 75. Write about global catalog.

How to view replication properties

for AD properties.
A global catalog is a multi-domain catalog that allows for faster searching of
objects without the need for a domain name. It helps in locating an object from
any domain by using its partial, read-only replica stored in a domain controller.
As it uses only partial information and a set of attributes that are most
commonly used for searching, the objects from all domains, even in a large
forest, can be represented by a single database of a global catalog server.
A global catalog is created and maintained by the AD DS replication system.
The predefined attributes that are copied into a global catalog are known as
the Partial Attribute Set (PAS). Users are allowed to add or delete the
attributes stored in a global catalog and thus change the database schema.
Some of the common global catalog usage scenarios are as follows:

 Forest-wide searches
 User logon
 Universal group membership caching
 Exchange address book lookups

How to view replication properties for AD properties.

By using replication monitor

Go to start > run > type repadmin

Go to start > run > type replmon

The Replmon graphical user interface (GUI) tool is included when you install Windows Server 2003 Support Tools from the product
CD or from the Microsoft Download Center

Replmon.exe: Active Directory Replication Monitor

This GUI tool enables administrators to view the low-level status of Active Directory replication, force synchronization between
domain controllers, view the topology in a graphical format, and monitor the status and performance of domain controller
replication.

The Replmon graphical user interface tool was removed from Windows Server 2008 and later. Repadmin is still available for
troubleshooting replication.
Repadmin.exe: Replication Diagnostics Tool

This command-line tool assists administrators in diagnosing replication problems between Windows domain controllers.
Administrators can use Repadmin to view the replication topology as seen from the perspective of each domain controller. In
addition, Repadmin can be used to manually create the replication topology, to force replication events between domain controllers,
and to view both the replication metadata and up-to-date vectors.

Repadmin.exe can also be used for monitoring the relative health of an Active Directory forest. The
operations replsummary, showrepl, showrepl /csv, and showvector /latency can be used to check for replication problems.

 76. Argue and conclude the functionality of Directory Partitions and

Lightweight Directory Access Protocol?

Application directory partitions provide the ability to control the scope of replication and allow
the placement of replicas in a manner more suitable for dynamic data. As a result, the
application directory partition provides the capability of hosting dynamic data in the Active
Directory Server, thus allowing ADSI/LDAP access to it, without significantly impacting network
performance.

Lightweight Directory Access Protocol

LDAP was initially created by Tim Howes of the University of Michigan, Steve Kille of
Isode Limited and Wengyik Yeong of Performance Systems International, circa 1993. It
is based on the X.500 standard, but is simple and easily adapts to meet custom needs
whose specifications are defined in the Requests for Comments (RFCs).
LDAP is also cross-platform and standards-based. Thus, the applications are not
concerned about the server type hosting the directory. The LDAP servers are easy to
install, maintain and optimize. The LDAP server process queries and updates the LDAP
information directory.
LDAP servers are capable of replicating data either through push or pull methods. The
technology related to replication is easily configured and built-in. LDAP permits secured
delegate read and modification authority based on needs using Microsoft Access control
lists. No security checks are performed at the user application level. This is all done
directly through the LDAP directory. LDAP does not define how programs work on the
client server side, but does define the language used by client programs to talk to
servers. LDAP servers range from small servers for workgroups to large organizational
and public servers.
LDAP directory servers stores data hierarchically. One of the techniques to partition the
directory is to use LDAP referrals, which enable users to refer LDAP requests to a
different server.
The central concept of LDAP is the information model, which deals with the kind of
information stored in directories and the structuring of information. The information
model revolves around an entry, which is a collection of attributes with type and value.
Entries are organized in a tree-like structure called the directory information tree. The
entries are composed around real world concepts, organization, people and objects.
Attribute types are associated with syntax defining allowed information. A single
attribute can enclose multiple values within it. The distinguished names in LDAP are
read from bottom to top. The left part is called the relative distinguished name and the
right part is the base distinguished name.
Many vendors of server products and directory clients support LDAP. Companies with
LDAP intentions include IBM, AT&T, Sun and Novell. Eudora and Netscape
communicator also support LDAP. Government agencies and large universities also use
LDAP servers for storing and organizing information.

 80.Where the AD database is held? Do you know how frequently

group policy refreshed?
The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. Main database file for active directory
is ntds.dit. Along with this file there are other files also present in this folder. These files are created when you
run dcpromo. These are the main files controlling the AD structure

 ntds.dit: This is the main database file for active directory.

 edb.log: Transaction performed to ad stored in this file.
 res1.log: Used as reserve space in the case when drive had low space.
 res2.log: Same as res1.log.
 edb.chk: This file records the transactions committed to ad database.

By default, computer Group Policy is updated in the background every 90 minutes. Also Group Policy for the computer is always
updated when the system starts. This policy (the one which we are going to modify) specifies a background update rate only for
Group Policies in the Computer Configuration folder.

 Q81.NTFS vs FAT
FAT stands for File Allocation Table and FAT32 is an extension which means that data
is stored in chunks of 32 bits. These is an older type of file system that isn’t commonly
used these days.
DID YOU KNOW: Fat32 isn't that widely used in today's time and it found its
replacement in the exFAT (Extended File Allocation Table) file system. In fact, many
operating systems and storage devices use it more than NTFS.
NTFS stands for New Technology File System and this took over from FAT as the
primary file system being used in the Windows system. This NTFS file system is not
only secure but also supports larger file sizes and hard drives.

Indeed, before making a choice you need to know about their capabilities. The table
below will give you
a rough idea of the
features and
respective support.

82. Mention the new features in Active Directory (AD) of Windows

server 2012?
AD DS improvements in Windows Server 2012 include:

 Virtualization that just works

Windows Server 2012 provides greater support for the capabilities of public and private
clouds through virtualization-safe technologies and the rapid deployment of virtual
domain controllers through cloning.
  Simplified deployment and upgrade preparation

The upgrade and preparation processes (dcpromo and adprep) have been replaced with a
new streamlined domain controller promotion wizard that is integrated with Server
Manager and built on Windows PowerShell. It validates prerequisites, automates forest and
domain preparation, requires only a single set of logon credentials, and it can remotely
install AD DS on a target server.

 Simplified management

Examples of simplified management include the integration of claims-based authorization

into AD DS and the Windows platform, two critical components of a broader feature
known as Dynamic Access Control (DAC). DAC comprises central access policies, directory
attributes, the Windows file-classification engine, and compound-identities that combine
user and machine identity into one. In addition, the Active Directory Administrative Center
(ADAC) now allows you to perform graphical tasks that automatically generate the
equivalent Windows PowerShell commands. The commands can be easily copied and
pasted into a script simplifying the automation of repetitive administrative actions.

 AD DS Platform Changes

The AD DS platform comprises core functionality, including the “under-the-covers”

behaviors that govern the components upon which the rest of the directory service is built.
Updates to the AD DS platform include improved allocation and scale of RIDs (relative
identifiers), deferred index creation, various Kerberos enhancements and support for
Kerberos claims (see Dynamic Access Control) in AD FS.

Active Directory and AD DS has been at the center of IT infrastructure for over 10 years, and its
features, adoption, and business-value have grown release over release. Today, the majority of
that Active Directory infrastructure remains on the premises, but there is an emerging trend
toward cloud computing. The adoption of cloud computing, however, will not occur overnight,
and migrating suitable on-premises workloads or applications is an incremental and long-term
exercise. New hybrid infrastructures will emerge, and it is essential that AD DS support the needs
of these new and unique deployment models that include services hosted entirely in the cloud,
services that comprise cloud and on-premises components, and services that remain exclusively
on the premises. These hybrid models will increase the importance, visibility, and emphasis
around security and compliance, and they will compound the already complex and time-
consuming exercise of ensuring that access to corporate data and services is appropriately
audited and accurately expresses the business intent.
83. Discriminate Organisational Units and Group Policy. Also define
Empty root domain.

Groups
Active Directory groups are used to assign permissions to company resources.
As a best practice, you place users into groups and then apply the groups to an
access control list (ACL).
It’s quite typical to have your AD groups mirror your company hierarchy (e.g., a
group for Finance, Marketing, Legal, etc.).

Organizational Units
Organizational Units are useful when you want to deploy group policy settingsto a
subset of users, groups, and computers within your domain.
For example, a domain may have 2 sub-organizations (e.g., consumer and
enterprise) with 2 separate IT teams managing them. Creating 2 OUs lets each IT
team administer their own policies that affect only the users, computers, etc. that fall
within their unit.

Organizational Units also allow you to delegate admin tasks to users/groups

without having to make him/her an administrator of the directory.
Here’s an example: let’s assume that you have an organizational unit structure such
that the top level OU is named Employees and the child OUs are Departments and
HRUsers. Departments also includes child OUs such as SalesUsers,
EngineeringUsers, FinanceUsers, and ExecutiveUsers. If you wanted someone from
the IT department to have the ability to reset the password for all employees in all
departments, you would establish that delegation of administration at the
Departments OU level. If, however, you wanted a manager from the HR department
to be able to reset the passwords for only the HR users, you would configure the
delegation of administration on the HRUsers OU, giving them the ability to reset
passwords exclusively for these users.

What kind of common administrative tasks can you delegate via OUs?

 Managing users (create, delete, etc.)

  Managing groups
 Modifying group membership
 Managing group policy links
 Resetting passwords on user accounts

84. Characterize the basic requirements of installing active directory.

And how will you verify it is installed properly or not?

The following requirements are for the Active Directory iDataAgent:

Operating System

Windows Server 2019

Microsoft Windows Server 2019 Editions

Windows 2016

Microsoft Windows Server 2016 Editions

Windows 2012

Microsoft Windows Server 2012 R2 Editions

Windows Server 2008

Microsoft Windows Server 2008 Editions with a minimum of Service Pack 1

*Core Editions are not supported.

Microsoft Windows Server 2008 R2 Editions*

*Core Editions are not supported.

Hard Drive
1 GB minimum of hard disk space for installing the software.
256 MB of free disk space is required for job result directory.
256 MB of free disk space is required for log directory.
 Processor
All Windows-compatible processors are supported.

Miscellaneous
Services
It is recommended that your Active Directory server has DNS services configured.
The File System Agent is installed automatically during the installation of this software component (if
it is not installed already). To review the system requirements of the File System Agent, see System
Requirements - Microsoft Windows File System Agent.

.NET Framework
.NET Framework 4.0 is automatically installed. Note that .NET Framework 4.0 can co-exist with other
versions of this software.

Microsoft Visual C++

The following Redistributable Package is installed automatically. Note that the Redistributable
Package can co-exist with other versions of this software.
Microsoft Visual C++ 2010 Redistributable Package

---------------------------------------------

How to Verify your Installation of Active Directory

After you install Active Directory, it is important to verify that the necessary
directory database files, system volumes (security policies and files), and DNS
SRV resource records are created so that Active Directory works properly.

Verifying SRV resource records

After the installation of Active Directory, each DNS database file will contain
SRV resource records, which are pointers to DNS hosts running Active
Directory services. You should verify that the SRV resource records have
been created for the domain controller after promotion. There are two ways to
do this:

1. If you are using a server running the DNS Server service, you can use DNS in
Microsoft Management Console (MMC).
2. If you are using a DNS service that does not support dynamic updates, you
will need to manually register the SRV resource records.

Now view the Netlogon.dns file that is located in systemroot\System32\Config

on each Active Directory domain controller. The SRV resource records are
listed in the standard DNS resource record text representation.

This is the resource

record

You will see the Lightweight Directory Access Protocol (LDAP) SRV record in
the form:
_ldap._tcp. Active_Directory_domain_name IN SRV 0 100
389 domain_controller_name
If you install the DNS Server service during Active Directory installation, you
must manually create a reverse lookup zone and set the zone attribute to
Allow dynamic updates after installation.
 Verify SRV resource record registration
After Active Directory is installed, you can also use the Nslookup command-
line utility to verify that the domain controller registered its SRV resource
records in the DNS database. To verify that SRV resource records[1] were
properly registered by using Nslookup, perform the following steps:

1. Open a command prompt.

2. At the command prompt, type nslookup and then press Enter.
3. Type ls -t SRV domain.msft (where domain.msft is your domain name), and
then press Enter.
4. If the SRV resource records were properly created, they will be listed. To save
the results of this list to a file, type ls -t SRV domain.msft > File.

You should note that time-outs will be reported when you first run Nslookup if
you do not have a reverse lookup zone configured.
Nslookup generates a reverse lookup to determine the host name of the DNS
server based on its IP address.

Items Post-installation location

The database file for the new domain is stored in Active

Directory. The default location for the database and database
Database log files is systemroot\Ntds. However, you may want to place
these files on a separate hard disk to improve read-write
access.

The shared system volume is hosted on all Windows 2000

domain controllers. It stores scripts that are part of the group
Shared
policy objects for both the current domain and the enterprise
system
network. The default location for the shared system volume
volume
is systemroot\Sysvol. The shared system volume must be
located on an NTFS partition.

The first site is automatically created when you install and

Default first
promote the first domain controller. It is called Default-First-
site name Site-Name and it contains the first domain controller. You can
create additional sites later.

The first domain controller in the forest becomes a global

Global
catalog server by default. Additional global catalog servers
catalog
can be configured by using Active Directory Sites and
server
Services.

The forest root domain is created when the first domain

Root domain
controller is installed.

When the first domain is created, the following are created

automatically:

Default 1. Builtin. Builtin contains default security groups, such as

containers Account Operators, Administrators, and so on.
2. Computers. Computers is the default location for domain
computer objects.
3. Users. Users is the default location for domain user objects.

Default
Domain Domain Controllers contain the first domain controller, and
Controllers other domain controllers as they are added to the domain.
OU

Verifying Server Promotion

You can also verify the promotion of a server by ensuring that the items in the
View table are installed correctly.
The next lesson wraps up this module.

[1] SRV resource records: Used in a DNS zone to register and locate well
known TCP/IP services
85. Briefly describe Active directory schema with the help of an
example.
The Active Directory schema is a component of Active Directory which contains rules for object creation
within an Active Directory forest. The Active Directory schema is a list of definitions about Active
Directory objects and information about those objects that are stored in Active Directory.

The schema is the blueprint of Active Directory and schema defines what kinds of objects can exist in the
Active Directory database and attributes of those objects.

Active Directory Classes, Objects and Attributes

The information in the Active Directory is represented as Objects, and there is an object for each user,
computer, printer etc. Object of the same type belong to same class.

Example: All user objects belong to class "user", all computer objects belong to class “computer” and all
printer objects belong to class "printQueue".

The information in an object is stored as Attributes (Properties), which the corresponding class supports.
Attributes define various information that a class can contain.

The process of creating an object from a class is called instantiation, and an object created from a class is
called an instance of that class.

Example: You have created a user called jerome.h in the Active Directory. The user object jerome.h is an
instance of the Active Directory class "user".

Classes are categorized as abstract, structural and auxiliary classes.

• Abstract classes: Abstract classes provide attributes that flow through the hierarchy, but they cannot be
used to instantiate an object. Abstract classes can inherit from other classes and can have attributes defined
on them directly, but you cannot create (instantiate) and object of an abstract class.

• Structural classes: Structural classes can be instantiated into objects and can contain additional attributes
that are not inherited from the other class types. The user and group classes are the examples of structural
classes.

• Auxiliary classes. Auxiliary classes provide attributes that extend a structural class, but they cannot be used
to form a structural class by themselves or instantiate an object.
 86.Where is the AD database held? What other folders are
related to AD?

The Active Directory Database is Stored in %SYSTEM ROOT%\NDTS folder. Main database file for
active directory is ntds.dit. Along with this file there are other files also present in this folder. These files
are created when you run dcpromo. These are the main files controlling the AD structure

 ntds.dit: This is the main database file for active directory.

 edb.log: Transaction performed to ad stored in this file.
 res1.log: Used as reserve space in the case when drive had low space.
 res2.log: Same as res1.log.
 edb.chk: This file records the transactions committed to ad database.
When a change is made to the Win2K database, triggering a write operation, Win2K records the
transaction in the log file (edb.log). Once written to the log file, the change is then written to the AD
database. System performance determines how fast the system writes the data to the AD database
from the log file. Any time the system is shut down; all transactions are saved to the database.
During the installation of AD, Windows creates two files: res1.log and res2.log. The initial size of each is
10MB. These files are used to ensure that changes can be written to disk should the system run out of
free disk space. The checkpoint file (edb.chk) records transactions committed to the AD database
(ntds.dit). During shutdown, a "shutdown" statement is written to the edb.chk file. Then, during a reboot,
AD determines that all transactions in the edb.log file have been committed to the AD database. If, for
some reason, the edb.chk file doesn't exist on reboot or the shutdown statement isn't present, AD will
use the edb.log file to update the AD database.
The last file in our list of files to know is the AD database itself, ntds.dit. By default, the file is located
in\NTDS, along with the other files we've discussed

87. (same as q.84)

88.(LDAP-refer q.76 ……. active directory schema-refer q.85)

89. Correlate the standard port numbers with different protocols

Common TCP/IP Protocols and Ports

Protocol TCP/UDP Port Number Description

File Transfer Protocol TCP 20/21 FTP is one of the most commonly used file transfer protocols

(FTP) on the Internet and within private networks. An FTP server

(RFC 959) can easily be set up with little networking knowledge and

provides the ability to easily relocate files from one system

to another. FTP control is handled on TCP port 21 and its

data transfer can use TCP port 20 as well as dynamic ports

depending on the specific configuration.

Secure Shell (SSH) TCP 22 SSH is the primary method used to manage network devices

securely at the command level. It is typically used as a secure

(RFC 4250-4256)
alternative to Telnet which does not support secure

connections.

Telnet TCP 23 Telnet is the primary method used to manage network

devices at the command level. Unlike SSH which provides a

(RFC 854)
secure connection, Telnet does not, it simply provides a basic

unsecured connection. Many lower level network devices

support Telnet and not SSH as it required some additional

processing. Caution should be used when connecting to a

device using Telnet over a public network as the login

credentials will be transmitted in the clear.

Simple Mail Transfer TCP 25 SMTP is used for two primary functions, it is used to transfer

Protocol (SMTP) mail (email) from source to destination between mail servers

and it is used by end users to send email to a mail system.

(RFC 5321)

Domain Name System TCP/UDP 53 The DNS is used widely on the public internet and on private

(DNS) networks to translate domain names into IP addresses,

typically for network routing. DNS is hieratical with main

(RFC 1034-1035)
root servers that contain databases that list the managers of

high level Top Level Domains (TLD) (such as .com). These

different TLD managers then contain information for the

second level domains that are typically used by individual

users (for example, cisco.com). A DNS server can also be set

up within a private network to private naming services

 between the hosts of the internal network without being part

of the global system.

Dynamic Host UDP 67/68 DHCP is used on networks that do not use static IP address

Configuration Protocol assignment (almost all of them). A DHCP server can be set

(DHCP) up by an administrator or engineer with a poll of addresses

that are available for assignment. When a client device is

(RFC 2131)
turned on it can request an IP address from the local DHCP

server, if there is an available address in the pool it can be

assigned to the device. This assignment is not permanent and

expires at a configurable interval; if an address renewal is not

requested and the lease expires the address will be put back

into the poll for assignment.

Trivial File Transfer UDP 69 TFTP offers a method of file transfer without the session

Protocol (TFTP) establishment requirements that FTP uses. Because TFTP

uses UDP instead of TCP it has no way of ensuring the file

(RFC 1350)
has been properly transferred, the end device must be able to

check the file to ensure proper transfer. TFTP is typically

used by devices to upgrade software and firmware; this

includes Cisco and other network vendors’ equipment.

Hypertext Transfer TCP 80 HTTP is one of the most commonly used protocols on most

Protocol (HTTP) networks. HTTP is the main protocol that is used by web

browsers and is thus used by any client that uses files located
(RFC 2616)
on these servers.

Post Office Protocol TCP 110 POP version 3 is one of the two main protocols used to

(POP) version 3 retrieve mail from a server. POP was designed to be very

simple by allowing a client to retrieve the complete contents

(RFC 1939)
of a server mailbox and then deleting the contents from the

server.
Network Time Protocol UDP 123 One of the most overlooked protocols is NTP. NTP is used to

(NTP) synchronize the devices on the Internet. Even most modern

operating systems support NTP as a basis for keeping an

(RFC 5905)
accurate clock. The use of NTP is vital on networking

systems as it provides an ability to easily interrelate troubles

from one device to another as the clocks are precisely

accurate.

NetBIOS TCP/UDP 137/138/139 NetBIOS itself is not a protocol but is typically used in

combination with IP with the NetBIOS over TCP/IP (NBT)

(RFC 1001-1002)
protocol. NBT has long been the central protocol used to

interconnect Microsoft Windows machines.

Internet Message Access TCP 143 IMAP version3 is the second of the main protocols used to

Protocol (IMAP) retrieve mail from a server. While POP has wider support,

IMAP supports a wider array of remote mailbox operations

(RFC 3501)
which can be helpful to users.

Simple Network TCP/UDP 161/162 SNMP is used by network administrators as a method of

Management Protocol network management. SNMP has a number of different

(SNMP) abilities including the ability to monitor, configure and

control network devices. SNMP traps can also be configured

(RFC 1901-1908, 3411-
on network devices to notify a central server when specific
3418)
actions are occurring. Typically, these are configured to be

used when an alerting condition is happening. In this

situation, the device will send a trap to network management

stating that an event has occurred and that the device should

be looked at further for a source to the event.

Border Gateway Protocol TCP 179 BGP version 4 is widely used on the public internet and by

(BGP) Internet Service Providers (ISP) to maintain very large

routing tables and traffic processing. BGP is one of the few

(RFC 4271)
protocols that have been designed to deal with the
 astronomically large routing tables that must exist on the

public Internet.

Lightweight Directory TCP/UDP 389 LDAP provides a mechanism of accessing and maintaining

Access Protocol (LDAP) distributed directory information. LDAP is based on the

ITU-T X.500 standard but has been simplified and altered to

(RFC 4510)
work over TCP/IP networks.

Hypertext Transfer TCP 443 HTTPS is used in conjunction with HTTP to provide the

Protocol over SSL/TLS same services but doing it using a secure connection which is

(HTTPS) provided by either SSL or TLS.

(RFC 2818)

Lightweight Directory TCP/UDP 636 Just like HTTPS, LDAPS provides the same function as

Access Protocol over LDAP but over a secure connection which is provided by

TLS/SSL (LDAPS) either SSL or TLS.

(RFC 4513)

FTP over TLS/SSL TCP 989/990 Again, just like the previous two entries, FTP over TLS/SSL

uses the FTP protocol which is then secured using either SSL
(RFC 4217)
or TLS.

90. How to upgrade from windows 2003 DC to windows 2008 DC

Link- https://www.youtube.com/watch?v=k_gKmpbawK4

General Steps:
=============

1. Verify the new server's TCP/IP configuration has been pointed to the current DNS server.
2. Make the new server become a member server of the current Windows Server 2003 domain first.

3. Upgrade the Windows Server 2003 forest schema to Windows Server 2008 schema with the "adprep
/forestprep" command on old server.

Please run the "adprep.exe /forestprep" command from the Windows Server 2008 installation disk on the
schema master. To do this, insert the Windows Server 2008 installation disk, and then type the following
command:

Drive:\sources\ADPREP\adprep.exe /forestprep

4. Upgrade the Windows 2003 domain schema with the "adprep /domainprep" command on old server.

Please run the "adprep.exe /domainprep" command from the Windows Server 2008 installation disk on
the infrastructure master. To do this, insert the Windows Server 2008 installation disk, and then type the
following command:

Drive:\sources\ADPREP \adprep.exe /domainprep

5. Insert Windows Server 2008 Installation Disc in the new server.

6. Run "dcpromo" on new server to promote it as an additional domain controller in existing Windows
2003 domain, afterwards you may verify the installation of Active Directory.

Please refer to:

How to Verify an Active Directory Installation in Windows Server 2003
http://support.microsoft.com/kb/816106

7. Verify the new server's TCP/IP configuration has been pointed to current DNS server.

8. Enable Global Catalog on new server and manually Check Replication Topology and afterwards
manually trigger replication (Replicate Now) to synchronize Active Directory database between 2 replicas.

Please note: It will some time to replicate GC between DC, please wait some time with patience.

9. Disable Global Catalog on the old DC.

10. Transfer all the FSMO roles from the old DC to the new DC.

Please refer to:

How to view and transfer FSMO roles in Windows Server 2003
http://support.microsoft.com/kb/324801

11. Verify that the old DNS Server Zone type is Active Directory-Integrated. If not, please refer to:

How To: Convert DNS Primary Server to Active Directory Integrated

http://support.microsoft.com/kb/816101

Note: Active Directory Integrated-Zone is available only if DNS server is a domain controller.
12. Install DNS component on new server and configure it as a new DNS Server (Active Directory
Integrated-Zone is preferred). All the DNS configuration should be replicated to the new DNS server with
Active Directory Replication.

13. Make all the clients change TCP/IP configuration to point to new server as DNS.

14. You may configure TCP/IP on all the clients, or adjust DHCP scope settings to make them use the
new DNS server.