Information Technology Reference
In-Depth Information
1. Log on to Server1XX as Administrator.
2. Click Start , type dcpromo in the Start Search text box, and press Enter . When the Active
Directory Domain Services Installation Wizard starts, click Next .
3. In the Delete the Domain window, make sure the Delete the domain check box is not
selected, and then click Next .
4. If you see the Remove DNS Delegation window, click Next . When prompted for credentials
to remove the DNS delegation, enter Administrato r for the username and Password01 for
the password, and then click OK .
5. In the Administrator Password window, type Password02 in the Password and Confirm
password text boxes. Note that this password is used to log on to the local computer because
this server is no longer a domain controller. Click Next .
6. In the Summary window, verify your selections. Note that the server becomes a member
server after this process is completed. Click Next .
7. If you get a message stating that the DNS delegations couldn't be removed, click OK . When the
wizard has completed, click Finish . When prompted to restart the computer, click Restart Now .
8. After your computer restarts, log on to the domain as Administrator with Password01 , and
open Server Manager.
9. Click the Roles node in the left pane, and then click Remove Roles in the right pane. In the
Remove Roles Wizard's welcome window, click Next .
10. In the Remove Server Roles window, click to clear the Active Directory Domain Services
check box, and then click Next . In the Confirm Removal Selections window, click Remove .
When the removal is complete, click Close . When prompted to restart, click Yes .
11. After the computer restarts, log on to the domain from Server1XX as Administrator. The
removal of Active Directory Domain Services continues. When it's finished, click Close .
12. Next, you should remove the DNS Server role. Because Server1XX is no longer a domain
controller, DNS contains no Active Directory-integrated zones. Click Remove Roles , and
then click Next .
13. Click to clear the DNS Server check box, and then click Next . Click Remove . When the
removal is finished, click Close . When prompted to restart, click Yes .
14. After the computer restarts, log on to the domain from Server1XX as Administrator. The
removal of DNS Server continues, and when it's finished, click Close .
15. Now you must change the DNS server address in Server1XX's IP configuration. Change the
preferred DNS server in the TCP/IP properties of the Local Area Connection to
192.168.100.2XX (the address of ServerXX).
16. Stay logged on and leave Server Manager open for the next activity.
AD CS is installed in Server Manager by adding the AD CS role. During installation, you have
several options, and your selections depend on how the CA will be used in your network. What's
the name of your CA? Is it the root CA or a subordinate CA? Is it an enterprise or standalone CA?
Will the CA issue certificates to users and devices or to other CAs? Keep in mind that many of the
selections you make, including the CA name, can't be changed after AD CS is installed.
11
Activity 11-2: Installing the AD CS Role
Time Required: 20 minutes
Objective: Install the AD CS role.
Description: You want to set up a PKI on your network to augment security. You have researched AD
CS and decided to install that server role on a member server and configure it as an enterprise CA.
1. Log on to Server1XX as Administrator and open Server Manager, if necessary.
2. Click the Roles node in the left pane and click Add Roles in the right pane to start the Add
Roles Wizard. Click Next in the welcome window.
Search WWH ::




Custom Search