Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Windows Server 2012 Installing and configuring at Iverson on Jun 6-10, 2016 (20410D)
- ## Instructor
- > ทรัพยสิทธิ สร้อยสิงห์ (อุ้ย)
- > mailto:supsit_soysing@hotmail.com
- > Line:auy_goodman
- ## PC Env
- + 20410D-LON-DC1
- + Defaults password
- - Pa$$w0rd -> Windows Server 2012
- - P@ssw0rd -> Windows Server 2008
- + Common shortcuts you should know
- - Windows + R: Run command
- - mmc: Windows Management Console
- File -> Add/Remove Snap-in
- - Windows + E: My Computer
- + Unlicense: 30 days trials; otherwise, shutdown every 1 hour
- Run -> SLMGR -REARM (Required: restart; CMD -> shutdown /r)
- + \\10.66.2.173
- ## Module 1: Deploying and Managing Windows Server 2012
- + History of Windows Server:
- - 2003 -> 2003R2 -> (No HYPER-V)
- - 2008(!AD) -> 2008R2 -> (Semi HYPER-V)
- - 2012(!AD) -> 2012R2 (Full HYPER-V Move, Replica; Sync) x64 CPU
- + Editions
- - Standard (HYPER-V have 2 instances)
- - Datacenter (HYPER-V have unlimited instances)
- - HYPER-V Server
- + Server
- - Core: Server which has no mouse; CMD mode only.
- - GUI: Interactive gui mode
- + Roles: Management on AD
- - Server Manager -> Add roles or features (You can download manually from Microsoft)
- ### Installing
- - Optical disk
- - Flash drive
- - Windows Deployment Services(Installing from Add roles) i.e., WIM
- - SSCM: Addtitional reports i.e., how many instances, Forcing desktop console.
- - Installing modes
- - Upgrade
- - Custom
- ### Post-Installed Configuration
- + Server Manager
- - Local Server: to view overall information (Run -> sconfig)
- - Add roles or features
- - Windows Server Backup
- - Administrative tools
- - Event viewer: Logs viewer
- - System logs
- - Services(Automatic should have running status)
- - Netlogon
- + Windows Powershell (Caution: Run as administrator)
- ## Module 2: Active Directory Domain Services
- + OS types
- - Client: XP, Vista, 7, 8, and 10
- - Server: 2003, 2008, and 2012
- + Control types
- - Workgroup: self management
- - Domain AD: Domain Controller(DC)
- - AD server: Manage users, group policy and etc.
- - 2003 - 2008: Run -> dcpromo
- - 2012: Add role -> Active Directory Domain Service (AD DS)
- - User: **(branch.)Domain\username**
- - Structures
- - 1 Forest ->
- - 1 Main Online FSMO(each AD have FSMO id, **choose manually by Admin**)/Operation Master (Run -> netdom query fsmo) ->
- - Global Catalog (GC) stored FSMO, users, and password (AD must GC -> FSMO)(2003 must choose) ->
- - Stored folder AD: NTDS(and SYSVOL; stored shared scripts gpo) a.k.a. SYSTEM STATE **backed up every day**
- - 5 Types of AD
- - 1st Single Domain: Usually used only once at the beginning
- - Additional Domain: Twin-single domain; every ADs have to exchange data every 15s(defaults)
- - Readonly Domain Controller(RO DC): It's a readonly additional domain 2008 up; Can't be fsmo
- - Child Domain: self management, Own GPO, Own users; not related to global; branch.DOMAIN; for example, a university
- - Domain Tree: Business domain; self management, Own GPO, Own users; not related to global and child; for example, co-op
- - Member server(Joinning AD): exchanges, Share point, File Server
- + Deploying AD
- - Define IP Addr
- - Network and Sharing Center -> Network Connection -> Ethernet Properties
- - Preferred DNS Server: It's a fsmo online
- - Alternative DNS Server: It's a migrated fsmo online
- - Disabled IPv6 features(Vice-versus)
- - Change computer name
- - Joined domain
- - Adding roles (Active Directory Domain Services; AD DS)
- - Selecting AD types
- - Add a new forest (Single domain)
- - Add a domain controller to an existing domain (Addtional domain and RO DC)
- - Add a new domain to an existing forest (Child domain and Domain tree)
- - Domain function level: minimum OS for domain AD
- + POST-Deployed AD
- - Deleting local address (127.0.0.1) out of Alternative DNS Server or switch fsmo IP Addr to Preferred DNS Server
- - Alternative DNS Server fill it with own AD IP Addr
- - Checking REPLICATION: Administrative tools -> Active Directory Sites and Services -> Sites -> Default-First-Site-Name -> Servers -> NTDS Settings -> Alt Click -> Relicate now
- - Issusing: Alt Click -> All Tasks -> Check Replication Topology
- - Checking DNS: by nslookup
- - Administrative tools -> DNS -> Reverse Lookup Zone -> Alt Click -> New Zone -> Primary Zone -> To all DNS servers running on domain controller in the domain -> IPv4 -> fill network ID
- - Administrative tools -> DNS -> Forward Lookup Zone -> Domain -> Alt Click -> fsmo(A Record) -> Checked Create associated pointer (PTR) record and Allow any authenticated user to update DNS records
- + Menu
- - Active Directory Domains and Trusts
- - Checking Forest AD type
- - Checking Trusts: Alt Click Domain -> Properties -> Trusts (For Child and Tree)
- - Active Directory Sites and Services
- - Checking REPLICATION
- - Showing how many AD servers and types
- - Domain tabs
- - Checking GC: Administrative tools -> Active Directory Sites and Services -> Sites -> Default-First-Site-Name -> Servers -> NTDS Settings -> Alt Click -> Properties -> Checked Global Catalog
- - Setting broadcast timeout
- - Active Directory Users and Computers
- ## Module 3: Managing Active Directory Domain Services Objects
- + Menu
- - Active Directory Users and Computers
- > Enabled Advanced Features in View toolbars
- ### Elements
- + Organization Unit (OU): stored user objects i.e., country name
- - Root OU: Alt Click at Domain -> New -> Organization Unit
- - Sub OU: Alt Click at Root OU -> New -> Organization Unit
- > Deleting OU: Alt Click at OU -> Properties -> Object -> Unchecked Protect Object from accidental deletion
- + Users
- - Creating User objects: Alt Click at OU -> New -> User
- - Moving User objects: Just Drag and Drop or Alt Click at user -> Moves..
- - Resetting User Password: Alt Click at user -> Reset Password..
- - User Properties
- - Member of
- - General -> Description
- - Address
- - Account
- - Logon hours
- - Logon to..
- - Unlock Account
- - Searching User objects: Alt Click at Domain -> Find..
- + Groups: Alt Click at OU -> New -> Group
- - Group scope:
- - Domain local
- - Global
- - Universal: All
- - Group type:
- - Security: Shared folder, Exchanges, Outlook, etc.
- - Distribution: !Shared folder, Exchanges, Outlook
- - Properties menu
- - Members: Adding members into group
- - User into Group
- - Group into Group
- + Administrator priv:
- - Domain -> Bulletin
- - Domain -> Users container -> Enterprise Admins
- + Delegating control
- - Domain level: Usually only allow user join domain
- Alt Click at domain -> Delegate Control..
- - OU level: Usually only allow user create user in own OU
- Alt Click at OU -> Delegate Control..
- + Checking delegating control
- - Domain level: Alt Click at domain -> Properties -> Security tab -> Advanced
- - OU level: Alt Click at OU -> Properties -> Security tab -> Advanced
- + Remote Server Adminstration Tools(RSAT): mmc
- - For XP is admin pack
- ### Join Domain
- Checking
- > Active Directory Users and Computers -> Computers
- > Tools -> DNS
- ### Unjoined Domain
- > Active Directory Users and Computers -> Computers -> Alt Click -> Reset Account
- ### Setting REPLICATION time
- AD1 -> AD2 no time
- AD2 -> AD3 18.00 - 19.00
- AD3 -> AD4 19.00 - 20.00
- AD4 -> AD1 20.00 - 21.00
- > Active Directory Sites and Services -> Sites -> Alt Click -> New Site..
- > Then moved server into Site
- > Adding Subnet
- > Alt Click Inter-Site Transports -> IP -> New Site Link..
- > Alt Click -> Properties -> Set time and change schedule time
- > Disable schedule time of DefaultFirstSiteLink
- ### FSMO Migation
- Start -> Run -> CMD
- regsvr32 schmmgmt.dll
- ntdsutil
- > role
- > connections
- > connect to server {ADDITIONAL AD NAME}
- > Q
- > seize infrastructure master [YES]
- > seize naming master [YES]; Win 2008-2012
- > seize Domainnaming master [YES]; Win 2003
- > seize PDC [YES]
- > seize RID master [YES]
- > seize schema master [YES]
- > Q
- > Q
- ### Backed up AD (SYSTEM STATE)
- Add roles or features -> Windows Server Backup
- Tools -> Windows Server Backup -> Local Backup -> Backup once.. -> Different options -> Custom -> Checked System state -> ... -> Backup
- > Restore; every Additional AD must turn off; Downtime is required
- RUN -> msconfig -> boot tabs -> Checked Safe boot -> Active Directory repair (restart)
- Login by local:
- > \administrator
- Go to Tools -> Windows Server Backup -> Local backup -> Recovery
- > Logon locally again and unchecked RUN -> msconfig -> boot tabs -> Checked Safe boot -> Active Directory repair (restart)
- ## Module 4: Managing Active Directory Domain Services Objects thought command line
- ## Module 5: Implementing IPv4
- Network ID: 169.254.x.x (Default) in case of unconfig static IP Addr(No DHCP 67, 68)
- > Server normally used static IP
- ### IPv4
- - Public IP: Issuring by ISP; Assigned by IANA/RIR
- - Private IP:
- - 10.0.0.0 - 10.255.255.255
- - 172.16.0.0 - 172.31.255.255
- - 192.168.0.0 - 192.168.255.255
- ### Common CMD
- - hostname
- - set
- - ping {Url/IP}
- - ipconfig /all
- - ipconfig /release
- - ipconfig /renew
- - ipconfig /flushdns
- - nslookup
- - tracert {url}
- - telnet {IP} {Port}
- ## Module 6: Implementing DHCP
- DHCP: Allocates IP Addr and distrubute to client
- Register Client records into DNS zones
- ### Process
- - Client sends a DHCPREQUEST packet
- - Sever send DHCPACK packet (Brocast)
- ### Limitations
- Only allow 1 account which was commited after installation to use.
- Active Directory Users and Computers -> User -> DHCP Users
- ### Installing DHCP
- - Add roles or features -> DHCP Server
- - Tools -> DHCP Server
- - Alt Click IPv4 -> New Scope..
- - Adding exlusion for HA, locked MAC Addr
- - Adding WINS Servers
- - Alt Click -> Deactivate -> Activate again
- ### Menu
- + Address Pool: Describing IP Addr pool
- + Address Leases: Showing client who already recevied IP Address
- + Reservation: Fixed MAC Addr
- + Scope Options: Showing information which cleint should receive
- 003 006 015 044 046
- + Statistics: Alt Click at IPv4 -> Display Statistics
- ### DHCP databases
- C:\Windows\System32\Dhcp
- ### Backup DHCP
- Alt Click at Server -> Properties -> Change Backup Path
- Alt Click at Server -> Backup
- Alt Click at Server -> Restore
- Alt Click at IPv4 -> Reconcile
- ### Troubleshooting
- Removing role -> Restore -> Adding role
- ### DHCP Relay Agent (Required 2 NICs)
- + Rounting and Remote Access
- - Add roles or features -> Remote Access -> Checked Rounting
- - Tools -> Rounting and Remote Access -> Alt Click at server -> Configure and Enable -> Custom -> Lan Rounting
- ## Module 7: Implementing DNS (dnsmgmt.msc)
- > Come along with AD
- ### Functions
- - Resolve host names to IP Addr
- ### Zone Types
- + Primary zone:
- + Secondary zone: zone transfer (Unchecked store the zone in AD to prevent replication to other)
- + Stub zone: Bandwidth lower than 128 K (Unchecked store the zone in AD to prevent replication to other)
- (**checked store the zone in AD to replicate to additional**)
- ### Types
- + Forward Lookup Zone: name to IP: Automatically created after promoted AD; Records joined domain
- - A: Host's IP Addr
- - MX: Mail Server; Higher priority
- - SRV: Service records
- - NS: Name Server
- - SOA: Main DNS of Start of authority
- - CNAME: Alias
- + Reverse Lookup Zone: IP to name: Manually create by yourself
- - PTR: Pointer
- - CNAME: Alias
- ### Troubleshooting
- - ipconfig /flushdns
- - tracert {URL/IP}
- - restart service: Tools -> Services
- - netlogon
- - dns server
- - dns client
- ### Query Process
- + Cached: Alt Click at Forward Lookup domain -> Properties -> Start of Authority(SOA) -> TTL
- + Root Hints: Alt Click at domain -> Properties -> Root hints
- + Forwarder: Otherwise, dns will forward to this forwarder
- ### Change Zone Replication Scope
- - To all DNS servers running on DC in the forest: replicating to all DNS including site child
- - To all DMS servers running on DC in the domain: replicating only in Global
- - To all DC in the domain(for Windows 2000 compatibility)
- ### Dynamics Update
- - Secure only: only joined domain
- - Nonsecure and secure: whether join or not
- - None:
- ## Module 8: Implementing IPv6
- IPv6: 128 bits;
- IPv4 <-> IPv6: required ISATAP
- ## Module 9: Disk
- EIDE < SATA < SCSI < SAS < SSD
- ### RAID
- RAID 6
- RAID 10
- ### Storage
- iSCSI Target Server
- ### Disk Types
- + MBR < 2TB
- + GPT > 2TB
- ### File Systems
- + FAT
- + NTFS
- + ReFS
- ### Disk Clusters HA standby
- **Every file will store in central storage**
- + ENV Setup
- LON-DC1 172.16.0.10 AD, Central Storage (Q:\ Clusters' config, F:\)
- LON-SVR1 172.16.0.11 Cluster1 -> Active state !AD
- LON-SVR2 172.16.0.12 Cluster2 -> Standby state !AD
- *Note: Windows firewall must close
- [LON-DC1]
- - Add roles or features -> File and Storage Servies -> File and iSCSI Services -> iSCSI Target Server
- - Left action plan -> File and Storage Servies -> iSCSI -> Click Task -> New iSCSI Virtual Disk -> New iSCSI Target
- [LON-SVR1 & 2 connect to Storage]
- - Tools -> iSCSI initiator -> Discovery tabs -> Discover Portal -> Adding Cluster IP (LON-DC1) Port 3260
- - back to Targets tabs -> Seleting Q and Data connect
- [Active only LON-SVR1]
- - Tools -> Computer Management -> Disk Management
- - Alt Click to the Disk -> Online -> Initialize disks -> New Simple Disk
- [LON-SVR1 and LON-SVR2]
- - Add roles or features -> Failover Clustering
- [Active only LON-SVR1]
- - Tools -> Failover Cluster Manager -> Validate Configuration -> Run all test -> Finish
- -> Creating Cluster name and filling Cluster IP
- [After validation]
- - Storage -> Disks -> Alt Click at Add Disks
- *Owner node is telling which server is active
- - Choosing Q:\; Alt Click at HA Cluster -> More actions -> Configure Cluster Quorum Settings.. -> Advanced Quorum Configuration -> Checked all nodes -> Configure a disk
- - Choosing Quorum disk
- [Adding Cluster member]
- - Nodes -> Alt Click at add -> Run all test -> Choose both disks
- [Troubleshooting]
- - Restart active cluster
- - Using Cluster services
- - Failover Cluster Manager -> Nodes -> Alt Click active Node -> More actions -> Stop Cluster service ..... -> Start Cluster service
- [Cluster Delegation]
- - Alt Click at roles -> Configure Roles.. -> File Server -> File Server to general use -> Filling with reserved IP Addr
- ## Module 10: Implementing shared folder
- + Usages
- - \\{Name/IP}
- + Setup
- - Design likely OU; every OU have groups
- - Creating folder likely OU
- - Alt Click -> Properties -> Sharing -> share -> Adding group -> Change settings -> Done
- -> Advanced sharing -> Permission tabs -> Delete everyone; Adding group + FULL CONTROL -> OK
- -> Security tabs -> Advanced -> Selecting the group -> Edit -> Applies to: "This folder only" -> Show advanced permission
- -> Unchecked {Create files / write data, Create folders / append data, Delete subfolders and files, Delete, Change Permission}
- - Go to sub folder -> Security tabs -> Edit -> Adding the group + FULL CONTROL -> Advanced -> Selecting the group -> Edit -> Applies to: "This folder only" -> Show advanced permission
- -> Unchecked {Create files / write data, Create folders / append data, Delete subfolders and files, Delete, Change Permission}
- - Go to user folder -> Properties -> Add FULL CONTROL but unchecked Delete
- ## Module 11: Implementing Group Policy
- > Regulating for users and computers; Users have to join domain
- + Menu
- - Tools -> Group Policy Management
- + Implementing GRO at Company level
- > Only OU can see a group policy
- > Password policy should set on Default Domain Policy
- - Alt Click at Default Domain Policy -> Edit.. -> Computer Configuration -> Policies -> Windows Setting -> Security Setting -> Account Policy
- - Sub menu of Password Policy
- - Enforce password history: remember password history in order to prevent reusing previous password
- - Maximun password age: password's time
- - Minimum password age: user have to use password at least x day
- - Minimum password length: password's length have to more than x characters
- - Password must meet complexity requirements: lowercase, uppercase, numerical, characters, extra characters requirements
- - Store passwords using reversible encryption: User's password can be reversing to plain password
- - Sub menu of Account Lockout Policy
- - Account lockout duration: How much time user have to wait when meet account lockout threshold
- - Account lockout threshold: thresholding level of incorrecting authentication
- - Recent account lockout counter after
- + Group Policy regulating level
- - Domain: !child and !domainTree
- > Each policy has only an one regulation bacause of easier to suspend on unused policy
- - Alt Click at Domain -> Create a GPO in this domain
- - Alt Click at the GPO -> Edit -> ..
- - Organization unit
- - Alt Clcik at OU -> Create a GPO in this domain
- - Alt Click at the GPO -> Edit -> ..
- - Users, Computers, or Groups
- - Click at the GPO -> Scope tabs -> Security Filtering -> Adding user **Remove Authenticated user**
- + Unreceived Policy
- - Domain: Alt Click at Domain -> Block Inheritance
- + Enforce: Alt Click at Policy -> Enforce
- + Suspending Policy: Alt Click at Policy -> unchecked Link Enabled
- + Checking received policy: Click at OU -> Linked Group Policy Object
- + Viewing detail policy -> Click at GPO -> Settings tabs -> Show All..
- + Group Policy Delegate Control
- - Domain: Click at Domain -> Delegation tabs
- - Organization Unit: Click at OU -> Delegation tabs
- ### Command
- - gpupdate /force: instantly forcing to use policy for both SERVER/CLIENT
- - gpresult /r: displaying report GRO for CLIENT
- ### Making GRO scripts e.g., map drive
- - Creating shared folder
- - "net use z: \\172.16.0.10\usa" saved to MAP_DRIVE.bat; run it; copy it
- - Create a GRO at OU -> Edit -> User Configuration -> Policy -> Windows Setting -> Script -> Logon
- - Alt Click at Logon -> Properties -> Show files; paste scripts
- - Click at Add.. -> Browse -> Selecting scripts
- - gpupdate /force: instantly forcing to use policy for both SERVER/CLIENT
- - gpresult /r: displaying report GRO for CLIENT
- ### Preferences: Advanced GPO
- ### Backup GPO
- - Alt Click at Group Policy Objects -> Backup All.. -> Browse saved folder
- - Restoration: Alt Click at Group Policy Objects -> Manage Backup..; Link an existing GPO
- ## Disk Quota
- - Alt Click at a drive -> Properties -> Quota tabs -> Set limit
- - Click Quota Entries-> New Quota Entries -> Adding User and Set limit
- ## Module 13: Hyper V
- Windows 8 up,
- > BIOS: Have to open Virtualization mode (Intel VT)
- - Client: Add Feature
- - Server: Add Roles
- ### Configuring NIC
- - Virtual Switch Manager.. -> New virtual network switch..
- + Types
- - External: Connect to the Internet; Replicate Host NIC to Guest NIC
- - Internal: Intranet; shared folder Host and Guest can comminicate each other
- - Private: Private zone for testing
- ### Creating VM
- - Creating stored vm folder
- - New -> Virtual Machine.. -> ..
- ### Editting VM
- - Alt Click at the vm -> Settings -> ..
- ### Snapshot VM (Check Points)
- - Alt Click at the vm -> Snapshot -> ..
- ### Export
- - Turn Off/ Shutdown VM
- - Alt Click at the vm/or at snapshot -> Export -> ..
- ### Import
- - Action -> Import ... -> Selecting Copy the virtual
- ### Move.. and Replica
- - Move: move to different site
- - Replica: realtime export
- ### Recover mouse pointer
- CTRL + ALT + Left cursor
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement