LAB 17

MANAGING ACTIVE
DIRECTORY AND SYSVOL
REPLICATION

THIS LAB CONTAINS THE FOLLOWING EXERCISES AND ACTIVITIES:

Exercise 17.1 Demoting a Domain Controller

Exercise 17.2 Promoting a Domain Controller

Exercise 17.3 Replicating with Active Directory Sites and Services

Exercise 17.4 Using REPADMIN

Exercise 17.5 Configuring Password Replication Policies for an RODC

Challenge Upgrading SYSVOL Replication to DFSR

BEFORE YOU BEGIN

The lab environment consists of student workstations connected to a local area network, along
with a server that functions as the domain controller for a domain called contoso.com. The
computers required for this lab are listed in Table 17-1.

Table 17-1
Computers required for Lab 17
Computer Operating System Computer Name
Server (VM 1) Windows Server 2012 R2 RWDC01
 Server (VM 4) Windows Server 2012 R2 Storage01

In addition to the computers, you will also require the software listed in Table 17-2 to
complete Lab 17.

Table 17-2
Software required for Lab 17
Software Location
Lab 17 student worksheet Lab17_worksheet.docx (provided by instructor)

Working with Lab Worksheets

Each lab in this manual requires that you answer questions, shoot screen shots, and perform
other activities that you will document in a worksheet named for the lab, such as
Lab17_worksheet.docx. You will find these worksheets on the book companion site. It is
recommended that you use a USB flash drive to store your worksheets, so you can submit
them to your instructor for review. As you perform the exercises in each lab, open the
appropriate worksheet file, fill in the required information, and save the file to your flash
drive.

After completing this lab, you will be able to:

Demote and promote a domain controller

• Monitor and manage Active Directory replication

• Use REPADMIN

• Configure password replication policies for an RODC

• Upgrade SYSVOL replication to DFSR

Estimated lab time: 115 minutes

Exercise 17.1 Demoting a Domain Controller

Overview In this exercise, you will remove the adatum.com domain so that
you can use Storage01 as a second domain controller for the
contoso.com domain.
 Mindset You are in the middle of removing a domain controller from the
domain. However, the domain controller completely failed
before you had a chance to remove the domain controller. What
can you do to remove the domain controller from the domain?
Completion time 15 minutes

1. Log in to Storage01 as adatum\administrator with the password of Pa$$w0rd. In

Server Manager, click Manage > Remove Roles and Features.

2. In the Remove Roles and Features Wizard, click Next.

3. On the Select destination server page, click Next.

4. On the Remove server roles, deselect Active Directory Domain Services. When a
message displays, indicating that you have to remove features, click Remove Features.

5. In the Validation Results dialog box, click Demote this domain controller.

6. On the Credentials page, click to select Force the removal of this domain controller.

7. Take a screen shot of the Active Directory Sites and Services console by pressing
Alt+Prt Scr and then paste it into your Lab 17 worksheet file in the page provided by
pressing Ctrl+V.

8. Click Next.
9. On the Warnings page, click to select the Proceed with removal and then click Next.
10. On the New Administrator Password page, type Pa$$w0rd in the Password text box and
the Confirm password text box. Click Next.

11. On the Review options page, click Demote. Windows will reboot when done.

End of exercise.

Exercise 17.2 Promoting a Domain Controller

Overview In this exercise, you will promote Storage01 as a second domain
controller for contoso.com.
 Mindset You need to promote a member server to a domain controller.
What are the requirements to promote the server to a domain
controller of an existing domain?
Completion time 20 minutes

1. Log in to Storage01 as the local Administrator with the password of Pa$$w0rd.

2. On Storage01, right-click the Network Status icon on the task bar and choose Open
Network and Sharing Center.

3. In the Open Network and Sharing Center, click Ethernet.

4. In the Ethernet Status dialog box, click Properties.

5. Double-click Internet Protocol Version 4 (TCP/IPv4).

6. In the Internet Protocol Version 4 TCP/IPv4) Properties dialog box, change the Preferred
DNS server to 192.168.1.50.

7. Take a screen shot of the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box
by pressing Alt+Prt Scr and then paste it into your Lab 17 worksheet file in the page
provided by pressing Ctrl+V.

8. Click OK to close the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box.
9. Click OK to close the Ethernet Properties dialog box.

10. Click Close to close the Ethernet Status dialog box.

11. Close the Network and Sharing Center window.

12. In Server Manager, click the yellow triangle with the black exclamation point (!) and then
click Promote this server to a domain controller.

13. In the Active Directory Domain Services Configuration wizard, Add a domain controller
to an existing domain is already selected. In the Domain text box, type contoso.com.

14. Click Change. In the Windows Security dialog box, type the following and then click
OK:

User name: contoso\administrator

Password: Pa$$w0rd

15. Back on the Deployment Configuration page, click Next.

 16. On the Domain Controller Options page, Corporate is already selected for the site name.
Type Pa$$w0rd in the Password text box and the Confirm password text box and then
click Next.

17. On the DNS Options page, click Next.

18. On the Additional Options page, click Next.

19. On the Paths page, click Next.

20. On the Review Options page, click Next.

21. On the Prerequisite Check page, when the check is finished, click Install.

22. After a couple of minutes, Windows will reboot.

End of exercise.

Replicating with Active Directory Sites and

Exercise 17.3 Services
Overview In this exercise, you will replicate Active Directory between two
domain controllers using the Active Directory Sites and Services
console.
Mindset What is used to determine how Active Directory is replicated
between domain controllers?
Completion time 10 minutes

1. Log in to RWDC01 as contoso\administrator with the password of Pa$$w0rd.

2. In Server Manager, click Tools > Active Directory Sites and Services.

3. In the Active Directory Sites and Services window, expand Sites, expand Corporate, and
then expand Servers.

4. Expand RWDC01 and then click NTDS Settings.

What replication connection is already made for Storage01

Question and how is the connection generated?
1
NTDS DC

5. Right-click Storage01 in the right pane and choose Replicate Now. In the dialog box,
click OK. If RWDC01 is not available, go on to the next step. If RWDC01 is available,
skip to Step 7.
 6. Right-click NTDS Settings under Storage01 and choose New Active Directory Domain
Services Connection.

7. In the Find Active Directory Domain Controllers dialog box, click RWDC01 and then
click OK. If a message indicates that there is already a connection and prompts you to
confirm that you want to create another connection, click Yes.

8. On the New Object – Connection dialog box, click OK.

9. Take a screen shot of Active Directory Sites and Services window by pressing Alt+Prt
Scr and then paste it into your Lab 17 worksheet file in the page provided by pressing
Ctrl+V.

10. Close the Active Directory Sites and Services window.

End of exercise. Close any open windows before you begin the next exercise.

Exercise 17.4 Using REPADMIN

Overview In this exercise, you will use REPADMIN to monitor Active
Directory replication.

Mindset What tools can you use to control Active Directory replication?
Completion time 10 minutes

1. On RWDC01, right-click the Start button and choose Command Prompt

(Administrator).

2. In the Administrator: Command Prompt window, execute the following command:

REPADMIN /SyncAll /APed

3. Look for errors and then press Enter.

4. To see a replication summary, execute the following command:

REPADMIN.EXE /ReplSummary

5. To display the current inbound connections, execute the following command:

REPADMIN.EXE /Queue

6. Close the Command Prompt window.

 End of exercise. Close any open windows before you begin the next exercise.

Configuring Password Replication Policies for

Exercise 17.5 RODCs
Overview In this exercise, you will configure the password replication
policies for read-only domain controllers (RODCs).

Mindset Why should you configure a password replication policy for

RODCs?
Completion time 30 minutes

1. On RWDC01, using Server Manager, click Tools > Active Directory Users and Computers.
2. In the Active Directory Users and Computers window, right-click the Computers
container and choose New > Computer.

3. In the New Object – Computer dialog box, in the Computer name text box, type
Computer01. Click OK.

4. Right-click the Users container and choose New > User.

5. In the New Object – User dialog box, type the following and then click Next.

First Name: User01

User logon name: User01

6. In the in the Password text box and the Confirm password text box, type Pa$$w0rd.

7. Click to select Password never expires.

8. Click Next.

9. When the wizard is complete, click Finish.

10. Right-click on the Domain Controllers OU and choose Pre-create Read-only Domain
Controller Account.

11. In the Active Directory Domain Services Installation Wizard, click Next.

12. On the Network Credentials page, click Next.

13. On the Specify Computer Name page, in the Computer name text box, type RODC01
and then click Next.

14. On the Select a site page, click Corporate and then click Next.
15. On the Additional Domain Controller Options page, verify that DNS Server and Global
catalog are selected and then click Next.

16. On the Delegation of RODC Installation and Administration page, click Next.

17. In the Summary window, review the selections and then click Next.

18. On the Completing the Active Directory Domain Services Installation Wizard window,
click Finish.

19. In the Active Directory Users and Computers console, click the Domain Controllers
OU.

What is the status of the RODC01, as indicated by the icon?

Question
2 Disabled

20. Within the Domain Controllers OU, double-click the first RODC01.

21. From the RODC01 Properties window, click the Password Replication Policy tab, as
shown in Figure 17-1.
Figure 17-1
Viewing the current Password Replication Policy

Which group is allowed password replication?

Question
3 RODC Password Replication Group

22. Double-click Allowed RODC Password Replication Group.

23. In the Allowed RODC Password Replication Group Properties dialog box, click the
Members tab.

24. On the Members tab, click Add.

25. In the Select Users, Contacts Computers, Service Accounts window, click Object Types.
Click to select Computers and then click OK.

26. In the Enter the object names to select text box, type user01;computer01 and then click
OK.

27. Click OK to close the Allowed RODC Password Replication Group.

 28. In the RODC01 Properties dialog box, click the Advanced button.

29. In the Advanced Password Replication Policy for RODC01 dialog box (as shown in
Figure 17-2), click the Prepopulate Passwords button.

Figure 17-2
Selecting images to use

30. In the Select Users or Computers account text box, type user01;computer01 and then
click OK.

31. When you are prompted to confirm that you want to send the current passwords for these
accounts to this read-only domain controller now, click Yes.

Why did it fail?

Question
4 The specified server cannot perform the requested operation

32. Click OK to close the error.

 33. Click Close to close the Advanced Password Replication Policy for RODC01.

34. Click OK to close the RODC01 Properties dialog box.

35. Right-click on the first RODC01 and choose Delete.

36. When you are prompted to confirm that you want to delete the account, click Yes.

37. In the Deleting Domain Controller dialog box, deselect Export this list of accounts that
were cached on this Read-Only Domain Controllers to this file and then click Delete.

38. In the Delete Domain Controller dialog, click OK.

39. When you are prompted to confirm that you want to continue with the deletion, click
Yes.

40. Close the Active Directory Users and Computers console.

End of exercise. Close any open windows before you begin the next exercise.

LAB REVIEW QUESTIONS

Completion time 10 minutes

1. In Exercise 17.3, what tool is used to replicate between two domain controllers?

Under the object right click on the other object you want to replicate and click replicate now

2. In Exercise 17.4, what tool is used to force Active Directory replication?

REPADMIN /SyncAll /APed

3. In Exercise 17.4, what tool is used to check the status of Active Directory replication?

REPADMIN.EXE /ReplSummary

4. In Exercise 17.5, how are Password Replication Properties configured?

Through AD Users and Computers and then configure users and computers under the Domain
Controllers OU
 Lab
Challenge Upgrading SYSVOL Replication to DFSR
Overview To complete this challenge, you will describe how to implement
thin provisioning by writing the steps for the following scenario.

Mindset A year ago, you upgraded a domain controller from Windows

Server 2003 to Windows Server 2008 and then to Window Server
2008 R2. Last week, you upgraded the domain controller to
Windows Server 2012 R2. The server is still using File Replication
Services (FRS) for the SYSVOL folder. How would you upgrade
SYSVOL to use Distributed File System Replication (DFSR)?
Completion time 10 minutes

Write out the steps you performed to complete the challenge.

End of lab. You can log off or start a different lab. If you want to restart this lab, you’ll need to
click the End Lab button in order for the lab to be reset.