Information Technology Reference
In-Depth Information
1. Log on to
Server1XX
as Administrator.
2. Click
Start
, type
dcpromo
in the Start Search text box, and press
Enter
. When the Active
Directory Domain Services Installation Wizard starts, click
Next
.
3. In the Delete the Domain window, make sure the
Delete the domain
check box is
not
selected, and then click
Next
.
4. If you see the Remove DNS Delegation window, click
Next
. When prompted for credentials
to remove the DNS delegation, enter
Administrato
r for the username and
Password01
for
the password, and then click
OK
.
5. In the Administrator Password window, type
Password02
in the Password and Confirm
password text boxes. Note that this password is used to log on to the local computer because
this server is no longer a domain controller. Click
Next
.
6. In the Summary window, verify your selections. Note that the server becomes a member
server after this process is completed. Click
Next
.
7. If you get a message stating that the DNS delegations couldn't be removed, click
OK
. When the
wizard has completed, click
Finish
. When prompted to restart the computer, click
Restart Now
.
8. After your computer restarts, log on to the domain as Administrator with
Password01
, and
open Server Manager.
9. Click the
Roles
node in the left pane, and then click
Remove Roles
in the right pane. In the
Remove Roles Wizard's welcome window, click
Next
.
10. In the Remove Server Roles window, click to clear the
Active Directory Domain Services
check box, and then click
Next
. In the Confirm Removal Selections window, click
Remove
.
When the removal is complete, click
Close
. When prompted to restart, click
Yes
.
11. After the computer restarts, log on to the domain from Server1XX as Administrator. The
removal of Active Directory Domain Services continues. When it's finished, click
Close
.
12. Next, you should remove the DNS Server role. Because Server1XX is no longer a domain
controller, DNS contains no Active Directory-integrated zones. Click
Remove Roles
, and
then click
Next
.
13. Click to clear the
DNS Server
check box, and then click
Next
. Click
Remove
. When the
removal is finished, click
Close
. When prompted to restart, click
Yes
.
14. After the computer restarts, log on to the domain from Server1XX as Administrator. The
removal of DNS Server continues, and when it's finished, click
Close
.
15. Now you must change the DNS server address in Server1XX's IP configuration. Change the
preferred DNS server in the TCP/IP properties of the Local Area Connection to
192.168.100.2XX
(the address of ServerXX).
16. Stay logged on and leave Server Manager open for the next activity.
AD CS is installed in Server Manager by adding the AD CS role. During installation, you have
several options, and your selections depend on how the CA will be used in your network. What's
the name of your CA? Is it the root CA or a subordinate CA? Is it an enterprise or standalone CA?
Will the CA issue certificates to users and devices or to other CAs? Keep in mind that many of the
selections you make, including the CA name, can't be changed after AD CS is installed.
11
Activity 11-2: Installing the AD CS Role
Time Required:
20 minutes
Objective:
Install the AD CS role.
Description:
You want to set up a PKI on your network to augment security. You have researched AD
CS and decided to install that server role on a member server and configure it as an enterprise CA.
1. Log on to
Server1XX
as Administrator and open Server Manager, if necessary.
2. Click the
Roles
node in the left pane and click
Add Roles
in the right pane to start the Add
Roles Wizard. Click
Next
in the welcome window.
Search WWH ::
Custom Search