1
00:00:17,330 --> 00:00:25,610
Exercise to deploying and configuring an Odyssey Task one stage a delegated installation of an ROTC

2
00:00:26,450 --> 00:00:30,020
preparation to prestige prestigious ROTC account.

3
00:00:30,230 --> 00:00:32,870
The computer name must not be in use in the domain.

4
00:00:33,710 --> 00:00:39,440
Therefore you first need to remove L0 and SVR one from the domain by performing the following steps.

5
00:00:40,340 --> 00:00:42,080
One on L0 and SVR.

6
00:00:42,080 --> 00:00:43,670
One in server manager.

7
00:00:43,700 --> 00:00:50,990
On the left side, click local server two in the properties for L0 in SVR one section, click the domain

8
00:00:50,990 --> 00:00:56,600
of data CNN.com three in the System Properties Dialog Box Click Change.

9
00:00:57,510 --> 00:01:03,450
Four in the computer names slash domain changes dialog box in the member of section select workgroup

10
00:01:03,450 --> 00:01:11,160
type music and then click okay five in the computer name slash domain changes dialog box click okay

11
00:01:12,060 --> 00:01:17,670
six in the computer name slash domain changes dialog box, you will see the following message.

12
00:01:17,880 --> 00:01:19,410
Welcome to the Munich workgroup.

13
00:01:20,270 --> 00:01:21,110
Click okay.

14
00:01:21,980 --> 00:01:27,860
Seven In the computer name slash domain changes dialog box, you will see the following message You

15
00:01:27,860 --> 00:01:30,470
must restart your computer to apply these changes.

16
00:01:31,340 --> 00:01:31,690
Click.

17
00:01:31,700 --> 00:01:32,180
Okay.

18
00:01:33,020 --> 00:01:36,440
Eight In the System Properties Dialog Box Click close.

19
00:01:37,370 --> 00:01:41,540
Nine In the Microsoft Windows Dialog Box Click Restart Now.

20
00:01:42,380 --> 00:01:46,400
Ten Sign in is username administrator.

21
00:01:47,300 --> 00:01:49,490
Password 11.

22
00:01:49,670 --> 00:01:57,320
Switch to low and DC one in server manager click tools and then click Active Directory users and Computers

23
00:01:58,190 --> 00:01:58,710
12.

24
00:01:58,730 --> 00:02:05,870
In the navigation pane expander datum icon click to select a date in servers right click L1 SDR one

25
00:02:05,870 --> 00:02:11,720
and then click Delete 13 in the Active Directory Domain Services Dialog box.

26
00:02:11,870 --> 00:02:13,550
Confirmed the deletion by clicking.

27
00:02:13,550 --> 00:02:13,940
Yes.

28
00:02:14,880 --> 00:02:18,810
14 in the confirmed subtree deletion dialog box click.

29
00:02:18,810 --> 00:02:19,200
Yes.

30
00:02:20,150 --> 00:02:28,340
Stage a delegated installation of an arrow DC one on ELO and DC one in server manager Click Tools and

31
00:02:28,340 --> 00:02:35,240
then click Active Directory sites and services to inactive directory sites and services in the navigation

32
00:02:35,240 --> 00:02:35,660
pane.

33
00:02:35,660 --> 00:02:38,510
Click sites from the action menu.

34
00:02:38,510 --> 00:02:39,440
Click New Site.

35
00:02:40,350 --> 00:02:46,650
Three in the new object site dialog box in the name field type Munich Select the default website link

36
00:02:46,650 --> 00:02:48,990
site link object and then click okay.

37
00:02:49,850 --> 00:02:53,720
Four in the Active Directory Domain Services Dialog Box Click.

38
00:02:53,720 --> 00:03:00,800
Okay five switch to server manager Click Tools and then click Active Directory Administrative Center

39
00:03:01,700 --> 00:03:07,850
six in Active Directory Administrative Center in the navigation pane, click a datum local and then

40
00:03:07,850 --> 00:03:15,080
in the details pane double click the domain controllers 0u7 in the tasks pane in the domain controllers

41
00:03:15,080 --> 00:03:21,590
section click pre create a read only domain controller account eight in the Active Directory Domain

42
00:03:21,590 --> 00:03:27,320
Services Installation Wizard on the Welcome to the Active Directory Domain Services Installation Wizard

43
00:03:27,320 --> 00:03:27,740
Page.

44
00:03:27,860 --> 00:03:30,090
Click Next nine.

45
00:03:30,110 --> 00:03:32,750
On the Network Credentials page, click next.

46
00:03:33,620 --> 00:03:40,070
Ten on the specified the computer name page type the computer name L1 SVR one and then click next.

47
00:03:46,110 --> 00:03:53,520
11 on the selected site page, click Munich and then click Next 12 on the additional domain controller

48
00:03:53,520 --> 00:03:59,700
options page except the default selections of DNS Server and global catalog and then click next.

49
00:04:00,720 --> 00:04:01,410
13.

50
00:04:01,440 --> 00:04:06,060
On the delegation of ROTC Installation and Administration Page Click Set.

51
00:04:06,990 --> 00:04:13,980
14 in the select user or group dialog box in the enter the object name to select field type nester and

52
00:04:13,980 --> 00:04:20,400
then click check names 15 Verify that Nestor Fiore is resolved and then click okay.

53
00:04:21,240 --> 00:04:21,990
16.

54
00:04:22,020 --> 00:04:26,760
On the delegation of RDC Installation and Administration page, click next.

55
00:04:27,660 --> 00:04:28,440
17.

56
00:04:28,470 --> 00:04:32,100
On the summary page, review your selections and then click next.

57
00:04:33,040 --> 00:04:38,940
18 On the Completing the Active Directory Domain Services Installation Wizard Page Click Finish.

58
00:04:39,800 --> 00:04:45,680
Tasked to run the Active Directory Domain Services installation wizard on an Odyssey DC to complete

59
00:04:45,680 --> 00:04:46,880
the deployment process.

60
00:04:47,780 --> 00:04:48,230
One.

61
00:04:48,320 --> 00:04:56,570
Switch to L0 in SVR one from server manager, click manage and then click add roles in features to in

62
00:04:56,570 --> 00:05:00,860
the add roles and features wizard on the before you begin page click next.

63
00:05:01,780 --> 00:05:02,260
Three.

64
00:05:02,290 --> 00:05:07,630
On the select installation type page, accept the default of role based or feature based installation

65
00:05:07,750 --> 00:05:08,920
and then click next.

66
00:05:09,820 --> 00:05:16,300
For on the select destination server page except the default with L1 SVR one being selected and then

67
00:05:16,300 --> 00:05:17,020
click next.

68
00:05:17,940 --> 00:05:18,420
Five.

69
00:05:18,450 --> 00:05:21,390
On the Select Server Roles page in the Roles list.

70
00:05:21,570 --> 00:05:28,680
Select Active Directory Domain Services six in the ADD Roles and features Wizard Accept to install the

71
00:05:28,680 --> 00:05:30,180
features and management tools.

72
00:05:30,240 --> 00:05:32,400
Click Add features and then click next.

73
00:05:33,270 --> 00:05:35,450
Seven on the Select Features page.

74
00:05:35,460 --> 00:05:36,300
Click Next.

75
00:05:37,170 --> 00:05:37,480
Eight.

76
00:05:37,650 --> 00:05:41,250
On the Active Directory Domain Services page, click next.

77
00:05:42,150 --> 00:05:42,630
Nine.

78
00:05:42,660 --> 00:05:45,060
On the confirm installation selections page.

79
00:05:45,120 --> 00:05:47,330
Click Install ten.

80
00:05:47,340 --> 00:05:48,960
Wait until the role installs.

81
00:05:49,830 --> 00:05:54,510
You can click close at any time, but monitor the notification icon and server manager.

82
00:05:55,530 --> 00:06:01,320
11 when the installation of the new roll is finished, click the notification icon for notifications.

83
00:06:02,190 --> 00:06:02,730
12.

84
00:06:02,760 --> 00:06:09,790
In the post-deployment configuration message box, click promote the server to a domain controller 13.

85
00:06:09,810 --> 00:06:15,570
In the Active Directory Domain Services Configuration Wizard on the deployment configuration page,

86
00:06:15,750 --> 00:06:19,260
leave the default to add a domain controller to an existing domain.

87
00:06:20,130 --> 00:06:20,820
14.

88
00:06:20,820 --> 00:06:27,540
In the supplied the credentials to perform this operation section, click change 15 in the Windows Security

89
00:06:27,540 --> 00:06:28,530
Dialog Box.

90
00:06:28,710 --> 00:06:31,410
Enter the following credentials and then click okay.

91
00:06:32,250 --> 00:06:34,290
Username a date and backslash.

92
00:06:34,290 --> 00:06:34,800
Nestor.

93
00:06:35,660 --> 00:06:36,380
Password.

94
00:06:37,250 --> 00:06:41,210
16 Under Specify the domain information for this operation.

95
00:06:41,330 --> 00:06:42,140
Click select.

96
00:06:42,380 --> 00:06:44,630
Then select the domain, a date and rt.com.

97
00:06:44,660 --> 00:06:45,020
Click.

98
00:06:45,020 --> 00:06:45,500
Okay.

99
00:06:45,500 --> 00:06:46,190
And then click.

100
00:06:46,190 --> 00:06:52,010
Next, you will receive a notification that an arrow DC account that matches the name of the server

101
00:06:52,010 --> 00:06:53,300
exists in the directory.

102
00:06:54,200 --> 00:06:57,140
17 On the Domain Controller Options page.

103
00:06:57,320 --> 00:07:02,750
Accept the default to use existing arrow DC account in the password and confirm password fields.

104
00:07:02,930 --> 00:07:05,150
Type your password and then click next.

105
00:07:06,020 --> 00:07:10,850
18 On the additional options page, accept the defaults and then click next.

106
00:07:11,750 --> 00:07:15,950
19 On the paths page accept the defaults and then click next.

107
00:07:16,790 --> 00:07:18,410
20 On the review options.

108
00:07:18,410 --> 00:07:21,110
Page Review your options and then click next.

109
00:07:21,980 --> 00:07:25,490
21 After the Prerequisites Check has been performed.

110
00:07:25,550 --> 00:07:26,450
Click Install.

111
00:07:27,320 --> 00:07:32,750
Note The computer will configure ads and restart, but you can proceed to the next task.

112
00:07:33,630 --> 00:07:39,090
Task three configure the domain wide password replication policy one.

113
00:07:39,150 --> 00:07:46,260
Switch to L0 and DC one in server manager Click Tools and then click Active Directory Administrative

114
00:07:46,260 --> 00:07:51,540
Center to Inactive Directory Administrative Center in the navigation pane.

115
00:07:51,570 --> 00:07:52,950
Click a datum local.

116
00:07:53,840 --> 00:07:54,330
Three.

117
00:07:54,350 --> 00:07:56,570
In the details pane double click it.

118
00:07:57,740 --> 00:07:58,160
Four.

119
00:07:58,160 --> 00:07:59,500
Locate the group.

120
00:07:59,510 --> 00:08:02,390
Right click the group and then click add to another group.

121
00:08:03,290 --> 00:08:09,830
Five in the select groups dialog box in the enter the object names to select text box type denied and

122
00:08:09,830 --> 00:08:17,420
then click check names six verify that the name of the group is expanded to denied RDC Password Replication

123
00:08:17,420 --> 00:08:19,040
Group and then click okay.

124
00:08:19,880 --> 00:08:25,670
Note The members of the IT group have elevated permissions, so storing their password on an odyssey

125
00:08:25,670 --> 00:08:26,990
would be a security risk.

126
00:08:27,890 --> 00:08:34,010
Therefore you add the group to the global deny list, which applies to every arrow DC in the domain.

127
00:08:34,910 --> 00:08:42,350
Seven Closed the Active Directory Administrative Centre task for create a group to manage password replication

128
00:08:42,350 --> 00:08:43,330
to the branch office.

129
00:08:43,340 --> 00:08:52,010
RDC one Switch to server manager Click Tools and then click Active Directory users and computers two

130
00:08:52,010 --> 00:08:56,240
in the navigation pane expanded datum dot com and then click users.

131
00:08:57,140 --> 00:09:00,560
Three on the action menu, click new and then click group.

132
00:09:01,460 --> 00:09:08,030
Four in the new object group dialog box type, the group name unique allowed RDC password replication

133
00:09:08,030 --> 00:09:13,550
group click okay and then double click the Munich Allowed RDC Password Replication Group.

134
00:09:14,450 --> 00:09:14,930
Five.

135
00:09:15,050 --> 00:09:22,460
On the members tab, click add six in the select users contacts, computers, services, accounts or

136
00:09:22,460 --> 00:09:28,880
groups dialog box in the Enter the object names to select text box type Ana and then click check names

137
00:09:29,810 --> 00:09:37,280
seven in the multiple names found dialog box select on a control and then click okay eight in the select

138
00:09:37,280 --> 00:09:43,100
users contacts, computers, service accounts or groups dialog box click okay.

139
00:09:43,220 --> 00:09:49,070
And then in the Munich allowed RDC Password Replication Group Properties Dialog Box Click okay.

140
00:09:49,910 --> 00:09:53,300
Nine Close Active Directory users and computers.

141
00:09:54,370 --> 00:09:54,710
Ten.

142
00:09:54,730 --> 00:09:56,890
In Active Directory Administrative Center.

143
00:09:57,070 --> 00:10:04,780
From the domain controllers, you view the properties for l0 and SVR 111 in the extension section on

144
00:10:04,780 --> 00:10:06,880
the password replication policy tab.

145
00:10:06,910 --> 00:10:12,130
Click Add 12 in the ADD Groups, Users and Computers Dialog Box.

146
00:10:12,340 --> 00:10:17,440
Select allow passwords for the account to replicate to this RDC and then click okay.

147
00:10:18,320 --> 00:10:25,250
13 in the select users computers, service accounts or groups dialog box in the enter the object names

148
00:10:25,250 --> 00:10:29,690
to select text box type Munich Click Check Names and then click okay.

149
00:10:30,580 --> 00:10:34,030
14 in the L1 SVR one dialog box.

150
00:10:34,240 --> 00:10:36,460
Click okay to close the dialog box.

151
00:10:37,330 --> 00:10:41,500
Task five Evaluate the result and password replication policy.

152
00:10:42,370 --> 00:10:47,740
One Inactive Directory Administrative Center in the tasks pane in the L1 SDR.

153
00:10:47,740 --> 00:10:49,480
One Section Click Properties.

154
00:10:50,350 --> 00:10:52,690
Two In the properties of L1 SVR.

155
00:10:52,690 --> 00:10:59,470
One in the extension section on the Password Replication Policy Tab, Click Advanced Note.

156
00:10:59,470 --> 00:11:04,540
Note that this dialog box shows all accounts with passwords that are stored in the RDC.

157
00:11:05,410 --> 00:11:10,000
Three Select accounts that have been authenticated to this read only domain controller.

158
00:11:10,150 --> 00:11:14,590
And then note that this only shows accounts that have the permissions and already have been authenticated

159
00:11:14,590 --> 00:11:15,760
by this RDC.

160
00:11:16,660 --> 00:11:20,470
Four Click the resultant policy tab and then add on a Cantrell.

161
00:11:21,340 --> 00:11:26,050
Notice that on a Cantrell has a resultant policy of allow five.

162
00:11:26,350 --> 00:11:28,360
Close all open dialogue boxes.

163
00:11:29,270 --> 00:11:30,470
Exercise three.

164
00:11:30,500 --> 00:11:33,020
Creating and associating a group MSA.

165
00:11:33,830 --> 00:11:34,610
Task one.

166
00:11:34,700 --> 00:11:42,860
Create an associate in MSI one on ELO and DC one in server manager Click Tools and then click Active

167
00:11:42,860 --> 00:11:49,520
Directory module for Windows PowerShell two at the Windows PowerShell Command prompt type the following

168
00:11:49,520 --> 00:11:51,170
command and then press enter.

169
00:11:51,980 --> 00:11:59,660
And Cady's rookie affective time get date done at hours minus ten three at the Windows PowerShell command

170
00:11:59,660 --> 00:12:06,920
prompt type the following command and then press enter new add service account name web service, DNS,

171
00:12:06,920 --> 00:12:12,650
Hostname, ELO and DC one principal's allowed to retrieve managed password ELO and DC $1.

172
00:12:13,530 --> 00:12:18,720
Four at the Windows PowerShell command prompt typed the following command and then press enter.

173
00:12:19,550 --> 00:12:24,230
At a computer service account identity ELO and DC one service account.

174
00:12:24,230 --> 00:12:24,920
Web service.

175
00:12:25,830 --> 00:12:26,340
Five.

176
00:12:26,370 --> 00:12:32,850
At the Windows PowerShell command prompt typed the following command and then press enter get add service

177
00:12:32,850 --> 00:12:34,230
account filter asterisk.

178
00:12:35,130 --> 00:12:35,640
Six.

179
00:12:35,790 --> 00:12:40,170
Note the output of the command and then ensure the newly created account is listed.

180
00:12:41,070 --> 00:12:44,370
Seven Minimize the Windows PowerShell Command Window.

181
00:12:45,210 --> 00:12:53,400
Task to install a group MSI one on low and DC one at the Windows PowerShell command prompt type the

182
00:12:53,400 --> 00:12:59,310
following command and then press enter install add service account identity web service.

183
00:13:00,220 --> 00:13:00,560
Two.

184
00:13:00,580 --> 00:13:05,460
In Server Manager, click the Tools menu and then click Internet Information Services.

185
00:13:05,470 --> 00:13:06,730
IRS Manager.

186
00:13:07,610 --> 00:13:14,150
Three Expand low and DC one a data backslash administrator and then click application pools.

187
00:13:15,080 --> 00:13:20,000
Four in the details pane right click the default app pool and then click advanced settings.

188
00:13:20,930 --> 00:13:26,990
Five In the Advanced Settings Dialog Box in the process model section, click identity and then click

189
00:13:26,990 --> 00:13:27,680
the ellipsis.

190
00:13:28,580 --> 00:13:31,880
Six In the Application Pool Identity Dialog Box.

191
00:13:32,090 --> 00:13:34,340
Click Custom Account and then click set.

192
00:13:35,240 --> 00:13:37,790
Seven in the set credentials dialog box.

193
00:13:37,880 --> 00:13:42,590
Type A data and backslash web service dollar in the username field and then click okay.

194
00:13:42,590 --> 00:13:43,400
Three times.

195
00:13:44,270 --> 00:13:45,800
Eight in the actions pane.

196
00:13:45,890 --> 00:13:48,200
Click stop to stop the application pool.

197
00:13:49,100 --> 00:13:52,010
Nine Click Start to start the application pool.

198
00:13:52,850 --> 00:13:56,750
Ten Close Internet Information Services IRS Manager.