MoFA AD Perimeter Zone



MoFA Active Directory Perimeter zoneInstallation GuideAbstractThis document describes how to setup the MoFA Active Directory for the perimeter zone.Document ReferenceDocument TypeInstallation ProcedureVersion1.0ClassificationInternal UseStatusDRAFTDate of Issue5th December 2012File LocationIT Operation team sharepoint# Pages NUMPAGES \* MERGEFORMAT 4Produced byBeno?t LejolyReviewed byMohammed Al GannamAuthorized byFatih Bekir Kihtir; Majid Al MirzamTable of contents TOC \o "1-4" 1.Introduction PAGEREF _Toc342228992 \h 51.1Intended audience PAGEREF _Toc342228993 \h 51.2Sources PAGEREF _Toc342228994 \h 51.3Change history PAGEREF _Toc342228995 \h 51.4Forecast changes PAGEREF _Toc342228996 \h 51.5Abbreviations / Glossary PAGEREF _Toc342228997 \h 52.Installation Prerequisite(s) PAGEREF _Toc342228998 \h 62.1Reader’s guide PAGEREF _Toc342228999 \h 62.2Hardware PAGEREF _Toc342229000 \h 62.2.1Disk Space Requirement PAGEREF _Toc342229001 \h 62.2.2HW requirements ( If applicable ) PAGEREF _Toc342229002 \h 62.3Software PAGEREF _Toc342229003 \h 62.3.1Software OS Prerequisites ( Mandatory ) PAGEREF _Toc342229004 \h 62.3.2Software dependencies ( If applicable ) PAGEREF _Toc342229005 \h 62.3.3Out of Scope PAGEREF _Toc342229006 \h 62.3.4Software Support lifecycle ( mandatory ) PAGEREF _Toc342229007 \h 72.3.5Software Sources ( mandatory ) PAGEREF _Toc342229008 \h 72.4Others prerequisites PAGEREF _Toc342229009 \h 73.Installation guide PAGEREF _Toc342229010 \h 83.1Installation Variables ( Mandatory ) PAGEREF _Toc342229011 \h 83.2Build details PAGEREF _Toc342229012 \h 83.2.1Production Environment PAGEREF _Toc342229013 \h 83.2.2Non-Production Environment PAGEREF _Toc342229014 \h 93.3Installation Steps PAGEREF _Toc342229015 \h 103.3.1Production environment – Build process overview PAGEREF _Toc342229016 \h 103.4First DC Installation PAGEREF _Toc342229017 \h 103.4.1Installation options PAGEREF _Toc342229018 \h 103.4.2Installation steps PAGEREF _Toc342229019 \h 113.4.3Installation validation PAGEREF _Toc342229020 \h 153.5Install Additional Domain controller PAGEREF _Toc342229021 \h 153.5.1Installation options PAGEREF _Toc342229022 \h 163.5.2Installation steps PAGEREF _Toc342229023 \h 163.5.3Installation validation PAGEREF _Toc342229024 \h 203.5.4DNS Configuration on the first Domain Controller PAGEREF _Toc342229025 \h 213.6Top Level OU creation PAGEREF _Toc342229026 \h 223.6.1Installation Options PAGEREF _Toc342229027 \h 223.6.2Installation steps PAGEREF _Toc342229028 \h 223.6.3Installation validation PAGEREF _Toc342229029 \h 243.7Create the sub-levels OUs PAGEREF _Toc342229030 \h 253.7.1Installation options PAGEREF _Toc342229031 \h 253.7.2Installation steps PAGEREF _Toc342229032 \h 253.7.3Installation validation PAGEREF _Toc342229033 \h 273.8Create Groups PAGEREF _Toc342229034 \h 283.8.1Installation Options PAGEREF _Toc342229035 \h 283.8.2Installation execution PAGEREF _Toc342229036 \h 283.8.3Installation validation PAGEREF _Toc342229037 \h 303.8.4Rights configuration PAGEREF _Toc342229038 \h 303.8.4.1P_PRM_L_ExtGroupsMgmt_Read PAGEREF _Toc342229039 \h 303.8.4.2P_PRM_L_ExtGroupsMgmt_Write PAGEREF _Toc342229040 \h 343.8.4.3P_PRM_L_ExtUsersMgmt_Read PAGEREF _Toc342229041 \h 373.8.4.4P_PRM_L_ExtUsersMgmt_Write PAGEREF _Toc342229042 \h 413.9Apply GPO adapted for Perimeter network settings PAGEREF _Toc342229043 \h 44Table of Figures TOC \h \z \c "Figure" Figure 1: MOFA.WEB Production Forest overview PAGEREF _Toc341951801 \h 7Figure 2: NPMOFA.WEB Production Forest overview PAGEREF _Toc341951802 \h 8Figure 3: Installation flow process PAGEREF _Toc341951803 \h 9IntroductionIntended audienceThis document covers the installation of Perimeter zone Active Directory and is intended to be used by the MoFA Wintel Operational team.The goal of this document is to give the reader all needed information to install successfully the new Active Directory forests and the ADMT servers.Sources[1]: Active Directory DMZ Design v1.0.docx[2]:[3]:Change historyVersionNature of changeDate01.00First version05/12/2012Forecast changesVersionNature of changeDateAbbreviations / GlossaryAbbreviationFull textADActive Directory DNSDomain Name ServerGPOGroup Policy ObjectInstallation Prerequisite(s)Reader’s guideThis document describes the installation of Microsoft Active Directory Domain Services (AD DS.For each component, the installation guide contains 3 subchapters:Installation Options: what are the option needed to deploy the componentInstallation Steps: Defines main and sub stepsInstallation Validation: how to validate the installation of the componentIf a package is needed for an installation, it is assumed that sources will be copied locally on the machine where you want to install.HardwareDisk Space Requirement Servers requirements for Domain controllers have been described in the Perimeter Active Directory Design document that is referenced as [1].As a summary, the here below table shows what is needed for each domain controller:DiskSpace used for installationDisk Type ( Virtual/Physical ) 40 GB System Disk (C:) – Contains mainly the OSVirtual 10 GB Data disk (D:)Virtual10 GBSwap disk (S:)Virtual10 GBLogs disk (L:)VirtualCD/DVDZ:VirtualHW requirements ( If applicable )Hardware requirements have also been designed in the Perimeter Active Directory design that referenced [1] in chapter “Domain Controller System Configuration”.SoftwareSoftware OS Prerequisites ( Mandatory ) This installation procedure must be executed on the following Operating System: Windows 2008 R2 SP1This operating system must be patched to the latest available level provided by Microsoft. Please run a Windows update or any patches deployment software prior executing this installation.Software dependencies ( If applicable )This installation procedure requires the following components to be installed prior software installation:- - Out of ScopeThe following items are determined to be out of scope:The antivirus installation and configuration as it will follow the System Center deployment in the perimeter zone.The installation and configuration of the monitoring as this step is part of the deployment of the System Center platform. Specific monitoring requirements have however been described in the Active Directory Design document [1].The Windows Base Operating system installation as it will follows current MoFA installation standards.AD backups – Appropriate recommendations have been done in the Active Directory Design document [1]. The backup strategy will be defined by the MoFA.Software Support lifecycle ( mandatory ) Products installation described in this document are part of the lifecycle of the Operating System. It also means that they have the same lifecycle as the Operating System itself. Please refer to your Microsoft Premier contract support to validate current OS support dates and possible extensions that might be signed by the MoFA. Software Sources ( mandatory ) All sources needed for this procedure are built-in in the operating system. No additional software will be required during the setup.Others prerequisitesPrior starting the build process, make sure that the following prerequisites are covered:The user used for installation has Local Administrative rights on the target servers where the setup will be executedAll IPs addresses are known and servers are configured in fixed IPsBoth machine can fully communicate between them without firewall restrictionsLatest Microsoft patches have been deployed on machinesAn antivirus installation is scheduled after this setup (as we are in the perimeter zone and that these machines are first needed to setup the System Center platform)Scripts and answer files are copied locally on each machine Installation guide Installation Variables ( Mandatory ) Variable Value per environment Comment Variable 1 Variable 2Variable 3 Value Z Applicable to all environments Build detailsProduction EnvironmentThe here below picture provides an overview of what needs to be built:Figure SEQ Figure \* ARABIC 1: MOFA.WEB Production Forest overviewEach of the following server’s roles will be installed on both machines:Role NameInstalled ComponentsNotesDomain Controller Microsoft Windows Server 2008 R2 SP1Microsoft Active Directory Domain ServicesMicrosoft DNS ServerIdentical roles will be installed on both machines. Due to AD specific constraints, some internal AD key roles will be processed on RUH-DCDMZ-01.The here below table provides details for the installation itself:Server nameIP detailsRUH-DCDMZ-01IP: TO BE COMPLETEDNetmask: TO BE COMPLETEDGateway: TO BE COMPLETEDPrimary DNS: RUH-DCDMZ-01Secondar DNS: RUH-DCDMZ-02A dedicated VLAN for the two domain controllers must be created by Network team in the perimeter zone.RUH-DCDMZ-02IP: TO BE COMPLETEDNetmask: TO BE COMPLETEDGateway: TO BE COMPLETEDPrimary DNS: RUH-DCDMZ-02Secondar DNS: RUH-DCDMZ-01A dedicated VLAN for the two domain controllers must be created by Network team in the perimeter zone.Non-Production EnvironmentThe here below picture provides an overview of what needs to be built for the Non-Production environment:Figure SEQ Figure \* ARABIC 2: NPMOFA.WEB Production Forest overviewEach of the following server’s roles will be installed on both machines:Role NameInstalled ComponentsNotesDomain Controller Microsoft Windows Server 2008 R2 SP1Microsoft Active Directory Domain ServicesMicrosoft DNS ServerIdentical roles will be installed on both machines. Due to AD specific constraints, some internal AD key roles will be processed on RUH-DCDMZ-01.The here below table provides details for the installation itself:Server nameIP detailsRUH-TDCDMZ-01IP: TO BE COMPLETEDNetmask: TO BE COMPLETEDGateway: TO BE COMPLETEDPrimary DNS: RUH-TDCDMZ-01Secondar DNS: RUH-TDCDMZ-02A dedicated VLAN for the two domain controllers must be created by Network team in the perimeter zone.RUH-TDCDMZ-02IP: TO BE COMPLETEDNetmask: TO BE COMPLETEDGateway: TO BE COMPLETEDPrimary DNS: RUH-TDCDMZ-02Secondar DNS: RUH-TDCDMZ-01A dedicated VLAN for the two domain controllers must be created by Network team in the perimeter zone. This VLAN must be a different one than the production VLAN.Installation Steps Production environment – Build process overviewThe here below schema provides an overview of the perimeter forest build process:Figure SEQ Figure \* ARABIC 3: Installation flow processItems in blue must be done only one.Items in yellow might be done repetitively to create multiple objects.First DC InstallationThis section explains how to install the first domain controller of the environment using the different provided scripts.Installation optionsVariables described here under are part of the “unattended_firstDC.xml” file. Please check values contained in the script and if not aligned with this document, align them prior using the script (italic text must not be in the answer file). Pay attention that the script will have different configuration for Production and Non-Production.Variable NameVariable ValueReplicaOrNewDomainDomainNewDomainForestNewDomainDNSNameProduction: MOFA.WEBNon-Production: NPMOFA.WEBForestLevel4DomainNetbiosNameProduction: MOFAWEBNon-Production: NPMOFAWEBDomainLevel4InstallDNSYesConfirmGcYesCreateDNSDelegationNoDatabasePathD:\NTDSLogPathL:\NTDSSYSVOLPathc\windows\sysvolSafeModeAdminPassword**********RebootOnCompletionYesInstallation stepsLog on into the future first domain controller. In our example, we are taking “RUH-DCDMZ-01” as reference and check that your user is well member of the local administrator group of the machine.Click on the “Start button” and type in the search bar “PowerShell”. Right click on the PowerShell window and select “Run as Administrator”:In the PowerShell window that is appearing, type “Set-Executionpolicy unrestricted” and type enter; When prompted, enter “Y” and “enter” to confirm the change:Create a folder called “setup” at the root of the “C:” drive:Copy all installation scripts in this folder.In the PowerShell window, set the path to “C:\Setup” and type the following command at the PowerShell invite: Execute Powershell.exe “.\MoFA-Add-ADDS-Role.ps1”Type “R” if prompted to run the script:Wait the end of the script execution:Once the script has finished, you should get this screen:Type now the following command at the PowerShell screen: “dcpromo.exe /unattend:C:\setup\unattended_firstDC_Prod.txt” and press “enter”:The Active Directory installation should start. Wait that the installation is completed. This operation can take some time, be patient.Once the installation is completed, the server will restart by itself. Once the machine has restarted, logon again into the server:Click on the “Start button” and type in the search bar “PowerShell”. Right click on the PowerShell window and select “Run as Administrator”:In the PowerShell window that is appearing, type “Set-Executionpolicy unrestricted” and type enter; When prompted, enter “Y” and “enter” to confirm the change:Set back the PowerShell working location to “C:\Setup” and at the command prompt, type powershell.exe “.\RenameDefaultSite.ps1” then press “enter”:The script execution result will be something like:We have successfully installed the first Domain Controller. Repeat the same operation with adapted scripts (called NONPROD) for the Non-Production Environment.Installation validationLog on onto the server with an administrative account:In the Server Manager, validate the AD DS and DNS roles have been added.Note: DNS role is automatically added during the dcpromo.exe executionIn Active Directory Site and Services, validate the Default-First-Site-Name site has been renamed to MoFA-Riyadh-HQ:Install Additional Domain controllerThis chapter describes the steps to follow to add domain controller in the MOFA.WEB forest. For the current build, only one additional domain controller will be added.The MoFA can reuse this chapter later, when additional domain controllers need to be added to the forest.Installation optionsThis section details the variables in the configuration file that are most likely to change when executing the scripts.Configuration variables to verify in unattended_additionalDC.txt. If the value is not aligned with the value in this document, please update the XML file.Variable NameVariable ValueReplicaOrNewDomainReplicaReplicaDomainDNSNameMOFA.WEBSiteNameMoFA-Riyadh-HQInstallDNSYesConfirmGcYesCreateDNSDelegationNoUserDomainUserNameAdministratorPassword*(put the correct password)DatabasePathD:\NTDSLogPathL:\NTDSSYSVOLPathC:\windows\sysvolSafeModeAdminPassword*(put the correct password)RebootOnCompletionYesYou have to fill in password fields prior to using the unattended file.Installation stepsLog on into the future additional domain controller. In our example, we are taking “RUH-DCDMZ-02” as reference and check that your user is well member of the local administrator group of the machine.The first step we have to do prior installation of the domain controller role is to set the preferred DNS server to the IP address of the first domain controller and the alternate DNS server to the IP address of our local machine (the one we installed following this procedure here above):Note: Illustration here above doesn’t reflect your reality – built in a lab.Click on “OK” to apply these parameters and close all the windows.Click on the “Start button” and type in the search bar “PowerShell”. Right click on the PowerShell window and select “Run as Administrator”:In the PowerShell window that is appearing, type “Set-Executionpolicy unrestricted” and type enter; When prompted, enter “Y” and “enter” to confirm the change:Create a folder called “setup” at the root of the “C:” drive:Copy all installation scripts in this folder.In the PowerShell window, set the path to “C:\Setup” and type the following command at the PowerShell invite: Execute Powershell.exe “.\MoFA-Add-ADDS-Role.ps1”Type “R” if prompted to run the script:Wait the end of the script execution:Once the script has finished, you should get this screen:Type now the following command at the PowerShell screen: “dcpromo.exe /unattend:C:\setup\unattended_additionalDC_Prod.txt” and press “enter”:The Active Directory installation should start. Wait that the installation is completed. This operation can take some time, be patient. The installation screen looks like something like this:Once finished, the machine will reboot automatically.Installation validationLog on onto the server with an administrative account (member of the domain admin group):In the Server Manager, validate the AD DS and DNS roles have been added.Note: DNS role is automatically added during the dcpromo.exe executionIn Active Directory Users and Computers, validate that we have well the two domain controllers in the default OU:DNS Configuration on the first Domain ControllerAs we have now added a second Domain Controller that is also DNS server in the environment, we must now adapt the DNS settings of the first Domain Controller to enable redundancy. To do so, connect to the first domain controller and log on into it. Go to the network card properties and adapt the settings to have as Primary DNS server the IP address of the second domain controller and as Alternalte DNS Server, the IP address of the first domain controller:Top Level OU creationInstallation OptionsThis section details the variables in the configuration file that are most likely to change when executing the scripts.Configuration variables to verify in MoFA-CreateTopOUs.xml. If the value is not aligned with the value in this document, please update the XML file:<OUs> <!-- Name : The specified name will be the CN --> <!-- Path : Specify the destinguishedName of the OU container--> <Domain Name="DC= RUH-DCDMZ-01,DC= MOFA,DC= WEB" /> <OU Name="External Users Management" Path="DC=MOFA,DC=WEB" /> <OU Name="External Group Management" Path="DC= MOFA,DC= WEB" /> <OU Name="Servers and Computers Management" Path="DC= MOFA,DC= WEB" /> <OU Name="Resource Group Management" Path="DC= MOFA,DC= WEB" /><OU Name="IT Users Management" Path="DC= MOFA,DC= WEB" /> <OU Name="IT Group Management" Path="DC= MOFA,DC= WEB" /> </OUs>Installation stepsAs we have now installed our two domain controllers, it is time to setup the OU structure at the top level. To do so and automate it, a script has been prepared. The script is called “MoFA-CreateTopOUs.ps1” and its response file is “MoFA-CreateTopOUs.xml”.Log on into the first Domain Controller with a user that is member of the domain admin group:Click on the “Start button” and type in the search bar “PowerShell”. Right click on the PowerShell window and select “Run as Administrator”:In the PowerShell window that is appearing, type “Set-Executionpolicy unrestricted” and type enter; When prompted, enter “Y” and “enter” to confirm the change:Copy the two above mentioned scripts on the previously created folder called “setup” at the root of the “C:” drive:Copy all installation scripts in this folder:In the PowerShell window, set the path to “C:\Setup” and type the following command at the PowerShell invite: Execute Powershell.exe “.\MoFA-CreateTopOUs.ps1”Type “R” if prompted to run the script:Wait the end of the script execution:Installation validationLaunch the “Active Directory Users and Computers” and validate that the OUs have been created accordingly to the parameter file:Create the sub-levels OUsInstallation optionsThis presents an high level overview of the xml file that is creating the different Active Directory OUs. These values have been aligned with the design document referenced [1] and it is assumed that the user is able to adapt the XML file accordingly to create additional OUs if necessary. The user can also refer to comments that are integrated in the MoFA-CreateSubLevelsOUs.xml script. To execute the script two files must be present in the directory:MoFA-CreateSubLevelsOUs.ps1 => Contains the script logic. Must not be modifiedMoFA-CreateSubLevelsOUs.xml => Contains the parameters. File to adapt if necessaryFile have currently been created to match the design that has been proposed.Installation stepsLog on into the first Domain Controller with a user that is member of the domain admin group:Click on the “Start button” and type in the search bar “PowerShell”. Right click on the PowerShell window and select “Run as Administrator”:In the PowerShell window that is appearing, type “Set-Executionpolicy unrestricted” and type enter; When prompted, enter “Y” and “enter” to confirm the change:Copy the two above mentioned scripts on the previously created folder called “setup” at the root of the “C:” drive:Copy all installation scripts in this folder:In the PowerShell window, set the path to “C:\Setup” and type the following command at the PowerShell invite: Execute Powershell.exe “.\MoFA-CreateSubLevelsOUs.ps1”Type “R” if prompted to run the script:Wait the end of the script execution:All the sub-containers are now created inside the AD.Installation validationLaunch the “Active Directory Users and Computers” and validate that the OUs have been created accordingly to the parameter file:Create GroupsInstallation OptionsVariables that can be used to create all AD groups in an automated way are documented in the file MoFA-CreateGroups.xml . You might have to change these names variables if you want to create more Active Directory groups, in an automated way, than the ones specified in the design document.The file that is used as input file is named MoFA-CreateGroups.xml and the script that is processing the file is named MoFA-CreateGroups.ps1. Both files must be copied, after modification, in the “C:\setup” folder of the server prior execution.Installation executionLog on into the first Domain Controller with a user that is member of the domain admin group:Click on the “Start button” and type in the search bar “PowerShell”. Right click on the PowerShell window and select “Run as Administrator”:In the PowerShell window that is appearing, type “Set-Executionpolicy unrestricted” and type enter; When prompted, enter “Y” and “enter” to confirm the change:Copy the two above mentioned scripts on the previously created folder called “setup” at the root of the “C:” drive:Copy all installation scripts in this folder:In the PowerShell window, set the path to “C:\Setup” and type the following command at the PowerShell invite: Execute Powershell.exe “.\MoFA-CreateGroups.ps1”Type “R” if prompted to run the script:Wait the end of the script execution:All the sub-containers are now created inside the AD.Installation validationLaunch the “Active Directory Users and Computers” and validate that groups have been created accordingly to the parameter file:Rights configurationAs specified in the design documents, the four following resource groups must have specific access on some AD OUs:P_PRM_L_ExtGroupsMgmt_ReadP_PRM_L_ExtGroupsMgmt_WriteP_PRM_L_ExtUsersMgmt_ReadP_PRM_L_ExtUsersMgmt_WriteUsers groups that will be member of these resource groups will have specific read or write access to some zone of the Active Directory and will not be able to access the rest of the Active Directory. The next section describes how to configure this right delegation.P_PRM_L_ExtGroupsMgmt_ReadLog on into one of the domain controller and launch the “Active Directory Users and Computers” snap-in. Inside it, find the “External Groups Management OU”:Click on “Delegate Control”:Click “Next”Click “Add”Type “P_PRM_L_ExtGroupsMgmt_Read” at the prompt and click “OK”.Click “Next”Select “Read all user information” and click “Next”Click “Finish”.P_PRM_L_ExtGroupsMgmt_WriteLog on into one of the domain controller and launch the “Active Directory Users and Computers” snap-in. Inside it, find the “External Groups Management OU”:Click on “Delegate Control”:Click “Next”Click “Add”Type “P_PRM_L_ExtGroupsMgmt_Write” at the prompt and click “OK”.Click “Next”Tick boxes as mentioned in the screenshot and click “Next”Click “Finish”.P_PRM_L_ExtUsersMgmt_ReadLog on into one of the domain controller and launch the “Active Directory Users and Computers” snap-in. Inside it, find the “External Groups Management OU”:Click on “Delegate Control”:Click “Next”Click “Add”Type “P_PRM_L_ExtUsersMgmt_Read” at the prompt and click “OK”.Click “Next”Select “Read all user information” and click “Next”Click “Finish”.P_PRM_L_ExtUsersMgmt_WriteLog on into one of the domain controller and launch the “Active Directory Users and Computers” snap-in. Inside it, find the “External Groups Management OU”:Click on “Delegate Control”:Click “Next”Click “Add”Type “P_PRM_L_ExtUsersMgmt_Write” at the prompt and click “OK”.Click “Next”Select “Read all user information” and click “Next”Click “Finish”.Apply GPO adapted for Perimeter network settingsAs this Active Directory is located in a perimeter network, Active Directory security must be enforced to reduce surface attack risks. In order to do so, two main GPO templates have been created. Copy the two following directories in the C:\setup directory of one of the domain controller:Click on start button and type “Group Policy Management”:Start the Group Policy Management console and go to “Group Policy Object”:Right click on it and select “Manage Backup”:Configure the “Backup location” to “C:\setup”. You should see the two policies that have been created.Click them on “Restore”. Execute this for the two backups.At the prompt, click on “OK”.The four GPOs can now been seen at the console level:Click now on the “MOFA.WEB” level, right click on it and select “Link existing GPO…”Select the “MoFA Perimeter Default Domain Policy” and click OK.We now have two different GPOs that are applying at domain level. Remove the “Default domain policy” by right clicking on it and select “Link Enabled” to unlink the GPO.Click on “OK”:When you check at the screen, you should now have the Default domain policy not linked and the MoFA perimeter default domain policy linked:Repeat the same operation to link the MoFA Perimeter Domain Controller policy to the Domain Controller OU:The full domain is now configured, congratulation !Non-Production environment installationInstallation scenarioAs Production and Non-Production are identical environments, we will only have a few differences between the two procedures. In order to avoid to rewrite the exact same procedure, only a few script needs to be adapted and in screenshots, the following differences are applying:Production caseNon-Production caseCommentMoFA-Add-ADDS-Role.ps1MoFA-Add-ADDS-Role.ps1Identical scriptMoFA-CreateGroups.ps1MoFA-CreateGroups.ps1Identical scriptMoFA-CreateGroups.xmlMoFA-CreateGroups.xmlIdentical fileMoFA-CreateSubLevelsOUs.ps1MoFA-CreateSubLevelsOUs.ps1Identical scriptMoFA-CreateSubLevelsOUs.xmlNoProdMoFA-CreateSubLevelsOUs.xmlDifferent fileMoFA-CreateTopOUs.ps1MoFA-CreateTopOUs.ps1Identical scriptMoFA-CreateTopOUs.xmlNoProdMoFA-CreateTopOUs.xmlDifferent fileRenameDefaultSite.ps1RenameDefaultSite.ps1Identical scriptunattended_additionalDC_Prod.txtunattended_additionalDC_NoProd.txtDifferent fileunattended_firstDC_Prod.txtunattended_firstDC_NoProd.txtDifferent file{2B24EF0B-8CA1-4B4C-A573-8C4D6619B16E}{2B24EF0B-8CA1-4B4C-A573-8C4D6619B16E}Folder content identical in both cases{C06485DA-1B0B-4FA6-809E-E0FD8F4034DD}{C06485DA-1B0B-4FA6-809E-E0FD8F4034DD}Folder content identical in both cases ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download