1
00:00:01,440 --> 00:00:04,590
Once root DC1 comes back from its reboot, it will be a

2
00:00:04,590 --> 00:00:06,440
fully functional domain controller.

3
00:00:06,440 --> 00:00:11,010
I've configured DHCP, or Dynamic Host Configuration Protocol, so that all

4
00:00:11,010 --> 00:00:15,070
machines in the domain now have connectivity to that DNS server.

5
00:00:15,070 --> 00:00:17,420
I'm on a Windows 11 workstation right now,

6
00:00:17,420 --> 00:00:19,930
and if we look at my IP config output,

7
00:00:19,930 --> 00:00:25,690
we can see that for DNS servers I'm pointed to 10.1.0.10; that is root DC2.

8
00:00:25,690 --> 00:00:28,450
So let's join the domain on this Windows 11 box.

9
00:00:28,450 --> 00:00:32,750
I'm going to open up Search, and I just go the long way around, honestly.

10
00:00:32,750 --> 00:00:35,620
I'm going to open up good old‑fashioned Control Panel.

11
00:00:35,620 --> 00:00:38,550
This is just my curmudgeonly behavior showing up.

12
00:00:38,550 --> 00:00:41,260
I'll do a search for join and we'll join the domain.

13
00:00:41,260 --> 00:00:43,160
I like to do it the good old‑fashioned way.

14
00:00:43,160 --> 00:00:46,520
We'll go to Change in the System Properties control panel, and for the

15
00:00:46,520 --> 00:00:50,550
computer name it's cli1, but the domain is timw.info.

16
00:00:50,550 --> 00:00:54,170
Because we have DNS connectivity, we now are asked

17
00:00:54,170 --> 00:00:56,940
for a domain administrator account, which I will provide.

18
00:00:56,940 --> 00:00:58,880
Let me get rid of this control panel here.

19
00:00:58,880 --> 00:01:00,200
Welcome to the domain.

20
00:01:00,200 --> 00:01:02,390
This is all familiar to you, I'm quite sure.

21
00:01:02,390 --> 00:01:04,650
Then we're going to reboot this client, and when we come

22
00:01:04,650 --> 00:01:06,960
back, we'll sign in using a domain account.

23
00:01:06,960 --> 00:01:11,710
And now that I'm signed into the domain on that Windows 11 client machine,

24
00:01:11,710 --> 00:01:14,160
I'm going to show you how to install the RSAT tools.

25
00:01:14,160 --> 00:01:18,270
Again, I'll open up Start and do a search for optional and grab Optional

26
00:01:18,270 --> 00:01:21,710
features from System settings and then add an optional feature.

27
00:01:21,710 --> 00:01:22,830
We're going to do View features.

28
00:01:22,830 --> 00:01:24,610
And if I do a search for RSAT,

29
00:01:24,610 --> 00:01:28,400
we've got a whole bunch of Remote Server Administration Tools.

30
00:01:28,400 --> 00:01:31,240
Now in Windows 10, you still have to install these separately

31
00:01:31,240 --> 00:01:35,050
from the Microsoft Download Center, but Windows 11 has them baked

32
00:01:35,050 --> 00:01:36,730
right into the operating system here.

33
00:01:36,730 --> 00:01:40,500
And I'm going to grab them all. Even though I may not necessarily need them all,

34
00:01:40,500 --> 00:01:41,650
at least I've got them.

35
00:01:41,650 --> 00:01:43,500
So let me select them and click Next.

36
00:01:43,500 --> 00:01:47,550
I'm also going to install Windows Admin Center on this Windows 11 box.

37
00:01:47,550 --> 00:01:47,640
Now,

38
00:01:47,640 --> 00:01:50,820
some things to keep in mind. That is on the exam objectives, so

39
00:01:50,820 --> 00:01:53,510
it's important that you know some stuff about it.

40
00:01:53,510 --> 00:01:56,190
And as you can see, all those RSAT tools are installing.

41
00:01:56,190 --> 00:02:00,320
Download the Windows Admin Center installer from the Microsoft Eval Center.

42
00:02:00,320 --> 00:02:02,760
When you install WAC on a server,

43
00:02:02,760 --> 00:02:04,940
it gets installed as a service, and then you

44
00:02:04,940 --> 00:02:07,150
centrally can connect to that gateway.

45
00:02:07,150 --> 00:02:11,470
I'm installing WAC locally on this machine because you cannot

46
00:02:11,470 --> 00:02:14,620
install Windows Admin Center on domain controllers.

47
00:02:14,620 --> 00:02:18,700
So I'm just going to install it here, just basically doing a Next, Next, Finish.

48
00:02:18,700 --> 00:02:22,790
I am going to choose to update WAC with Microsoft Update.

49
00:02:22,790 --> 00:02:26,450
WAC, by the way, is a browser‑based administration tool.

50
00:02:26,450 --> 00:02:31,510
And as you can see here, it listens on 6516 as the default site on a workstation.

51
00:02:31,510 --> 00:02:33,760
On a server, it would be 443.

52
00:02:33,760 --> 00:02:37,120
Notice that we can modify the machine's trusted hosts list.

53
00:02:37,120 --> 00:02:38,560
I'm going to do Install here.

54
00:02:38,560 --> 00:02:42,120
And this will give us a nice, centralized point of administration

55
00:02:42,120 --> 00:02:44,320
from our client machine throughout the domain,

56
00:02:44,320 --> 00:02:46,230
as long as we have proper credentials.

57
00:02:46,230 --> 00:02:49,180
And specifically, what I'm going to do is make a connection

58
00:02:49,180 --> 00:02:50,830
to my other domain controller, root DC2,

59
00:02:50,830 --> 00:02:56,230
and we're going to install Active Directory Domain Services through WAC.

60
00:02:56,230 --> 00:02:59,440
Then we'll connect to the server and finish the promotion.

61
00:02:59,440 --> 00:03:04,240
Now by default, Windows Admin Center is going to use a self‑signed certificate.

62
00:03:04,240 --> 00:03:06,920
This is an important point and an exam alert to consider.

63
00:03:06,920 --> 00:03:10,420
When you're installing WAC as a gateway service on a server,

64
00:03:10,420 --> 00:03:14,580
on a domain member server, you'll not want to use the self‑signed certificates.

65
00:03:14,580 --> 00:03:17,220
So the way that you do that is that you can start using the

66
00:03:17,220 --> 00:03:20,450
self‑signed certificate, and then when you're ready to use

67
00:03:20,450 --> 00:03:23,380
your production SSL/TLS certificate,

68
00:03:23,380 --> 00:03:26,700
you rerun the installer and you choose Change as an option.

69
00:03:26,700 --> 00:03:27,520
That's what we've got.

70
00:03:27,520 --> 00:03:30,240
So for here, let me click Finish. And as mentioned here,

71
00:03:30,240 --> 00:03:39,000
we're just using the self‑signed certificate for SSL. We're just on the local machine anyway, so it's not that big of a deal.