iLab 2 of 7: Organizing Resources
Submit your assignment to the Dropbox located on the silver tab at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due date information.)
Connect to the iLab here.
• Before beginning work, connect to your virtual lab platform (Skillsoft / Element K).
NOTE:
• There are two sections to this week’s iLab assignment. Be sure to complete both sections in order to receive full credit. o Lab 2a: Install and Configure Active Directory o Lab 2b: Organize Users and Groups
Additional Resource
You may find this resource helpful as you prepare to complete the lab.
• Advanced Configuration and Organizing Resources
LAB 2A OVERVIEW
Scenario and Summary
• You will explore Server Manager, install Active Directory, and add a Windows 7 PC to the domain. iLAB STEPS
TASK 1: Explore Server Manager
STEP 1: Explore the Basic Information in Server Manager
Back to Top
Action
1. Log on with a user name of Administrator and a password of password. It may ask about the network type. Click Work, then click Close.
2. Click the Server Manager icon in the lower left, to the right of the Start button.
3. Notice the Server information in the right pane. Scroll down to find out the following information, and put the answers in the lab report.
1. Is the firewall turned on?
2. What is the name of the link for the IE Enhanced Security Configuration?
3. Which link allows you to change the computer name? (You may have to try a few links for this one.)
Insert a screenshot into your lab report of the configuration screen (#1).
STEP 2: Explore Diagnostics
Back to Top
Action: Expand all the items under Diagnostics in the left pane except Event Viewer-Applications and Services-Microsoft (because there are way too many items).
Insert two screenshots into your lab report showing the diagnostics in the left pane (#2 and #3).
STEP 3: Install and Test Telnet
Back to Top
Action
1. Right-click Features and click Add Features.
2. Select the Telnet Client feature (not the telnet server).
3. Click Next, then click Install. After it installs, click Close.
4. Click Start -> Command Prompt.
5. Type “telnet” to show that it is installed.
Insert a screenshot into your lab report (#4).
TASK 2: Install Active Directory
STEP 1: Add Active Directory Role
Back to Top
Action
1. In order to add the Active Directory role, start by right-clicking Roles and clicking Add Roles.
2. Click Next, and the Select Server Roles dialog box appears.
3. Select Active Directory Domain Services.
4. Click Next and the Active Directory Domain Services dialog box opens.
5. Click Next and the Confirm Installation Services dialog box opens.
6. Click Install to start the first part of the Active Directory installation. It can take a few minutes. Be patient.
7. Notice the message that states, “Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).” This wizard just added the role. Next, we will have to install the actual Active Directory Domain Services.
8. Click Close. Minimize the Server Manager window.
9. Click Start and click Command Prompt.
STEP 2: Install Active Directory
Back to Top
Action
1. At the command prompt type “dcpromo” and press Enter. The Active Directory Domain Services Installation Wizard starts.
2. Click Next. The Operating System Compatibility dialog box opens.
3. Click Next. The Choose a Deployment Configuration dialog box opens.
4. Select the Create a new domain in a new forest option and click Next. The Name the Forest Root Domain dialog box opens.
5. Type “experimental.lab” in the text box. Note that we do not have to have a domain name compatible with the Internet. Click Next. The Set Forest Functional Level dialog box opens.
6. Using the combo box, select Windows Server 2008. Note that the only difference mentioned has to do with the Recycle Bin. Click Next. The Additional Domain Controller Options dialog box opens.
7. Leave the DNS server selected and click Next.
8. You will see a warning about dynamically assigned addresses. Click Yes, the computer will use a dynamically assigned IP address (not recommended).
9. Click Yes to continue. The Location for Database, Log Files, and SYSVOL dialog box opens.
10. Click Next. The Directory Services Restore Mode Administrator Password dialog box opens.
11. Type “RestoreSec#” in both text boxes and click Next.
12. Click Next at the Summary dialog box.
13. Select Reboot on Completion and be patient. When it is finished, it will start the rebooting process. You will get an error stating the VNC viewer has lost the connection. Click OK on the error message. Close the viewer and wait a couple of minutes until you click the Server icon again. Once you click the server icon and it connects, click Send Ctrl-Alt-Del.
14. Enter the password (password). Click OK. Change it to Password! (remember to end the password with an exclamation point). The system will notify you that the password has changed. Click OK.
15. Click the Server Manager icon.
Insert a screenshot into your lab report of the Server Manager, which will show the domain (#5).
TASK 3: Add PC to Domain
STEP 1: Add Windows 7 to the Domain
Back to Top
Action
1. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
2. Log on to the PC as administrator and use the password of password. If it asks for a network type, click Work and click Close.
3. Click the Start icon in the lower left and click Control Panel.
4. Click the System and Security link in the upper left.
5. Click the System link.
6. Click the Change Settings link in the lower right. The System Properties window appears.
7. Click the Change button. The Computer Naming/Domain Changes dialog box opens. Under Member of, click the Domain option button and type “experimental.lab” for the domain name.
8. Press the OK button. (Actually, you could also type “experimental” instead of “experimental.lab”). The Windows Security dialog box opens.
9. Type “Administrator” and the password for the administrator, which is Password! then click OK. Soon you should see a message welcoming you to the domain.
10. Click OK, close the window, then click Restart.
11. As usual, whenever you restart click OK on the error message and close the window.
STEP 2: Use a Domain Log-On in Windows 7
Back to Top
Action
1. After Windows 7 reboots, click on the PC icon. Notice that the log-on screen has changed. Now click the Send Ctrl-Alt-Delete button. The default logon is PC-1\Administrator.
2. Click Switch User then Other User. For the user name, type “experimental\administrator,” and for the password, type “Password!”
3. Click the Start icon.
4. Right-click Computer and click Properties.
5. Notice that the full computer name shows the name of the domain.
Insert a screenshot into your lab report showing the name of the computer, including the domain (#6).
This is the end of the first part of this week’s lab. iLAB 2B OVERVIEW
Scenario and Summary
• You will add a user, log on as the user, create groups, and manage organizational units. iLAB STEPS
TASK 1: Add User and Log On as User
STEP 1: Add User
Back to Top
Action
1. Log on to the server with a user name of administrator and a password of Password! (don’t forget the exclamation point).
2. In Server Manager (the icon next to the Start button), expand Roles -> Active Directory Domain Services -> Active Directory Users and Computer -> experimental.lab. Click Users.
3. Right-click the Users folder, select New, and then User.
4. Use your own first name and last name. For the user log-on name, type the first letter of your first name followed by your last name. Click Next.
5. For the password, type a password of your choice. To meet complexity requirements, it must be at least seven characters long and have characters in three out of the following four character sets: uppercase letters, lowercase letters, digits, and special characters. Click Next. The summary appears with your name in it. Remember how to add a user. In future labs, you will have to know it.
6. Click Finish.
7. Minimize the server window.
STEP 2: Allow User to Log On; Then Log On as the User You Created
Back to Top
Because ElementK is a remote environment, we first have to allow the user to log on remotely. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
Action
1. Log on to the PC (the icon on the right) as experimental\administrator. Naturally, because you are using the same user as when you logged on to the server, the password is the same too. If the “Set Network Location” window opens, click Work Network, then Close.
2. Click Start, right-click Computer, and click Properties. The System window opens.
3. In the left panel, click Remote settings.
4. Under Remote Desktop, click the Select Users button.
5. In the Remote Desktop Users dialog box, click the Add button.
6. In the Select User or Groups dialog box, click the Advanced button.
7. Click the Find Now button.
8. Highlight your name and click the OK button.
9. You should see your name in the text box. Click the OK button.
10. In the remote Desktop Users dialog box, you should see your user name. Click the OK button.
11. Log off, then click the Send Ctrl-Alt-Delete button.
12. Click Switch User, then Other User. For the user name, type “experimental\” followed by your user name. Fill in the password you gave yourself.
13. Click the Start icon. You should see your name in the upper right of the pop-up.
Insert a screenshot into your lab report showing your name (#7).
TASK 2: Create Groups
STEP 1: Create a Domain Local Group
Back to Top
The typical process for creating security groups is to put users in global groups and then put global groups in domain local groups. The domain local groups are then associated with resources, and specific access permissions are given at this level. This may seem like extra work, but when you have hundreds or thousands of users and many dozens of resources, this makes management much easier. Our objective is to create a domain local group called DomainMgrs. We will create a global group called GlobalMgrs. We will put the user based on your name in GlobalMgrs and then GlobalMgrs into DomainMgrs. In a later lab, we will associate permissions.
Action
1. Log on to the server as administrator, and open Server Manager.
2. Expand the left panel in Server Manager until you get to the users folder and click Users.
3. One way to create a new object in the highlighted container is to do the following: Click Action on the menu and then click New, and follow by clicking Group.
4. For the Group Name, type DomainMgrs and select Domain local under Group scope. Click OK.
STEP 2: Create the GlobalMgrs Group
Back to Top
Action
1. This time, right-click in a blank space in the middle panel, click New, and then click Group.
2. For the Group name, type GlobalMgrs and leave the default of Global for the group scope. Click OK.
3. Now we need to put the user based on your name into the GlobalMgrs group. Double-click GlobalMgrs, click the Members tab and then click Add.
4. Click the Advanced button, then Find Now button and then scroll until you see your name. Click on the your name, then click OK.
5. You should see your name in the text box. Click OK.
6. Now you have the user as a member of GlobalMgrs.
Insert a screenshot into your lab report showing the username (#8).
1. Click OK. Remember how to create groups and add users! In future labs, you will have to know it.
2. We want to make GlobalMgrs a member of DomainMgrs, so double-click DomainMgrs, click the Members tab, and then click Add. Just type “G” in the text box, and when you click Check Names, all the objects beginning with “G” will display.
3. Select GlobalMgrs and click OK.
4. Click OK twice to get back to the screen that shows the contents of the user container in the middle panel.
Insert a screenshot into your lab report showing both groups in the middle panel (#9).
TASK 3: Manage Organizational Units
STEP 1: Create an Organizational Unit
Back to Top
Action
1. In Server Manager, expand Active Directory until you see the domain name.
2. Right-click experimental.lab, select New, and click Organizational Unit.
3. For the name, type Sales. Notice that by default “Protect container from accidental deletion” is checked. That is good. Click OK. TheO is put in the left pane.
STEP 2: Create an OU and Delete It
Back to Top
Action
1. Create an OU based on your last name. Then try to delete it by right-clicking it and clicking Delete. Then, when it asks, “Are you sure,” click Yes. You will get a message stating that you have insufficient privileges.
2. Right-click on the OU based on your last name and click Properties. As you can see, there isn’t much.
3. On the menu, click View, then click Advanced Features.
4. Right-click the OU with your last name, click Properties, and then click Object. Uncheck “Protect object from accidental deletion.”
Insert a screenshot into your lab report (#10).
1. Click OK. Now delete the OU based on your last name.
STEP 3: Make User With Your Name the Manager of the Sales OU
Back to Top
Action
1. Open the Users container, and drag the user with your name to the Sales OU. A dialog box opens. It is stating that OUs have different group policies so the user may have different rights. Don’t worry about it. We will cover group policies later. Click Yes.
2. Now we want to delegate some administrative privileges to the user in the container. Right-click on the Sales container, and click Delegate Control… A wizard opens.
3. Click Next.
4. Click Add. In the text box, you can just type your first name and click Check Names. Select your name and click OK.
5. Click Next. The Tasks to Delegate dialog box opens.
6. Check the first two items in the list to delegate, which are “Create, delete and manage user accounts” and “Reset user passwords and force password change at next logon.” Click Next.
7. Scroll down to see all the information.
Insert a screenshot into your lab report showing your name and the delegations (#11).
1. Click Finish.
Once delegated, you might wonder how a user can, for example, reset a password for another user in the OU. You probably don’t want to give the user log-on privileges on the server. Another alternative is to have the user download the “Remote Server Administration Tools Windows 7.” (That is beyond the scope of this course.)
STEP 4: Complete Lab Report
iLab 2 of 7: Organizing Resources
Submit your assignment to the Dropbox located on the silver tab at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due date information.)
Connect to the iLab here.
• Before beginning work, connect to your virtual lab platform (Skillsoft / Element K).
NOTE:
• There are two sections to this week’s iLab assignment. Be sure to complete both sections in order to receive full credit. o Lab 2a: Install and Configure Active Directory o Lab 2b: Organize Users and Groups
Additional Resource
You may find this resource helpful as you prepare to complete the lab.
• Advanced Configuration and Organizing Resources
LAB 2A OVERVIEW
Scenario and Summary
• You will explore Server Manager, install Active Directory, and add a Windows 7 PC to the domain. iLAB STEPS
TASK 1: Explore Server Manager
STEP 1: Explore the Basic Information in Server Manager
Back to Top
Action
1. Log on with a user name of Administrator and a password of password. It may ask about the network type. Click Work, then click Close.
2. Click the Server Manager icon in the lower left, to the right of the Start button.
3. Notice the Server information in the right pane. Scroll down to find out the following information, and put the answers in the lab report.
1. Is the firewall turned on?
2. What is the name of the link for the IE Enhanced Security Configuration?
3. Which link allows you to change the computer name? (You may have to try a few links for this one.)
Insert a screenshot into your lab report of the configuration screen (#1).
STEP 2: Explore Diagnostics
Back to Top
Action: Expand all the items under Diagnostics in the left pane except Event Viewer-Applications and Services-Microsoft (because there are way too many items).
Insert two screenshots into your lab report showing the diagnostics in the left pane (#2 and #3).
STEP 3: Install and Test Telnet
Back to Top
Action
1. Right-click Features and click Add Features.
2. Select the Telnet Client feature (not the telnet server).
3. Click Next, then click Install. After it installs, click Close.
4. Click Start -> Command Prompt.
5. Type “telnet” to show that it is installed.
Insert a screenshot into your lab report (#4).
TASK 2: Install Active Directory
STEP 1: Add Active Directory Role
Back to Top
Action
1. In order to add the Active Directory role, start by right-clicking Roles and clicking Add Roles.
2. Click Next, and the Select Server Roles dialog box appears.
3. Select Active Directory Domain Services.
4. Click Next and the Active Directory Domain Services dialog box opens.
5. Click Next and the Confirm Installation Services dialog box opens.
6. Click Install to start the first part of the Active Directory installation. It can take a few minutes. Be patient.
7. Notice the message that states, “Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).” This wizard just added the role. Next, we will have to install the actual Active Directory Domain Services.
8. Click Close. Minimize the Server Manager window.
9. Click Start and click Command Prompt.
STEP 2: Install Active Directory
Back to Top
Action
1. At the command prompt type “dcpromo” and press Enter. The Active Directory Domain Services Installation Wizard starts.
2. Click Next. The Operating System Compatibility dialog box opens.
3. Click Next. The Choose a Deployment Configuration dialog box opens.
4. Select the Create a new domain in a new forest option and click Next. The Name the Forest Root Domain dialog box opens.
5. Type “experimental.lab” in the text box. Note that we do not have to have a domain name compatible with the Internet. Click Next. The Set Forest Functional Level dialog box opens.
6. Using the combo box, select Windows Server 2008. Note that the only difference mentioned has to do with the Recycle Bin. Click Next. The Additional Domain Controller Options dialog box opens.
7. Leave the DNS server selected and click Next.
8. You will see a warning about dynamically assigned addresses. Click Yes, the computer will use a dynamically assigned IP address (not recommended).
9. Click Yes to continue. The Location for Database, Log Files, and SYSVOL dialog box opens.
10. Click Next. The Directory Services Restore Mode Administrator Password dialog box opens.
11. Type “RestoreSec#” in both text boxes and click Next.
12. Click Next at the Summary dialog box.
13. Select Reboot on Completion and be patient. When it is finished, it will start the rebooting process. You will get an error stating the VNC viewer has lost the connection. Click OK on the error message. Close the viewer and wait a couple of minutes until you click the Server icon again. Once you click the server icon and it connects, click Send Ctrl-Alt-Del.
14. Enter the password (password). Click OK. Change it to Password! (remember to end the password with an exclamation point). The system will notify you that the password has changed. Click OK.
15. Click the Server Manager icon.
Insert a screenshot into your lab report of the Server Manager, which will show the domain (#5).
TASK 3: Add PC to Domain
STEP 1: Add Windows 7 to the Domain
Back to Top
Action
1. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
2. Log on to the PC as administrator and use the password of password. If it asks for a network type, click Work and click Close.
3. Click the Start icon in the lower left and click Control Panel.
4. Click the System and Security link in the upper left.
5. Click the System link.
6. Click the Change Settings link in the lower right. The System Properties window appears.
7. Click the Change button. The Computer Naming/Domain Changes dialog box opens. Under Member of, click the Domain option button and type “experimental.lab” for the domain name.
8. Press the OK button. (Actually, you could also type “experimental” instead of “experimental.lab”). The Windows Security dialog box opens.
9. Type “Administrator” and the password for the administrator, which is Password! then click OK. Soon you should see a message welcoming you to the domain.
10. Click OK, close the window, then click Restart.
11. As usual, whenever you restart click OK on the error message and close the window.
STEP 2: Use a Domain Log-On in Windows 7
Back to Top
Action
1. After Windows 7 reboots, click on the PC icon. Notice that the log-on screen has changed. Now click the Send Ctrl-Alt-Delete button. The default logon is PC-1\Administrator.
2. Click Switch User then Other User. For the user name, type “experimental\administrator,” and for the password, type “Password!”
3. Click the Start icon.
4. Right-click Computer and click Properties.
5. Notice that the full computer name shows the name of the domain.
Insert a screenshot into your lab report showing the name of the computer, including the domain (#6).
This is the end of the first part of this week’s lab. iLAB 2B OVERVIEW
Scenario and Summary
• You will add a user, log on as the user, create groups, and manage organizational units. iLAB STEPS
TASK 1: Add User and Log On as User
STEP 1: Add User
Back to Top
Action
1. Log on to the server with a user name of administrator and a password of Password! (don’t forget the exclamation point).
2. In Server Manager (the icon next to the Start button), expand Roles -> Active Directory Domain Services -> Active Directory Users and Computer -> experimental.lab. Click Users.
3. Right-click the Users folder, select New, and then User.
4. Use your own first name and last name. For the user log-on name, type the first letter of your first name followed by your last name. Click Next.
5. For the password, type a password of your choice. To meet complexity requirements, it must be at least seven characters long and have characters in three out of the following four character sets: uppercase letters, lowercase letters, digits, and special characters. Click Next. The summary appears with your name in it. Remember how to add a user. In future labs, you will have to know it.
6. Click Finish.
7. Minimize the server window.
STEP 2: Allow User to Log On; Then Log On as the User You Created
Back to Top
Because ElementK is a remote environment, we first have to allow the user to log on remotely. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
Action
1. Log on to the PC (the icon on the right) as experimental\administrator. Naturally, because you are using the same user as when you logged on to the server, the password is the same too. If the “Set Network Location” window opens, click Work Network, then Close.
2. Click Start, right-click Computer, and click Properties. The System window opens.
3. In the left panel, click Remote settings.
4. Under Remote Desktop, click the Select Users button.
5. In the Remote Desktop Users dialog box, click the Add button.
6. In the Select User or Groups dialog box, click the Advanced button.
7. Click the Find Now button.
8. Highlight your name and click the OK button.
9. You should see your name in the text box. Click the OK button.
10. In the remote Desktop Users dialog box, you should see your user name. Click the OK button.
11. Log off, then click the Send Ctrl-Alt-Delete button.
12. Click Switch User, then Other User. For the user name, type “experimental\” followed by your user name. Fill in the password you gave yourself.
13. Click the Start icon. You should see your name in the upper right of the pop-up.
Insert a screenshot into your lab report showing your name (#7).
TASK 2: Create Groups
STEP 1: Create a Domain Local Group
Back to Top
The typical process for creating security groups is to put users in global groups and then put global groups in domain local groups. The domain local groups are then associated with resources, and specific access permissions are given at this level. This may seem like extra work, but when you have hundreds or thousands of users and many dozens of resources, this makes management much easier. Our objective is to create a domain local group called DomainMgrs. We will create a global group called GlobalMgrs. We will put the user based on your name in GlobalMgrs and then GlobalMgrs into DomainMgrs. In a later lab, we will associate permissions.
Action
1. Log on to the server as administrator, and open Server Manager.
2. Expand the left panel in Server Manager until you get to the users folder and click Users.
3. One way to create a new object in the highlighted container is to do the following: Click Action on the menu and then click New, and follow by clicking Group.
4. For the Group Name, type DomainMgrs and select Domain local under Group scope. Click OK.
STEP 2: Create the GlobalMgrs Group
Back to Top
Action
1. This time, right-click in a blank space in the middle panel, click New, and then click Group.
2. For the Group name, type GlobalMgrs and leave the default of Global for the group scope. Click OK.
3. Now we need to put the user based on your name into the GlobalMgrs group. Double-click GlobalMgrs, click the Members tab and then click Add.
4. Click the Advanced button, then Find Now button and then scroll until you see your name. Click on the your name, then click OK.
5. You should see your name in the text box. Click OK.
6. Now you have the user as a member of GlobalMgrs.
Insert a screenshot into your lab report showing the username (#8).
1. Click OK. Remember how to create groups and add users! In future labs, you will have to know it.
2. We want to make GlobalMgrs a member of DomainMgrs, so double-click DomainMgrs, click the Members tab, and then click Add. Just type “G” in the text box, and when you click Check Names, all the objects beginning with “G” will display.
3. Select GlobalMgrs and click OK.
4. Click OK twice to get back to the screen that shows the contents of the user container in the middle panel.
Insert a screenshot into your lab report showing both groups in the middle panel (#9).
TASK 3: Manage Organizational Units
STEP 1: Create an Organizational Unit
Back to Top
Action
1. In Server Manager, expand Active Directory until you see the domain name.
2. Right-click experimental.lab, select New, and click Organizational Unit.
3. For the name, type Sales. Notice that by default “Protect container from accidental deletion” is checked. That is good. Click OK. TheO is put in the left pane.
STEP 2: Create an OU and Delete It
Back to Top
Action
1. Create an OU based on your last name. Then try to delete it by right-clicking it and clicking Delete. Then, when it asks, “Are you sure,” click Yes. You will get a message stating that you have insufficient privileges.
2. Right-click on the OU based on your last name and click Properties. As you can see, there isn’t much.
3. On the menu, click View, then click Advanced Features.
4. Right-click the OU with your last name, click Properties, and then click Object. Uncheck “Protect object from accidental deletion.”
Insert a screenshot into your lab report (#10).
1. Click OK. Now delete the OU based on your last name.
STEP 3: Make User With Your Name the Manager of the Sales OU
Back to Top
Action
1. Open the Users container, and drag the user with your name to the Sales OU. A dialog box opens. It is stating that OUs have different group policies so the user may have different rights. Don’t worry about it. We will cover group policies later. Click Yes.
2. Now we want to delegate some administrative privileges to the user in the container. Right-click on the Sales container, and click Delegate Control… A wizard opens.
3. Click Next.
4. Click Add. In the text box, you can just type your first name and click Check Names. Select your name and click OK.
5. Click Next. The Tasks to Delegate dialog box opens.
6. Check the first two items in the list to delegate, which are “Create, delete and manage user accounts” and “Reset user passwords and force password change at next logon.” Click Next.
7. Scroll down to see all the information.
Insert a screenshot into your lab report showing your name and the delegations (#11).
1. Click Finish.
Once delegated, you might wonder how a user can, for example, reset a password for another user in the OU. You probably don’t want to give the user log-on privileges on the server. Another alternative is to have the user download the “Remote Server Administration Tools Windows 7.” (That is beyond the scope of this course.)
STEP 4: Complete Lab Report
iLab 2 of 7: Organizing Resources
Submit your assignment to the Dropbox located on the silver tab at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due date information.)
Connect to the iLab here.
• Before beginning work, connect to your virtual lab platform (Skillsoft / Element K).
NOTE:
• There are two sections to this week’s iLab assignment. Be sure to complete both sections in order to receive full credit. o Lab 2a: Install and Configure Active Directory o Lab 2b: Organize Users and Groups
Additional Resource
You may find this resource helpful as you prepare to complete the lab.
• Advanced Configuration and Organizing Resources
LAB 2A OVERVIEW
Scenario and Summary
• You will explore Server Manager, install Active Directory, and add a Windows 7 PC to the domain. iLAB STEPS
TASK 1: Explore Server Manager
STEP 1: Explore the Basic Information in Server Manager
Back to Top
Action
1. Log on with a user name of Administrator and a password of password. It may ask about the network type. Click Work, then click Close.
2. Click the Server Manager icon in the lower left, to the right of the Start button.
3. Notice the Server information in the right pane. Scroll down to find out the following information, and put the answers in the lab report.
1. Is the firewall turned on?
2. What is the name of the link for the IE Enhanced Security Configuration?
3. Which link allows you to change the computer name? (You may have to try a few links for this one.)
Insert a screenshot into your lab report of the configuration screen (#1).
STEP 2: Explore Diagnostics
Back to Top
Action: Expand all the items under Diagnostics in the left pane except Event Viewer-Applications and Services-Microsoft (because there are way too many items).
Insert two screenshots into your lab report showing the diagnostics in the left pane (#2 and #3).
STEP 3: Install and Test Telnet
Back to Top
Action
1. Right-click Features and click Add Features.
2. Select the Telnet Client feature (not the telnet server).
3. Click Next, then click Install. After it installs, click Close.
4. Click Start -> Command Prompt.
5. Type “telnet” to show that it is installed.
Insert a screenshot into your lab report (#4).
TASK 2: Install Active Directory
STEP 1: Add Active Directory Role
Back to Top
Action
1. In order to add the Active Directory role, start by right-clicking Roles and clicking Add Roles.
2. Click Next, and the Select Server Roles dialog box appears.
3. Select Active Directory Domain Services.
4. Click Next and the Active Directory Domain Services dialog box opens.
5. Click Next and the Confirm Installation Services dialog box opens.
6. Click Install to start the first part of the Active Directory installation. It can take a few minutes. Be patient.
7. Notice the message that states, “Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).” This wizard just added the role. Next, we will have to install the actual Active Directory Domain Services.
8. Click Close. Minimize the Server Manager window.
9. Click Start and click Command Prompt.
STEP 2: Install Active Directory
Back to Top
Action
1. At the command prompt type “dcpromo” and press Enter. The Active Directory Domain Services Installation Wizard starts.
2. Click Next. The Operating System Compatibility dialog box opens.
3. Click Next. The Choose a Deployment Configuration dialog box opens.
4. Select the Create a new domain in a new forest option and click Next. The Name the Forest Root Domain dialog box opens.
5. Type “experimental.lab” in the text box. Note that we do not have to have a domain name compatible with the Internet. Click Next. The Set Forest Functional Level dialog box opens.
6. Using the combo box, select Windows Server 2008. Note that the only difference mentioned has to do with the Recycle Bin. Click Next. The Additional Domain Controller Options dialog box opens.
7. Leave the DNS server selected and click Next.
8. You will see a warning about dynamically assigned addresses. Click Yes, the computer will use a dynamically assigned IP address (not recommended).
9. Click Yes to continue. The Location for Database, Log Files, and SYSVOL dialog box opens.
10. Click Next. The Directory Services Restore Mode Administrator Password dialog box opens.
11. Type “RestoreSec#” in both text boxes and click Next.
12. Click Next at the Summary dialog box.
13. Select Reboot on Completion and be patient. When it is finished, it will start the rebooting process. You will get an error stating the VNC viewer has lost the connection. Click OK on the error message. Close the viewer and wait a couple of minutes until you click the Server icon again. Once you click the server icon and it connects, click Send Ctrl-Alt-Del.
14. Enter the password (password). Click OK. Change it to Password! (remember to end the password with an exclamation point). The system will notify you that the password has changed. Click OK.
15. Click the Server Manager icon.
Insert a screenshot into your lab report of the Server Manager, which will show the domain (#5).
TASK 3: Add PC to Domain
STEP 1: Add Windows 7 to the Domain
Back to Top
Action
1. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
2. Log on to the PC as administrator and use the password of password. If it asks for a network type, click Work and click Close.
3. Click the Start icon in the lower left and click Control Panel.
4. Click the System and Security link in the upper left.
5. Click the System link.
6. Click the Change Settings link in the lower right. The System Properties window appears.
7. Click the Change button. The Computer Naming/Domain Changes dialog box opens. Under Member of, click the Domain option button and type “experimental.lab” for the domain name.
8. Press the OK button. (Actually, you could also type “experimental” instead of “experimental.lab”). The Windows Security dialog box opens.
9. Type “Administrator” and the password for the administrator, which is Password! then click OK. Soon you should see a message welcoming you to the domain.
10. Click OK, close the window, then click Restart.
11. As usual, whenever you restart click OK on the error message and close the window.
STEP 2: Use a Domain Log-On in Windows 7
Back to Top
Action
1. After Windows 7 reboots, click on the PC icon. Notice that the log-on screen has changed. Now click the Send Ctrl-Alt-Delete button. The default logon is PC-1\Administrator.
2. Click Switch User then Other User. For the user name, type “experimental\administrator,” and for the password, type “Password!”
3. Click the Start icon.
4. Right-click Computer and click Properties.
5. Notice that the full computer name shows the name of the domain.
Insert a screenshot into your lab report showing the name of the computer, including the domain (#6).
This is the end of the first part of this week’s lab. iLAB 2B OVERVIEW
Scenario and Summary
• You will add a user, log on as the user, create groups, and manage organizational units. iLAB STEPS
TASK 1: Add User and Log On as User
STEP 1: Add User
Back to Top
Action
1. Log on to the server with a user name of administrator and a password of Password! (don’t forget the exclamation point).
2. In Server Manager (the icon next to the Start button), expand Roles -> Active Directory Domain Services -> Active Directory Users and Computer -> experimental.lab. Click Users.
3. Right-click the Users folder, select New, and then User.
4. Use your own first name and last name. For the user log-on name, type the first letter of your first name followed by your last name. Click Next.
5. For the password, type a password of your choice. To meet complexity requirements, it must be at least seven characters long and have characters in three out of the following four character sets: uppercase letters, lowercase letters, digits, and special characters. Click Next. The summary appears with your name in it. Remember how to add a user. In future labs, you will have to know it.
6. Click Finish.
7. Minimize the server window.
STEP 2: Allow User to Log On; Then Log On as the User You Created
Back to Top
Because ElementK is a remote environment, we first have to allow the user to log on remotely. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
Action
1. Log on to the PC (the icon on the right) as experimental\administrator. Naturally, because you are using the same user as when you logged on to the server, the password is the same too. If the “Set Network Location” window opens, click Work Network, then Close.
2. Click Start, right-click Computer, and click Properties. The System window opens.
3. In the left panel, click Remote settings.
4. Under Remote Desktop, click the Select Users button.
5. In the Remote Desktop Users dialog box, click the Add button.
6. In the Select User or Groups dialog box, click the Advanced button.
7. Click the Find Now button.
8. Highlight your name and click the OK button.
9. You should see your name in the text box. Click the OK button.
10. In the remote Desktop Users dialog box, you should see your user name. Click the OK button.
11. Log off, then click the Send Ctrl-Alt-Delete button.
12. Click Switch User, then Other User. For the user name, type “experimental\” followed by your user name. Fill in the password you gave yourself.
13. Click the Start icon. You should see your name in the upper right of the pop-up.
Insert a screenshot into your lab report showing your name (#7).
TASK 2: Create Groups
STEP 1: Create a Domain Local Group
Back to Top
The typical process for creating security groups is to put users in global groups and then put global groups in domain local groups. The domain local groups are then associated with resources, and specific access permissions are given at this level. This may seem like extra work, but when you have hundreds or thousands of users and many dozens of resources, this makes management much easier. Our objective is to create a domain local group called DomainMgrs. We will create a global group called GlobalMgrs. We will put the user based on your name in GlobalMgrs and then GlobalMgrs into DomainMgrs. In a later lab, we will associate permissions.
Action
1. Log on to the server as administrator, and open Server Manager.
2. Expand the left panel in Server Manager until you get to the users folder and click Users.
3. One way to create a new object in the highlighted container is to do the following: Click Action on the menu and then click New, and follow by clicking Group.
4. For the Group Name, type DomainMgrs and select Domain local under Group scope. Click OK.
STEP 2: Create the GlobalMgrs Group
Back to Top
Action
1. This time, right-click in a blank space in the middle panel, click New, and then click Group.
2. For the Group name, type GlobalMgrs and leave the default of Global for the group scope. Click OK.
3. Now we need to put the user based on your name into the GlobalMgrs group. Double-click GlobalMgrs, click the Members tab and then click Add.
4. Click the Advanced button, then Find Now button and then scroll until you see your name. Click on the your name, then click OK.
5. You should see your name in the text box. Click OK.
6. Now you have the user as a member of GlobalMgrs.
Insert a screenshot into your lab report showing the username (#8).
1. Click OK. Remember how to create groups and add users! In future labs, you will have to know it.
2. We want to make GlobalMgrs a member of DomainMgrs, so double-click DomainMgrs, click the Members tab, and then click Add. Just type “G” in the text box, and when you click Check Names, all the objects beginning with “G” will display.
3. Select GlobalMgrs and click OK.
4. Click OK twice to get back to the screen that shows the contents of the user container in the middle panel.
Insert a screenshot into your lab report showing both groups in the middle panel (#9).
TASK 3: Manage Organizational Units
STEP 1: Create an Organizational Unit
Back to Top
Action
1. In Server Manager, expand Active Directory until you see the domain name.
2. Right-click experimental.lab, select New, and click Organizational Unit.
3. For the name, type Sales. Notice that by default “Protect container from accidental deletion” is checked. That is good. Click OK. TheO is put in the left pane.
STEP 2: Create an OU and Delete It
Back to Top
Action
1. Create an OU based on your last name. Then try to delete it by right-clicking it and clicking Delete. Then, when it asks, “Are you sure,” click Yes. You will get a message stating that you have insufficient privileges.
2. Right-click on the OU based on your last name and click Properties. As you can see, there isn’t much.
3. On the menu, click View, then click Advanced Features.
4. Right-click the OU with your last name, click Properties, and then click Object. Uncheck “Protect object from accidental deletion.”
Insert a screenshot into your lab report (#10).
1. Click OK. Now delete the OU based on your last name.
STEP 3: Make User With Your Name the Manager of the Sales OU
Back to Top
Action
1. Open the Users container, and drag the user with your name to the Sales OU. A dialog box opens. It is stating that OUs have different group policies so the user may have different rights. Don’t worry about it. We will cover group policies later. Click Yes.
2. Now we want to delegate some administrative privileges to the user in the container. Right-click on the Sales container, and click Delegate Control… A wizard opens.
3. Click Next.
4. Click Add. In the text box, you can just type your first name and click Check Names. Select your name and click OK.
5. Click Next. The Tasks to Delegate dialog box opens.
6. Check the first two items in the list to delegate, which are “Create, delete and manage user accounts” and “Reset user passwords and force password change at next logon.” Click Next.
7. Scroll down to see all the information.
Insert a screenshot into your lab report showing your name and the delegations (#11).
1. Click Finish.
Once delegated, you might wonder how a user can, for example, reset a password for another user in the OU. You probably don’t want to give the user log-on privileges on the server. Another alternative is to have the user download the “Remote Server Administration Tools Windows 7.” (That is beyond the scope of this course.)
STEP 4: Complete Lab Report
iLab 2 of 7: Organizing Resources
Submit your assignment to the Dropbox located on the silver tab at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due date information.)
Connect to the iLab here.
• Before beginning work, connect to your virtual lab platform (Skillsoft / Element K).
NOTE:
• There are two sections to this week’s iLab assignment. Be sure to complete both sections in order to receive full credit. o Lab 2a: Install and Configure Active Directory o Lab 2b: Organize Users and Groups
Additional Resource
You may find this resource helpful as you prepare to complete the lab.
• Advanced Configuration and Organizing Resources
LAB 2A OVERVIEW
Scenario and Summary
• You will explore Server Manager, install Active Directory, and add a Windows 7 PC to the domain. iLAB STEPS
TASK 1: Explore Server Manager
STEP 1: Explore the Basic Information in Server Manager
Back to Top
Action
1. Log on with a user name of Administrator and a password of password. It may ask about the network type. Click Work, then click Close.
2. Click the Server Manager icon in the lower left, to the right of the Start button.
3. Notice the Server information in the right pane. Scroll down to find out the following information, and put the answers in the lab report.
1. Is the firewall turned on?
2. What is the name of the link for the IE Enhanced Security Configuration?
3. Which link allows you to change the computer name? (You may have to try a few links for this one.)
Insert a screenshot into your lab report of the configuration screen (#1).
STEP 2: Explore Diagnostics
Back to Top
Action: Expand all the items under Diagnostics in the left pane except Event Viewer-Applications and Services-Microsoft (because there are way too many items).
Insert two screenshots into your lab report showing the diagnostics in the left pane (#2 and #3).
STEP 3: Install and Test Telnet
Back to Top
Action
1. Right-click Features and click Add Features.
2. Select the Telnet Client feature (not the telnet server).
3. Click Next, then click Install. After it installs, click Close.
4. Click Start -> Command Prompt.
5. Type “telnet” to show that it is installed.
Insert a screenshot into your lab report (#4).
TASK 2: Install Active Directory
STEP 1: Add Active Directory Role
Back to Top
Action
1. In order to add the Active Directory role, start by right-clicking Roles and clicking Add Roles.
2. Click Next, and the Select Server Roles dialog box appears.
3. Select Active Directory Domain Services.
4. Click Next and the Active Directory Domain Services dialog box opens.
5. Click Next and the Confirm Installation Services dialog box opens.
6. Click Install to start the first part of the Active Directory installation. It can take a few minutes. Be patient.
7. Notice the message that states, “Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).” This wizard just added the role. Next, we will have to install the actual Active Directory Domain Services.
8. Click Close. Minimize the Server Manager window.
9. Click Start and click Command Prompt.
STEP 2: Install Active Directory
Back to Top
Action
1. At the command prompt type “dcpromo” and press Enter. The Active Directory Domain Services Installation Wizard starts.
2. Click Next. The Operating System Compatibility dialog box opens.
3. Click Next. The Choose a Deployment Configuration dialog box opens.
4. Select the Create a new domain in a new forest option and click Next. The Name the Forest Root Domain dialog box opens.
5. Type “experimental.lab” in the text box. Note that we do not have to have a domain name compatible with the Internet. Click Next. The Set Forest Functional Level dialog box opens.
6. Using the combo box, select Windows Server 2008. Note that the only difference mentioned has to do with the Recycle Bin. Click Next. The Additional Domain Controller Options dialog box opens.
7. Leave the DNS server selected and click Next.
8. You will see a warning about dynamically assigned addresses. Click Yes, the computer will use a dynamically assigned IP address (not recommended).
9. Click Yes to continue. The Location for Database, Log Files, and SYSVOL dialog box opens.
10. Click Next. The Directory Services Restore Mode Administrator Password dialog box opens.
11. Type “RestoreSec#” in both text boxes and click Next.
12. Click Next at the Summary dialog box.
13. Select Reboot on Completion and be patient. When it is finished, it will start the rebooting process. You will get an error stating the VNC viewer has lost the connection. Click OK on the error message. Close the viewer and wait a couple of minutes until you click the Server icon again. Once you click the server icon and it connects, click Send Ctrl-Alt-Del.
14. Enter the password (password). Click OK. Change it to Password! (remember to end the password with an exclamation point). The system will notify you that the password has changed. Click OK.
15. Click the Server Manager icon.
Insert a screenshot into your lab report of the Server Manager, which will show the domain (#5).
TASK 3: Add PC to Domain
STEP 1: Add Windows 7 to the Domain
Back to Top
Action
1. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
2. Log on to the PC as administrator and use the password of password. If it asks for a network type, click Work and click Close.
3. Click the Start icon in the lower left and click Control Panel.
4. Click the System and Security link in the upper left.
5. Click the System link.
6. Click the Change Settings link in the lower right. The System Properties window appears.
7. Click the Change button. The Computer Naming/Domain Changes dialog box opens. Under Member of, click the Domain option button and type “experimental.lab” for the domain name.
8. Press the OK button. (Actually, you could also type “experimental” instead of “experimental.lab”). The Windows Security dialog box opens.
9. Type “Administrator” and the password for the administrator, which is Password! then click OK. Soon you should see a message welcoming you to the domain.
10. Click OK, close the window, then click Restart.
11. As usual, whenever you restart click OK on the error message and close the window.
STEP 2: Use a Domain Log-On in Windows 7
Back to Top
Action
1. After Windows 7 reboots, click on the PC icon. Notice that the log-on screen has changed. Now click the Send Ctrl-Alt-Delete button. The default logon is PC-1\Administrator.
2. Click Switch User then Other User. For the user name, type “experimental\administrator,” and for the password, type “Password!”
3. Click the Start icon.
4. Right-click Computer and click Properties.
5. Notice that the full computer name shows the name of the domain.
Insert a screenshot into your lab report showing the name of the computer, including the domain (#6).
This is the end of the first part of this week’s lab. iLAB 2B OVERVIEW
Scenario and Summary
• You will add a user, log on as the user, create groups, and manage organizational units. iLAB STEPS
TASK 1: Add User and Log On as User
STEP 1: Add User
Back to Top
Action
1. Log on to the server with a user name of administrator and a password of Password! (don’t forget the exclamation point).
2. In Server Manager (the icon next to the Start button), expand Roles -> Active Directory Domain Services -> Active Directory Users and Computer -> experimental.lab. Click Users.
3. Right-click the Users folder, select New, and then User.
4. Use your own first name and last name. For the user log-on name, type the first letter of your first name followed by your last name. Click Next.
5. For the password, type a password of your choice. To meet complexity requirements, it must be at least seven characters long and have characters in three out of the following four character sets: uppercase letters, lowercase letters, digits, and special characters. Click Next. The summary appears with your name in it. Remember how to add a user. In future labs, you will have to know it.
6. Click Finish.
7. Minimize the server window.
STEP 2: Allow User to Log On; Then Log On as the User You Created
Back to Top
Because ElementK is a remote environment, we first have to allow the user to log on remotely. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
Action
1. Log on to the PC (the icon on the right) as experimental\administrator. Naturally, because you are using the same user as when you logged on to the server, the password is the same too. If the “Set Network Location” window opens, click Work Network, then Close.
2. Click Start, right-click Computer, and click Properties. The System window opens.
3. In the left panel, click Remote settings.
4. Under Remote Desktop, click the Select Users button.
5. In the Remote Desktop Users dialog box, click the Add button.
6. In the Select User or Groups dialog box, click the Advanced button.
7. Click the Find Now button.
8. Highlight your name and click the OK button.
9. You should see your name in the text box. Click the OK button.
10. In the remote Desktop Users dialog box, you should see your user name. Click the OK button.
11. Log off, then click the Send Ctrl-Alt-Delete button.
12. Click Switch User, then Other User. For the user name, type “experimental\” followed by your user name. Fill in the password you gave yourself.
13. Click the Start icon. You should see your name in the upper right of the pop-up.
Insert a screenshot into your lab report showing your name (#7).
TASK 2: Create Groups
STEP 1: Create a Domain Local Group
Back to Top
The typical process for creating security groups is to put users in global groups and then put global groups in domain local groups. The domain local groups are then associated with resources, and specific access permissions are given at this level. This may seem like extra work, but when you have hundreds or thousands of users and many dozens of resources, this makes management much easier. Our objective is to create a domain local group called DomainMgrs. We will create a global group called GlobalMgrs. We will put the user based on your name in GlobalMgrs and then GlobalMgrs into DomainMgrs. In a later lab, we will associate permissions.
Action
1. Log on to the server as administrator, and open Server Manager.
2. Expand the left panel in Server Manager until you get to the users folder and click Users.
3. One way to create a new object in the highlighted container is to do the following: Click Action on the menu and then click New, and follow by clicking Group.
4. For the Group Name, type DomainMgrs and select Domain local under Group scope. Click OK.
STEP 2: Create the GlobalMgrs Group
Back to Top
Action
1. This time, right-click in a blank space in the middle panel, click New, and then click Group.
2. For the Group name, type GlobalMgrs and leave the default of Global for the group scope. Click OK.
3. Now we need to put the user based on your name into the GlobalMgrs group. Double-click GlobalMgrs, click the Members tab and then click Add.
4. Click the Advanced button, then Find Now button and then scroll until you see your name. Click on the your name, then click OK.
5. You should see your name in the text box. Click OK.
6. Now you have the user as a member of GlobalMgrs.
Insert a screenshot into your lab report showing the username (#8).
1. Click OK. Remember how to create groups and add users! In future labs, you will have to know it.
2. We want to make GlobalMgrs a member of DomainMgrs, so double-click DomainMgrs, click the Members tab, and then click Add. Just type “G” in the text box, and when you click Check Names, all the objects beginning with “G” will display.
3. Select GlobalMgrs and click OK.
4. Click OK twice to get back to the screen that shows the contents of the user container in the middle panel.
Insert a screenshot into your lab report showing both groups in the middle panel (#9).
TASK 3: Manage Organizational Units
STEP 1: Create an Organizational Unit
Back to Top
Action
1. In Server Manager, expand Active Directory until you see the domain name.
2. Right-click experimental.lab, select New, and click Organizational Unit.
3. For the name, type Sales. Notice that by default “Protect container from accidental deletion” is checked. That is good. Click OK. TheO is put in the left pane.
STEP 2: Create an OU and Delete It
Back to Top
Action
1. Create an OU based on your last name. Then try to delete it by right-clicking it and clicking Delete. Then, when it asks, “Are you sure,” click Yes. You will get a message stating that you have insufficient privileges.
2. Right-click on the OU based on your last name and click Properties. As you can see, there isn’t much.
3. On the menu, click View, then click Advanced Features.
4. Right-click the OU with your last name, click Properties, and then click Object. Uncheck “Protect object from accidental deletion.”
Insert a screenshot into your lab report (#10).
1. Click OK. Now delete the OU based on your last name.
STEP 3: Make User With Your Name the Manager of the Sales OU
Back to Top
Action
1. Open the Users container, and drag the user with your name to the Sales OU. A dialog box opens. It is stating that OUs have different group policies so the user may have different rights. Don’t worry about it. We will cover group policies later. Click Yes.
2. Now we want to delegate some administrative privileges to the user in the container. Right-click on the Sales container, and click Delegate Control… A wizard opens.
3. Click Next.
4. Click Add. In the text box, you can just type your first name and click Check Names. Select your name and click OK.
5. Click Next. The Tasks to Delegate dialog box opens.
6. Check the first two items in the list to delegate, which are “Create, delete and manage user accounts” and “Reset user passwords and force password change at next logon.” Click Next.
7. Scroll down to see all the information.
Insert a screenshot into your lab report showing your name and the delegations (#11).
1. Click Finish.
Once delegated, you might wonder how a user can, for example, reset a password for another user in the OU. You probably don’t want to give the user log-on privileges on the server. Another alternative is to have the user download the “Remote Server Administration Tools Windows 7.” (That is beyond the scope of this course.)
STEP 4: Complete Lab Report
iLab 2 of 7: Organizing Resources
Submit your assignment to the Dropbox located on the silver tab at the top of this page.
(See the Syllabus section “Due Dates for Assignments & Exams” for due date information.)
Connect to the iLab here.
• Before beginning work, connect to your virtual lab platform (Skillsoft / Element K).
NOTE:
• There are two sections to this week’s iLab assignment. Be sure to complete both sections in order to receive full credit. o Lab 2a: Install and Configure Active Directory o Lab 2b: Organize Users and Groups
Additional Resource
You may find this resource helpful as you prepare to complete the lab.
• Advanced Configuration and Organizing Resources
LAB 2A OVERVIEW
Scenario and Summary
• You will explore Server Manager, install Active Directory, and add a Windows 7 PC to the domain. iLAB STEPS
TASK 1: Explore Server Manager
STEP 1: Explore the Basic Information in Server Manager
Back to Top
Action
1. Log on with a user name of Administrator and a password of password. It may ask about the network type. Click Work, then click Close.
2. Click the Server Manager icon in the lower left, to the right of the Start button.
3. Notice the Server information in the right pane. Scroll down to find out the following information, and put the answers in the lab report.
1. Is the firewall turned on?
2. What is the name of the link for the IE Enhanced Security Configuration?
3. Which link allows you to change the computer name? (You may have to try a few links for this one.)
Insert a screenshot into your lab report of the configuration screen (#1).
STEP 2: Explore Diagnostics
Back to Top
Action: Expand all the items under Diagnostics in the left pane except Event Viewer-Applications and Services-Microsoft (because there are way too many items).
Insert two screenshots into your lab report showing the diagnostics in the left pane (#2 and #3).
STEP 3: Install and Test Telnet
Back to Top
Action
1. Right-click Features and click Add Features.
2. Select the Telnet Client feature (not the telnet server).
3. Click Next, then click Install. After it installs, click Close.
4. Click Start -> Command Prompt.
5. Type “telnet” to show that it is installed.
Insert a screenshot into your lab report (#4).
TASK 2: Install Active Directory
STEP 1: Add Active Directory Role
Back to Top
Action
1. In order to add the Active Directory role, start by right-clicking Roles and clicking Add Roles.
2. Click Next, and the Select Server Roles dialog box appears.
3. Select Active Directory Domain Services.
4. Click Next and the Active Directory Domain Services dialog box opens.
5. Click Next and the Confirm Installation Services dialog box opens.
6. Click Install to start the first part of the Active Directory installation. It can take a few minutes. Be patient.
7. Notice the message that states, “Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe).” This wizard just added the role. Next, we will have to install the actual Active Directory Domain Services.
8. Click Close. Minimize the Server Manager window.
9. Click Start and click Command Prompt.
STEP 2: Install Active Directory
Back to Top
Action
1. At the command prompt type “dcpromo” and press Enter. The Active Directory Domain Services Installation Wizard starts.
2. Click Next. The Operating System Compatibility dialog box opens.
3. Click Next. The Choose a Deployment Configuration dialog box opens.
4. Select the Create a new domain in a new forest option and click Next. The Name the Forest Root Domain dialog box opens.
5. Type “experimental.lab” in the text box. Note that we do not have to have a domain name compatible with the Internet. Click Next. The Set Forest Functional Level dialog box opens.
6. Using the combo box, select Windows Server 2008. Note that the only difference mentioned has to do with the Recycle Bin. Click Next. The Additional Domain Controller Options dialog box opens.
7. Leave the DNS server selected and click Next.
8. You will see a warning about dynamically assigned addresses. Click Yes, the computer will use a dynamically assigned IP address (not recommended).
9. Click Yes to continue. The Location for Database, Log Files, and SYSVOL dialog box opens.
10. Click Next. The Directory Services Restore Mode Administrator Password dialog box opens.
11. Type “RestoreSec#” in both text boxes and click Next.
12. Click Next at the Summary dialog box.
13. Select Reboot on Completion and be patient. When it is finished, it will start the rebooting process. You will get an error stating the VNC viewer has lost the connection. Click OK on the error message. Close the viewer and wait a couple of minutes until you click the Server icon again. Once you click the server icon and it connects, click Send Ctrl-Alt-Del.
14. Enter the password (password). Click OK. Change it to Password! (remember to end the password with an exclamation point). The system will notify you that the password has changed. Click OK.
15. Click the Server Manager icon.
Insert a screenshot into your lab report of the Server Manager, which will show the domain (#5).
TASK 3: Add PC to Domain
STEP 1: Add Windows 7 to the Domain
Back to Top
Action
1. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
2. Log on to the PC as administrator and use the password of password. If it asks for a network type, click Work and click Close.
3. Click the Start icon in the lower left and click Control Panel.
4. Click the System and Security link in the upper left.
5. Click the System link.
6. Click the Change Settings link in the lower right. The System Properties window appears.
7. Click the Change button. The Computer Naming/Domain Changes dialog box opens. Under Member of, click the Domain option button and type “experimental.lab” for the domain name.
8. Press the OK button. (Actually, you could also type “experimental” instead of “experimental.lab”). The Windows Security dialog box opens.
9. Type “Administrator” and the password for the administrator, which is Password! then click OK. Soon you should see a message welcoming you to the domain.
10. Click OK, close the window, then click Restart.
11. As usual, whenever you restart click OK on the error message and close the window.
STEP 2: Use a Domain Log-On in Windows 7
Back to Top
Action
1. After Windows 7 reboots, click on the PC icon. Notice that the log-on screen has changed. Now click the Send Ctrl-Alt-Delete button. The default logon is PC-1\Administrator.
2. Click Switch User then Other User. For the user name, type “experimental\administrator,” and for the password, type “Password!”
3. Click the Start icon.
4. Right-click Computer and click Properties.
5. Notice that the full computer name shows the name of the domain.
Insert a screenshot into your lab report showing the name of the computer, including the domain (#6).
This is the end of the first part of this week’s lab. iLAB 2B OVERVIEW
Scenario and Summary
• You will add a user, log on as the user, create groups, and manage organizational units. iLAB STEPS
TASK 1: Add User and Log On as User
STEP 1: Add User
Back to Top
Action
1. Log on to the server with a user name of administrator and a password of Password! (don’t forget the exclamation point).
2. In Server Manager (the icon next to the Start button), expand Roles -> Active Directory Domain Services -> Active Directory Users and Computer -> experimental.lab. Click Users.
3. Right-click the Users folder, select New, and then User.
4. Use your own first name and last name. For the user log-on name, type the first letter of your first name followed by your last name. Click Next.
5. For the password, type a password of your choice. To meet complexity requirements, it must be at least seven characters long and have characters in three out of the following four character sets: uppercase letters, lowercase letters, digits, and special characters. Click Next. The summary appears with your name in it. Remember how to add a user. In future labs, you will have to know it.
6. Click Finish.
7. Minimize the server window.
STEP 2: Allow User to Log On; Then Log On as the User You Created
Back to Top
Because ElementK is a remote environment, we first have to allow the user to log on remotely. Before you go through the following, restart the Windows 7 PC by clicking the Send Ctrl-Alt-Delete button, clicking the red arrow in the lower right, and clicking Restart. Click OK at the error message, then close the window. After a minute or so, click the PC icon again.
Action
1. Log on to the PC (the icon on the right) as experimental\administrator. Naturally, because you are using the same user as when you logged on to the server, the password is the same too. If the “Set Network Location” window opens, click Work Network, then Close.
2. Click Start, right-click Computer, and click Properties. The System window opens.
3. In the left panel, click Remote settings.
4. Under Remote Desktop, click the Select Users button.
5. In the Remote Desktop Users dialog box, click the Add button.
6. In the Select User or Groups dialog box, click the Advanced button.
7. Click the Find Now button.
8. Highlight your name and click the OK button.
9. You should see your name in the text box. Click the OK button.
10. In the remote Desktop Users dialog box, you should see your user name. Click the OK button.
11. Log off, then click the Send Ctrl-Alt-Delete button.
12. Click Switch User, then Other User. For the user name, type “experimental\” followed by your user name. Fill in the password you gave yourself.
13. Click the Start icon. You should see your name in the upper right of the pop-up.
Insert a screenshot into your lab report showing your name (#7).
TASK 2: Create Groups
STEP 1: Create a Domain Local Group
Back to Top
The typical process for creating security groups is to put users in global groups and then put global groups in domain local groups. The domain local groups are then associated with resources, and specific access permissions are given at this level. This may seem like extra work, but when you have hundreds or thousands of users and many dozens of resources, this makes management much easier. Our objective is to create a domain local group called DomainMgrs. We will create a global group called GlobalMgrs. We will put the user based on your name in GlobalMgrs and then GlobalMgrs into DomainMgrs. In a later lab, we will associate permissions.
Action
1. Log on to the server as administrator, and open Server Manager.
2. Expand the left panel in Server Manager until you get to the users folder and click Users.
3. One way to create a new object in the highlighted container is to do the following: Click Action on the menu and then click New, and follow by clicking Group.
4. For the Group Name, type DomainMgrs and select Domain local under Group scope. Click OK.
STEP 2: Create the GlobalMgrs Group
Back to Top
Action
1. This time, right-click in a blank space in the middle panel, click New, and then click Group.
2. For the Group name, type GlobalMgrs and leave the default of Global for the group scope. Click OK.
3. Now we need to put the user based on your name into the GlobalMgrs group. Double-click GlobalMgrs, click the Members tab and then click Add.
4. Click the Advanced button, then Find Now button and then scroll until you see your name. Click on the your name, then click OK.
5. You should see your name in the text box. Click OK.
6. Now you have the user as a member of GlobalMgrs.
Insert a screenshot into your lab report showing the username (#8).
1. Click OK. Remember how to create groups and add users! In future labs, you will have to know it.
2. We want to make GlobalMgrs a member of DomainMgrs, so double-click DomainMgrs, click the Members tab, and then click Add. Just type “G” in the text box, and when you click Check Names, all the objects beginning with “G” will display.
3. Select GlobalMgrs and click OK.
4. Click OK twice to get back to the screen that shows the contents of the user container in the middle panel.
Insert a screenshot into your lab report showing both groups in the middle panel (#9).
TASK 3: Manage Organizational Units
STEP 1: Create an Organizational Unit
Back to Top
Action
1. In Server Manager, expand Active Directory until you see the domain name.
2. Right-click experimental.lab, select New, and click Organizational Unit.
3. For the name, type Sales. Notice that by default “Protect container from accidental deletion” is checked. That is good. Click OK. TheO is put in the left pane.
STEP 2: Create an OU and Delete It
Back to Top
Action
1. Create an OU based on your last name. Then try to delete it by right-clicking it and clicking Delete. Then, when it asks, “Are you sure,” click Yes. You will get a message stating that you have insufficient privileges.
2. Right-click on the OU based on your last name and click Properties. As you can see, there isn’t much.
3. On the menu, click View, then click Advanced Features.
4. Right-click the OU with your last name, click Properties, and then click Object. Uncheck “Protect object from accidental deletion.”
Insert a screenshot into your lab report (#10).
1. Click OK. Now delete the OU based on your last name.
STEP 3: Make User With Your Name the Manager of the Sales OU
Back to Top
Action
1. Open the Users container, and drag the user with your name to the Sales OU. A dialog box opens. It is stating that OUs have different group policies so the user may have different rights. Don’t worry about it. We will cover group policies later. Click Yes.
2. Now we want to delegate some administrative privileges to the user in the container. Right-click on the Sales container, and click Delegate Control… A wizard opens.
3. Click Next.
4. Click Add. In the text box, you can just type your first name and click Check Names. Select your name and click OK.
5. Click Next. The Tasks to Delegate dialog box opens.
6. Check the first two items in the list to delegate, which are “Create, delete and manage user accounts” and “Reset user passwords and force password change at next logon.” Click Next.
7. Scroll down to see all the information.
Insert a screenshot into your lab report showing your name and the delegations (#11).
1. Click Finish.
Once delegated, you might wonder how a user can, for example, reset a password for another user in the OU. You probably don’t want to give the user log-on privileges on the server. Another alternative is to have the user download the “Remote Server Administration Tools Windows 7.” (That is beyond the scope of this course.)
STEP 4: Complete Lab Report