 of 5

a. To create a reverse lookup zone, right-click Reverse Lookup Zones in the left pane and click New Zone. The New Zone Wizard is displayed. b. Click Next to bypass the initial Welcome screen. The Zone Type screen is displayed. c. Click Primary zone. Place a checkmark next to Store the zone in Active Directory (this option is available only if DNS server is also a writeable domain controller) and click Next. The Active Directory Zone Replication Scope screen is displayed.

Question 3

What is the default scope of replication?

d. Accept the default selection and click Next. The Reverse Lookup Zone Name screen is displayed. e. Select IPv4 Reverse Lookup Zone and click Next. f. Enter the Network ID of your lab network; this value will be 192.168.1 or the value provided by your instructor or lab proctor. Click Next. The Dynamic Update screen is displayed.

Question 4

What is the default dynamic update setting?

g. Accept the default selection and click Next. h. Click Finish. Confirm that the Reverse Lookup Zone is displayed in the DNS management console.

Task 2: You have completed all tasks in this exercise.

1. A successful completion of this exercise results in the creation of a primary reverse lookup zone on RWDC01. 2. To proceed to another exercise, click the desired exercise.

Exercise 3: Configuring Secondary Zones and Zone Transfers Task 1: Configure DNS zone transfers.
1. Configure zone transfer between RWDC01.contoso.com and RWDC02.adatum.com. a. Click the Start button, click Administrative Tools, and then click DNS. b. Expand the Forward Lookup Zones node. Right-click the contoso.com node and select Properties. c. On the Zone Transfers tab, place a checkmark next to Allow zone transfers. d. Select the Only to the following servers radio button and then click Edit. e. In the IP addresses of the secondary servers section, click the Click here to add an IP Address or DNS Name option, and then key the IP address of your partner's domain controller. For example, if you are working from RWDC01, enter the IP address of RWDC02, and vice versa. Press Enter and click OK.

Note:
Because this is a two-part process, you will see a red X in the Validated field, indicating that the server with this IP address is not authoritative for the required zone. You can safely disregard this error, because it will be resolved in Task 2.

Task 2: Configure secondary DNS zones.

MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

1/30/2014

Bagatrix Solved!
1. Create a secondary forward lookup zone on RWDC02 by using DNS Manager. b. On the Zone Type screen, select a Secondary zone and click Next. The Zone Name screen is displayed. c. Enter the name of RWDC01 Active Directory domain. For example, if your domain name is EMEA.com, key Contoso.com. Click Next. The Master DNS Servers screen is displayed.

Page 4 of 5

a. Right-click the Forward Lookup Zones node and select New Zone. Click Next to bypass the initial Welcome screen.

d. Enter the IP address of RWDC01 computer and press Enter. Confirm that a green checkmark is displayed next to the IP address and that the value of "OK" is displayed in the Validated column. Click Next. The Completing the New Zone Wizard screen is displayed. e. Click Finish. Expand the zone for your domain and confirm that an A record is displayed for your partner's domain controller.

Task 3: You have completed all tasks in this exercise.

1. A successful completion of this exercise results in the following outcomes: DNS zone transfer is configured between RWDC01.contoso.com and RWDC02.adatum.com. A secondary forward lookup zone is configured on RWDC01 and RWDC02. 2. To proceed to another exercise, click the desired exercise.

Exercise 4: Installing the Rights Management Service Role Task 1: Configure a service account for the Active Directory Rights Management Services server role.
1. On RWDC01, configure a service account for the Active Directory Rights Management Services server role by using the following command.

dsadd user cn=RMSsvcacct,cn=users,dc=contoso,dc=com pwd Pa$$w0rd

a. Click the Start button, right-click Command Prompt, and then click Run as administrator. b. From the Windows command line, enter the following command:

dsadd user cn=RMSsvcacct,cn=users,dc=contoso,dc=com pwd Pa$$w0rd

c. Press Enter. d. Key exit and press Enter to close the command-prompt window.

Task 2: Install the Active Directory Rights Management Services server role.
1. On RWDC01, install the Active Directory Rights Management Services server role by using Server Manager, with the following information: Configuration Database: Windows Internal Database AD RMS Cluster Key Storage: AD RMS Centrally Managed Key Storage Password: Pa$$w0rd Cluster Address: Unencrypted Connection Fully-Qualified Domain Name: contoso.com

Note:
If directed by your instructor: At the end of lab exercises, the lab itself, or at other points within the lab specified by your instructor, press the Print Screen key to get a screenshot of what youve completed. You can then paste the screenshot in an e-mail or document and provide this record of your lab completion to your instructor.

MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

1/30/2014

Bagatrix Solved!

Page 5 of 5

a. Open the Server Manager, in the left pane, select Roles. In the right pane, click Add Roles. Click Next to bypass the initial Welcome screen. The Select Server Roles screen is displayed. b. Place a checkmark next to Active Directory Rights Management Services and click Next. The Add Roles Wizard screen is displayed, informing you that certain role services must be installed before you can install the RMS role. c. Click Add Required Role Services and click Next. The Active Directory Rights Management Services screen is displayed. d. Read the information presented about the Active Directory Rights Management Service role, and then click Next. The Select Role Services screen is displayed. e. Accept the default selection and click Next. The Create or Join an AD RMS Cluster screen is displayed. f. Notice that the Create a new AD RMS cluster option is the only available option. Click Next to continue. The Select Configuration Database screen is displayed. g. Select the Use Windows Internal Database on this server radio button, and then click Next. The Specify Service Account screen is displayed. h. Click Specify. The Windows Security window is displayed. i. In the Windows Security window, enter the username and password of the account you created, and click OK to close the window. j. Click Next. The Configure AD RMS Cluster Key Storage screen is displayed. k. Verify that the Use AD RMS centrally managed key storage radio button is selected and click Next. The Specify AD RMS Cluster Key Password screen is displayed. l. Key Pa$$w0rd in the Password and the Confirm Password fields, and then click Next. The Select AD RMS Cluster Web Site screen is displayed. m. Verify that the Default Web Site is selected and then click Next. The Specify Cluster Address screen is displayed. n. Select the Use an unencrypted connection (http://) radio button. (In a production AD RMS implementation, you should configure an SSL certificate on all AD RMS IIS Web servers; we are only selecting an http:// connection for the purposes of this exercise.) o. Key contoso.com in the Fully-Qualified Domain Name text box, and then click Validate. Click Next. The Name the Server Licensor Certificate screen is displayed. Verify that RWDC01 is entered into the Name text box, and then click Next. The Register AD RMS Service Connection Point screen is displayed. p. Verify that the Register the AD RMS service connection point now radio button is selected, and then click Next. The Web Server (IIS) screen is displayed. q. Read the information displayed about the Internet Information Server (IIS), and then click Next. The Select Role Services screen is displayed. r. Browse the role services that are selected for the IIS Web server role, and then click Next. The Confirm Installation Selections screen is displayed. s. Click Install to begin the installation of the Active Directory Rights Management Service role. After the installation is complete, click Close to close the Add Roles wizard. 2. Log off from RWDC01. a. Log off from RWDC01. 3. Log off from RWDC02. a. Log off from RWDC02.

Task 3: You have completed all tasks in this exercise.

1. A successful completion of this exercise results in the installation of the Active Directory Rights Management Services server role on RWDC01.

MOAC 70-640: Configuring Name Resolution and Additional Services, Lab 12

1/30/2014