Welcome to the Manage Active Directory Infrastructure Part 1 Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Learning Outcomes

In this module, you will complete the following exercises:

  • Exercise 1 - Install Additional Domain Controller
  • Exercise 2 - Create a New Active Directory Domain Forest
  • Exercise 3 - Configure Forest Trust Relationship

After completing this lab, you will be able to:

  • Create an additional domain controller in an existing domain
  • Create a new Active Directory Domain Forest
  • Create a forest trust relationship between two domains
  • Verify functionality of the forest trust relationship

Exam Objectives

The following exam objectives are covered in this lab:

  • Understand Active Directory Infrastructure - Domain controllers, forests, trust relationships

Lab Duration

It will take approximately 60 minutes to complete this lab.

Exercise 1 - Install Additional Domain Controller

Active Directory Domain Services (AD DS) is one of the roles that can be added and configured in Windows Server 2016. When AD DS is successfully installed, the server assumes the role of an Active Directory Services server or a domain controller. This directory service maintains a database of network objects such as users, groups, computers, subnets, sites among others and collectively organized in an administrative boundary called domain.

For companies that maintain a large Active Directory domain network, it is recommended that an additional domain controller be installed for improved performance and redundancy. Having more than one domain controller enhances recoverability of Active Directory as a writeable copy of the database is maintained on a separate server. This means that user authentication is processed by any available domain controller in the organization’s network.

When a user logs on to a domain, the credential is verified against directory service database and is granted access to network assets in a domain network based on his role in the organization.

Exercise 2 - Create a New AD Forest

Active Directory (AD) Domain Forest is a single instance of Active Directory. Oftentimes, one AD forest is sufficient for a large company to organize its network assets such as users, groups, computers, printers among others into a directory service called Active Directory.

When Active Directory (AD) is installed in an organization’s network, the directory service is compartmentalized into partitions or naming contexts (NCs). These partitions are Schema, Configuration and Domain.

The Schema NC define the object types and object attributes, there is only one schema naming context for the entire AD Forest. Configuration partition define the network services and sites within the AD forest. There is only one instance of Configuration partition for the entire AD forest. Domain partition stores the users, computers, groups, organizational units, printers and other objects. There can be more than one domain partition in an AD forest.

You can use Server Manager Dashboard to create a new Active Directory forest, however in this exercise, you will use Windows PowerShell to create a new Active Directory instance.

Exercise 3 - Configure Forest Trust Relationship

A forest trust relationship is a type of trust that involves two forest root domains. This type of trust creates a logical link between two domains at the top-most level and the trust relationship applies to the child domains under the parent domain. The carrying over of trust from root/parent domain to the child domains is called transitivity is one of the essential features of a forest trust relationship. It simply means the child domains trust the forest root domain owned by another organization.

An external trust relationship is another type of trust between two Active Directory domains. This type of trust creates a logical link between two domains at the top-most level. The trust relationship between the parent (root) domain does not apply to the child domains (if there are any) under the parent domain. This means that the child domain will not trust the root domain of another organization.

Trust relationship of this variant is applicable if an organization is migrating Active Directory user accounts, security groups and other objects from an earlier Windows server version to a newer Windows server operating system. When the Active Directory objects have been successfully migrated, the earlier Windows server version is phased out to give way to a new version of Windows server.

In this exercise, you will create the forest trust relationship between PRACTICELABS.COM and PRACTICEIT.CO.UK domains

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.