ad lab tasks

7/30/2019 AD Lab Tasks

1/50

Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

MicrosoftWindows Server 2003

Expert WorkshopHands-on Lab ExercisesReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Table of ContentsTABLE OF CONTENTS......................................................................................................................... 2CLASSROOM LAYOUT......................................................................................................................... 4COMPUTER NAMES AND IP ADDRESSES ........................................................................................ 5LAB 01 INSTALL & CONFIGURING DNS SERVER ......................................................................... 6LAB 02 INSTALLING ACTIVE DIRECTORY ...................................................................................... 13LAB 03 INSTALLING ADDITIONAL DOMAIN CONTROLLERS IN EACH DOMAIN .................... 18

LAB 04 ELEVATE DOMAIN FUNCTIONAL LEVEL TO WINDOWS 2000 NATIVE MODE ........... 24LAB 05 TESTING THE AFFECTS OF REPLICATING CHANGES TO MULTI-VALUEDATTRIBUTES....................................................................................................................................... 27LAB 06 ELEVATE FOREST FUNCTIONALITY TO WINDOWS SERVER 2003 AND TESTMULTIVALUEREPLICATION ........................................................................................................................ 30LAB 07 CREATE MULTIPLE SITES................................................................................................ 33LAB 08 TEST GLOBAL CATALOG FAILURE ................................................................................ 36LAB 09 ENABLE AND TEST UNIVERSAL GROUP CACHING ..................................................... 39LAB 10 RESET DIRECTORY SERVICES RESTORE MODE PASSWORD (OPTIONAL)............. 42LAB 11 CREATE AN INETORGPERSON OBJECT (OPTIONAL).................................................. 44LAB 12 MARK A SCHEMA OBJECT AS DEFUNCT (OPTIONAL) ................................................ 46LAB 13 CREATE AN APPLICATION PARTITION .......................................................................... 49

LAB 14 RENAMING OF DOMAIN CONTROLLERS ....................................................................... 53LAB 15 RENAMING DOMAIN NETBIOS NAME (TO BE PERFORMED ON THE LAST DAY ASAN OPTIONAL LAB) ........................................................................................................................... 56LAB 16 SETUP AND TEST CROSS FOREST TRUSTS................................................................. 59LAB 17 IIS APPLICATION POOLS.................................................................................................. 65LAB 18 TERMINAL SERVICES (OPTIONAL) ................................................................................. 73LAB 19 REMOTE ASSISTANT (OPTIONAL) .................................................................................. 76LAB 20 CREATE SOFTWARE RESTRICTION POLICY (OPTIONAL)........................................... 80LAB 21 RESULT SET OF POLICY (RSOP) TOOLS (OPTIONAL) ................................................. 82Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

LAB 22RESTORE DEFAULT GPOS (OPTIONAL) ....................................................................... 84LAB 23 - USING VOLUME SHADOW COPY SERVICE TO RECOVER FILES ................................ 86LAB 24 EFS ...................................................................................................................................... 90

LAB 25 COMMAND LINE TOOLS (OPTIONAL) ........................................................................... 100APPENDIX A...................................................................................................................................... 102Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

CLASSROOM LAYOUTDomainA DomainB DomainC DomainDDomainE DomainF DomainG DomainHW2K3.Net

Forest A Forest BForest E Forest G


2/50

Server01 Server02Server09 Server10 Server11 Server12 Server13 Server14 Server15 Server16Server03 Server04 Server05 Server06 Server07 Server08Instructor

ForestW2K3All labs that are not optional must be done. This is to ensure that all labs at the end will functioncorrectly. Optional labs are at the discretion of the instructor.Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop

Hands-on Lab Exercises

Computer Names and IP AddressesStudentNumberComputerNameIPAddressSubnetMaskDNSAddress

Domain Forest01 Server01 10.1.1.1 255.255.0.0 10.1.1.1 DomainA.com DomainA.comForest02 Server02 10.1.1.2 255.255.0.0 10.1.1.1 DomainA.com DomainA.comForest03 Server03 10.1.2.3 255.255.0.0 10.1.2.3 DomainB.com DomainA.comForest04 Server04 10.1.2.4 255.255.0.0 10.1.2.3 DomainB.com DomainA.comForest05 Server05 10.1.1.5 255.255.0.0 10.1.1.5 DomainC.com DomainC.comForest06 Server06 10.1.1.6 255.255.0.0 10.1.1.5 DomainC.com DomainC.comForest07 Server07 10.1.2.7 255.255.0.0 10.1.2.7 DomainD.com DomainC.com

Forest08 Server08 10.1.2.8 255.255.0.0 10.1.2.7 DomainD.com DomainC.comForest09 Server09 10.1.1.9 255.255.0.0 10.1.1.9 DomainE.com DomainE.comForest10 Server10 10.1.1.10 255.255.0.0 10.1.1.9 DomainE.com DomainE.comForest11 Server11 10.1.2.11 255.255.0.0 10.1.2.11 DomainF.com DomainE.comForest12 Server12 10.1.2.12 255.255.0.0 10.1.2.11 DomainF.com DomainE.comForest13 Server13 10.1.1.13 255.255.0.0 10.1.1.13 DomainG.com DomainG.comForest

14 Server14 10.1.1.14 255.255.0.0 10.1.1.13 DomainG.com DomainG.comForest15 Server15 10.1.2.15 255.255.0.0 10.1.2.15 DomainH.com DomainG.comForest16 Server16 10.1.2.16 255.255.0.0 10.1.2.15 DomainH.com DomainG.comForestReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 01 Install & Configuring DNS Server


3/50

NOTE:This lab must be done before continuing with the rest of the labs.

PrerequisitesMust be familiar with DNS concepts and operations

ObjectivesInstall DNS Server services

Create Forward and Reverse Lookup Zones

Create and configure Conditional Forwarding

Test DNS by using nslookup command

Lab SetupA computer running Windows Server 2003 Enterprise Server that is configured as astandalone server.

Static IP Address and subnet mask.

DNS domain name. Refer to the table on page 5 for this information.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1 - Installing the Primary DNS Server ServiceGoalIn this exercise, you will configure the DNS domain name of your computer and install DNS.

NOTE: The installation of DNS services will only take place on the following servers: Server1,Server3, Server5, Server7, Server9, Server11, Server13 and Server15.Tasks Detailed Steps1. Start the WindowsComponents wizard andinstall the DNSsubcomponent of theNetworking Services. Copythe required files from theWindows Server 2003Advanced Server compactdisc.a. Log on as Administrator with a password ofpassword.b. By default a screen called Manage Your Server will open.This screen allows you to add roles to your server and tomanage your server roles.c. UnderAdding Roles to Your Server, click Add or remove aRole.d. On the Preliminary Steps page, click Next.e. On the Server Role page, select DNS Server and click Next.f. On the Summary of Selections page, review the summaryand click Next.DNS will start to install. (Insert Windows Server 2003 CDwhen required)2. Create a Standard PrimaryForward Lookup Zone foryour domain.

a. On the Welcome to the Configure a DNS Server Wizardpage, click Next.b. On the Select Configuration Action page, select Createforward and reverse lookup zones (recommended forlarge networks) and click Next.c. On the Forward Lookup Zone page, select Yes, create aforward lookup zone now (recommended), click Next.d. On the Zone Type page, select Primary Zone, click Next.NOTE:SelectOnlyPrimary Zone on the first server in each


4/50

domain.e. On the Zone Name page, enter the zone name for exampledomainname.com and click Next.f. Leave defaults on Zone File page, click Next.g. On the Dynamic Update page, select Allow both nonsecureand secure dynamic updates, click Next.Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop


3. Create a Standard PrimaryReverse Lookup Zone foryour Network ID.a. On the Reverse Lookup Zone page, select Yes, create areverse lookup zone now, and click Next.b. On the Zone Type page, select Primary Zone, click Next.NOTE:The Primary Zone selection must only be used on thefirst server in each domain.c. On the Reverse Lookup Zone Name page, enter theNetwork ID for your zone. For example 10.1.1d. On the Zone File page leave as default, click Next.e. On the Dynamic Update page, select Allow both secure

and non-secure dynamic updates, click Next.4. Create Forwarders to theinstructors server.1. On the Forwarders page, select Yes, it should forwardqueries to DNS servers with the following IP addresses2. Enter the instructors server IP address in: 10.1.200.1, clickNext.It will start searching for Root Hints.3. On the Completing the Configure a DNS Server Wizard,click Finish.NOTE: If an error message appears click OK. This messagestates that it could not configure the Root Hints. Once completedopen the DNS server, right click the server name and thenselect properties. UnderServerX properties select root hints.Ensure that the root hints is available.4. On the This Server is Now a DNS Server page, click Finish.5. Enter the Primary DNS Suffixunder the My Computerpropertiesa. Click StartRight Click My ComputerPropertiesb. Click Computer NameChangeMorec. In the Primary DNS Suffix of this computer enter your DNSdomain suffix. E.g. DomainX.comd. Click OK to close all windows and then click Yes to restartthe computer.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

6. Ensure computer can resolveboth forward and reverselookups by means ofNSLOOKUPa. Logon as Administrator with the password of passwordb. ClickStartAdministrative ToolsDNSc. Expand your Server, then expand reverse lookup zonesd. Click on yoursubnete. Ensure that a pointer record exist for your computer.f. If the pointer record does not exist create a pointer record by


5/50

right-clicking the subnetNew Pointer Recordg. Under the New Resource Record enter the IP address ofthe Host computer and enter the Host name underHostName.h. Once completed click OK and close all windows.i. Open the command prompt. StartRunCMDj. At the command prompt, type NSLOOKUPk. You will receive the following:Default: computername.domainname.comAddress: 10.1.x.xl. Exit NSLOOKUP by typing exit at the command prompt.7. Add your partners computerand IP Address to the NameServersa. Open the DNS consoleb. Expand your server and then expand forward lookup zonec. Right-click yourDomain namePropertiesNameServersd. UnderName Servers, click Adde. In the Server fully qualified Domain Name (FQDN), type

your partners computer name. E.g. server02.domaina.comf. UnderIP Address, enter your partners IP Address, clickAdd, and then OK.g. Click OK to close the Properties window. Close all otherwindows.NOTE: DNS servers/services can still be installed using the Add/Remove Windows ComponentsunderAdd/Remove Programs menu.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 2 Installing the Secondary DNS Server ServicesGoalDuring this exercise you will install and configure your Server as a secondary DNS server. Only asecondary forward lookup zone will be created. The reverse lookup zone will be kept on the primary

DNS Server. Thus no secondary reverse lookup zone needs to be created.NOTE: The installation of DNS services will only take place on the following servers: Server2,Server4, Server6, Server8, Server10, Server12, Server14 and Server16.Tasks Detailed Steps1. Start the WindowsComponents wizard andinstall the DNSsubcomponent of theNetworking Services. Copythe required files from theWindows Server 2003Advanced Server compactdisc.

a. Log on as Administrator with a password ofpassword.b. By default a screen called Manage Your Server will open.This screen allows you to add roles to your server and tomanage your server roles.c. UnderAdding Roles to Your Server, click Add or remove aRole.d. On the Preliminary Steps page, click Next.e. On the Server Role page, select DNS Server and click Next.f. On the Summary of Selections page, review the summaryand click Next.


6/50

DNS will start to install. (Insert Windows Server 2003 CDwhen required)2. Create a Secondary ForwardLookup Zone for yourdomain.a. On the Welcome to the Configure a DNS Server Wizardpage, click Next.b. On the Select Configuration Action page, select Createforward and reverse lookup zones (recommended forlarge networks) and click Next.c. On the Forward Lookup Zone page, select Yes, create aforward lookup zone now (recommended), click Next.d. On the Zone Type page, click to select Secondary zone,click Next.e. On the Zone Name page, enter the Zone Name: and clickNext.f. On the Master DNS Servers page, enter the IP Address ofyour partners DNS server, click Add and then click Next.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

g. On the Reverse Lookup Zone page, click No, dont create areverse lookup zone now, and click Next.h. On the Forwarders page, select Yes, it should forwardqueries to DNS servers with the following IP addressesi. Enter the instructors server IP address: 10.1.200.1, clickNext.It will start searching for Root Hints.j. On the Completing the Configure a DNS Server Wizard,click Finish.NOTE: If an error message appears click OK. This messagestates that it could not configure the Root Hints. Oncecompleted open the DNS server, right click the server nameand then select properties. UnderServerX propertiesselect root hints. Ensure that the root hints is available.k. On the This Server is Now a DNS Server page, click Finish.3. Enter the Primary DNS Suffixunder the My Computerpropertiesa. Click StartRight Click My ComputerPropertiesb. Click Computer NameChangeMorec. In the Primary DNS Suffix of this computer enter your DNSdomain suffix. E.g. DomainX.comd. Click OK to close all windows and then click Yes to restartthe computer.Ask your partner to check to see if your pointer record has registered. If not ask him/her to create apointer record.Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop


Exercise 3 - Configure Conditional Forwarding in DNSGoalStudents in each domain will be working as a team when setting up and configuring conditionalforwarding between multiple DNS servers.Tasks Detailed Steps1. Perform the following tasks

Test name resolutionusing NSLOOKUP.


7/50

Setup conditionalforwarding betweenpartner forests DNSzones

Use NSLOOKUP toverify resolution to

partners forest.Perform for each forestand domain in class.a. Open command prompt and type NSLOOKUPb. At the prompt type, your partners FQDN in and press ENTER.c. Open the DNS console, right-click your computer nameProperties and select Forwarders.d. UnderDNS domain: click New and type in the domain nameof all partner domains in the classroom.e. UnderSelected domains forwarder IP Address list: enterthe DNS server IP address of your partners domain and click Add.f. Use NSLOOKUP to see if you can resolve queries in yourpartners domain.g. Perform this for all domains in the classroom.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 02 Installing Active DirectoryNOTE:This lab is depended on lab 01.

ObjectivesAfter completing this lab, you will be able to install Active Directory by using the Manage Your ServerWizard.NOTE: The Manage Your Server is used to familiarise yourself with the new Wizards and tasks thatcan be performed. However, you can still promote a server to become a domain controller using theDCPROMO command.

PrerequisitesUnderstand the logical components of Active DirectoryUnderstand the purpose and function of Domain Controllers

Lab SetupA computer running Windows Server 2003 Enterprise Server that is configured as astandalone server.

Drive C formatted with NTFS

Static IP Address and subnet mask.

A domain name is required. Refer to the table on page 5 for this information.

A forward lookup zone is required that matches your domain name. The forward lookup zoneshould have been created in exercise 1 of lab 01.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1 Installing Active DirectoryGoalIn this exercise, you will create a Windows 2003 domain by installing Active Directory. This will onlybe done on one computer in each domain. The rest of the servers will be promoted during a differentlab exercise.Tasks Detailed Steps1. Start the Active DirectoryInstallation Wizard to create:

A new domain controllerfor a new domain.


8/50

A new domain tree.

A new forest of domaintreesThe following steps need to be performed on only these servers:Server Name Forest NameServer1 DomainA.Com Forest

Server5 DomainC.Com ForestServer9 DomainE.Com ForestServer13 DomainG.Com ForestNOTE: These servers are the primary servers for each domainwhich will be containing all the FSMO roles and the global catalogservice.a. Log on as Administrator with a password ofpassword.b. On the Manage Your Server page, click Add or remove arole.c. On the Preliminary Steps page, click Next.d. On the Server Role page, select Domain Controller (ActiveDirectory), click Next.e. On the Summary of Selections page, click Next.f. On the Welcome to the Active Directory InstallationWizard page, click Next.g. On the Operating System Compatibility page, review theinformation then click Next.h. On the Domain Controller Type page, select DomainController for a new domain, click Next.i. In the Create New Domain page, select Domain in a newforest, click Next.j. On the New Domain Name page, enter your domain name inand then click Next.k. In the NetBIOS Domain Name page, select the defaultReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Domain NetBIOS name, click Next.

l. On the Database and Log Folders page, select the defaultsettings and click Next.m. On the Shared System Volume page, select the defaultsettings and click Next.n. Review the DNS Registration Diagnostics and click Next.o. On the Permissions page, leave as default and click Next.p. On the Directory Services Restore Mode AdministratorPassword page, enter the Restore Mode Password:password and Confirm password: password.q. Review the summary and click Next.r. Once completed Restart the Server.s. Logon as Administrator and Click Finish.2. Start the Active DirectoryInstallation Wizard to create:

A new domain controllerfor a new domain.

A new domain tree in anexisting forest.The following steps need to be performed on only these servers:Server Name Forest NameServer3 DomainA.Com ForestServer7 DomainC.Com ForestServer11 DomainE.Com Forest


9/50

Server115 DomainG.Com ForestNOTE: These servers are the domain controllers for the seconddomains within each forest. They will not contain the GlobalCatalog service at this point.a. Log on as Administrator and a password ofpassword.b. On the Manage Your Server page, click Add or remove arole.c. On the Preliminary Steps page, click Next.d. On the Server Role page, select Domain Controller (ActiveDirectory), click Next.e. On the Summary of Selections page, click Next.f. On the Welcome to the Active Directory InstallationWizard page, click Next.g. On the Operating System Compatibility page, review theinformation then click Next.h. On the Domain Controller Type, select Domain controllerReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

for a new domain, click Next.i. On the Create New Domain page, select Domain tree in an

existing forest, click Next.j. On the Network Credentials page, enter the administratorname and password. Enter the first domain name underDomain. For example

Username = Administrator

Password = password

Domain = DomainAk. On the New Domain Tree page, enter the DNS name for thenew domain, click Next.l. In the NetBIOS Domain Name page, select the defaultDomain NetBIOS name, click Next.m. On the Database and Log Folders page, select the defaultsettings and click Next.

n. On the Shared System Volume page, select the defaultsettings and click Next.o. Review the DNS Registration Diagnostics and click Next.p. On the Permissions page, click Next.q. On the Directory Services Restore Mode AdministratorPassword page, enter the Restore Mode Password:password and Confirm password: password.r. Review the summary and click Next.s. Once completed Restart the ServerReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

3. Allow everyone the rights tologon locally onto the domaincontrollers and update the

policy.This only needs to be done from one Domain Controller.a. Log on as Administrator with a password of password.b. On the Manage Your Server page, select Manage usersand computers in Active Directory.c. In the left pane, right click Domain Controllers and selectProperties.d. Select Group Policy underDomain Controller Properties.e. Select the Default Domain Controller Policy and Click Edit.


10/50

f. Under the Group Policy Object Editor page navigate toComputer Configuration Windows SettingsSecuritySettings Local PoliciesUser Rights Assignment.g. Double click Allow log on locally.h. Under the Allow log on locally window, click Add User orGroup and add the Everyone group.i. Click OK and close the Group Policy Object Editor windowand the Domain Controller Properties window.j. Close Mange Users and Computers in Active Directory.k. From the run command type the following command:gpupdateReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 03 Installing additional domain controllers ineach domainNOTE:This lab is depended on lab 02.

ObjectivesAfter completing this lab, you will be able to promote a member server to become a second Domain

Controller by using backup media.PrerequisitesUnderstanding of how to use replica from media

Understanding of how to promote a server using the replica media

Knowledge on performing a back ups

Active Directory should have been configured in exercise 1 lab 02

Lab SetupA computer running Windows Server 2003 Enterprise Server that is configured as astandalone server

Drive C formatted with NTFS

Static IP Address and subnet mask

Connectivity to your partners computer

Sufficient disk space to keep a backup

Access to the Support ToolsReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1 - Backup Current Domain ControllersGoalDuring this exercise your partner will backup his/her domain controller. Once the backup process hascompleted you will then copy the AD Backup.bkf file to you computer.Tasks Detailed Steps1. Backup the current systemstate of the domain controller.This part of the lab only needs to be perfo rmed on the studentscomputer that contains Active Directory.a. Open Windows Explorer.

b. On the C:\drive create a folder called backup.c. Once created, share this folder as backupd. Open Backup. StartAll ProgramsAccessoriesSystem ToolsBackupe. On the Welcome to the Backup or Restore Wizard page,deselect Always start in wizard mode, click Next.f. On the Backup or Restore page, select Back up files andsettings, click Next.g. On the What to Back Up page, select Let me choose what


11/50

to back up, click Next.h. On the Items to Back Up page, expand My Computer on theleft pane and select System State, click Next.i. On the Backup Type, Destination and Name page, type orselect the following:

Select the backup type: File

Choose a place to save your backup: Browse toC:\Backup

Type a name for this backup: AD Backupj. Click Next and then click Finish.k. The backup process will start.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

2. The following tasks needs tobe performed:

Copy back up file to yourcomputer.

Create Restore folder

Create Temp folderThese steps only need to be performed on the students

computers who are member servers.a. Open Windows Explorer.b. On the C:\drive, create a folder called Tempc. On the C:\drive, create a folder called Restore.d. Connect to your partners computer and copy the AD Backup.bkf file to the Restore directory on your computer.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 2 Promoting Member Servers to Domain Controllersusing the Replicate from Media methodGoalIn this exercise the servers without Active Directory will be promoted by means of using the replicatefrom media method to become an Active Directory Domain Controller.Tasks Detailed Steps1. Restore System state data totemp directory.These steps only need to be performed from the member servercomputers.a. Open Backup. StartAll Programs AccessoriesSystem ToolsBackupb. On the Welcome to the Backup or Restore Wizard page,deselect Always start in wizard mode, click Next.c. On the Backup or Restore page, select Restore files andsettings, click Next.d. On the What to Restore page, click Browse and browse tothe path c:\restore\Ad Backup.Bkf. Click OK.

e. In the Items to restore pane expand File, expand ADBackup.Bkf then select System State tick box. Click Next.f. On the Completing the Restore Wizard page, clickAdvanced.g. On the Where to Restore page, select Restore files to:Alternative location.h. In the Alternative Location: Type or Browse to c:\temp, clickNext.i. On the How to Restore page, select Leave existing files


12/50

(Recommended), click Next.j. On the Advanced Restore Options page, accept thedefaults and click Next.k. On the Completing the Restore Wizard page, click Finish.2. Promote the server to aDomain Controller using therestored dataa. From the Run command type DCPROMO /ADVb. On the Welcome to the Active Directory InstallationWizard page, click Next.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Wizard page, click Next.c. On the Operating System Compatibility page, click Next.d. On the Domain Controller Type page, select AdditionalDomain Controller for an existing domain, click Next.e. On the Copying Domain Information page, select the Fromthese restored backup files and then Browse to C:\temp,click OK, then Next.f. On the Global Catalog page, select No, click Next.

NOTE: This Domain Controller must NOTbecome a GlobalCatalog server at this point in time.g. On the Network Credentials page, enter the administratorsusername and password and confirm the domain name iscorrect, click Next.h. On the Database and Log Folders page, accept the defaultlocations by clicking Next.i. On the Shared System Volume page, accept the defaultlocations by clicking Next.j. On the Directory Services Restore Mode AdministratorPassword page, in the Password and Confirm passwordboxes, type password and then click Next.k. On the Summary page, review the options you selected, andthen click Next.l. When the Completing the Active Directory InstallationWizard page appears, click Finish and then restart yourcomputer.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 3 Install Support ToolsGoalThis exercise needs to be performed on all the servers. The Windows 2003 Advanced server supporttools and utilities needs to be installed for later exercises.Tasks Detailed Steps1. Install Windows 2003 ServerSupport Toolsa. Open Windows Explorerb. Select the CD-Rom drive and then double click the Supportfolder.c. Double click the Tools folder.d. Double click suptool.msie. On the Welcome to the Windows Support Tools SetupWizard page, click Next.f. On the End User License Agreement page, select I Agreethen click Next.g. On the User Information page, select default values and


13/50

click Next.h. On the Destination Directory page, accept the defaultlocations and click Install Now.i. On the Completing the Windows Support Tools SetupWizard page, click Finish.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 04 Elevate Domain functional level toWindows 2000 Native ModeNOTE: Do not rush through this lab exercise. If you do, you will not be able to go back andcorrect your mistake! This lab is depended on lab 02.

ObjectivesAfter completing this lab, you will be able to determine in which mode the domain is in and raise theDomain functionality.

PrerequisitesKnowledge about the different Active Directory versioning

Knowledge about the different Active Directory functionality levels

Lab SetupTo complete this lab, you require a computer running Windows Server 2003 that is configured as aDomain Controller.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalThis exercise consists of the following steps:1. Use ADSI Edit to determine the current domain mode.2. Raising the domain functional level to enable additional functionality. This will be required forlater exercises.3. Use ADSI Edit to verify the change in the functional level.Tasks Detailed Steps1. Use ADSI Edit to verify that

nTMixedDomain = 1This part of the exercise needs to be performed by all thestudents.a. From the Run Command type MMC then click OK.b. On the Console click FileAdd/Remove Snap-inc. UnderAdd/Remove Snap-in click Addd. UnderAdd Standalone Snap-in, select ADSI Edit and clickAdd, then close once added.e. On the Add/Remove Snap-in page, click OK.f. On ADSI Edit right click and select Connect tog. Connection Settings window appears, accept defaultsettings and click OK.h. Expand Domain.

i. Right click DC=DomainX,DC=com (where X is your domainnumber) and select Properties.j. Scroll down the attributes until you find nTMixedDomain.Check to see if the value is set to 1.k. Click OK to close the Properties page.l. Save the console as ADSI Edit underAdministrative ToolsReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

2. Raise the DomainFunctionality to Windows


14/50

2000 NativeOnly one student per domain needs to perform the following task.a. Open Active Directory Users and Computers.b. Right click DomainX.com (where X is your domain letter) andselect Raise Domain Functional Levelc. On the Raise Domain Functional Level page, ensure thatWindows 2000 Native is selected and then click Raise.d. A Message appear stating that: This change affects theentire domain. After you raise the domain functional levelit cannot be reversed, click OK.e. A second message appears stating that the Functional levelwas raised successfully, click OK.3. Use ADSI Edit to verify thatnTMixedDomain = 0All students need to perform the following section.a. Open ADSI Edit console that you saved.b. Right click DC=DomainX,DC=com (where X is your domainnumber) and select Properties.c. Scroll down the attributes until you find nTMixedDomain.Check to see if the value is set to 0.

d. Click OK to close the Properties page and Exit the console.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 05 Testing the affects of replicating changesto multi-valued attributesNOTE:This lab is depended on lab 02.

ObjectivesAfter completing this lab, you will be able to test the affects of replicating changes to multi-valuedattributes.

PrerequisitesBe familiar with Active Directory Users and Computers

Understand how replication works between domain controllersActive Directory should have been configured as in exercise 1 lab 02

Lab SetupTo complete this lab, you require computers running Windows Server 2003 that is configured as aDomain Controllers. Only one computer in each of the forests should be configured as a GlobalCatalog server.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalIn this exercise you will test the effects of replication changes between multi-valued attributes withinan organization. Students will create several user accounts and add two of them to a group. Thenthe server with the global catalog will be unplugged and you will then add two more users to the group

from both the domain controllers. Once completed you will plug the network cable back in and seewhich of these account successfully replicated across.Tasks Detailed Steps1. Create the following in theUser container:

Six user accounts:User1, User2, User3,User4, User5, User6

Global Group calledGroup1


15/50

This part of the exercise can be performed by all students. Eachstudent needs to create three (3) user accounts and one user willneed to create a global group.Open Active Directory Users and Computers.a. Expand the domain nameb. On the User container right click NewUserc. On the New Object User page, Fill in the following detailsand then click Next

First name: User1

User logon name: User1

User logon name (pre-Windows 2000): User1d. Enter a password called password and confirm the passworde. Deselect User must change password at next logon , clickNext and then click Finish.f. Repeat Steps C F until all six (6) users are created.g. On the User container right click NewGrouph. In the Group Name enter Group1 and leave the settings asdefault, click OK.i. Double click the group called group1 and click the MembersTab.j. Click Add enter User1; User2 and the click Check Names,click OK twice.k. Ensure that the users and group has replicated beforecontinuing.Unplug the Network Cable form the machine that contains the Global Catalog.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

2. Perform the following

Add User3 to Group1 onthe first DC.

Add User4 to Group1 onthe second DC.Perform these steps on the first DC

a. Double click the group called group1 and click the MembersTab.b. Click Add, enter User3 and the click Check Names, and clickOK twice.Perform these steps on the second DCc. Double click the group called group1 and click the MembersTab.NOTE:A message appears stating that a Global Catalogcannot be located to retrieve the icons for the member list.Some icons may be shown. Click OK.d. Click Add, enter User4 and the click Check Names, and clickOK twice.3. Plug the Network Cable back

in and force replicationPerform the following task on any of the DCa. From the Run command type the following syntax:repadmin.exe /syncall /PWhat are the results on the group membership and why?Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 06 Elevate forest functionality to WindowsServer 2003 and test multi-value replication


16/50

NOTE:This lab is depended on lab 02 & lab 04

ObjectivesAfter completing this lab, you will be able to:

Elevate the forest functionality

Test multi-value replication

PrerequisitesUnderstand the different Forest functionalitiesUnderstand how replication works between domain controllers

Domain functional level should been configured as in exercise 1 Lab 04

Lab SetupTo complete this lab, you require computers running Windows Server 2003 that is configured as aDomain Controllers. Only one computer in each of the forests should be configured as a GlobalCatalog server.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalnThis exercise is almost the same as in Lab 05. However you will first elevate the forest functionality to.Net and then test the effects of multi-valued replication. Once this has been done you will againdisconnect the network cable from the Global Catalog server and add an account to the group on bothdomain controllers. Then plug the cable back in and replicate the information to see what effect theelevation of the forest functionality has.Tasks Detailed Steps1. Raise the ForestFunctionality to Windows.NetPerform the following task on only one of the Domain Controllers.Decide between each other how will perform this task.a. Open Active Directory Domains and Trusts.b. Right click Active Directory Domains and Trusts and selectRaise Forest Functional Level.c. On the Raise Forest Functional Level accept the defaultsettings and click Raise.

d. Two messages appear, read the messages and then clickOK for each of them.2. Use ADSI Edit to verify thatmSDS-Behavior-Version = 2This task should be performed by all students.a. Open ADSI Edit console that you saved.b. Right click DC=DomainX,DC=com (where X is your domainnumber) and select Properties.c. Scroll down the attributes until you find mSDS-Behavior-Version. Check to see if the value is set to 2.a. Click OK to close the Properties page and Exit the consoleUnplug the Network Cable form the server that contains the Global Catalog.3. Perform the following

Add User5 to Group1 onthe first DC.

Add User6 to Group1 onthe second DC.Perform these steps on the first DCsa. Double click the group called group1 and click the MembersTab.b. Click Add enter User5 and the click Check Names, click OKtwice.Perform these steps on the second DC


17/50


c. Double click the group called group1 and click the MembersTab.NOTE:A message appears stating that a Global Catalogcannot be located to retrieve the icons for the member list.Some icons may be shown. Click OK.

d. Click Add enter User6 and the click Check Names, click OKtwice.4. Plug the Network Cable backin and force replicationPerform the following task on any of the DCb. From the Run command type the following syntax:repadmin.exe /syncall /PReview the group membership. Is there a difference Why?Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 07 Create Multiple SitesNOTE:This lab is depended on lab 02.

ObjectivesCreate a site and subnet

Configure the properties of a site link

PrerequisitesUnderstanding of TCP/IP subnets

Understanding of Sites and Site Links

Lab SetupTo complete this lab, you require computers running Windows Server 2003 that is configuredas a Domain Controllers.

User performing the tasks should have Enterprise Admin RightsReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1

GoalNOTE: Students should NOT modify their IP addresses at any stage during this lab!!In this exercise student will work in teams, where they will create several sites within the ActiveDirectory Sites and Services. In additional to this you will also create subnet masks and map thesesubnet masks to each of the sites that where created. After completing the creation of the sites andsubnet masks you will then move the appropriate servers into the correct sites.Tasks Detailed Steps1. Create two new sites withthe name of Site1 and Site2and link it to theDEFAULTSITELINKPerform the following tasks on only one Domain Controller ineach forest.

a. Open Active Directory Sites and Services from theAdministrative Tools menu, right click Sites and then clickNew Site.b. In the Name box, type Site1 in and selectDEFAULTIPSITELINK and click OK.c. Review the message and click OK.d. Repeat steps B & C for Site22. Create a new subnet objectwith the network ID of10.1.x.0/24 (where x is 1 for


18/50

forest root domain and x = 2for second domains).Associate the subnet objectwith your site.a. In Active Directory Sites and Service, right click Subnets andthen click New Subnet.b. In the New Object Subnet dialog box, in the Address box,type 10.1.x.0 (where x is 1 for forest root domain and x = 2 forsecond domains).c. In the Mask box, type 255.255.255.0d. UnderSite Name, click Site1 and then click OK.e. Repeat steps A D forSite23. Perform the following taskson/in the Inter-Site Transportobject:

Set the properties ofInter-Site Transport forthe IP to IgnoreSchedules.

Change theDEFAULTIPSITELINKa. In Active Directory Sites and Service, expand Inter-SiteTransports.b. Right click IP and then click Properties.c. On the Properties page, select Ignore Schedule and clickOK.d. In the IP object container right click DEFAULTIPSITELINKand click Properties.e. On the DEFAULTIPSITELINK Properties page, change theReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

DEFAULTIPSITELINKreplication value to 15

minutes.Replicate very, value to 15 minutes and click OK.4. Move the server to theappropriate sites.a. In Active Directory Site and Services, expand Default-First-Site-Name then expand Servers.b. Right click ServerX (where X is your server name in yourdomain) and then click Move.c. In the Move Server page, click the Site to which your serverneeds to be moved and then click OK.d. Repeat Steps B and C for all the domain controllers.Run the following command on all servers: Repadmin /kcc serverX.domainX.com(Where X is your server or domain number/letter).Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop


Lab 08 Test Global Catalog FailureNOTE:This lab is depended on lab 02.

ObjectivesAfter completing this lab, you will be able to see and understand the importance of a Global Catalogserver within an organization

PrerequisitesKnowledge about the role of a Global Catalog server


19/50

Sites and Subnets should have been configured in exercise 1 Lab 07


A single Global Catalog Server within each ForestReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalAll students that do not have a Global Catalog service on their domain controller will perform thisexercise. You will logon as a client that does not have any administrative rights on the server to seethe effects it has on a failed Global Catalog service or if no Global Catalog service is available.Tasks Detailed Steps1. Check to see if everyonegroup has the rights to Logon LocallyCheck to see if the Everyone group has the rights to Log on Locallya. Open Active Directory Users and Computers.

b. Expand your domain and right click Domain Controllers andselect Properties.c. Select Group Policy on the Domain Controllers Propertiespage.d. Select the Default Domain Controller Policy and Click Edite. Under the Group Policy Object Editor page navigate toComputer Configuration Windows SettingsSecuritySettings Local PoliciesUser Rights Assignment.f. Double click Allow log on locally.g. Under the Allow log on locally window, Ensure that theEveryone group is added.h. If not, add the Everyone group.i. From the run command run: gpupdate.exe /force2. Create user account in the2nd domain of the forest andforce replication after thecreation of the account.a. Open Active Directory Users and Computers.b. Expand the domain namec. On the User container right click NewUserd. On the New Object User page, Fill in the following detailsand then click Next

First name: Peter1

User logon name: Peter1

User logon name (pre-Windows 2000): Peter1e. Enter a password called password and confirm the passwordReleased: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop

Hands-on Lab Exercisesas password.f. Deselect User must change password at next logon, clickNext and then click Finish.g. Force replication by running this syntax: repadmin.exe/syncall /PLog on with the newly created account on all GC servers. Then logoff the account.Unplug the Network Cable on the 1st DC/GC in the forest root domain. Perform this task on all theservers that contains Global Catalogs. These servers are 1, 5, 9 and 13.


20/50

3. On the second domain in the forest, logon as the newly created user in that domain. The GlobalCatalog must not be available. This can take some time.What was the result and Why?Plug the Network Cable back in once the lab has been completed.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 09 Enable and Test Universal Group CachingNOTE:This lab is depended on lab 02 & 07ObjectivesAfter completing this lab, you will be able to configure and manage Universal Group Caching.

PrerequisitesKnowledge of Global Catalog servers

Knowledge of Universal Group Caching

Sites and Subnets should have been configured in exercise 1 Lab 07


A single Global Catalog Server within each Forest

User performing the tasks should have Enterprise Admin RightsReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalOnly the students without a Global Catalog will be doing this exercise. In this exercise, you willenable universal group caching and test client logons once again to see the effects of universal groupcaching.Tasks Detailed Steps1. In the second domain set theNTDS Site Settings tocache membership from thePartner site which is thefirst domain. ForceReplication.This should only be done from the second domain in each of theforests.NOTE: Before you can do this exercise you require EnterpriseAdmin rights. Use the Run As command when opening ActiveDirectory Sites and Services. Logon as the Administrator of theroot domain in your forest.a. Open Active Directory Sites and Services, expand Sitesand then select the site in which you want to EnableUniversal Group Membership Caching.b. In the Details pane on the right, right-click NTDS SiteSettings and then click Properties.c. Select the Enable Universal Group Membership Caching

check box.d. In Refresh Cache from, click Site1 from which this Site2 willrefresh its cache from, click OK.e. From the Run command type the following syntax in:repadmin /syncall /PLogon to the DC in the second domain with account details that does not contain any admin rights.This will populate the cache.Unplug the network cable from the back of the machine that hosts the Global Catalog.From second domain in the forest, logon with the user account that does not contain administrative


21/50

right. Remember the Global Catalog must not be available.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

What is the result and Why?Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 10 Reset Directory Services Restore Modepassword (Optional)ObjectivesAfter completing this lab, you will be able to reset the Directory Services Restore Mode password.

PrerequisitesKnowledge about the NTDSUTIL utility

Active Directory should be configured as in exercise 1 Lab 02

Lab SetupA computer running Windows Server 2003 Enterprise Server that is configured as a DomainControllerReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalAll students will perform this exercise. You must change the Directory Services Restore ModePassword.Tasks Detailed Steps1. Use the NTDSUTIL to restthe DSRM password topassworda. Open the Command Prompt window.b. At the command prompt, type NTDSUTIL and pressENTER.c. At the NTDSUTIL prompt type, set DSRM Password andpress ENTER.

d. At the Set DSRM Password prompt, type Reset Passwordon Server Null (Null is used the local server) and pressENTER.e. At the Please type password for DS Restore ModeAdministrator Account: type password and press ENTER.f. At the Please confirm new password: type password andpress ENTER.g. At the Reset DSRM Administrator Password prompt, typequit and press ENTERh. At the NTDSUTIL prompt, type quit and press ENTERi. Close the command prompt window.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 11 Create an InetOrgPerson Object (Optional)ObjectivesAfter completing this lab, you will be able to create an InetOrgPerson.

PrerequisitesKnowledge of using Active Directory Users and Computers

Active Directory should be configured in exercise 1 Lab 02

Lab SetupA computer running Windows Server 2003 Enterprise Server that is configured as a DomainController


22/50


Exercise 1GoalAll students can perform this exercise. Here you will create an inetOrgPerson account within theActive Directory.

Tasks Detailed Steps1. Create an inetOrgPersonaccount with a password ofpassword.a. Open Active Directory Users and Computers.b. Expand yourdomain and right-click the Users container,select New and then select InetOrgPerson.c. In the New Object InetOrgPerson windows, type studentX(where X is your student number) in the First name and UserLogon name boxes, click Next.d. In the password field type password and confirm thepassword. Deselect User must change password at nextlogon, click Next and then Finish.Logoff as Administrator and logon as the newly created account.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 12 Mark a Schema object as defunct (Optional)NOTE to Instructor (If not already done) - Create a directory called OIDGen on your computer andshare that directory as OIDGen. Ensure that the application called OIDGen is available in thedirectory. The application is available on the Windows 2000 Resource Kit.

ObjectivesAfter completing this lab, you will be able to create a schema object and mark the object as defunct.

PrerequisitesKnowledge of schema objects


Lab SetupA computer running Windows Server 2003 Enterprise Server that is configured as a DomainController

Schema Administrator rights to be able to create new schema objects

OIDGEN to create unique Object IdentifiersReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalThis exercise needs to be preformed by all students. You will create an attribute within the ActiveDirectory schema. Once you have created this attribute in the Active Directory, you will then makethis object defunct. You will also create a second attribute with the same settings as the first one tosee the effects of an attribute that has already been created.Tasks Detailed Steps1. Perform the following tasks

Register the SchemaManagement Snap-in.

Copy and Run OIDGenfrom your computer togenerate an ObjectIdentifier.a. Connect to you instructors computer and copy the OIDGenfile to the temp directory on your local computer.


23/50

b. From the command prompt, run OIDGen.exec. Do not close the command prompt.d. At the run command type the following command in: regsvr32c:\windows\system32\schmmgmt.dll and then pressENTER.2. Perform the following task:

Create a new attributecalled studentX (where Xis your student number).

Remove Attribute isactive of the newlycreated attribute.

Refresh to ensureattribute is no longeravailable.a. Create a custom MMC console and add the ActiveDirectory Schema.b. Expand Active Directory Schema, right-click Attributes,click Create Attribute.c. On the Warning message, click Continue.d. On the Create New Attribute page, type StudentX (where Xis your student name) into the following boxes, CommandName and LDAP Display Name.e. In the Unique X500 Object ID: enter the Attribute Base OIDnumber generated by the OIDGen application.f. Under the Syntax select Integer and click OK.g. Browse to the newly created Object, right-click Propertiesand deselect Attribute is Active.h. Click Yes to accept the Warning Message and click OK.i. Refresh to verify that the attribute is not visible in SchemaManagement.3. Perform the following tasks

Use Show defunct

objects in Schemaa. In the Schema Management Console, click View and thenDefunct Objects.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Management or useADSI Edit to locate theAttribute.b. Browse to the object and see that the Status of the object is.c. Open the ADSI Edit console, right-click ADSI Edit and selectConnect To.d. On the Connection Settings page, select Schema under thedropdown list ofSelect a well known Naming Context, andclick OK.e. Browse for the attribute that you created, right-clickProperties.f. Ensure the value ofisDefunct is set to TRUE, click OK andclose ADSI Edit.Create a new Attribute with the same settings as the defunct attribute.Does this work?Note: While you can reuse the OID and LDAP name you cannot reuse the common name.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises


24/50

Lab 13 Create an application partitionObjectivesAfter completing this lab, you will be able to create application partitions and replicate these partitionsto different domain controllers within you domain or forest.

Prerequisites

Knowledge of application partitionsKnowledge of the NTDSUTIL utility

DNS should be configured as in exercise 1 Lab 01


Lab SetupComputers running Windows Server 2003 Enterprise Server that is configured as a DomainController

A computer running DNS Server

Network connectivity between computers within the same forestReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalAll students can perform this exercise. Here you will create an application partition and then replicatethis partition to all domain controllers with the Active Directory domain/forest.Tasks Detailed Steps1. Perform the following tasks:

On each DC useNTDSUTIL to create anApplication Partitioncalled ApptestX (whereX is you student number)

Add a replica of theapplication partition toyour partners DomainController.

a. Open the command prompt window.b. At the command prompt, type NTDSUTIL and pressENTER.c. At the NTDSUTIL prompt type, Domain Management andpress ENTER.d. At the Domain Management prompt type, connections andpress ENTER.e. At the Server connections prompt, type Connect to server[your server name], and press ENTER. Example: connect toserver server1f. At the Server connections prompt type, quit and pressENTER.g. At the Domain Management prompt type, list and press

ENTER.This will show you all the Directory Partitions for the forest.h. At the Domain Management prompt type, create ncdc=APPTESTX (where X is your student number),dc=yourdomain name,dc=com Null, press ENTER. Example:create nc dc=applicationpartition,dc=domainX,dc=com nulli. At the Domain Management prompt type, list and pressENTER.j. At the Domain Management prompt type, Add nc replica dc=APPTESTX,dc=your domain name,dc=com


25/50

server2.yourDomainName.com and press ENTER.Example: Add nc replicadc=APPTESTX.dc=domainX,dc=com serverx.domainx.comk. At the Domain Management prompt type, list nc replicasReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

dc=APPTESTX,dc=domainX,dc=com and press ENTER.

l. At the Domain Management prompt type, quit and pressENTER.m. At the NTDSUTIL prompt type, quit and press ENTER.2. Perform the following tasks:

Create a new DNS zoneand store the informationinto the applicationpartition.

Force Replication

Verify that all zones areupdated on bothDC/DNS serversa. Open the command prompt

b. At the command prompt run repadmin /kcc/serverx.domainx.comc. Also stop and start the DNS Services by running:d. Net stop DNS and then Net Start DNS.e. Open DNS console and expand your server name.f. On the Forward Lookup Zones, right-click and select NewZone.g. On the Welcome to the New Zone Wizard page, click Next.h. On the Zone Type page, select Primary Zone, leave theStore the zone in Active Directory (available only if DNSserver is a domain controller) tick box and click Next.i. On the Active Directory Zone Replication Scope page,select To all domain controllers specified in the scope of

the following application directory.j. Select the Application partition that you created, (ApptestX,where x is your student number) and click Next.k. On the Zone Name page, type Nwtraders.com and clickNext.l. On the Dynamic Update page, select Allow only securedynamic updates (recommended for Active Directory),click Next.m. On the Completing the New Zone Wizard page, clickFinish.n. Force replication between the DC/DNS servers using therepadmin /syncall /P command.3. Use ADSI Edit to viewproperties of the Applicationpartition.a. Open the ADSI Edit Console that you created earlier.b. Right-click ADSI Edit, select Connect toc. On the Connection Settings page, UnderSelect a wellknown Naming Context select Configuration, and pressOK.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

d. Expand the Configuration container and click Partitions.


26/50

e. On the right side underDirectory Partition Name find yourpartition you created and Browse its properties.f. Exit and close ADSI Edit.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 14 Renaming of Domain ControllersObjectivesAfter completing this lab, you will be able to rename Domain Controllers.NOTE: There is several ways in renaming Domain Controllers. In this exercise, the command lineversion will be used to rename the Domain Controllers. Ask the instructor to demo the renaming of aDomain Controller using the GUI.

PrerequisitesKnowledge, which regards to the impact a renaming of Domain Controllers, can have.

Knowledge about the NETDOM utility


Fully Qualified Domain Name (FQDN) of your domainReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1NOTE: Fully Qualified Domain Names (FQDN) must be used when performing this exercise.Perform the rename exercise on only one Domain Controller at a time. Wait for the process tocomplete before continuing. The table below defines the current and the new server name you mustuse.Old Computer Name New Computer NameServer1 Server101Server2 Server102Server3 Server103Server4 Server104Server5 Server105Server6 Server106Server7 Server107Server8 Server108

Server9 Server109Server10 Server110Server11 Server111Server12 Server112Server13 Server113Server14 Server114Server15 Server115Server16 Server116Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Tasks Detailed Steps1. Using the Netdom commandrename your server. Use thetable above for your new

computer name. Also checkto see if your computer hasbeen successfully renamed.NOTE: ServerX = original server name while ServerY = NewServer Namea. Open the command prompt.The command below will be used to add the new servername.b. At the command prompt type: netdom computername


27/50

serverx.domainx.com /add:servery.domainx.com andpress ENTER. (Serverx is your old server number andservery is your new server number. Domainx is your domainletter).The command is used to make the new name the primaryname.c. At the command prompt type: netdom computernameserverx.domainx.com /makeprimaryservery.domainx.com and press ENTER.This command enumerates the old computer name.d. At the command prompt type, netdom computernameserverx.domainx.com /enumerate, press ENTER.e. Reboot the server.f. Logon as the administrator.g. Open the command prompt.This command will remove the old server name.h. At the command prompt type, netdom computernameservery.domainx.com /remove serverx.domainx.com,press ENTER.i. Reboot the server.

j. Logon as administrator, open command prompt, typehostname and press ENTER.This will show you if you computer has been successfullyrenamed.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 15 Renaming Domain NetBIOS Name (To beperformed on the last day as an optional lab)ObjectivesAfter completing this lab, you will be able to:

Rename the NetBIOS name of the Domain

PrerequisitesThorough understanding of Domain RenamingDNS should be configured as in exercise 1 Lab 01


Lab SetupTo complete this lab, you require computers running Windows Server 2003 that is configuredas Domain Controllers.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalThis exercise must only be done at the end of the week. You will be working with your partner duringthis exercise. The goal of this exercise is to rename the current NetBIOS domain name to a new

NetBIOS domain name. The utility that will be used to rename the NetBIOS domain names isrendom.exe.Tasks Detailed Steps1. Perform the following tasksto prepare the domain forrenaming:

Configure DNS tosupport the New domainname called


28/50

DomainRenameX(where X is your domainletter)

DNS must be ADintegrated, supportdynamic updates and

have a Host record forthe server.

Copy random.exe andGPFixup.exe toc:\domainrenamePerform the following on all the odd numbered DomainControllers.a. Open DNS console and create a Forward Lookup Zonecalled DomainrenameX.com (where X is your domain letter).Ensure that the zone AD integrated is selected andReplicated to all DNS server in the forest is selected.b. Ensure there is a Host (A) record created. If not perform thefollowing action:c. Right-click the newly created domain name and select NewHost (A)d. In the New Host page, type in your server name in theName (uses parent domain name if blank): box.e. Under the IP address, enteryour machines IP address inthen click Add Host.f. Close DNS ConsolePerform the following on all Even number Domain Controllersg. Create a directory called domainrename on the c:\ drive.h. Copy all the files in the VALUEADD\MSFT\MGMT\DOMRENwhich is located on your Windows 2003 Advanced Server intothis directory.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

2. The following tasks need tobe performed to rename thedomain.

Rendom /list

Save a copy ofDomainlist.xml asdomainlist-save.xml

Edit NetBIOS name indomainlist.xml file andsave it.

Rendom /showforest andverify change is correct.

Rendom /upload and

view content of dclist.xmlRun repadmin /syncall /P

Rendom /prepare and indclist.xml verify thatPrepared is true for all DCs.

Rendom /execute and indclist.xml verify that done istrue for all DCs


29/50

The following tasks need to be performed from all the evennumbered domain controllers in each domain. However it isrecommended that your partners follow in what you are doing.a. Open the command prompt and type cd\domainrenameand press ENTER.b. At the domainrename prompt type: random /listc. Save a copy of the domainlist.xml file as domainlistsave.xmlin the same directory.d. Change the domain NetBIOS name by editing the sectionsbetween in thedomainlist.xml file and save the changes.e. At the domainrename prompt type: random /showforest toverify that your changes are correct.f. At the domainrename prompt type: random /upload and viewthe contents ofdclist.xmlg. On all domain controllers within the forest run the followingsyntax: repadmin /syncall /Ph. At the domainrename prompt type: random /prepare andverify in the dslist.xml that prepare< /STATE > istrue for all DCs.

i. At the domainrename prompt type: random /execute andverify in the dslist.xml that done< /STATE > is truefor all DCsj. All the machines in the forest will automatically reboot.k. Logon and run the command below.Run GPFixup /oldnb:OldDomainNetBIOSName /Newnb:NewDomainNetBIOSName/dc:DCdnsNameRestart all odd numbered domain controllers in the domain/forest. After logon, all the evenlynumbered domain controllers must be restarted.Run repadmin /syncall /P on all the domain controllers in the forest. If you get an error messagerestart the computer again and retry the command again.NOTE: The control station might need to be rebooted twice before the command will work.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 16 Setup and Test Cross Forest TrustsInstructor Note: review with students trust directions. Make sure they know the difference betweentrusted and trusting.

ObjectivesAfter completing this lab, you will be able to create cross-forest trust relationships and administerthese cross-forest trusts.

PrerequisitesKnowledge on the different types of trust relationships

Multiple Active Directories should be configured as per exercise 1 Lab 02

Multiple Forest should have be created within the classroom environmentReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalStudents will work as a team during this exercise. A Forest Trust relationship needs to beimplemented between the following forests:

Forest A and Forest C.

Forest E and Forest G.

Forest C and W2K3.Net forest

Forest G and W2K3.Net forest


30/50

Tasks Detailed Steps1. Create a two-way trustrelationship between twoforests within the classroom.a. Open Active Directory Domains and Trusts, select thedomain and click Properties.b. In Properties of the domain click Trusts and click NewTrust.c. On the Welcome to the New Trust Wizard page, click Next.d. In the Trust Name page, underName enter the NetBIOSname of the forest root domain you want to trust, click Next.e. On the Trust Type page, select Forest Trust and click Next.f. On the Direction of Trust page, select Two-Way and clickNext.g. On Sides of Trust page, select Both this domain and thespecified domain, click Next.h. On the User Name and Password page, enterAdministrator into the User Name box and password intothe Password box, click Next.i. On the Outgoing Trust Authentication Level Local

Forest page, select Forest-wide authentication and clickNext.j. On the Outgoing Trust Authentication Level SpecifiedForest page, select Forest-wide authentication and clickNext.k. On the Trust Selections Complete page, review the settingsand click Next.l. On the Trust Creation Complete page, review settings andclick Next.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

m. On the Confirm Outgoing Trust page, select Yes, confirmthe outgoing trust, click Next.n. On the Confirm Incoming Trust page, select Yes, confirmincoming trust, click Next.o. On the Completing the New Trust Wizard page, clickFinish.p. Click OK to close the domainx.com properties page and closeActive Directory Domains and Trusts.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 2 Test cross forest resource accessTasks Detailed Steps1. Create a folder called forestand share it as forest. Giveusers from a different forestthe Change rights

permission to the directoryshared directory.a. On the servers create a directory called Forest and share thedirectory as Forest.b. Click Permissions in Forest Properties.c. Click Add underPermissions for Forest.d. On the Select Users, Computers, or Groups clickLocationse. Click DomainX.com (Where X is the domain letter with how


31/50

you created a forest trust with) then click OK.f. In Enter the object names to select type in Domain Usersand click Check Names, click OK.g. In the windows forPermissions for Domain Users selectAllow Change, click OK.h. Click OK to close Forest Properties.2. a. Logon as a user that was created earlier.b. From the Run command type: \\serverx\forest (where X is theserver number), click OK.c. Once open right-click in the blank area, select new and thenselect bitmap image, press ENTER.d. Close the window. This has allowed you to create a file onthe server in a different forest.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 3 Test cross forest delegationsTasks Detailed Steps1. Create an OU calledDelegateX (where X is yourstudent number) and assign

the Domain Admins in thetrusted domain access tocreate and delete users.a. Open Active Directory Users and Computers and click onthe Users Container.b. Create an OU called DelegateX (Where X is your studentnumber)c. Right-click the OU and click Delegate Controld. On the Welcome to the Delegation of Control Wizard, clickNext.e. On the Users or Groups page, click Add, click Locationsand highlight the second forest then click OK.f. In the Enter the object names to select type Domain Admins

and click Check Names, click OK.g. On the Users or Groups page, ensure thatDomainX\Domain Admins is selected, click Next.h. On the Tasks to Delegate page, select Create, delete, andManage user accounts, click Next.i. On the Completing the Delegation of Control Wizard page,click Finish.j. Logof from the computerReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

2. Test the Delegation bycreating a User account inthe OU in your partnersforest domain.

Logon as a user with Domain Admin rights before starting thisexercise. The user must not be the Administrator account.a. Open Active Directory Users and Computers, right-clickyour domain and select Connect to Domain.b. On the Connect to Domain page, type the domain name into which you want to connect and click OK.c. Expand the domain to which you connected and click the OUcalled DelegationX (where X is will be the student number ofthe user that administers that domain).


32/50

d. Right-click the OU and click NewUser.e. Type a user name into the following boxes: First name andUser logon Name, click Next.f. Type in password in the Password and Confirm passwordboxes, click Next.g. Review the details and click Finish.Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop


Lab 17 IISObjectivesAfter completing this lab, you will be able to:

Installing and Configuring IIS

Determine which Isolation mode your IIS server is.

View the different processes currently running

Creating Application Pools

Recycling Processes

PrerequisitesKnowledge of IIS

Lab SetupA computer running Windows Server 2003 Enterprise configured as a Domain Controller.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalThe goal of this exercise is to install and configure IIS for the rest of the exercises.Tasks Detailed StepsThis Exercise can be performed by all Students1. View or change theApplication Isolation Modeusing IIS Managera. Click StartMange Your Server

b. On Mange Your Server

Add or Remove a Rolec. On the Configure Server Wizard Page click Next.d. On the Server Role Page click Application Server (IIS,ASP.Net) and click Next.e. In the Application Server Option Page leave as default andclick Nextf. On the summary page click Nextg. This starts the installation and configuration of IIS.h. Once completed click Finishi. On the Manage your Server page click Manage thisApplication Serverj. Browse around the interface to familiarize yourself with theinterface.Released: 4/16/2003 Microsoft Windows Server 2003 Expert Workshop


Exercise 2GoalThe goal of this exercise is to establish in which isolation mode your current IIS server is running in.Tasks Detailed StepsThis Exercise can be performed by all Students1. View or change theApplication Isolation Modeusing IIS Manager


33/50

a. Open the IIS snap-in (Click Start, click Programs, clickAdministrative Tools, and then click Internet InformationServices)b. Right click on the Web Sites folder and choose Propertiesc. Click on the Service tabd. View the status of the checkbox labeled Isolation Modee. If the box is unchecked, you are running in worker processisolation modef. If the box is checked, you are running in IIS5 Isolation Modeg. Verify that the check box is unchecked uncheck ifnecessary(You will be required to run in worker process isolation mode forthe remainder of these exercises)h. Click Applyi. You will now be prompted to restart the Web services; clickYes to restart IIS. After IIS restarts, click OK to close theWeb Sites properties sheet. Verify the Application Poolsfolder is present.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 3GoalIn this exercise, you will use a VBScript to view process information.Tasks Detailed StepsThis Exercise can be performed by all Students1. Execute the listw3wp.vbs toview process informationa. From the command prompt, change directory to the pathcontaining the script file listw3wp.vbs. It should be C:\IISb. Execute the command: listw3wp.vbsc. If there are no worker processes running, you should see amessage indicating there are no running w3wp.exe instances

d. To view worker processes using the script, navigate to anylocal URL using Internet Explorer, such as http://localhost(disregard the page that is returned)e. Re-run listw3wp.vbs and you should see the Process ID (PID)and the Application Pool name of the running worker process.Note: You must be running your server in worker processisolation mode for this exercise to work, and for listw3wp to returninformation. If your configuration is running in IIS5 isolationmode, or you are unsure of the mode, revisit the first exercise onisolation modes.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 4

GoalIn this exercise you will create a new application pool, and assign a virtual directory to

that application.Tasks Detailed StepsThis Exercise can be performed by all Students1. Create a virtual directory a. Open a command windowb. To use iisvdir, type the following command at the commandline: iisvdir /?c. This will display the command line parameters for using the


34/50

tool.d. Create a virtual directory named myvdir. Execute thecommand: iisvdir /create default web site myvdirC:\tempvdire. Verify that the command completed successfully by viewingthe message displayed in the command window.f. Create a default HTML page to the virtual directory. Click theStart button, select Run and enter: notepadc:\tempvdir\default.asp. When prompted to create the file,select Yes. In your html page, type the following lineApplication Pool Test Pageg. Save the file in the c:\tempvdir folder. Make sure you havecorrectly named it as default.asph. View by navigating to the URL: http://localhost/mydir/ usingInternet Explorer to verify the virtual directory is workingproperlyi. If the Internet Explorer Enhanced Security Configurationis enabled dialog box appears select the tick box and clickOK. (Do not change any settings the lab will work with thecurrent configuration)

j. Note: if Active Server Pages have not been enabled on yourserver, you will receive a 404 error message. To enableActive Server Pages, do the following:a. Open IIS Manager if not already opedb. Expand your serverReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

c. Click on Web Service Extensionsd. On the right pane click Active Service Pages and clickAllowe. This will enable Active Service Pages.k. Retry http://localhost/mydir2. Create a new Applicationpoola. Open the IIS snap-in (Click Start, click Programs, clickAdministrative Tools, and then click Internet InformationServices)b. Expand the Application Pools node.c. Right-click on Application Pools, and choose New, thenchoose Application Pool. The Add New Application Pooldialog box appears. EnterMyAppPoolfor the ApplicationPool ID.d. Click OK. The application pool has now been created. Younow need to add the virtual directory you created in theprevious step to this application pool.3. Assign the mydir virtualdirectory the application pool

a. Expand the Web Sites node, Expand the Default Web Site.b. Right-click the virtual directory named myvdir, and chooseProperties.c. Click the Virtual Directory tab.d. At the bottom you will see a drop-down box forApplicationPool. Click on the drop-down box and choose MyAppPool.e. Click Apply, and then OK to save your changes.4. Verify that your application isrunning in its own application


35/50

poola. Browse to http://localhost/mydirb. At the command line, execute the script listw3wp.vbs, you willsee an instance of the worker process running yourapplication pool.c. Optional Step, navigate to other web sites on the localmachine that are not in the same application pool, such ashttp://localhost (which is in the Default Application Pool bydefault). You will see separate instances of worker processeswhen you run the listw3wp.vbs script.d. Optional Step: modify your c:\tempvdir\default.asp page toinclude the following line: My app pool ID is[] Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

e. And refresh http://localhost/mydir. You should see your newlycreated MyAppPool in the textReleased: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 5

GoalIn this exercise, you will configure the application pool you created in the previous exercise to recycleafter a certain number of requests have been processed.Tasks Detailed StepsThis Exercise can be performed by all Students1. Configure the applicationpool to recycle after 5requestsa. Open IIS Manager if not already openb. Expand the Application Pools node, right-click theMyAppPool node, and choose Properties.c. On the MyAppPool Properties dialog box, click theRecycling tab.

d. Check the Recycle worker process after check box.Change Number of Requests from the default of 35000 to 5e. Click Apply, and then click OK.2. Test the recycling settings a. Browse to http://localhost/mydirin Internet Explorer.b. From the command line, run listw3wp.vbs to gather theProcess ID (PID) information, and remember this process IDnumber forMyAppPoolc. From Internet Explorer, click on the refresh button twiced. Re-run the command line script and verify the PID is still thesamee. From Internet Explorer, refresh the page 3x timesf. Run the command line script again and verify the PID haschanged. If the PID is different, that means a new process is

running in place of the original one. Thus, recycling of theworker process after five requests has completedsuccessfully.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 18 Terminal Services (Optional)ObjectivesAfter completing this lab, you will be able to:

Configure Remote Desktop on a computer running Windows Server 2003


36/50

Connect to a computer running Remote Desktop.

Install Terminal Services

PrerequisitesBefore working with this lab, you must have knowledge of Terminal Services concepts andoperations.

Knowledge of Remote Desktop concepts and operations are also required.

Lab SetupA computer running Windows Server 2003 Enterprise Server that is configured as a DomainController.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GoalThis exercise will be performed by all students. Here you will connect to your partners computer bymeans of the Remote Desktop Connection. Note that Terminal Server Remote Administration isinstalled by default. After you have connected to your partners computer you need to install TerminalServices in Application mode.Tasks Detailed Steps1. Perform the following Tasks:

Enable Remote DesktopConnect to server usingRemote DesktopConnection.This exercise can be done from both computers at the same time.a. Open System underControl Panel and select Remote.b. Click to select Allow users to connect to this computer.c. A message appears, read the message and click OK to themessage and then OK to close System Properties.d. Connect as Administrator to your partners machine using theRemote Desktop Connection.e. Browse your partners computer and then logoff.

Connect to Remote

DesktopPerform this exercise from the first partner and then repeat the labfor the second partner.a. Ask your partner to open Notepad on his/her machine andleave it open.b. On your machine open Administrative Tools and select toopen Remote Desktops.c. Right-click Remote Desktops and select Add newconnection.d. In the Add new connection page, type in the Server Nameor IP address and give it a Connection Name.e. Under the Logon information enter the administrator anddomain details in, and click OK.

f. Under Remote Desktop click the Connection Name youcreated.g. In Notepad add some text, but do not close the application.h. Disconnect form the server.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

i. Once disconnected ask your partner to logon.j. Your partner should see the text in Notepad that you entered.Install Terminal Services inApplication Mode.


37/50

a. Open Add and Remove Programs, and select Add/RemoveWindows Components.b. On the Windows Components page, select TerminalServer and click Next.c. On the Terminal Server Setup page, review the messageand click Next.d. On the Terminal Server Setup page, select Full Securityand click Next.e. On the Completing the Windows Components Wizardpage, click Finish.f. Restart the Computer.g. Logon as Administrator and close the Terminal Server helpmenu.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 19 Remote Assistant (Optional)ObjectivesAfter completing this lab, you will be able to:

Send a Remote Assistance invitation

Respond to a Remote Assistance invitationPrerequisitesA computer running Windows Server 2003

ScenarioYou are responsible for providing technical support to users within your company. They are havingtrouble open or doing some of their day-to-day tasks. It is your responsibility to assist them with theirproblems by using Remote Assistance.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 1GaolStudents will be working in pars during this exercise. The goal of this lap is to get familiar with theremote assistant features within Windows 2003 Advance server.

Tasks Detailed Steps1. Perform the following Tasks:

Enable RemoteAssistant.a. Open System underControl Panel and select Remote.b. Click to select Turn on Remote Assistance and allowinvitations to be sent from this computer.c. A message appears read the message and click OK to themessage and then OK to close System Properties.2. Create an Invite and savethe invite to c:\tempa. Click StartAll programs and then click RemoteAssisstance.

b. In Help and Support Centre underRemote Assistance,Click Invite someone to help you.c. On the Remote Assistance Pick how you want tocontact your assistant, scroll down to the bottom of thepage, and then click Save invitation as a file (Advanced).d. On Remote Assistance Save Invitation page, verify thatadministrator appears and the expiration time is set to 2hours and then click Continuee. On Remote Assistance Save Invitation page, verify that


38/50

Require the recipient to use a password is selected, in theType Password and Confirm Password boxes, typepassword and the click Save Invitation.f. In the Save file dialog box, in the Save in drop-down list, clickthe down arrow, select c:\temp, in the filename box type yourname and then click Save.g. On the Your invitation has been saved successfully to:page, click View the status of all my invitations.h. Close Help and Support Center.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Exercise 2 Responding to an InvitationTasks Detailed StepsImportant: The person responding to the invitation will be the helper, and the person who sent theinvitation will be the end user. Each task will be for either the helper or the end user. You and yourpartner will decide who will be the helper and who will be the end user.1. Copy the Remote assistancefile to your local computer.Logon as administrator andtype in the password under

the Remote Assistanceinvitation box.From both machines copy the Remote Assistance file to you localmachine.a. Log on to the domain as Administrator, with a password ofpassword.b. Double click your partners remote assistance file.c. In the Remote Assistance Invitation dialog box, typepassword in the Password box, and then click Yes.Important: Task two is for the end user.2. Start an application on yourcomputer and then acceptthe invitation.

a. Click Start, click All Programs, click Accessories, and thenclick WordPad.b. Restore the Remote Assistance dialog box if it is not in theforeground, and the click Yes on the message Do you wantto let this person view your screen and chat with you?c. Type some text in the chat session box, and the click Send.Important: Task three is for the helper.3. Respond to your partnerschat session.a. Respond to your partners chat session by typing in the box at the lower left, and then clicking Send.b. Attempt to click on any item on yourpartners computer. Atthis point you can only view the desktop.

c. On the Chat History title bar, click the chevron next to HideChat.d. On the Remote Assistance menu, click Take Control.e. In the Remote Assistance Web Page dialog box, clickYes.Important: Task four is for the end user.4. When prompted, let yourpartner take control of yourcomputer.a. When prompted, DO you want to let Administrator take


39/50

control of your computer, click Yes.b. In the chat box, explain to your partner the helper that youneed to know how to bold text in a WordPad document.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

c. Restore WordPad and type some text in to the document.Important: Task five is for the helper. The helperhas control of the end users computer. Both people

can perform tasks on the computer.5. Perform tasks on yourpartners computera. On the Remote AssistanceWeb Page Dialog messagebox, click OK.b. With the WordPad document in the foreground and textentered highlight the text and then click the Bold button.c. Click Disconnect and then close the Help and SupportCenter window.d. Close all open windows, and then log off.Important: Task six is for the end user.6. Close all open windows andthen log off

Close all open windows, and then log off.Released: 4/16/2003 Microsoft Windows Server 2003 Expert WorkshopHands-on Lab Exercises

Lab 20 Create Software Restriction Policy(Optional)ObjectivesAfter completing this lab, you will be able to create a software restriction policy for your users.

PrerequisitesUnderstand how Group Policy Objects works.

Understa

ad lab tasks

Documents