You are previewing Training Guide: Configuring Advanced Windows Server 2012 Services.
O'Reilly logo
Training Guide: Configuring Advanced Windows Server 2012 Services

Book Description

Configuring Advanced Windows Server 2012 Services

Designed to help enterprise administrators develop real-world, job-role-specific skills—this Training Guide focuses on advanced configuration of services necessary to deploy, manage and maintain a Windows Server 2012 infrastructure. Build hands-on expertise through a series of lessons, exercises, and suggested practices—and help maximize your performance on the job.

This Microsoft Training Guide:

  • Provides in-depth, hands-on training you take at your own pace

  • Focuses on job-role-specific expertise for deploying and managing advanced infrastructure services in Windows Server 2012

  • Creates a foundation of skills which, along with on-the-job experience, can be measured by Microsoft Certification exams such as 70-412

  • Sharpen your skills. Increase your expertise.

  • Configure full forest and domain trust relationships

  • Configure Active Directory (AD) sites and manage AD replication

  • Implement advanced DNS and DHCP solutions

  • Install, configure, and manage AD Certificate Services

  • Manage backups and recover servers

  • Optimize storage and configure advanced file services

  • Manage failover clustering and Network Load Balancing

  • Move virtual machines from one Hyper-V server to another

  • Implement Dynamic Access Control and Active Directory RMS

  • Implement Active Directory Federation Services

  • Table of Contents

    1. Special Upgrade Offer
    2. Introduction
      1. System requirements
        1. Hardware and software requirements
          1. Virtualization hardware requirements
          2. Software requirements
      2. Virtual machine setup instructions
      3. Acknowledgments
      4. Errata & book support
      5. We want to hear from you
      6. Stay in touch
    3. 1. Advanced Active Directory infrastructure
      1. Before you begin
      2. Lesson 1: Configuring domains and forests
        1. Multidomain Active Directory environments
          1. Domain trees
          2. Intra-forest authentication
          3. Domain functional levels
            1. Windows Server 2003 Functional Level
            2. Windows Server 2008 Functional Level
            3. Windows Server 2008 R2 Functional Level
            4. Windows Server 2012 Functional Level
          4. Forest functional levels
        2. Multiforest Active Directory environments
        3. Upgrading existing domains and forests
        4. User Principal Name (UPN) suffixes
        5. Lesson summary
        6. Lesson review
      3. Lesson 2: Configuring trusts
        1. Trusts
          1. Trust transitivity
          2. Trust direction
          3. Forest trusts
          4. Configuring selective authentication
          5. External Trusts
          6. Shortcut trusts
          7. Realm trusts
          8. Netdom.exe
        2. SID filtering
        3. Name suffix routing
        4. Lesson summary
        5. Lesson review
      4. Practice exercises
        1. Exercise 1: Prepare a domain controller to host a child domain with a contiguous namespace
        2. Exercise 2: Create a child domain with a noncontiguous namespace
        3. Exercise 3: Prepare domain controller to host the wingtiptoys.com tree in the contoso.com forest
        4. Exercise 4: Promote domain controller for new tree in contoso.com forest
        5. Exercise 5: Prepare a domain controller to host a new forest
        6. Exercise 6: Create new forest
        7. Exercise 7: Prepare to configure a forest trust relationship
        8. Exercise 8: Begin creating a forest trust relationship
        9. Exercise 9: Complete the creation of the forest trust relationship between contoso.com and margiestravel.com
        10. Exercise 10: Configure name suffix routing
        11. Exercise 11: Configure selective authentication
        12. Exercise 12: Configure additional UPN suffixes
        13. Exercise 13: Configure a shortcut trust
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    4. 2. Active Directory sites and replication
      1. Before you begin
      2. Lesson 1: Configuring sites
        1. Configure sites and subnets
          1. Creating sites
          2. Creating subnets
          3. Creating site links
          4. Creating site link bridges
        2. Manage SRV record registration
        3. Moving domain controllers
        4. Lesson summary
        5. Lesson review
      3. Lesson 2: Active Directory replication
        1. Active directory partitions
        2. Understanding multi-master replication
          1. Knowledge consistency checker (KCC)
          2. Store and forward replication
          3. Conflict resolution
        3. RODC replication
        4. Configure RODC password replication
        5. Monitor and manage replication
        6. Repadmin
        7. Upgrade SYSVOL replication
        8. Lesson summary
        9. Lesson review
      4. Practice exercises
        1. Exercise 1: Create Active Directory sites
        2. Exercise 2: Create Active Directory subnets
        3. Exercise 3: Create site links
        4. Exercise 4: Modify site link cost and replication schedule
        5. Exercise 5: Configure MEL-DC as an additional domain controller
        6. Exercise 6: Verify site placement and trigger replication
        7. Exercise 7: Configure ADL-DC as an RODC
        8. Exercise 8: Configure RODC replication
        9. Exercise 9: View account passwords replicated to ADL-DC
        10. Exercise 10: Monitor replication with repadmin
        11. Exercise 11: Remove the RODC and reset accounts
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    5. 3. Advanced DHCP and DNS
      1. Before you begin
      2. Lesson 1: Implement an advanced DNS solution
        1. DNSSEC
        2. DNS event logs
        3. GlobalNames Zones
        4. Advanced DNS options
          1. DNS socket pool
          2. DNS cache locking
          3. DNS recursion
          4. Netmask ordering
        5. Delegated administration
        6. Lesson summary
        7. Lesson review
      3. Lesson 2: Implement an advanced DHCP solution
        1. Superscopes
        2. Multicast scopes
        3. Split scopes
        4. Name Protection
        5. DHCP failover
        6. Lesson summary
        7. Lesson review
      4. Lesson 3: Deploy and manage IPAM
        1. Introduction to IPAM
        2. Deploy IPAM
        3. Configure server discovery
        4. Managing the IP address space
        5. IP address tracking
        6. IPAM administration
        7. Lesson summary
        8. Lesson review
      5. Practice exercises
        1. Exercise 1: Configure MEL-DC
        2. Exercise 2: Configure DNSSEC
        3. Exercise 3: Configure the name resolution policy
        4. Exercise 4: Increase the size of the DNS socket pool
        5. Exercise 5: Modify DNS Cache Locking
        6. Exercise 6: Create and manage a GlobalNames Zone
        7. Exercise 7: Configure and view the DNS Event Log
        8. Exercise 8: Verify netmask ordering and disable recursion
        9. Exercise 9: Install and activate the DHCP role
        10. Exercise 10: Create a DHCP superscope
        11. Exercise 11: Create a split scope
        12. Exercise 12: Configure DHCP Name Protection
        13. Exercise 13: Create new multicast scopes
        14. Exercise 14: Configure DHCP failover
        15. Exercise 15: Install the IPAM feature
        16. Exercise 16: Configure IPAM GPOs and server discovery
        17. Exercise 17: Configure servers to be managed by IPAM
        18. Exercise 18: Manage servers using IPAM
        19. Exercise 19: Use IPAM to create a DHCP scope
        20. Exercise 20: Use IPAM to manage IP addresses
      6. Suggested practice exercises
      7. Answers
      8. Lesson 1
        1. Lesson 2
        2. Lesson 3
    6. 4. Active Directory Certificate Services
      1. Before you begin
      2. Lesson 1: Install and configure Active Directory Certificate Services
        1. Installing certificate authorities
          1. Active Directory Certificate Services role services
          2. CA hierarchies
          3. Enterprise root CA
          4. Enterprise subordinate CA
          5. Standalone root CA
          6. Standalone subordinate CA
          7. Hardware security module
        2. CRL Distribution Points
        3. Online responders
        4. Administrative role separation
        5. CA backup and recovery
        6. Lesson summary
        7. Lesson review
      3. Lesson 2: Manage certificates
        1. Certificate templates
        2. Certificate revocation
        3. Certificate renewal
        4. Autoenrollment
        5. Key archiving and recovery
        6. Lesson summary
        7. Lesson review
      4. Practice exercises
        1. Exercise 1: Deploy and configure an enterprise root CA
        2. Exercise 2: Deploy an enterprise subordinate CA
        3. Exercise 3: Install a standalone subordinate CA
        4. Exercise 4: Configure a standalone CA
        5. Exercise 5: Configure a CRL Distribution Point
        6. Exercise 6: Configure an online responder
        7. Exercise 7: Configure administrative role separation
        8. Exercise 8: Configure a key recovery agent certificate template
        9. Exercise 9: Request a key recovery agent certificate
        10. Exercise 10: Configure Key Recovery
        11. Exercise 11: Configure a certificate template for autoenrollment and key recovery
        12. Exercise 12: Configure group policy to support autoenrollment, credential roaming, and automatic renewal
        13. Exercise 13: Configure a certificate template to support private key archival and recovery and reenroll all certificate holders
        14. Exercise 14: Perform certificate revocation
        15. Exercise 15: Perform certificate recovery
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    7. 5. Backup and recovery
      1. Before you begin
      2. Lesson 1: Configure and manage backups
        1. Windows Server Backup
          1. Backup locations
          2. Windows Server Backup PowerShell cmdlets
          3. Backing up data with Windows Server Backup
        2. Windows Azure Backup
          1. Preparing for Windows Azure Backup
          2. Backing up data to Windows Azure Backup
        3. Role- and application-specific backups
        4. Vssadmin
        5. System restore points
        6. Data Protection Manager
        7. Lesson summary
        8. Lesson review
      3. Lesson 2: Recover servers
        1. Restore from backups
          1. Restore to an alternative location
          2. Restore from Windows Azure Backup
        2. Recover servers using Windows Recovery Environment
        3. Safe Mode and Last Known Good Configuration
        4. Configure the Boot Configuration Data store
        5. Lesson summary
        6. Lesson review
      4. Practice exercises
        1. Exercise 1: Prepare MEL-DC and CBR-DC for exercises
        2. Exercise 2: Install Windows Server Backup
        3. Exercise 3: Configure CBR-DC for local backup
        4. Exercise 4: Perform a backup to a local volume
        5. Exercise 5: Perform a backup over the network
        6. Exercise 6: Use Vssadmin
        7. Exercise 7: Perform a full volume recovery using Windows Server Backup
        8. Exercise 8: Prepare for Windows Recovery Environment
        9. Exercise 9: Perform full server recovery over the network
        10. Exercise 10: Boot into Safe Mode
        11. Exercise 11: Modify Boot Configuration Data store
        12. Exercise 12: Configure a standalone computer for use with Windows Azure Backup
        13. Exercise 13: Configure Windows Azure Backup
        14. Exercise 14: Backup data to Windows Azure Backup
        15. Exercise 15: Restore data from Windows Azure Backup
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    8. 6. Advanced file services and storage
      1. Before you begin
      2. Lesson 1: Advanced file services
        1. File screens
        2. Quotas
        3. Server for NFS
        4. BranchCache
          1. Hosted Cache Server Configuration
          2. BranchCache for Network File Server
          3. Client configuration
        5. File classification
        6. File access auditing
        7. Lesson summary
        8. Lesson review
      3. Lesson 2: Configure and optimize storage
        1. iSCSI target and initiator
        2. iSNS server
        3. Thin provisioning and trim
        4. Features on Demand
        5. Lesson summary
        6. Lesson review
      4. Practice exercises
        1. Exercise 1: Prepare MEL-DC and ADL-DC
        2. Exercise 2: Deploy FSRM
        3. Exercise 3 Configure quota templates and quotas
        4. Exercise 4: Create file groups, file screen templates, apply file screens, and apply file screen exceptions
        5. Exercise 5: Configure file classification
        6. Exercise 6: Verify the classification
        7. Exercise 7: Configure file access auditing
        8. Exercise 8: Create and assign an iSCSI target
        9. Exercise 9: Connect to an iSCSI target
        10. Exercise 10: Create a new storage pool and thin provisioned virtual disk
        11. Exercise 11: Install the iSNS server and register the initiator
        12. Exercise 12: Remove feature files
        13. Exercise 13: Configure BranchCache policies
        14. Exercise 14: Deploy BranchCache on Windows Server 2012
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    9. 7. High availability
      1. Before you begin
      2. Lesson 1: Configure and manage failover clustering
        1. Failover clustering
        2. Cluster Quorum Modes
        3. Cluster storage and cluster shared volumes
          1. Cluster networks
        4. Cluster-Aware Updating
        5. Migrating and upgrading clusters
        6. Failover and preference settings
        7. Continuously available shares
        8. Lesson summary
        9. Lesson review
      3. Lesson 2: Network Load Balancing
        1. Network Load Balancing
        2. Network Load Balancing prerequisites
        3. NLB cluster operation modes
        4. Managing cluster hosts
        5. Port rules
        6. Filtering and affinity
        7. Upgrading an NLB cluster
        8. New NLB PowerShell cmdlets
        9. Lesson summary
        10. Lesson review
      4. Practice exercises
        1. Exercise 1: Prepare ADL-DC, MEL-DC, and CBR-DC for exercises
        2. Exercise 2: Install the Network Load Balancing feature on ADL-DC, CBR-DC, and MEL-DC
        3. Exercise 3: Create a three-node NLB cluster
        4. Exercise 4: Configure port rules and affinity
        5. Exercise 5: Remove an NLB cluster
        6. Exercise 6: Create shared storage for failover clustering
        7. Exercise 7: Connect potential cluster nodes to shared storage
        8. Exercise 8: Install failover cluster features
        9. Exercise 9: Validate cluster configuration
        10. Exercise 10: Create a two-node failover cluster
        11. Exercise 11: Add a cluster node
        12. Exercise 12: Change the quorum configuration
        13. Exercise 13: Install and configure a highly available file server
        14. Exercise 14: Configure a highly available file share
        15. Exercise 15: Configure failover settings, failback settings, and move node
        16. Exercise 16: Simulate unplanned failure
        17. Exercise 17: Cluster-Aware Updating
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    10. 8. Virtual machine and site resilience
      1. Before you begin
      2. Lesson 1: Virtual machine movement
        1. Virtual machine failover clustering
        2. Shared Nothing Hyper-V Live Migration
        3. Storage Migration
        4. Virtual machine import and export
        5. Lesson summary
        6. Lesson review
      3. Lesson 2: Site-level fault tolerance
        1. Hyper-V Replica
          1. Configuring Hyper-V Replica
          2. Planned failover
          3. Unplanned failover
            1. Hyper-V Replica Broker
        2. Multisite clustering
        3. Lesson summary
        4. Lesson review
      4. Practice exercises
        1. Exercise 1: Install the Hyper-V role on MEL-HV-1 and MEL-HV-2
        2. Exercise 2: Configure identical virtual switches on MEL-HV-1 and MEL-HV-2
        3. Exercise 3: Prepare servers for live migration
        4. Exercise 4: Prepare servers for replication
        5. Exercise 5: Create two virtual machines on MEL-HV-1
        6. Exercise 6: Configure TEST-ONE for replication
        7. Exercise 7: View replication health and perform planned failover of TEST-ONE to MEL-HV-2
        8. Exercise 8: Configure Hyper-V to support live migration
        9. Exercise 9: Perform live migration of TEST-TWO
        10. Exercise 10: vPerform storage migration
        11. Exercise 11: Perform a virtual machine export
        12. Exercise 12: Import a copy of a virtual machine
        13. Exercise 13: Perform an unplanned failover
        14. Exercise 14: Enable reverse replication
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    11. 9. DAC and AD RMS
      1. Before you begin
      2. Lesson 1: Implement Dynamic Access Control (DAC)
        1. Introduction to Dynamic Access Control
        2. Configuring group policy to support DAC
        3. Configuring user and device claims
        4. Configuring resource properties
        5. Central access rules
        6. Central access policies
        7. Staging
        8. Access Denied Assistance
        9. Lesson summary
        10. Lesson review
      3. Lesson 2: Install and configure Active Directory Rights Management Services (AD RMS)
        1. Installing AD RMS
        2. AD RMS certificates and licenses
        3. AD RMS templates
        4. AD RMS Administrators and Super Users
        5. Trusted user and publishing domains
        6. Exclusion policies
        7. Apply AD RMS templates automatically
        8. Lesson summary
        9. Lesson review
      4. Practice exercises
        1. Exercise 1: Prepare MEL-DC and ADL-DC
        2. Exercise 2: Enable group policy support for DAC
        3. Exercise 3: Create users and groups
        4. Exercise 4: Configure user and device claims
        5. Exercise 5: Configure Resource Properties
        6. Exercise 6: Prepare server for file classification
        7. Exercise 7: Create a file classification rule
        8. Exercise 8: Run and verify the file classification
        9. Exercise 9: Create central access rules
        10. Exercise 10: Create a central access policy
        11. Exercise 11: Configure Access Denied Assistance
        12. Exercise 12: Configure staging
        13. Exercise 13: Prepare infrastructure for an AD RMS deployment
        14. Exercise 14: Install and configure the AD RMS server role
        15. Exercise 15: Create the AD RMS Super Users group
        16. Exercise 16: Create AD RMS templates
        17. Exercise 17: Configure template distribution
        18. Exercise 18: Configure application exclusions
        19. Exercise 19: Apply RMS templates using file classification
      5. Suggested practice exercises
      6. Answers
        1. Lesson 1
        2. Lesson 2
    12. 10. Active Directory Federation Services
      1. Before you begin
      2. Lesson 1: Implement Active Directory Federation Services
        1. AD FS Components
        2. Claims, claim rules, and attribute stores
        3. Claims provider
        4. Relying party
        5. Relying party trust
        6. Claims provider trust
        7. Configuring certificate relationship
        8. Attribute stores
        9. Claims rules
          1. Relying party trust claims rules
          2. Claims provider trust claim rules
        10. Configure AD FS proxy
        11. Lesson summary
        12. Lesson review
      3. Practice exercises
        1. Exercise 1: Prepare separate forests
        2. Exercise 2: Configure DNS forwarding
        3. Exercise 3: Deploy AD CS in each forest
        4. Exercise 4: Prepare SYD-DC for certificate publication
        5. Exercise 5: Prepare MEL-DC for certificate publication
        6. Exercise 6: Configure CA trust in each forest
        7. Exercise 7: Acquire certificates for each server.
        8. Exercise 8: Deploy AD FS in each forest
        9. Exercise 9: Configure relying party trust
        10. Exercise 10: Configure Claims Provider Trust
        11. Exercise 11: Prepare claim data
        12. Exercise 12: Configure Claim Rules
      4. Suggested practice exercises
      5. Answers
        1. Lesson 1
    13. A. About the author
    14. Index
    15. About the Author
    16. Special Upgrade Offer
    17. Copyright