The Real MCTS/MCITP Exam 70-648 Prep Kit: Independent and Complete Self-Paced Solutions

trouble.

Chapter 1

MCTS/MCITP Exam 648: Deploying Servers

Exam objectives in this chapter:

■ Installing Windows Server 2008

■ The Windows Deployment Service

■ Configuring Storage

■ Configuring High Availability

■ Configuring Windows Activation

Exam objectives review:

☑ Summary of Exam Objectives

☑ Exam Objectives Fast Track

☑ Exam Objectives Frequently Asked Questions

☑ Self Test

Introduction

After you learn that Microsoft has released a new server operating system, it is only natural to want to learn everything there is to know about this new product and its new technologies. The extensive lengths that were taken to integrate more security into a product already established in the market are evident. Gathering information about an operating system is relatively easy, and learning how to integrate such a technology into an existing or new organization has proven rather easy to achieve as well.

Computer and network security is of paramount importance for companies in the global marketplace, and a large percentage of these companies have Microsoft infrastructures in place, including domain controllers (DCs), Exchange servers, and Vista and XP workstations. A Windows server provides a number of useful functions in a company’s network infrastructure.

This chapter covers how an individual or group can achieve the aptitude needed to implement and maintain the desired deployment required by the organization. With the new certification track Microsoft has implemented, individuals can prove their skills in much more detail in the marketplace.

Installing Windows Server 2008

For any computer to function, it needs an operating system, also known as the network operating system (NOS), which is used to describe a server operating system. To decide which software you will need as your NOS, you will need to examine and consider scalability, security, and stability. Windows Server 2008 meets all of these requirements on different levels.

Installing the server operating system on a new server might seem like a daunting task to any system administrator, especially if it’s a newly released OS with many new features. Having the skill to install a server OS is sometimes not enough. The planning and preparation stage is vital to a successful rollout. Any experienced system administrator will know that spending enough time in the planning phase of a new OS rollout and making the installation procedure simplified and well laid out will not only standardize organization server OS configurations, but also make the task of rolling out a new server infrastructure much easier, even when it involves upgrading an existing infrastructure.

The overall IT life cycle (from the beginning to the end) of an OS or infrastructure solution may be large or small. Using Microsoft Solutions Framework (MSF) and Microsoft Operations Framework (MOF), here are the four steps required to create and operate the new solution (or change to an existing one) in a production environment:

■ Plan Understand the business requirements to create the right solution. This includes the features and settings due to be implemented.

■ Build Complete the features and components set out in the planning phase using the appropriate development tools and processes.

■ Deploy Deploy into the production environment using strong release management processes.

■ Operate Maintain operational excellence.

Understanding the need for documenting, assessing the impact of, and reviewing changes in an IT environment is at the heart of standardizing and communicating such a solution.

Changes in Functionality from Windows Server 2003 with SP1 to Windows Server 2008

Microsoft introduced many new features and technologies in the Windows Server 2008 operating system, as well as improved some existing features. These additions and changes will help to increase security and productivity and reduce administrative overhead. The following paragraphs describe some of these features and technologies.

Active Directory Certificate Services (AD CS) provides customizable services for creating and managing public key certificates when employing public key technologies. Security is enhanced by binding the identity of a person, device, or service to a corresponding private key. The following are improvements made in AD CS functionality:

■ Online Certificate Status Protocol support (online responders and responder arrays)

■ Network Device Enrollment Service (NDES is now part of the OS)

■ Web enrollment (new enrollment control)

■ Policy settings (new policy stores added)

■ Restricted Enrollment Agent (limiting permissions for users enrolling smart card certificates on behalf of other users)

■ Enterprise PKI (PKIView) (monitors the health of certificate authorities [CAs] in the public key infrastructure [PKI] and supports Unicode character encoding

Active Directory Domain Services (AD DS) stores information about users, computers, and other devices on the network. AD DS is required to install directory-enabled applications. The following are improvements made in AD DS functionality:

■ Auditing (log value changes that are made to AD DS objects and their attributes)

■ Fine-grained password policies (functionality to assign a special password and account lockout policies for different sets of users)

■ Read-only DCs (hosts a read-only partition of the AD DS database)

■ Restartable AD DS (can be stopped so that updates can be applied to a DC)

■ Database mounting tool (compare different backups, eliminating multiple restores)

■ User interface improvements (updated AD DS Installation Wizard)

Active Directory Federation Services (AD FS) is used to create extensible and scalable solutions that can operate across multiple platforms, including Windows and non-Windows environments, for secure identity access. Federation Services was first introduced with Windows Server 2003 R2 and is now included in Microsoft Windows Server 2008 as a server role. New functionality includes improved installation and improved application support.

Active Directory Lightweight Directory Services (AD LDS) is a Lightweight Directory Access Protocol (LDAP) directory service. It eliminates dependencies that are required for AD DS by providing data storage and retrieval for directory-enabled applications. AD LDS replaces Active Directory Application Mode (ADAM) for previous versions of Windows.

Active Directory Rights Management Services (AD RMS) includes features not available in Microsoft Windows RMS. Windows RMS was available for Windows Server 2003 and was used to restrict access to rights-protected content to files made by RMS-enabled applications. The added features were incorporated to ease administrative overhead of AD RMS and to extend use outside the organization. New features include:

■ AD RMS is now a server role

■ Microsoft Management Console (MMC) snap-in

■ Integration with AD FS

■ Self-enrollment of AD RMS servers

■ The ability to delegate responsibility with new AD RMS administrative roles

Server Manager is a single source for managing identity and system information, managing server status, identifying problems with server role configuration, and managing all roles installed on the server. It replaces the Manage Your Server, Configure Your Server, and add or Remove Windows Components feature in Windows Server 2003.

The Server Core is a minimal environment. This option limits the roles that can be performed; however, it can improve security and reduce the management and installation footprint.

The Application Server Role is an expanded role and integrated environment for running custom, server-based business applications. Typically, deployed applications running on the Application Server take advantage of Internet Information Services (IIS), the Hypertext Transfer Protocol (HTTP), the .NET Framework, ASP.NET, COM +, message queuing, and Web services that are built with Windows Communication Foundation (WCF).

The Terminal Services Role enables users to access Windows-based programs that are installed on the terminal server.

Terminal Services Core Functionality offers users the following features:

■ Remote Desktop Connection 6.1

■ Plug and Play Device redirection for media players and digital cameras

■ Microsoft Point of Service for .NET 1.11 device redirection

■ Single sign-on

Terminal Services also includes the following enhancements and improvements:

■ Terminal Services printing has been enhanced with the addition of the Terminal Services Easy Print printer.

■ Terminal Services RemoteApp allows access to Windows-based programs from any location, provided that the new Remote Desktop Connection (RDC) client is installed.

■ Terminal Services Web Access makes Terminal Services RemoteApp programs and provides users with the ability to connect from a Web browser to a remote desktop of any server or client.

■ Terminal Services Licensing includes the ability to track Terminal Services per User CALs.

■ Terminal Services Gateway allows remote users to connect to resources on an internal corporate network using the Remote Desktop Protocol (RDP) over HTTP.

■ Terminal Services Session Broker runs session load balancing between terminal servers.

■ Microsoft Windows System Resource Manager provides the functionality to set how CPU and memory resources are assigned to applications, services, and processes.

The Print Services Role Server manages integration with Print Services. The DNS Server Role has the following improvements:

■ Background zone loading (the domain name system [DNS] server can respond to queries while the zone is loading)

■ Support for IPv6 addresses (full support for IPv6 [128 bits long] and IPv4 [32 bits long])

■ Read-only DC support (the read-only DC [RODC] has a full read-only copy of any DNS zones)

■ GlobalNames zone (commonly used to map a canonical name [CNAME] resource record to a fully qualified domain name [FQDN])

■ Global Query block list (prevents DNS name hijacking)

The Fax Server Role replaces the fax console. The File Services Role helps to manage storage and shared folders, as well as enable file replication and fast file searching. The following list describes changes in functionality:

■ Distributed File System New functionality includes access-based enumeration, cluster support, replication improvements, and support for read-only DCs.

■ File Server Resource Manager Enforces storage limits on folders and volumes, and offers the ability to prevent specific file types and to generate storage reports.

■ Windows Server Back-up Offers improvements in backup technology, restoration, application recovery, scheduling, and remote administration.

■ Services for the Network File System Offers the ability to share files between Windows and UNIX environments. New functionality includes Active Directory lookup, 64-bit support, enhanced server performance, special device support, and enhanced UNIX support.

■ Storage Manager for SANs This is an optional feature in Windows Server 2008.

■ New Transactional NTFS and the Transactional Registry

■ New Self-Healing NTFS No requirement for offline Chkdsk.exe usage.

■ New Symbolic Linking This is a file system object pointing to another file system object.

The Network Policy and Access Services (NPAS) provides deployment of virtual private network (VPN), dial-up networking, and 802.11-protected wireless access and is a new set of operating system components. NPAS includes the following functions:

■ Network Access Protection (NAP) Used to ensure that computers on the private network meet requirements for system health

■ Network Policy Server (NPS) Provides organization-wide network access policies for system health

■ Routing and Remote Access Service Features the Secure Socket Tunneling Protocol (SSTP), a mechanism to encapsulate PPP traffic over the Secure Sockets Layer (SSL) channel

The Web Server (IIS) role delivers Web publishing that integrates IIS, ASP.NET, and Windows Communication Foundation. Improvements include the ability to enable distributed configuration, new administration tools, the ability to make single pipeline requests, and the ability to perform Web site diagnostics.

The Streaming Media Services Role includes new cache/proxy management and playlist attributes.

The Virtualization Role is technology that is a component of the Windows Server 2008 OS and enables you to create a virtualized server computing environment. This new feature is provided through Hyper-V.

The Windows Deployment Services (WDS) role is the redesigned version of Remote Installation Services (RIS). WDS components are organized into these three categories: Server Components, Client Components, and Management Components.

Windows BitLocker Drive Encryption (BitLocker) provides protection on the operating system volume. New functionality includes full-volume encryption, integrity checking, recovery options, remote management, and secure decommissioning.

User Account Control is a new security component that allows an administrator to enter credentials to perform an administrative task when needed in a nonadministrative logged-in session. This increases security as there is now no need to ever log in to a session as the local administrator.

Authorization Manager’s new features include custom object pickers, business rule groups and stores. Authorization Manager can store authorization stores in SQL, AD, or XML.

New functionality in the Encrypting File System includes smart card key storage, increased configurability of EFS through Group Policy, and an Encrypting File System rekeying wizard.

Changes to the Security Configuration Wizard include installation, securing servers, Windows Firewall, and Advanced Security integration.

Installing Windows Server 2008 Enterprise Edition

Before you install the operating system, you first need to know the organization’s requirements. Knowing this upfront will facilitate the installation procedure as well as consecutive configuration tasks, and help to ensure that they run smoothly. Second, verify the installation and configuration plan with the stakeholders before the project commences. Before you install Windows Server 2008, follow the steps in this section to prepare for the installation. Depending on the role the server will take, you will have to check the server for application compatibility. This is important whether the server will just have Windows Server 2008, or whether it will host any other Microsoft or third-party applications.

Microsoft Windows Server 2008 is available in multiple editions, based on the organization’s needs, size, and operating systems, and providing support for different levels of hardware compatibility.

Windows Server 2008 Standard Edition provides key server functionality. It includes both full and Server Core installation options. It is designed to increase the flexibility and reliability of your server infrastructure, with built-in virtualization and enhanced Web capabilities. Enhanced security features and high dependability come with this edition. The Standard Edition includes the following:

■ 32-bit and 64-bit Support for up to four CPUs

■ 32-bit Support for up to 4 GB of RAM

■ 64-bit Support for up to 32 GB of RAM

Windows Server 2008 Enterprise Edition provides even greater scalability and availability and adds technologies such as failover clustering and AD FS. The enterprise-class platform improves security and lays down the foundation for a scalable IT infrastructure. The Enterprise Edition includes the following:

■ 32-bit and 64-bit Support for up to eight CPUs

■ 32-bit Support for up to 64 GB of RAM

■ 64-bit Support for up to 2 TB of RAM

Windows Server 2008 Datacenter Edition offers the same functionality as the Enterprise Edition, but with additional memory and processor capabilities from two to 64 processors. With its unlimited virtual image usage rights, the Datacenter Edition is the foundation on which to build large enterprise-class solutions. The Datacenter Edition includes the following:

■ 32-bit Support for up to 32 CPUs

■ 64-bit Support for up to 64 CPUs

■ 32-bit Support for up to 64 GB of RAM

■ 64-bit Support for up to 2 TB of RAM

Windows Web Server 2008 is designed to be used as a single-purpose Web server. Other server roles are not available in this edition. The Web edition delivers a solid Web infrastructure with newly redesigned tools. The Web Server Edition includes the following:

■ 32-bit and 64-bit Support for up to four CPUs

■ 32-bit Support for up to 4 GB of RAM

■ 64-bit Support for up to 32 GB of RAM

Windows Server 2008 for Itanium-based Systems is designed for use with Intel Itanium 64-bit processors. This is designed to provide high availability for large databases and line-of-business applications, and to provide high availability to meet the needs of mission-critical solutions. The Itanium-based edition includes the following:

■ Support for up to 64 × 64-bit Itanium CPUs

■ Support for up to 2 TB of RAM

When working with the Windows Server 2008 Enterprise Edition, you must complete a few preinstallation tasks. First, check the system hardware requirements. Table 1.1 lists the requirements for Windows Server 2008 Enterprise Edition.

Table 1.1

Hardware Requirements for Windows Server 2008 Enterprise Edition

Once you have determined that the hardware meets the minimum requirements and that the software that will run on the server meets the requirements of the hardware, it is time to decide whether you want to do a clean install of the operating system on the new or used server hardware or whether you want to upgrade an older version of Server 2008 or Server 2003. In an upgrade, you retain options such as the desktop, users and groups, and program groups. If you don’t have an operating system you want to upgrade, you need to perform a clean install.

Table 1.2 shows which Windows operating systems can be upgraded to which editions of this release of Windows Server 2008.

Table 1.2

Upgrade Paths

Before you begin the upgrade, consider the following:

■ You may want to back up and test the backup of the server before the upgrade starts.

■ Upgrading from Server 2003 to the Server Core of Windows Server 2008 is not supported.

■ An upgrade to Windows Server 2008 cannot be uninstalled; however, if the installation failed, you can roll back to the previous operating system.

■ Be sure to do an application compatibility check before the upgrade is started. Microsoft made an application compatibility toolkit available for this reason.

Test Day Tip

To completely prepare for test day, perform an attended installation of Windows Server 2008.

Exercise 1.1

Installing Windows Server 2008

To install Windows Server 2008, follow these steps:

1. Insert the Windows Server 2008 Enterprise Edition DVD in the DVD-ROM drive.

2. Make the necessary selections in Figure 1.1 and click Next.

Figure 1.1 Installing Windows Server 2008

3. Click Install now, as shown in Figure 1.2.

Figure 1.2 Clicking Install Now

4. Figure 1.3 shows a list of the editions of the operating system available on the DVD. Make a selection and click Next.

Figure 1.3 Selecting the Operating System

5. Accept the license terms as shown in Figure 1.4, and click Next.

Figure 1.4 Accepting the Terms and Conditions

6. Select to perform either an Upgrade or a Custom (clean) install, as shown in Figure 1.5.

Figure 1.5 Selecting the Type of Installation

7. Click on New, as shown in Figure 1.6, to create a partition based on the unallocated disk space available on the server. You can also perform formats and extend volumes.

Figure 1.6 Creating a Partition

8. Figure 1.7 shows a successfully created 16 GB primary partition. Click Next.

Figure 1.7 The Newly Created Partition

9. Figure 1.8 shows the Windows Installation going through all the install stages. Depending on your configuration, the server restarts between the Installing Updates stage and the Completing Installations stage.

Figure 1.8 Installing Windows

10. Once the installation is complete, the server will restart so that the changes can take effect.

New and Noteworthy…

Upgrading to Windows Server 2008

Upgrading from Windows Server 2003 to Windows Server 2008 requires additional free disk space. When running the upgrade process extra disk space is required for the new operating system, the setup process, and any other installed server roles. Additionally, for the DC role you also need to consider disk space requirements. Please note the following: The volume containing the Active Directory database requires free space that is equal to, or at least 10% of, the current database size, or at least 250 MB, whichever is greater. In addition to this, the volume that hosts the log files also needs at least 50 MB of free space. The default installation of the Active Directory database and log file is under %WINDIR%\NTDS. The NTDS.DIT database file and log files are temporarily copied to the quarantine location, hence the requirement for free disk space.

When upgrading a 64-bit version of the Windows Server 2008 operating system, remember that Windows Server 2008 requires you to use updated and digitally signed drivers for the hardware attached to the server. In the case of Plug and Play or software installation without digitally signed drivers, you will receive an error and Windows Server 2008 will not load the unsigned driver. To digitally sign drivers means that the publisher of the driver has put an electronic security mark, a digital signature, in the driver. This prevents someone from altering the contents of the original driver package. This means the driver has been signed and its identity can be verified by the CA that issued the certificate. This is to ensure that users are using the highest-quality drivers. If, for whatever reason, you are not sure whether the driver package you are using is digitally signed, or if you can no longer boot into your computer or server after the installation, use the following procedure to disable the driver signature prerequisite. This enables your computer or server to start correctly, and the unsigned driver will load successfully. To disable the signature requirement for the current boot process:

1. During startup, press F8.

2. Select Advanced Boot Options.

3. Select Disable Driver Signature Enforcement.

4. Reboot into Windows, then uninstall the unsigned driver and check with the hardware vendor for available 64-bit device drivers.

What Is New in the AD DS Installation?

AD DS has several new installation options in Windows Server 2008, including the following:

■ RODC

■ DNS

■ Global Catalog (GC) servers

New OS installation options include Full Install and Core Server Install.

The first thing you must do when adding a Windows Server 2008 DC to a Windows 2003 forest is to prepare the forest for the Windows 2008 server by extending the schema to accommodate the new server:

■ To prepare the forest for Windows Server 2008 run the following command: adprep /forestprep.

■ To prepare the domain for Windows Server 2008 run the following command: adprep /domainprep.

It is recommended that you host the primary domain controller (PDC) emulator operations master role in the forest root domain on a DC that runs Windows Server 2008 and to make this server a GC server. The first Windows Server 2008 DC in the forest cannot be an RODC. Before installing the first RODC in the forest, run the following command: adprep /rodcprep.

Making sure the installation was successful; you can verify the AD DS installation by checking the following:

■ Check the Directory Service log in Event Viewer for errors.

■ Make sure the SYSVOL folder is accessible to clients.

■ Verify DNS functionality.

■ Verify replication.

To run adprep /forestprep you have to be a member of the Enterprise Admins and Schema Admins groups of Active Directory. You must run this command from the DC in the forest that has the Schema Master FSMO role. Only one Schema Master is needed per forest.

To run adprep /domainprep you have to be a member of the Domain Admins or Enterprise Admins group of Active Directory. You must run this command from each Infrastructure Master FSMO role in each domain after you have run adprep / forestprep in the forest. Only one Infrastructure Master is needed per domain.

To run adprep /rodcprep you have to be a member of the Enterprise Admins group of Active Directory. You can run this command on any DC in the forest. However, it is recommended that you run this command on the Schema Master.

Exercise 1.2

Installing a New Windows Server 2008 Forest Using the Windows Interface

Follow these steps to install a new Windows Server 2008 forest by using the Windows interface. To perform this procedure, you must be logged on as the local Administrator for the computer.

1. On the Select Server Roles page (Figure 1.9), click the Active Directory Domain Services checkbox, and then click Next.

Figure 1.9 Installing AD DS

2. If necessary, review the information on the Active Directory Domain Services page (Figure 1.10) and then click Next.

Figure 1.10 AD DS Introduction

3. On the Confirm Installation Selections page (Figure 1.11), click Install.

Figure 1.11 Confirming the Installation

4. Figure 1.12 shows the result of the installation and gives you the option to run dcpromo.exe. Click Next.

Figure 1.12 Installation Result

5. On the Installation Results page (Figure 1.12), click Close this wizard and launch the Active Directory Domain Services Installation Wizard (dcpromo.exe). Alternatively, click Start | Run, type dcpromo.exe, and click OK. Figure 1.13 shows the Welcome Page to the AD DS Installation Wizard; click Next. You can select the Use advanced mode installation checkbox to get additional installation options.

Figure 1.13 The Welcome Page

6. On the Operating System Compatibility page (Figure 1.14), review the warning about the default security settings for Windows Server 2008 DCs and then click Next.

Figure 1.14 Operating System Compatibility Page

7. On the Choose a Deployment Configuration page (Figure 1.15), click Create a new domain in a new forest, and then click Next.

Figure 1.15 Choosing a Deployment Configuration

8. On the Name the Forest Root Domain page (Figure 1.16), type the full DNS name for the forest root domain, and then click Next (e.g., Syngress.com).

Figure 1.16 Naming the Forest Root Domain

9. On the Set Forest Functional Level page (Figure 1.17), select the forest functional level that accommodates the DCs you plan to install anywhere in the forest, and then click Next.

Figure 1.17 Setting the Forest Functional Level

10. On the Additional Domain Controller Options page (Figure 1.18), DNS server is selected by default so that your forest DNS infrastructure can be created during AD DS installation. If you plan to use Active Directory-integrated DNS, click Next. If you have an existing DNS infrastructure and you do not want this DC to be a DNS server, clear the DNS server checkbox, and then click Next.

Figure 1.18 Additional DC Options

11. On the Static IP assignment page (Figure 1.19), it is picked up that the server does not have a static Internet Protocol (IP) address assigned to its network card. It is recommended that you assign a static IP to the network card and then continue with the installation. Click No, I will assign static IP addresses to all physical network adapters; this will display the screen shown in Figure 1.18 again. Assign a static IP to the network card and click Next (configure a static IPv4 and IPv6 IP address for this prompt to stop). If the wizard cannot create a delegation for the DNS server, it displays a message to indicate that you can create the delegation manually. To continue, click Yes (see Figure 1.20).

Figure 1.19 Assigning a Static IP Address

Figure 1.20 DNS Prompts

12. On the Location for Database, Log Files, and SYSVOL page (Figure 1.21), type or browse to the volume and folder locations for the database file, the directory service log files, and the SYSVOL files, and then click Next. Windows Server Back-up backs up the directory service by volume. For backup and recovery efficiency, store these files on separate volumes that do not contain applications or other nondirectory files.

Figure 1.21 The Location for the Database

13. On the Directory Services Restore Mode Administrator Password page (Figure 1.22), type and confirm the restore mode password, and then click Next. This password must be used to start AD DS in Directory Service Restore Mode for tasks that must be performed offline. It is recommended that this password is NOT the same as the domain administrator password.

Figure 1.22 Directory Services Restore Mode Password

14. On the Summary page (Figure 1.23), review your selection. Click Back to change any selection, if necessary. To save the selected settings to an answer file that you can use to automate subsequent AD DS operations, click Export settings. Type the name for your answer file, and then click Save. When you are sure that your selections are accurate, click Next to install AD DS.

Figure 1.23 The Summary Page

15. You can either select the Reboot on completion checkbox (Figure 1.24) to have the server restart automatically, or you can restart the server to complete the AD DS installation when you are prompted to do so.

Figure 1.24 The AD DS Installation Wizard

16. On the Completion page (Figure 1.25), you should see a message stating that the installation was successful and is complete. Click Finish.

Figure 1.25 The Completion Page

Installing from Media

Install from media (IFM) is a feature that was available with Windows 2000 SP3 and Windows Server 2003. Historically, it has been a problem rolling out new DC and GC servers at remote sites. Restoring or rolling out a DC in a remote site also had the disadvantage of large amounts of data being replicated between the newly restored DC and an active DC in the domain. IFM offers you the option to restore or build a new DC from a recently made backup. To take advantage of this feature, you must back up the DC’s system state information (this contains Active Directory) and restore it to a media source such as a CD, DVD, tape, or even shared network drive. On a new server that is to be promoted, run the dcpromo.exe /adv command. This will give you the advanced Active Directory installation options.

The advanced option gives you the choice to specify the location of the restored backup file that contains the system state of a DC from which you sourced Active Directory. This will allow you to create a new DC from a recent backup instead of conducting a live replication from another active DC. Once the installation is complete, replication will commence with an active DC to replicate data changes that took place since the original backup used for IFM was created.

This solution provides you with the functionality to provide immediate disaster recovery of a DC or GC server by maintaining a current system state backup of any DC in the domain and restoring it to media such as a CD, DVD, tape, or shared network drive. It is, however, very important that you keep these backups as secure as possible, as you don’t want a copy of the organization’s Active Directory to fall into the wrong hands. There are a few IFM limitations. It works only for the same domain, and the system state backup must be current because the default value for the tombstone lifetime entry is 60 days for objects within Active Directory.

Exercise 1.3

Preparing for Disaster Recovery Using IFM

Follow these steps to prepare for disaster recovery using IFM. You will need at least one Windows 2003 DC in the domain and a Windows 2003 member server in that domain that is to be promoted. DNS must be installed and the SRV records for the first DC must be populated.

Test Day Tip

You cannot use the IFM feature to create a new domain.

1. Log on to one of the active DCs in the