Information Technology Reference
In-Depth Information
6. In the Master DNS Servers window, type the IP address of Server1XX (
192.168.100.1XX
)
and press
Enter
. Click
Next
, and then click
Finish
.
7. In DNS Manager, click to expand
Forward Lookup Zones
, if necessary, and then double-click the
w2k8ad1XX.com
zone to verify that SOA, NS, and A records are present. Close DNS Manager.
8. To test the stub zone, open a command prompt window, type
nslookup w2k8ad1XX.com
,
and press
Enter
. The IP addresses of all DNS servers for the w2k8ad1XX.com domain are
displayed. Close the command prompt window.
9. Log on to
Server1XX
as Administrator, if necessary.
10. Open DNS Manager. Click to expand the server node, and then click to select
Conditional
Forwarders
. Right-click
Conditional Forwarders
and click
New Conditional Forwarder
.
11. In the New Conditional Forwarder dialog box, type
W2k8adXX.com
in the DNS Domain
text box. Then click
<Click here to add an IP Address or DNS Name>
, type
192.168.100.1XX
, and press
Enter
. (If you had multiple DNS servers that should get a copy
of the conditional forwarder record, you would click the “Store this conditional forwarder
in Active Directory and replicate it as follows” check box.) Click
OK
.
If you get an error message that the IP address isn't authoritative for the
zone, wait a few minutes, and then come back to this dialog box. Usually,
the wait clears the error message.
12. To test your forwarder, open a command prompt window, type
nslookup w2k8adXX.com
,
and press
Enter
. The IP addresses of all DNS servers for w2k8adXX.com are displayed.
13. Close the command prompt window. Stay logged on to both servers for the next activity.
Activity 10-7: Testing Access Between Untrusting Forests
Time Required:
10 minutes
Objective:
Test access between two forests before creating a trust.
Description:
You plan to create a forest trust between w2k8adXX.com and w2k8ad1XX.com,
but first, you want to see what happens when you try to access resources across forests.
1. Log on to
Server1XX
as Administrator, if necessary.
2. Click
Start
, type
\\ServerXX.w2k8adXX.com
in the Start Search text box, and press
Enter
.
3. You should see a Connect to dialog box asking for your username and password. Type
admin-
istrator
and
Password02
, and then click
OK
. The logon should be unsuccessful. Without a
trust between the two forests, you can't log on to a domain in the other forest. Click
Cancel
.
4. Try to access the server again by clicking
Start
, typing
\\ServerXX.w2k8adXX.com
in the
Start Search text box, and pressing
Enter
.
5. In the Connect to dialog box, type
w2k8adXX.com\Administrator
and
Password01
for the
password, and then click
OK
. You're trying to log on with credentials from the other domain.
This logon should be successful, and a list of shares available on the server should be displayed.
6. When no forest trust exists, you can still access a domain in another forest, but you need the
logon credentials of a user in this domain. The trust precludes the need for credentials in
multiple domains. Close all open windows.
7. Log off both servers to clear the existing connection between the two domains.
Activity 10-8: Creating a Forest Trust
Time Required:
10 minutes
Objective:
Create a forest trust.
Description:
Now that you have DNS set up between the two forests, you can create the forest
trust.
Search WWH ::
Custom Search