active directory windows server deployment and … directory deployment and management enhancements...

Active Directory Deployment and Management Enhancements

Windows Server

2012

Hands-on lab

In this lab, you will learn how to deploy Active Directory

domain controllers with Windows Server 2012. You will deploy

domain controllers using the new Server Manager, as well as

deploy remote domain controllers using Windows

PowerShell™. You will explore the new Active Directory

Management tool and use its Windows PowerShell History

Viewer. In addition, you will explore the new Active Directory

Replication Tools, group Managed Service Accounts and

prepare a domain controller for cloning.

Produced by HynesITe, Inc.

Version 4.1

03/20/2013

This document supports a preliminary release of a software product that may be changed substantially prior to final commercial

release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in

this document. Information in this document, including URL and other Internet Web site references, is subject to change without

notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the

companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein

are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or

event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without

limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or

transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without

the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter

in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document

does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

Copyright 2013 © Microsoft Corporation. All rights reserved.

Microsoft, Active Directory, Hyper-V, Windows PowerShell, and Windows Server 2012 are trademarks of the Microsoft group of

companies.

All other trademarks are property of their respective owners.


Lab created by HynesITe, Inc. For questions or comments, send an email message to [email protected] Page | 3

Introduction

Estimated time to complete this lab

30 minutes

Objectives

After completing this lab, you will be able to:

Deploy additional domain controllers using Server Manager.

Deploy additional domain controllers using Windows PowerShell.

Explore new UI enhancements in Active Directory Administrative Center.

Prerequisites

Before working on this lab, you must have:

An understanding of Active Directory deployment.

The ability to work with Windows PowerShell.

An understanding of Active Directory management tools and procedures.

Overview of the lab

In this lab, you will learn how to deploy Active Directory domain controllers with Windows Server 2012.

You will deploy domain controllers using the new Server Manager, as well as deploy remote domain

controllers using Windows PowerShell. You will explore the new Active Directory Management tool and

use its Windows PowerShell History Viewer. In addition, you will explore the new Active Directory

Replication Tools, group Managed Service Accounts and prepare a domain controller for cloning.

Intended audience

This lab is intended for individuals who are responsible for deploying Active Directory and wish to

leverage the newer features of Windows Server 2012 to simplify the process for deploying new domain

controllers. This lab is also designed for individuals who are responsible for automation of Active Directory

tasks.

Virtual machine technology

This lab is completed using virtual machines that run on Windows Server 2012 Hyper-V technology. To

log on to the virtual machines, press CTRL+ALT+END and enter your logon credentials.

Computers in this lab

This lab uses computers as described in the following table. Before you begin the lab, you must ensure

that the virtual machines are started and then log on to the computers.

Virtual Machine Role

DC An existing domain controller.

Server1 A future domain controller created during the lab.

Server2 A future domain controller created during the lab.

All user accounts in this lab use the password Passw0rd!

mailto:[email protected]



Note regarding pre-release software

Portions of this lab may include software that is not yet released, and as such may still contain active or

known issues. While every effort has been made to ensure this lab functions as written, unknown or

unanticipated results may be encountered as a result of using pre-release software.

Note regarding user account control

Some steps in this lab may be subject to user account control. User account control is a technology which

provides additional security to computers by requesting that users confirm actions that require

administrative rights. Tasks that generate a user account control confirmation are denoted using a shield

icon. If you encounter a shield icon, confirm your action by selecting the appropriate button in the dialog

box that is presented.

Note on activation

The virtual machines for these labs may have been built by using software that has not been activated.

This is by design in the lab to prevent the redistribution of activated software. The unactivated state of

software has been taken into account in the design of the lab. Consequently, the lab is in no way affected

by this state. For operating systems other than Windows 8, please press Cancel or Close if prompted by an

activation dialog box. If you are prompted by an Activate screen for Windows 8, press the Windows key to

display the Start screen.




Exercise 1: Deploying Remote Domain Controllers

In this exercise, you will use Server Manager to deploy remote domain controllers to Server1 and Server2.

Server1 and Server2 are basic Windows Server 2012 installations with no additional configuration

completed.

Add Active Directory Domain Services

In this step, you will add the Active Directory Domain Services role which is required before configuring

the server as a domain controller.

Perform this task logged on to DC as Contoso\Administrator with the password Passw0rd!

1. Open Server Manager, and then click Add other servers to manage.

2. In the Name (CN): dialog box type Server1, and then click Find Now.

3. Click Server1, and then click the add arrow.

4. Repeat steps 2-4 to add Server2, and then click OK.

5. In Server Manager, click All Servers

6. Highlight Server1, click Manage, and then click Add Roles and Features.

7. Click Next until you reach Select destination server.

8. Click Server1, and then click Next.

9. Check the Active Directory Domain Services check box, click Add Features, and then click Next.

10. Click Next until you reach the end of the wizard, and then click Install.

NOTE: This does not configure a domain controller, but installs the Active Directory components.

11. Once the installation has started, click Close.

Deploy a second domain controller

In this step, you will use Server Manager to deploy a second domain controller on a remote server in your

domain.


1. In Server Manager, click the notification flag, and then click Task Details.

IMPORTANT: You may need to wait for the installation activity from the previous exercise to complete

before proceeding.

2. When the feature installation is complete, in the Task Details dialog box, click the Add Roles and

Features action. A configuration is required message is displayed. Click Close.




3. In the Task Details dialog box, locate the task with the message Configuration required for Active

Directory Domain Services at Server1, and then click Promote this server to a domain

controller.

4. On the Deployment Configuration page, click Change, type Contoso\administrator and the

password Passw0rd!, and then click OK.

5. Click Next.

6. On the Domain Controller Options page, under Type the Directory Services Restore Mode (DSRM)

password, in Password and Confirm password, type Passw0rd!, and then click Next.

7. Click Next until you reach the Review Options page.

8. Click View Script.

9. Save the script file as InstallDC.txt on your desktop.

10. Close Notepad.

11. Click Next, and then when the prerequisites check completes, click Install.

NOTE: The installation progress will be shown in Server Manager. Wait for this to complete.

12. Click OK if prompted, and then click Close.

13. Close the Task Details dialog box.

IMPORTANT: You will need to wait for the server to restart before moving to the next step in this lab.

Verify the new domain controller

In this step, you will verify that the new domain controller is operational.


1. Open Server Manager, if not already open.

2. On the Tools menu, click Active Directory Sites and Services.

3. Navigate to Sites/Default-First-Site-Name, and then click Servers.

4. Verify that you see DC and Server1 as domain controllers.

5. Minimize the Active Directory Sites and Services console.

Deploy a third domain controller

In this step, you will use the Active Directory module for Windows PowerShell to deploy a third domain

controller.

Perform this task logged on to DC as Contoso\Administrator using the password Passw0rd!

1. On the taskbar, click Windows PowerShell.




2. Type the following commands, pressing ENTER after each one.

↪ Install-WindowsFeature –Name AD-Domain-Services –ComputerName Server2

↪ Invoke-Command –ComputerName Server2 –ScriptBlock {Import-Module

ADDSDeployment;Install-ADDSDomainController –NoGlobalCatalog:$False

–CreateDNSDelegation:$False –Credential (Get-Credential)

–CriticalReplicationOnly:$False –DatabasePath “C:\Windows\NTDS” –DomainName

“Contoso.com” –InstallDNS:$True –LogPath “C:\Windows\NTDS”

–NoRebootOnCompletion:$False –SiteName “Default-First-Site-Name” –SysVolPath

“C:\Windows\SysVol” }

TIP: You can use tab completion on all parameters to simplify typing.

3. When prompted for credentials, enter the username Contoso\Administrator and the password

Passw0rd!.

4. When prompted for a SafeModeAdministratorPassword, type Passw0rd!, and then press ENTER.

5. When prompted to confirm the SafeModeAdministratorPassword, type Passw0rd!, and then

press ENTER.

6. When prompted that the server will be configured as a domain controller, press Y, and then press

ENTER.

7. Wait for the command to complete, and then close the Windows PowerShell window.

Verify the new domain controller

In this step, you will verify that the new domain controller is deployed.


1. From the taskbar, maximize the Active Directory Sites and Services console you minimized in a

previous step.

2. Navigate to Sites/Default-First-Site-Name, and then click Servers.

3. Verify that you see DC, Server1 and Server2 as domain controllers.

TIP: You may need to press F5 to refresh the view.

4. Close Active Directory Sites and Services.




Exercise 2: Exploring Enhancements in Active Directory

Administrative Center

In this exercise, you will explore how Active Directory Administrative Center simplifies two common tasks:

management of the Active Directory Recycle Bin, and Password Settings. These two tasks previously

required the use of Windows PowerShell and did not include a built-in interface.

IMPORTANT: Leave Active Directory Administrator Center open. If you close it then the Windows

PowerShell history will not be available for a later task.

Create a user object in a new organizational unit

In this task, you will create a new user account in an organizational unit.


1. Open Server Manager, if not already open.

2. On the Tools menu, click Active Directory Administrative Center.

3. Navigate to contoso (local)\Managed-Objects.

4. In the Tasks pane, under Managed-Objects, click New, and then click Organizational Unit.

5. In Name, type Sales.

6. Clear the Protect from accidental deletion check box, and then click OK.

7. Open Sales.

8. Click New, and then click User.

9. Create a new user with the following properties, and then click OK.

Property Value

First Name Don

Last Name Hall

Full Name Don Hall

User UPN Logon DONHALL

Password Passw0rd!

Confirm Password Passw0rd!

Department Sales_APAC

Enable the Active Directory Recycle Bin

In this step, you will enable the Active Directory Recycle Bin.





1. In Active Directory Administrative Center, click Contoso (local).

2. On the Tasks menu, under Contoso (local), click Enable Recycle Bin, and then in the Enable

Recycle Bin Confirmation message box, click OK.

3. Click OK, and then press F5.

NOTE: Note the addition of the Deleted Objects container.

Delete and restore a user and an organizational unit

In this step, you will delete and restore a user and an organizational unit.


1. In Active Directory Administrative Center, navigate to Managed-Objects.

2. Right-click Sales, and then click Delete.

3. In the Delete Confirmation message box, click Yes.

4. In the Confirm Subtree Deletion dialog box, click Yes.

5. Navigate to Deleted Objects.

6. Click Don Hall, and then on the Tasks menu, click Locate Parent.

NOTE: It highlights the Sales OU, since it was the last parent OU.

7. Click Don Hall, and then on the Tasks menu, click Restore To.

8. In the navigation window, select Users, and then click OK.

9. Navigate to Contoso (local)\Users.

NOTE: Don Hall is now restored to the Users container.

Create password settings

In this step, you will create a new password settings object.


1. In Active Directory Administrative Center, navigate to Contoso(local)\System\Password

Settings Container.

2. On the Tasks menu, click New, and then click Password Settings.

3. In Name, type Domain User Password Requirements.

4. In Precedence, type 100.

5. Click Add.

6. In Select Users or Groups, type Domain Users, and then click OK.

7. Click OK.




8. Click New, and then click Password Settings.

9. In Name, type Domain Admin Password Requirements.

10. In Precedence, type 1.

11. In Minimum password length (characters), type 14.

12. Click Add.

13. In Select Users or Groups, type Domain Admins, and then click OK.

14. Click OK.

Validate the application of password settings

In this step, you will validate the application of password settings.


1. In Active Directory Administrative Center, click Global Search.

2. In Search, type Administrator, and then press ENTER.

3. Click Administrator, and then click View resultant password settings.

NOTE: The administrator now has a stronger password requirement.

4. Click Cancel.




Exercise 3: Working with Windows PowerShell History

In this exercise, you will explore how the Active Directory Administrative Center provides a history and

audit trail on all activities performed by providing the corresponding Windows PowerShell commands.

View Windows PowerShell History

In this step, you will review the recent actions recorded as Windows PowerShell commands.

1. In Active Directory Administrative Center, expand Windows PowerShell History.

NOTE: This is located on the bottom edge of the Active Directory Administrative Center console.

2. Scroll through and review the recent actions recorded as Windows PowerShell commands.

3. In Windows PowerShell History, click Start Task, and then type CreateOU.

4. Navigate to Contoso\Managed-Objects.

5. Under Managed-Objects, click New, and then click Organizational Unit.

6. In Name, type _Template.

7. Uncheck Protect from accidental deletion.

8. Click OK.

9. In Managed-Objects, right-click the _Template OU.

10. Click Properties.

11. Under Organizational Unit, in Country/Region, select Japan, and then click OK.

12. In Windows PowerShell History, click End Task.

Use Windows PowerShell History

In this step, you will use Windows PowerShell History to quickly create a new script.


1. Open Server Manager.

2. On the Tools menu, click Windows PowerShell ISE.

3. In Windows PowerShell ISE, maximize the window, and then expand the Script pane.

4. In Active Directory Administrative Center, in Windows PowerShell History, highlight CreateOU,

highlight the two script tasks below it, and then click Copy.

5. In Windows PowerShell ISE, click in the Show Script Pane.

6. On the Edit menu, click Paste.

7. Replace all instances of _Template with Japan.




IMPORTANT: Ensure that NewADorganizationalUnit is the first command used. If needed, switch the two

lines around.

13. On the File menu, click Run.

14. Switch to Active Directory Administrative Center, and then verify the creation of your new

Organizational Unit.

TIP: You may have to refresh the display.




Exercise 4: Using Windows PowerShell to manage Active

Directory

In this exercise, you will explore how Windows PowerShell can be used to manage Active Directory. You

will perform 3 tasks using the Active Directory Module for Windows PowerShell. You will create a new

Organizational Unit and move a user based on criteria into that Organizational Unit. You will then create a

new Active Directory site and move a domain controller into the new site.

Enable a user object in Active Directory

In this task, you will enable an existing Active Directory user object using Windows PowerShell.



2. On the Tools menu, click Active Directory Module for Windows PowerShell.

3. Type the following command, and then press ENTER.

↪ Get-Command *-AD*

NOTE: The full list of Active Directory cmdlets is listed. These are sourced from the Active Directory

module and the Active Directory deployment modules. These are the only installed modules currently;

however there are other modules available to manage Active Directory roles.


↪ Get-WindowsFeature

NOTE: The full list of available modules is listed. Scroll up to see the Active Directory modules, and the

additional Remote Server Administration Tools (RSAT) modules.

5. To browse the Active Directory domain using Windows PowerShell, type the following commands,

pressing ENTER after each one.

↪ CD AD:

↪ DIR| Format-Table –Auto

↪ CD “DC=Contoso, DC=Com”

↪ DIR

6. To list all objects in a container and then filter to only users, type the following commands,

pressing ENTER after each one.

↪ CD CN=Users

↪ DIR | FT –a

↪ Get-ADUser –Filter {name –like “*”}

NOTE: The built-in Guest account is showing as disabled.




7. To enable the built-in Guest account, type the following commands, pressing ENTER after each

one.

↪ Enable-ADAccount –Identity Guest

↪ Get-ADUser -Filter {name -like "*"} | Select DistinguishedName,

Enabled | Format-Table -Auto

NOTE: The Guest account is now enabled. Notice that Don Hall’s account is located in the Users

container after you recovered the account earlier.

Create a user object in a new organizational unit

In this task, you will create a new user account in an organizational unit using Windows PowerShell.

Perform this task logged on to DC as Contoso\Administrator with the password Passw0rd! with the

Active Directory Module for Windows PowerShell open from the previous task.


↪ New-ADOrganizationalUnit –Name “APAC” –Path “OU=Managed-Objects,

DC=Contoso, DC=Com”

↪ Get- ADOrganizationalUnit “OU=APAC,OU=Managed-Objects, DC=Contoso,

DC=Com” –Properties *

NOTE: The properties of the new Organizational Unit, located under Managed-Objects, are now

displayed.


↪ New-ADUser –Name “Mark Hassall” -SamAccountName "MarkHassall" -

GivenName "Mark" -Surname "Hassall" -DisplayName "Mark Hassall"

-Path “OU=APAC,OU=Managed-Objects, DC=Contoso, DC=Com” –Department

“Sales_APAC" -AccountPassword (Read-Host -AsSecureString

"AccountPassword")

3. When prompted for an AccountPassword, type Passw0rd!, and then press ENTER.

NOTE: This has now created a new user named Mark Hassall with the password of Passw0rd! in the

APAC OU.

Move an existing user object into an organizational unit

In this task, you will find and move all user accounts for the Sales_APAC Department into the APAC OU

using Windows PowerShell.







↪ Get-ADuser –Filter {Department –like “Sales_APAC”}

↪ Get-ADuser –Filter {Department –like “Sales_APAC”}|Move-ADObject

–Targetpath “OU=APAC,OU=Managed-Objects,DC=Contoso,DC=Com”

↪ Get-ADuser –Filter {Department –like “Sales_APAC”}

NOTE: Don Hall’s account no longer shows as it has moved from the Users container to the APAC OU.

2. Close Active Directory Module for Windows PowerShell.

Create a new Active Directory site and site links

In this task, you will create a new Active Directory site and then create site-replication links.





↪ Get-ADReplicationSite


↪ New-ADReplicationSite Sydney

↪ Get-ADReplicationSiteLink –filter *

NOTE: There is only a single Site Link, and it does not include the newly created Sydney site.


↪ New-ADReplicationSiteLink “Default-Sydney” –SitesIncluded Default-

First-Site-Name,Sydney –cost 100 –ReplicationFrequencyInMinutes 15

–InterSiteTransportProtocol IP

↪ Get-ADReplicationSiteLink –filter *

NOTE: The new site link has been created with a cost of 100 and a replication frequency of 15 minutes

using the IP protocol.

Move a domain controller into an Active Directory site

In this task, you will move the Server2 domain controller into the Sydney Active Directory site using

Windows PowerShell.




↪ Get-ADDomainController –Filter *| FT Hostname, Site




↪ Get-ADDomainController Server2 | Move-ADDirectoryServer –Site Sydney

↪ Get-ADDomainController –Filter *| FT Hostname, Site

NOTE: Server2 has moved from the Default-First-Site-Name site to Sydney.

Manage Active Directory replication

In this task, you will ensure that all the domain controllers are up to date by first listing the replication

partners, and then observing the up-to-dateness vector, and then listing any replication failures.




↪ Get-ADReplicationPartnerMetaData –target dc.contoso.com

↪ Get-ADReplicationPartnerMetaData –target server2.contoso.com

NOTE: The DC has multiple replication partners while Server2 only has one.


↪ Get-ADReplicationUpToDatenessVectorTable * | sort Partner, Server

|FT Partner, Server, UsnFilter

NOTE: The USNFilter values do not need to be exactly the same; however if they are significantly

different, this can indicate an issue with replication.


↪ Get-ADReplicationFailure Server2.contoso.com

↪ Get-ADReplicationFailure Server1.contoso.com

↪ Get-ADReplicationFailure DC.contoso.com

NOTE: Any replication failures would be listed after these commands. If there are no results returned,

then there have been no failures.




Exercise 5: Group Managed Accounts

In this exercise, you will learn how to create Group Managed Accounts. When a client computer connects

to a service which is hosted on a server farm using network load balancing (NLB) or some other method

where all the servers appear to be the same service to the client, then authentication protocols supporting

mutual authentication such as Kerberos cannot be used unless all the instances of the services use the

same principal. This means that each service has to use the same passwords/keys to prove their identity.

With Windows Server 2012, services or service administrators do not need to manage password

synchronization between service instances when using group Managed Service Accounts (gMSA). You

provision the gMSA in Active Directory, and then configure the service which supports Managed Service

Accounts.

Check domain prerequisites and configure for group Managed Service

Accounts

In this task, you will ensure that the forest functional level is Windows Server 2012, which is the key

requirement to create a group Managed Service Account, and then create the KDS Root key.




3. Navigate to contoso (local).

4. On the Tasks menu, under contoso (local), click Properties.

NOTE: The Forest Functional level is Windows Server 2012. The Active Directory schema in the gMSA

domain’s forest needs to be at the Windows Server 2012 version in order to create a gMSA.

5. Click Cancel.

6. Switch to Server Manager.


8. Type the following commands, pressing ENTER after each line.

↪ Add-KDSRootkey –EffectiveImmediately

↪ Add-KDSRootkey –EffectiveTime ((get-date).addhours(-10))

NOTE: The second command is to bypass a built in wait time of 10 hours. This is only supported in a lab.

In a production environment, the first command would be run and then the administrator would need

to wait for 10 hours before proceeding to ensure that replication has completed.




Create and configure a group Managed Service Account

In this task, you will create a new group Managed Service account, and then grant the domain controllers

group the ability to use it.


Active Directory Module for Windows PowerShell open.

1. In Active Directory Module for Windows PowerShell, type the following command, and then press

ENTER.

↪ New-ADServiceAccount –name gMSA_SQL –DNSHostName

gMSA_SQL.contoso.com –PrincipalsAllowedToRetrieveManagedPassword

“Domain Controllers”

2. Switch to Active Directory Administrative Center.

3. Navigate to contoso (local)/Managed Service Accounts.

NOTE: The newly created group Managed Service Account is displayed.

Install and configure a group Managed Service Account

In this task, you will install the Group Managed Service Account you created on the domain controller, and

then test that it works. While this step is not always needed, it is good practice to ensure that the account

works on the host you want to leverage it from.


Active Directory Module for Windows PowerShell open.

1. In Active Directory Module for Windows PowerShell, type the following command, and then press

ENTER.

↪ Install-ADServiceAccount gMSA_SQL

↪ Test-ADServiceAccount gMSA_SQL

NOTE: The value of true indicates that the gMSA_SQL account is active and able to be retrieved from the

host machine.

NOTE: To use the account to leverage for access as a Service Account, modify the logon credentials of

the service to use the account name, such as Contoso\gMSA_SQL, and a blank password.




Exercise 6: Preparing to Clone a Domain Controller

Windows Server 2012 introduced support for cloning a domain controller. There is now a VM-Generation-

ID unique identifier which is included as an additional attribute of a domain controller’s computer object

in Active Directory. When the domain controller starts Windows Server 2012, it looks for a mismatch

between the identifier on the virtual machine and the identifier on the domain controller’s object in Active

Directory. If there is a mismatch identified, then the latest RID pool and USN is then pushed to the domain

controller.

In this exercise, you will prepare a domain controller for cloning; however you will not be able to complete

the cloning process.

Authorize the source domain controller

In this task, you will add Server1 to a new Active Directory Group named Cloneable Domain Controllers.

This is the same group that the cloned domain controllers will be added to after cloning.




3. Navigate to contoso (local)/Users.

4. In the Users pane, select Cloneable Domain Controllers.

5. In Tasks, under Cloneable Domain Computers, click Properties.

6. In Cloneable Domain Controllers, click Members.

7. In Members, click Add.

8. In the Select, Users, Contacts, Computers, Service Accounts, or Groups dialog box, click Object

types, select Computers, and then click OK.

9. In Enter the object names to select, type Server1, and then click Check Names.

10. Click OK.

11. Click OK.

NOTE: After cloning the Server1 domain controller, it would be best practice to remove it from the

Cloneable Domain Controllers group.

Check for compatible services to clone

In this task, you will ensure that all the services on Server1 are compatible for cloning and generate an

XML file with any exclusions,

Perform this task logged on to Server1 as Contoso\Administrator with the password Passw0rd!




IMPORTANT: Make sure you switch the Server1 virtual machine.




↪ Get-ADDCCloningExcludedApplicationList

NOTE: The services displayed are currently excluded from the cloning process.


↪ Get-ADDCCloningExcludedApplicationList –GenerateXml

NOTE: If you see a dialog box with a message that the content is blocked, click Close to close the dialog

box.

NOTE: The CustomDCCloneAllowList.xml holds the additional services that will be included in the

cloning process. If you need to exclude any services, then edit the XML to remove their entries.

Configure setting for the cloned domain controller

In this task, you will create an XML file which will be used by the cloned domain controller when it first

boots.

Perform this task logged on to Server1 as Contoso\Administrator with the password Passw0rd!

with the Active Directory Module for Windows PowerShell open.

1. Type the following command, and the press ENTER.

↪ New-ADDCCloneConfigFile –IPv4Address 192.168.10.20

–IPv4DefaultGateWay 192.168.10.1 –IPv4SubnetMask 255.255.255.0

–IPv4DNSResolver 192.168.10.1 –Static –SiteName Sydney

–CloneComputerName DC2

NOTE: The settings that will be read by the new cloned domain controller on start are now displayed.

NOTE: In the lab environment, this is as far as the steps can be completed. The next steps to complete

the cloning process would be to shut down and export the virtual machine, import and rename the new

cloned virtual machine, and then power it on. On startup, the cloned DC will read and apply the

contents of the DCCloneConfig.xml file.


active directory windows server deployment and … directory deployment and management enhancements...

Documents