Install and Configure Domain Controllers

Question 1

What configuration wizard can be used to install a new forest?

Answer 1

The “Active Directory Domain Services Configuration” wizard.

This wizard is prompted after installing the AD DS role and clicking on the “Promote to Domain Controller” link under notifications (flag icon) in Server Manager.

Question 2

What three options are available, on the domain options screen, in terms of modifying the domain structure, within the AD DS Config wizard?

Answer 2

1. Add a DC to an existing domain
2. Add a new domain to an existing forest
3. Add a new forest

Question 3

How do you add a Domain Controller to a domain?

Answer 3

1. The “Active Directory Domain Services” role needs to be installed on the server
2. The server needs to be promoted to a Domain Controller (by either the AD DS wizard or PowerShell).
   * Note: Within the AD DS wizard, the option to “Add a DC to an existing domain” can be used or if this is the first DC, the “Add a new forest” option would be used.

Question 4

What PowerShell command can be used to install a new forest?

Answer 4

Install-ADDSForest -DomainName exampledomain

Question 5

What PowerShell command can be used to view detailed information on the current forest such as the Domain Naming Master, Domains, Forest Mode, Global Catalog servers, current domain name, and Root Domain?

Answer 5

Get-ADForest

Question 6

Within a Server Core environment, what command opens PowerShell?

Answer 6

PowerShell

Question 7

What PowerShell command is used to install the AD DS role (used in a Server Core environment)?

Answer 7

Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

Question 8

How do you install AD DS on a Server Core environment?

Answer 8

1. PowerShell
2. Install-WindowsFeature -Name AD-Domain-Services -IncludeManagementTools

If installing on the first DC and a forest needs to be created then:
3. Install-ADDSForest -DomainName exampledomain.com

Question 9

How do you remove a DC from the domain?

Answer 9

1. With administrative privileges, within Server Manager, select the Remove Roles and Features tool and remove the AD DS role.
2. After clicking on AD DS, click on the “Demote this domain controller” link which will prompt the AD DS Config wizard.
3. Follow through the wizard to force the removal and demotion of the DC.
4. After the server reboots, remove the AD DS role.

Question 10

What PowerShell command can be used to remove a DC from the domain?

Answer 10

Uninstall-ADDSDomainController -DemoteOperationMasterRole:$true -ForceRemoval:$true -Force:$true

Question 11

What are the two implementations of deploying a RODC server?

Answer 11

Staged and non-staged

Question 12

What is a staged implementation of RODC?

Answer 12

A staged implementation is when a pre-created RODC account is used and linked to a group/user to perform the deployment without giving that group/user any elevated administrative privileges.

Question 13

What is a non-staged implementation of RODC?

Answer 13

A non-staged implementation is when the domain administrator physically or remotely performs the configuration and deployment of the RODC server.

Question 14

Which OU is right clicked to pre-create a RODC account?

Answer 14

Domain Controllers.

Question 15

The system chosen to be the RODC must be a non-member server. True or false?

Answer 15

True.

Question 16

After AD is uninstalled, what may need to be manually cleaned?

Answer 16

Metadata.

Question 17

What are the steps to configure a staged RODC implementation?

Answer 17

1. Within ADUC, pre-create a Read-only Domain Controller account and link it to a user/group that will be performing the deployment.
2. The delegated user will install the AD DS role and promote the server to a DC.
3. Within the AD DS Config wizard, when the credentials of the delegated user is entered, the wizard will see the pre-created RODC account that is tied to delegated user’s credentials.
4. On the Domain Controller Options screen, make sure that the “Use existing RODC account” is selected as well as any other server options is added (DNS, global).
5. After completion of the wizard, the server will reboot and the RODC installation is complete.

Question 18

What is Install From Media?

Answer 18

IFM is used in situations such as deploying a domain controller at a branch office where there is a slow WAN link. All the data needed to create that DC can be put on a DVD which then can be brought to the branch site to relieve the WAN link from the heavy initial replication traffic.

Question 19

What is NTDS?

Answer 19

New Technology Directory Service. This was the older name of Active Directory.

NTDS is recognized when using the ntdsutil command. This command-line tool is used to access and manage a Windows Active Directory database.

Question 20

How do you create a snapshot that will be later used as IFM?

Answer 20

On the DC that will be used as the source of the IFM, activate an ntds instance using the ntds utility by opening a command prompt and type:

1. ntdsutil
2. activate instance ntds
3. ifm
4. create full d:\ifm
5. quit

Question 21

How do you install a DC with IFM, assuming the IFM is ready to be used?

Answer 21

On the DC that will be utilizing the IFM, create the DC as usual by installing AD DS and promoting to a DC. Within the ADDSC wizard, on the “Additional Options” screen, check the box that says “Install from Media” and specify replication option with Domain Controllers.

Question 22

What does FSMO stand for?

Answer 22

Flexible Single Master Operator

Question 23

What are the 5 FSMO roles?

Answer 23

1. Schema Master
2. Domain Naming Master
3. PDC Emulator
4. RID Master
5. Infrastructure Master

Question 24

What are the different scopes for the FSMO roles?

Answer 24

Forest-wide: Schema Master and Domain Naming Master

Domain-wide: PDC Emulator, RID Master, and Infrastructure Master.

Question 25

How do you transfer/seize the Schema Master FSMO role?

Answer 25

1. If not already done so, register the schmmgmt.dll file by opening a command prompt with elevated privileges and type:
   regsvr32 schmmgmt.dll
2. Open a Microsoft Management Console snap-in by pressing start and typing mmc.exe and add the AD Schema snap-in
3. Within the AD Schema snap-in, right click on “AD Schema” and select “Change AD DC” and select the new server.
4. Right click on “AD Schema” and select Operations Master and hit change.

Question 26

How do you transfer/seize the Domain Naming Master FSMO role?

Answer 26

1. Open up the Active Directory Domains and Trusts console from Server Manager.
2. Within AD DT, right click on AD DT, and select “Change AD DC” and select the new server.
3. Right click on AD DT and select “Operations Master” and hit change.

Question 27

How do you transfer/seize the PDC Emulator, RID Master, and Infrastructure Master FSMO role?

Answer 27

1. Open ADUC and right click “ADUC” and select “Change Active Directory Domain Controller” and choose the new server.
2. Right click on the domain and select Operations Master and navigate to the corresponding FSMO role tab and hit “Change”.

Question 28

What command-line utility can be used to view where each of the FSMO roles are located (server-wise)?

Answer 28

netdom /query fsmo

Question 29

Where do you go to raise forest or domain functional levels?

Answer 29

Active Directory Administrative Center.

Question 30

How do you configure a global catalog server?

Answer 30

When deploying the first DC in a domain, the global catalog server is already selected by default and is a mandatory installation.

The option to include a global catalog server is found within the ADDSC wizard on the “Domain Controller Options” screen.

Question 31

How do you clone a virtualized DC?

Answer 31

1. On the source virtualized DC, open a powershell prompt, and type “Get-ADDCCloningExcludedApplicationList”
   1a. Verify each of the applications in the output of the previous command is able to be cloned.
2. Get-ADDCCloningExcludedApplicationList -GenerateXml -Force -Path
3. Add DC to be cloned to the Cloneable Domain Controllers group
4. New-ADDCCloneConfigFile in PowerShell ISE to include the network parameters
5. Within Hyper-V Manager, export and import source DC VM.
6. Within the “Import Virtual Machine” wizard, on the “Choose Import Type” screen, select the “Copy the virtual machine (create a new unique ID)” option.
7. Power on new clone and cloning process should start automatically and finish with a reboot.

Question 32

What PowerShell command allows you to create the XML file that provides the information for the clone, such as IP address and name?

Answer 32

New-ADDCCloneConfigFile

Question 33

When cloning a DC, what group must the DC be a part of in order to have permissions to be cloned?

Answer 33

Cloneable Domain Controllers