To the Instructor: These Labs Make Some Assumptions About the Computers That Are Available

To the Instructor: These Labs Make Some Assumptions About the Computers That Are Available

0782144519 Ancillaries

Windows Server 2003 Active Directory Planning, Implementing, and Maintenance Study Guide (70-294), Second Edition

Lab Exercises

Instructor: Plan ahead to have your students install all the features needed for labs you want to assign, as well as those you will use for your own demonstrations. All of the labs are written such that they may be copied and handed directly to the students to perform. If any of the labs do not correspond with the environment available to you, skip those labs and utilize only the ones your students can execute.

Chapter 1: Overview of the Active Directory

Lab 1: Look for Successful Implementations

In this exercise, you will look at case studies for successful implementation of Microsoft Windows Server 2003. This exercise requires Internet access.

1.Open Internet Explorer and go to the Windows Server 2003 site at

2.Click on Product Information.

3.Scroll down the options and choose Case Studies, then choose All Windows Server 2003 Case Studies.

4.Per any other instructions from your instructor, choose at least five cases from those presented. Analyze the cases and determine why Windows Server 2003 was the right operating system to install in that environment.

Chapter 2: Planning and Installing the Active Directory

Lab 2: View the Complete List of Top-Level Domains

In this exercise, you will view the complete listing of top-level domains. This exercise requires Internet Explorer and Internet connectivity.

1.Open Internet Explorer.

2.Go to .

3.Choose Top-Level Domains (TLDs).

4.Read the text and view the TLDs in the list.

5.Go back to the home page. Choose Country-Code Top-Level Domain Resource Materials and read the text there.

Lab 3: Work with nslookup

In this exercise, you will run the nslookup utility in interactive mode and become more familiar with it.

1.Open a command prompt.

2.At the command line, enter nslookup.

3.At the interactive prompt, type help.

4.View the list of possibilities.

5.Enter the name of a server and view the results.

6.Enter the command ls.

7.You should now see the addresses within the domain. Enter the commandexit.

Lab 4: Work with WHOIS

This lab demonstrates how to use the WHOIS search to see what names are available. It requires Internet access.

1.Open Internet Explorer.

2.Go to

3.Beneath WHOIS, enter Sybex.com.

4.Notice the detailed information, including the status and name server.

5.Enter a series of random keystrokes, and add .com on the end to see the results when the domain is available.

Lab 5: Convert to NTFS

In this exercise, you will convert a FAT or FAT32 partition to NTFS, without data loss. To do this exercise, you must have a FAT/FAT32 partition on the existing workstation.

1.Open a command prompt.

2.At the command line, enter convert C: /fs:ntfs.

3.Follow the prompts to complete the conversion.

Lab 6: Use PING to Test the Network Connectivity

In this exercise, you will use the PING utility to test network connectivity from the host.

1.Open a command prompt.

2.Enter the command ping 127.0.0.1.

3.You’ll see a display of echo responses from the loopback address. When it’s completed, enter the command ping w.x.y.z, where w.x.y.z is the IP address currently in use on your host.

4.Enter the command ping a.b.c.d,where a.b.c.d is the IP address of your default gateway.

5.Enter the command ping e.f.g.h,where e.f.g.h is the IP address of a neighboring host.

6.Enter the command ping name,where name is the name of the remote host that you earlier pinged by IP address.

Upon completion of these steps, you will have verified that connectivity exists and name resolution is working properly.

Lab 7: Use TRACERT to Test the Network Connectivity

In this exercise, you will use the TRACERT utility in place of PING to test network connectivity from the host and see the route that data is taking.

1.Open a command prompt.

2.Enter the command tracert w.x.y.z, where w.x.y.z is the IP address currently in use on your host. The response should be almost immediate; you can see that there was not truly a route taken in order to go from your machine back to your machine.

3.Enter the command tracert a.b.c.d, where a.b.c.dis the IP address of your default gateway.

4.Enter the command tracert e.f.g.h,where e.f.g.h is the IP address of a neighboring host.

5.Enter the command tracert i.j.k.l,where i.j.k.l is the IP address of a remote host on another network. Not only will you see that the host is accessible, but also the path that is taken to reach that host.

Lab 8: Use PATHPING to Test the Network Connectivity

In this exercise, you will use the PATHPING utility to test network connectivity from the host and see the route that is taken.

1.Open a command prompt.

2.Enter the command pathping 127.0.0.1.

3.A display of echo responses from the loopback address appears. When it’s completed, enter the command pathping w.x.y.z, where w.x.y.z is the IP address currently in use on your host.

4.Enter the command pathping a.b.c.d, where a.b.c.d is the IP address of your default gateway.

5.Enter the command pathping e.f.g.h,where e.f.g.h is the IP address of a neighboring host.

6.Enter the command pathping i.j.k.l,where i.j.k.lis the IP address of a remote host on another network. Not only will you see that the host is accessible, but also the path that is taken to reach that host. This combines the best of PING with the best of TRACERT.

Lab 9: Configure Log File Properties

This lab illustrates how to set the parameters on a log file.

1.Open Event Viewer and right-click the System Log. Choose Properties from the pop-up menu.

2.Set the properties of the log to “Overwrite events as needed,” and double the amount of room currently allocated for the log.

3.From the command line, search for files that end in .evt. Enterdir c:\*.evt /s. Files found are the event log files: System (SysEvent.evt), Applications (AppEvent.evt), and Security (SecEvent.evt).

Lab 10: Edit the HOSTS file

In this lab, you will edit the HOSTS file, which can be used in place of DNS for name resolution..

1.Open a command prompt.

2.Enter the command ping sybexbooks.An error message will tell you that the host is unknown.

3.Start a text editor of your choice.

4.Open the file HOSTS in the \Windows\System32\drivers\etc folder.

5.The last line of the file should identify the loopback address; it will look something like this:

127.0.0.1 localhost

Move to one space past this entry and add sybexbooks such that the line now reads

127.0.0.1 localhost sybexbooks

Note: Make sure that no pound character (#) appears in this line.

6.Enter the command ping sybexbook. The echo messages from the local host should now appear.

Chapter 3: Installing and Managing Trees and Forests

There are no additional labs for this chapter. Be sure to do all the labs within the chapter.

Chapter 4: Configuring Sites and Managing Replication

Lab 11: Explore Your TCP/IP Configuration

In this exercise, you will check to see if TCP/IP is configured and the values that are currently in use.

1.From the Start menu, choose Control Panel, and then Network Connections, Local Area Connection.

2.The General tab showing the status of the network connection will be open. Click the Support tab.

3.Observe the IP address and subnet values currently in use.

4.Click the Details button to see information on the DNS and WINS servers.

5.Click Close and exit the interface.

Lab 12: Examine the Configuration from the Command Line

In this exercise, you will use the IPCONFIG utility and examine how TCP/IP is configured from the command line.

1.From the Start menu, choose Command Prompt.

2.At the command prompt, type IPCONFIG.

3.Note the IP address and subnet values.

4.At the command prompt, type IPCONFIG /ALL.

5.In addition to the IP address and subnet values, notice that you now also see values for DNS and WINS configuration.

Lab 13: Changing System Monitor Views

This lab demonstrates the different views available within System Monitor.

1.Start System Monitor and notice that it loads with a default of three objects being monitored.

2.From the command line, do a directory listing of the hard drive (dir /s) to create some activity, and notice how it looks within System Monitor.

3.Change to Histogram view by clicking the Histogram View button on the toolbar.

4.Switch to Report view and repeat the process.

Lab 14: Create an Alert

This lab will illustrate how Windows Server 2003 can monitor its operations and send an alert when thresholds are exceeded.

1.Open the System Monitor tool, and expand Performance Logs and Alerts.

2.Right-click Alerts and click New Alert Settings.

3.Name the alert Test1.

4.In the General tab, track the Network Interface > Bytes Total/Sec counter. Set an Alert when the value is over 100 with a sample of once per second.

5.In the Action tab, enter net send computername Network activity over 100 (replacing computernamewith the name of your computer).

6.Right-click the new alert and start it from the shortcut menu. Have a partner ping your IP address, or connect to one of your shared folders and copy a file from it. The alert should be triggered.

Chapter 5: Administering the Active Directory

There are no additional labs for this chapter. Be sure to do all of the labs within the chapter.

Chapter 6: Planning Security for Active Directory

Lab 15: Create a Local Policy

This lab demonstrates how to create a local policy requiring passwords to be 8 characters long.

1.From the Start menu, choose Run.

2.Enter gpedit.msc.

3.Under Computer Configuration, expand Windows Settings, Security Settings, and Account Policies.

4.Choose Password Policy and double-click on the option Minimum Password Length.

5.The default value is 0. Change this to 8, choose OK and exit the console.

Lab 16: Test Password Configuration Settings

This lab illustrates how to test password configuration settings that were set in Lab 15.

1.From the Start menu, choose Administrative Tools Computer Management Local Users and Groups.

2.Choose Users and add a new user. Use your own username and information.

3.Uncheck the box User Must Change Password at Next Logon.

4.In both of the password boxes, enter walker and click the Create button.

5.An error message tells you that the password does not meet the minimum length requirements. Change the password to jameswalker in both boxes and click Create. This time, the user will be added without any errors.

Lab 17: Test User Account Naming Rules

This lab illustrates the rules for naming user accounts.

1.From the Start menu, choose Administrative Tools Computer Management Local Users and Groups.

2.Choose Users and add a new user. Try to create another user using your own username and information.

3.When you click Create, an error will tell you that the username is already in use.

4.Exit the User Accounts without saving your changes.

Lab 18: Validate a Policy with SECEDIT

In this exercise, you will validate a security policy from the command line with the SECEDIT.EXE utility.

1.From the Start menu, choose Command Prompt.

2.Move to the security\templatesfolder under Windows on the root drive.

3.Typesecedit /validate hisecws.inf. A message will report that the template file is validated.

4.Enter copy hisecws.inf emmett.inf.

5.Type secedit /validate emmett.inf. A message will report that the template file is validated.

6.Start a text editor of your choice and open the emmett.inf file.

7Near the top of the file will be the variable $Chicago$. Change this to $Ballpoint$, then save and exit the file.

8.Type secedit /validate emmett.inf. A message will indicate that the file is corrupt and should not be used.

Lab 19: Refresh a Computer Policy

In this exercise, you will refresh a computer policy from the command line. The book illustrates that this can be done with SECEDIT using the /refreshpolicy switch, but that is no longer possible. This exercise illustrates the method by which a policy is now refreshed in Windows Server 2003.

1.From the Start menu, choose Command Prompt.

2.Type gpupdate. A message reports that both the computer policy and the user policy have been refreshed.

Lab 20: Export the Current Security Settings

In this exercise, you will use the SECEDIT utility to export the current configuration to a template file that can be used should the current settings ever need to be reapplied.

1.From the Start menu, choose Command Prompt.

2.Enter the command secedit /export /CFG sybex.inf. A message indicating that the sybex.inf file does not exist should appear.

3.Enter the command type sybex.inf. View the newly created template.

Chapter 7: Active Directory Optimization and Reliability

Lab 21: Terminate a Runaway Application

This lab shows how to terminate a runaway application and prevent it from further utilizing resources.

1.Launch the Notepad program. Imagine that it is a runaway and won’t close by normal methods.

2.Right-click on a blank space on the taskbar and choose Task Manager from the pop-up menu.

3.Locate the entry for Notepad in the Applications tab, and select it.

4.Click End Task.

5.Notice that the Notepad Window closes.

Lab 22: Add Verbose Details to Certificate Service Events

Events from Certificate Services are written to the Application log (which can be viewed with Event Viewer). This lab illustrates how to add verbose details to events written to the Application log. This is useful for troubleshooting.

1.From the Start menu, choose Command Prompt.

2.At the command line, enter net stop certificate.

3.At the command line, enter certutil –setreg ca\loglevel 4.

4.Enter net start certificate.

Chapter 8: Planning, Implementing, and Managing Group Policy

Lab 23: Use GPRESULT

This lab illustrates how to use GPRESULT.EXE to get RSoP information from the command line.

1.From the Start menu, choose Command Prompt.

2.At the command line, enter gpresult. Notice the items calculated and displayed.

3.At the command line, enter gpresult /v. You can see that turning on the verbose mode provides considerably more information.

Lab 24: Use GPRESULT to Obtain Machine Information

The chapter discusses using the /SCOPE MACHINE switch with GPRESULT.EXE, but this is not supported in Windows Server 2003. This lab illustrates how to use GPRESULT.EXE to get RSoP information about the machine from the command line.

1.From the Start menu, choose Command Prompt.

2.At the command line, enter gpresult /scope computer. The display is limited to the computer.

3.At the command line, enter gpresult /scope user. Notice that the display is now limited to users.

Chapter 9: Software Deployment Through Group Policy

Lab 25: Map a Network Drive from the Command Line

In this exercise, you will use the net use commands to map a network drive on a server from the command line in Windows Server 2003.

1.From the Start menu, choose Command Prompt.

2.At the command line, enter net share. You’ll see a list of shares available on your host. Those ending with a dollar sign ($) are hidden shares, one of which should exist for each drive (C$, D$, etc.).

4.Assuming that you do not have a drive X:, enter the command net use x: \\server\C$, where server is the name of your server.

5.Switch to the X: drive and do a directory listing to confirm that you have just mapped C: to X:.

Lab 26: Break a Map from the Command Line

In this exercise, you will use the net use commands to remove a network map from the command line in Windows Server 2003. You must have already finished Lab 25 before attempting this lab.

1.From the Start menu, choose Command Prompt.

2.At the command line, enter net use.

3.You should now see a list of network connections, and in that list drive X: is mapped to \\server\C$, where serveris the name of your server.

4.Switch to the C: drive and enter the command net use x: /delete.

5.Attempt to switch to the X: drive and do a directory listing. An error will state that the system cannot find the drive specified.

6.At the command line, enter net use. Verify that the map no longer appears.

Lab 27: See What Shared Connections Are in Use

This lab must be done on a computer that has a shared folder and users who are accessing it.

1.From the Start menu, choose Administrative Tools Computer Management.