Manage Active Directory in an Enterprise Environment Part 2

Practice Labs Module
Time
57 minutes
Difficulty
Intermediate

The "Manage Active Directory in an Enterprise Environment Part 2" module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises: Prepare Prerequisites for Multiple AD Forests, Configure Name Suffix Routing.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

Overview

Introduction

The Manage Active Directory in an Enterprise Environment Part 2 module provides you with the instruction and server hardware to develop your hands on skills in the defined topics. This module includes the following exercises:

  • Prepare Prerequisites for Multiple AD Forests
  • Configure Name Suffix Routing

Lab Time: It will take approximately 1 hour to complete the exercises in this lab.

Exam Objectives

The following exam objectives are covered in this lab:

  • Test user login using user principal name (UPN)
  • Implement name suffix routing

Exercise 1 - Prepare Prerequisites for Multiple AD Forests

Active Directory (AD) Domain Forest is a single instance of Active Directory. Oftentimes, one AD forest is sufficient for a large company to organize its network assets such as users, groups, computers, printers among others into a directory service called Active Directory.

An organization may opt to create a new AD forest if it requires an independent schema (objects and object attributes) and configuration (network and services) that are completely separate from its existing AD forest. A new AD forest can be justified if a new Exchange Server organization will be rolled out for a separate company.

In this exercise, a new AD forest will be created called apac.research.practicelabs.com which will be linked to PRACTICELABS.COM via a forest trust relationship. The purpose of creating apac.research.practicelabs.com with a similar name as the existing domain PRACTICELABS.COM is to validate name suffix routing between two AD forests.

Exercise 2 - Configure Name Suffix Routing

When a forest trust relationship is created between two AD forest root domains such as apac.research.practicelabs.com and the PRACTICELABS.COM, a name suffix route is dynamically added to both side of the forest trust properties. Name suffix routing is a mechanism used by Windows domain controllers to control routing of authentication traffic between AD domains or forests. The name suffix route information is preceded with a wildcard (*) and followed by the DNS name suffix of the trusted forest root, for example *.apac.research.practicelabs.com.

When a user account of owned by apac.research.practicelabs.com tries to sign-in using a member device owned by another domain PRACTICELABS.COM, the name suffix route is used to redirect authentication request to the other forest root domain apac.research.practicelabs.com.

In this exercise, you will learn how to set up name suffix routing between two AD forests.

Learning Partner
Practice Labs

IT & Cybersecurity certification hands on practice labs and practice exams for certifications and skill development.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.

Courses