Installing and Configuring Windows Server 2016 Hands-on Guide: Step By Step Lab Guide

InstallingandConfiguringWindows

Server2016(Hands-onGuide)

Copyright©2016K.G.Mark

Allrightsreserved.

ContentsCopyright

AboutThisBookAudienceandCandidatesPrerequisites

DisclaimerVirtualMachines

PreparingVirtualMachinesTask1:InstallingVMwareWorkstationontheHostMachineTask2:InstallingandConfiguringtheDC1VirtualMachine

Task2.1:ConfiguringtheDC1VirtualMachineTask2.2:PromotingtheDC1VirtualMachineasaDomainControllerTask3:InstallingandConfiguringtheSERVER1VirtualMachineTask4:InstallingandConfiguringtheCLIENT1VirtualMachineTask5:InstallingandConfiguringtheROUTERVirtualMachineTask6:CreatingandConfiguringtheSERVER2VirtualMachine

Task7:CreatingSnapshotsofVirtualMachinesTask8:WorkingwiththeWindowsServer2016DesktopExperienceExercise1:InstallingandConfiguringWindowsServer2012R2Core

MachineTask1:InstallingWindowsServer2012R2CoreMachine.

Task2:ConfiguringtheWindowsServer2016CoreMachine.Task3:AddingCORE1toDomain

Exercise2:ManagingServersRemotelyTask1:CreatingandManagingtheServerGroup

Task2:DeployingRolesandFeaturesonCORE1MachineTask3:ManagingServicesontheCORE1Machine

Exercise3:UsingWindowsPowerShelltoManageServersTask1:UsingtheWindowsPowerShelltoConnectRemotelytoServers

andViewInformation

Task2:UsingWindowsPowerShelltoManageRolesandFeaturesRemotely

Exercise04:InstallingandConfiguringDomainControllersTask1:AddingtheADDSRoleonaMemberServer

Task2:ConfiguringSERVER1ServerasaDomainControllerTask3:ConfiguringSERVER1asaGlobalCatalogServerExercise5:InstallingaDomainControllerbyUsingIFM

Task1:GeneratingaIFMDataFileTask2:AddingtheADDSRoletotheMemberServer

Task3:ConfiguringSERVER1asaNewDomainControllerUsingtheIFMDataFile

Exercise6:ManagingOrganizationalUnitsandGroupsinADDSTask1:ManagingOrganizationalUnitsandGroups

Task2:DelegatingthePermissionsTask3:ConfiguringHomeFoldersforUserAccounts

Task4:TestingandVerifyingtheHomeFoldersandDelegatedPermissions

Task5:ResettingtheComputerAccountsTask6:ExaminingtheBehaviorwhenaUserLoginsonClient.

Task7:RejoiningtheDomaintoReconnecttheComputerAccountExercise7:UsingWindowsPowerShelltoCreateUserAccountsandGroups

Task1:CreatingaUserAccountUsingWindowsPowerShellTask2:CreatingGroupsUsingWindowsPowerShellTask3:ExportingUserAccountsUsingtheldifdeTool

Exercise8:InstallingandConfiguringtheDHCPServerRoleTask1:InstallingtheDHCPServerRoleTask2:ConfiguringtheDHCPScopeTask3:ConfiguringDHCPClient

Task4:ConfiguringDHCPReservationExercise9:InstallingandConfiguringDNS

Task1:ConfiguringSERVER1asaDomainControllerwithoutInstallingtheDNSServerRole

Task2:CreatingandConfiguringtheMyzone.localZoneonDC1Task3:AddingtheDNSServerRoleontheSERVER1Task4:VerifyingReplicationofthemcsalab.localZone

Task5:ConfiguringDNSForwarderTask6:ManagingtheDNSCache10:ImplementingLANRouting

Task1:InstallingtheLANRoutingFeatureonROUTERTask2:ConfiguringtheLANRoutingServiceonROUTER

Task3:TestingtheConnectivitybetweenDC1andSERVER2ServersExercise11:ConfiguringIPv6AddressingTask1:DisablingIPv6AddressonDC1

Task2:DisablingIPv4AddressonSERVER2Task3:ConfiguringanIPv6NetworkonROUTERTask4:VerifyingIPv6AddressonSERVER2

Exercise12:InstallingandConfiguringDiskStorageTask1:AddingNewVirtualDiskstoDC1

Task2:InitializingtheAddedDisksTask3:CreatingandFormattingSimpleVolumes

Task4:ShrinkingtheVolumesTask5:ExtendingtheVolumes

Exercise13:ConfiguringaRedundantStorageSpaceTask1:CreatingaStoragePool

Task2:CreatingaMirroredVirtualDiskTask3:CreatingaFileintoMirroredVolume1

Task4:RemovingaPhysicalDriveTask5:VerifyingtheFileAvailability

Exercise14:ImplementingFileSharingTask1:CreatingtheFolderStructurefortheNewShare

Task2:ConfiguringNTFSPermissionsontheFolderStructureTask3:SharingtheFolder

Task4:AccessingtheSharedFolderTask5:EnablingAccess-basedEnumeration

Task6:TestingtheAccess-basedEnumerationConfigurationExercise15:ImplementingShadowCopies

Task1:ConfiguringShadowCopiesTask2:RecoveringaDeletedFileUsingShadowCopy

Exercise16:ImplementingNetworkPrintingTask1:InstallingthePrintandDocumentServicesServerRole

Task2:InstallingaNewPrinterTask3:ConfiguringPrinterPooling

Task4:ConnectingaPrinteronaClientExercise17:ImplementingGroupPolicyObjects

Task1:CreatingaNewGPOTask2:ConfiguringtheInternetExplorerGPOTask3:CreatingaDomainUsertoTesttheGPO

Task4:TestingtheInternetExplorerGPOTask5:ConfiguringSecurityFilteringtoExemptaUserfromtheInternet

ExplorerGPOTask6:TestingtheInternetExplorerGPO

Exercise18:ImplementingAppLockerandFirewallUsingGroupPolicyTask1:RestrictinganApplicationUsingAppLocker

Task2:ConfiguringWindowsFirewallRulesUsingGroupPolicy

CopyrightTheauthorholdsalltherightsofpublishingandreproducingtothisbook.Thecontentofthisbookcannotbereproducedorcopiedinanyformorbyanymeansorreproducedwithoutthepriorwrittenpermissionoftheauthor.

AboutThisBookThisbookcontainsthevirtuallabsetupguideandthelabexercisesforinstalling

andconfiguringWindowsServer2016.Youcancreatethevirtuallabinfrastructureonyourownsystemandyoucaneasilyperformallthelabexercisesmentionedinthisbook.CandidatehavingthebasicknowledgeofWindowsoperatingsystemsandnetworkingfundamentalscanperformallthelabexerciseswithout(orleast)theneedofatrainerorfaculty.Thisbookmainlycoverstheinitialimplementationandconfigurationofcoreservices,suchasAD

DS,networkingservices.

AudienceandCandidatesPrerequisitesThisbookisintendedforthecandidateswhohavebasicoperatingsystemknowledge,andwanttogainthehands-onpracticeskillsandknowledge

necessarytoimplementthecoreinfrastructureservices.Inaddition,thisbookisalsohelpfulforthecandidatewhoarelookingforcertificationintheWindows

Server2016platform.Thecandidatesshouldhavethebasicknowledgeofthenetworking

fundamentals,Windows-basedoperatingsystems,andvirtualizationplatformstoperformthehands-onpractices.

DisclaimerWemadealmosteveryefforttoavoiderrorsoromissionsinthisguide.

However,errorsmayslinkin.Anymistake,errorordiscrepancynotedbythereadersarerequestedtosharewithus,whichwillbehighlyappreciable.Thecontentsandimagesinthisguidecouldincludetechnicalinaccuraciesor

typographicalerrors.Author(s)orpublishermakesnorepresentationsabouttheaccuracyoftheinformationcontainedintheguide.

VirtualMachinesThevirtualmachinesthatwillbeusedthroughoutthisbookarelistedinthe

followingtable.

S.No. VMName OperatingSystem1 DC1 WindowsServer

20162 SERVER1 WindowsServer

20163 CLIENT1 Windows8.1/104 ROUTER WindowsServer

20165 SERVER2 WindowsServer

2016

Topreparethevirtualmachinesmentionedintheprecedingtable,youneedISOimages.YoucandownloadtheevaluationISOimages(WindowsServer2016(TechnicalPreview)andWindows8.1/10)fromtheMicrosoftdownloadcenter.

Toperformthestepbysteplabexercises,downloadtheISOimagesandplace

themundertheD:\ISOsfolderonthehostmachine.YoucansetupthevirtuallabinfrastructureontheVMwareorHyper-Vplatform.

EachvirtualmachinewillactasaseparatemachinewiththeuniqueGUID,SID,

andIPaddress.ThefollowingtableliststheIPaddressesandrolesoftherespectiveVMs.

S.No.

VMName

IPAddress Role

1 DC1 10.0.0.100 Domaincontrollerofthemcsalab.local

domain.2 SERVER1 10.0.0.101 Memberserverof

themcsalab.localdomain.

3 CLIENT1 10.0.0.102 Clientmachineof

themcsalab.localdomain.

4 ROUTER InternalSubnet:10.0.0.1ExternalSubnet:

192.168.0.1

RouterservertoperformtheLAN

routing.

5 SERVER2 192.168.0.2 Workgroupserverintheexternalsubnet.

PreparingVirtualMachinesTocreatethevirtualmachines,youneedtoperformthefollowingtasksonthe

hostmachine:

1. InstallVMwareWorkstationorPlayer.

2. InstallandconfiguretheDC1virtualmachine

3. InstallandconfiguretheSERVER1virtualmachine

4. InstallandconfiguretheCLIENT1virtualmachine

5. InstallandconfiguretheROUTERvirtualmachine

6. InstallandconfiguretheSERVER2virtualmachine

Task1:InstallingVMwareWorkstationontheHostMachine

ToInstallVMwareWorkstationorVMwarePlayer,firstyouneedtodownloadit.Onceitisdownloaded,justdouble-clickthesetupfile,andfollowthesimple

stepstocompletetheinstallationprocess.

Task2:InstallingandConfiguringtheDC1VirtualMachine

ToinstallandconfiguretheDC1virtualmachine,youneedtoperformthefollowingsteps:

1. MakesurethattheVMwareconsoleisactive.2. SelectFileandthenselectNewVirtualMachine.3. OntheNewVirtualMachineWizard,clickNext.

4. OntheGuestOperatingSystemInstallationpage,selectthe

Installerdiscimagefile(iso):radiobutton,browsethelocationoftheServer2016ISOimagefile,andthenclickNext.

5.

Note:IfyouusetheVMwareplatformthatautomaticallydetectstheversionoftheWindowsserver,youmayaskedtosetthefollowing

settings:Productkey

OperatingsystemeditionAdministratorpassword

Otherwise,youmayskipit.

6. OntheSelectaGuestOperatingSystempage,selectthehighestsupportedversionofWindowsserver(inthiscaseWindowsServer2012butitwillstillsupportWindowsServer2016),andthenclick

Next.

7. OntheNameandVirtualMachinepage,typeDC1intheVirtual

machinenamefield.8. IntheLocationfield,navigatethelocationwhereyouwanttosave

thevirtualmachine,suchasH:\VMs\2k16\DC1,andthenclickNext.

9. OntheSpecifyDiskCapacitypage,selectStorevirtualdiskasa

singlefile,optionallyyoucanalsosetthedisksizeaswell,andthenclickNext.

10. OntheReadytoCreateVirtualMachinepage,clickCustomize

Hardware.11. OntheHardwarewindow,selectNetworkAdapterintheleft

pane.SelecttheHostonlyradiobutton,andthenclickClose.

12. ClickFinish.13. OntheVMwareconsole,powerontheDC1virtualmachine.14. OntheWindowsSetuppage,clickNext,andthenclickInstall

Now.

15. OntheSelecttheoperatingsystemyouwanttoinstallpage,

selecttheWindowsServer2016DesktopExperience,andthenclickNext.

16. OntheLicensetermspage,selecttheIacceptthelicenseterms

checkbox,andthenclickNext.17. OntheWhichtypeofinstallationdoyouwantpage,selectthe

Customoption,andthenclickNext.18. OntheWheredoyouwanttoinstallWindowspage,clickNext.

19. TheInstallationprocesswillbegin,after10-15minutesthe

Customizesettingsscreenwilldisplay.20. SetAdministratorpasswordasPassword@123.

Task2.1:ConfiguringtheDC1VirtualMachine

1. SignintoDC1withtheAdministratoraccount.2. OpentheSystemProperties(sysdm.cpl)andsetthecomputer

nameasDC1.

3. RestartandsignintothesystemwiththeAdministratoraccount.

Aftersometime,theServerManagerconsolewilldisplay.4. OpentheRundialogbox,typencpa.cpl,andthenpressEnter.5. Selectandright-clicktheactivenetworkadapter,andthenselect

Properties.6. SetthefollowingTCP/IPsettings:

IPaddress:10.0.0.100.Subnetmask:255.0.0.0.Defaultgateway:10.0.0.1.

PreferredDNSserver:10.0.0.100.

7. ClosetheNetworkConnectionsconsole.

Task2.2:PromotingtheDC1VirtualMachineasa

DomainControllerTopromotetheDC1virtualmachineasadomaincontroller,youneedto

performthefollowingsteps:1. OpentheServerManagerconsole.2. ClicktheAddrolesandfeatureslink.3. OntheBeforeyoubeginpage,clickNext.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectserverrolespage,selecttheActiveDirectory

DomainServicescheckbox,asshowninthefollowingfigure.

7. Acceptthedefaultselectionsthroughrestofthewizardand

completetheinstallationprocess.8. ClickClose,oncetheinstallationsucceedsonDC1.9. OntheServerManagerconsole,clicktheNotificationsicon.10. ClickthePromotethisservertoadomaincontrollerlink,as

showninthefollowingfigure.

11. OntheDeploymentConfigurationpage,selecttheAddanew

forestradiobutton.12. IntheRootdomainnametextbox,typemcsalab.local,asshown

inthefollowingfigure,andthenclickNext.

13. OntheDomainControllerOptionspage,makesurethatthe

DomainNameSystem(DNS)servercheckboxisselected,asshowninthefollowingfigure.

14. InthePasswordandConfirmpasswordtextboxes,typethe

Password@123,andthenclickNext.15. OntheDNSOptionspageandthenclickNext.16. OntheAdditionalOptionspage,clickNext.17. OnthePathspage,asshowninthefollowingfigure,reviewthe

defaultlocationfortheADDSdatabasefile,andthenclickNext.

18. OntheReviewOptionspage,clickNext.19. OnthePrerequisitesCheckpage,asshowninthefollowing

figure,reviewtheprerequisites,andthenclickInstall.

20. Aftersometime,thesystemwillrestartautomatically,signinto

DC1withtheMCSALAB\Administratoraccount.21. DonotshutdowntheDC1virtualmachine.

Task3:InstallingandConfiguringtheSERVER1VirtualMachine

ToinstallandconfiguretheSERVER1virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringtheinstallingSERVER1virtualmachine,makesurethatyouusethefollowingsettingsandoptions:

Virtualmachinename:SERVER1.

Operatingsystemversion:WindowsServer2016.

Memory:2048MB

Harddisksize:50GB

NetworkAdapter:Hostonly(clickCustomizeHardwarebeforeclickingtheFinishbutton.)

Password:Password@123

2. OnceyouinstalledtheSERVER1virtualmachinewiththeprecedingsettings,configurethefollowingTCP/IPsettings:

IPaddress:10.0.0.101

Subnetmask:255.0.0.0

Defaultgateway:10.0.0.1

PreferredDNSserver:10.0.0.100

3. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystemPropertiesdialogboxandclickChange.

4. OntheComputerName/DomainChangesdialogbox,inthe

Computernametextbox,typeSERVER1.

5. SelecttheDomainradiobutton,intheMemberofsection,andthentypemcsalab.local,andthenclickOK.

6. OntheWindowsSecuritydialogbox,providethecredentialsoftheDC1server,andrestarttheSERVER1virtualmachine.

7. SignintoSERVER1withtheAdministratoraccount.

8. ShutdowntheSERVER1virtualmachine.

Task4:InstallingandConfiguringtheCLIENT1VirtualMachine

ToinstallandconfiguretheCLIENT1virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringtheinstallingCLIENT1virtualmachine,makesurethatyouusethefollowingsettingsandoptions:

Virtualmachinename:CLIENT1.

Operatingsystemversion:Windows8.1/10.

Memory:1024MB

Harddisksize:50GB

NetworkAdapter:Hostonly(clickCustomizeHardwarebeforeclickingtheFinishbutton.)


2. OnceyouinstalledtheCLIENT1virtualmachinewiththeprecedingsettings,configurethefollowingTCP/IPsettings:





3. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystemPropertiesdialogbox,andclickChange.

4. OntheComputerName/DomainChangesdialogbox,intheComputernametextbox,typeCLIENT1.

5. SelecttheDomainradiobuttonintheMemberofsection,typemcsalab.local,andthenclickOK.

6. OntheWindowsSecuritydialogbox,providethecredentialsoftheDC1server,andrestarttheCLIENT1virtualmachine.

7. SignintoCLIENT1withtheAdministratoraccount.

8. ShutdowntheCLIENT1virtualmachine.

Task5:InstallingandConfiguringtheROUTERVirtualMachine

ToinstallandconfiguretheROUTERvirtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringthecreatingROUTERvirtualmachine,makesurethatyou

usethefollowingsettingsandoptions:Virtualmachinename:ROUTER.

Operatingsystemversion:WindowsServer2016.Memory:1024MBHarddisksize:50GB

NetworkAdapter:Hostonly2. OnceyoucreatedtheROUTERvirtualmachinewiththepreceding

settings,selecttheROUTERvirtualmachine,clickEditvirtualmachinesettings,asshowninthefollowingfigure.

3. OntheVirtualMachineSettingsdialogbox,clickAdd.4. OntheAddHardwareWizard,selectNetworkAdapter,andthen

clickNext.

5. OntheNetworkAdapterTypepage,selectVMnet2underthe

Customoption.

6. ClickFinishandthenclickOKbutton.7. PowerontheROUTERvirtualmachine.8. FollowthesimplestepstoinstalltheROUTERvirtulmachine.Use

[email protected]. OnceyouinstalledtheROUTERvirtualmachinewiththe

precedingsettings,configurethefollowingTCP/IPsettingsonthefirstnetworkadapter(connectedtotheHostonlynetwork):

IPaddress:10.0.0.1Subnetmask:255.0.0.0


10. ConfigurethefollowingTCP/IPsettingsonthesecondnetworkadapter(connectedtotheVMnet2network):

IPaddress:192.168.0.1Subnetmask:255.255.255.0

11. OnceyouconfiguredtheprecedingTCP/IPsettings,openthe

SystemPropertiesdialogbox,setthecomputernameasROUTER,andrestarttheROUTERvirtualmachine.

12. OpentheCommandPromptwindow,typeping10.0.0.100,andthenpressEnter.

13. Youshouldbeabletocommunicate(ping)withtheDC1server.

Note:IfyouareunabletocommunicatewiththeDC1server,youmayneedtointerchangetheTCP/IPsettingsofthenetworkadapters.

14. DonotshutdowntheROUTERvirtualmachine.

Task6:CreatingandConfiguringtheSERVER2VirtualMachine

ToinstallandconfiguretheSERVER2virtualmachine,youcanfollowthesimplestepsasyouusedtoinstallandconfiguretheDC1virtualmachine.

1. DuringtheinstallingSERVER2virtualmachine,makesurethatyouusethefollowingsettingsandoptions:

Virtualmachinename:SERVER2.

Operatingsystemversion:WindowsServer2016.

Memory:1024MB

Harddisksize:50GB

NetworkAdapter:VMnet2


2. OnceyouinstalledtheSERVER2virtualmachinewiththeprecedingsettings,configurethefollowingTCP/IPsettings:





3. OnceyouconfiguredtheprecedingTCP/IPsettings,opentheSystemPropertiesdialogbox,setthecomputernameasSERVER2,andrestarttheSERVER2virtualmachine.

4. SignintoSERVER2withtheAdministratoraccount.

5. ShutdowntheSERVER2virtualmachine.

1. ShutdowntheDC1virtualmachine.

Task7:CreatingSnapshotsofVirtualMachinesOnceyouinstalledandconfiguredallthevirtualmachines,youneedtocreatethesnapshots/checkpointsforeachvirtualmachine.Snapshotwillhelpyoutorevertavirtualmachinetoitspreviouslyusedstate(atthepointwhenyouhad

createdit).Tocreateasnapshot,youneedtoperformthefollowingtasks:1. Makesurethattheallvirtualmachinesareturnedoff.2. Selectandright-clickanyvirtualmachine,selectSnapshot,and

thenselectTakesnapshot.Afterfewseconds,thesnapshotwillbecreated.

3. Usingtheprecedingmethod,createsnapshotsofallthevirtualmachines.

Task8:WorkingwithWindowsServer2016DesktopExperience

GUIinterfaceofWindowsServer2016isalmosthassimilarfunctionsasusedinwindowsServer2012R2.However,therearesomenewfeaturehavebeenaddedtomaketheuserexperiencemoreinteresting.SomeofthebasicGUIfeatures

are:StartbuttonTaskManagerTaskView

Startbutton1. SignintoDC1andclicktheStartbutton.Itwillshowyouthe

variousoptions,suchasServerManager,Settings,PowerShell,andCalculatorthatcanbeaccesseddirectly.

2. Ifyouright-clicktheStartbutton,itwillshowyoufewmore

options,asshowninthefollowingfigure.

TaskManager

TheTaskManagerinWindowsServer2016ismuchsimilartotheTaskManagerthathasbeenusedinWindowsServer2012R2.

TaskView

TaskViewallowsyoutoviewandswitchbetweendifferentactivewindows.ThisfeaturewasnotavailableinWindowsServer2012R2.

Task9:What’sNewinWindowsServer2016?InWindowsServer2016,therearemanynewrolesandfeatureshavebeen

added.Someofthemajornewrolesandfeaturesare:

HostGuardianServiceMultipointServices

WindowsServerEssentialsExperienceSetupandBootEventCollections

SMBBandwidthLimitWindowsBiometricFrameworkBitLockerNetworkUnlock

HostGuardianServiceTheHostGuardianService(HGS)isaserverroleintroducedinWindowsServer2016.ItprovidestheAttestationandKeyProtectionservicesthatallowGuardedHoststorunshieldedvirtualmachines.TheAttestationservicevalidatesguardedhostidentityandconfiguration.TheKeyProtectionserviceallowstransportkeys

toenableguardedhoststounlockandrunshieldedvirtualmachines.

MultipointServicesItallowsmultipleuserstosimultaneouslyshareonecomputerandeachuserhas

theirownindependentandfamiliarWindowsexperience.

WindowsServerEssentialsExperienceThisisaroleservicethatsetsuptheITinfrastructureandofferspowerful

functions,suchas“PCbackups”thathelpsorganizations’toprotectdata,and“RemoteWebAccess”thathelpsaccessbusinessinformationfromanywhere,

virtually.Italsohelpsyoutosimplyandrapidlyconnecttocloud-basedapplicationsandservicestoextendthefunctionalityoftheservers.

SetupandBootEventCollectionsItisafeaturethatenablesthecollectionandloggingofsetupandbootevents

fromothercomputersonthenetwork.

SMBBandwidthLimitThisfeatureprovidesamechanismtotrackSMBtrafficpercategoryandallows

youtolimittheamountoftrafficallowedforagivencategory.ItiscommonlyusedtolimitthebandwidthusedbylivemigrationoverSMB.

WindowsBiometricFrameworkThisfeatureallowsfingerprintdevicestobeusedtoidentifyandverifyidentities

andtosignintoWindows.

BitLockerNetworkUnlockThisfeatureenablesanetwork-basedkeyprotectortobeusedtoautomatically

unlockBitLocker-protectedoperatingsystemdrivesindomain-joinedcomputers,whenthecomputerisrestarted.

Exercise1:InstallingandConfiguringWindowsServer2012R2CoreMachine

Inthisexercise,youwillinstallandconfigureaWindowsServer2012R2coremachine.TheinstallationprocessfortheservercoreoptionandfullGUIoptionisalmostidentical.However,servercoreoptionrequireslesshardwareresourcesanditismoresecurethanthefullGUIoption.Inthisexercise,youwillusethe

followingvirtualmachines:DC1

CORE1

ToinstallandconfiguretheWindowsServer2012R2coremachine,youneedtoperformthefollowingtasks:

Task1:InstallingWindowsServer2012R2CoreMachine.

1. Createavirtualmachinewiththefollowingsettings:2. Duringthecreatingthevirtualmachine,makesurethatyouusethe

followingsettingsandoptions:Virtualmachinename:CORE1.

Operatingsystemversion:WindowsServer2016.Memory:512MB

Harddisksize:20GBNetworkAdapter:HostonlyPassword:Password@123

3. Oncethevirtualmachineiscreated,powerontheCORE1virtual

machine.4. Aftersometime,theWindowsSetupscreenwilldisplay.5. ClickNextandthenclickInstallnow.6. IftheActivateWindowsscreenisdisplayed,clickIdon’thavea

productkeylink.

7. OntheSelecttheoperatingsystemyouwanttoinstallpage,

selectWindowsServer2016TechnicalPreview4,andthenclickNext.

8. OntheLicensetermspage,selecttheIacceptthelicenseterms

checkbox,andthenclickNext.9. OntheWhichtypeofinstallationdoyouwant?page,click

Custom:InstallWindowsonly(advanced),asshowninthefollowingfigure.

10. OntheWheredoyouwanttoinstallWindows?page,clickNext.11. Theinstallationprocesswillstart.12. Aftersometime,thesigninscreenwilldisplay,andyouwillbe

askedtochangetheAdministratorpassword.

13. SettheAdministratorpasswordasPassword@123.

Task2:ConfiguringtheWindowsServer2016CoreMachine.

ToconfiguretheWindowsServer2016coremachine,youneedtoperformthefollowingsteps:

1. SignintoCORE1withtheAdministratoraccount.2. OntheCommandPromptwindow,typesconfig.cmd,andthen

pressEnter.TheServerConfigurationoptionswilldisplay,asshowninthefollowingfigure.

3. TochangethesystemDateandTime,type9,andthenpress

Enter.4. OntheDateandTimedialogbox,asshowninthefollowing

figure,clickChangetimezone.

5. Selectthedesiredtimezone,andthenclickOK.6. IntheDateandTimedialogbox,clickChangeDateandTime,

andverifythedateandtime,andthenclickOK.7. OntheCommandPromptwindow,type8,andthenpressEnter

toconfigureNetworkSettings.8. Typetheindexnumber(inourexampleitis10)ofthenetwork

adapter,asshowninthefollowingfigure,andthenpressEnter.

9. OntheNetworkAdapterSettingspage,type1,tosettheNetwork

AdapterAddress,asshowninthefollowingfigure,andthenpressEnter.

10. TosetstaticIPaddress,typeS,asshowninthefollowingfigure,

andthenpressEnter.

11. AttheEnterstaticIPaddress:prompt,type10.0.0.103,andthenpressEnter.

12. AttheEntersubnetmask:prompt,acceptthedefaultvalue,andthenpressEnter.

13. AttheEnterdefaultgateway:prompt,type10.0.0.1,andthenpressEnter,asshowninthefollowingfigure.

14. OntheNetworkAdapterSettingsoption,type2,toconfigurethe

DNSserveraddress,andthenpressEnter.15. AttheEnternewpreferredDNSserverprompt,type10.0.0.100,

andthenpressEnter.16. OntheNetworkSettingsmessagebox,asshowninthefollowing

figure,clickOK.

17. PressEntertonotconfigureanalternateDNSserveraddress.18. AttheSelectoption:prompt,type4,andthenpressEntertoreturn

tothemainmenu.

19. AttheEnternumbertoselectanoption:prompt,type15,andthenpressEntertoexitthesconfig.cmdutility.

20. OntheCommandPromptwindow,typepingdc1.mcsalab.localtoverifytheconnectivitybetweenDC1andCORE1.

Task3:AddingCORE1toDomain

1. OntheCommandPromptwindow,typesconfig.cmd,andthenpressEnter.

2. AttheEnternumbertoselectanoption:prompt,type2,andthenpressEnter.

3. AttheEnteranewcomputername:prompt,typeCORE1,andthenpressEnter.

4. OntheRestartdialogbox,clickYes.

5. ThesystemwillrestartandaftersometimetheSigninscreenwill

display.6. SignintoCORE1withtheAdministratoraccount.7. OntheCommandPromptwindow,typehostname,andthenpress

Entertoverifythecomputer’sname.8. OntheCommandPromptwindow,typesconfig.cmd,andthen

pressEnter.9. Type1tochangetheDomain/Workgroupsettings,andthenpress

Enter.10. TypeDtojoinadomain,andthenpressEnter.11. AttheNameofdomaintojoinprompt,typemcsalab.local,and

thenpressEnter.12. AttheSpecifyanauthorizeddomain\userprompt,type

Administrator,andthenpressEnter.

13. AttheTypethepasswordassociatedwiththedomainuserprompt,typePassword@123,andthenpressEnter.

14. AttheChangeComputerNamemessagebox,asshowninthefollowingfigure,clickNo.

15. OntheRestartdialogbox,clickYes.Thesystemwillrestart.After

sometime,thesigninscreenwilldisplay.16. SignintoCORE1withtheMCSALAB\Administratoraccount.

Results:Aftercompletingthisexercise,youwillhaveconfiguredaWindows

Server2016servercoremachine.

DonotturnofforshutdowntheDC1and/orCORE1virtualmachine(s)asthesevirtualmachineswillberequiredtoperformthenextexercise.

Exercise2:ManagingServersRemotelyInthisexercise,youwillmanagetheservercoremachinefromtheremote

location.Inaddition,youwillalsodeployrolesandfeaturesontheservercoremachine.Further,youwillmanagetheservicesontheservercoremachine.

Beforestartingtoperformthisexercise,makesurethattheDC1andCORE1virtualmachinesarerunning,andyouhavenotrevertedthemintheprevious

exercise.

Task1:CreatingandManagingtheServerGroup1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,makesurethatDashboardis

selectedintheleftpane,andthenclickCreateaservergroup.3. OntheCreateServerGroupdialogbox,clicktheActive

Directorytab,andthenclickFindNow.4. IntheServergroupnametextbox,selecttheCORE1and

SERVER1servers,andthenaddCORE1andSERVER1totheservergroup.

5. IntheServergroupnametextbox,typeServerGroup1,asshowninthefollowingfigure.

6. ClickOKtoclosetheCreateServerGroupdialogbox.7. OntheServerManagerconsole,selectServerGroup1intheleft

pane.VerifythatthebothserversarelistedintheServerspane,asshowninthefollowingfigure.

Task2:DeployingRolesandFeaturesonCORE1

Machine1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickServerGroup1intheleft

pane.3. Scrolltothetopofthepane,selectandright-clickCORE1,and

thenselectAddRolesandFeatures,asshowninthefollowingfigure.

4. OntheAddRolesandFeaturesWizard,clickNext.5. OntheSelectinstallationtypepage,clickNext.6. OntheSelectdestinationserverpage,makesurethat

CORE1.mcsalab.localisselected,asshowninthefollowingfigure,andthenclickNext.

7. OntheSelectserverrolespage,selecttheDHCPServercheck

box,asshowninthefollowingfigure,andthenclickNext.

8. OntheAddRolesandFeaturesdialogbox,clickNext.9. ClickNext,untiltheConfirminstallselectionspageisdisplayed.

10. OntheConfirminstallationselectionspage,selecttheRestartthedestinationserverautomaticallyifrequiredcheckbox,as

showninthefollowingfigure,andthenclickInstall.

11. ClickClosetoclosetheAddRolesandFeaturesWizard,once

theinstallationiscompleted.

Task3:ManagingServicesontheCORE1Machine1. SwitchtoasOtheruserandsignintoCORE1withthe

MCSALAB\Administratoraccount.2. OntheCommandPromptwindow,typethefollowingcommand,

andthenpressEnter,asshowninthefollowingfigure.netsh.exefirewallsetserviceremoteadminenableALL

3. SwitchbackandsignintoDC1withtheMCSALAB\Administrator

account.

4. OntheServerManagerconsole,selectServerGroup1.5. Selectandright-clickCORE1,andthenclickComputer

Management.6. OntheComputerManagementconsole,expandtheServicesand

Applicationsnode,andthenselectServices.7. Selectandright-clicktheDHCPServerservice,andthenclick

Properties,asshowninthefollowingfigure.

8. OnthePropertiesdialogbox,ontheGeneraltab,makesurethat

theStartuptypeissettoAutomatic.9. SelecttheRecoverytab,configurethefollowingsettings,asshown

inthefollowingfigure.Firstfailure:RestarttheServiceSecondfailure:RestarttheService

Subsequentfailures:RestarttheComputerResetfailcountafter:1daysRestartserviceafter:1minute

10. OnthePropertiesdialogbox,clickRestartComputerOptions.11. OntheRestartComputerOptionsdialogbox,intheRestart

computerafterbox,type2,andthenclickOK.12. ClickOKtoclosethePropertiesdialogbox.13. ClosetheComputerManagementconsole.

Results:Aftercompletingthisexercise,youhavecreatedaservergroup,

deployedrolesandfeatures,andmanagedaserviceremotely.

ShutdownandreverttheDC1andCORE1virtualmachinestoprepareforthenextexercise.

Exercise3:UsingWindowsPowerShelltoManageServers

Inthisexercise,youwillusetheWindowsPowerShelltomanagetheWindowServer2016.WindowsPowerShellisacommand-lineinterfacethatissimilartocommandprompt.ItisdesignedtoexecutethescriptssimilartoUNIX/Linux

operatingsystems.

StarttheDC1virtualmachinetoperformthisexercise.

Task1:UsingtheWindowsPowerShelltoConnectRemotelytoServersandViewInformation1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,selectServerGroup1.3. Selectandright-clickCORE1,andthenselectWindows

PowerShell.4. AttheWindowsPowerShellprompt,typecd\andthenpress

Enter.5. TypeImport-ModuleServerManager,andthenpressEnter.6. TypeGet-WindowsFeatureandthenpressEntertoviewthe

installedrolesandfeaturesonCORE1,asshowninthefollowingfigure.

7. Typethefollowingcommandtoviewtherunningserviceson

CORE1andthenpressEnter,asshowninthefollowingfigure.Get-service|where-object{$_.status-eq“Running”}

8. TypethefollowingcommandandthenpressEntertoviewalistof

processesonCORE1,asshowninthefollowingfigure.

Get-Process

9. TypethefollowingcommandtoviewtheIPaddressesoftheCORE1machine,andthenpressEnter,asshowninthefollowing

figure.Get-NetIPAddress|Format-table

10. Typethefollowingcommandtoviewthemostrecent5security

logs,andthenpressEnter,asshowninthefollowingfigure.Get-EventLogSecurity-Newest5

11. CloseWindowsPowerShell.

Task2:UsingWindowsPowerShelltoManageRoles

andFeaturesRemotely1. OnDC1,onthetaskbar,clicktheWindowsPowerShell icon.2. AttheWindowsPowerShellprompt,typethefollowingcommand,

andthenpressEnter.3. Import-ModuleServerManager4. ToverifythattheWINSServerfeatureisnotinstalledonCORE1,

typethefollowingcommand,andthenpressEnter,asshowninthefollowingfigure.

Get-WindowsFeature-ComputerNameCORE1

5. ToinstalltheWINSServerfeatureonCORE1,typethefollowing

command,andthenpressEnter,asshowninthefollowingfigure.6. Install-WindowsFeatureWINS-ComputerNameCORE1

7. VerifythattheExitCodestatusdisplaysasthesuccesstext.

Results:Aftercompletingthisexercise,youhavemanagedtheserversusing

WindowsPowerShell.

ShutdownandreverttheDC1andCORE1virtualmachines.

Exercise04:InstallingandConfiguringDomainControllers

ThesystemthatholdstheActiveDirectoryDomainServicesroleactsasadomaincontroller.Adomaincontrollerisaserverthatisusedtomanageand

controltheclientsonanetwork.

Inthisexercise,youwilllearnhowtoconfigureadomaincontrolleronWindowsServe2016.Inaddition,youwillalsolearnhowtoconfigureaserver

asaGlobalCatalogserver.

StarttheDC1andSERVER1virtualmachinestoperformthisexercise.

Task1:AddingtheADDSRoleonaMemberServer1. SignintoDC1withtheMCSA\Administratoraccount.2. OntheServerManagerconsole,intheleftpane,selectandright-

clickAllServers,andthenselectAddServers.3. OntheAddServersdialogbox,intheName(CN)textbox,type

SERVER1,andthenclickFindNow.4. Inthenamelistarea,selectSERVER1,andthenclickthearrowto

addtheservertotheSelectedcolumn,asshowninthefollowingfigure.

5. ClickOKtoclosetheAddServersdialogbox.6. OntheServerManagerconsole,intheServerspane,waituntilthe

ManageabilitystatusdisplaysasOnline–Performancecountersnotstarted,asshowninthefollowingfigure.

7. Selectandright-clickSERVER1,andthenselectAddRolesand

Features.8. OntheAddRolesandFeaturesWizard,clickNext.9. OntheSelectinstallationtypepage,clickNext.10. OntheSelectdestinationserverpage,makesurethattheSelecta

serverfromtheserverpoolradiobuttonisselected.11. IntheServerPoolarea,makesurethatSERVER1.mcsalab.local

isselected,asshowninthefollowingfigure,andthenclickNext.

12. OntheSelectserverrolespage,selecttheActiveDirectoryDomainServicescheckbox.

13. OntheAddRolesandFeaturesdialogbox,clickAddFeatures,andthenclickNext.

14. TheSelectserverrolespageisreturned,makesurethattheActiveDirectoryDomainServicescheckboxisselected,asshowninthe

followingfigure,andthenclickNext.

15. ClickNext,untiltheConfirminstallationselectionspageis

displayed.16. OntheConfirminstallationselectionspage,selecttheRestart

thedestinationserverautomaticallyifrequiredcheckbox,andthenclickInstall.

17. Theinstallationprocesswillstart.ClickClosetoclosetheAddRolesandFeaturesWizard,oncetheinstallationiscompleted.

Task2:ConfiguringSERVER1ServerasaDomain

Controller1. OnDC1,ontheServerManagerconsole,clicktheNotifications

button.2. OnthePost-deploymentConfigurationbox,clickthePromote

thisservertoadomaincontrollerlink,asshowninthefollowingfigure.

3. OntheDeploymentConfigurationpage,oftheActiveDirectory

DomainServicesConfigurationWizard,makesurethattheAddadomaincontrollertoanexistingdomainradiobuttonis

selected.4. IntheDomaintextbox,makesurethatthemcsalab.localtextis

written,asshowninthefollowingfigure.

5. IntheSupplythecredentialstoperformthisoperationsection,

clickChange.6. OntheWindowsSecuritydialogbox,intheUsernametextbox,

typeMCSALAB\Administrator,inthePasswordbox,typePassword@123,asshowninthefollowingfigure.

7. ClickOKandthenclickNext.8. OntheDomainControllerOptionspage,makesurethatDomain

NameSystem(DNS)servercheckboxisselected,andthencleartheGlobalCatalog(GC)checkbox.

9. IntheTypetheDirectoryServicesRestoreMode(DSRM)passwordsection,typePassword@123,inthePasswordandConfirmpasswordtextboxes,asshowninthefollowingfigure,

andthenclickNext.

10. ClickNext,untilthePrerequisitesCheckpageisdisplayed.11. OnthePrerequisitesCheckpage,reviewthewarnings,andthen

clickInstall.

12. Theinstallationprocesswillstart,clickClose,oncetheinstallationiscompleted.

13. Theserverwillrestart.Waitforservertorestart.

Task3:ConfiguringSERVER1asaGlobalCatalogServer

1. SwitchandsignintoSERVER1withtheMCSALAB\Administratoraccount

2. OntheServerManagerconsole,clickTools,andthenclickActiveDirectorySitesandServices.

3. OntheActiveDirectorySitesandServicesconsole,expandSites\Default-First-Site-Name\Servers,andthenclickSERVER1,

asshowninthefollowingfigure.

4. Intheleftpane,selectandright-clickNTDSSettings,andthen

selectProperties.5. OntheNTDSSettingsPropertiesdialogbox,selecttheGlobal

Catalogcheckbox,asshowninthefollowingfigure,andthenclickOK.

6. ClosetheActiveDirectorySitesandServicesconsole.

Results:Aftercompletingthisexercise,youwillhaveexploredtheServerManagerconsoleandpromotedamemberservertobeadomaincontroller.ShutdownandreverttheDC1andSERVER1virtualmachinestopreparefor

thenextexercise.

Exercise5:InstallingaDomainControllerbyUsingIFM

Inthisexercise,youwilllearnhowtoconfigureadomaincontrollerusingtheIFMdatafile.TheInstallFromMedia(IFM)isafeaturethatallowsyouto

configureaserverasadomaincontroller.Thisfeaturehelpsyoutoreducethenetworkbandwidthconsumptionusedduringtheadditionaldomaincontrollerconfiguration.IFMallowsyoutoexporttheActiveDirectorydatabasefile(NTDS)toanexternalmediawhichcanbeusedtoconfigureanadditional

domaincontroller.


Task1:GeneratingaIFMDataFile1. SignintoDC1withtheMCSA\Administratoraccount.2. OpentheRundialogbox,intheOpentextbox,typecmd,andthen

pressEnter.3. OntheCommandPromptwindow,typethefollowingcommands,

andthenpressEnteraftereachone,asshowninthefollowingfigure.

NtdsutilActivateinstancentdsIFMCreatesysvolfullC:\IFM

Task2:AddingtheADDSRoletotheMemberServer

1. SwitchandsignintoSERVER1withthe

MCSALAB\Administratoraccount.2. OpentheCommandPromptwindow,typethefollowing

command,andthenpressEnter,asshowninthefollowingfigure.NetuseZ:\\DC1\c$\IFM

3. OpentheServerManagerconsole,ifrequired.4. Intheleftpane,selectLocalServer.5. Inthetoolbar,clickManage,andthenclickAddRolesand

Features,asshowninthefollowingfigure.

6. OntheBeforeyoubeginpageoftheAddRolesandFeatures

Wizard,clickNext.7. OntheSelectinstallationtypepage,makesurethattheRole-

basedorfeature-basedinstallationradiobuttonisselected,andthenclickNext.

8. OntheSelectdestinationserverpage,makesurethattheSERVER1serverisselected,andthenclickNext.

9. OntheSelectserverrolespage,selecttheActiveDirectory

DomainServicescheckbox.10. OntheAddRolesandFeaturesWizarddialogbox,clickAdd

Features,andthenclickNext.11. OntheSelectFeaturespage,clickNext.12. OntheActiveDirectoryDomainServicespage,clickNext.13. OntheConfirminstallationselectionspage,selecttheRestart

thedestinationserverautomaticallyifrequiredcheckbox.14. OntheAddRolesandFeaturesWizardmessagebox,asshown

inthefollowingfigure,readthemessage,andthenclickYes.

15. OntheConfirminstallationselectionspage,clickInstall.16. Theinstallationprocesswillstart.ClickClose,oncetheinstallation

iscompleted.

Note:IfyouseeawarningregardingtheDNSserverdelegation,clickOK.

Task3:ConfiguringSERVER1asaNewDomainControllerUsingtheIFMDataFile

1. OnSERVER1,opentheCommandPromptwindow,ifrequired.2. OntheCommandPromptwindow,typethefollowingcommands,

andthenpressEnter,asshowninthefollowingfigure.RobocopyZ:C:\IFMcopyalls

3. ClosetheCommandPromptwindow,oncethecopyingprocessis

completed.4. OntheServerManagerconsole,clicktheNotificationsbutton.5. InthePost-deploymentConfigurationbox,clickthePromote

thisservertoadomaincontrollerlink.6. OntheDeploymentConfigurationpage,makesurethattheAdda

domaincontrollertoanexistingdomainradiobuttonisselected.7. Makesurethatthemcsalab.localtextiswrittenintheDomaintext

box,asshowninthefollowingfigure.

8. IntheSupplythecredentialstoperformthisoperationsection,

clickChange.

Note:IfyouarealreadyloggedinasMCSA\Administratoraccount,youdon’t

needtochangethecredentialsonthispage.Ifso,movedirectlytotheDomainControllerOptionspage.

9. OntheWindowsSecuritydialogbox,intheUsernametextbox,

typeMCSALAB\Administrator,inthePasswordtextbox,typePassword@123.

10. ClickOK,andthenclickNext.11. OntheDomainControllerOptionspage,makesurethatthe

DomainNameSystem(DNS)serverandGlobalCatalog(GC)checkboxesareselected.

12. UndertheDSRMpasswordsection,typePassword@123inthe

PasswordandConfirmpasswordtextboxesandthenclickNext.13. OntheDNSOptionspage,clickNext.14. OntheAdditionalOptionspage,selecttheInstallfrommedia

checkbox.15. InthePathtextbox,typeC:\IFM,asshowninthefollowing

figure.

16. ClickVerify.Oncethepathhasbeenverified,clickNext.17. OnthePathspage,clickNext.18. OntheReviewOptionspage,clickNext.19. OnthePrerequisitesCheckpage,clickInstall.Theinstallation

processwillstartandtheserverwillrestart,oncetheconfigurationiscompleted.Waitfortheservertorestart.

Results:Aftercompletingthisexercise,youwillhaveinstalledanadditional

domaincontrollerforthebranchofficebyusingIFM.

ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.

Exercise6:ManagingOrganizationalUnitsandGroupsinADDS

ActiveDirectoryobjectsareusedtoaccessthevariousnetworkresourcesforthevariouspurposes.Onceyouconfiguredadomaincontroller,youneedtocreateandmanageActiveDirectoryobjects,suchasOUs,groups,andusers.Youcan

delegatetheadministrativepermissionstotheActiveDirectoryobjects.

Inthisexercise,youwilllearnhowtocreateActiveDirectoryobjects,howtodelegatethepermissions,andhowtoconfigurehomefolders.Inaddition,you

willalsolearnhowtoresetandrejointhecomputeraccounts.

StarttheDC1andCLIENT1virtualmachinestoperformthisexercise.

Task1:ManagingOrganizationalUnitsandGroups1. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickTools,andthenclick

ActiveDirectoryUsersandComputers.3. OntheActiveDirectoryUsersandComputersconsole,selectand

right-clickmcsalab.local,andthenselectNew,andthenclickOrganizationalUnit,asshowninthefollowingfigure.

4. OntheNewObject–OrganizationalUnitdialogbox,inthe

Nametextbox,typeTraining,asshowninthefollowingfigure,andthenclickOK.

5. Selectandright-clicktheTrainingOUintheleftpane,andthen

selectNew,andthenclickGroup.6. OntheNewObject–Groupdialogbox,intheGroupnametext

box,typeStudents,asshowninthefollowingfigure,andthenclickOK.

7. Selectandright-clickmcsalab.local,intheleftpane,andthen

selectNew,andthenclickOrganizationalUnit.8. OntheNewObject–OrganizationalUnitdialogbox,inthe

Nametextbox,typeDevelopment,andthenclickOK.9. Selectandright-clicktheDevelopmentOU,andthenselectNew,

andthenclickGroup.10. OntheNewObject–Groupdialogbox,intheGroupnametext

box,typeTrainers,andthenclickOK.11. Selectandright-clicktheDevelopmentOU,andthenselectNew,

andthenclickGroup.12. OntheNewObject–Groupdialogbox,intheGroupnametext

box,typeManagers,andthenclickOK.13. Intherightpane,selectandright-clicktheTrainersgroup,and

thenselectMove,asshowninthefollowingfigure.

14. OntheMovedialogbox,selecttheTrainingOU,asshowninthe

followingfigure,andthenclickOK.

15. Intheleftpane,selecttheTrainingOU.16. Intherightpane,selectandright-clickTrainers,andthenselect

Delete.17. OntheActiveDirectoryDomainServicesmessagebox,click

Yes.MakesurethattheTrainersgroupisdeleted.

Task2:DelegatingthePermissions1. MakesurethattheActiveDirectoryUsersandComputers

consoleisactiveonDC1.2. Intheleftpane,selectandright-clicktheTrainingOU,andthen

selectDelegateControl,asshowninthefollowingfigure.

3. OnthewelcomepageoftheDelegationofControlWizard,and

clickNext.4. OntheUsersorGroupspage,clickAdd.5. OntheSelectUsers,Computers,orGroupsdialogbox,inthe

Entertheobjectnamestoselect(examples)textbox,typeStudents,asshowninthefollowingfigure,andthenclickOK.

6. OntheUsersorGroupspage,clickNext.7. OntheTaskstoDelegatepage,makesurethattheDelegatethe

followingcommontasksradiobuttonisselected.8. SelecttheCreate,delete,andmanageuseraccountscheckbox,

asshowninthefollowingfigure,andthenclickNext.

9. OntheCompletingtheDelegationofControlWizardpage,click

Finish.10. Selectandright-clicktheTrainingOU,andthenselectNew,and

thenclickUser.11. OntheNewObject-Userdialogbox,typeMarsh,intheFirst

nameandUserlogonnametextboxes,asshowninthefollowingfigure,andthenclickNext.

12. InthePasswordandConfirmpasswordtextboxes,type

[email protected]. CleartheUsermustchangepasswordatnextlogoncheckbox,

selectthePasswordneverexpirescheckbox,asshowninthefollowingfigure.

14. ClickNext,andthenclickFinish.15. MinimizetheActiveDirectoryUsersandComputersconsole.

Task3:ConfiguringHomeFoldersforUserAccounts

1. OnDC1,createafoldernamedMarshData,undertheC:\Users\Publicfolder,asshowninthefollowingfigure.

2. Selectandright-clicktheMarshDatafolder,andthenselect

Properties.3. OntheMarshDataPropertiesdialogbox,selecttheSharingtab,


4. ClickAdvancedSharing.5. OntheAdvancedSharingdialogbox,selecttheSharethisfolder

checkbox,asshowninthefollowingfigure.

6. ClickPermissions.7. OnthePermissionsforMarshDatadialogbox,inthe

PermissionsforEveryonesection,selecttheFullControlcheckbox,asshowninthefollowingfigure.

8. ClickApply,andthenclickOK.9. ClickOKtocloseAdvancedSharingdialogbox,andthenclick

Close.10. ClosetheWindowsExplorerwindow.11. SwitchtotheActiveDirectoryUsersandComputersconsole.12. Selectandright-clicktheMarshuser,andthenselectProperties.13. OntheMarshPropertiesdialogbox,selecttheProfiletab.14. UndertheHomefoldersection,selecttheConnectradiobutton.15. IntheTotextbox,type\\DC1\MarshData\Marsh,asshownin

thefollowingfigure,andthenclickApply.

Note:BydefaultallthedomainusersaredeniedtosignintotheDomain

Controllerserver.Inthenextsteps,wearegoingtomakeMarshasthememberofPrintOperatorsgrouptosignintoDomainControllertotesttheexercise.Youwilllearnmoreabouttheuserrightsandpermissionsintheupcoming

exercises.

16. SelecttheMemberOftab,andthenclickAdd.17. OntheSelectGroupsdialogbox,intheEntertheobjectnames

toselect(example)textbox,typePrintOperators,asshowninthefollowingfigure.

18. ClickCheckNames,andthenclickOK.19. OntheMemberOftab,andclickagainAdd.20. OntheSelectGroupsdialogbox,intheEntertheobjectnames

toselect(example)textbox,typeStudents.21. ClickCheckNames,andthenclickOK.

Note:YouhaveaddedtheMarshusertoStudentsgrouptotestthedelegated

permissions.

22. ClickOKtoclosetheMarshPropertiesdialogbox.23. ClosetheActiveDirectoryUsersandComputersconsole.

Task4:TestingandVerifyingtheHomeFoldersand

DelegatedPermissions1. OnDC1,opentheRundialogbox,typelogoffandthenclickOK

tosignoutfromtheMCSALAB\Administratoraccount,asshowninthefollowingfigure.

2. SwitchtoOtheruserandSigninasMarshwiththepasswordasPassword@123,asshowninthefollowingfigure.

3. PresstheWindows+EkeystoopentheWindowsExplorer

window.4. VerifythatdriveZismappedto(\\DC1\MarshData),asshownin

thefollowingfigure.

5. Double-clickMarsh(\\DC1\MarshData)(Z:).

Note:Youshouldbeabletoaccessthisdrivewithoutanyerrors.Ifyoureceive

noerrors,youhavebeensuccessful.

6. ClosetheWindowsExplorerwindow.7. OpentheRundialogbox,typedsa.msc,intheOpentextbox,and

thenpressEnter.

8. OntheUserAccountControldialogbox,intheUsernametextbox,typeMarsh.

9. InthePasswordtextbox,typePassword@123,asshowninthefollowingfigure,andthenclickYes.

10. OntheActiveDirectoryUsersandComputersconsole,expand

mcsalab.local.11. Selectandright-clickTraining,andthenclickNew,andthen

clickUser.12. OntheNewObject–Userdialogbox,intheFirstnameandUser

logonnametextboxes,typeTestUser2,andthenclickNext.13. InthePasswordandConfirmpasswordtextboxes,type

[email protected]. ClickNext,andthenclickFinish.15. MakesurethattheTestUser1accountiscreated,underthe

TrainingOU.16. Selectandright-clickDevelopment,andthenclickNew,andthen

clickUser.17. OntheNewObject–Userdialogbox,intheFirstnameandUser

logonnametextboxes,typeTestUser2,andthenclickNext.18. InthePasswordandConfirmpasswordtextboxes,type

Password@123,clickNext,andthenclickFinish.19. Makesurethatyougetthefollowingerrormessage.

20. ClickOK,andthenclickCancel.21. ClosetheActiveDirectoryUsersandComputersconsole.22. SignoutfromtheMarshuser.

Task5:ResettingtheComputerAccounts1. SignintoDC1withtheMCSALAB\Marshaccount.2. OntheServerManagerconsole,clickTools,andthenclick

ActiveDirectoryUsersandComputers.3. OntheActiveDirectoryUsersandComputersconsole,expand

mcsalab.local.4. Intheleftpane,selectComputers.5. Intherightpane,selectandright-clickCLIENT1,andthenclick

ResetAccount,asshowninthefollowingfigure.

6. OntheActiveDirectoryDomainServicesmessagebox,clickYes,

andtheclickOK.

Task6:ExaminingtheBehaviorwhenaUserLoginsonClient.

1. TrytoSignintoCLIENT1withtheMCSALAB\Marshaccount.2. AmessagedisplaysstatingthatThetrustrelationshipbetween

thisworkstationandtheprimarydomainfailed,asshowninthefollowingfigure.

Task7:RejoiningtheDomaintoReconnectthe

ComputerAccount1. SignintoCLIENTasCLIENT1\Administratorwiththepassword

[email protected]. OpentheSystemPropertiesdialogbox,clickNetworkID.3. OntheSelecttheoptionthatdescribesyournetworkpage,as

showninthefollowingfigure,clickNext.

4. OntheIsyourcompanynetworkonadomain?page,clickNext.5. OntheYouwillneedthefollowinginformationpage,clickNext.6. OntheTypeyourusername,password,anddomainnamefor

yourdomainaccountpage,intheUsernametextbox,typeAdministrator.

7. InthePasswordtextbox,[email protected]. IntheDomainnametextbox,typeMCSALAB.LOCAL,as

showninthefollowingfigure,andthenclickNext.

9. OntheUserAccountandDomainInformationdialogbox,clickYes.

10. OntheDoyouwanttoenableadomainuseraccountonthiscomputer?page,selecttheDonotaddadomainuseraccount

radiobutton,andthenclickNext.11. ClickFinish,andthenclickOK.12. OntheMicrosoftWindowsdialogbox,clickRestartNow.Wait

forsystemtorestart.13. SigninasMCSALAB\Marshwiththepasswordas

[email protected]. Makesurethatyouareabletosignin.

Results:Afterthisexercise,youhavesuccessfullycreatedandtested

OrganizationalUnits,Groups,Users,HomeFolders,andtheDelegationofControlWizard.Inaddition,youshouldalsohavesuccessfullyresetatrustrelationshipShutdownandreverttheDC1andCLIENT1virtualmachinesto

prepareforthenextexercise.

Exercise7:UsingWindowsPowerShelltoCreateUserAccountsandGroups

Asdiscussedearlier,WindowPowerShellisacommand-lineinterfaceusedtomanageWindowsserversandclients.YoucanalsouseWindowsPowerShellto

managetheActiveDirectoryobjects.

Inthisexercise,youwilllearnhowtomanageActiveDirectoryobjectsusingWindowPowerShell.Inaddition,youwillalsolearnhowtoexportandimport

theActiveDirectoryobjectsusingWindowPowerShell.


Task1:CreatingaUserAccountUsingWindowsPowerShell

1. SignintoDC1withtheMCSALAB\Administratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typecd\andthenpressEnter.4. TocreateanOrganizationalUnitnamedBranchOffice,typethe

followingcommand,andthenpressEnter:New-ADOrganizationalUnitBranchOffice

5. TocreateausernamedPeterundertheBranchOfficeOU,typethefollowingcommand,andthenpressEnter:

New-ADUser-NamePeter-DisplayName"PeterMark"-Path"ou=BranchOffice,dc=mcsalab,dc=local"

6. TosetthepasswordforPeteruser,typethefollowingcommand,andthenpressEnter:

Set-ADAccountPasswordPeterWhenpromptedforthecurrentpassword,pressEnter.

Whenpromptedforthedesiredpassword,typePassword@123,andthenpressEnter.

Whenpromptedtorepeatthepassword,typePassword@123,andthenpressEnter.

7. ToenablethePeteruser,typethefollowingcommand,andthenpressEnter.

Enable-ADAccountPeter

8. SwitchtotheCLIENT1virtualmachine.9. OnCLIENT1,signinasPeterwiththepasswordas

[email protected]. Verifythatsigninissuccessful,andthensignoutofCLIENT1.

Task2:CreatingGroupsUsingWindowsPowerShell

1. SwitchbacktoDC1.2. AttheWindowsPowerShellprompt,typethefollowingcommand

tocreateanewsecurity(global)groupnamedBranchUsers,andthenpressEnter.

New-ADGroupBranchUsers-Path"ou=BranchOffice,dc=mcsalab,dc=local"

3. AttheGroupScopeprompt:typeGlobalandthenpressEnter,asshowninthefollowingfigure.

4. ToaddthePeteruserasmemberoftheBranchUsersgroup,type

thefollowingcommand,andthenpressEnter.Add-ADGroupMemberBranchUsers-MembersPeter

5. ToviewthemembersoftheBranchUsersgroup,typethefollowingcommand,andthenpressEnter.Get-ADGroupMemberBranchUsers

Task3:ExportingUserAccountsUsingtheldifdeTool

1. AttheWindowsPowerShellprompt,typethefollowingcommand,andthenpressEnter,asshowninthefollowingfigure.

ldifde-fMyUsers

2. AttheWindowsPowerShellprompt,typenotepadMyUsersandthenpressEnter.

3. ReviewtheMyUsersfileandclosetheNotepad.

Results:Aftercompletingthisexercise,youhavemanagedADDSobjectsusingWindowsPowerShell.

ShutdownandreverttheDC1andCLIENT1virtualmachinestoprepareforthe

nextexercise.

Exercise8:InstallingandConfiguringtheDHCPServerRole

DynamicHostConfigurationProtocol(DHCP)isasservicethatisusedtoprovideTCP/IPsettings,suchasIPaddress,subnetmask,defaultgateway,andDNSservertotheclients,automatically.Inalargeenterprisenetwork,itis

difficulttomanageIPaddressesmanually.Hence,DHCPcanbeausefulfeaturetomanagetheIPaddressesinalargeenterprisenetwork.

Inthisexercise,youwilllearnhowtoinstalltheDHCPserverroleandhowtoconfiguretheDHCPscope.Inaddition,youwillalsolearnhowtousetheDHCP

reservationfeaturetoreserveaspecificIPaddressforaspecificclient.


Task1:InstallingtheDHCPServerRole1. SignintoDC1withMCSALAB\Administratoraccount.2. OpentheServerManagerconsole,ifrequired.3. OntheServerManagerconsole,clicktheAddrolesandfeatures

link.4. OntheAddRolesandFeaturesWizard,clickNext.5. OntheSelectinstallationtypepage,makesurethattheRole-


6. OntheSelectdestinationserverpage,clickNext.7. OntheSelectserverrolespage,selecttheDHCPServercheck

box.8. OntheAddRolesandFeaturesWizarddialogbox,clickAdd

Features.9. TheSelectserverrolespageisreturned,asshowninthefollowing

figure,clickNext.

10. Completetheinstallationprocess.

Task2:ConfiguringtheDHCPScope

1. OntheServerManagerconsole,clickTools,andthenclickDHCP.

2. OntheDHCPconsole,intheleftpane,expanddc1.mcsalab.local.3. Selectandright-clickdc1.mcsalab.local,andthenselect

Authorize.

4. Selectandright-clickdc1.mcsalab.local,andthenclickRefresh.

NoticethattheiconsnexttoIPv4IPv6changescolorfromredtogreen,asshowninthefollowingfigure.

5. OntheDHCPconsole,selectandright-clickIPv4,andthenselect

NewScope.6. OnthewelcomepageoftheNewScopeWizard,clickNext.7. OntheScopeNamepage,intheNametextbox,type

DHCPScope1,asshowninthefollowingfigure,andthenclickNext.

8. OntheIPAddressRangepage,providethefollowinginformation,

asshowninthefollowingfigure,andthenclickNext.StartIPaddress:10.0.0.225EndIPaddress:10.0.0.250

Length:8Subnetmask:255.0.0.0

9. OntheAddExclusionsandDelaypage,excludethefollowingIPaddressrange,asshowninthefollowingfigure.

StartIPaddress:10.0.0.225EndIPaddress:10.0.0.230

10. ClickAdd,andthenclickNext.11. OntheLeaseDurationpage,reviewthedefaultleaseduration

limit,andthenclickNext.12. OntheConfigureDHCPOptionspage,makesurethattheYes,I

wanttoconfiguretheseoptionnowradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.

13. OntheRouter(DefaultGateway)page,intheIPaddresstext

box,type10.0.0.0.1,asshowninthefollowingfigure.

14. ClickAdd,andthenclickNext.15. OntheDomainNameandDNSServerspage,makesurethat

10.0.0.100iswrittenundertheIPaddresscolumn,asshowninthefollowingfigure,andthenclickNext.

16. OntheWINSServerspage,clickNext.17. OntheActivateScopepage,makesurethattheYes,Iwantto

activatethisscopenowradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.

18. OntheCompletingtheNewScopeWizardpage,clickFinish.19. Selectandright-clickIPv4,andthenselectRefresh.20. MakesurethattheIPv4nodeismarkedwiththegreencolor,as


Task3:ConfiguringDHCPClient

1. OpentheNetworkConnectionswindow,selectandright-clicktheactivenetworkadapterandthenselectProperties.

2. OnthePropertiesdialogbox,scrolldown,selectInternetProtocolVersion4(TCP/IPv4),andthenclickProperties.

3. OntheInternetProtocolVersion4(TCP/IPv4)Propertiesdialogbox,selecttheObtainanIPaddressautomaticallyradiobutton,selecttheObtainDNSserveraddressautomaticallyradiobutton,


4. ClickOK,andthenclickClose.5. OpentheRundialogbox,typecmd,andthenpressEnter.6. OntheCommandPromptwindow,typeipconfig/renew,as

showninthefollowingfigure,andthenpressEnter.

7. Typetheipconfig/allcommandandverifythatCLIENT1has

receivedTCP/IPsettings,suchasIPaddress,subnetmask,defaultgateway,andDNSserver’sIPaddress,asshowninthefollowing

figure.

Task4:ConfiguringDHCPReservation

1. OnCLIENT1,ontheCommandPromptwindow,typeipconfig/all,andthenpressEnter.

2. FindandwritedownthePhysicalAddressoftheCLIENT1networkadapter,inthiscaseitis00-15-5D-77-D6-0B,asshownin

thefollowingfigure.

Note:Thephysicaladdressisaunique48bitaddress,whichisassignedby

IEEEandnetworkadapter’svendor.

3. Switchandsignin(ifrequired)toDC1withtheMCSALAB\Administratoraccount.

4. MakesurethattheDHCPconsoleisactive.Ifnot,opentheDHCPconsole.

5. OntheDHCPconsole,expanddc1.mcsalab.local,andthenclickIPv4.

6. Selectandright-clickReservations,andthenselectNewReservation,asshowninthefollowingfigure.

7. OntheNewReservationdialogbox,intheReservationNametext

box,typeCLIENT1.8. IntheIPaddresstextbox,type10.0.0.240.9. IntheMACaddresstextbox,typethephysicaladdressofthe

CLIENT1machine(00-15-5D-77-D6-0B),asshowninthefollowingfigure.

Note:Replacethephysicaladdresstextwiththeactualphysicaladdressofyour

CLIENT1machine.

10. ClickAdd,andthenclickClose.11. SwitchbackandsignintoCLIENT1.12. OntheCommandPromptwindow,typeipconfig/release,and

thenpressEntertoreleasetheexistingIPaddress.13. OntheCommandPromptwindow,typeipconfig/renew,and

thenpressEntertoobtainanewIPaddress.14. OntheCommandPromptwindow,verifythatIPaddressof

CLIENT1isnow10.0.0.240,asshowninthefollowingfigure.

15. ClosetheCommandPromptwindow.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredDHCP

scope,DHCPoptions,andDHCPreservation.

ShutdownandreverttheDC1andCLIENT1virtualmachinestoprepareforthenextexercise.

Exercise9:InstallingandConfiguringDNSDomainNameSystem(DNS)isaservicethatisusedtoperformthename

resolution.NameresolutionisaprocesstomapdomainnamesintoIPaddressesandviceversa.ThesystemscommunicatetoeachotherusingtheIPaddresses,howeveritisdifficulttoremembertheIPaddressesofeachclientinalargeenterprisenetwork.DNSserviceallowsyoutocommunicatewiththesystems

usingthedomainnames,whichiseasiertorememberthanIPaddresses.

Inthisexercise,youwilllearnhowtoinstallandconfiguretheDNSserverrole.Inaddition,youwillalsolearnhowconfigureDNSforwarderandhowto

manageDNScache.

StarttheDC1,SERVER1,andCLIENT1virtualmachinestoperformthisexercise.

Task1:ConfiguringSERVER1asaDomainControllerwithoutInstallingtheDNSServerRole

1. SignintoSERVER1withtheAdministratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatures

link.3. OntheBeforeyoubeginpageoftheAddRolesandFeatures

Wizard,clickNext.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,makesurethat

SERVER1.mcsalab.localisselected,andthenclickNext.6. OntheSelectserverrolespage,selecttheActiveDirectory

DomainServicescheckbox.7. OntheAddRolesandFeaturesWizarddialogbox,clickAdd

Features,andthenclickNext.8. OntheSelectfeaturespage,clickNext.9. OntheActiveDirectoryDomainServicespage,clickNext.10. OntheConfirminstallationselectionspage,clickInstall.11. Theinstallationprocesswillstart.ClickClose,oncetheinstallation

succeeded.12. OntheServerManagerconsole,clicktheNotificationsicon,and

thenclickthePromotethisservertoadomaincontrollerlink,as


13. OntheDeploymentConfigurationpageoftheActiveDirectory

DomainServicesConfigurationWizard,makesurethattheAddadomaincontrollertoanexistingdomainradiobuttonis

selected.14. UndertheSupplythecredentialstoperformthisoperation

section,clickChange.15. OntheWindowsSecuritydialogbox,intheUsernametextbox,

typeMCSALAB\Administrator.InthePasswordtextbox,typePassword@123.

16. TheDeploymentConfigurationpageisreturned,asshowninthefollowingfigure.Reviewtheselectedoptions,andthenclickNext.

17. OntheDomainControllerOptionspage,cleartheDomainName

System(DNS)servercheckbox.18. UndertheDSRMpasswordsection,typePassword@123inthe

PasswordandConfirmpasswordtextboxes,asshowninthefollowingfigure,andthenclickNext.

19. ClickNext,untilthePrerequisitesCheckpageisdisplayed.20. OnthePrerequisitesCheckpage,clickInstall.21. Theinstallationprocesswillstartandtheserverwillrestart

automatically.AfterSERVER1restarts,signintoSERVER1withtheMCSALAB\Administratoraccount.

Task2:CreatingandConfiguringtheMyzone.local

ZoneonDC11. SignintoDC1withtheMCSALAB\Administratoraccount.2. OntheServerManagerconsole,clickTools,andthenclickDNS.3. OntheDNSManagerconsole,expandDC1,selectandright-click

ForwardLookupZones,andthenselectNewZone,asshowninthefollowingfigure.

4. OnthewelcomepageoftheNewZoneWizard,clickNext.5. OntheZoneTypepage,makesurethatthePrimaryzoneradio

buttonisselected.6. CleartheStorethezoneinActiveDirectorycheckbox,asshown

inthefollowingfigure,andthenclickNext.

7. OntheZoneNamepage,intheZonenametextbox,type

Myzone.local,asshowninthefollowingfigure,andthenclickNext.

8. OntheZoneFilepage,clickNext.9. OntheDynamicUpdatepage,makesurethattheDonotallow

dynamicupdatesradiobuttonisselected,asshowninthefollowingfigure,andthenclickNext.

10. OntheCompletingtheNewZoneWizardpage,asshowninthe

followingfigure,reviewthezoneconfigurationoptions,andthenclickFinish.

11. OntheDNSManagerconsole,expandForwardLookupZones.12. Selectandright-clicktheMyzone.localzone,andthenselectNew

Host(AorAAAA),asshowninthefollowingfigure.

13. OntheNewHostdialogbox,intheNametextbox,typewww.In

theIPaddresstextbox,type10.0.0.101,asshowninthefollowingfigure,andthenclickAddHost.

14. OntheDNSmessagebox,clickOK.15. OntheNewHostdialogbox,clickDone.16. LeavetheDNSManagerconsoleactive.

Task3:AddingtheDNSServerRoleonthe

SERVER11. SwitchandSignintoSERVER1withthe

MCSALAB\Administratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatures

link.3. OntheBeforeyoubeginpageoftheAddRolesandFeatures

Wizard,clickNext.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,makesurethat

SERVER1.mcsalab.localisselected,andthenclickNext.6. OntheSelectserverrolespage,selecttheDNSServercheckbox.7. OntheAddRolesandFeaturesWizarddialogbox,clickAdd

Features.8. TheSelectServerrolespageisreturned,asshowninthe

following,clickNext.

9. OntheSelectFeaturespage,clickNext.10. OntheDNSServerpage,clickNext.11. OntheConfirminstallationselectionspage,clickInstall.12. Theinstallationprocesswillstart.ClickClose,oncetheinstallation

succeeded.

Task4:VerifyingReplicationofthemcsalab.localZone

1. OnSERVER1,ontheServerManagerconsole,clickTools,andthenclickDNS.

2. OntheDNSManagerconsole,expandSERVER1,andthenexpandForwardLookupZones.

3. Right-clickForwardLookupZoneandthenselectRefresh.4. Makesurethatthe_msdcs.mcsalab.localandmcsalab.localzones

aredisplayed.

Note:Ifthezonelistisempty,proceedtothenextstep,otherwiseclosetheDNS

Managerconsole.

5. OnSERVER1,switchbacktotheServerManagerconsole,clickTools,andthenclickActiveDirectorySitesandServices.

6. OntheActiveDirectorySitesandServicesconsole,expandSites,andthenclickDefault-First-Site-Name,andthenclickServers,

andthenclickDC1.7. SelectNTDSSettings,intherightpane,selectandright-clickthe

SERVER1replicationconnection,andselectReplicateNow,asshowninthefollowingfigure.

Note:Ifyoureceiveanerrormessage,proceedtothenextstep,andthenretry

thisstepafter5minutes.

8. Intheleftpane,expandSERVER1,andthenselectNTDSSettings.

9. Intherightpane,selectandright-clicktheDC1replicationconnection,selectReplicateNow,andthenclickOK.

10. SwitchbacktotheDNSManagerconsole,selectandright-clickForwardLookupZones,andthenclickRefresh.

11. Makesurethatthe_msdcs.mcsalab.localandmcsalab.localzonesaredisplayed.

12. ClosetheDNSManagerconsole.

Task5:ConfiguringDNSForwarder1. SwitchandsignintoDC1.2. OpentheDNSManagerconsole.3. OntheDNSManagerconsole,selectandright-clickDC1,and

thenselectProperties,asshowninthefollowingfigure.

4. OntheDC1Propertiesdialogbox,selecttheForwarderstab,as


5. OntheForwarderstab,clickEdit.6. OntheEditForwardersdialogbox,type10.0.0.101,asshownin

thefollowingfigure,andthenclickOK.

7. OntheDC1dialogbox,clickOK.8. OntheDNSManagerconsole,selectandright-clickDC1,and

thenclickAllTasks,andthenclickRestart.9. SwitchandsignintoCLIENT1.10. OpentheCommandPromptwindow.11. OntheCommandPromptwindow,typeping

www.myzone.local,andthepressEnter.12. Makesurethatyouareabletoresolvethewww.myzone.local

FQDNsuccessfully,asshowninthefollowingfigure.

13. OntheCommandPromptwindow,typenslookup,andthenpress

Enter.

14. Atthenslookupprompt,typewww.myzone.local,andthenpressEnter.

15. MakesurethatyoureceiveanIPaddressforthishost,asshowninthefollowingfigure.

16. LeavetheCommandPromptwindowactive.

Task6:ManagingtheDNSCache

1. OnCLIENT1,ontheCommandPromptwindow,typethefollowingcommandandthenpressEnter,asshowninthe

followingfigure.

ipconfig/displaydns

2. ExaminetheoutputandclosetheCommandPromptwindow.3. PresstheWindowskey,andthentypecmd.4. Selectandright-clickCommandPrompt,andthenselectRunas

administratorasshowninthefollowingfigure.

5. OntheUserAccountControldialogbox,clickYes.6. OntheCommandPromptwindow,typethefollowingcommand

tocleartheDNScache,andthenpressEnter.ipconfig/flushdns

7. OntheCommandPromptwindow,typethefollowingcommandandverifythattheDNScachehasbeencleared,andthenpress

Enter.ipconfig/displaydns


Results:Aftercompletingthisexercise,youshouldhavedeployedDNSserver,DNSzone,DNSforwarder,andDNScache.

ShutdownandreverttheDC1,SERVER1,andCLIENT1virtualmachinesto


10:ImplementingLANRoutingLANroutingisaWindowfeaturethatenablesyoutocommunicatebetween

differentsubnets.Tocommunicatebetweendifferentsubnets,typicallyadevicecalledrouterisused,butyoucanalsouseaWindowsserver,suchasWindowsServer2016servertoperformtheLANrouting.However,WindowsServer2016doesnotsupportallthefeaturessupportedbyarouter.Itistypically

helpfulforasmallnetworkwiththelimitednumberofsubnets.

Inthisexercise,youwilllearnhowtouseaWindowsServer2016serverasasoftwareroutertoenableLANroutingbetweentwoormoresubnets.

StarttheDC1,ROUTER,andSERVER2virtualmachinestoperformthis

exercise.

Task1:InstallingtheLANRoutingFeatureonROUTER

1. SignintoROUTERwiththeAdministratoraccount.2. OntheServerManagerconsole,clicktheAddrolesandfeatures

link.3. OntheBeforeyoubeganpageoftheAddRolesandFeatures

Wizard,clickNext.4. OntheSelectinstallationtypepage,clickNext.5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectServerrolespage,selecttheRemoteAccesscheck

box,asshowninthefollowingfigure,andthenclickNext.

7. OntheSelectfeaturespage,clickNext.8. OntheRemoteAccesspage,clickNext.9. OntheSelectrolesservicespage,selecttheRoutingcheckbox.10. OntheAddRolesandFeaturesWizarddialogbox,clickAdd

Features.11. TheSelectroleservicespageisreturned,asshowninthe

followingfigure,clickNext.

Note:TheDirectAccessandVPN(RAS)checkboxwillbeselected

automatically.

12. OntheWebServerRole(IIS)page,clickNext.13. OntheSelectroleservicespage,clickNext.

14. OntheConfirminstallationselectionpage,clickInstall.15. ClickClose,oncetheinstallationsucceeded.

Task2:ConfiguringtheLANRoutingServiceon

ROUTER1. OntheServerManagerconsole,clickTools,andthenclick

RemoteandRoutingAccess.2. OntheRoutingandRemoteAccessconsole,selectandright-click

ROUTER(local),andthenselectConfigureandEnableRoutingandRemoteAccess,asshowninthefollowingfigure.

3. OnthewelcomepageoftheRoutingandRemoteAccessServer

SetupWizard,clickNext.4. OntheConfigurationpage,selecttheCustomconfigurationradio

button,asshowninthefollowingfigure,andthenclickNext.

5. OntheCustomConfigurationpage,selecttheLANroutingcheck

box,asshowninthefollowingfigure.

6. ClickNext,andthenclickFinish.7. Ontheservicemessagebox,clickStartService.8. MakesurethattheROUTER(local)node’scolorchangesredto

green,asshowninthefollowingfigure.

9. ClosetheRoutingandRemoteAccessconsole.10. OntheROUTERvirtualmachine,opentheRundialogbox,type

firewall.cplintheOpentextbox,andthenpressEnter.11. OntheWindowsFirewallwindow,intheleftpane,clicktheTurn

WindowsFirewallonorofflink.12. OntheCustomizeSettingswindow,selecttheTurnoffWindows

Firewall(notrecommended)radiobuttonforeachprofile,asshowninthefollowingfigure.

13. ClosetheCustomizeSettingswindow.

Task3:TestingtheConnectivitybetweenDC1andSERVER2Servers

1. SwitchandsignintoSERVER2withtheAdministratoraccount.2. OpentheRundialogbox,typefirewall.cpl,intheOpentextbox,

andthenpressEnter.3. OntheWindowsFirewallwindow,intheleftpane,clicktheTurn

WindowsFirewallonorofflink.4. OntheCustomizeSettingswindow,selecttheTurnoffWindows

Firewall(notrecommended)radiobuttonforeachfirewallprofiles

5. ClosetheCustomizeSettingswindow.6. SwitchandsignintoDC1withMCSALAB\Administratoraccount.7. OpentheCommandPromptwindow,ontheCommandPrompt

window,typethefollowingcommandsandthenpressEnteraftereachone.

Ping10.0.0.1Ping192.168.0.1Ping192.168.0.2

8. Youshouldbeabletocommunicatetoallsystemssuccessfully,asshowninthefollowingfigure.


Results:Aftercompletingthisexercise,youwillhaveconfiguredLANrouting

betweenDC1andSERVER2servers.

Donotshutdownorrevertanyvirtualmachine,asthesewillbeusedinthenextexercise.

Exercise11:ConfiguringIPv6AddressingIPv6addressingschemeprovidesmoreuniqueaddressesandismoresecurethantraditionalIPv4addressingscheme.AnIPv6addresscomprisesofeightblocks

andeachblockcancontain16(bit)hexadecimaldigits.YoucanenablecommunicationbetweenIPv4andIPv6nodesusingthevarioustechniques,such

asTeredo,ISATAP,and6to4tunneling.

Inthisexercise,youwilllearnhowtoconfigureIPv6addressesonWindow-basedsystems.

MakesurethattheDC1,ROUTER,andSERVER2virtualmachinesarerunning

beforestartthisexercise.

Task1:DisablingIPv6AddressonDC11. SwitchandSignintoSERVER2withtheAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typeping10.0.0.100,and

thenpressEnter.4. VerifythatyouareablecommunicatewiththeDC1(10.0.0.100)

server,asshowninthefollowingfigure.

5. SwitchandSignintoDC1withtheMCSALAB\Administrator

account.6. OntheServerManagerconsole,intheleftpane,clickLocal

Server.7. InthePropertiespane,clickthe10.0.0.100,IPv6enabledlink,as


8. OntheNetworkConnectionswindow,selectandright-clickyour

networkadapter,andthenselectProperties,asshowninthefollowingfigure.

9. Onthenetworkadapter’spropertiesdialogbox,cleartheInternet

ProtocolVersion6(TCP/IPv6)checkbox,asshowninthefollowingfigure,andthenclickOK.

10. ClosetheNetworkConnectionswindow.11. OntheServerManagerconsole,verifythatyournetworkadapter

listsonly10.0.0.100,asshowninthefollowingfigure.YoumayneedtorefreshtheServerManagerconsole.NoticethatDC1is

nowanIPv4-onlyhost.

Task2:DisablingIPv4AddressonSERVER21. SwitchandSignintoSERVER2withtheAdministratoraccount.2. OntheServerManagerconsole,intheleftpane,clickLocal

Server.3. InthePropertiespane,clickthe192.168.0.2,IPv6enabledlink.4. OntheNetworkConnectionswindow,selectandright-clickactive

networkadapter,andthenselectProperties.5. Onthenetworkadapter’spropertiesdialogbox,cleartheInternet

ProtocolVersion4(TCP/IPv4)checkbox,asshowninthefollowingfigure,andthenclickOK.

6. ClosetheNetworkConnectionswindow.7. OntheServerManagerconsole,verifythatnetworkadapternow

listsonlyIPv6enabled,asshowninthefollowingfigure.YoumayneedtorefreshtheServerManagerconsole.Noticethat

SERVER2isnowanIPv6-onlyhost.

Task3:ConfiguringanIPv6NetworkonROUTER

1. SwitchandSignintoROUTERwiththeAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. ToconfigureanetworkaddressthatwillbeusedontheIPv6

network,attheWindowsPowerShellprompt,typethefollowingcmdlet,andthenpressEnter,asshowninthefollowingfigure.

New-NetRoute-InterfaceAlias"Ethernet1"-DestinationPrefix2001:AABB:0:1::/64-PublishYes

Note:Ethernet1isthenameofthenetworkadapterconnectedtotheexternal

subnet.

4. ToallowclientstoobtaintheIPv6networkaddressautomaticallyfromROUTER,attheWindowsPowerShellprompt,typethe

followingcmdlet,andthenpressEnter,asshowninthefollowingfigure.

Set-NetIPInterface-InterfaceAlias"Ethernet1"-AddressFamilyIPv6-AdvertisingEnabled

5. AttheWindowsPowerShellprompt,typeipconfig.exe,andthen

pressEnter.NoticethatEthernet1nowhasanIPv6addressonthe

2001:AABB:0:1::/64network,asshowninthefollowingfigure.ThisaddresswillbeusedforcommunicationontheIPv6-only

network.

Task4:VerifyingIPv6AddressonSERVER21. SwitchandSignintoSERVER2withtheAdministratoraccount.2. Onthetaskbar,clicktheWindowsPowerShellicon.3. AttheWindowsPowerShellprompt,typeipconfig.exe,andthen

pressEnter.NoticethatyournetworkadapternowhasanIPv6addressontheonthe2001:AABB:0:1::/64network,asshownin

thefollowingfigure.

4. Thenetworkaddresswasobtainedfromtherouterthroughthe

statelessconfiguration.

Results:Aftercompletingtheexercise,youwillhaveconfiguredanIPv6-basednetwork.

ShutdownandreverttheDC1,SERVER2andROUTERvirtualmachinesto


Exercise12:InstallingandConfiguringDiskStorageDisksareusedtostorethesystemdataaswellaspersonneldata.Thereare

variousstoragetechnologies,suchasSATA,IDE,iSCSI,andFibreChannelthatcanbeusedtostorethedata.Inavirtualizedenvironment,youcanadd

additionalvirtualharddiskstothevirtualmachines,andthenyoucancreateadditionalvolumesonthesedisks.

Inthisexercise,youwilllearnhowtomanagedisksonaWindowserver.

Further,youwilllearnhowtoshrinkandextendvolumes.

Task1:AddingNewVirtualDiskstoDC11. MakesurethattheDC1virtualmachineispoweredoff.2. Onyourhostmachine,ontheVMwareconsole,selectandright-

clicktheDC1virtualmachine,andthenselectSettings.3. Onthevirtualmachine’ssettingdialogbox,ensurethatHardDisk

isselected,andthenclickNext.

4. OntheSelectaDiskTypepage,acceptthedefaultselection

(SCSI),andthenclickNext.5. OntheSelectaDiskpage,makesurethattheCreateanewvirtual

diskradiobuttonisselected,andthenclickNext.

.

6. OntheSpecifyDiskCapacitypage,setthedisksizeas10GB,selecttheStorevirtualdiskasasinglefileradiobutton,andthen

clickNext.

7. OntheSpecifyDiskFilepage,acceptthedefaultfilename,and

thenclickFinish.

8. Addonemorenewvirtualdiskwithfollowingsettings:

Storevirtualdiskasasinglefile.Size:10GB.

Filename:Acceptdefault.

Task2:InitializingtheAddedDisks

1. PowerontheDC1virtualmachine.

2. OpentheServerManagerconsole.3. OntheServerManagerconsole,clickTools,andthenclick

ComputerManagement.4. OntheComputerManagementconsole,undertheStoragenode,

selectDiskManagement.5. IntheDiskspane,selectandright-clickDisk1,andthenselect

Online,asshowninthefollowingfigure.

6. Selectandright-clickDisk1,andthenselectInitializeDisk.7. OntheInitializeDiskdialogbox,makesurethattheDisk1check

boxisselected,selecttheGPT(GUIDPartitionTable)radiobutton,andthenclickOK.

Note:TheGPTpartitiontablesupportsmorefeaturesthanthetraditionalMBR

partitiontable.

8. IntheDiskspane,selectandright-clickDisk2,andthenselectOnline.

9. Selectandright-clickDisk2,andthenselectInitializeDisk.10. OntheInitializeDiskdialogbox,makesurethattheDisk2check

boxisselected,selecttheGPT(GUIDPartitionTable)radiobutton,andthenclickOK.

Task3:CreatingandFormattingSimpleVolumes

1. OntheComputerManagementconsole,undertheDiskManagementnode,selectandright-clicktheUnallocatedspaceof

Disk1,andthenselectNewSimpleVolume,asshowninthefollowingfigure.

2. OntheWelcometotheNewSimpleVolumeWizardpage,click

Next.3. OntheSpecifyVolumeSizepage,intheSimplevolumesizeMB

valuebox,type5000,asshowninthefollowingfigure,andthenclickNext.

4. OntheAssignDriveLetterorPathpage,makesurethatthe

Assignthefollowingdrivelettercheckboxisselected,acceptthedefaultdriveletter,asshowninthefollowingfigure,andthenclick

Next.

5. OntheFormatPartitionpage,intheVolumelabeltextbox,type

Volume1,asshowninthefollowingfigure,andthenclickNext.

6. OntheCompletingtheNewSimpleVolumeWizardpage,click

Finish.7. OntheDiskManagementconsole,selectandright-clickthe

UnallocatedspaceofDisk2,andthenselectNewSimpleVolume.8. OntheWelcometotheNewSimpleVolumeWizardpage,click

Next.9. OntheSpecifyVolumeSizepage,intheSimplevolumesizein

MBvaluebox,type5000,andthenclickNext.10. OntheAssignDriveLetterorPathpage,makesurethatthe

Assignthefollowingdrivelettercheckboxisselected,acceptthedefaultdriveletter,andthenclickNext.

11. OntheFormatPartitionpage,intheVolumelabeltextbox,typeVolume2,andthenclickNext.

12. OntheCompletingtheNewSimpleVolumeWizardpage,clickFinish.

13. LeavetheComputerManagementconsoleactive.14. PresstheWindows+EkeystoopentheWindowsExplorer

window.15. VerifythattheVolume1andVolume2arecreated,asshowninthe

followingfigure.

16. ClosetheWindowsExplorerwindow.

Task4:ShrinkingtheVolumes

1. OnDC1,switchtotheComputerManagementconsole.2. OntheComputerManagementconsole,undertheDisk

Managementnode,selectandright-clickVolume1,andthenselectShrinkVolume,asshowninthefollowingfigure.

3. Ontheshrinkdialogbox,intheEntertheamountofspaceto

shrinkinMBvaluebox,type1000,asshowninthefollowingfigure,andthenclickShrink.

Task5:ExtendingtheVolumes

1. OntheComputerManagementconsole,undertheDiskManagementnode,selectandright-clickVolume2,andthenselect

ExtendVolume.2. OntheWelcometotheExtendedVolumeWizardpage,click

Next.3. OntheSelectDiskspage,intheSelecttheamountofspacein

MBvaluebox,type3000,asshowninthefollowingfigure,andthenclickNext.

4. OntheCompletingtheExtendedVolumeWizardpage,click

Finish.5. PresstheWindows+EkeystoopentheWindowsExplorer

window,verifythatthevolumes’sizesarereflected.

Results:Aftercompletingthisexercise,youshouldhaveinitializednewdisks,andcreatedandformattedsimplevolumes.Inaddition,youshouldalsohave

shrinkandextendedthevolumes.

DonotshutdownorreverttheDC1virtualmachine,asitwillbeusedinthenextexercise.

Exercise13:ConfiguringaRedundantStorageSpaceRedundantArrayofInexpensiveDisk(RAID)isastoragetechnologythatallowsyoutocombinemultipleharddisksinasinglelargeharddisk.Italso

providesredundancyandfaulttoleranceintheeventofadiskfailure.RAIDcanbeconfiguredeitherasahardwareRAID(whichrequiresahardwarecontrollerdevice)orasasoftwareRAID(whichdoesnotrequireanyspecifichardwaredevice).RAIDcanbedividedintovariousRAIDlevelsandeachRAIDlevel

supportsvariousfeaturesandlimitations.

Inthisexercise,youwilllearnhowtocreatestoragepools,howtocreateandtestamirroredvolume.

EnsurethattheDC1virtualmachineisrunningandyouhavenotreverteditin

thepreviousstate.

Task1:CreatingaStoragePool1. SignintoDC1andopentheServerManagerconsole.2. OpentheDiskManagementconsole,selectandright-clickDisk1,

andthendeletethecreatedvolume.AlsodeletethevolumeforDisk2,asshowninthefollowingfigure.

3. OntheServerManagerconsole,intheleftpane,selectFileand

StorageServices,andthenselectStoragePools.4. IntheSTORAGEPOOLSpane,clickTASKS,andthenclick

RescanStorage.5. ClickagainTASKS,andthenclickNewStoragePool,asshownin

thefollowingfigure.

6. OntheBeforeyoubeginpage,clickNext.7. OntheSpecifyastoragepoolnameandsubsystempage,inthe

Nametextbox,typeMyStoragePool1,asshowninthefollowingfigure,andthenclickNext.

8. OntheSelectphysicaldisksforthestoragepoolpage,selecttheallavailablediskcheckboxes,asshowninthefollowingfigure,and

thenclickNext.

9. OntheConfirmselectionspage,clickCreate.10. OntheViewresultspage,clickClose,oncethetaskiscompeted.

Task2:CreatingaMirroredVirtualDisk1. OnDC1,ontheServerManagerconsole,intheStorageSpaces

pane,selectMyStoragePool1.2. OntheVIRTUALDISKSpane,clickTASKS,andthenclickNew

VirtualDisk,asshowninthefollowingfigure.

3. OntheBeforeyoubeginpage,clickNext.4. OntheSelectthestoragepoolpage,makesurethat

MyStoragePool1isselected,andthenclickNext.5. OntheSpecifythevirtualdisknamepage,intheNametextbox,

typeMirroredDisk1,asshowninthefollowingfigure,andthenclickNext.

6. OntheSelectthestoragelayoutpage,intheLayoutsection,select

Mirror,asshowninthefollowingfigure,andthenclickNext.

7. OntheSpecifytheprovisioningtypepage,selecttheThinradiobutton,asshowninthefollowingfigure,andthenclickNext.

8. OntheSpecifythesizeofthevirtualdiskpage,intheVirtual

disksizebox,type5,asshowninthefollowingfigure,andthenclickNext.

9. OntheConfirmselectionspage,clickCreate.10. OntheViewresultspage,waituntilthetaskcompletes.11. MakesurethattheCreateavolumewhenthiswizardcloses

checkboxisselected,andthenclickClose.12. OntheBeforeyoubeginpageoftheNewVolumeWizard,click

Next.13. OntheSelecttheserveranddiskpage,intheDisksection,select

theMirroredDisk1virtualdisk,asshowninthefollowingfigure,andthenclickNext.

14. OntheSpecifythesizeofthevolumepage,clickNext.15. OntheAssigntoadriveletterorfolderpage,noticetheDrive

letter,asshowninthefollowingfigure,andthenclickNext.

16. OntheSelectfilesystemsettingspage,intheFilesystemdrop-

downmenu,ensurethatReFSisselected.

17. IntheVolumelabeltextbox,typeMirroredVolume1,asshowninthefollowingfigure,andthenclickNext.

Note:ReFSisanewfilesystemthatsupportsmorefeaturesthanNTFSfile

system.

18. OntheConfirmselectionspage,clickCreate.19. OntheCompletionpage,clickClose,oncethetaskcompletes.

Task3:CreatingaFileintoMirroredVolume1

1. OpentheWindowsExplorerwindow,double-clickMirroredVolume1.

2. CreatetheMyTextFile1fileunderMirroredVolume1,asshowninthefollowingfigure.

3. ClosetheWindowsExplorerwindow.

Task4:RemovingaPhysicalDrive

1. Onyourhostmachine,ontheVMwareconsole,selectandright-clickDC1,andthenselectSettings.

2. OntheVirtualMachineSettingsdialogbox,selectHardDisk2harddrive,asshowninthefollowingfigure.

3. Intherightpane,clickRemove,andthenclickOK.

Task5:VerifyingtheFileAvailability

1. OnDC1,switchtotheComputerManagementconsoleoropenitifrequired.

2. MakesurethattheDiskManagementnodeisselected,verifythattheDisk2isdisappearedfromthedisklist,asshowninthe

followingfigure.

3. OpentheWindowsExplorerwindow.4. OntheWindowsExplorerwindow,double-clickMirrored

Volume1.5. VerifythattheMyTextFile1fileisstillavailable.6. ClosetheWindowsExplorerwindow.

Results:Aftercompletingthisexercise,youshouldhavecreatedastoragepoolandaddedsomediskstoit.Thenyoushouldhavecreatedamirroredvirtualdiskfromthestoragepool.Inaddition,afterremovingaphysicaldrive,youshould

haveverifiedthatthevirtualdiskwasstillavailableandaccessible.

ShutdownandreverttheDC1virtualmachinetoprepareforthenetexercise.

Exercise14:ImplementingFileSharingFilesharingallowsyoutoshareandaccessthefilesonanetwork.Youcanalsosetthedesiredpermissions(NTFSandsharedpermissions)onafileshareforthevarioususers.Inaddition,youcanenabletheaccess-basedenumerationfeatureonafileshare,whichallowsuserstoaccessonlythosesharedfilesforwhich

theyhavetheaccesspermission.

StarttheDC1,SERVER1,andCLIENT1virtualmachinestoperformthisexercise.

Task1:CreatingtheFolderStructurefortheNewShare

Beforestarttothisexercise,youneedtocreatePeterandShawnuseraccountsontheDC1virtualmachine.Todothis,youneedtoperformthefollowingsteps:

1.SignintoDC1withtheMCSALAB\Administratoraccount.2.OpentheActiveDirectoryUsersandComputersconsole,and

thenexpandthemcsalab.localnode.3.Selectandright-clickUsersintheleftpane,selectNew,andthen

clickUser.4.FollowthesimplestepstocreatethePeterandShawnuser

accounts.5.ThefollowingfiguredisplaystheActiveDirectoryUsersandComputersconsole.PeterandShawnuseraccountsarelistedunder

theUsersnode.

Note:Ifyoufaceproblemstocreateuseraccounts,youmayrefertheexercise6

and7.

6.SwitchandSignintoSERVER1withtheMCSALAB\Administratoraccount.

7.OpentheWindowsExplorerwindow,inthenavigationpane,double-clickLocalDisk(C:).

8.CreateafoldernamedMyData.9.Double-clicktheMyDatafolder.

10.CreatetheMarketingandSalesfoldersunderit,asshowninthefollowingfigure.

Task2:ConfiguringNTFSPermissionsontheFolderStructure

1. OnSERVER1,ontheWindowsExplorerwindow,navigatetodriveLocalDrive(C:).

2. Selectandright-clicktheMyDatafolder,andthenselectProperties.

3. OntheMyDataPropertiesdialogbox,selectSecurity,andthenclickAdvanced,asshowninthefollowingfigure.

4. OntheAdvancedSecuritySettingsforMyDatadialogbox,click

DisableInheritance.5. OntheBlockInheritancedialogbox,asshowninthefollowing

figure,selecttheConvertinheritedpermissionsintoexplicitpermissionsonthisobjectoption,andthenclickOK.

6. ClickOKtwicetoclosetheMyDataPropertiesdialogbox.7. OntheWindowsExplorerwindow,double-clicktheMyData

folder.8. Selectandright-clicktheMarketingfolder,andthenselect

Properties.9. OntheMarketingPropertiesdialogbox,clickSecurity,andthen

clickAdvanced.10. OntheAdvancedSecuritySettingsforMarketingdialogbox,

clickDisableInheritance.11. OntheBlockInheritancedialogbox,selecttheConvertinherited

permissionsintoexplicitpermissionsonthisobjectoption.12. RemovetheRead&ExecuteandSpecialpermissionsforUsers

(SERVER1\Users),asshowninthefollowingfigure,andthenclickOK.

13. OntheSecuritytab,clickEdit.14. OnthePermissionsforMarketingdialogbox,clickAdd.15. OntheSelectUsers,Computers,ServiceAccounts,andGroups

dialogbox,typePeter,clickCheckNames,asshowninthefollowingfigure,andthenclickOK.

Note:YoumayaskedtoprovideDomainadministratorcredentials.

16. OnthePermissionsforMarketingdialogbox,selecttheModify

checkboxundertheAllowsection,asshowninthefollowingfigure.

17. ClickOKtoclosethePermissionsforMarketingdialogbox.18. ClickOKtoclosetheMarketingPropertiesdialogbox.

Task3:SharingtheFolder

1. OnSERVER1,selectandright-clicktheMyDatafolder,andthenselectProperties.

2. OntheMyDataPropertiesdialogbox,selecttheSharingtab,andthenclickAdvancedSharing.

3. OntheAdvancedSharingdialogbox,selecttheSharethisfoldercheckbox,asshowninthefollowingfigure,andthenclick

Permissions.

4. OnthePermissionsforMyDatadialogbox,asshowninthe

followingfigure,andthenclickAdd.

5. OntheSelectUsers,Computers,ServiceAccounts,orGroups

dialogbox,intheEntertheobjectnamestoselect(examples):textarea,typeAuthenticatedUsers.

6. ClickCheckNames,andthenclickOK.7. OnthePermissionsforMyDatadialogbox,makesurethatthe

AuthenticatedUsersisselectedintheSharePermissionssection,andthenselecttheChangecheckboxundertheAllowsection,as


8. ClickOKtoclosethePermissionsforMyDatadialogbox.9. ClickOKtoclosetheAdvancedSharingwindow.10. ClickClosetoclosetheMyDataPropertiesdialogbox.

Task4:AccessingtheSharedFolder

1. SwitchandSignintoCLIENT1withtheMCSALAB\Peteraccount.

2. OpentheRundialogbox,type\\SERVER1\MyData,andthenpressEnter.

3. Double-clicktheMarketingfolder.

Note:PetershouldbeabletoaccesstotheMarketingfolder.

4. SignoutofCLIENT1.

Task5:EnablingAccess-basedEnumeration1. SwitchbackandSignintoSERVER1withthe

MCSALAB\Administratoraccount.

2. OpentheServerManagerconsole,ontheServerManagerconsole,intheleftpane,selectFileandStorageServices.

3. OntheFileandStorageServicespage,clickShares.4. IntheSharespane,selectandright-clickMyData,andthenclick

Properties,asshowninthefollowingfigure.

5. OntheMyDataPropertiesdialogbox,intheleftpane,select

Settings,andthenselecttheEnableaccess-basedenumerationcheckbox,asshowninthefollowingfigure.

6. ClickOKtoclosetheMyDataPropertiesdialogbox.7. ClosetheServerManagerconsole.

Task6:TestingtheAccess-basedEnumerationConfiguration

1. SwitchbackandsignintoCLIENT1withtheMCSALAB\Shawnaccount.

2. ClicktheDesktoptile.3. OpentheRundialogbox,intheOpentextbox,type

\\SERVER1\MyData,andthenpressEnter.

Note:ShawnshouldonlybeabletoviewtheSalesfolder,thefolderforwhichhehasbeenassignedpermissions.

4. SignoutofCLINET1.

Results:Aftercompletingthisexercise,youshouldhavecreatedandtestedafileshare.Inaddition,youshouldalsohavetestedtheaccess-basedenumeration

featureforthesharedfolder.

ShutdownandreverttheDC1,SERVER1,andCLIENT1virtualmachinestoprepareforthenextexercise.

Exercise15:ImplementingShadowCopiesShadowcopyisafeaturethatallowsyoutorecoverthefiles(includingthesharedfiles)whichareaccidentlyoverwrittenordeleted.First,youneedto

enablethisfeature(onadesireddisk)thenyoucancreatemultipleshadowcopyversionsonadisk.However,shadowcopycannotbeconsideredasanalternateoftheWindowbackupfeature,becauseitonlyworksuntilthesystemisworkingonwhichyouhaveenabledit.Ifthesystemgoesdownorcrashedaccidently,

shadowcopycannotbeusedtorecoverthesystemorsystem’sdata.

Inthisexercise,youwilllearnhowtousetheshadowcopyfeaturetorecovertheaccidentlydeletedfiles.


Task1:ConfiguringShadowCopies1. SignintoSERVER1withtheMCSALAB\Administratoraccount.2. OpentheWindowsExplorerwindow.3. Selectandright-clickLocalDisk(C:),andthenclickConfigure

ShadowCopies.4. OntheShadowCopiesdialogbox,makesurethatC:\volumeis

selected,andthenclickEnable.5. OntheEnableShadowCopiesmessagebox,clickYes.6. OntheShadowCopiesdialogbox,clickSettings.7. OntheSettingsdialogbox,asshowninthefollowingfigure,click

Schedule.

8. OntheC:\scheduledialogbox,reviewthevariousschedule

options,andthenclickOK.9. OntheSettingsdialogbox,clickOK.10. ClickOKtoclosetheSettingsdialogbox.11. OntheShadowCopiesdialogbox,clickOK.

Task2:RecoveringaDeletedFileUsingShadowCopy

1. OnSERVER1,switchtotheWindowsExplorerwindow.2. NavigatetoLocalDisk(C:),andthenclickUsers.3. Selectandright-clickPublic,andthenclickDelete.4. AlsodeletethePublicfolderfromRecycleBin.5. OntheWindowsExplorerwindow,selectandright-clickthe

Usersfolder,andthenclickProperties.6. OntheUsersPropertiesdialogbox,clickthePreviousVersions

tab,asshowninthefollowingfigure.

7. SelectthefolderversionfortheUsersfolder,andthenclickOpen.8. VerifythatthePublicislistedinthefolder,selectandright-click

Public,andthenclickCopy.9. OntheotherWindowsExplorerwindow,navigatetotheLocal

Disk(C:)\Usersfolder,andthenclickPaste.10. ClosetheWindowsExplorerwindow.11. ClickOKandcloseallopenwindows.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredtheShadow

Copiesfeaturetorecovertheaccidentlydeletedfile.

12. ShutdownandreverttheDC1andSERVER1virtualmachinestoprepareforthenextexercise.

Exercise16:ImplementingNetworkPrintingAprinterisahardwaredevicewhichtranslatethesoftcopiesintohardcopies.Asingleprintercanbesharedonanetworkandthenitcanbeaccessedby

multipleclientstosendtheprintjobs.Onceyousharedaprinteronanetwork,youneedtoconnectitoneachclientsinordertosendtheprintjobs.However,inalargeenterprisenetwork,wheremultipleprintersareusedtohandleanumberofthousandprintjobs,youmayneedtoconfiguretheprinterpoolforeaseprint

management.

Inthisexercise,youwilllearnhowtoinstall,share,andmanageanetworkprinteronaWindows-basednetwork.

StarttheDC1,SERVER1,andCLIENT1virtualmachinestoperformthis

exercise.

Task1:InstallingthePrintandDocumentServicesServerRole

1. SignintoSERVER1asMCSALAB\Administrator.2. OntheServerManagerconsole,clickManage,andthenclick

AddRolesandFeatures.3. OntheBeforeyoubeginpageoftheAddRolesandFeatures

Wizard,clickNext.4. OntheSelectinstallationtypepage,makesurethattheRole-


5. OntheSelectdestinationserverpage,clickNext.6. OntheSelectServerRolespage,asshowninthefollowingfigure,

selectthePrintandDocumentServicescheckbox.IftheAddRolesandFeaturesWizarddialogboxdisplays,clickAdd

Features,andthenclickNext.

7. Ontherestofthepages,clickNextuntiltheConfirmInstallation

Selectionspagedisplays.8. ClickInstalltoinstalltherequiredroleservices,andthenclick

Closeoncetheinstallationsucceeded.

Task2:InstallingaNewPrinter1. OntheServerManagerconsole,clickTools,andthenclickPrint

Management.2. OnthePrintManagementconsole,expandPrinterServers,and

thenclickSERVER1(Local).3. Selectandright-clickPrinters,andthenclickAddPrinter,as


4. OntheNetworkPrinterInstallationWizardpage,selecttheAddanewprinterusinganexistingportradiobutton,asshowninthe

followingfigure,andthenclickNext.

5. OnthePrinterDriverpage,makesurethattheInstallanew

printerradiobuttonisselected,andthenclickNext.6. OnthePrinterInstallationpage,selectCanoninthe

Manufacturelist.7. SelectanyoftheprintermodelinthePrinterslistintherightpane,

asshowninthefollowingfigure,andthenclickNext.

8. OnthePrinterNameandSharingSettingspage,clickNext.9. OnthePrinterFoundpage,clickNext,andthenclickFinish.

Task3:ConfiguringPrinterPooling

1. OnthePrintManagementconsole,selectandright-clicktherecentlyaddedprinter,andthenclickProperties.

2. Ontheprinterpropertiesdialogbox,clicktheSharingtab,selecttheListinthedirectorycheckbox,asshowninthefollowing

figure,andthenclickApply.

3. Ontheprinterpropertiesdialogbox,clickthePortstab,selectthe

Enableprinterpoolingcheckbox,andthenselecttheLPT2:checkboxtoselectitasanadditionalport,asshowninthe

followingfigure.

4. ClickOKtoclosetheprinterpropertiesdialogbox.5. ClosethePrintManagementconsole.

Task4:ConnectingaPrinteronaClient

1. SwitchandSignintoCLIENT1asMCSALAB\AdministratorwiththepasswordasPassword@123.

2. OpenControlPanel,ontheControlPanelwindow,clicktheAddadevicelinkunderHardwareandSound.

3. OntheAddadevicewindow,selectthediscoveredprinter,asshowninthefollowingfigure,andthenclickNext.

4. OntheControlPanelwindow,clicktheViewdevicesand

printerslink,underHardwareandSound.5. Makesurethattherecentlyaddedprinterislisted.

Results:Aftercompletingthisexercise,youshouldhaveinstalledand

configuredanetworkprinter.Inaddition,youshouldalsohaveconfiguredtheprinterpooling.

ShutdownandreverttheDC1,SERVER1,andCLIENT1virtualmachinesto


Exercise17:ImplementingGroupPolicyObjectsAGroupPolicyObject(GPO)isacollectionofsecuritypoliciesandsettingsthatareusedtocontroltheusers’andcomputers’behavioronanetwork.YoucanusevarioussecuritypoliciestorestricttheActiveDirectoryobjectsfrom

accessingtheunwantedresources,suchasfeatures,services,files,ortools.Onceyoupromoteaserverasadomaincontroller,theDefaultDomainPolicyandDefaultDomainControllerPolicyGPOsarecreatedbydefaultonthedomaincontroller.TheseGPOscontainvariouspreconfiguredpoliciesthatareappliedonthedomaincontrollersandcomputers.However,youcancreateanewGPO

withthecustomsecuritypoliciesandsettingsusingtheGroupPolicyManagementconsole.

Inthisexercise,youwilllearnhowtocreateaGPOandhowtoconfigureaGPOtopreventActiveDirectoryobjectsfromaccessingtheresourcesonaWindows-

baseddomainnetwork.


Task1:CreatingaNewGPO1. SignintoDC1withtheMCSALAB\Administrator.2. OpentheServerManagerconsole,ifrequired.3. OntheServerManagerconsole,clickTools,andthenclick

GroupPolicyManagement.4. OntheGroupPolicyManagementconsole,expandForest:

mcsalab.local,andthenclickDomains.5. Selectandright-clickmcsalab.local,andthenselectCreateaGPO

inthisdomain,asshowninthefollowingfigure.

6. OntheNewGPOdialogbox,intheNametextbox,typeInternet

ExplorerGPO,andthenclickOK.

Task2:ConfiguringtheInternetExplorerGPO1. OnDC1,ontheGroupPolicyManagementconsole,selectand

right-clickInternetExplorerGPO,andthenclickEdit.2. OntheGroupPolicyManagementEditorconsole,navigateto

UserConfiguration\Policies\AdministrativeTemplates.3. Selectandright-clickAllSettings,andthenselectFilterOptions,


4. OntheFilterOptionsdialogbox,selecttheEnableKeyword

Filterscheckbox.5. IntheFilterforword(s):textbox,typeGeneral,asshowninthe

followingfigure,andthenclickOK.

6. IntheSettingspaneintherighthand,selectandright-clickDisable

theGeneralpage,andthenselectEdit,asshowninthefollowingfigure.

7. OntheDisabletheGeneralpagedialogbox,selecttheEnabled

radiobutton,andthenclickOK.8. ClosetheGroupPolicyManagementEditorconsole.

Task3:CreatingaDomainUsertoTesttheGPO

1. OnDC1,opentheCommandPromptwindow.2. Executethefollowingcommand,asshowninthefollowingfigure

(typePassword@123whenyouarepromptedforpassword).dsaddusercn=User1,”cn=users,dc=mcsalab,dc=local”–disabledno

–pwd*


Task4:TestingtheInternetExplorerGPO1. SwitchandSignintoCLIENT1asMCSALAB\User1withthe

[email protected]. OpentheRundialogbox,typecontrolintheOpentextbox,and

thenpressEnter.3. OntheControlPanelwindow,clickNetworkandInternet.4. OntheNetworkandInternetwindow,asshowninthefollowing

figure,clickChangeyourhomepage.

5. WhenyouclicktheChangeyourhomepagelink,youwillgeta

message,asshowninthefollowingfigure.

6. ClickOKtoclosetheInternetControlPanelmessagebox.7. OntheControlPanelwindow,clickInternetOptions.Notice

that,intheInternetPropertiesdialogbox,theGeneraltabisnotavailable,asshowninthefollowingfigure.

8. Closeallopenwindowsandsignout.

Task5:ConfiguringSecurityFilteringtoExempta

UserfromtheInternetExplorerGPO1. SwitchandsigntoDC1.2. OpentheGroupPolicyManagementconsole,ifrequired.3. OntheGroupPolicyManagementconsole,selectandright-click

InternetExplorerGPO.4. Intherightpane,clicktheDelegationtab.5. OntheDelegationtab,clicktheAdvancedbutton.6. OntheInternetExplorerGPOSecuritySettingsdialogbox,click

Add.7. OntheSelectUsers,Computers,ServiceAccounts,orGroups

textbox,typeUser1,asshowninthefollowingfigure,andthenclickOK.

8. OntheInternetExplorerGPOSecuritySettingsdialogbox,in

theSecuritysection,selectUser1.9. InthePermissionsforUser1section,selecttheDenycheckbox,

asshowninthefollowingfigure,andthenclickOK.

10. OntheWindowsSecuritydialogbox,clickYes.11. ClosetheGroupPolicyManagementconsole.

Task6:TestingtheInternetExplorerGPO1. SwitchandSignintoCLIENT1asMCSALAB\User1withthe

[email protected]. OpentheRundialogbox,typecontrolintheOpentextbox,and

thenpressEnter.3. OntheControlPanelwindow,clickNetworkandInternet.4. OntheNetworkandInternetdialogbox,clickChangeyour

homepage.NoticethattheGeneraltabisavailableontheInternetPropertiesdialogbox.

5. Closeallopenwindows,andsignout.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredandtestedaGPO.

ShutdownandreverttheDC1andCLIENT1virtualmachines.

Exercise18:ImplementingAppLockerandFirewallUsingGroupPolicy

AppLockerisasecurityfeaturethatallowsyoutorestrictspecificapplicationsforspecificgroupsorusers.

Intheexercise,youwilllearnhowtocontrolanapplicationusingthe

AppLockerfeature.Further,youwillalsolearnhowtomanageWindowsFirewallusingtheGroupPolicyManagementconsole.

StarttheDC1virtualmachinetoperformthisexercise.

Task1:RestrictinganApplicationUsingAppLocker1. SignintoDC1asMCSALAB\Administratorwiththepasswordas

[email protected]. OpentheGroupPolicyManagementconsole.3. NavigatetoForest:mcsalab.local\Domains\mcsalab.local.4. Selectandright-clickGroupPolicyObjects,andthenselectNew.5. OntheNewGPOdialogbox,intheNametextbox,typeSoftware

Policy,andthenclickOK.6. Right-clickSoftwarePolicy,andthenselectEdit.7. OntheGroupPolicyManagementEditorconsole,navigateto

ComputerConfiguration\Policies\WindowsSettings\SecuritySettings\ApplicationControlPolicies\AppLocker,asshownin

thefollowingfigure.

8. ExpandAppLocker,right-clickExecutableRules,andthenselect

CreateNewRule.9. OntheBeforeYouBeginpage,selectNext.10. OnthePermissionspage,undertheUsersorGroupsbox,select

Deny,andthenselectNext.11. OntheConditionspage,selectthePathradiobutton,asshownin

thefollowingfigure,andthenclickNext.

12. OnthePathpage,clickBrowseFiles,browseto

C:\Windows\System32\calc.exe,clickOpen,asshowninthefollowingfigure,andthenselectNext.

13. OntheExceptionspage,selectNext.14. OntheNameandDescriptionpage,intheNametextbox,type

BlockCalculator,andthenclickCreate.15. IftheAppLockerdialogboxappearsandpromptstocreatedefault

rules,clickYes.16. OntheGroupPolicyManagementEditorconsole,asshownin

thefollowingfigure,noticethedefaultexecutablesrules.

17. SelecttheAppLockernodeintheleftpane,andthenclickthe

Configureruleenforcementlink,asshowninthefollowingfigure.

18. OntheEnforcementtaboftheAppLockerPropertiesdialogbox,

underExecutablerules,selecttheConfiguredcheckbox.19. MakesurethattheEnforcerulesoptionisselectedinthedrop-

downlist,asshowninthefollowingfigure,andthenclickOK.

20. ClosetheGroupPolicyManagementEditorconsole.21. OntheGroupPolicyManagementconsole,selectandright-click

DomainControllers,andthenselectLinkanExistingGPO.22. OntheSelectGPOdialogbox,selectSoftwarePolicy,andthen

clickOK.

23. UndertheLinkGroupPolicyObjectstab,selectSoftwarePolicy,

andthenclickLinkOrdertomovethispolicytotop.

24. OpentheRundialogbox,typeservices.msc,andthenpressEnter.25. OntheServicesconsole,selectandright-clickApplication

Identity,andthenselectProperties.26. OntheApplicationIdentityProperties(LocalComputer)dialog

box,settheStartuptypeasAutomatic,clickStart,asshowninthefollowingfigure,andthenclickOK.

Note:Ifyougetanerror,justclosetheServiceManagerwindow.

27. OpentheCommandPromptwindow,typegpupdate/force,and

thenpressEnter.28. SignoutfromtoDC1andSigninbacktoDC1as

MCSALAB\Administrator.29. OpentheRundialogbox,typecalc.exeintheOpentextbox,and

thenpressEnter.30. Youshouldgetanerrorasshowninthefollowingfigure.

Note:IfyouarestillabletoopentheCalculatorapplication,restarttheDC1

server,andthentryagain.

Task2:ConfiguringWindowsFirewallRulesUsingGroupPolicy

1. SignintoDC1andopentheGroupPolicyManagementconsole,ifrequired.

2. NavigatetoForest:mcsalab.local\Domains\mcsalab.local\GroupPolicyObjects.

3. Right-clicktheGroupPolicyObjectsnode,andthenselectNew,asshowninthefollowingfigure.

4. IntheNametextboxtypeFirewallGPO,andthenclickOK.

5. ExpandGroupPolicyObjects,right-clickFirewallGPO,andthen

selectEdit.6. OntheGroupPolicyManagementEditorconsole,navigateto

ComputerConfiguration\Policies\WindowsSettings\SecuritySettings.

7. UndertheSecuritySettingsnode,expandWindowsFirewallwithAdvancedSecurity,andthenexpandtheWindowsFirewallwithAdvancedSecurity–LDAPnode,asshowninthefollowing

figure.

8. Selectandright-clickInboundRules,andthenselectNewRule,as


9. OntheNewInboundRuleWizard,ontheRuleTypepage,the

selectPredefinedradiobutton.

10. Inthedrop-downlist,selectRemoteDesktop,asshowninthefollowingfigure,andthenclickNext.

11. OnthePredefinedRulespage,clickNext.12. OntheActionpage,selecttheBlocktheconnectionradiobutton,

asshowninthefollowingfigure,andthenclickFinishtocloseNewInboundRuleWizard.

13. ClosetheGroupPolicyManagementEditorconsole.14. OpentheCommandPromptwindowandtypegpupdate/force,

andthenpressEnter.15. ClosetheCommandPromptwindow.16. OntheGroupPolicyManagementconsole,selectFirewallGPO

intheleftpane.17. Ifdisplayed,ontheInternetExplorerdialogboxclickClose18. Intherightpane,selecttheSettingstabandverifythatthe

InboundRulesareconfigured,asshowninthefollowingfigure.

19. ClosetheGroupPolicyManagementconsole.

Results:Aftercompletingthisexercise,youshouldhaveconfiguredAppLockerandWindowsFirewallrulesusingtheGroupPolicyManagementconsole.

ShutdownandreverttheDC1virtualmachine.

Hope,youhaveenjoyedagreatlearningexperiencewiththislearningguideandhopeyouwillprovidegreatratingtothislabguide.

Installing and Configuring Windows Server 2016 Hands-on Guide: Step By Step Lab Guide

Documents

Transcript of Installing and Configuring Windows Server 2016 Hands-on Guide: Step By Step Lab Guide