Deploy and Manage Domain Controllers Part 2

Practice Labs Module
Time
57 minutes
Difficulty
Intermediate

The "Deploy and Manage Domain Controllers Part 2" module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises: Install Domain Controller using IFM, Install Read-Only Domain Controller (RODC), Manage Password Replication Policy.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

Introduction

The Deploy and Manage Domain Controllers Part 2 module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

  • Install Domain Controller using IFM
  • Install Read-Only Domain Controller (RODC)
  • Manage Password Replication Policy

Lab Time: It will take approximately 1 hour to complete the exercises in this lab.

Exam Objectives

  • Install a domain controller from Install from Media (IFM)
  • Install and configure a read-only domain controller (RODC)
  • Configure password replication policy for RODC

Exercise 1 - Install Domain Controller using IFM

Large organizations that maintain Active Directory Domain Services (AD DS) typically deploy domain controllers in different locations. Modifications made in a domain controller in one site replicate to other domain controllers in the entire network to synchronize the changes made in the directory service.

If there is a requirement to install a new domain controller in a remote site, initial replication traffic can be reduced by using the install from media (IFM) method for the new domain controller.

Exercise 2 - Install Read-Only Domain Controller (RODC)

For organizations that maintain a remote site where IT support personnel is not available to maintain the server, a Read-Only Domain Controller or RODC may be a viable option for ensuring that user logons will be validated in the local network. RODCs maintain a read-only copy of the Active Directory database which it receives from a writeable domain controller in a Windows domain network. An RODC must have a reliable network connection to ensure that its Active Directory database is synchronized with other domain controllers in the domain.

Exercise 3 - Manage Password Replication Policy

The Password Replication Policy determines if an RODC should be permitted to cache a password. When the RODC authenticates a user sign-in request, it looks up to the Password Replication Policy to find out if the password for the user account should be cached. If the same user account was authenticated by the same RODC, subsequent sign-ins function efficiently.

When configuring Password Replication Policy, it will list the accounts that are permitted to be cached and the accounts that are denied from being cached.

After a successful installation of the RODC in PLABSA01 in the previous exercise, you must setup Password Replication Policy on the writeable domain controller in PLABDC01 that will act as the RODCs replication partner.

Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.