COMP2017 – Server Administration Implementing Active Directory.
Windows Server 2008 Active Directory
description
Transcript of Windows Server 2008 Active Directory
![Page 1: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/1.jpg)
Active Directory
Windows Server
![Page 2: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/2.jpg)
Active DirectoryActive Directory is a Meta Data. Active
Directory is a data base which store a data base like your user information, computer information and also other network object info. It has capabilities to manage and administrator the complete Network which connect with AD.
![Page 3: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/3.jpg)
What is domainWindows NT and Windows 2000, a domain
is a set of network resources (applications, printers, and so forth) for a group of users. The user need only to log in to the domain to gain access to the resources, which may be located on a number of different servers in the network. The 'domain' is simply your computer address not to confused with an URL.
![Page 4: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/4.jpg)
Domain controllerA Domain controller (DC) is a server that
responds to security authentication requests (logging in, checking permissions, etc.) within the Windows Server domain. A domain is a concept introduced in Windows NT whereby a user may be granted access to a number of computer resources with the use of a single username and password combination.
![Page 5: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/5.jpg)
What is LDAP Lightweight Directory Access Protocol LDAP
is the industry standard directory access protocol, making Active Directory widely accessible to management and query applications. Active Directory supports LDAPv3 and LDAPv2.
![Page 6: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/6.jpg)
ADActive Directory on Windows Server 2008
RequirementsAn NTFS partition with enough free space (approx 200MB)An Administrator's username and passwordThe correct operating system version (Standard, Enterprise or
Data Center)A NICProperly configured TCP/IP (IP address, subnet mask and -
optional - default gateway)A network connection (to a hub or to another computer via a
crossover cable)An operational DNS server (which can be installed on the DC
itself)A Domain name that you want to useBrains (recommended, not required...)
![Page 7: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/7.jpg)
Installation Of Active Directory
1. Log in as Administrator to the Workgroup Computer.
2. Assign IP Address and preferred DNS Server Address.
3. Click Start, and then click Run.
4. In the Run box, type “DCPROMO” and then click OK.
5. In Welcome to the Active Directory Domain Services Installation Wizard, click Next.
![Page 8: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/8.jpg)
Installation Of Active Directory
6. In Operating system compatibility Wizard click Next.
![Page 9: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/9.jpg)
Installation Of Active Directory
7. Select Create a new domain in a new forest and click Next.
![Page 10: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/10.jpg)
Installation Of Active Directory
8. Enter the DNS Domain Name (Ex: MICROSOFT.COM) and click Next.
![Page 11: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/11.jpg)
Installation Of Active Directory
9. Select the Forest Functional Level (Windows 2000) and click Next.
![Page 12: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/12.jpg)
Installation Of Active Directory
10. Select the Domain Functional Level (Windows 2000 Native) and click Next.
![Page 13: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/13.jpg)
Installation Of Active Directory
12. Click Yes to continue.
13. On Database and log locations page, accept the default locations and click Next.
![Page 14: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/14.jpg)
Installation Of Active Directory
14. On Directory Services Restore Mode Administrator Password page, enter the password and confirm password and click Next.
![Page 15: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/15.jpg)
Installation Of Active Directory
15. On Summary page, review the Options you selected and Next.
![Page 16: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/16.jpg)
Installation Of Active Directory
16. The Active Directory Installation starts and check box Reboot on Completion.
17. Computer restarts after the Installation of Active Directory Domain Services.
18. After restarting the computer, Active directory will be installed.
![Page 17: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/17.jpg)
Verification:
1. Right click Computer Icon Properties.
2. In Computer Name, domain, and workgroup settings verify for the domain name MICROSOFT.COM.
![Page 18: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/18.jpg)
MEMBER SERVER/CLIENT and USER MANAGEMENT
Pre-requisites: Before working on
this lab, you must have
1. A computer running windows 2008 server Domain Controller.
2. A computer running windows 2008 server or Windows 7.
SYS1 SYS2 MICROSOFT.COM
![Page 19: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/19.jpg)
Configuring Client (Windows 7)
1. Log in as Administrator to Workgroup Computer.
2. Right click Computer Icon and click Properties and click Change settings.
3. In the System properties dialog box click Change.
![Page 20: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/20.jpg)
Configuring Client (Windows 7)
4. Select the Member of Domain and enter the Domain Name.(Ex:Microsoft.com).
5. Enter the user name Administrator and his Password, click OK.
6. Welcome Message appears indicating that the computer was successful in joining the Domain.
7. Click OK and click Close to close the System Properties dialog box. It will ask for restart, click Yes.
8. After restarting the computer, it will become Client.
![Page 21: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/21.jpg)
VerificationVerification: 1. Right click Computer Icon >
Properties. 2. Click Computer Name, domain, and
workgroup settings and verify for the Domain Name MICROSOFT.COM.
![Page 22: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/22.jpg)
Configuring Member server1. Log in as
Administrator to Workgroup Computer.
2. Right click Computer and click Properties and click Change settings.
3. In the System properties dialog box click Change.
![Page 23: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/23.jpg)
4. Select Member of DOMAIN and enter the Domain Name.(Ex:Microsoft.com)
5. Enter the user name Administrator and his Password, click OK.
![Page 24: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/24.jpg)
6. Welcome Message appears indicating that the computer was successful in joining the Domain, click OK.
7. Click OK > click OK and click Close to close the System Properties dialog box. It will ask for restart, click Yes.
8. After restarting the computer it will become Member Server.
![Page 25: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/25.jpg)
Verification1. Right click
Computer Icon > Properties.
2. Click Computer Name, domain, and workgroup settings and verify for the Domain Name MICROSOFT.COM.
![Page 26: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/26.jpg)
Creating Domain User Accounts
1. Log in as Administrator to the Domain Controller.
2. Click Start > Programs > Administrative Tools > Active Directory Users and Computers.
![Page 27: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/27.jpg)
3. In the console tree, expand your domain MICROSOFT.COM, and then Right Click Users Container, select New User.
![Page 28: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/28.jpg)
4. Specify the First name, and User Logon name and then click Next.
5. Enter the Password and Confirm Password for the User account, click Next.
6. Review the configuration settings for the User Account and then click Finish.
![Page 30: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/30.jpg)
Changing Default Password Policy
1. Log in as Administrator to the Domain Controller.
2. Click Start > Programs > Administrative Tools > Group Policy Management Console.
3. Expand Forest > Expand Domains > Expand Microsoft.com > Right click Default Domain Policy and select edit
![Page 31: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/31.jpg)
4. Expand Computer Configuration > Expand Policies > Expand Windows Settings > Expand Security Settings > Expand Account Policies > Open Password Policy.
![Page 32: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/32.jpg)
5. Double click Minimum Password Length.
![Page 33: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/33.jpg)
6. Change the length value from (7 to 0) and click Apply and OK.
![Page 34: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/34.jpg)
7. Double click Password must meet complexity Requirements.
![Page 35: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/35.jpg)
8. Select Disabled and Apply and OK.
9. Click Start > Run and Type
GPUPDATE and It refreshes the policy changes.
![Page 36: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/36.jpg)
Verification1. Go to Active Directory Users and
Computers and Create a User with any Password or without any Password.
![Page 37: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/37.jpg)
Enabling Account Lockout policy
1. Log on to D.C as Administrator, click Start > Programs > Administrative Tools > Group Policy Management.
2. Expand Forest > Expand Domains > Expand Microsoft.com > Right click Default Domain policy and select Edit.
Windows Server 2008 - System Administration 56
3. Expand Computer Configuration > Expand Policies > Expand Windows Settings > Expand Security Settings > Expand Account Policies > Open Account Lockout Policy.
![Page 38: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/38.jpg)
Enabling Account Lockout policy 4. Double click Account lockout
threshold. 5. Enter the Value for Number of invalid
logon attempts7. Close the Group Policy Management
Window. Verification: 1. Enter the password for user (User1)
wrongly for 2 times while logging in and the user account will be locked.
![Page 39: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/39.jpg)
Changing Allow Logon Locally Policy
1. Log in as Administrator to the Domain Controller.
2. Click Start > Programs > Administrative Tools > Group Policy Management Console.
![Page 40: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/40.jpg)
3. Expand Forest > Expand Domains > Expand Microsoft.com > Expand Domain Controllers > Right click Default Domain Controller Policy and select Edit.
![Page 41: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/41.jpg)
4. Expand Computer Configuration > Expand Policies > Expand Windows Settings
> Expand Security Settings
> Expand Local Policies
> Select User Rights Assignment
> Double click Allow logon locally.
![Page 42: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/42.jpg)
5. Click Add User or Group > Click Browse > Enter the User name > Click OK.
6. Click OK > OK > Apply and OK.
7. Click Start > RUN and Type GPUPDATE and It refreshes the policy changes.
![Page 43: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/43.jpg)
Verification1. Log on to Domain Controller as Domain
User (User1).
![Page 44: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/44.jpg)
PERMISSIONS Pre-requisites: Before working on this lab, you must have 1. A computer running windows 2008 server Domain
Controller. 2. A computer running windows 2008 server or
Windows 7. SYS1 SYS2
Domain Controller Member Server / Client IP Address 10.0.0.1 IP Address 10.0.0.2 Subnet Mask 255.0.0.0 Subnet Mask 255.0.0.0 Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.1
![Page 45: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/45.jpg)
Security Level Permissions
1. Open Computer > Go to any NTFS partition and create a folder (DATA), along with some files in it.
2. Right Click the folder (DATA) and Select Properties and Click Security tab
> click Advanced tab > Click Edit > Clear the box on
“Include inherit permissions from this objects parent.
![Page 46: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/46.jpg)
3. Click Remove > Apply > OK > OK
4. Click Edit 5. Add Administrator or
Administrators and Allow Full control permission.
6. Then Add the Users (User1) and Allow Read permission.
7. Click Apply > OK > OK
![Page 47: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/47.jpg)
Verification1. Login as
User(User1) on the same computer, and Open Computer icon, and verify the respective permissions by accessing the folder.
2. The User can just read the Files and Folders.
![Page 48: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/48.jpg)
Share Level Permissions 1. Logon to a
Computer as Administrator, Open Computer > Open any drive and create a folder (SALES) along with some files in it.
2. Right Click the folder (SALES) and Select Share
![Page 49: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/49.jpg)
Share Level Permissions 3. Select the drop
down arrow mark and select Find > enter the User name (User1) > click OK > select the User(User1)and assign Permissions (Ex: Co-Owner) > click Share > click Done.
![Page 50: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/50.jpg)
Verification1. Logon to Member Server or Client as User
(User1) > Open Network. 2. Open System Name in which the shared
folder is present. 3. Access the shared folder (SALES) & verify
the permissions by creating some files. Accessing Shared folders using UNC Path: 1. Logon to Member server or Client as a User. 2. Click Start > click Run and type the Syntax \\
Servername\Sharename.
![Page 51: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/51.jpg)
Configuring Offline Files in Client (Windows 7)
1. Log on to D.C as Administrator, Open Computer > Go to a drive and create a shared folder Sales with Everyone as Co-owner permission.
2. Log on to Client (SYS2) as Administrator > open Network > open the system name of DC (SYS1) > Right click the shared folder and select Always Available Offline.
![Page 52: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/52.jpg)
Verification1. Disconnect or
Disable the Network connection, and try to access the shared folders from network and only Sales folder will be visible and accessible.
![Page 53: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/53.jpg)
2. Open the SALES folder & make some modifications (Create some files in it).
3. Then connect or Enable the Network connection, then Right Click the shared folder & click Sync.
4. Modifications will be updated on the shared folder (In the server).
![Page 54: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/54.jpg)
Configuring Offline Files in Member Server (Windows 2008)
1. Log on to D.C as Administrator, Open Computer > Go to a drive and create a shared folder Sales with Everyone as Co-owner permission.
2. Log on to Member Server SYS2 as Administrator, Open Server Manager > click Features > click Add Features > Next > Check the box for Desktop experience > Next > Click Install.
3. Click close > select Yes to restart the system.
![Page 55: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/55.jpg)
4. Click Start > Settings > Control Panel > Double click the option Offline Files.
![Page 56: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/56.jpg)
5. Click Enable Offline Files > click OK > Click Yes to restart the system.
6. Log on to Member Server SYS2 as Administrator > Open Network > Open system name of DC > Right click the shared folder and select Always Available Offline.
![Page 57: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/57.jpg)
Verification1. Disconnect or Disable the Network
connection, and try to access the Shared Folders from network and only SALES folder will be visible and accessible.
2. Access the SALES folder & make some modifications (Create some files in it).
3. Connect or Enable the Network connection, then Right Click the shared folder & click Sync.
4. Modifications will be updated on the shared folder (In the server).
![Page 58: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/58.jpg)
User ProfilesA Windows profile is simply a record of
user-related data characterizing a user’s computing environment. This record may include display and application settings, along with network connections.
What the user sees on the screen and what the user has access to when they log on is all determined by how the system administrator has the profile configured.
![Page 59: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/59.jpg)
User ProfilesThere are three different types of Windows
profilesLocal Profiles profiles that are saved on a single
computer. Users cannot access their profile from any other machine, regardless of whether the machine is attached to the network or not.
Roaming profiles are saved on the network so when you log on to any networked computer, your personalized desktop is loaded no matter what machine you're on. Users have full freedom of what’s on their profile, which is convenient for them, but can lead to problems such as slow log on times and server crashes.
![Page 60: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/60.jpg)
User ProfilesMandatory Profiles: profiles that cannot be
saved from one session to the next. A user may utilize any machine that is
connected to the network. However, once a user logs off, any setting preferences made to the profile is permanently lost and must be reinstated at every log on.
This ensures a profile will remain small and easy to manage
![Page 61: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/61.jpg)
ProfilesPre-requisites: Before working on this lab, you must have 1. A computer running windows 2008
server Domain Controller. 2. A computer running windows 2008
server or Windows 7.
![Page 62: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/62.jpg)
Configuring Local Profiles 1. Log on to Domain
Controller as Administrator.
2. Go to Active Directory Users and Computers and create Users (Ex:a1, a2).
Verification: 1. Login as User (a1) on
Client or Member Server.
2. Right click Computer > select Properties, click Advanced System Settings.
![Page 63: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/63.jpg)
Local Profiles3. Select Settings
of User Profiles.
4. Verify for User Profile Type and Status to be Local.
![Page 64: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/64.jpg)
Local Profiles5. Create some
files on desktop and go to C: drive > Open Users > Open the user profile(a1) folder > open desktop folder > verify for the files created on Desktop.
![Page 65: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/65.jpg)
Configuring Roaming Profiles
1. Log on to D.C as Administrator, Open Computer > Go to a drive and create a shared folder roam with Everyone as Co-owner permission.
2. Go to Active Directory Users and Computers > Expand the Domain Name (MICROSOFT.COM) > click Users > Right click the User(a1)and select Properties and select the Profile tab.
![Page 66: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/66.jpg)
3. Under User profile > enter profile path as
Syntax: \\Servername\Shared Folder Name\User Name
Example: \\SYS1\roam\a1.
4. Click Apply and OK.
![Page 67: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/67.jpg)
Verification1. Login as user a1 on
Client or Member Server and create some files on the Desktop.
2. Then Right click Computer Icon and Click Properties and Select Advanced System Settings.
3. Click Settings of User Profiles.
![Page 68: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/68.jpg)
Verification4. Verify for User
Profile type and Status to be Roaming.
5. Logoff this user (a1)& login on another computer with the same user (a1), we can see the files which we have created on first computer.
![Page 69: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/69.jpg)
Configuring Mandatory Profile
1. Configure a User (a1) Profile as Roaming Profile and Login as the User (a1) on a Client or Member Server, Create some files on Desktop and Log off.
2. Log on to Server (D.C) as Administrator and Open the shared folder roam.
3. In the shared folder you can find a folder with the user name (a1).
4. When you try to open the folder a1 you will get an error You don’t currently have permission to access this folder, click Continue.
5. Click Security tab.
![Page 70: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/70.jpg)
6. Click Advanced. 7. Select Owner tab
![Page 71: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/71.jpg)
8. Click Edit.
![Page 72: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/72.jpg)
9. Select Administrators and check the box Replace owner on sub containers and objects, click Apply and Yes > OK > OK > OK.
10. Now open the folder a1 you can find some folders & files.
![Page 73: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/73.jpg)
10. Now open the folder a1 you can find some folders & files.
Note: NTUSER.DAT file is an operating system protected hidden file, it will not be visible directly, if it is not visible, then open computer icon > click on Tools Tab > Select Folder options > select View Tab > select Show Hidden Files and Folders > Clear the check box Hide extensions for Known File Types > Clear the Check box Hide protected Operating system Files > click Yes > click OK.
![Page 74: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/74.jpg)
11. Select NTUSER.DAT file and rename to NTUSER.MAN, click Yes „>Yes.
![Page 75: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/75.jpg)
12. After renaming it go back to the folder a1, Right Click a1 > Properties.
13. Select the Security tab > Edit > Add the User a1 and check Allow Full control, click Apply and OK.
![Page 76: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/76.jpg)
14. Click Advanced tab > Edit > Check the box Replace all existing inheritable permissions on all descendants with inheritable permissions from this object.
![Page 77: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/77.jpg)
15. Click Apply, it will ask do you wish to continue, Click YES and OK.
16. Click Apply and OK > OK.
![Page 78: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/78.jpg)
Verification1. Login as User a1
on Client or Member Server.
2. Right click Computer and Click Properties, click Advanced System Settings.
3. Click Settings of User Profiles.
![Page 79: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/79.jpg)
4. Verify for Profile type and Status to be Mandatory Profile.
![Page 80: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/80.jpg)
Configuring Home Folder 1. Log on to D.C as Administrator,
Open Computer > Go to a drive and create a shared folder home with Everyone as Co-owner permission.
2. Go to Active Directory Users and Computers > select Users and Right Click User a1 and click Properties.
3. Select the Profile tab Under the Home folder, select Connect and Select a drive letter Z: and in
To: enter\\Server Name\Share Name\User Name.
Example: \\SYS1\home\a1.4. Click Apply and OK.
![Page 81: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/81.jpg)
Verification1. Login as user a1 on
Client or Member Server.
2. Open Computer, Locate Home folder under network drives.
![Page 82: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/82.jpg)
Enabling Disk Quota1. Log on to the
Computer (D.C) as Administrator.
2. Open Computer > Right click NTFS Drive (which contains Home Folder) > select Properties, Select Quota tab.
![Page 83: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/83.jpg)
Enabling Disk Quota3. Check box the box
Enable quota management, and check the box Deny disk space to users exceeding quota limit.
4. Click Quota Entries click Quota > New Quota Entry…
5. Enter the User Name (a1) and Click Check names, click OK.
![Page 84: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/84.jpg)
Enabling Disk Quota6. Select Limit disk
space to and enter the quota limit for a1 > Click OK > Close.
7. Click Apply and click OK.
8. The user a1 can use only 5 MB from this quota partition.
![Page 85: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/85.jpg)
Verification1. Login as User a1
on Member Server, Open Computer.
2. Right click Network drive Z: (Home Folder) > Properties.
3. Check the capacity as 5MB and click OK.
![Page 86: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/86.jpg)
LOGICAL STRUCTURE OF ACTIVE DIRECTORY
![Page 87: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/87.jpg)
CONFIGURING ADDITIONAL DOMAIN CONTROLLER
Pre-requisites: Before working on this lab, you must have 1. A computer running windows 2008 server Domain Controller. 2. A computer running windows 2008 server.
![Page 88: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/88.jpg)
Configuring additional domain controller
1. Log in as Administrator to the Workgroup Computer. 2. Assign IP Address and DNS Server Addresses. 3. Click Start, and then click Run. 4. In the Run box, type “DCPROMO”, click OK.
![Page 89: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/89.jpg)
5. Welcome to the Active Directory Installation Wizard page appears, click Next.
![Page 90: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/90.jpg)
6. Operating system compatibility Wizard page appears, click Next.
![Page 91: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/91.jpg)
7. Select Existing forest and select “Add a Domain Controller to an existing domain” and click Next.
![Page 92: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/92.jpg)
8. Enter the Forest Domain Name (Ex:MICROSOFT.com) and click Set.
![Page 93: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/93.jpg)
9. Enter Administrator, Password (DC Credentials) „>click OK„>click Next.
10. Select the Domain Name and click Next.
![Page 94: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/94.jpg)
11. Select the Site (Default-First-Site-Name) and click Next.
![Page 95: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/95.jpg)
12. Verify for DNS server and Global Catalog check boxes, and click Next.
![Page 96: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/96.jpg)
13. Click Yes to Continue.
14. On Database and log locations page, accept the default locations and click Next.
![Page 97: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/97.jpg)
15. Enter “Password and Confirm Password” and click Next.
![Page 98: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/98.jpg)
16. On Summary page, review the Options you selected, and click Next.
![Page 99: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/99.jpg)
17. After the Active Directory Installation wizard is completed, then click FINISH.
![Page 100: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/100.jpg)
18. Click Restart Now.
19. After restarting the computer Active directory will be installed.
![Page 101: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/101.jpg)
Verification 1. Click Start
„>Run and type CMD.
2. Type NET ACCOUNTS and verify for Backup in Computer role.
![Page 102: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/102.jpg)
Configuring Child Domain1. Log in as Administrator to the Workgroup Computer. 2. Assign IP Address and DNS Server Addresses. 3. Click Start, and then click Run.
![Page 103: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/103.jpg)
4. In the Run box, type “DCPROMO” and then click OK.
![Page 104: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/104.jpg)
5. Welcome to the Active Directory Installation Wizard page appears, click Next
![Page 105: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/105.jpg)
6. Operating system compatibility Wizard page appears, click Next.
![Page 106: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/106.jpg)
7. Select Existing Forest, > Create a new domain in an existing forest > click Next.
![Page 107: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/107.jpg)
8. Enter the Forest Domain Name (Ex: MICROSOFT.COM) and click Set.
![Page 108: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/108.jpg)
9. Enter Administrator, Password, (DC Credentials), click OK, click Next.
10. Click Browse and Select the Parent Domain Name (MICROSOFT.COM).
![Page 109: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/109.jpg)
11. Enter the Child Name (MCITP) and Click Next.
![Page 110: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/110.jpg)
12. Select the Domain Functional Level (Windows 2000 Native) and click NEXT.
![Page 111: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/111.jpg)
12. Select the Domain Functional Level (Windows 2000 Native) and click NEXT.
13. Select the Site (Default-first-site-Name) and click Next.
![Page 112: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/112.jpg)
14. Verify for DNS Server check box and click Next.
15. Click Yes to continue.
![Page 113: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/113.jpg)
16. On Database and log locations page, accept the default locations and click Next.
![Page 114: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/114.jpg)
17. On Directory Services Restore Mode Administrator Password page, enter the password and confirm password and click Next.
![Page 115: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/115.jpg)
18. On Summary page, review the Options you selected and Click Next.
![Page 116: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/116.jpg)
19. The Active Directory Installation starts.
![Page 117: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/117.jpg)
20. After the Active Directory Installation wizard is completed, then click FINISH.
21. Click Restart Now.
22. After restarting the computer Active Directory will be installed.
![Page 118: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/118.jpg)
Verification1. Right click Computer Icon > Properties. 2. In Computer Name verify for the
Domain name MCITP.MICROSOFT.COM 3. Select Start > Programs > Administrative
Tools > Active Directory Domains and Trusts.
4. Expand parent domain name and verify for child domain.
Example: MICROSOFT.COM and MCITP.MICROSOFT.COM.
![Page 119: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/119.jpg)
Additional Domain controller
ROLES OF ACTIVE DIRECTORY
![Page 120: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/120.jpg)
Additional Domain controllerPre-requisites: Before working on this lab, you must have 1. A computer running windows 2008 server Domain
Controller. 2. A computer running windows 2008 server Additional
Domain controller. SYS1 SYS2Domain Controller Additional Domain controllerIP Address 10.0.0.1 IP Address 10.0.0.2Subnet Mask 255.0.0.0 Subnet Mask 255.0.0.0Preferred DNS 10.0.0.1 Preferred DNS 10.0.0.2Alternate DNS ----------- Alternate DNS 10.0.0.1
![Page 121: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/121.jpg)
Transfer of Roles 1. Log on to
Domain Controller as Administrator
2. Click Start >Run >type CMD
3. Type Net accounts & Verify for
Primary in Computer role.
![Page 122: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/122.jpg)
Transfer of Roles 4. Type Ntdsutil and Press Enter.
![Page 123: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/123.jpg)
Transfer of Roles 5. Type Roles and Press Enter.
![Page 124: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/124.jpg)
Transfer of Roles 6. Type Connections and Press Enter.
![Page 125: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/125.jpg)
7. Type Connect to server SYS2 (ADC System name)and Press Enter.
![Page 126: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/126.jpg)
8. Type: Quit
![Page 127: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/127.jpg)
9. Type Help (or) ?To see the available syntax.
![Page 128: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/128.jpg)
10. Type Transfer infrastructure master and Press Enter.
![Page 129: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/129.jpg)
11. Click YES.
![Page 130: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/130.jpg)
12. Type Transfer naming master and Press Enter. 13. Click YES
![Page 131: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/131.jpg)
14. Type Transfer PDC and Press Enter. 15. Click Yes
![Page 132: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/132.jpg)
16. Type Transfer RID Master and Press Enter.
17. Click YES
![Page 133: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/133.jpg)
18. Type Transfer Schema Master and Press Enter.19. Click YES
![Page 134: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/134.jpg)
20. Type Quit and press Enter
![Page 135: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/135.jpg)
21. Type Quit and Press Enter.
![Page 136: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/136.jpg)
Verification1. Type Net accounts and Press Enter2. Computer role of Domain Controller will
be converted to Backup and Additional Domain Controller will be converted to Primary.
![Page 137: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/137.jpg)
Seizing of Roles1. Log on to Additional Domain Controller as
Administrator 2. Shutdown the Domain Controller 3. Click Start > Run > type CMD 4. Type Net accounts and Verify for BACKUP in
Computer role.
![Page 138: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/138.jpg)
5. Type Ntdsutil and Press Enter.
![Page 139: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/139.jpg)
6. Type Roles and Press Enter.
![Page 140: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/140.jpg)
7. Type Connections and Press Enter.
![Page 141: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/141.jpg)
8. Type Connect to server SYS1(DC System name) and Press Enter.
![Page 142: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/142.jpg)
9. Type: Quit
![Page 143: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/143.jpg)
10. Type Help (or)? To view the available syntax.
![Page 144: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/144.jpg)
11. Type Seize infrastructure master and Press Enter. 12. Click YES.
![Page 145: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/145.jpg)
13. Type Seize naming master and Press Enter.12. Click YES.
![Page 146: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/146.jpg)
15. Type Seize PDC and Press Enter.16 Click Yes
![Page 147: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/147.jpg)
17. Type Seize RID Master and Press Enter. 18. Click YES
![Page 148: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/148.jpg)
19. Type Seize Schema Master and Press Enter.20. Click Yes
![Page 149: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/149.jpg)
21. Type Quit and press Enter
![Page 150: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/150.jpg)
22. Type Quit and Press Enter.
![Page 151: Windows Server 2008 Active Directory](https://reader038.fdocuments.net/reader038/viewer/2022102620/547c52e1b37959652b8b4fa3/html5/thumbnails/151.jpg)
Verification1. Type Net accounts and Press Enter 2. Computer role of Additional Domain
Controller will be converted to Primary.