Active Directory Install -Additional DCs

8/8/2019 Active Directory Install -Additional DCs

http://slidepdf.com/reader/full/active-directory-install-additional-dcs 1/39

Lab: Installing AdditionalMicrosoft Windows Server 2003

Domain Controllers

Begin lab after at least one domain controller in the domain has been fully installed

Presented by



Agenda

Installing the First Domain Controller in a Child Domain

Installing the Second Domain Controller in the RootDomain from Media

Installing the Second Domain Controller in the ChildDomain from Media

Adding a Member Server in the Child Domain



Round 2 - First DCs in Child Domains and SecondDCs in Forest Root Domains

Students 3, 8, 13, 18 ² Install first domain controller for Asia#.Forestname.msft

Students 2, 7, 12, 17 ² Install additional domaincontroller from backup

Note: All servers must be configured to use the firstdomain controller in the forest as the DNS server.



First DCs in Child Domains

Follow almost the same procedure as creating the first domain controller inthe forest root domain. During the DCPromo procedure, make the followingchoices:

Domain controller for a new domain

Child domain in an existing domain tree

Provide DNS name of parent domainProvide credentials of forest root Administrator account

Choose permissions compatible with Windows 2000 or later

Default locations for NTDS.dit, logs and Sysvol




Choose to install a child domain in an existing domaintree




Enter the credentials for a member of the EnterpriseAdmins group




Enter the DNS name of the parent domain and the childdomain.



Round 2 - First DCs in Child Domains and SecondDCs in Forest Root Domains

Students 2, 7, 12, 17 ² Install second domain controller in the forest root domain from media



Installing Replica Domain Controllers fromMedia

In order to install a DC replica from media, an existing domaincontroller·s system state data must first have been backed up andsaved to media. The system state data must then be restored to analternate location. A replica domain controller can then be createdusing restored backup as the source for the Active Directory database,including global catalog data.

The restored system state data must be accessible on a local drive onthe replica domain controller.

In order to install a replica DC from media, DCPromo must be run withthe /adv switch, which will allow the specification of the source mediaduring the DCPromo process.



Installing Replica Domain Controllers from Media

While installing a replica domain controller from media pulls the sourcedata for the Active Directory database, the replica domain controller must still be connected to the network and able to contact an existingdomain controller. In order to add the new domain controller to theActive Directory configuration, and in order to pull changes that havebeen made to the directory since the backup was created, an existing

domain controller must be contacted by the new replica.Installing a replica domain controller from media is subject to the sametombstone lifetime restrictions as restoring a domain controller frombackup- media that is older than the configured tombstone lifetime for the implementation cannot be used to install a replica domaincontroller.

In this lab, you will create a system state data backup, save that backupto a shared folder, restore the data to an alternate location and install areplica domain controller from the restored data. This lab requires anexisting domain controller and a Windows Server 2003 server that isnot yet a domain controller.



Perform the following steps on the existingdomain controller in the domain.





Creating a Shared Folder to Store the Backup-Perform on Existing DC

If you are familiar with the process of creating a shared folder, you may do sowithout the assistance of this portion of the lab.

Launch Windows Explorer by pressing<Windows key> + E, by clicking on theStart button, selecting the Run command

and typing Éxplorerµ, or by any methodwith which you are comfortable.

On the root of any drive where you havesufficient space to store a system statedata backup (the size of the SSD can varywidely; it is recommended that you choosethe partition on which you have the mostfree space, and that that partition have atleast 1.2 GB of free space), create a newfolder.

Name the new folder ´DCBackupµ or anyname that you prefer.




Share the folder. If you areunfamiliar with the process of sharing the folder, right-click thefolder and choose ´Sharing andSecurityµ.

On the Sharing tab, select the´Share this folderµ radio button.




The default share permissions for the share should be Everyone-Read; these permissions do notneed to be changed for this lab.




Click the Security ta in the folder·sproperties.

Select the sers entry in the accesscontrol list and verify that sershave ead & Execute, ist Folder Contents and ead permissions,inherited from the parent (root).

erify that dministrators have FullControl permissions to the folder. You may leave these permissionsintact.Click



Backing Up the System State Data of an ExistingDomain Controller- Perform on Existing DC

Click the Start button,select Run and typeŃTBackupµ (notcase-sensitive).

In the BackupWelcome screen, de-select the Álwaysstart in wizard modeµcheckbox.

Click on the Advanced

Mode hyperlink.




In the ´Welcome tothe Backup UtilityAdvanced Modeµdialog box, click theBackup tab. (Notethat you may alsoperform a systemstate data backupusing the wizard; inthis lab, we areperforming a manualbackup.)




On the Backup tab, select the checkbox next to the drive labeled ´System Stateµ.In the ´Backup media or file nameµ field, either click the Browse button and navigateto the DC Source shared folder or type the path to the share.

Name the backup file Backup.bkf (no spaces).




Click the Start Backup button.In the ´Backup Job Informationµ dialog box, select the ´Replace the data on themedia with this backupµ radio button.

Select the Állow only the owner and the Administrator access to the backup dataµcheckbox.

Click the Start Backup button.




The Backup utility should notify that it is preparing to back up using shadow copyand should then begin backing up the system state data.



Creating a Folder to Store the Restored SystemState Data- Perform on Existing DC

When the system state data completes, dismiss any dialog boxes. ou donot need to close the backup utility as you will be using it to restore data.

In the folder that you previously shared, create a subdirectory called´DCRestoreµ or any name that you prefer.



Restoring the System State Data to an AlternateLocation- Perform on Existing DC

Return to the backup utility. If you have closed it, reopen it.

On the ´Restore and Manage Mediaµ tab, expand the ´Fileµ entry if needed, expandthe ´Backup.bkfµ entry and select the checkbox labeled ´System State Dataµ.

In the ´Restore files toµ field, select Álternate Locationµ. In the ÁlternateLocationµ field, browse or type the path to the ´DCRestoreµ folder that you justcreated.

Click ́ Start Restoreµ.



Restoring the System State Data to an AlternateLocation- Perform on Existing DC

After you have clicked the ́ Start restoreµ button, a warning will appear,notifying you that not all data is restored when system state data is restored toan alternate location. Click OK to dismiss the dialog. Click OK on the ConfirmRestore page. The restore process will begin.



Completing the System State Data Restore-Perform on Existing DC

When the system state data restore operation has completed, the backup programwill present a dialog box that allows you to view a detailed report of the restore.

ou may view the report or you may dismiss the dialog box by clicking the Ćloseµbutton.



Verifying the System State Data Restore-Perform on Existing DC

Open the folder into which you restored the domain controller·s system statedata and verify that folders and files were restored to that location.

ou have now completed this portion of the lab. Subsequent exercises areperformed on the replica domain controller.



Perform the following steps on the machine thatwill become a replica domain controller in the

domain.

If the system state data of an existingdomain controller has not yet been backed

up, restored to an alternate location andmade available to you, then you cannot yet

begin this portion of the lab.



Retrieving Restored System State Data- Performon Replica DC

Log on to the machine that will become a replica domain controller for an existingdomain where a system state data backup and restore operation has beencompleted as directed in previous portions of this lab.

Connect to the existing domain controller where the system state data backup wascreated and restored to an alternate location.

Copy the contents of the ´Restoreµ folder to your hard drive. The Active DirectoryInstallation Wizard requires the restored data to be locally accessible in order toinstall a domain controller from media.



Installing a Replica Domain Controller fromMedia- Perform on Replica DC

Click Start -> Run and type ´dcpromo /advµ (without quotes; include aspace between ́ dcpromoµ and ́ /advµ).



Installing a Replica Domain Controller fromMedia- Perform on Replica DC

The Active Directory Installation Wizard appears. Click Next.In the Domain Controller Type options dialog box, select the ́ Additionaldomain controller for an existing domainµ option and click Next.



Specifying the Location of the Restored SystemState Data- Perform on Replica DC

In the Ćopying Domain Informationµ dialog box, select the radio button labeled´From these restored backup filesµ and enter or browse to the path where youcopied the restored Active Directory system state data from the existing domaincontroller in your domain.

Click Next.



Global Catalog Server Configuration

If the domain controller from which you copied the restored system state data is aglobal catalog server, you will be presented with the option to make your replica DC aglobal catalog server, as well.

If you are presented with the option to configure additional domain controller as aglobal catalog server, click es and then click Next.

If this option does not appear, then the domain controller from which you areinstalling a replica is not a global catalog server and you may skip this step.



Providing Network Credentials

The Active Directory Installation Wizard will request credentials for a user accountthat has the rights and permissions necessary to add additional domain controllersto a domain. By default, a member of the Domain Admins group has this right.

In the Ńetwork Credentialsµ dialog box, enter the user name, password and domainfor an account that is a member of the Domain Admins group for the domain towhich you are adding a replica DC.

Click Next.



Specifying Database and Log Folders

The Active Directory Installation Wizard will prompt you to select the locations tostore the Active Directory database (ntds.dit) and log files. Leave the defaultlocations or provide alternate paths if you do not want the files stored in the defaultlocations.

The Active Directory Installation Wizard will prompt you to specify the location for the shared system volume (Sysvol). ou may leave the default location in place or enter a different location.

The Active Directory Installation Wizard will prompt you to enter and confirm apassword that you want to assign to the Directory Services Restore Mode account.Enter and confirm a password for the DS Restore Mode account.

After you have finished the Active Directory installation process, you will beprompted to restart the computer.



Round 3 - Second DCs in Child Domains andMember Servers

Students 4, 9, 14, 19 ² Install second domain controller in the child domain from media

Students 5, 10, 15, 20 ² Add member server to domain

Note: All servers must be configured to use the firstdomain controller in the forest as the DNS server.



Second DCs in child domains

On first DC in the child domain, complete the steps to backup andrestore system state data.

On second DCs in child domains, complete the steps to install anadditional domain controller from media



Member servers in child domains

Join domain

Right-click My Computer

Properties

Computer NameChange button

Enter name of domain to join

Provide Administrator credentials for the domain(any user can join computers to the domain bydefault).



Member Servers

Any member server can be made a domain controller, if desired.

If creating another replica DC, create a DC for thedomain in which the member server was intended to be

placed.



Date post:	09-Apr-2018
Category:	Documents
Upload:	kalilrahiman
View:	249 times
Download:	0 times

Active Directory Install -Additional DCs

Documents