MCSA: Windows Server 2016 (70-740)

“Installation Storage and Computers with Windows Server 2016”

MCTS certification exam course offers you a brief overview of server-side OS, Virtualization, Active Directory, Domain Controller, DHCP, Implementing DNS, Implementing Group policies, AD sign-in process, solution for central and secured management of networking objects and other schemas.

Many of us are using the Microsoft operating system — Windows 10/8/7. This is called Client OS. For connecting to the server, we will use Microsoft Windows Server, this is called Server OS.

Why do we need to use this?

Suppose, a company is using multiple data centers but these need to be managed centrally and securely. Here comes a directory solution among various solutions, which is Microsoft Active Directory Domain Services. If you want to use Microsoft Active Directory Domain Services, we will implement Active Directory service on Windows server.

There are many Windows Server editions available, such as — Foundations, Essentials, Standard, Data Center.

Server Hardware:

3 types of hardware we can see:

  1. Tower Server
  2. Rack Server
  3. Blade Server
Blade Server Chassis [Image source: wikipedia.com]

Currently, the Blade server is used in many companies. Mainly, this server hardware has a chassis [ like a dish plate] where you can implement multiple server blades, where required CPU, ram, storage, network controller, and other things have already been built into it. So, it can supply power to multiple servers using one chassis. The cable can be managed easily and can be configured or replaced if any problem occurs.

Active Directory:

A directory service, which can manage all networking objects, users, groups, computers centrally and securely. AD actually stores the same windows server information, works as a central database of a Domain Controller.
So, we can say, Active directory is a collection of services (Server Roles and Features) used to manage identity and access for and to resources on a network.

Active Directory

Domain Controller:

Using Active Directory Domain Service [ AD DS], when we install an active directory on a windows server that is called Domain Controller.It authenticates users, stores user account information, and enforces security policy for a Windows domain.

Active Directory Components:

  1. Partitions
  2. Schemas
  3. Domain
  4. Domain Trees
  5. Sites
  6. Organisational Units
  7. Forest
  8. Containers
  1. Domain Controller
  2. Global Catalog
  3. Data Stores
  4. RODCs [ Read-Only Domain Controller]

Active Directory Datastores:

In AD DS database file, which is formatted as ntds.dit. This stores AD data and manages the DC. Domain controllers host and replicate the directory service database inside the forest.

For sharing folders, SYSVOL — system volume is a special directory in the Domain controller. The default location is %SYSTEMROOT%\SYSVOL\sysvol for the shared folder, It is the repository for all of the active directory files.

AD has also a feature of multi-master replication. When we connect servers under one domain, we can get any files, information or changes happen in files from one server named SRV1 to another server SRV2 and vice versa, any data from SRV2 to SRV1.

Active Directory Sign in process:

Kerberos Authentication — It is the most secure authentication. Kerberos is the authentication protocol. KDC [Key Distribution Center] has two servers at least; KDC provides a secure session key and ticket according to the user’s request.

  1. Authenticating Server: At first the user from a computer will request a server to gain the file access. Login with the user ID and password. The encrypted password will pass to the Authenticating Server as key, to authenticate the user. After comparing the key, which is an encrypted password with the stored password. It will provide users with a ticket, Ticket Granting Ticket.
  2. Ticket Granting Server [TGS]: User’s ticket will route the Ticket Granting Server [TGS] where Authenticating Server has provided the ticket info to TGS as a key. Again, it will check the user ticket authentication with server one.
  3. File Server: After completing the authentication, TGS will provide a token to the user to request the file server. This token is almost like a movie ticket, with a movie ticket, we can watch a movie only for a specific time in a specific hall room. This token also works like this. This will let in the user for a specific period of time with the permitted files.
  4. Login: So lastly, the user token will route to the file server. File server also cross-checks the token information which it got from TGS and permits the user to log in.

RODC and Bitlocker are also used for security purposes.

Global Catalog:

When we have multiple DC installed in one domain, we make a Domain Controller as a global catalog. A global catalog replicates the information of every object in a tree and forest. and user login will be ensured through the global catalog.
By default, a global catalog is created automatically on the first domain controller in the forest, but any domain controller can be made into a global catalog.

Organisational Units (OU):

It is almost similar to a group. But we can apply the policy in OU. OU has users, computers. Delegate permission to administer a group of objects. Mainly created according to the company’s departments or hierarchical structure-wise.

Groups:

Distribution Group: This group is only for email communication and sharing files. But no permission can be given.

Security Group: Here every user got a SID and security permission assigned to the group, then all users will get the access of files. Different roles can be assigned to users to permit them to do the specific task.

Forest:

A combination of one or multiple domains in a single hood is called forest.

Domain — is the root of the single forest.

Forest Example

Operational Master Roles:

There are certain functions that can be handled by only one domain controller at a time, Active Directory uses Flexible Single Master Operations (FSMO) roles, also known as operations master roles.

FMSO role
  1. Domain Naming Master
  2. Schema Master
  1. RID master- Relative ID master
  2. PDC emulator — Primary Domain Controller emulator
  3. Infrastructure master

Dynamic Host Configuration Protocol:

In this topic you need to have a basic knowledge over IP address, MAC address, subnetting.

Dynamic Host Configuration Protocol (DHCP) services automatically assign IP addresses and related parameters (including subnet mask and default gateway and length of the lease) so that a host can immediately communicate on an IP network when it starts.

DHCP uses the DORA method to provide a user with an IP address.

Discover — In this section, a DHCP client searches for a DHCP server by broadcast in the network.

Offer — One DHCP server offers the DHCP client that it can provide the client IP address.

Request — DHCP client receives that message and requests the server to provide the client with available IP.

Acknowledge — DHCP server acknowledged the request and provided the IP to the client which is available at that time.

Discover Offer Request Acknowledge [ DORA] method

One IP address isn’t always available for that specific client. It routes client to client regarding the duration of usability of that IP address. In DHCP scope, we can set a valid range of available IP addresses to provide the client, lease to client computers on a particular subnet.

Sometimes we can reserve some IP addresses in the DHCP database for higher authorities.

Multiple DHCP servers can be implemented in servers, but each server must share a unique IP address. One DHCP server can have this range of IP, example— 192.168.10.0 to 192.168.10.254. Another one must have this — 192.168.11.0 to 192.168.11.254

FQDN — Fully Qualified Domain Name structure

When we have a server computer / host, which we add to a domain; then we get a domain name like this — Hostname.domain. This pattern is called Fully Qualified Domain Name [ FQDN]

For the FQDN result.bist.com, the TCP/IP hostname is result and its domain is bist.com. The “result” is the part of netbios.

That means in an address — the name we got before a dot [.] is the part of netbios.

Domain Name System

DNS or Domain Name System is like a phonebook on the internet. When we save a contact in our phone. We put a name over their mobile number and also have other information about them. So, like that, when we call — medium.com at the address bar. The DNS server translates the domain name to the IP address so browsers can load Internet resources.

We can resolve hostnames to IP addresses, vice versa. It can locate global catalog and also if someone hits on the server for sending an email it locates the mail server to deliver the email.

DNS Zone:

Forward Lookup Zone: We call by hostname

Reverse Lookup Zone: We call by IP address

There are also many DNS records:

  1. Host records
  2. Mail records
  3. State of Authority
  4. Cname
  5. Mail Record

Forest Functional Level

In Active Directory, you can have domain controllers running different versions of Windows servers, such as Windows 2000, Windows Server 2003, or Windows Server 2008.
The forest functional level depends on which Windows Server operating system versions are running on the domain controllers in that forest.
You can add any DC only using the same Windows Server operating system version or above.

Domain Functional Level

In Domain Functional Level, it depends on which Windows Server operating system versions are running on the domain controllers in that domain.
As a domain keeps under a forest. So, the Server OS version we used in forest, must use that version or above in the domain to install DC.

Local Storage:

  1. ECSI
  2. SATA
  3. SCSI
  4. SAS
  5. SSD

This device performance increased serially. The IOPM [ Input Output per Minute] is the performance measurement scale. SSD is the best because it reads very fast. Approx. 1.5 mio IOPM. Basically, choose your device according to applications read-write on the device.

DAS — Direct Attached Storage — it is attached with the server and it can be configured very easily. But the performance got a little bit slower.

DAS Storage [Image Source: petri.com]

NAS — Network Attached Storage — There are multiple servers connected through IP within a network. It can easily share the files to the client PC.

NAS Storage [Image Source: petri.com]

SAN — Storage Area Network — This is the most reliable, faster storage. We can connect multiple servers in the SAN switch port with individual HBA [ Host Bus Adapter] for individual servers. To configure the SAN switch, HBA cards have WWID [ World Wide ID] to keep themselves unique. Without it we cannot share any resources. To ensure high performance, we use SAN storage to write high end applications faster.

SAN Storage [Image Source: petri.com]

Another way to restore the data if a single server goes down is “Redundant Array Independent Disk” [RAID].

RAID is basically a data storage technology which combines multiple physical disks into one single logical unit to prevent data loss, improve data redundancy.
RAID provides fault tolerance by using:

  1. Disk Mirroring
  2. Parity Information
  3. Increase performance benefits by spreading disk I/O across multiple disks
  4. It can be configured using several different levels
  5. It should not replace server backups

A number of standard schemes have evolved. These are called levels. The RAID levels are:
RAID 0 — This has 2 disks, which stores by stripe. Stripe means — One data fills in disk1, then the 2nd data will fill in the disk2. This is how it will store data on disks.
RAID 1 — This mirrors the data of the both disk. Mirrors means — Copying the files in other disk. It copies very slowly
RAID 5 — It also stores data by stripe but has a parity disk which mirrors the whole disk. It has 5 disks.
RAID 6 — It also stores data by stripe but has two parity disks which mirror the whole disk. It has 6 disks.
RAID 0 + 1 — It is widely used and gives high performance. It is a combination of RAID 0 and RAID 1 disks. Data is stored by stripe. The same data gets mirrored in other disks. So there is less risk of losing data.

Bridge Head Server — AD sites and services

Sites are associated with IP subnets ;

  1. Used to manage replication traffic
  2. Used to manage client logon traffic
  3. Used to assign group policy objects to all users and computers in a company location.

AD sites represent the location of DCs in a single server. AD sites and services provide the benefits of managing organizations that have branches in different locations, but fall under the same forest.

A bridghead used for the replication within multiple DCs in a single sites. It also helps to control the data replication from one server to another.

Suppose, there are 3 data centers of a company which are located in different locations. The 3 sites has multiple Domain Controller, As AD has multimaster replication features so all data will replicate within each site’s DC to another sites. To make it easier, we can set a DC as a BridgeHead server from a single server. So that data only replicates via server head to server head, not all site’s DC at a time. Then it will replicate within the site’s Domain Controller.

Group Policy:

Group Policy is one of the most powerful features of Active Directory that controls the working environment for user accounts and computer accounts.
Group Policy provides centralized management and configuration of operating systems, applications, and user settings in an Active Directory environment.

Group Policy Object is the set of Group Policy Setting. Group Policy setting is the implementation of a single specific user, windows, computer policy to prevent data breach, solidify the security, imposing rules.

Group policy splits in two ways:

Group Policy Containers — In this section this keeps the updated record of the policy, the Policy Version.

Group Policy Template — here we can get the location of registry‑based policy settings and also group policy settings.

In this blog you will get an overview of the course, not get 100% topic coverage. Please do googling with the topic names and watch YouTube videos regarding the topics if you got puzzled.
#HappyLearning #ShareOpportunities

Leave A Comment

To Top