Manage Active Directory in an Enterprise Environment Part 2
The "Manage Active Directory in an Enterprise Environment Part 2" module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises: Prepare Prerequisites for Multiple AD Forests, Configure Name Suffix Routing.
Already have an account? Sign In »
The Manage Active Directory in an Enterprise Environment Part 2 module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:
- Prepare Prerequisites for Multiple AD Forests
- Configure Name Suffix Routing
Lab Time: It will take approximately 1 hour to complete the exercises in this lab.
The following exam objectives are covered in this lab:
- Test user login using user principal name (UPN)
- Implement name suffix routing
Exercise 1 - Prepare Prerequisites for Multiple AD Forests
Active Directory (AD) Domain Forest is a single instance of Active Directory. Oftentimes, one AD forest is sufficient for a large company to organize its network assets such as users, groups, computers, printers among others into a directory service called Active Directory.
An organization may opt to create a new AD forest if it requires an independent schema (objects and object attributes) and configuration (network and services) that are completely separate from its existing AD forest. A new AD forest can be justified if a new Exchange Server organization will be rolled out for a separate company.
In this exercise, a new AD forest will be created called apac.research.practicelabs.com which will be linked to PRACTICELABS.COM via a forest trust relationship. The purpose of creating apac.research.practicelabs.com with a similar name as the existing domain PRACTICELABS.COM is to validate name suffix routing between two AD forests.
Exercise 2 - Configure Name Suffix Routing
When a forest trust relationship is created between two AD forest root domains such as apac.research.practicelabs.com and the PRACTICELABS.COM, a name suffix route is dynamically added to both side of the forest trust properties. Name suffix routing is a mechanism used by Windows domain controllers to control routing of authentication traffic between AD domains or forests. The name suffix route information is preceded with a wildcard (*) and followed by the DNS name suffix of the trusted forest root, for example *.apac.research.practicelabs.com.
When a user account of owned by apac.research.practicelabs.com tries to sign-in using a member device owned by another domain PRACTICELABS.COM, the name suffix route is used to redirect authentication request to the other forest root domain apac.research.practicelabs.com.
In this exercise, you will learn how to set up name suffix routing between two AD forests.
IT & Cybersecurity certification hands on practice labs and practice exams for certifications and skill development.
See the full benefits of our immersive learning experience with interactive courses and guided career paths.