Professional Documents
Culture Documents
Lesson 2
Skills Matrix
Technology Skill
Objective Domain
Objective #
Configure a forest or a
domain
2.1
Establishing and
Maintaining Trust
Relationships
Configure trusts
2.2
Configuring Active
Directory Lightweight
Directory Services
Configure Active
Directory Lightweight
Directory Services (AD
LDS)
3.1
Configuring a Read-Only
Domain Controller
3.3
Server Manager
Located in Administrative Tools.
Can also be accessed by right-clicking My
Computer and selecting Manage.
Server Manager
Post-Installation Tasks
Upon completion of the Active Directory
installation, you should verify a number of
items:
Application directory partition creation.
Aging and scavenging for zones.
Forward lookup zones and SRV records.
Reverse lookup zones.
Application Partitions
DNS Records
Make sure Forward Lookup zone is
created.
Make sure Host (A) record is created for
your server.
Make sure DNS domains are created:
_msdcs
_sites
_tcp
_udp
DNS Records
Trust Relationship
Trust relationships exist to make resource
accessibility easier between domains and
forests.
Many trust relationships are established by
default during the creation of the Active
Directory forest structure.
Trust relationships can be created using
the Active Directory Domains and Trusts
from the Administrative Tools folder.
Trust Relationships
Four trust types can be manually established in
Windows Server 2008:
Shortcut trusts - Used to shorten the treewalking process for users who require frequent
access to resources elsewhere in the forest.
Cross-forest trusts - Allows you to create twoway transitive trusts between separate forests.
External trusts - Used to configure a one-way
non-transitive trust.
Realm trusts - Allows you to configure trust
relationships between Windows Server 2008
Active Directory and a UNIX MIT Kerberos realm.
Summary
Active Directory requires DNS to be
installed. DNS does not have to be
installed on a Windows Server 2003
machine, but the version of DNS used
does need to support SRV records for
Active Directory to function.
Planning the forest and domain structure
should include a checklist that can be
referenced for dialog information required
by the Active Directory Installation Wizard.
Summary
Verification of a solid Active Directory installation
includes verifying DNS zones and the creation of
SRV records.
Additional items, such as reverse lookups, aging,
and scavenging, also should be configured.
Summary
System classes of the schema cannot be
modified, but additional classes can be
added. Classes and attributes cannot be
deleted, but they can be deactivated.
Planning forest and domain functionality is
dependent on the need for down-level
operating system compatibility.
Raising a forest or domain functional level
is a procedure that cannot be reversed.
Summary
Four types of manual trusts can be
created: shortcut, external, cross-forest,
and realm trusts.
Manual trusts can be created by using
Active Directory Domains and Trusts or
netdom at a command line.
Summary
UPNs provide a mechanism to make
access to resources in multiple domains
user-friendly.
UPNs follow a naming format similar to
email addresses.
You must be a member of the Enterprise
Admins group to add additional suffixes
that can be assigned at user object
creation.