Server in the Enterprise - Instruktion Lab 1

Implementing Directory Services Using NT 4 Server
· Establishing and Testing a One-Way Trust Relationship Implementing a One-Way Trust Relationship
Note: After the trust relationship has been established, you will view the domain names that appear in the Domain box of the Logon dialog box. During this lab, the trusted domain (with accounts) will be referred to as DomainX. The trusting domain (with resources) will be referred to as DomainY. To configure DomainY as a trusting domain
Note: Complete this procedure from the PDC of DomainX
  1. Log on as Administrator
  2. Start User Manager for Domains
  3. On the Policies menu, click Trust Relationships. The Trust Relationships dialog box appears
  4. To the right of Trusting Domains, click Add. The Add Trusting Domain dialog box appears
  5. In the Add Trusting Domain box, type DomainY (the name of the trusting domain)
  6. Do not use a password. Leave Initial Password and Confirm Password blank
  7. Click OK. The name of DomainY, the trusting domain, appears in the Trusting Domains box.
  8. Click Close
    This is first stage of implementing a one-way trust between domain. You have permitted DomainY (the trusting domain) to trust DomainX (the trusted domain)

· To complete the one-way trust relationship
Note: Complete this procedure from the PDC of DomainY. Wait until DomainX has permitted DomainY to trust.
  1. Log on as Administrator
  2. Start User Manager for Domains
  3. On the Policies menu, click Trust Relationships. The Trust Relationships dialog box appears
  4. To the right of Trusting Domains, click Add. The Add Trusting Domain dialog box appears
  5. In the Add Trusting Domain box, type DomainX (the domain you are going to trust)
  6. Do not use a password. Leave Password blank because the trusted domain did not assign a password to your domain
  7. Click OK
  8. If you do not receive a message indicating the trust relationship was successfully established, what message did you receive? Take corrective action as indicated in the message …The User Manager for Domains information box appears, indicating the trust relationship was successfully established.
  9. Click OK. The name of DomainX appears in the Trusted Domains box. Click Close
    DomainY now trusts DomainX. This means that a user sitting at a computer located in DomainY can log on from DomainX using his /her DomainX user account.

· Logging on Trough the trust
Note: When you are requested to log on from a domain, select domain name in the Domain box of the Welcome dialog box, and then complete the logon process

· To create the users
Note: Complete this procedure from the PDC of DomainX (the trusted domain)
  1. Log on as Administrator
  2. Create three user accounts: AAAAA, BBBBB, CCCCC. These accounts should be: only a member of the default group Domain Users, not require the user to change the password at next logon, not exist in DomainY

· To identify the domains trusted by DomainX
Note: Complete this procedure from the PDC of DomainX (the trusted domain)
  1. Log off
  2. Press CTRL+Alt+Del to use the Logon Information dialog box
  3. In the Domain box, display the available domains
  4. What names appear in the Domain box of a trusted domain?
  5. Log on as Administrator

· To identify the domain trusted by DomainY
Note: Complete this procedure from the PDC of DomainY (the trusting domain)
  1. Log off
  2. Press CTRL+Alt+Del to use the Logon Information dialog box
  3. In the Domain box, display the available domains
  4. What names appear in the Domain box of a trusting domain?

· To complete the logon process
Note: Complete this procedure from the PDC of DomainY (the trusting domain)
  1. Attempt to log on from DomainY as the user named AAAAA. DomainY should by appear in the Domain box
  2. Where you able to log on? Why or why not?
  3. Attempt to log on from DomainX as the user named AAAAA. DomainX should appear in the Domain box to indicate that you want be validated by the user accounts database of DomainX
  4. Where you able to log on? Why or why not?
    By logging on from DomainX while your computer is a member of DomainY, you have verified that a trust relationship exists

Administering Domains Across Trust Relationship

· To create global groups
Note: Complete this procedure from the PDC of DomainX (the trusted domain)
  1. Log on as Administrator, from DomainX
  2. Start User Manager for Domains, and then create the global group RESEARCH-ALL. Add AAAAA, BBBBB, CCCCC as members of this group
  3. Remove any other members from the group
  4. Create the global group RESEARCH-MGM. Add AAAAA as a member of this group
  5. Remove any other members from the group

· To configure a trusting domain for administration across a trust relationship
Note: Complete this procedure from the PDC of DomainY (the trusting domain)
  1. Log on as Administrator, from DomainY
  2. Start User Manager for Domains, click the Administrators group, and then on the User menu, click Properties
  3. Click Add
  4. In the List Names From box, click DomainX
  5. In the Names box, click Research-Mgm, and then click Add
  6. Click OK
  7. In the Members box, how is the Research-Mgm group referenced?
  8. Click OK

· To administer a trusting domain
Note: Complete this procedure from the PDC of DomainY (the trusting domain)
  1. Log on as AAAAA from DomainX
  2. Start User Manager for Domains. Title bar of User Manager for Domains indicates DomainX, your logon domain. You want to create a local group in DomainY
  3. On the User menu, click Select Domain
  4. Click DomainY, and then click OK. Title bar of User Manager for Domains indicates DomainY
  5. In DomainY, create the local group RESEARCHERS. Add the DomainX\Research-All group as a member of this group
  6. Remove any other members from the group
  7. Close User Manager for Domains
  8. Start My Computer, open the C: drive, and create a new folder called Soles
  9. Share the Soles folder with the share name Soles. Assign the local group RESEARCHERS Full Control permissions to the shared folder and remove permissions for Everyone. Why is user AAAAA to perform administrative tasks (sharing the directory) on DomainY, the trusting domain

Accessing Resources Through the Trust

· To log on and use the share from DomainX
Note: Complete this procedure from the PDC of DomainX (the trusted domain)
  1. Log off and then log on as CCCCC from DomainX
  2. Connect to the Soles shared folder on the DomainY PDC
  3. Verify that you have full access to the resource by using Notepad to create and save a file in Soles

· To log on and use the share from DomainY
Note: Complete this procedure from the PDC of DomainY (the trusting domain)
  1. Log off and then logon as BBBBB from DomainX
  2. Connect to the Soles share on the DomainY PDC
  3. Verify that you have full access to the resource by using Notepad
  4. Why are users BBBBB and CCCCC able to use the resource?

Establishing and Testing a Two-Way Trust Relationship

· To permit DomainX to trust DomainY
Note: Complete this step from the PDC of DomainY
  1. Log off and log on as Administrator from DomainY
  2. Using User Manager for Domains, add DomainX as a trusting domain

· To complete the trust relationship from DomainX
Note: Complete this step from the PDC of DomainX
  1. Log off and log on as Administrator from DomainX
  2. Using User Manager for Domains, add DomainY as a trusted domain

· To create a user to test the trust
Note: Complete this step from the PDC of DomainY
  1. Create a new user account, Janne. Janne should be:
    only a member of the default group Domain Users
    not have to change the password at the next logon
    not exist in DomainX

· To assign permissions
Note: Complete this step from the PDC of DomainY
  1. Add permissions for Janne to the existing Soles share on the PDC of DomainY using the following information:
    existing folder: Soles
    existing share name: Soles
    add Share Permissions: DomainY\ Janne with Full Control

· To log on and use the share from DomainX
Note: Complete this step from the PDC of DomainX
  1. Log off and then log on as Janne from DomainY
  2. Connect to the Soles shared folder on the DomainY PDC
  3. Verify you have full access to the resource by using Notepad to create and save a file in Soles

Designing and Implementing the Domain Model

· To implement trust relationships if you are a master/account domain
Note: Complete this procedure from the PDC of each master/account domain
  1. Log on as Administrator to your domain
  2. Remove all existing trust relationships
  3. Using User Manager for Domains, permit each domain (including other master/account domains) as trusting domains. Do not use a password
  4. Using User Manager for Domains, make each of the other master/account domains a trusted domain. Do not use a password

· To implement trust relationships if you are a resource domain
Note: Complete this procedure from the PDC of each resource domain. In this procedure you will wait until the master/account domain have completed step 3 above, permitting your domain to trust thier domain, before you start
  1. Log on your domain as Administrator
  2. Remove all existing trust relationships
  3. Using User Manager for Domains, make each of the master/account domains a trusted domain. Do not use a password

· To test the trust relationships
Note: Complete this procedure from a domain controller in each domain. In this procedure you will wait until all trust relationships are established in the previous procedures
  1. Log off your computer
  2. Press CTRL+ALT+DEL to initiate the logon process
  3. What domain names should appear in the Domain box?
  4. Verify that these are the domain names you see. If not, contact your domain administrator to correct the trust relationship problem

Designing and Implementing Administration of the Domain Model
· Designing the Directory Service Structure For KillerApplications Company

Basic Structure Design
  • The Company has 60000 users located around the world. The corporate headquarters is in Geneva (Europe). North and South American headquarters are located in New York City. The Asia and Australia headquarters are located in Singapore. Each of the regional headquarters will maintain total control of users and equipment within thier areas. Users will require access to resources in the other regional headquarters (around the world).
  • The three regional headquarters sites are connected by T1(possibly T3) lines. Each of the three regional headquarters has line of business applications that need to be available to all sites within thier areas as well as the other regional headquarters. These line of business applications are all running on NT based computers that will be configured as servers or workstations within the domains.
  • The corporate databases (6 GB totally) are split to all regional headquarters.
  • The KillApp Company working with strongly growing the share of the market. The amount of employees to be constantly, but traffic load to be an increase of 20 percent in the next 2 years.

Additional groups info (all sites):
  • corp_management (only Geneva)
  • site_management
  • junior_sales
  • senior_sales
  • development
  • junior_officers
  • senior_officers
  • site_admins

· Supplementary Structure Design for Asia/Australia Region

You will be designing the NT Directory Services for Asia/Australia region. The design will take into account:
  1. Logon validation
  2. Pass-through authentication

Additional info:
  • The links between Singapore, Australia and Malaysia are typicaly operating at 70 percent of capacity. The Asia/Australia region has ten subsidiaries including Japan, Korea, China, Taiwan, Thailand, Singapore, Malaysia, Indonesia, Australia and New Zeland. In addition, Malaysia and Australia have major employees to which all regional subsidiaries will need access.
  • Due to import restrictions with some of the subsidiaries, it has been decided to give control of the equipment to each subsidiary, and to have a resource domain in each subsidiary. The NT Workstations has recently been installed on most of the computers the subsidiares have purchased. The company has authorized redundant hardware where you can justify it.

· Mandatory questions (use drawing(s) to show ansvers/solutions):
  1. How many domains will you need to configure?
  2. How many master domains will be configured?
  3. How many resource domains will need to be configured?
  4. How many PDCs will need to configure?
  5. How many BDCs will need to be configure? (Think about pass-throug validation and pass-through authentication)
  6. To which domain will the branch office sites belong?
  7. How many trusts will need to be configured?