QUESTION 1

Sites are grouping of connected IP subnets that are used to efficiently replicate information among
domain controllers in an Active Directory. They are basically sub domains where a user in a subdomain is
delegated by the administrator to perform administrative roles within the specific subdomain.

Sites can contain servers and other objects related to Active Directory replication and are used to
manage replication.

Primarily used for slow WAN links, sites use site links to connect to one another. These site links are
there to define logical connection/paths between sites in an Active Directory and reflect bandwidth
available for communication between sites.

Replication in active Directory ensures that the data between domain controllers is still updated and
consistent. It is a very crucial service as it ensures that data changes in the domain controllers in a forest
is synchronized.

Replication has two types:

Intra-site replication- this replication type takes place between domain controllers within the same site.
When any changes are made to the replica of the active of any domain controller, that particular domain
controller contacts other domain controllers in the same site and checks its data against other the other
domain controllers’ then replicate it. It uses the Remote Procedure Call (RPC) to perform this replication.
This basically means that active directory data is synchronized between domain controllers within the
same site.

Inter-site replication-this replication type takes place between domain controllers in different sites and
it uses RPC over IP or SMTP to replicate data. They can be manually configured and takes place between
two bridgeheads. Here a change happens to one site and then it needs to be replicated to other sites.
QUESTION 2

In an Active Directory, Active Directory objects can be grouped using hierarchical tree structure which is
called a directory tree.

A tree is a logical collection of one or more domains that allow global resource sharing. A tree may
consist of a single domain or multiple domains in a contiguous namespace. Domains in a tree have a
two way transitive trust. This means that if Domain1 trusts Domain2 and Domain2 trusts Domain3, then
it means Domain1 trusts Domain3.

While a forest is at the top, and is a logical collection of domain trees that share a common global
catalog, directory schema, logical structure and directory configuration. Forest has automatic two way
transitive trust relationships (a two way relationship automatically created between parent and child
domain in a forest). The first domain created in a forest is called the forest root domain.

scenario

Plan an Active Directory namespace for an enterprise network, taking into account the existing network
structure and need for administrative boundaries. And based on the scenario below, state how you
would structure the Active Directory namespace for the new enterprise.

A company, Border.Inc is merging with another large company VodaLine. These companies wish to keep
their separate company identities and each one wishes to use its existing registered domain name on
the network. Border.Inc’s management also wants its two departments, administration and operations
to have complete administrative control over their network resources in all other domains for which
they have permissions.

N.B it is not necessary to form any explicit trusts.

ANSWER

The best option here is to create two domain trees- Border.Inc and VodaLine joined in a forest. By so
doing, we allow each company to keep its own identity with its own domain name while still creating a
two way transitive trust so that all users in all domains will still have access to resources in all others
provided they have user permissions.

Under the Border.Inc parent domain, create two child domains, admin.Border.Inc and ops.Border.Inc.
This creates administrative boundaries so the administrator of that particular department will have full
control over their department’s recourses.
QUESTION 3

According to (Svidergol 2013), Active Directory Lightweight Directory Services (AD LDS) is a feature in
Windows server 2012 that allows one to assist applications that are directory-enabled without the
restrictions of the Active Directory Domain Services. This means that the directory-enabled applications
are able to store and retrieve data without needing the dependency that AD DS requires.

AD LDS can be run on member-servers and on stand-alone servers.

AD LDS operates independently of Active Directory and Active Directory domains or forests. It operates
with replication or as a stand-alone data store. Its independence enables local control of directory
services. It also provides independent, flexible schemas and naming contexts.
QUESTION 4

Domain Name Service (DNS) is a service that allows one to resolve a hostname to an IP (internet
protocol) address. It basically allows for domain names to be translated into IP addresses (a logical
number that uniquely identifies a computer on the network) so that browsers can load internet
resources. This is because it is much easier for people to remember names than to remember names
and computers use IP addresses to access websites.

“It is therefore very important for a DNS server to present in an organization as a crucial component of
the internet as it is used to convert domain name to IP address and IP address to domain name. When a
person types the website name on the browser, it first checks the DNS server to perform name
resolution before fetching the requested web-page.” States Panek (2013).

CONFIGURING DNS SERVER

Open server manager

>click add roles and features link

>on selection type page, select role-based or feature-based installation and click next

> Click the Select a Server from the Server Pool radio button, and choose the server under the Server
Pool section. Click Next

> Click the DNS Server Item in the Server Role list

> On the Add Features page, click Next

>Click Next on the DNS Server information screen

> choose the Restart The Destination Server Automatically If Required check box and then click the
Install button

>At the Installation progress screen, click Close after the DNS server is installed.
QUESTION 5

Group Policy in Windows in Windows Server 2012 is a feature that controls working environment of user
accounts and computer accounts. It provides centralized management that allows administrators to
configure operating systems, applications and users’ settings in an Active Directory environment. This
means that administrator controls what users can and cannot do on a computer system.

(Pintello, 2015) explains that this can be done by enforcing password complexity which prevents users
from any simple password of their choice. This is done in order to prevent unidentified users from
accessing the network share from remote computers. This may also restrict users from accessing certain
folders.

An administrator can do all this from a central point and customize all user settings and restrict the
actions they can perform.

Implementation steps:

Click the Windows button and choose Administrative Tools Group Policy Management. The
Group Policy Management tool opens.

2. Expand the Forest, Domains, your domain name, and North America containers. Right click
the Corporate OU, and then choose Create A GPO In This Domain, And Link It Here.

3. When the New GPO dialog box appears, type Warning Box in the Name field. Click OK.

4. The New GPO will be listed on the right side of the Group Policy Management window. Right-
click the GPO, and choose Edit.

5. In the Group Policy Management Editor, expand the following: Computer

Configuration Policies Windows Settings Security Settings Local Policies
Security Options. On the right side, scroll down and double-
click Interactive Logon: Message Text For Users Attempting To Log On.

6. Click the box labeled Define This Policy Setting In The Template. In the text box, type
Unauthorized use of this machine is prohibited and then click OK. Close the GPO, and return
to the GPMC main screen.

7.Under the domain name (in the GPMC), right-click Group Policy Objects and cho
REFERENCE LIST

Svidergol, B.(2013) Active Directory Cookbook. 4th Ed. United States: O’Reilly Media.

Panek, W. (2013) MCSA Windows Server 2012 Complete Study Guide. 1st Ed. New Jersey: Sybex.

Pintello, T. (2015) Windows Server 2012: Create and Manage Group Policy. Linked.com.