Window 2008 Server Lab Tasks (083-640)
(2 labs; 7-10 tasks per Lab; 1 hour per Lab)
1. Change group type (2-3 of these), i.e. security to distribution,
universal to domain local, etc.
2. Raise domain AND forest functional level 1. Open AD Domains and Trust 2. RC Domain Raise DFL 3. Set postal Code attribute to replicate with global Catalog (only one
I couldn't figure out)
1. 2. 3. 4.
regsvr32 schmmgmt.dll Start mmc add AD Schema snapin Browse to Attributes Find postalCode properties Set Replicate this attrib to the GC
DNS
4. Assign a delegation to another DC
Delegate west.nuggetlab.com for nuggetlab.com
1. RC nuggetlab.com select new delegation. 2. Delegated domain = west.nuggetlab.com 3. Add DNS server(s) for west.nuggetlab.com 5. Disable round-robin, recursive lookup or load bad data (DNS)
RC DNS server Properties Tab Advanced -> Enable/Disbale Round-Robin, recursive lookup or Fail on load if bad zone data Configure Debug logging in DNS following specific criterias Create and Configure DNS conditional forwarder Create a New forward zone in DNS
�6. Use pre-existing GPOs to not show last user login name on your
DC, and password history of 12 on domain
Open GP Management console Open GP Objects container Open Default DC Policy (RC .. Edit) This will start GP Management Editor. Browse to Computer Config Policies Window Settings Security settings Local Policies Security options Select Interactive logon:do not display lastuser name In Account Policies Password Policy: Enforce password history
7. Set DEFAULTSITEIPLINK to not replicate on Sundays 1. Open Sites and Services 2. Intersite Transports IP Open default Sitelink properties Change
Schedule
8. Change DEFAULTIPLINK cost
Open Sites and Services Intersite Transports IP Open default Sitelink properties Change Costs
10. Pre-stage a new RODC domain controller Open User and Computers snap in Create Computer Account 1. RC Domain Controllers OU Select Pre create a RODC account {starts the AD Domain Services installation Wizard } 2. Specify Domain and Account to perform installation. 3. Specify ComputerName 4. Specify Site 5. Specify DC Options DNS/GC) 6. Delegation of RODC Installation and Administration (user/grp) 7. Export settings to answer file for unattended install.
�Attach RODC Server. Replicate Installation source to RODC or IFM. Install from Media (NTDSUTIL.exe) Join to domain Running AD Domain Services installation Wizard on new DC on remote location.
9. Delete a RODC => reset the passwords for users/computers, and
export that list of users/computers to a txt. Start User and Computers Snap in. Open DC OU Select RODC and Delete. This prompts for 3 options: 1. Reset all passwords for user accounts that were cached on this RODC 2. Reset all passwords for computer accounts that were cached on this RODC 3. Export the list of accounts that were cached on this RODC to this file
11. Delegate the rights to assign GPOs to a OU for a user
Start User and Computer Snap in:
1. Put user in Group Policy Creator Owners group 2. Select OU Delegate Control {This starts the Delegation of
ControlWizard} Next 3. Select User/Grp Select Tasks to Delegate finish
10.
Change DSRM password
This password is unique to each DC, and you use it to log on to a DC that you've rebooted into DSRM to take its copy of Active Directory offline. To reboot into DSRM mode, reboot your DC, and press [F8] during the startup sequence. You'll see the following options: Safe Mode VGA Mode Last Known Good Directory Services Restore
1. Open command prompt 2. Start NTDSUtil.exe 3. Set DSRM Password
�4. Reset Password on server NULL 11. 12. 13. 14.
Disable user configuration in GPO Change GPO security filter Block inheritance in GPO
Assign permission on a certificate template (Configure certificate template security for a specific user)
Open Sites and Services and expand services Node { when NOT visible:view Show services Node} Expand to: Public Key Services Certificate Templates Select correct template CR properties Security Tab and set new security
15.
Set Branch location to enable universal Group Membership caching (UGMC)
Replicated in GC to make logon possible when GC is offline. Enable UGMC 1. Open sites and services 2. select site select NTDS Site Settings properties 3. Tabblad Site settings enable UGMC
Tips
1. Wait 5 minutes to begin Lab 2. Help function is present.
