WINDOWS SERVER ADMINISTRATION

Learning assumed to be in place

ITLSN601: Small Networks

Elements of competence and performance criteria

Learning units describe the essential outcomes of a competence.

Performance criteria describe the required performance needed to demonstrate achievement of the learning unit.

By the end of the module, the trainee will be able to:

Elements of competence Performance criteria

1. Prepare Windows Operating System 1.1 Proper description of Windows operating system
Environment based on client-side and server-side OS
1.2 Proper selection of hardware requirements
according to the OS manuals
1.3 Install and configure systematically windows OS
based on OS instructions of its installation
1.4 Proper testing of the running computer
2. Promote the server to a Domain controller 2.1 Proper description of active directory in
accordance with domain services
2.2 Proper description of active directory based on
components
 2.3 Proper installation of active directory based on
windows server version
2.4 Correct management of user, group, and
organization unit according to the security measures

3. Join the client to the domain 3.1 Proper configuration of IP address respecting the
format of IP versions
3.2 Set properly the name of the client computer in
accordance with the recognition of user friendly
3.3 Proper addition of the client to the domain
according to the network segment and domain
configured

4.1 List Properly group policy sections, Components

4. Implement Group Policy Object (GPO) of group policy structure in accordance with the
understanding
4.2 Implement properly group policy, general steps,
requirements, group policy object editor, group policy
management console based on the task to be performed
4.3 proper selection of delegation control based on the
task to be performed

5. Install and configure server services 5.1 Proper installation of DHCP respecting the process
5.2 Proper installation and Configuration of DNS
service according to the DNS parameters
5.3 Proper installation of IIS service in line with
server HTTP protocol configuration
5.4 Proper installation of ftp service in accordance
with the task to perform
6. Implement mail Server Service 6.1 Proper description of exchange server as per role
6.2 List properly exchange server components,
services, and protocols in accordance with the
understanding
6.3 Proper installation and administration of Microsoft
outlook based on delivering message within/out of
enterprise
 6.4 Proper testing of exchange server according to the
configured user communication

7. Apply virtualization 7.1 Proper description of Virtualization accordance

with the understanding
7.2 List properly virtualization types accordance with
server infrastructure
7.3 Proper description of cloud computing based on
trending technologies and existing resources
7.4 Proper description of hypervisor
7.5 Proper installation and configuration of V-
switching, routing, Xen and Vmware platforms
Objectives
⚫ This course provides hands on experience installing and configuring
Windows Server 2012 R2. Students will perform full installations, configure
and tune the server and assign roles and services. Attendees will practice local
and remote administration of security, network, data and hardware in hands
on labs. After installing an Active Directory domain controller, students will
create and assign users, groups, permissions, rights, policies and profiles.
Attendees will configure and troubleshoot the TCP/IP networky. Also covered
are many aspects of local security, such as group policy objects (GPO), rights
and permissions. Students will learn to use enterprise tools such as File Transfer
Protocal (FTP ).They will also configure NAT, Exchange server 2010,Web
server, Esxi server, RAID. Comprehensive labs and exercises give the
students real experience deploying, managing and troubleshooting the
Windows 2012 r2 infrastructure.
1
 1. Computer networking
Definitions of Some terms:
1.1.1. Networking
⚫ In the world of computers, networking is the practice of
linking two or more computing devices together for the
purpose of sharing data and resources. Networks are built
with a mix of hardware and software.
1.1.2. Protocol
⚫ In computing, a protocol is a set of rules which is used by
computers to communicate with each other across a
network.

2
1.1.3. Internet Protocol (IP)
⚫ The Internet Protocol (IP) is the method or protocol by which
data is sent from one computer to another on the Internet.
⚫ Each computer (known as a host) on the Internet has at least one
IP address that uniquely identifies it from all other computers on
the Internet.
⚫ There exist two versions of IP, IPv4 and IPv6.
 1.2. Transport Control Protocol (TCP)
and User Datagram Protocol (UDP)
⚫ These are two types of internet protocol (IP) traffic TCP and
UDP, and both have very different uses.
1.2.1. TCP
⚫ Transmission Control Protocol is a connection-oriented
protocol, a connection can be made from client to server,
and from then on, any data can be sent along that connection.
⚫ It is Reliable - when you send a message along a TCP
socket, you know it will get there unless the connection fails
completely. If it gets lost along the way, the server will re-
request the lost part. This means complete integrity, things
don't get corrupted.
3
 ⚫ It is Ordered - if you send two messages along a connection, one
after the other, you know the first message will get there first.
⚫ You don't have to worry about data arriving in the wrong order.
⚫ It is Heavyweight - when the low level parts of the TCP
"stream" arrive in the wrong order, resend requests have to be
sent, and all the out of sequence parts have to be put back
together, so requires a bit of work to piece together

4
1.2.2. UDP
⚫ User Datagram Protocol is a simpler message-based connectionless
protocol. With UDP you send messages (packets) across the
network in chunks.
⚫ It is Unreliable - When you send a message, you don't know if
it'll get there, it could get lost on the way.
⚫ It is Not ordered - If you send two messages out, you don't know
what order they'll arrive in.
⚫ It is Lightweight – there is no ordering of messages, no tracking
connections, etc. This means it's a lot quicker, and the network card
/ OS have to do very little work to translate the data back from the
packets.
1.5. Class full Network
⚫ There are five classes of IP addresses. Each class is identified by a
letter from A to E.
⚫ These classes each have their own specificities in terms of
distribution of the number of bytes used to identify the network
or computers connected to the network:
□ An IP address class A has a net id part with only a single byte.
□ An IP address class B has a net id part with two bytes.
□ A Class C IP address has a net id part with three bytes.
□ IP addresses of classes D and E correspond to particular IP
addresses.

⚫ In order to identify which class an IP address, it is necessary to

examine the first bits of the address.
 ⚫ 1.5.1. Class A
⚫ An IP address class A has a single byte to identify the network
and three bytes to identify the hosts on the network.
⚫ A Class A network can contain up to more than 16 million hosts.
⚫ The first octet of a Class A IP address always begins with the bit
0, it is between 0 and 127, some values are reserved for special
purposes.
⚫ An example of IP address class A is 10.50.49.13.

7
⚫ 1.5.2. Class B
⚫ A Class B IP address has two bytes to identify the network
and two bytes to identify the machines on the network.
⚫ A class B network can contain up to 65534 hosts.
⚫ The first byte of a Class B IP address always begins with the
bit sequence 10, so it is between 128 and 191.
⚫ An example of IP address class B is 172.16.1.23.
 ⚫ 1.5.3. Class C
⚫ An IP address of class C has three bytes to identify the network
and a single byte to identify the machine on that network.
⚫ A Class C network can contain up to 254 hosts.
⚫ The first bytes of a Class C IP address always begins with the bit
sequence 110, it is between 192 and 223.

⚫ An example of a Class C IP address is: 192.168.1.34.

8 C
 ⚫ Class D
⚫ The Class D addresses are used for multicast communications.
The first bytes of a Class D IP address always begins with the bit
sequence 1110, so it is between 224 and 239.
⚫ An example of a class D IP address is: 224.0.0.1.
⚫ Class E
⚫ Class E addresses are reserved by IANA for use not determined.
Class E addresses begin with 240.0.0.0 and ends in
255.255.255.255.

9
10
 Network Devices
⚫ 1.6.1. Network Interface Card (NIC)
⚫ Any computer wanting to connect to a network will need a
Network Interface Card (NIC).
⚫ Each NIC has a unique address (the hardware address or MAC
address) which identifies that NIC.
⚫ This address is six pairs of hexadecimal bits separated by
colons(:). It looks similar to this: 00:a0:b0:59:29:09.
⚫ The hardware address is used by DHCP to identify a specific host.
It is also used by the Address Resolution Protocol (ARP) and
Reverse Address Resolution Protocol (RARP) to map hosts to IP
addresses.
11
 ⚫ 1.6.2.Wireless Networking
⚫ Wireless has become very popular in the recent few years.
⚫ One of the reasons for this includes the fact that wireless
networking, as the name states, does not require any network
cables.
⚫ Upgrading is as easy as replacing network cards and equipment
such as routers and switches.
⚫ Wireless networking equipment can also work along with the
traditional wired networking.

12
 ⚫ 1.6.3. Hub, Switch and Router
⚫ Hubs, switches, and routers are all devices that let you connect
one or more computers to other computers, networked devices,
or to other networks.
⚫ Each has two or more connectors called ports into which you
plug in the cables to make the connection.
⚫ Varying degrees of magic happen inside the device, and therein
lays the difference. I often see the terms misused so let's clarify
what each one really means

13 C
 ⚫ A hub is typically the least expensive, least intelligent, and least
complicated (Switch, Router). Its job is very simple: anything
that comes in one port is sent out to the others.That's it.
⚫ Every computer connected to the hub "sees" everything that
every other computer on the hub sees.
⚫ The hub itself is blissfully ignorant of the data being transmitted.
For years, simple hubs have been quick and easy ways to connect
computers in small networks.

14
 ⚫ A switch does essentially what a hub does but more efficiently.
By paying attention to the traffic that comes across it, it can
"learn" where particular addresses are. For example, if it sees
traffic from machine A coming in on port 2, it now knows that
machine A is connected to that port and that traffic to machine A
needs to only be sent to that port and not any of the others.
⚫ The net result of using a switch over a hub is that most of the network
traffic only goes where it needs to rather than to every port. On busy
networks this can make the network significantly faster.

15
 ⚫ network switch is a small hardware device that joins multiple
computers together within one local area network (LAN).
Technically, network switches operate at layer two (Data Link
Layer) of the OSI model
Or
⚫ In networks, a device that filters and forwards packets between
LAN segments. Switches operate at the data link layer (layer 2)
and sometimes the network layer (layer 3) of the OSI Reference
Model and therefore support any packet protocol.
⚫ LANs that use switches to join segments are called switched
LANs or, in the case of Ethernet networks, switched Ethernet
LANs.

Level
 ⚫ Router
Is a Network layer device that uses one or more metrics to
determine the optimal path along which network traffic should be
forwarded. Routers forward packets from network to another
based on network layer information.
Occasionally called a gateway(although this definition of Gateway is
becoming increasingly outdated
⚫ Network cables (coaxial cables, Twisted pair cables , Fiber
optic cables )

17
 2. Active Directory
⚫ Active Directory (AD) is a directory service (a software system that
stores, organizes and provides access to information in a directory)
created by Microsoft for Windows domain networks.
⚫ It is included in most Windows Server operating systems.
⚫ Active Directory provides a central location for network
administration and security. Server computers that run Active
Directory are called domain controllers.
⚫ An AD domain controller authenticates and authorizes all users and
computers in a Windows domain type network—assigning and
enforcing security policies for all computers and installing or updating
software.
⚫ For example, when a user logs into a computer that is part of a
Windows domain, Active Directory checks the submitted password and
determines whether the user is a system administrator or normaluser.
18
 Definitions
1. Operating System
⚫ The operating system is actually what makes a computer
useable. It handles the files and folders, the devices installed
on the computer and the external devices connected to the
computer.

19
2. Server
⚫ In information technology, a server is a computer program
that provides services to other computer programs (and their
users) in the same or other computers.

20
3. Client
⚫ A client is a piece of computer hardware or software that
accesses a service made available by a server.
⚫ The server is often (but not always) on another computer
system, in which case the client accesses the service by way
of a network
 Windows Server Administration

⚫ Windows Server Administration is anadvanced

computer networking topic that includes server installation
and configuration, server roles, storage, Active Directory and
Group Policy, file, print, and web services, remote access,
virtualization, application servers, troubleshooting,
performance, and reliability.

21
 What Are Domains and Forests?

The Active Directory service is a distributed database that stores and manages information about network

resources, as well as application-specific data from directory-enabled applications. Active Directory allows

administrators to organize objects of a network (such as users, computers, and devices) into a hierarchical

collection of containers known as the logical structure. The top-level logical container in this hierarchy is the

forest. Within a forest are domain containers, and within domains are organizational units.

Note

In Windows 2000 Server and Windows Server 2003, the directory service is named Active Directory. In

Windows Server 2008 and Windows Server 2008 R2, the directory service is named Active Directory

Domain Services (AD DS). The rest of this topic refers to Active Directory, but the information is also

applicable to Active Directory Domain Services.

Understanding domains and forests requires understanding the possible relationships they might have in Active

Directory. The relationships between these logical containers might be based on administrative requirements,

such as delegation of authority, or they might be defined by operational requirements, such as the need to

provide for data isolation. Service administrators can use domain and forest containers to meet a number of

specific requirements, including:

• Implementing an authentication and authorization strategy for sharing resources across a network

• Providing a mechanism for centralizing management of multiple domains and forests

• Providing an information repository and services to make information available to users and applications
 • Organizing objects of a network (such as users, computers, devices, resources, and application specific

data from directory-enabled applications) into a non-physical hierarchical structure

To learn more about domains and forests, you must first understand the logical and physical structures of Active

Directory. This section describes how those structures differ, and defines domains and forests in terms of the

logical structure.

The Logical Structure of Active Directory

Active Directory stores network object information and implements the services that make this information

available and usable to users. Active Directory presents this information through a standardized, logical structure

that helps you establish and understand the organization of domains and domain resources in a useful way. This

presentation of object information is referred to as the logical structure because it is independent of the physical

aspects of the Active Directory infrastructure, such as the domain controllers required for each domain in the

network.

Benefits of the Logical Structure

The logical structure provides a number of benefits for deploying, managing, and securing network services and

resources. These benefits include:

• Increased network security. The logical structure can provide security measures such as autonomy for

individual groups or complete isolation of specific resources.

• Simplified network management. The hierarchical nature of the logical structure simplifies configuration,

control, and administration of the network, including managing user and group accounts and all network

resources.

• Simplified resource sharing. The logical structure of domains and forests and the relationships

established between them can simplify the sharing of resources across an organization.

• Low total cost of ownership. The reduced administration costs for network management and the reduced

load on network resources that can be achieved with the Active Directory logical structure can

significantly lower the total cost of ownership.

An efficient Active Directory logical structure also facilitates the system integration of features such as Group

Policy, enabling desktop lockdown, software distribution, and administration of users, groups, workstations, and

servers. In addition, the logical structure can facilitate the integration of services such as Exchange 2000, public

key infrastructure (PKI), and domain-based distributed file system (DFS).

Components of the Logical Structure

The logical structure consists of leaf object and container object components that must conform to the

hierarchical structure of an Active Directory forest. Leaf objects are objects that have no child objects, and are

the most basic component of the logical structure. Container objects store other objects and occupy a specific

level within the forest hierarchy.

The relationships among the components of the logical structure control access to stored data and determine how

that data is managed across one or more domains within a single forest. The components that make up the Active

Directory logical structure are described in the following table.

Components of the Active Directory Logical Structure

Component Description

Organizational Organizational units are container objects. You use these container objects to arrange other

Units objects in a manner that supports your administrative purposes. By arranging objects in

organizational units, you make it easier to locate and manage them. You can also delegate

the authority to manage an organizational unit. Organizational units can be nested in other

organizational units.

You can arrange objects that have similar administrative and security requirements into

organizational units. Organizational units provide multiple levels of administrative

authority, so that you can apply Group Policy settings and delegate administrative control.
 This delegation simplifies the task of managing these objects and enables you to structure

Active Directory to fit your organization’s requirements.

Domains Domains are container objects. Domains are a collection of administratively defined objects

that share a common directory database, security policies, and trust relationships with other

domains. In this way, each domain is an administrative boundary for objects. A single

domain can span multiple physical locations or sites and can contain millions of objects.

Domain Trees Domain trees are collections of domains that are grouped together in hierarchical structures.

When you add a domain to a tree, it becomes a child of the tree root domain. The domain to

which a child domain is attached is called the parent domain.

A child domain might in turn have its own child domain. The name of a child domain is

combined with the name of its parent domain to form its own unique Domain Name System

(DNS) name such as Corp.nwtraders.msft. In this manner, a tree has a contiguous

namespace.

Forests A forest is a complete instance of Active Directory. Each forest acts as a top-level container

in that it houses all domain containers for that particular Active Directory instance. A forest

can contain one or more domain container objects, all of which share a common logical

structure, global catalog, directory schema, and directory configuration, as well as

automatic two-way transitive trust relationships. The first domain in the forest is called the

forest root domain. The name of that domain refers to the forest, such as Nwtraders.msft.

By default, information in Active Directory is shared only within the forest. In this way, the

forest is a security boundary for the information that is contained in that instance of Active

Directory.
 Site Objects Sites are leaf and container objects. The sites container is the topmost object in the

hierarchy of objects that are used to manage and implement Active Directory replication.

The sites container stores the hierarchy of objects that are used by the Knowledge

Consistency Checker (KCC) to effect the replication topology. Some of the objects located

in the sites container include NTDS Site Settings objects, subnet objects, connection

objects, server objects, and site objects (one site object for each site in the forest). The

hierarchy is displayed as the contents of the Sites container, which is a child of the

Configuration container.

By understanding the purpose and hierarchical structure of these components, you can complete a variety of

tasks, including installing, configuring, managing, and troubleshooting Active Directory. Although the logical

structure of Active Directory is a hierarchical organization of all users, computers, and other physical resources,

the forest and domain form the basis of the logical structure.

Forests, which are the security boundaries of the logical structure, can be structured to provide data and service

autonomy and isolation in an organization in ways that can both reflect site and group identities and remove

dependencies on the physical topology. Domains can be structured within a forest to provide data and service

autonomy (but not isolation) and to optimize replication with a given region.

This separation of logical and physical structures improves manageability and reduces administrative costs

because the logical structure is not impacted by changes in the physical structure, such as the addition, removal,

or reorganization of users and groups.

Note

• You can view and manage components of the logical structure by using the Active Directory Users and

Computers, Active Directory Domains and Trusts, and Active Directory Schema Microsoft Management

Console (MMC) snap-ins, and other tools.

Installing AD DS by using Server Manager

AD DS can be installed in Windows Server 2012 r2 by using the Add Roles Wizard in Server Manager, followed
by the Active Directory Domain Services Configuration Wizard, which is new beginning in Windows Server
2012 r2. The Active Directory Domain Services Installation Wizard (dcpromo.exe) is deprecated beginning in
Windows Server 2012 r2.

The following sections explain how to create server pools in order to install and manage AD DS on multiple
servers, and how to use the wizards to install AD DS.

Installing AD DS

To install AD DS by using Server Manager

1. In Server Manager, click Manage and click Add Roles and Features to start the Add Roles Wizard.

2. On the Before you begin page, click Next.

3. On the Select installation type page, click Role-based or feature-based installation and then
click Next.

4. On the Select destination server page, click Select a server from the server pool, click the name of the
server where you want to install AD DS and then click Next.

5. On the Select server roles page, click Active Directory Domain Services, then on the Add Roles and
Features Wizard dialog box, click Add Features, and then click Next.

6. On the Select features page, select any additional features you want to install and click Next.

7. On the Active Directory Domain Services page, review the information and then click Next.

8. On the Confirm installation selections page, click Install.

9. On the Results page, verify that the installation succeeded, and click Promote this server to a domain
controller to start the Active Directory Domain Services Configuration Wizard.
Important

If you close Add Roles Wizard at this point without starting the Active Directory Domain Services
Configuration Wizard, you can restart it by clicking Tasks in Server Manager.
 10. On the Deployment Configuration page, choose one of the following options:

o If you are installing an additional domain controller in an existing domain, click Add a domain controller to
an existing domain, and type the name of the domain (for example, emea.corp.contoso.com) or
clickSelect... to choose a domain, and credentials (for example, specify an account that is a member of the
Domain Admins group) and then click Next.

Note

The name of the domain and current user credentials are supplied by default only if the machine is domain-
joined and you are performing a local installation. If you are installing AD DS on a remote server, you need to
specify the credentials, by design. If current user credentials are not sufficient to perform the installation,
click Change... in order to specify different credentials.

o If you are installing a new child domain, click Add a new domain to an existing forest, for Select domain
type, select Child Domain, type or browse to the name of the parent domain DNS name (for example,
corp.contoso.com), type the relative name of the new child domain (for example emea), type credentials to
use to create the new domain, and then click Next.
o If you are installing a new domain tree, click Add new domain to an existing forest, for Select domain
type, choose Tree Domain, type the name of the root domain (for example, corp.contoso.com), type the DNS
name of the new domain (for example, fabrikam.com), type credentials to use to create the new domain, and
then click Next.

o If you are installing a new forest, click Add a new forest and then type the name of the root
domain (for example, tctit.local).

11. On the Domain Controller Options page, choose one of the following options:

o If you are creating a new forest or domain, select the domain and forest functional levels,
click Domain Name System (DNS) server, specify the DSRM password, and then click Next.

o If you are adding a domain controller to an existing domain, click Domain Name System (DNS)
server, Global Catalog (GC), or Read Only Domain Controller (RODC) as needed, choose
the site name, and type the DSRM password and then click next.

12. On the DNS Options page (which appears only if you install a DNS server), click Update DNS
delegation as needed. If you do, provide credentials that have permission to create DNS delegation
records in the parent DNS zone.

If a DNS server that hosts the parent zone cannot be contacted, the Update DNS Delegation option is not
available.

13. On the RODC Options page (which appears only if you install an RODC), specify the name of a group
or user who will manage the RODC, add accounts to or remove accounts from the Allowed or Denied
password replication groups, and then click Next.

For more information, see Password Replication Policy.

14. On the Additional Options page, choose one of the following options:

o If you are creating a new domain, type a new NetBIOS name or verify the default NetBIOS name of the
domain, and then click Next.

o If you are adding a domain controller to an existing domain, select the domain controller that you want to
replicate the AD DS installation data from (or allow the wizard to select any domain controller). If you are
installing from media, click Install from media path type and verify the path to the installation source files,
and then click Next.
You cannot use install from media (IFM) to install the first domain controller in a domain. IFM does not
work across different operating system versions. In other words, in order to install an additional domain
controller that runs Windows Server 2012 by using IFM, you must create the backup media on a Windows
Server 2012 domain controller.

15. On the Paths page, type the locations for the Active Directory database, log files, and SYSVOL folder
(or accept default locations), and click Next.

Important

Do not store the Active Directory database, log files, or SYSVOL folder on a data volume formatted with
Resilient File System (ReFS).

16. On the Review Options page, confirm your selections, click View script if you want to export the
settings to a Windows PowerShell script, and then click Next.

17. On the Prerequisites Check page, confirm that prerequisite validation completed and then click Install.

18. On the Results page, verify that the server was successfully configured as a domain controller. The
server will be restarted automatically to complete the AD DS installation.
DNS

The Domain Name System (aka DNS) is used to resolve human-readable hostnames like www.Dyn.com into
machine-readable IP addresses like 204.13.248.115. DNS also provides other information about domain names,
such as mail services.

But why is DNS important? How does it work? What else should you know?

Why is DNS important?

DNS is like a phone book for the Internet. If you know a person’s name but don’t know their telephone number,
you can simply look it up in a phone book. DNS provides this same service to the Internet.

When you visit http://dyn.com in a browser, your computer uses DNS to retrieve the website’s IP address
of 204.13.248.115. Without DNS, you would only be able to visit our website (or any website) by visiting its IP
address directly, such as http://204.13.248.115.

How does DNS work?

When you visit a domain such as dyn.com, your computer follows a series of steps to turn the human-readable
web address into a machine-readable IP address. This happens every time you use a domain name, whether you
are viewing websites, sending email or listening to Internet radio stations.

Step 1: Request information

The process begins when you ask your computer to resolve a hostname, such as visiting http://dyn.com. The first
place your computer looks is its local DNS cache, which stores information that your computer has recently
retrieved.

If your computer doesn’t already know the answer, it needs to perform a DNS query to find out.

Step 2: Ask the recursive DNS servers

If the information is not stored locally, your computer queries (contacts) your ISP’s recursive DNS servers.
These specialized computers perform the legwork of a DNS query on your behalf. Recursive servers have their
own caches, so the process usually ends here and the information is returned to the user.

Step 3: Ask the root nameservers

If the recursive servers don’t have the answer, they query the root nameservers. A nameserver is a computer
that answers questions about domain names, such as IP addresses. The thirteen root nameservers act as a kind of
telephone switchboard for DNS. They don’t know the answer, but they can direct our query to someone that
knows where to find it.

Step 4: Ask the TLD nameservers

The root nameservers will look at the first part of our request, reading from right to left — www.dyn.com — and
direct our query to the Top-Level Domain (TLD) nameservers for .com. Each TLD, such as .com, .org, and .us,
have their own set of nameservers, which act like a receptionist for each TLD. These servers don’t have the
information we need, but they can refer us directly to the servers that do have the information.

Step 5: Ask the authoritative DNS servers

The TLD nameservers review the next part of our request — www.dyn.com — and direct our query to the
nameservers responsible for this specific domain. These authoritative nameservers are responsible for knowing
all the information about a specific domain, which are stored in DNS records. There are many types of records,
which each contain a different kind of information. In this example, we want to know the IP address for
www.dyndns.com, so we ask the authoritative nameserver for the Address Record (A).

Step 6: Retrieve the record

The recursive server retrieves the A record for dyn.com from the authoritative nameservers and stores the record
in its local cache. If anyone else requests the host record for dyn.com, the recursive servers will already have the
answer and will not need to go through the lookup process again. All records have a time-to-live value, which
is like an expiration date. After a while, the recursive server will need to ask for a new copy of the record to
make sure the information doesn’t become out-of-date.

Step 7: Receive the answer

Armed with the answer, recursive server returns the A record back to your computer. Your computer stores the
record in its cache, reads the IP address from the record, then passes this information to your browser. The
browser then opens a connection to the webserver and receives the website

DNS
Description
Element
Nameserver Nameservers "point" your domain name to the company that controls its DNS settings. Usually,
this will be the company where you registered the domain name.

However, if your website is hosted by another company, sometimes they will provide
nameservers you need to point to instead.

Zone File Zone Files are simply the files that store all of your domain's DNS settings.

Your domain name's Zone File is stored on the company's nameserver.

A Record A Records point your domain name to an individual server using an IP address. An example IP
address is 123.4.67.5.

Every domain name has a primary A Record called "@," which controls what your domain
name does when some visits it directly.

You can also use A Records to point subdomains (for example subdomain.coolexample.com)
to a server's IP address.

CNAME CNAMEs point your subdomains to another server using a server name,
like server1.godaddy.com.

Most domain names have many CNAMEs.

Unlike A Records, CNAMEs cannot use IP addresses.

MX Records MX Records point your domain name's email to its email provider.

How to Setup and Configure DNS in Windows Server 2012

Setting up a Domain Name System (DNS) on Windows Server involves installing the DNS Server Role. This
tutorial will walk you through the DNS installation and configuration process in Windows Server 2012.

Microsoft Windows Server 2012 is a powerful server operating system capable of many different roles and
functions. However, to prevent overloading production servers with features and options that are never used,
Windows Server provides a modular approach in which the administrator manually installs the services needed.
To setup and configure DNS, one must install the DNS Server Role on Windows Server 2012.

Install DNS Server Role in Server 2012

To add a new role to Windows Server 2012, you use Server Manager. Start Server Manager, click the Manage
menu, and then select Add Roles and Features.
 Click Next on the
Add Roles and Features Wizard Before you begin window that pops up. (If you checked Skip this page by
default sometime in the past, that page will, of course, not appear.)

Now, it's time to select the installation type. For DNS servers, you will be selecting the Role-based or feature-
based installation.

Next, you will choose which server you

want to install the DNS server role on from the server pool. Select the server you want, and click next.
At this point, you will see a pop-up window informing you that some additional tools are required to manage the
DNS Server. These tools do not necessarily have to be installed on the same server you are installing the DNS
role on. If your organization only does remote administration, you do not have to install the DNS Server Tools.

However, in a crunch you may find yourself sitting at the server console or remotely using the console and
needing to manage the DNS Server directly. In this case, you will wish you had the tools installed locally. Unless
your company policy forbids it, it is typically prudent to install the management tools on the server where the
DNS will be housed. Now you should see
the Features window. No need to make any changes here; just click Next.

Next is an informational window about DNS Server and what it does, although one would assume that if you've
gotten this far, you are already aware of what it is. Click Next to move on.

This is the final confirmation screen before installation completes. You can check the box to Restart the
destination server automatically, if you like. Installing the DNS Server does not require a restart, but unless
you've planned for the downtime, keep that box unchecked, just in case.

The DNS Server role should now be

installed on your server. There should be a new DNS Role tile in your Server Manager.

Configure DNS Server in Server 2012

If you are an old pro with DNS server files, Windows Server 2012 does let you edit the files directly. However,
Microsoft recommends that you use the interface tools to avoid errors, especially if you are integrating DNS with
Active Directory.

If you want to use the command line to configure your DNS, use the dnscmd command. For those of us who
don't memorize TechNet for fun, a few clicks is all it takes.

Within Server Manager, to configure the DNS Server, click the Tools menu and select DNS. This brings up the
DNS Manager window. We need to
configure how the DNS server will work before adding any actual records. Select the DNS server to manage,
then click the Action menu, and select Configure a DNS Server. This brings up the Configure a DNS Server

wizard. There are three options here. You

can either: configure a forward lookup zone only, create forward and reverse lookup zone, or configure root hints
only.

A forward lookup zone allows you to do the standard DNS function of taking a name and resolving it into an IP
address.
A reverse lookup zone allows you to do the opposite, taking an IP address and finding its name. For example, if
a user is set up to print to a printer with an IP address of 10.20.12.114, but you need to know what name that
printer goes by so you can find it, a reverse lookup can help. ("Ah, hah! It's you Third Floor Vending Room
Printer #1. Why you give me so much trouble?)

Root hints only will not create a database of name records for lookups, but rather will just have the IP addresses
of other DNS servers where records can be found. If you already have DNS setup on your network, you'll
probably want to continue using the same configuration you already have. If not, use forward and backward for
most situations. (Backup zones typically don't hurt anything, and they are nice to have when the need arises.)

After you've made your section, click Next.

Now, you choose whether this server will maintain the zone, or if this server will have a read-only copy of the

DNS records from another server. Next

enter your zone name. If this is your first DNS server, then this needs to be the root zone name for your entire
organization. For example, my zone name might be arcticllama.com. If however, this server will be authoritative
only for a subset, and other DNS servers will be responsible for other zones, then the name will need to reflect
that. For example, us.arcticllama.com would be the zone name for just the American part of my vast corporate
empire :) Click next when you have entered the name.

Now, you need to choose the file name where the DNS records will be stored. The default filename is to add
a .dns extension to the name of the zone you chose in the previous window. Unless you have a corporate policy
stating otherwise, stick with the convention to make things easier on yourself down the line.
Next you select how this server will respond to Dynamic Updates. Although there are three choices here, only
two should actually be used in production. Select the first option to allow only secure dynamic updates if you
are integrating your DNS with Active Directory. Select do not allow dynamic updates if your DNS is not
integrated with Active Directory and you don't want to allow dynamic updates. Do not allow unsecured dynamic
updates unless you really know what you are doing and have a very good reason for doing so.

Up next is the option to configure forwarders. If your DNS server ever gets a query for which it has no record,
it can forward that request on to another DNS server to see if it has the answer.

For example, in order to provide name

resolution for internet connectivity, you can input your ISP name servers here, or use a DNS provider such as
OpenDNS. You can (and should) have more than one server listed in case a DNS server is unreachable for some
reason. The order forwarders are listed in is the order they are tried, so place your faster and most reliable
forwarder at the top of the list.
Click Next and your DNS server is now configured and ready for use.
 HOW TO JOIN CLIENTS TO A DOMAIN

We have shown you how to install Active Directory on your network, but it’s pointless to have a Domain
Controller unless you add your machines to the Domain, so today we’re going to cover how to do that.

Adding a Computer to an Active Directory Domain is not hard by any means, but there are 3 things you should
always remember:

• Rename the machine to a user friendly, recognizable name before adding it to the Domain.

• Make sure your DNS settings are pointing to the correct DNS Server for the domain.

• You have to have access to a Domain account that is part of the Domain Admins security group.

Joining a client to a Domain

Open Computer and click on the System Properties button.

Now click on the advanced system settings link on the left hand side.
When the advanced system settings open, switch to the computer name tab.
Click on the change button, from here you can change your Computers Name to a more friendly name.
Now switch the radio button, in the bottom section, from Workgroup to Domain. This will make the text box
become available.

Now type in the name of your domain, ours is howtogeek.local, but yours will be whatever you made it when
you set up Active Directory.
When you hit enter, or click ok, you will be asked for the user name and password of a Domain Admin user
account.

If you specify the correct credentials you will be welcomed to the Domain.
DHCP

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides an
Internet Protocol (IP) host with its IP address and other related configuration information such as the subnet
mask and default gateway.
Why use DHCP?

Every device on a TCP/IP-based network must have a unique unicast IP address to access the network and its
resources. Without DHCP, IP addresses for new computers or computers that are moved from one subnet to
another must be configured manually; IP addresses for computers that are removed from the network must be
manually reclaimed.

With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a pool of IP
addresses and leases an address to any DHCP-enabled client when it starts up on the network. Because theIP
addresses are dynamic (leased) rather than static (permanently assigned), addresses no longer in use are
automatically returned to the pool for reallocation.

The network administrator establishes DHCP servers that maintain TCP/IP configuration information and
provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores
the configuration information in a database that includes:

• Valid TCP/IP configuration parameters for all clients on the network.

• Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded

addresses.

• Reserved IP addresses associated with particular DHCP clients. This allows consistent
assignment of a single IP address to a single DHCP client.

• The lease duration, or the length of time for which the IP address can be used before a lease
renewal is required.

A DHCP-enabled client, upon accepting a lease offer, receives:

• A valid IP address for the subnet to which it is connecting.

• Requested DHCP options, which are additional parameters that a DHCP server is configured
to assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers, and
DNS Domain Name.

Benefits of DHCP

In Windows Server, the DHCP Server service provides the following benefits:
 • Reliable IP address configuration. DHCP minimizes configuration errors caused by manual
IP address configuration, such as typographical errors, or address conflicts caused by the assignment
of an IP address to more than one computer at the same time.

• Reduced network administration. DHCP includes the following features to reduce network
administration:

o Centralized and automated TCP/IP configuration.

o The ability to define TCP/IP configurations from a central location.

o The ability to assign a full range of additional TCP/IP configuration values by means
of DHCP options.

o The efficient handling of IP address changes for clients that must be updated frequently,
such as those for portable computers that move to different locations on a wireless network.

o The forwarding of initial DHCP messages by using a DHCP relay agent, which
eliminates the need for a DHCP server on every subnet.

Installing DHCP role via new Server Manager

• Ensure the computer has at least one static IP address assigned before starting the role
installation.

• Launch the Add Role Wizard from Server Manager.

• Select DHCP server role and go through the steps needed for installation.

• The last page of the wizard (which comes up after the role has been installed), provides a link
– “Complete DHCP configuration”. This provides some tasks that need to be performed to enable
the DHCP server role to work properly after role installation.
Figure 1: The last page of Add Role Wizard after DHCP role installation

• Launch the DHCP post-install wizard and complete the steps required.

• Creation of DHCP security groups (DHCP Administrators and DHCP Users). For these
security groups to be effective, the DHCP server service needs to be restarted. This will need to be
performed separately by the administrator.
Figure 2: DHCP Post-Install configuration wizard – Introduction Page

• Authorization of DHCP server in Active Directory (only in case of a domain-joint setup). In a domain
joined environment, only after the DHCP server is authorized, it will start serving the DHCP client requests.
Authorization of DHCP server can only be performed by a domain user that has permissions to create objects
in the Net services container in Active
Directory.

Figure 3: DHCP Post-Install configuration wizard – Authorization Page

Figure 4: DHCP Post-Install configuration wizard – Summary Page

• In case completing of the post-install step is missed after role installation, the administrator
will continue to see a notification on the action pane and also a link on the DHCP role tile on the main
Server Manager page suggesting that some configuration is required. That link would go away only
after completion of the post-install task.

Figure 5: Server Manager: DHCP Post-Install configuration wizard launch point

 • The configuration of DHCP server parameters such as scope, options etc. are no longer
available in the new Server Manager. The administrator can now launch DHCP MMC either via Server
manager (as shown below), or via the DHCP MMC application in the Start Menu, orwriting
dhcpmgmt.msc on the command prompt. The administrator can now create scopes, set option values
so as to be able to lease out IP addresses and provide option values to clients.

Figure 6: Server Manager: DHCP MMC launch point

DHCP CONFIGURATION

To create a DHCP scope on DHCP1

1. On the Server Manager Menu bar, click Tools and then click DHCP. The DHCP console
opens.

2. In the DHCP console tree, navigate to IPv4. Right-click IPv4 and then click New Scope.
The New Scope Wizard opens.

3. Click Next and then type a name for the new scope next to Name (ex: Contoso-scope1).

4. Click Next and then in IP Address Range, type 192.168.100.1 next to Start IP address, type
10.0.0.254 next to End IP address, and type 24next to Length. The value of Subnet mask will change
automatically to 255.255.255.0.

5. Click Next, and then in Add Exclusions and Delay type 192.168.100.1 under Start IP
address, type 192.168.100.10 under End IP address, and then click Add. This allows the first ten IP
addresses in the 10.0.0.0/24 subnet to be used for static addressing of servers on the network.
6. Click Next and then in Lease Duration under Limited to enter 0 Days, 0 Hours, and 2
Minutes. This very short lease duration will simplify the DHCP demonstration.

7. Click Next three times, and then in Domain Name and DNS Servers, verify that the Parent
domain is tctita.local and 192.168.100.1 is listed as the only DNS server.

8. Click Next twice, and then in Activate Scope select Yes, I want to activate this scope now.

9. Click Next, and then click Finish.

10. In the DHCP console tree, right-click itadc1.tctita.local, and then click Authorize.

11. Refresh the view in the DHCP console and verify that DHCP1 is authorized and that the
Contoso-scope1 is active.
Configuring Windows Server 2012 R2 as a NAT/Router

What is NAT?

Network address translation (NAT) allows you to share a connection to the public Internet through a single
interface with a single public IP address. The computers on the private network use private, non-routable
addresses. NAT maps the private addresses to the public address.

Prerequisites

• Windows 2012 R2
• 2 Physical or virtual NICs
• Static IP's on each NIC, 1 on each separate network

Setting up Windows Server 2012 R2 routing/NAT functionality

1. To start, from Server Manager click Manage > Add Roles and Features.
2. On the Before You Begin page, click Next.
3. Select Role-based or feature-based installation and click Next.
4. On Server Selection select the server you want to install the feature on and click Next.
5. In the list of Server Roles, select Remote Access and click Next.
6. On the Features page click Next.
7. Click Next on Remote Access.
8. On Role Services click the Routing checkbox. Click Add Features on the pop-up dialogue.

Figure 1: Add Roles and Features Wizard

9. Click Next.
10. Click Next on the Web Server Role (IIS) page.
11. On this Role Services page, leave the defaults and click Next.
12. Finally on the Confirmation screen click Install.
13. The Feature has now been added to Windows. A reboot is not necessary for this process so we will now
proceed to the next part of the configuration.
14. From Administrative Tools look for Routing and Remote Access. Open the console and you will see a
red down arrow over the server name.
15. Right-Click the server name and click Configure and Enable Routing and Remote Access.

Figure 2: Routing and Remote Access screen

16. The Routing and Remote Access Server Setup Wizard appears.
17. Click Next.
18. On the Configuration screen select Network Address Translation (NAT).

Figure 3: Routing and Remote Access Server Setup Wizard

19. Click Next.
20. Here you will select your network interface that is connected to the external network or internet.

Figure 4: Routing and Remote Access Network Interface selection

21. Click Next.
22. Next you will need to select to have RRAS provide DHCP and DNS forwarding or otherwise select that
you will set up DHCP and DNS on your network later, if desired.
23. In our configuration we will choose the second option as under most circumstances you will set up DNS
and DHCP separately from RRAS.
 Figure 5: Routing and Remote Access NAT Services
24. Click Next.
25. Click Finish.

Windows is now configured as a router with a private network and an external network connected.

Figure 6: Setup complete with Private and External Networks

 DELEGATION OF CONTROL

In this article we’ll learn the steps to delegate control in Active Directory Users and Computers. In
Organizations, delegate control is given to the help-desk representative to perform the tasks of reset password,
add computer or server in domain, create new user, etc. In a domain, domain administrator is a user who can
perform all operations and tasks related to domain and Active Directory. Domain Administrator is a member
of Domain Admins group and also a user who is not available 24 x 7 x 365. So, the question is when the
domain administrator is not available then who will manage the Active Directory.

First option is that, we will add any other user into the Domain Admins group. This would assign Domain
Admin permissions to the newly added user, these rights are sufficient to perform any domain level change in
the environment. But do you really want to give keys of kingdom to anyone? In my opinion, this is not the
right way of delegating control.

There is an another option of Delegate Control using Active Directory Users and Computers, through which
we can deploy customized access and permissions for the domain users. Through this, users can perform the
tasks that Administrator is designated to perform.

Steps to Delegate Control to Domain Users

We’ll create group of users, to whom we’ll delegate rights to manage user accounts. It is recommended to
delegate access to groups instead of delegating permissions to an individual users.

1. Open Active Directory Users and Computers, right click on an Organizational Unit (Sales) on which we
have to delegate control and then click on “New” and click on Group to create a new group.
2. On New Object-Group console, enter the group name, select Global and Security options from the given
options in group scope and group type respectively. Click on ok. In this example, we will create a group naming
Helpdesk.
3. Right click on the group (Helpdesk) and click on Properties to open the properties console to modify various
group settings.

4. On Group Properties console, under members tab click on Add to add users into this group. Verify all the
added users. Now, these users are the group members of Helpdesk group.
5. Right click on the Organizational Unit (Sales) and click on Delegate Control to delegate the customized
permissions to the user or a group of users. This wizard will only delegate access for Sales OU and not for
other OUs.
6. On the “Delegation of Control Wizard” we can see the relevance of delegate control. We can grant users
permission to manage users, computers, groups, OU and other objects of AD Users and Computers. Click on
Next to continue.
7. In users and groups console, click on Add to add the group. Here, we have added Helpdesk group so that
we can assign permissions to the group members. Click on next to continue.

8. In Tasks to Delegate console, select “delegate the following common tasks” and select permissions from the
given tasks. Or select the “Create a custom task to delegate” to give custom permissions to the users other than
the above permissions. Click on Next to continue. For this example, we’ll delegate control for “create, delete
and manage user accounts” and “Reset user passwords and force password change at next logon”.
9. On the “Completing the Delegation of Control Wizard” verify the selected options on previous consoles and
click on Finish to close the console.
Access Delegated Control from Client Computer

A user (TU1) is a member of Helpdesk Group and have delegated permissions. But these rights would not
enable domain user to login to Domain Controller. This user cannot access Active Directory Users and
Computers either by login to Domain Controller or using RDP from any client machine e.g. Windows 7
operating system because he is not a member of Domain Admins group.

To enable user to access Active Directory users and computers from client machine, we need to install the
Active Directory Domain Services role on Windows 7 client, to install the role, install the windows update
package (Windows8.1-KB2693643-x64). You can download this update package from the given link
(https://www.microsoft.com/en-us/download/details.aspx?id=7887).

1. After installing this package, we can see the icon of Active Directory Users and Computers in the start
menu under Administrative Tools on Windows 7 Operating System, or use (MMC) command in run. Click on
the icon of AD Users and Computers to open the console.

2. Through this console, this user (TU01) can only perform the operations that we have delegated to “Helpdesk
Group”. Learn how to create user. We will try to create a new user in the Organizational Unit (Sales) to the
check that given permissions are delegated successfully or not. Right click on the OU (Sales) and then click
on New and then User to create a new user.
3. On New Object – User console, enter the details like First name, Last Name, User logon name of the new
user which you want to create. Click on Next to continue.
4. Enter the password in the Password and Confirm Password field of the user which we are creating and select
the option according to your requirement from the given options. Click on Next to continue. On the next
console verify all the settings and then click on Finish.
5. On Active Directory Users and Computers, in Sales OU we can verify that user tu15 is successfully created.
It clearly shows that rights are successfully delegated to the user tu01 through the security group helpdesk.

This user (TU01) can perform other delegated rights e.g. resetting user account password, deleting user
account and other similar operations.

Conclusion:

Delegate access would enable set of users to perform the tasks that are normally performed by Domain Admins.
It would only restrict the user to the OU on which rights are delegated.
 Configure FTP Server in Windows Server 2012 R2
FTP: is a standard network protocol used to transfer computer files between a client and server on a computer
network. Is a very popular protocol that allows users to upload and download files easily

Even FTP consider a quite legacy data transfer technology, but it still usable and easy to use by some of Server
Administrator.

You can configure FTP server in Windows Server 2012 by installing FTP server role.

In this post, I will show you a very simple step how to install and configure FTP server role in Windows Server
2012 R2.

1st – You need to setup authentication for user in Domain environment before installing FTP roles.

1 – In your Domain Server, open Active Directory Users & Computers, and create FTP Users group.

2 – In the FTP Users properties, please add Administrator and any user that need to use / log in to FTP Server…
3 – Now let’s switch to Member Server, and create a folder for your FTP access then right click the FTP folder
and click Security.

** In the FTP folder properties, under Security click advanced…

4 – On the Advanced Security Settings for FTP folder, click add…

** What we are going to do here is to give access permissions to FTP Users group…

5 – On the Permission Entry for FTP folder, click Select a principal link, then under Enter the object name to
select, type FTP Users and click OK…

6 – On the Permission Entry for FTP folder, under Basic permissions, click Write and then click OK…
7 – verify that FTP Users is listed under Advanced Security Setting for FTP folder…

2nd – Installing FTP Role service…

1 – Still in the member server, open Server Manager, click Add roles & features and proceed to server roles and
browse for FTP Server (click FTP Service and FTP Extensibility), then click Next…
2 – On the Select features interface, proceed with Next…

3 – On the Confirm installation selections interface, click Install…

4 – Once installation complete, please restart the Server…

5 – Once server restarted, open Server Manager, click Tools and click Internet Information Services (IIS)
Manager…
6 – On the IIS console, right click Sites and click Add FTP Site…

7 – On the Add FTP Site interface, in the FTP Site name:, enter your own FTP site name, then in Physical path,
browse to FTP folder that you created in the previous step…
8 – Under Add FTP Site interface, verify that the IP Address assigned to All Unassigned with Port 21…

** click No SSL (I’m not going to secure this FTP site with web certificates)… and click Next…
9 – Under Authentication click Basic, under Allow access to:, choose Specified roles or user groups and type
FTP Users, confirm that you click Read & write under Permissions, then click Finish…
10 – Next, open Windows Firewall and click Allow an app or feature through Windows Firewall…
11 – Under Allow apps to communicate through Windows Firewall, browse to FTP Server and verify that and
Domain, Private and Public are ticked, and then click OK…

12 – Next, open Windows Firewall with Advanced Security, click Inbound Rules and scroll to FTP (verify that
3 FTP component listed)…
13 – Now, let’s switch to client PC (in this demo i use Windows 8.1)…

** In the client PC, open CMD and type telnet 172.16.0.21 21

** 172.16.0.21 –> FTP server IP

** 21 –> FTP port number

14 – on the CMD, it stated 220 Microsoft FTP Service (we have successfully connected to FTP Server)…

15 – Now open web browser, in the address bar type ftp://172.16.0.21 and enter, click view menu and then click
Open FTP site in File Explorer…
16 – On the Log On As box, under user name, fill in with any of your FTP_Users, then fill in the password and
click Log On…

17 – Once you successfully log in to FTP Server, you can try create any folder…
18 – Lastly, switch back to FTP server and confirm that the folder you created is listed in the FTP server…
 Web Server

Web servers are computers that deliver Web Services to client computers. Every Web server
has an IP address and possibly a domain name.

How to install and configure IIS on Windows Server 2012 R2

Step one: Install the Web Server (IIS) role

Open the Server Manager and click Add Roles and Features:

Go on until you reach the Server Roles tab:

Select Web Server (IIS):
Click Add Features:
Ignore the Features tab and go on:
Click Next:
The default configuration will be fine. Click Next:
Click Install:
Installation completed!

Step two: Configure IIS

Go back to the Server Manager. Select Internet Information Services (IIS) Manager from
the Managemenu:
Click Add Website:
Specify at least the site name and path. Click Ok:
Your first site is ready to be accessed.
 Exchange server

Exchange server is one of the popular messaging platform in enterprise. Today I will show you steps to install
Exchange server 2010 in Windows Server 2008 R2. There are some operating system prerequisites that must be
fulfilled to install the Exchange server successfully. Basic hardware requirements are 64-bit processor with at least
2 GB of RAM (1 GB per core is recommended) and 1.6 GB of free disk space where Exchange will be installed.
The operating system prerequisites are different for different Windows Server versions and service packs.
Install Exchange Server 2010 in Windows Server 2008 R2

The diagram below shows our network scenario. We don’t have any existing Exchange instance. So we will install
Exchange server in fresh environment.

Installation prerequisites
1. The forest functional level of the DC must be at least Server 2003 or later.
2. Active Directory Schema master must be running in Server 2003 or later.
3. Exchange Server must be member of DC
4. The Domain Controller must be a Global Catalog server in this (local) domain.
5. Install .Net Framework 3.5 from Server Manager
6. Install feature called ”Desktop experience” from server manager add features
7. Install the NetFramework 4.5.1 setup
8. Install the Microsoft Unified Communication Setup “ucmaRuntimeSetup.exe” from Disk ( may be External
,Flash Disk, CD, DVD,…) or install VMWare Tools to copy and paste some files from Physical machine to
Virtual machine
Exchange requires that IP V6 be enabled. Even if you do not use IPV6 address you must leave it
enabled. During the setup of Active Directory, the Active Directory Setup Wizard will check that both IP v4 and
IP v6 have static addresses. As long as the IP v4 address is static you can continue the installation. DO NOT
DISABLE IP V6 or else the Exchange Hub Transport Service will not start. The “netsh interface ipv6 install”
command is used to enable IPV6 adress while you are using windows XP Pro and Windows Server 2003, IPV6
address is enabled by default in other windows platforms except those two said above, use “netsh interface ipv6
uninstall” to disable IPV6 Address if you won’t.

9. Add the following Features: NET-Framework, RSAT-ADDS, Web-Server, Web-Basic-Auth, Web-

Windows-Auth, Web-Metabase, Web-Net-Ext, Web-Lgcy-Mgmt-Console, WAS-Process-Model, RSAT-
Web-Server, Web-ISAPI-Ext, Web-Digest-Auth, Web-Dyn-Compression, NET-HTTP-Activation, Web-
Asp-Net, Web-Client-Auth, Web-Dir-Browsing, Web-Http-Errors, Web-Http-Logging, Web-Http-
Redirect, Web-Http-Tracing, Web-ISAPI-Filter, Web-Request-Monitor, Web-Static-Content, Web-WMI,
RPC-Over-HTTP-Proxy in Server manager add roles/features or add those using windows PowerShell

If you choose to use PowerShell, right click on PowerShell as administrator then,

First command: Import-Module ServerManager
Second command : Add-WindowsFeature NET-Framework, RSAT-ADDS, Web-Server, Web-Basic-Auth,
Web-Windows-Auth, Web-Metabase, Web-Net-Ext, Web-Lgcy-Mgmt-Console, WAS-Process-Model,
RSAT-Web-Server, Web-ISAPI-Ext, Web-Digest-Auth, Web-Dyn-Compression, NET-HTTP-Activation,
Web-Asp-Net, Web-Client-Auth, Web-Dir-Browsing, Web-Http-Errors, Web-Http-Logging, Web-Http-
Redirect, Web-Http-Tracing, Web-ISAPI-Filter, Web-Request-Monitor, Web-Static-Content, Web-WMI,
RPC-Over-HTTP-Proxy -Restart
10. Enable service : Net Tcp Port Sharing to be Automatic in Services instead of manual

Exchange Server 2010 Installation Steps

Now, insert Exchange server installation disc or ISO Image into the drive.
We will install typical Exchange server that includes, Hub Transport, Client Access and Mailbox. These roles are
typical if you are installing only one Exchange server for small environment.

After starting the server open the Exchange setup from installation media. You will then see following screen.
As step 1 and step 2 is already completed. Now click the language to install. I will click to install only languages
from the DVD. Then click step 4 to install Microsoft Exchange. You will soon see the following box,
Read the introduction and click Next button. Then choose to accept the license agreement and click Next button.
Choose No for error reporting to Microsoft and click Next button. Choose the installation type as Typical.
Then click Next button. Type the organization name and click Next.
Select No for Exchange client settings,
In configure client access server external domain option. Type the domain name that will be used to access Mail
server from Internet, for example, mail.mustbegeek.com.
Click Next. Under Customer Experience Improvement Program, choose I don’t wish to join the program at
this time and click Nextbutton.
The installation will now go through readiness checks. If there are some errors then it will notify you. Go back and
correct those errors if any. If every checks succeeds then you will see similar screen,
Click Install button to begin installing Exchange server.
After installation completes click Finish.
Configure Exchange Server to Send and Receive Email

Open Exchange Management Console from Exchange Server that you have just installed. Expand Organization
Configuration on Microsoft Exchange On-Premises and select Hub Transport. In the main windows select
Accepted Domains.
Accepted Domains are very first thing that you need to configure in Exchange Server. By placing domain name in
Accept Domains, you are telling Exchange Server to accept SMTP messages destined for users that have this
domain name in their email addresses.

As you can see I already have mustbegeek.com as Authoritative accepted domain. This domain is created
automatically because Hub Transport automatically creates this default domain based on name of forest root
domain. If your forest root domain is different from your public SMTP name then you have to add that SMTP
domain name. You can add new accepted domain by clicking Add New Accepted Domain in Actions pane. For
example, if the organization has mailboxes with SMTP name of xyz.com then you have to add xyz.com in Accepted
Domains tab.
After configuring Accepted Domains, now let’s configure Send Connectors. Click Send Connectors tab in the
same window after selecting Hub Transport under Organization Configuration. Send Connectors in Hub
Transport Server are used to send mail out on the Internet to domains like gmail, hotmail, and so on. By default,
there is no any send connectors configured. So click the New Send Connector option in actions pane to add.
Type the name for the send connector. Choose Internet option from the drop down menu and click Next button.
Now click the add button to add address space. Since you will be sending to any destination email type the asterisk
(*) key. Check include all subdomains and click OK button. Now click the Next button.

Select the first option if you wish to route mail automatically. This option uses DNS MX records to find the
destination mail box in the internet. Select second option if you want to route mail via your ISP’s smart host or
other smart hosts. Here I will choose the first option. Click Next button after choosing the network setting.
Select the source server. By default, the server you are currently working on will be displayed here. If you want
other Hub Transport serverthen click the Add button and add other server. But here I will leave the default and
click Next button.
Here you will see the summary of the configuration. If you want to edit then click back button.
After configuring the Send Connectors, now let’s configure Mail box for users. Expand Recipient
Configuration and click Mailbox. Click New Mailbox option in the Actions pane.
Choose user mailbox and click Next button.
Select existing users and click Add button to add users from AD users. Then click Next button.
In the Mailbox settings dialog box, you can configure the custom setting or leave the defaults. I will leave the
defaults here. Now click Next button. Then click new button to start the process. After finishing the configuration
process click Finish button.
You can now access your mailbox from Outlook Web Access (use https) or Microsoft Outlook application.

Repair Rights managements:

1. Log on to the exchange server and open (as Administrator) the Exchange Management Shell (EMS)

2. Run "Get-OWAVirtualDirectory | FL" and search for IRM; you'll probably see that it's enabled.

3. Run "Set-OWAVirtualDirectory -IRMEnabled $false"

4. Find what Identity is like: “EXCHANGE\owa (Default Web Site)” then paste it where it is prompted.
5. Now reset IIS and try OWA again.

Post Installation Steps Summary

Now that you have Exchange 2010 installed, you will need to do some basic configuration in the Exchange
Management console to get mail flowing to/from your server.

1. Open the Exchange Management Console via Start >> All Programs >> Microsoft Exchange Server 2010 >>
Exchange Management Console
2. Expand Microsoft Exchange On-Premises so you can see: Organization Configuration, Server Configuration,
Recipient Configuration, and Toolbox
3. Under Organization Configuration >> Hub Transport >> Accepted Domains add a new Accepted Domain for
the domain you wish to use for email addresses. For example, your AD domain will be listed by default (i.e.
ad.myorganization.com). You will probably want to add "myorganization.com" as an Authoritative Domain.
4. Under Organization Configuration >> Hub Transport >> Send Connectors >> New Send Connector ... >>
Pick a name such as "MyOrganization Internet Send Connector" >> change the drop down to "Internet" >>
Next >> Add ... >> enter "*" in the Address field and check the box to include all subdomains >> OK >>
Next. Now, if you want your Exchange server to route mail directly, then click Next on the Network setting
page, but if you want to route your email through an upstream provider then select "Route mail through the
following smart hosts" and Add ... a mail gateway such as smtp.comcast.net. Click Next >> Next >> Next >>
New
5. Under Server Configuration >> Hub Transport >> Right-click Default *** >> Properties >> Permission
Groups tab, check the box for Anonymous users. This will allow your Exchange server to accept incoming
mail delivery from remote mail servers.
6. Under Recipient Configuration >> Mailbox, create mailboxes for your existing AD users (or create a new
user & mailbox)
1. New Mailbox ... >> select User Mailbox >> Next >> Existing users >> Add ... >> select an existing AD
account >> OK >> Next >> specify an alias (e.g. the AD user name) >> Next >> New
7. If you want to use an SSL certificate for Outlook Web App, IMAP, POP, etc. click on Server Configuration
and import or create the certificate
 RAID TECHNOLOGY
RAID is a technology that is used to increase the performance and/or reliability of data storage. The abbreviation stands for Redundant Array of
Inexpensive Disks. A RAID system consists of two or more drives working in parallel. These disks can be hard discs, but there is a trend to also
use the technology for SSD (solid state drives). There are different RAID levels, each optimized for a specific situation. These are not standardized
by an industry group or standardization committee. This explains why companies sometimes come up with their own unique numbers and
implementations.

Data loss for anyone whether it is a business or individual ultimately means lost business or shattered memories respectively. Data is the most
valuable asset of any business, and this can’t be understated, protection of business assets must always command the highest priority.

Backing up data will not be enough if you have no protection against online disk failure. Adding RAID to your storage configuration is the most cost
effective and simplest ways to maintain access and data protection.

Whilst a number of companies offer RAID, not all RAID implementation are created equal. As an example there is Hardware RAID which is
determined by a specific RAID controller which will probably have Cache memory as well to boost performance and possible battery back-up in
case the controller fails. Hardware RAID has history and is very mature. Software RAID on the other hand is not totally new but the quality and
reliability is dictated by the quality of the components used in the integration of the RAID components and the quality of software code driving the
RAID implementation.

To choose the RAID level that's right for you, begin by considering the factors below. Each one of these factors becomes a trade-off for another:

• Cost of disk storage

• Data protection (low, medium, high)
• Data Availability needed (low, medium, high)
• Performance Requirements (low, medium, high)

The Cost basically comes down to the trade-off between disk capacity and added data availability or performance. For example, RAID 1,10 and
small disk counts of RAID 6 are costly in terms of lost disk space (50%), but high in data availability.

Performance also depends on the access pattern (random/sequential, read/write, long/short) and the numbers of users. Our guide is intended to
give an overview on the performance and availability of various RAID levels in general and may not be accurate in all user scenarios. This is meant
only as a guide through the RAID jungle.

The following are commonly used RAID levels:

Min # Read Write Read Speed Write Speed Capacity

RAID Data Protection Typical Applications
Drives Speed Speed (degraded) (degraded) Utilization

RAID High End Workstations,

2 No Protection High High N/A N/A 100%
0 data logging, real-time
 rendering, very transitory
data

Definition
Striping without parity, improved performance, additional storage, no fault tolerance

Advantages
• I/O performance is greatly improved by spreading the I/O load across many channels and drives (best performance is achieved when
data is striped across multiple channels with only one drive per channel)
• No parity calculation overhead is involved
• Very simple design
• Easy to implement

Disadvantages
• Not a "True" RAID because the failure of just one drive will result in all data in a virtual disk being lost
• Should not be used for critical data

RAID Single-drive Operating System,

2 High Medium Medium High 50%
1 failure transaction databases

Definition
Mirroring without parity, fault tolerance for disk errors and single disk failures

Advantages
• High performance up to twice the read transaction rate of single disks, and the same write transaction rate as single disks
• 100 percent redundancy of data means no rebuild of data is necessary in case of disk failure, just a copy to the replacement disk
• Typically supports hot-swap disks
 • Simplest RAID storage subsystem design

Disadvantages
• Highest disk overhead of all RAID types (100 percent) results in inefficient use of drive capacity
• Limited capacity since the virtual disk can only include two disk drives

RAID Single-drive Data warehousing, web

3 High Low Low Low 67% - 94%
5 failure serving, archiving

Definition
Striping with distributed parity, improved performance, fault tolerance for disk errors and single disk failures

Advantages
• Most efficient use of drive capacity of all the redundant RAID configurations
• High read transaction rate
• Medium-to-high write transaction rate

Disadvantages
• Disk failure has a medium impact on throughput
• Most complex controller design
• Retrieval of parity information after a drive failure takes longer than with mirroring

High End Workstations,

RAID Two-drive data logging, real-time
4 High Low Low Low 50% - 88%
6 failure rendering, very transitory
data
Definition
Striping with dual parity, fault tolerance for dual drive failures

Advantages
• Can survive the loss of two disks without losing data
• Data redundancy, high read rates, and good performance

Disadvantages
• Requires two sets of parity data for each write operation, resulting in significant decrease in write performance
• Additional costs because of the extra capacity required by using two parity blocks per stripe
• Retrieval of parity information after a drive failure takes longer than with mirroring

Up to one disk
RAID Fast databases,
4 failure in each High Medium High High 50%
10 application servers
sub-array

Definition
Implements a 1+0 RAID Level, enabling block level and mirroring combined with striping, better performance, fault tolerance for disk errors
and multiple drive failure (one drive failure per mirror set)
Advantages
• RAID 10 has the same redundancy as RAID level 1
• High I/O rates are achieved by striping RAID 1 segments

Disadvantages
• Most expensive RAID solution
• Requires 2n where n > 1 disks
• Very limited scalability at a very high inherent cost

Up to one disk Large databases, file

RAID
6 failure in each High Medium Medium Medium 67% - 94% servers, application
50
sub-array servers

Definition
Combines multiple RAID 5 sets with striping, improved performance, fault disk errors and multiple drive failures (one drive failure per span)

Advantages
• Allows creation of largest RAID groups, up to 256 drives (theoretical)
• High read transaction rate
• Higher degree of fault tolerance due to parity calculation being done for each RAID 5 subset
• Potential for faster read transaction rates over large RAID 5 virtual disks
• Medium-to-high write transaction rate

Disadvantages
• Potential for faster read transaction rates over large RAID 5 virtual disks
• One of the more complex RAID implementations
• Less space efficient than RAID 5 since separate parity calculations are done for each RAID 5 subset
• Retrieval of parity information after a drive failure takes longer than using a mirrored solution

Data archive, backup to

RAID Up to two disk
8 High Medium Medium Low 50% - 88% disk, high availability
60 failures in
solutions, servers with
 each sub- large capacity
array requirements

Definition
Combines multiple RAID 6 sets with striping, improved performance, fault disk errors and multiple drive failures (two drive failures per span)

Advantages
• Allows creation of largest RAID groups, up to 256 drives (theoretical)
• High degree of fault tolerance due to 2 parity calculations being done for each RAID 6 subset
• Medium-to-high write transaction rate

Disadvantages
• One of the more complex RAID implementations
• Less space efficient than RAID 6 since separate parity calculations are done for each RAID 6 subset
• Retrieval of parity information after a drive failure takes longer than using a mirrored solution