Es decir que todo tu movimiento migratorio lo has hecho sola H: Si, todo mi movimiento sí

In this section, you will see how to create new domain trees and forests, assign single master operations, manage trust relationships, add a UPN suffix, and manage global catalog servers.

All of these exercises require multiple domains, which are managed in trees and forests.

This section corresponds to Chapter 3, “Installing and Managing Trees and Forests,” in the MCSE: Windows Server 2003 Active Directory Planning, Imple-mentation, and Maintenance Study Guide.

You will perform these labs:

Exercise 3.1: Creating a New Subdomain

Exercise 3.2: Assigning Single Master Operations

Exercise 3.3: Managing Trust Relationships

Exercise 3.4: Adding and Removing a UPN Suffix

Exercise 3.5: Managing Global Catalog Servers

Exercise 3.1: Creating a New Subdomain

In this exercise, you will create a new child domain using the Active Directory Installation Wizard.

This exercise assumes that you have already created the parent domain, and that you are using a server in the domain that is not already a domain controller.

5024m04.fm Page 91 Friday, October 29, 2004 1:12 PM

92 Module 4
Windows Server 2003 Active Directory Planning, Implementation

1. Log on to the computer as a member of the Administrators group and open the Active Directory Installation Wizard by clicking Start  Run and typing dcpromo. Click Next to begin the wizard.

2. You will see a message that states that Windows 95 and Windows NT 4.0 computers run-ning Service Pack 3 or earlier will be unable to communicate with Windows Server 2003 computers. Read the information and click Next to continue.

3. On the Domain Controller Type page, select Domain Controller For A New Domain.

Click Next.

4. On the Create New Domain page, choose Child Domain In An Existing Domain Tree.

Click Next.

5. On the Network Credentials page, enter the username and password for the domain administrator of the domain you wish to join. You will also need to specify the full name of the domain. For purposes of this simulation, you can enter any information here. After you have entered the appropriate information, click Next.

6. On the Child Domain Installation page, enter the name of the child domain. Click Next to continue.

7. On the NetBIOS Domain Name page, you’ll be prompted for the NetBIOS name for this domain controller. Choose a name that is up to 15 characters in length and includes only alphanumeric characters. Click Next to continue.

8. On the Database And Log Folders page, you’ll need to specify the database and log loca-tions. Leave the default settings and click Next.

9. On the Shared System Volume page, accept the default settings and click Next.

10. The Active Directory Installation Wizard prompts you about whether or not the DNS ser-vice on the local machine should be configured automatically. Accept the setting to allow the wizard to automatically configure DNS. Click Next to continue.

11. On the Permissions page, choose Permissions Compatible Only With Windows 2000 Or Windows Server 2003 Operating Systems. Click Next.

12. On the Directory Services Restore Mode Administrator Password page, enter a password, confirm it, and click Next.

13. On the Summary page, you will be given a brief listing of all the choices you made in the previous steps. Click Next to continue.

14. The Active Directory Installation Wizard will automatically begin performing the steps required to create a new domain in your environment. Note that you can click Cancel if you want to abort this process. When the process has completed, you will be prompted to reboot the system. After the system has been rebooted, the local server will be the first domain controller in a new domain. This domain will also be a subdomain of an existing one.

5024m04.fm Page 92 Friday, October 29, 2004 1:12 PM

Installing and Managing Trees and Forests 93

Exercise 3.2: Assigning Single Master Operations

This exercise shows you how single master operations roles can be assigned to servers within the Active Directory environment.

1. Open the Active Directory Domains And Trusts administrative tool by clicking Start  Administrative Tools  Active Directory Domains And Trusts.

2. Right-click Active Directory Domains And Trusts and choose Operations Master.

3. This brings up the Change Operations Master dialog box. Click Close to continue without making any changes.

Note that you can change the operations master by clicking the Change button.

If you want to move this assignment to another computer, you first need to connect to that computer and then make the change.

4. Close the Active Directory Domains And Trusts administrative tool.

5. Select Start  Administrative Tools  Active Directory Users And Computers.

6. Right-click the name of the domain and select Operations Masters. This brings up the RID tab of the Operations Master dialog box.

Notice that you can change the computer that is assigned to the role. In order to change the role, you first need to connect to the appropriate domain control-ler. Notice that the PDC and Infrastructure roles have similar tabs.

7. Click OK to continue without making any changes.Leave the window open for the next lab.

Exercise 3.3: Managing Trust Relationships

In this exercise, you will see how to manage trusts and assign trust relationships between domains.

1. If it is not already open, open the Active Directory Domains And Trusts administrative tool by clicking Start  Administrative Tools  Active Directory Domains And Trusts.

2. Right-click the name of the domain and select Properties.

3. Select the Trusts tab. You will see a list of the trusts that are currently configured. To mod-ify the trust properties for an existing trust, highlight the trust and click Properties.

4. This screen displays information about the trust’s direction, transitivity, and type, along with the names of the domains involved in the relationship. Click Cancel to exit without making any changes.

5024m04.fm Page 93 Friday, October 29, 2004 1:12 PM

94 Module 4
Windows Server 2003 Active Directory Planning, Implementation

5. To create a new trust relationship, click the New Trust button on the Trusts tab. The New Trust Wizard appears. Click Next to proceed with the wizard.

6. On the Trust Name page, you are prompted for the name of the domain with which the trust should be created. For purposes of this lab, you can enter any domain name and click Next.

7. On the Trust Type page, you would normally choose the Trust With A Windows Domain option if you know that the other domain uses a Windows domain controller. In order to continue with this lab (without requiring access to another domain), it is important to choose the Realm Trust option. This selection allows you to walk through the process of creating a trust relationship without needing an untrusted domain in the Active Directory environment. Select the Realm Trust option. Click Next when you are done.

8. On the Transitivity Of Trust page, choose the Nontransitive option and click Next to continue.

9. On the Direction Of Trust page, choose One-Way: Incoming and click Next.

10. On the Trust Password page, specify a password that should be used to administer the trust.

Click Next to continue.

Note that if there is an existing trust relationship between the domains, the passwords must match.

11. Now you see a summary page that recaps the selections you have made. Since this is a sim-ulation, you don’t actually want to establish this trust. Click Cancel on the Trust Selections Complete page to cancel the wizard without saving the changes.

12. Exit the Trust properties for the domain by clicking Cancel.

13. Leave the window open for the next lab.

Exercise 3.4: Adding and Removing a UPN Suffix

In this exercise, you will add additional suffixes to a forest.

1. In the Active Directory Domains And Trusts tool, right-click Active Directory Domains And Trusts in the left side of the window and select Properties.

2. On the UPN Suffixes tab of the Active Directory Domains And Trusts Properties dialog box, enter any alternate UPN suffix in the Alternate UPN Suffixes field. Click the Add button to add the suffix to the list.

3. To remove a UPN suffix, select its name in the list and click the Remove button. Close the Active Directory Domains and Trusts tool.

5024m04.fm Page 94 Friday, October 29, 2004 1:12 PM

Configuring Sites and Managing Replication 95

Exercise 3.5: Managing Global Catalog Servers

This exercise walks you through the steps you need to take to configure a domain controller as a Global Catalog server.

1. Open the Active Directory Sites And Services administrative tool by clicking Start  Administrative Tools  Active Directory Sites And Services.

2. Find the name of the local domain controller within the list of objects (typically under Default First Site Name  Servers) and expand this object. Right-click NTDS Settings and select Properties.

3. In the NTDS Settings Properties dialog box, type Primary GC Server for Domain in the Description field. Select the Global Catalog checkbox, then click OK to continue.

If the box is checked, then this domain controller contains a subset of informa-tion from all other domains within the Active Directory environment.

4. Leave the window open for the next lab.

Configuring Sites and Managing