API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 10th, 2016
627
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.06 KB | None | 0 0
raw download clone embed print report
  1. # Windows Server 2012 Installing and configuring at Iverson on Jun 6-10, 2016 (20410D)
  2. ## Instructor
  3. > ทรัพยสิทธิ สร้อยสิงห์ (อุ้ย)
  4. > mailto:supsit_soysing@hotmail.com
  5. > Line:auy_goodman
  6. ## PC Env
  7. + 20410D-LON-DC1
  8. + Defaults password
  9. - Pa$$w0rd -> Windows Server 2012
  10. - P@ssw0rd -> Windows Server 2008
  11. + Common shortcuts you should know
  12. - Windows + R: Run command
  13. - mmc: Windows Management Console
  14. File -> Add/Remove Snap-in
  15. - Windows + E: My Computer
  16. + Unlicense: 30 days trials; otherwise, shutdown every 1 hour
  17. Run -> SLMGR -REARM (Required: restart; CMD -> shutdown /r)
  18. + \\10.66.2.173
  19. ## Module 1: Deploying and Managing Windows Server 2012
  20. + History of Windows Server:
  21. - 2003 -> 2003R2 -> (No HYPER-V)
  22. - 2008(!AD) -> 2008R2 -> (Semi HYPER-V)
  23. - 2012(!AD) -> 2012R2 (Full HYPER-V Move, Replica; Sync) x64 CPU
  24. + Editions
  25. - Standard (HYPER-V have 2 instances)
  26. - Datacenter (HYPER-V have unlimited instances)
  27. - HYPER-V Server
  28. + Server
  29. - Core: Server which has no mouse; CMD mode only.
  30. - GUI: Interactive gui mode
  31. + Roles: Management on AD
  32. - Server Manager -> Add roles or features (You can download manually from Microsoft)
  33. ### Installing
  34. - Optical disk
  35. - Flash drive
  36. - Windows Deployment Services(Installing from Add roles) i.e., WIM
  37. - SSCM: Addtitional reports i.e., how many instances, Forcing desktop console.
  38. - Installing modes
  39. - Upgrade
  40. - Custom
  41. ### Post-Installed Configuration
  42. + Server Manager
  43. - Local Server: to view overall information (Run -> sconfig)
  44. - Add roles or features
  45. - Windows Server Backup
  46. - Administrative tools
  47. - Event viewer: Logs viewer
  48. - System logs
  49. - Services(Automatic should have running status)
  50. - Netlogon
  51. + Windows Powershell (Caution: Run as administrator)
  52.  
  53. ## Module 2: Active Directory Domain Services
  54. + OS types
  55. - Client: XP, Vista, 7, 8, and 10
  56. - Server: 2003, 2008, and 2012
  57. + Control types
  58. - Workgroup: self management
  59. - Domain AD: Domain Controller(DC)
  60. - AD server: Manage users, group policy and etc.
  61. - 2003 - 2008: Run -> dcpromo
  62. - 2012: Add role -> Active Directory Domain Service (AD DS)
  63. - User: **(branch.)Domain\username**
  64. - Structures
  65. - 1 Forest ->
  66. - 1 Main Online FSMO(each AD have FSMO id, **choose manually by Admin**)/Operation Master (Run -> netdom query fsmo) ->
  67. - Global Catalog (GC) stored FSMO, users, and password (AD must GC -> FSMO)(2003 must choose) ->
  68. - Stored folder AD: NTDS(and SYSVOL; stored shared scripts gpo) a.k.a. SYSTEM STATE **backed up every day**
  69. - 5 Types of AD
  70. - 1st Single Domain: Usually used only once at the beginning
  71. - Additional Domain: Twin-single domain; every ADs have to exchange data every 15s(defaults)
  72. - Readonly Domain Controller(RO DC): It's a readonly additional domain 2008 up; Can't be fsmo
  73. - Child Domain: self management, Own GPO, Own users; not related to global; branch.DOMAIN; for example, a university
  74. - Domain Tree: Business domain; self management, Own GPO, Own users; not related to global and child; for example, co-op
  75. - Member server(Joinning AD): exchanges, Share point, File Server
  76. + Deploying AD
  77. - Define IP Addr
  78. - Network and Sharing Center -> Network Connection -> Ethernet Properties
  79. - Preferred DNS Server: It's a fsmo online
  80. - Alternative DNS Server: It's a migrated fsmo online
  81. - Disabled IPv6 features(Vice-versus)
  82. - Change computer name
  83. - Joined domain
  84. - Adding roles (Active Directory Domain Services; AD DS)
  85. - Selecting AD types
  86. - Add a new forest (Single domain)
  87. - Add a domain controller to an existing domain (Addtional domain and RO DC)
  88. - Add a new domain to an existing forest (Child domain and Domain tree)
  89. - Domain function level: minimum OS for domain AD
  90. + POST-Deployed AD
  91. - Deleting local address (127.0.0.1) out of Alternative DNS Server or switch fsmo IP Addr to Preferred DNS Server
  92. - Alternative DNS Server fill it with own AD IP Addr
  93. - Checking REPLICATION: Administrative tools -> Active Directory Sites and Services -> Sites -> Default-First-Site-Name -> Servers -> NTDS Settings -> Alt Click -> Relicate now
  94. - Issusing: Alt Click -> All Tasks -> Check Replication Topology
  95. - Checking DNS: by nslookup
  96. - Administrative tools -> DNS -> Reverse Lookup Zone -> Alt Click -> New Zone -> Primary Zone -> To all DNS servers running on domain controller in the domain -> IPv4 -> fill network ID
  97. - Administrative tools -> DNS -> Forward Lookup Zone -> Domain -> Alt Click -> fsmo(A Record) -> Checked Create associated pointer (PTR) record and Allow any authenticated user to update DNS records
  98. + Menu
  99. - Active Directory Domains and Trusts
  100. - Checking Forest AD type
  101. - Checking Trusts: Alt Click Domain -> Properties -> Trusts (For Child and Tree)
  102. - Active Directory Sites and Services
  103. - Checking REPLICATION
  104. - Showing how many AD servers and types
  105. - Domain tabs
  106. - Checking GC: Administrative tools -> Active Directory Sites and Services -> Sites -> Default-First-Site-Name -> Servers -> NTDS Settings -> Alt Click -> Properties -> Checked Global Catalog
  107. - Setting broadcast timeout
  108. - Active Directory Users and Computers
  109.  
  110. ## Module 3: Managing Active Directory Domain Services Objects
  111. + Menu
  112. - Active Directory Users and Computers
  113. > Enabled Advanced Features in View toolbars
  114. ### Elements
  115. + Organization Unit (OU): stored user objects i.e., country name
  116. - Root OU: Alt Click at Domain -> New -> Organization Unit
  117. - Sub OU: Alt Click at Root OU -> New -> Organization Unit
  118. > Deleting OU: Alt Click at OU -> Properties -> Object -> Unchecked Protect Object from accidental deletion
  119. + Users
  120. - Creating User objects: Alt Click at OU -> New -> User
  121. - Moving User objects: Just Drag and Drop or Alt Click at user -> Moves..
  122. - Resetting User Password: Alt Click at user -> Reset Password..
  123. - User Properties
  124. - Member of
  125. - General -> Description
  126. - Address
  127. - Account
  128. - Logon hours
  129. - Logon to..
  130. - Unlock Account
  131. - Searching User objects: Alt Click at Domain -> Find..
  132. + Groups: Alt Click at OU -> New -> Group
  133. - Group scope:
  134. - Domain local
  135. - Global
  136. - Universal: All
  137. - Group type:
  138. - Security: Shared folder, Exchanges, Outlook, etc.
  139. - Distribution: !Shared folder, Exchanges, Outlook
  140. - Properties menu
  141. - Members: Adding members into group
  142. - User into Group
  143. - Group into Group
  144. + Administrator priv:
  145. - Domain -> Bulletin
  146. - Domain -> Users container -> Enterprise Admins
  147. + Delegating control
  148. - Domain level: Usually only allow user join domain
  149. Alt Click at domain -> Delegate Control..
  150. - OU level: Usually only allow user create user in own OU
  151. Alt Click at OU -> Delegate Control..
  152. + Checking delegating control
  153. - Domain level: Alt Click at domain -> Properties -> Security tab -> Advanced
  154. - OU level: Alt Click at OU -> Properties -> Security tab -> Advanced
  155. + Remote Server Adminstration Tools(RSAT): mmc
  156. - For XP is admin pack
  157. ### Join Domain
  158. Checking
  159. > Active Directory Users and Computers -> Computers
  160. > Tools -> DNS
  161.  
  162. ### Unjoined Domain
  163. > Active Directory Users and Computers -> Computers -> Alt Click -> Reset Account
  164.  
  165. ### Setting REPLICATION time
  166. AD1 -> AD2 no time
  167. AD2 -> AD3 18.00 - 19.00
  168. AD3 -> AD4 19.00 - 20.00
  169. AD4 -> AD1 20.00 - 21.00
  170. > Active Directory Sites and Services -> Sites -> Alt Click -> New Site..
  171. > Then moved server into Site
  172. > Adding Subnet
  173. > Alt Click Inter-Site Transports -> IP -> New Site Link..
  174. > Alt Click -> Properties -> Set time and change schedule time
  175. > Disable schedule time of DefaultFirstSiteLink
  176.  
  177. ### FSMO Migation
  178. Start -> Run -> CMD
  179. regsvr32 schmmgmt.dll
  180. ntdsutil
  181. > role
  182. > connections
  183. > connect to server {ADDITIONAL AD NAME}
  184. > Q
  185. > seize infrastructure master [YES]
  186. > seize naming master [YES]; Win 2008-2012
  187. > seize Domainnaming master [YES]; Win 2003
  188. > seize PDC [YES]
  189. > seize RID master [YES]
  190. > seize schema master [YES]
  191. > Q
  192. > Q
  193.  
  194. ### Backed up AD (SYSTEM STATE)
  195. Add roles or features -> Windows Server Backup
  196. Tools -> Windows Server Backup -> Local Backup -> Backup once.. -> Different options -> Custom -> Checked System state -> ... -> Backup
  197. > Restore; every Additional AD must turn off; Downtime is required
  198. RUN -> msconfig -> boot tabs -> Checked Safe boot -> Active Directory repair (restart)
  199. Login by local:
  200. > \administrator
  201. Go to Tools -> Windows Server Backup -> Local backup -> Recovery
  202. > Logon locally again and unchecked RUN -> msconfig -> boot tabs -> Checked Safe boot -> Active Directory repair (restart)
  203.  
  204. ## Module 4: Managing Active Directory Domain Services Objects thought command line
  205.  
  206. ## Module 5: Implementing IPv4
  207. Network ID: 169.254.x.x (Default) in case of unconfig static IP Addr(No DHCP 67, 68)
  208. > Server normally used static IP
  209. ### IPv4
  210. - Public IP: Issuring by ISP; Assigned by IANA/RIR
  211. - Private IP:
  212. - 10.0.0.0 - 10.255.255.255
  213. - 172.16.0.0 - 172.31.255.255
  214. - 192.168.0.0 - 192.168.255.255
  215. ### Common CMD
  216. - hostname
  217. - set
  218. - ping {Url/IP}
  219. - ipconfig /all
  220. - ipconfig /release
  221. - ipconfig /renew
  222. - ipconfig /flushdns
  223. - nslookup
  224. - tracert {url}
  225. - telnet {IP} {Port}
  226.  
  227. ## Module 6: Implementing DHCP
  228. DHCP: Allocates IP Addr and distrubute to client
  229. Register Client records into DNS zones
  230. ### Process
  231. - Client sends a DHCPREQUEST packet
  232. - Sever send DHCPACK packet (Brocast)
  233. ### Limitations
  234. Only allow 1 account which was commited after installation to use.
  235. Active Directory Users and Computers -> User -> DHCP Users
  236.  
  237. ### Installing DHCP
  238. - Add roles or features -> DHCP Server
  239. - Tools -> DHCP Server
  240. - Alt Click IPv4 -> New Scope..
  241. - Adding exlusion for HA, locked MAC Addr
  242. - Adding WINS Servers
  243. - Alt Click -> Deactivate -> Activate again
  244.  
  245. ### Menu
  246. + Address Pool: Describing IP Addr pool
  247. + Address Leases: Showing client who already recevied IP Address
  248. + Reservation: Fixed MAC Addr
  249. + Scope Options: Showing information which cleint should receive
  250. 003 006 015 044 046
  251. + Statistics: Alt Click at IPv4 -> Display Statistics
  252. ### DHCP databases
  253. C:\Windows\System32\Dhcp
  254.  
  255. ### Backup DHCP
  256. Alt Click at Server -> Properties -> Change Backup Path
  257. Alt Click at Server -> Backup
  258. Alt Click at Server -> Restore
  259. Alt Click at IPv4 -> Reconcile
  260.  
  261. ### Troubleshooting
  262. Removing role -> Restore -> Adding role
  263.  
  264. ### DHCP Relay Agent (Required 2 NICs)
  265. + Rounting and Remote Access
  266. - Add roles or features -> Remote Access -> Checked Rounting
  267. - Tools -> Rounting and Remote Access -> Alt Click at server -> Configure and Enable -> Custom -> Lan Rounting
  268.  
  269.  
  270. ## Module 7: Implementing DNS (dnsmgmt.msc)
  271. > Come along with AD
  272.  
  273. ### Functions
  274. - Resolve host names to IP Addr
  275.  
  276. ### Zone Types
  277. + Primary zone:
  278. + Secondary zone: zone transfer (Unchecked store the zone in AD to prevent replication to other)
  279. + Stub zone: Bandwidth lower than 128 K (Unchecked store the zone in AD to prevent replication to other)
  280. (**checked store the zone in AD to replicate to additional**)
  281.  
  282. ### Types
  283. + Forward Lookup Zone: name to IP: Automatically created after promoted AD; Records joined domain
  284. - A: Host's IP Addr
  285. - MX: Mail Server; Higher priority
  286. - SRV: Service records
  287. - NS: Name Server
  288. - SOA: Main DNS of Start of authority
  289. - CNAME: Alias
  290. + Reverse Lookup Zone: IP to name: Manually create by yourself
  291. - PTR: Pointer
  292. - CNAME: Alias
  293.  
  294. ### Troubleshooting
  295. - ipconfig /flushdns
  296. - tracert {URL/IP}
  297. - restart service: Tools -> Services
  298. - netlogon
  299. - dns server
  300. - dns client
  301.  
  302. ### Query Process
  303. + Cached: Alt Click at Forward Lookup domain -> Properties -> Start of Authority(SOA) -> TTL
  304. + Root Hints: Alt Click at domain -> Properties -> Root hints
  305. + Forwarder: Otherwise, dns will forward to this forwarder
  306.  
  307. ### Change Zone Replication Scope
  308. - To all DNS servers running on DC in the forest: replicating to all DNS including site child
  309. - To all DMS servers running on DC in the domain: replicating only in Global
  310. - To all DC in the domain(for Windows 2000 compatibility)
  311.  
  312. ### Dynamics Update
  313. - Secure only: only joined domain
  314. - Nonsecure and secure: whether join or not
  315. - None:
  316.  
  317. ## Module 8: Implementing IPv6
  318. IPv6: 128 bits;
  319. IPv4 <-> IPv6: required ISATAP
  320.  
  321. ## Module 9: Disk
  322. EIDE < SATA < SCSI < SAS < SSD
  323.  
  324. ### RAID
  325. RAID 6
  326. RAID 10
  327.  
  328. ### Storage
  329. iSCSI Target Server
  330.  
  331. ### Disk Types
  332. + MBR < 2TB
  333. + GPT > 2TB
  334.  
  335. ### File Systems
  336. + FAT
  337. + NTFS
  338. + ReFS
  339.  
  340. ### Disk Clusters HA standby
  341. **Every file will store in central storage**
  342.  
  343. + ENV Setup
  344. LON-DC1 172.16.0.10 AD, Central Storage (Q:\ Clusters' config, F:\)
  345. LON-SVR1 172.16.0.11 Cluster1 -> Active state !AD
  346. LON-SVR2 172.16.0.12 Cluster2 -> Standby state !AD
  347. *Note: Windows firewall must close
  348.  
  349. [LON-DC1]
  350. - Add roles or features -> File and Storage Servies -> File and iSCSI Services -> iSCSI Target Server
  351. - Left action plan -> File and Storage Servies -> iSCSI -> Click Task -> New iSCSI Virtual Disk -> New iSCSI Target
  352. [LON-SVR1 & 2 connect to Storage]
  353. - Tools -> iSCSI initiator -> Discovery tabs -> Discover Portal -> Adding Cluster IP (LON-DC1) Port 3260
  354. - back to Targets tabs -> Seleting Q and Data connect
  355. [Active only LON-SVR1]
  356. - Tools -> Computer Management -> Disk Management
  357. - Alt Click to the Disk -> Online -> Initialize disks -> New Simple Disk
  358. [LON-SVR1 and LON-SVR2]
  359. - Add roles or features -> Failover Clustering
  360. [Active only LON-SVR1]
  361. - Tools -> Failover Cluster Manager -> Validate Configuration -> Run all test -> Finish
  362. -> Creating Cluster name and filling Cluster IP
  363. [After validation]
  364. - Storage -> Disks -> Alt Click at Add Disks
  365. *Owner node is telling which server is active
  366. - Choosing Q:\; Alt Click at HA Cluster -> More actions -> Configure Cluster Quorum Settings.. -> Advanced Quorum Configuration -> Checked all nodes -> Configure a disk
  367. - Choosing Quorum disk
  368. [Adding Cluster member]
  369. - Nodes -> Alt Click at add -> Run all test -> Choose both disks
  370. [Troubleshooting]
  371. - Restart active cluster
  372. - Using Cluster services
  373. - Failover Cluster Manager -> Nodes -> Alt Click active Node -> More actions -> Stop Cluster service ..... -> Start Cluster service
  374. [Cluster Delegation]
  375. - Alt Click at roles -> Configure Roles.. -> File Server -> File Server to general use -> Filling with reserved IP Addr
  376.  
  377. ## Module 10: Implementing shared folder
  378. + Usages
  379. - \\{Name/IP}
  380. + Setup
  381. - Design likely OU; every OU have groups
  382. - Creating folder likely OU
  383. - Alt Click -> Properties -> Sharing -> share -> Adding group -> Change settings -> Done
  384. -> Advanced sharing -> Permission tabs -> Delete everyone; Adding group + FULL CONTROL -> OK
  385. -> Security tabs -> Advanced -> Selecting the group -> Edit -> Applies to: "This folder only" -> Show advanced permission
  386. -> Unchecked {Create files / write data, Create folders / append data, Delete subfolders and files, Delete, Change Permission}
  387. - Go to sub folder -> Security tabs -> Edit -> Adding the group + FULL CONTROL -> Advanced -> Selecting the group -> Edit -> Applies to: "This folder only" -> Show advanced permission
  388. -> Unchecked {Create files / write data, Create folders / append data, Delete subfolders and files, Delete, Change Permission}
  389. - Go to user folder -> Properties -> Add FULL CONTROL but unchecked Delete
  390.  
  391. ## Module 11: Implementing Group Policy
  392. > Regulating for users and computers; Users have to join domain
  393. + Menu
  394. - Tools -> Group Policy Management
  395. + Implementing GRO at Company level
  396. > Only OU can see a group policy
  397. > Password policy should set on Default Domain Policy
  398. - Alt Click at Default Domain Policy -> Edit.. -> Computer Configuration -> Policies -> Windows Setting -> Security Setting -> Account Policy
  399. - Sub menu of Password Policy
  400. - Enforce password history: remember password history in order to prevent reusing previous password
  401. - Maximun password age: password's time
  402. - Minimum password age: user have to use password at least x day
  403. - Minimum password length: password's length have to more than x characters
  404. - Password must meet complexity requirements: lowercase, uppercase, numerical, characters, extra characters requirements
  405. - Store passwords using reversible encryption: User's password can be reversing to plain password
  406. - Sub menu of Account Lockout Policy
  407. - Account lockout duration: How much time user have to wait when meet account lockout threshold
  408. - Account lockout threshold: thresholding level of incorrecting authentication
  409. - Recent account lockout counter after
  410. + Group Policy regulating level
  411. - Domain: !child and !domainTree
  412. > Each policy has only an one regulation bacause of easier to suspend on unused policy
  413. - Alt Click at Domain -> Create a GPO in this domain
  414. - Alt Click at the GPO -> Edit -> ..
  415. - Organization unit
  416. - Alt Clcik at OU -> Create a GPO in this domain
  417. - Alt Click at the GPO -> Edit -> ..
  418. - Users, Computers, or Groups
  419. - Click at the GPO -> Scope tabs -> Security Filtering -> Adding user **Remove Authenticated user**
  420.  
  421. + Unreceived Policy
  422. - Domain: Alt Click at Domain -> Block Inheritance
  423. + Enforce: Alt Click at Policy -> Enforce
  424. + Suspending Policy: Alt Click at Policy -> unchecked Link Enabled
  425. + Checking received policy: Click at OU -> Linked Group Policy Object
  426. + Viewing detail policy -> Click at GPO -> Settings tabs -> Show All..
  427. + Group Policy Delegate Control
  428. - Domain: Click at Domain -> Delegation tabs
  429. - Organization Unit: Click at OU -> Delegation tabs
  430.  
  431. ### Command
  432. - gpupdate /force: instantly forcing to use policy for both SERVER/CLIENT
  433. - gpresult /r: displaying report GRO for CLIENT
  434.  
  435. ### Making GRO scripts e.g., map drive
  436. - Creating shared folder
  437. - "net use z: \\172.16.0.10\usa" saved to MAP_DRIVE.bat; run it; copy it
  438. - Create a GRO at OU -> Edit -> User Configuration -> Policy -> Windows Setting -> Script -> Logon
  439. - Alt Click at Logon -> Properties -> Show files; paste scripts
  440. - Click at Add.. -> Browse -> Selecting scripts
  441. - gpupdate /force: instantly forcing to use policy for both SERVER/CLIENT
  442. - gpresult /r: displaying report GRO for CLIENT
  443.  
  444. ### Preferences: Advanced GPO
  445.  
  446. ### Backup GPO
  447. - Alt Click at Group Policy Objects -> Backup All.. -> Browse saved folder
  448. - Restoration: Alt Click at Group Policy Objects -> Manage Backup..; Link an existing GPO
  449.  
  450. ## Disk Quota
  451. - Alt Click at a drive -> Properties -> Quota tabs -> Set limit
  452. - Click Quota Entries-> New Quota Entries -> Adding User and Set limit
  453.  
  454. ## Module 13: Hyper V
  455. Windows 8 up,
  456. > BIOS: Have to open Virtualization mode (Intel VT)
  457. - Client: Add Feature
  458. - Server: Add Roles
  459.  
  460. ### Configuring NIC
  461. - Virtual Switch Manager.. -> New virtual network switch..
  462. + Types
  463. - External: Connect to the Internet; Replicate Host NIC to Guest NIC
  464. - Internal: Intranet; shared folder Host and Guest can comminicate each other
  465. - Private: Private zone for testing
  466.  
  467. ### Creating VM
  468. - Creating stored vm folder
  469. - New -> Virtual Machine.. -> ..
  470.  
  471. ### Editting VM
  472. - Alt Click at the vm -> Settings -> ..
  473.  
  474. ### Snapshot VM (Check Points)
  475. - Alt Click at the vm -> Snapshot -> ..
  476.  
  477. ### Export
  478. - Turn Off/ Shutdown VM
  479. - Alt Click at the vm/or at snapshot -> Export -> ..
  480.  
  481. ### Import
  482. - Action -> Import ... -> Selecting Copy the virtual
  483.  
  484. ### Move.. and Replica
  485. - Move: move to different site
  486. - Replica: realtime export
  487.  
  488. ### Recover mouse pointer
  489. CTRL + ALT + Left cursor
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!