Rebuilding Virtual Machines for 70-642 learning
- Create one machine named Dcsrv1 'Template'
- Install and update windows
- Install the virtualbox addons
- run sysprep to aid clean/convenient cloning of this machine (i.e. a template)
- Clone it three times (Dcsrv1, Boston,Binghamton)
- Set the machines' network connections to 'internal network' in virtualbox (i.e. so they can see each other
but not the host computer's network and not the internet). Note: Not for this
learning, but if you want a VM to be on the same network as the host pc (so they can see and interact with each other and
other machines on the host pc's network, and be able to see the internet - use 'bridged network' and make sure
the default gateway and dns server settings are the same as the host's.)
- Change the machines' hostnames accordingly (dcsrv1, boston, binghampton) but leave them on 'workgroup' for
now.
Depending where I am up to in the book (could be starting again) follow these instructions as far as appropriate... (note,
these are just the action instructions. I've left out all exercises/steps that make no permanent changes to the
server(s))
Page 36...
- Dcsrv1 - set the ip address to 192.168.0.1 , subnet mask as is (255.255.255.0) (open the properties from the command
prompt using ncpa.cpl to practice that way of opening it) (note, in these steps you might need to reboot the machines.. they
seem to keep their old ip as well as the new one)
- Boston - Server manager -> view network connections (another way of getting to it)
- Open 'alternative config' tab. Set the ip to 192.168.0.200. subnet mask 255.255.255.0.
- Uncheck the validate settings box.
- At command prompt - netsh interface ip set address "Local area connection" static 192.168.0.2
255.255.255.0
- Enable file sharing on Dcsrv1 and boston
Page 102
- Dcsrv1 - ncpa.cpl at command prompt or 'run' (again - just another way of getting to the settings) - open ipv6 settings - change the ipv6 address to fd00::1, subnet prefix length 64
- Boston - same but set the ip to fd00::2
Page 152 (create the domain)
(note, if ever creating a DC in a real world situation you would make sure the machine is fully
up-to-date with updates/patches first)
- Dcsrv1 - run 'dcpromo' (in the search bar type 'dcpromo' and press enter)
- When the wizard dialog box appears click next (i.e. don't check 'advanced mode installation') Next
again.
- check 'create a new domain or forest' click Next.
- 'nwtraders.msft' as the FQDN
- Functional level - server 2008 r2
- Make sure 'DNS server' is checked.
- Progress until 'summary' and click the 'export settings' button and save the settings as an answer file
(generally a good idea to do this)
- Finish the wizard and restart.
- Create a personal administrator account (new user, add to domain admins group)
Boston needs DNS server settings pointing to the new DC before it can be added to the domain...
- On boston - netsh interface ipv4 set dnsserver "local area connection" static 192.168.0.1
- now ipv6 - netsh interface ipv6 set dnsserver "local area connection" static fd00::1
- Now join the domain (make sure the name is 'boston') (if doing this from 'initial configuration tasks'
use 'provide computer name and domain'... but I usually do it from 'system' in 'control panel')
Page 201 (create a GlobalNames Zone)
- open elevated command prompt on dcsrv1 and run dnscmd . /config /enableglobalnamessupport 1 (note the space after the dot)
- In DNS manager right click forward lookup zones container and choose 'New Zone', on the screen of text click Next.
- Leave as Primary zone, and store the zone in active directory checked
- select 'To All DNS Servers In This Forest' and click Next.
- On the Zone Name page type GlobalNames and click Next.
- Select Do Not Allow Dynamic Updates
- Click Finish
- Select and then right click the GlobalNames zone and choose new alias (CNAME)
- type 'mail' for the name
- type 'dcsrv1.nwtraders.msft' for fqdn and click ok
Page 218 (create an Application Directory Partition for DNS)
- On dcsrv1 type dnscmd . /createdirectorypartition DNSpartitionA.nwtraders.msft
- Select nwtraders.msft zone in forward lookups in dns manager, then right click and choose properties
- Click Change on the general tab for replication
- select To All DOmain Controllers In The Scope Of This Directory Partition
- In the dropdown box choose DNSpartitionA.nwtraders.msft and click ok. In the properties box click ok
Page 219 (Deploy a Secondary Zone)
- On boston add the dns server role and when complete open dns manager
- select then right click the forward lookups zone and then select new zone. Select Secondary Zone
- on the zone name page type 'nwtraders.msft'
- In the master servers area type 192.168.0.1 and press enter
- click finish
- on dcsrv1 right click the nwtraders.msft forward lookup zone and choose properties then select zone transfers tab
- select allow zone transfers (make sure 'to any server' is selected) and click ok
- on boston right click nwtraders forward lookup zone and choose transfer from master (if there is an error - wait 15 seconds and press f5)
- on dcsrv1 select the nwtraders.msft zone
- double click the NS record and click Add
- type boston.nwtraders.msft and click resolve, then click ok
- in the nwtraders.msft properties dialog box click the zone transfers tab and select only to servers listed on the name servers tab
Page 243 (Configuring DNSSEC)
- On dcsrv1 right click forward lookups and click New Zone. Click next on the first page
- Uncheck 'Store The Zone in Active Directory' and click next
- Type northwindtraders.com for the name and click Next
- Verify that 'Do Not Allow Dynamic Updates' is selected and click Next then click Finish
- Right-click the northwindtraders.com container and choose New Host (A Or AAAA)
- Type dcsrv1 in the Name box and 192.168.0.1 in the IP Address box and then click Add Host. Then click ok
- Type boston in the Name box and 192.168.0.2 in the IP Address box and then click Add Host. Then click ok
- Click Done
- Open elevated command prompt and type cd \windows\system32\dns
- Generate KSK by typing dnscmd /OfflineSign /GenKey /Alg rsasha1 /Flags KSK /Length 1024 /Zone northwindtraders.com /SSCert /FriendlyName KSK-northwindtraders.com
- Generate the ZSK by typing dnscmd /OfflineSign /GenKey /Alg rsasha1 /Length 1024 /Zone northwindtraders.com /SSCert /FriendlyName ZSK-northwindtraders.com
- Open the DNS console. Right-click the northwindtraders.com folder and click Update Server Data File
- At the command prompt type dnscmd /OfflineSign /SignZone /Input northwindtraders.com.dns /Output signed.northwindtraders.com.dns /Zone northwindtraders.com /SignKey /Cert /FriendlyName KSK-northwindtraders.com /SignKey /Cert /FriendlyName ZSK-northwindtraders.com
- type dnscmd /ZoneDelete northwindtraders.com /f
- type dnscmd /ZoneAdd northwindtraders.com /Primary /File signed.northwindtraders.com.dns /Load
- In the DNS console right click northwindtraders.com and click Refresh.
- On dcsrv1 open Group Policy Management and right click on Nwtraders.msft in the domains container. Then click Create a GPO In This Doman, And Link It Here
- type DNSSEC Policy and click Ok
- right click DNSSEC Policy and click edit.
- Navigate to Computer Configuration\Policies\Windows Settings\Name Resolution Policy
- In the details pane, in the create rules area, ensure that Suffix is selected beneath 'To Which Part Of The Namespace Does This Rule Apply?' then type northwindtraders.com
- On the DNSSEC tab click Enable DNSSEC In This Rule
- In the DNSSEC Settings area click the option to require DNS clients to check that name and address data has been validated by the DNS server.
- Click Create then click Apply
- On boston type gpupdate then type ping dcsrv1.northwindtraders.com
Page 266 (Deploying a DHCP Server)
- start Add Roles wizard on dcsrv1. Click Next, then choose DHCP Server and click next again, and again.
- Verify that 192.168.0.1 is selected and click Next
- Verify that nwtraders.msft is the parent domain and specify 192.168.0.1 as the prefered DNS server IPv4 address and click next
- Make sure 'WINS is not required...' is checked and click next
- Click Add
- Fill in the next page with the following info...
Scope Name: Nwtraders.msft IPv4
Starting IP Address: 192.168.0.20
Ending IP Address: 192.168.0.254
Subnet Type: Wired
Activate this scope: Checked
Subnet Mask: 255.255.255.0
Default Gateway: 192.168.0.1
... then click ok. then click next
- Leave the Enable DHCPv6 Stateless Mode For This Server option selected and click Next
- On the Specify Ipv6 DNS Server Settings page Verify that nwtraders.msft is the parent domain and specify fd00::1 as the prefered DNS server IPv6 address. Verify that fec0:0:0:ffff::1 is specified as the alternate DNS server IPv6 address. Click Next
- Verify that Use Current Credentials option is selected and click Next
- Click Install. When done click close.
- On boston, open an elevated command prompt and type netsh interface ipv4 set address "local area connection" dhcp
- type netsh interface ipv4 set dnsserver "local area connection" dhcp
- type ipconfig /all
Page 286 (Creating an Exclusion Range)
- In DHCP console on dcsrv1 navigate to DHCP \dcsrv1.nwtraders.msft\IPv4\Scope [192.168.0.0] Nwtraders.msft IPv4\Address Pool.
- Right-click the Address Pool folder and then choose New Exclusion Range
- type 192.168.0.200 and 192.168.0.210 in the Start IP Address and End IP Address boxes respectively.
- Click Add, then click close