window server 2016
Uploaded by
maajidmohamed57window server 2016
Uploaded by
maajidmohamed57Windows Server 2016
Institute for Microsoft, Cisco, VMware, Cloud Computing and Linux
Windows Server 2016 – Lab Manual
Mohammed Shakeel – 9491 886 134
Mail ID: [email protected]
1st Floor, Flat No. 109, Mujaddady Estate, Beside Prince
Hotel, Mehdipatnam. Hyd 500028.
Mohammed Shakeel - 9491886134 Page 1
Windows Server 2016
S.NO COURSE CONTENT PAGE NO
1 Network and Networking 5
2 Types of Networks 5
3 Network Devices 10
4 Software’s 11
5 Installation of windows server 2016 14
6 Installation of windows 10 21
7 IP Address 31
• IP Version 4
• Binary Decimal Conversion
• Classes
• Subnet Mask
• Public and Private IP
8 Active Directory Domain directory 44
• Structure
• Domain
• Tree
• Organizational Unit
• Forest
• Components of Active Directory
9 Steps to Install ADDS 51
• Prerequisites
10 Steps to Change Computer Name 52
11 Steps to Assign IP 2016 55
12 Steps to Check IP Address 58
13 Steps to Install ADDS / DNS 59
14 Steps to Configure ADDS 67
15 Steps to ADDS Client (or) member Server 74
• Prerequisites
16 Steps to create users 79
17 Steps to create user from CMD 83
18 Steps To Configure Logon to 84
• To verify go to client 1 computer and login as “Abdullah” user
19 Steps to configure log on Hours 88
20 Steps to configure log on hours for Multiple Users 91
21 Steps to configure or enable Active Directory Recycle Bin 95
22 Password Policy 98
23 Account Lockout Policy 100
24 Steps to Unlock Account 104
25 Steps to create Organization Unit 105
• Steps to create sub OU
• Steps to create User in OU
• Steps to Move User between OU's
• Steps to delete OU’
Mohammed Shakeel - 9491886134 Page 2
Windows Server 2016
26 Steps to configure Delegating Control 112
27 Group Policy 115
• Remove Games, Music, Pictures, Etc
• Update Policy
• To Verify
• To Deny Group Policy For User From Organizational Unit
28 Steps To Deny The Control Of Organizational Unit 125
• Steps To Deny USB On Domain
• Steps To Block Domain Policy On Organizational Unit
• Steps to configure enforce policy
29 Groups 133
• Steps to add users in groups
• Sharing
• Steps to access share folder
• Steps to modify sharing
30 Security 142
• To verify
31 Office files 146
32 Home folder 148
33 Disk quotas 150
34 profile 153
35 NIC Teaming 154
36 Steps to configure Additional Domain Controller 155
37 Steps to configure Child Domain Controller 160
38 (A) Steps to Transfer FSMO Roles 165
(B) Steps To Seize FSMO 168
• FSMO Lab
39 DNS 188
• Steps to install DNS
• Steps to configure primary DNS server [forward lookup zone]
• Steps to configure primary reverse lookup zone
• Steps to add Host and Pointer record
• Steps to configure secondary DNS
• Install DNS server
40 DHCP 208
• Steps to install DHCP role
• Authorising DHCP server
• Steps to configure DHCP
• DHCP-Dynamic Host configure Protocol
• Steps to configure DHCP Reservation
• DHCP server Backup & Restore
• Configure DHCP server Failover
41 Client configuration 243
Mohammed Shakeel - 9491886134 Page 3
Windows Server 2016
42 Steps to Reserve IP 245
43 Steps to modify scope range 246
44 Steps to configure failover 244
45 Steps to verify failover DHCP 251
46 WDS 252
• Steps to install WDS
• Steps to configure WDS
• Steps to add install image and booting image
• Client side configuration
47 NIC Teaming 290
Mohammed Shakeel - 9491886134 Page 4
Windows Server 2016
1. What is the Difference between Network and Networking?
Network: Network is a group of two or more Computers linked together for sharing
information, Sharing Software, Sharing Hardware, Remote Access etc, with each
other.
Computer Networks can be used in Home, Schools, Colleges, Hospitals, Shopping
Malls, Banks, Software companies, Airports, Government sector, etc
Network can be Wire / Wireless.
In computer Network commonly used devices are Computers (Desktop/Laptop),
Servers, Network Interface Card, Hubs, Switches, Routers, Firewalls, Printers, Cables
etc.
The biggest Computer Network is INTERNET.
Networking: Networking is the Process of establishing and configuring Computer
Network.
In networking we can use Software’s, Services, and Protocols to establish
communication between Hardware Devices.
2. Types of Computer Network
There are several different types of computer networks. Computer networks can be
characterized by their size as well as their purpose.
The size of a network can be expressed by the geographic area they occupy and the
number of computers that are part of the network. Networks can cover anything
from a handful of devices within a single Room/Building to millions of devices spread
across the entire globe.
Common types of Network’s are
Mohammed Shakeel - 9491886134 Page 5
Windows Server 2016
1. Local Area Network ( LAN):
• A Computer network which is spread within a Room / Building.
• The smallest LAN may only use two computers / Users, while larger LANs can accommodate
thousands of computers / Users.
• A LAN typically relies mostly on wired connections for increased speed and security, but
wireless connections can also be part of a LAN. High speed and relatively low cost are the
defining characteristics of LANs.
• A LAN is very useful for sharing resources like Printer, sharing Data with security and sharing
single Internet connection.
• LAN’s are Owned, Controlled and Managed by same organization.
• Devices used in LAN are Computer, Server, Network Interface Card, Cables, Hubs, Switches
etc
• Ethernet Technology is widely used in LAN’s.
Mohammed Shakeel - 9491886134 Page 6
Windows Server 2016
Metropolitan Area Network (MAN) :
• MAN is spread across a big city
• A MAN is often used to connect several LANs together to form a bigger network.
• MAN can cover an area from several miles to tens of miles.
• A MAN is typically owned and operated by a single entity such as a government body or large corporation
(Internet Service Provider (ISP)
• MANs can provide fast communication via high-speed carriers, such as fiber optic cables.
• MAN Is larger than a LAN, but smaller than a WAN
Wide Area Network:
• WAN, occupies a very large area, such as an entire country or the entire world.
• A WAN can contain multiple smaller networks, such as LANs or MANs.
• WANs transmit data at much slower speeds than LANs, most commonly at about 1.5 megabits
per second (Mbps) or less
• Best example of WAN is Internet.
• WAN technologies are Lease lines, Frame relay etc.
Mohammed Shakeel - 9491886134 Page 7
Windows Server 2016
Mohammed Shakeel - 9491886134 Page 8
Windows Server 2016
Networking Components / Devices
The common N/w Devices are
1. Computer
2. Server
3. Hub
4. Switch
5. NIC – Network Interface Card
6. Router
7. Cables
**************************************************************************
Difference between Computer and Server:
Computer (Desktop/Laptop) is an electronic device which is used to store, retrieve
and process Data.
Computers are used in home, schools, colleges, companies to make a document,
send mail, internet browsing, play games, and for audio / video etc
Servers are like computer but with more capabilities.
Servers are specially used in companies to manage computers, users, and huge
data.
Note: one of the main differences between Desktop computer and Server
machine is its Hardware, in Desktop we have One Processor but in server we
can have Four Processor, RAM in Desktop is up to 16 GB, but in Server we can
get 64GB and more.
-------------------------------------------------------------------------------------------------------------------------------
Mohammed Shakeel - 9491886134 Page 9
Windows Server 2016
Difference between Hubs - Switch:
Note: Hub and Switch are used to connect all end devices together on a network, but
Both have different capabilities.
HUB SWITCH
• Hub is a Dummy device. • Switch is an intelligent device.
• When a hub receives a packet of data from • When a switch receives a packet of data, it
one of the connected computers, determines what computer or device the packet
it broadcasts that data packet to all the other is intended for and sends it to that computer
connected computers, no matter which one is only. It does not broadcast the packet to all
the final destination of that data packet. computers as a hub does
• Collision occurs in Hub. • No Collision in Switch.
• No Memory in Hub. • Switch uses MAC table to keep connected
computers MAC address.
• No configuration/Security is possible in Hub. • Configuration/Security can be done in a Switch.
• Hub has less number of ports, • Switch have many ports,
Ex: 8, 16 Ex : 16, 24, 32, 48, 96 etc
• Hub is less in cost. • Switch is very expensive.
• Hub is out-dated. • Switch is used in every LAN.
***************************************************************************
3. Network Interface Card: (NIC)
1. Also known as LAN card or Ethernet card or Network Adapter.
2. NIC card is used to connect a computer to a Network (LAN) or Internet
3. NIC card is both Wire and Wireless.
4. Every NIC has two addresses MAC(Hardware )address and IP address (Software)
5. MAC addresses are linked to the hardware of NIC when it is manufactured.
6. MAC address is unique address, No two NIC’s can have same MAC address.
7. MAC address is 48-bit Hex-Decimal address
Ex: B8-70-F4-2E-3E-EF.
8. Out of 48-bits first 24-bits is for Vendor ID and next 24-bits are for Card ID.
Note: Both MAC address and IP address are used in communication.
Mohammed Shakeel - 9491886134 Page 10
Windows Server 2016
Router:
1. Router makes communication between two or more network’s
2. Router can be used between two LAN segments, or between
WAN/Internet.
3. Router can also be used as a security device
4. Router maintains Routing table, in this table Router keeps information of all
the other networks.
4. Types of Software’s
• Software is a set of Instructions that enables a user to interact with Hardware.
• Software is the language of computer.
• Software is also known as Program.
• Software’s can be divided into following categories
1. System Software :
• System Software is set of programs that control and manage the
operations of computer hardware and other Application’s.
• System software is directly installed on Hardware.
• It Controls and monitors the proper use of various hardware resources
like CPU, memory, peripheral devices like monitor, printer etc.
• Without system software Computer is a Dummy machine.
Ex: Microsoft windows, Linux, UNIX, Macintosh etc
Note: There are two types of Operating Systems
Mohammed Shakeel - 9491886134 Page 11
Windows Server 2016
Server Operating System Client Operating System
1. A server operating system is a multi-user 1. A client operating system is generally
operating system where it is optimized for a single user operating system where
multiple user access at the same time can only 1 user can be actively using the
manage all Resources. computer at any one time.
2. Server O/S can manage Client O/S computer
2. Client O/S cannot manage other
computer.
3. Server O/S can act as web server, database
server, email server and other server-like 3. In client O/S we cannot configure
roles(DNS,DHCP etc) any Roles / Services.
4. Server O/S is designed for Administration
purpose.
4. Client O/S is designed for running
5. Server O/S is costly. client applications faster like Office,
Photoshop, to play Games and for
better Audio and Video.
5. Client O/S is cheaper than Server
6. Only a trained Professional can Operate/ O/S.
configure server O/S.
7. Server O/S needs special Hardware, like
More RAM, More Hard Disk, Faster 6. Client O/S is easy to operate.
Processor etc
7. Client O/S can be installed on
EX : Win NT 4.0, Win 2000, Win 2003, Win 2008, Win Minimum Hardware, like 1 GB RAM,
2008 R2, Win 2012, Win 2012 R2 etc. 40 GB hard disk, any latest Processor
EX: Win 98, Win up, Win vista, Win 7, Win 8,
Win 8.1 etc
Mohammed Shakeel - 9491886134 Page 12
Windows Server 2016
2. Application Software :
Application software’s helps a user to perform specific tasks. Application
software’s are installed over system software.
Following are some examples
• Word processors : word applications helps you to make
documents and helps you to check spellings mistakes, decorate
text, change size, using different font etc
Ex: Word, coral etc
• Spreadsheets : Spreadsheets have Row’s and Column’s that helps
to do calculation like total, average automatically
Ex: Excel, Lotus etc
• Presentation software : using this software we can create
Presentation for office meetings, class rooms etc
Ex: Power Point
• Database management systems : These are used to manage
Database
Ex: Access, Oracle etc
• Web Browser’s : This are used to access websites over Internet
Ex: Internet Explorer, Chrome, Opera etc
• Utility software: Utility software is a collection of one or
more programs that helps the user in system
maintenance task. Utility programs help the users in disk
formatting, data compression, data backup, scanning for
viruses etc.
Ex: Anti-virus, Disk cleaner, Data backup utility etc
3. Programming languages :
• This is used by programmers to developed new programmers and
application’s.
• The most popular programming language are C++, JAVA etc
Mohammed Shakeel - 9491886134 Page 13
Windows Server 2016
5. Windows Server 2016 Installation.
Installation started now, this screen you can able to configure language, region and time, keyboard
settings. We should configure correct settings here and then select “Next” for continue
You should select “Install Now” in coming screen.
Mohammed Shakeel - 9491886134 Page 14
Windows Server 2016
We can choose the Server 2016 version on this menu. We need Server 2016 Standard with GUI so
selected “Server 2016 Standard (Desktop Experience).
Also, if you need to install Server 2016 without GUI you should select “Windows Server 2016
Standard” here. Further Windows Server 2016 has different edition: Datacenter, Standard and
Essentials editions.
Mohammed Shakeel - 9491886134 Page 15
Windows Server 2016
We can see the license terms on this screen, select “I accept License Terms” then click Next to
continue
Select “Custom: Install Windows only (advanced)” here because we will do a clean installation OS.
But if you need an in-place upgrade you should select “Upgrade: Install and Keep files, settings and
applications” here. This option suitable for supported OS, features, services and roles. But keep in
mind you should not prefer in-place upgrade for critical roles like Active Directory Services, etc.
Mohammed Shakeel - 9491886134 Page 16
Windows Server 2016
We can select and configure disc information on this screen. (You can set the installation disc, size,
etc.) Used default settings here.
You can see that the necessary files are copied and the installation process is running on this screen.
The installation process is done and rebooting.
Mohammed Shakeel - 9491886134 Page 17
Windows Server 2016
Screen showing that the necessary settings were made before the server was started.
Mohammed Shakeel - 9491886134 Page 18
Windows Server 2016
We can set a password for the local administrator account. You should configure a secure password
for local admin.
On the login screen, we can login with “Administrator” account and related password.
Mohammed Shakeel - 9491886134 Page 19
Windows Server 2016
And finally, you can see new Server 2016 interface. It’s similar to old Server 2012 interface but there
are a lot of new features coming with Server 2016.
You should fully patch 2016 before new Server you add or configure roles, services.
Mohammed Shakeel - 9491886134 Page 20
Windows Server 2016
6. Steps to Install Windows 10
1. Insert bootable Windows 10 DVD or USB Drive and restart your computer.
2. If your DVD or USB is bootable, then your computer will automatically boot from bootable
Windows 10 USB or DVD.
In case, it is not a bootable installation media, then you need to visit BIOS and their make
appropriate changes to boot from USB or DVD.
Alternatively, when you see the black screen after reboot, press ESC or F12 key for bringing boot
selection menu. Boot key varies from ESC to F1, F2, F8, F10, F11, F12 and Del key and depends on
PC/Motherboard manufacturers.
Once you get the boot menu, select the installation media drive and hit Enter.
3. Once your system successfully boots from your desired Windows 10 installation media, you will
see different options and you need to select according to your requirements
➢ Language to install
➢ Time and Currency Format
➢ Keyboard or Input method
After selecting all the details, click on the “Next” button.
Mohammed Shakeel - 9491886134 Page 21
Windows Server 2016
4. In the next window, you will see a blue color window with a button labeled as “Install now“. You
need to click on it to continue the setup.
Mohammed Shakeel - 9491886134 Page 22
Windows Server 2016
5. In this window, you will be asked to enter the 25 character product key in the space provided and
then click on the Next button.
If you don’t have a product key for the moment, then you can also click on Skip button and enter the
product key later.
Note: In above step, if you enter the product key, then you will not see the additional window where
you can select the edition which you want to install on your computer.
Mohammed Shakeel - 9491886134 Page 23
Windows Server 2016
6. Now you will see the license agreement window, if you want, you can read all the terms and
conditions, check the option labeled as “I accept the license terms” and hit the “Next” button.
Mohammed Shakeel - 9491886134 Page 24
Windows Server 2016
7. in the next window, you will see two different options:
➢ Upgrade: Install Windows and keep files, settings, and applications
➢ Custom: Install Windows Only (Advanced)
To perform a clean installation of Windows 10, you need to click on the second option i.e. Custom:
Install Windows Only (Advanced).
8. in the next windows, you need to choose the drive on which you want to install the copy of
Windows 10. If the drive already running a copy of Windows and you want to remove it, then you
need to format the system drive where the window is already installed. Of course, this will free up
space drive space.
To format the system drive, you need to select the drive and click on the “format” option at the
bottom of the window.
Mohammed Shakeel - 9491886134 Page 25
Windows Server 2016
In case, you have installed the new SSD (Solid State Drive) and Hard Drive and you have not created
any partition yet, then you will see unallocated space depending on the size on the drive.
To create a partition, you need to select the drive and click on “New” button. Make sure to allocate
a minimum of 20 GB or you can create a partition of more size depending on the space on your hard
drive. Click “Apply” to complete the process.
Mohammed Shakeel - 9491886134 Page 26
Windows Server 2016
The system will additionally create a partition with name “System Reserved” to ensure that system
work fine. The size of this partition is around 100MB in most of the cases .
Note: After formatting the drive, you will lose all the data on the C drive and settings which include
installed apps, games, and any personal data lying on the desktop, Music, Video, Pictures and
related folders.
9. Select the drive where you want to install the copy of Windows 10 and click on the “Next” button.
At this point, the installation of Windows will start. It will take around 20-25 minutes to complete
the installation process.
Mohammed Shakeel - 9491886134 Page 27
Windows Server 2016
During the installation, your system may reboot two or three times.
Note: At the time or reboot, make sure to unplug the USB drive or DVD drive otherwise it will load
the complete setup again. Or if your Flash drive is bootable then don’t press any key on your
keyboard.
10. Once the installation is completed. You will see the blue color screen.
Here you can click on “Use Custom Settings” button if you want to go with default settings. You can
also click on “Customize” button if you want to customize settings.
Mohammed Shakeel - 9491886134 Page 28
Windows Server 2016
Keep following the instruction as mentioned on the screen and in few seconds Windows 10 home
screens will appear.
Mohammed Shakeel - 9491886134 Page 29
Windows Server 2016
This is how you can install Windows 10 using USB or DVD Drive
If you have not entered the 25 character windows key above, then go to settings -> Update &
security -> Activation. Here you need to enter the key to activate the windows.
Mohammed Shakeel - 9491886134 Page 30
Windows Server 2016
7. IP ADDRESS
• Internet Protocol (IP) address is also known as logical address or Software address
• IP address is a unique address used to identify a device over a Network, Every device like computer;
server, router, firewall etc have one IP address in a network.
• IP address is assigned to Network Interfaces (NIC); devices with multiple NIC have multiple IP
address.
• No two devices can have same IP address in a Network.
• Without IP address communication is not possible.
• There are two versions of IP address IP Version 4 and IP Version 6
IP Version 4:
1. IP v4 is a 32-bit Binary number.
2. This 32-bits are divided in two 4-octet, each octet contains 8-bits.
3. Octets are separated by a “.” Dot
Ex: 192.168.1.10
4. IP address if further divided in two Classes, Network and Host portion, Public and private
address etc
Note: IP v4 is in binary but for User convenience they are written in Dotted-
Decimal Notation.
Numbers:
Binary: 0, 1 (Bits)
Decimal: 0,1,2,3,4,5,6,7,8,9
Hex-Decimal: 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F
Octet: 0, 1,2,3,4,5,6,7.
Mohammed Shakeel - 9491886134 Page 31
Windows Server 2016
Binary to Decimal conversion:
Mohammed Shakeel - 9491886134 Page 32
Windows Server 2016
Note:
• In any octet if we have all bits as “ 0 ” that in
decimal it is “ 0 ”
• In any octet if all bits are “1” than decimal will be
“255”
• So in every octet we can get decimal numbers
between 0-255.
Mohammed Shakeel - 9491886134 Page 33
Windows Server 2016
Classes:
IPv4 is divided in to five classes, so that can be used in various situations as per the requirement of
hosts per network.
Class Range Use
A 1 – 126
Used in LAN and WAN /
B 128 – 191 INTERNET.
192 – 223
C
D 224 – 239 Reserved for Multicasting
E 240 – 255 Reserved for Experimental Purpose
➔ “0” is used for Default Routing.
➔ “127” is used for Loopback address.
➔ We cannot assign any address from class D and class E to any Device.
➔ 0 and 127 also cannot be assigned.
Mohammed Shakeel - 9491886134 Page 34
Windows Server 2016
Two Components makes up the address
IP
Network Host
Portion Portion
Mohammed Shakeel - 9491886134 Page 35
Windows Server 2016
In entire Network “Network Portion” should be same, and “Host Portion” Should be
different.
How to write IP address from class a, B, and C.
Class A:
10.0.0.0 10.0.1.3 10.0.2.3
10.0.0.1 10.0.1.4 10.0.2.4
10.0.0.2 10.0.1.5
10.0.0.3 10.0.1.6
10.0.0.4 10.0.2.255
10.0.255.255
10.0.0.254 10.0.1.254 10.1.0.0
10.0.0.255 10.0.1.255 10.1.0.1
10.0.1.0 10.0.2.0
10.0.1.1 10.0.2.1
10.0.1.2 10.0.2.2 10.255.255.255
First IP “10.0.0.0” is network ID and last IP “10.255.255.255” is Broadcast ID which
cannot be assigned to any device.
In above example Network Portion is “10” which is from class A, which should be
same in whole network and other three numbers, should be different in whole
network.
Mohammed Shakeel - 9491886134 Page 36
Windows Server 2016
Class B:
172.16.0.0 172.16.2.3
172.16.0.1 172.16.2.4
172.16.0.2 172.16.2.5
172.16.0.3 172.16.2.6
172.16.0.4
172.16.0.5 172.16.2.255
172.16.3.0
172.16.3.1
172.16.0.254 172.16.3.2
172.16.0.255 172.16.3.4
172.16.1.0 172.16.3.5
172.16.1.1
172.16.1.2
172.16.1.3 172.16.255.255
172.16.1.4
172.16.1.254
172.16.1.255
172.16.2.0
172.16.2.1
172.16.2.2
Mohammed Shakeel - 9491886134 Page 37
Windows Server 2016
In above example 172.16.0.0 in Network ID and 172.16.255.255 is Broadcast ID.
The above example is from class B, so Network Portion is first two octets “172.16” which should
be same in whole network, and other two octets are Host Portion which should be different
Class C:
192.168.1.0
192.168.1.1
192.168.1.2
192.168.1.254
192.168.1.255
In above example First number “192.168.1.0” is Network ID, and Last Number “192.168.1.255” is Broadcast
ID.
Network ID: Network ID is always ZERO’S in Host portion.
Broadcast ID: Broadcast ID is always ONE’S in host portion.
192.168.1 Is the Network portion it should be same whole network and last octet is Host portion which
should be different in whole Network.
Mohammed Shakeel - 9491886134 Page 38
Windows Server 2016
Calculate the Number of Network’s and Host’s in Class a, B, and C.
Subnet Mask
Subnet Mask differentiates/Separates Network number and Host number of an IP
address.
In Subnet Mask network portion is always in “1” and Host Portion is always in “0”
Mohammed Shakeel - 9491886134 Page 39
Windows Server 2016
A 255 0 0 0
B 255 255 0 0
C 255 255 255 0
Public and Private IP address
PUBLIC IP PRIVATE IP
1. Public IP addresses are used over the Internet, 1. Private IP addresses are used inside a private
without Public IP we cannot access Internet. Network.
2. Public IP are paid IP’s, user should Purchase 2. Private IP address are free, anyone can use
public IP. Private IP in their network.
Range of Private IP
Note: Beside Private IP address range, all IP’s from class A: 10.0.0.0 - 10.255.255.255.
A, B, and C are Public IP’s.
B: 172.16.0.0 - 172.31.255.255.
C: 192.168.0.0 - 192.168.255.255.
Mohammed Shakeel - 9491886134 Page 40
Windows Server 2016
Computer Network can be organized in two way’s
NETWORK
WORKGROUP DOMAIN
WORKGROUP
Mohammed Shakeel - 9491886134 Page 41
Windows Server 2016
1. In Workgroup computers are grouped together to exchange Files, Printers,
Internet Connection etc but without Central Administration.
2. In Workgroup all computers are Peers, no computer can control other
computer.
3. Each computer has a set of user accounts. To log on to any computer in the
workgroup, you must have an account on that computer.
4. Each User controls Resources and Security locally on their computers.
5. To make any changes in Network we should go to each computer manually.
6. To take Backup or to install any application we should go to each computer
manually.
7. All computers must be on same Local network.
8. Computer in Workgroup network are limited (Max=20), if more computers
are added then management will be difficult.
9. To manage Workgroup network no Trained Professional is needed, with
basic Networking knowledge we can manage Workgroup.
10.No special Server (Machine/Operating system) is needed, with basic
computers hardware and by using any client O/S we can Configure/Manage
Workgroup.
Mohammed Shakeel - 9491886134 Page 42
Windows Server 2016
DOMAIN / Client-Server Model
1. Grouping of computers with Central Administration.
2. In a Domain one Computer/Server can control whole network.
3. Server keeps information of all Users, Groups, and Data etc so from any Client computer
you can access your account and Data.
4. Changes made in Server will automatically affect all the computers.
5. Security is more in Domain.
6. Application’s can be installed in Client computer from Server computer.
7. Users Backup can be taken from Server.
8. Computers can be in same Network or Different Network.
9. Any number of computers can be added in a Network.
10. Special Server (Machine/Operation System) is required in Domain.
Note: The difference between Workgroup and Domain is ACTIVE DIRECTORY.
Mohammed Shakeel - 9491886134 Page 43
Windows Server 2016
8. ACTIVE DIRECTORY DOMAIN SERVICES
1. Active directory is a Centralized Database.
2. Active directory Database contains information of all the Objects
OBJECTS: User, Computer, Group, Organization unit, Printer, Sites, Share
folders etc
3. Active directory provides single point of User logon Authentication.
4. Active directory provides single point of Authorization.
5. Easy management using Group Policy.
6. Active directory is scalable to any size of Network.
Note: Active Directory is designed in a hierarchical tree structure,
Active Directory depends on two Internet Standards DNS and LADP.
ACTIVE DIRECTORY STRUCTURE
Active
Directory
Logical Physical
Domain
Forest Tree Domain OU Site
Controller
Mohammed Shakeel - 9491886134 Page 44
Windows Server 2016
DOMAIN
VIRTUALNETWORKS.COM
1. A Domain is a collection of Objects which share same
Database.
2. In Domain all Objects share same Namespace.
3. Domain is a Logical secure boundary.
4. Domain is the core component of Active Directory.
5. With Domain Forest is created.
Mohammed Shakeel - 9491886134 Page 45
Windows Server 2016
TREE
VIRTUALNETWORKS.COM
HYD.VERTUALNETWORKS.COM BAN.VIRTUALNETWORKS.COM
1. Tree is a logical grouping of multiple Domains which share contiguous namespace.
Contiguous Namespace: Contiguous Namespace is a domain that shares the same root
domain name
Ex: Domain Name is “VIRTUALNETWORKS.COM”; Contiguous Namespace is
“HYD.VIRTUALNETWORKS.COM”
2. Adding a Domain to a Tree becomes a Child of the Tree Root Domain.
3. Tree Root Domain is called as Parent Domain.
4. By default Parent-Child is created in a Tree.
5. Group policies, Administration do not flow across domains in a Tree.
Mohammed Shakeel - 9491886134 Page 46
Windows Server 2016
Organizational Unit
1. Organization Unit is used to organize Objects in Active Directory.
2. Organization Unit contains similar Objects.
3. OU contains Objects from same Domain.
4. Any number of OU’s can be created in a Domain.
5. Within an OU we can create Sub-OU.
6. OU’s are created for three main purposes
• Easy Management
• Delegating Control
• Group Policy
Note: You can arrange objects that have similar administrative and security requirements into
organizational units. Organizational units provide multiple levels of administrative authority, so
that you can apply Group Policy settings and delegate administrative control.
This delegation simplifies the task of managing these objects and enables you to structure Active
Directory to fit your organization’s requirements.
Mohammed Shakeel - 9491886134 Page 47
Windows Server 2016
FOREST
1. Forest is a collection of multiple domain Trees.
2. All Domains in a Forest share’s common Schema and Global Catlog server.
3. Forest allows a big organization to operate independently, by allowing multiple Trees.
4. In organization if they wants’ to communicate they can communicate with each other.
5. Trust is created between different Trees for communication.
6. Trees in Forest have Different Naming Structure.
7. A forest is the highest level of the logical structure hierarchy.
Mohammed Shakeel - 9491886134 Page 48
Windows Server 2016
Other logical Components of Active Directory:
Schema:
• The Active Directory schema contains definitions for all the objects that are used to store
information in the directory.
• There is one schema per forest. However, a copy of the schema exists on every domain
controller in the forest.
• This way, every domain controller has quick access to any object definition that it might
need, and every domain controller uses the same definition when it creates a given
object.
Global Catlog:
• The global catlog stores a full copy of all Active Directory objects in the directory for its
host domain and a partial copy of all objects for all other domains in the forest.
• Users in a forest do not need to be aware of directory structure because all users see a
single directory through the global catlog.
• Applications and clients can query the global catlog to locate any object in a forest.
• The global catlog is hosted on one or more domain controllers in the forest. It contains a
partial replica of every domain directory partition in the forest. These partial replicas
include replicas of every object in the forest, including the attributes most frequently
used in search operations and the attributes required to locate a full replica of the object.
• A global catlog is created automatically on the first domain controller in the forest.
Optionally, other domain controllers can be configured to serve as global catalogs.
• More Global Catlog servers can provide quicker responses, but more Global catlog servers
means more Replication traffic
Replication:
• Replication process ensures that changes made to one domain controller are
synchronized to all other domain controllers within the domain.
• Any change in a Domain controller will take 15 Seconds to replicate with other Domain
Controller in the same site.
• Between other sites it can take up to 15Minutes.
Mohammed Shakeel - 9491886134 Page 49
Windows Server 2016
• Replication is a necessary factor in Active Directory to ensure
1. Fault Tolerance: If one domain controller fails, the Active Directory
database is still available from other domain controllers, which store the same
information.
2. Load balancing: When many workstations are accessing Active Directory, the
information they are requesting is retrieved faster when there is more than
one domain controller to provide it.
3. Proximity of information: Workstations get the information from a local
domain controller instead of across a slow WAN link.
Physical Components of Active Directory
Domain Controllers:
• Domain Controllers are computers that stores Active Directory Database.
• More than one Domain Controllers can be part of same Domain.
Site:
• Site is a physical structure or topology of your network.
• Branches are the sites
Mohammed Shakeel - 9491886134 Page 50
Windows Server 2016
9. Steps to Install ADDS
Prerequisites:
1. Server Operating System (2012,2016)
2. Administrative account
3. Workgroup computer
4. IP address
5. Change computer name
6. Install ADDS / DNS roles
7. Configure ADDS
IP: 10.0.0.1 IP: 10.0.0.2
Mask: 255.0.0.0 Mask: 255.0.0.0
DNS: 10.0.0.1 DNS: 10.0.0.1
Mohammed Shakeel - 9491886134 Page 51
Windows Server 2016
10. Steps to change computer name
➢ Go to server manager.
➢ Click to local manager.
➢ Then click on computer name.
➢ THEN CLICK TO CHANGE BUTTON.
Mohammed Shakeel - 9491886134 Page 52
Windows Server 2016
➢ GIVE THE COMPUTER NAME .
➢ THEN CLICK OK BUTTON.
➢ AGAIN CLICK TO OK BUTTON.
Mohammed Shakeel - 9491886134 Page 53
Windows Server 2016
➢ THEN CLICK TO CLOSE BUTTON.
➢ CLICK BELOW TO RESTART NOW.
Mohammed Shakeel - 9491886134 Page 54
Windows Server 2016
11. STEPS TO ASSIGN IP 2016
1. GO TO SERVER MANAGER
• CLICK ON LOCAL SERVER
• CLICK ON ETHERNET0
2. RIGHT CLICK ON ETHERNET0
• RIGHT CLICK ON PROPERTIES
Mohammed Shakeel - 9491886134 Page 55
Windows Server 2016
3. SELECT (TCP/IPV4)
• THEN CLICK ON PROPERTIES
4. USE THE IP FOLLOWING ADDRESS
• CLICK ON OK BUTTON
Mohammed Shakeel - 9491886134 Page 56
Windows Server 2016
5. CLICK ON CLOSE BUTTON
Mohammed Shakeel - 9491886134 Page 57
Windows Server 2016
12. STEPS TO CHECK IP ADDRESS
1. PRESS WINDOWS KEY + R
• WRITE CMD AND THEN CLICK ON OK BUTTON
2. WRITE IP CONFIGUR
Mohammed Shakeel - 9491886134 Page 58
Windows Server 2016
13. STEPS TO INSTALL ADDS AND DNS
1. GO TO START
2. CLICK ON SERVER MANAGER
3. CLICK ON MANAGE
4. CLICK ON ADD ROLE AND FEATURE
Mohammed Shakeel - 9491886134 Page 59
Windows Server 2016
5. CLICK ON NEXT BUTTON
6. SELECT A ROLE BASE AND FEATURE BASE INSTALLATON
7. CLICK ON NEXT BUTTON
Mohammed Shakeel - 9491886134 Page 60
Windows Server 2016
8. SELECT SERVER
• THEN AGAIN CLICK ON NEXT
9. CHECK THE BOX ACTIVE DIRECTORY DOMAIN SERVICE
Mohammed Shakeel - 9491886134 Page 61
Windows Server 2016
• CLICK ON ADD FEATURE
10. CHECK THE BOX DNS
Mohammed Shakeel - 9491886134 Page 62
Windows Server 2016
• CLICK ON ADD FEATURE
11. CLICK ON NEXT
Mohammed Shakeel - 9491886134 Page 63
Windows Server 2016
12. AGAIN CLICK ON NEXT
13. AGAIN CLICK ON NEXT
Mohammed Shakeel - 9491886134 Page 64
Windows Server 2016
14. AGAIN CLICK ON NEXT
15. CHECK THE BOX RESTART THE DESTINATION SERVER AUTOMATICALLY IF REQUIRED
• CLICK ON YES BUTTON
• CLICK ON INSTALL BUTTON
Mohammed Shakeel - 9491886134 Page 65
Windows Server 2016
16. NOW INSTALLATION IS IN PROGRESS
17. INSTALLATION SUCCEEDED
• CLICK ON CLOSE BUTTON
Mohammed Shakeel - 9491886134 Page 66
Windows Server 2016
14. STEPS TO CONFIGURE ADDS
1. GO TO SERVER MANAGER.
• CLICK ON NOTIFICATION.
• PROMOTE THIS SERVER TO A DOMAIN CONTROLLER.
2. SELECT ADD A NEW FOREST AND ASSIGN FOREST NAME / DOMAIN NAME.
• CLICK ON NEXT.
Mohammed Shakeel - 9491886134 Page 67
Windows Server 2016
3. SELECT FOREST AND DOMAIN FUNCTIONING LEVEL.
• NOW ASSIGN DSRM PASS WORD.
• NOW CLICK ON NEXT.
4. CLICK ON NEXT.
Mohammed Shakeel - 9491886134 Page 68
Windows Server 2016
5. NOW AGAIN CLICK ON NEXT.
6. NOW IT WILL SHOW ADS DATABASE FOLDER LOCATION, IF YOU WANT YOU CAN CHANGE
THE LOCATION.
• CLICK ON NEXT.
Mohammed Shakeel - 9491886134 Page 69
Windows Server 2016
7. NOW REVIEW ALL OPTIONS IF, YOU WANT TO CHANGE CLICK ON PREVIOUS AND CHANGE
THE SETTINGS, IF NOT CLICK ON NEXT.
Mohammed Shakeel - 9491886134 Page 70
Windows Server 2016
8. NOW ALL PREREQISITES CHECKS PASSED SUCCESSFULLY.
• CLICK INSTALL TO BEGI INSTALLATION.
9. NOW ADS CONFIGURATION PROCESS IS ON.
Mohammed Shakeel - 9491886134 Page 71
Windows Server 2016
10. NOW SERVER IS SUCCESSFULLY CONFIGURED AS A DOMAIN CONTROLLER, NOW IT WILL
REBOOT.
11. NOW WHEN WE LOGIN ADMINISTRATOR NAME WILL APPEAR WITH DOMAIN NAME.
Mohammed Shakeel - 9491886134 Page 72
Windows Server 2016
12. TO VERIFY GO TO CMD AND SAY NET ACCOUNTS, IT WILL SHOW PRIMARY.
Mohammed Shakeel - 9491886134 Page 73
Windows Server 2016
15. STEPS TO ADD CLIENT or MEMBER SERVER
Client:
• Client is a computer which is added into a Domain.
• Client computers are used by End users.
• Client computers are installed with Client Operating System.
Ex: win7, win8 etc
Member Server:
• Member server is a computer which is added into a Domain
• Member servers are used to Install and Configure other Roles like DHCP, FTP, MAIL SERVER,
WEB SERVER etc
• Member server are installed with Server Operation system
Ex: server 2008, 2012, 2016
Note: Adding Member server or Client into a Domain is same
Mohammed Shakeel - 9491886134 Page 74
Windows Server 2016
PREREQUIRMENTS
1. Computer with client o / s ( 7, 8, 8.1 or 10 )
2. Ip address and DNS address
3. Computer should be in workgroup
4. Administrator account
5. Go to start
• Right click on computer properties
6. CLICK ON CHANGE SETTING
Mohammed Shakeel - 9491886134 Page 75
Windows Server 2016
6. CLICK ON CHANGE BUTTON.
7. UNDER MEMBER OF SELECT DOMAIN AND GIVE DOMAIN NAME
• CLICK ON OK BUTTON.
Mohammed Shakeel - 9491886134 Page 76
Windows Server 2016
8. NOW ENTER USER NAME AND PASSWORD OF DOMAIN ADMINISTRATOR
• CLICK ON OK BUTTON
9. NOW CLIENT IS SUCCESSFULLY ADDED TO “VIRTUAL NETWORK DOMAIN”
• CLICK OK AND RESTART THE COMPUTER
Mohammed Shakeel - 9491886134 Page 77
Windows Server 2016
10. CLICK ON OK BUTTON.
NOTE: TO VERIFY.
• GO TO SERVER MANAGER
• CLICK ON TOOL BUTTON
• CLICK ON ACTIVE DIRECTORY USERS AND COMPUTERS
• EXPAND DOMAIN NAME
• CLICK ON COMPUTER AND VERIFY
Mohammed Shakeel - 9491886134 Page 78
Windows Server 2016
16. STEPS TO CREATE USERS
USER
Domain
Local User
User
Users are of two types
1. Local User
2. Domain User
Local user:
• Local user is created in a Workgroup Computer
• Local user can access same computer
Domain User:
• User is one of the most important Object in Active Directory
• User Account which is created in Active Directory are also known as Domain user
• A user requires an Active Directory user account to log on to a computer in a domain.
• Domain User can access the Recourse of entire Domain, Security and Policies can be
implemented on Domain user from Server.
Note: By-default in Windows Operating System two User accounts are created
1. Administrator
2. Guest (Disable By-default)
Mohammed Shakeel - 9491886134 Page 79
Windows Server 2016
1. GO TO SERVER MSNAGER
• CLICK ON TOOLS
• CLICK ON ACTIVE DIRECTORY USERS AND COMPUTERS
2. EXPAND DOMAIN
• RIGHT CLICK ON USER
• CLICK ON NEW
• CLICK ON USER
Mohammed Shakeel - 9491886134 Page 80
Windows Server 2016
3. GIVE USER NAME AND LOGON NAME
• CLICK ON NEXT
4. CLICK ON ACTIVE DURECTORY USERS AND COMPUTERS
• CLICK ON VIRTUAL NETWORKS
Mohammed Shakeel - 9491886134 Page 81
Windows Server 2016
5. GIVE SOME PASSWORD EXAMPLE : (ABC@123 )
• AND SELECT SOME POLICY
• CLICK ON NEXT BUTTON
6. CLICK ON FINISH BUTTON
Mohammed Shakeel - 9491886134 Page 82
Windows Server 2016
NOTE: TO VERIFY.
• Go to server manager
• Click on tools
• Select on active directory users and computers
• Expand domain click on users folder.
17. STEPS TO CREATE USER FROM CMD
1. Go To CMD And Type The Following Command.
Mohammed Shakeel - 9491886134 Page 83
Windows Server 2016
18. Steps to configure logon to
1. Go to server manager → tools→ active directory users and computers
2. Right click on user → properties
Mohammed Shakeel - 9491886134 Page 84
Windows Server 2016
3. Account→ logon to
4. Select the following computers and type the computer name → click on ADD → OK
Mohammed Shakeel - 9491886134 Page 85
Windows Server 2016
To verify go to client1 computer and login as “Abdullah”
user
Mohammed Shakeel - 9491886134 Page 86
Windows Server 2016
5. Now Abdullah user cannot login to client1 computer, because he is allocated to “client50”
computer
Mohammed Shakeel - 9491886134 Page 87
Windows Server 2016
19. Steps to configure logon hours
Ex: Monday to Friday, from 8:00are till 5:00 pm
1. Go to active directory users and computer→ right click on user {SHAKEEL user} →
properties
2. Go to account → logon hours
Mohammed Shakeel - 9491886134 Page 88
Windows Server 2016
3. By default is permitted from Sunday to Saturday and from 12:00am
To 12:00pm
4. Now change logon hours timings, in this example for SHAKEEL user logon hours is from
morning 8:00am to 5:00pm and Monday to Friday → ok
Mohammed Shakeel - 9491886134 Page 89
Windows Server 2016
NOTE: go to client computer and login as shakeel user, between 8:00am to 6:00pm and
login will be allowed
But if you login before 8:00am or after 6:00pm than it will show the following message
Mohammed Shakeel - 9491886134 Page 90
Windows Server 2016
20. STEPS TO CONFIGURE LOGON TO FOR MULTIPLE USERS
1. Go to active directory user and computers→ select multiple users→ right click→ properties
2. Account → check the box→ computer restrictions then click on logon to
Mohammed Shakeel - 9491886134 Page 91
Windows Server 2016
3. Select the followings computers and type all the computers names→ click on ADD
4. Ok
Mohammed Shakeel - 9491886134 Page 92
Windows Server 2016
Steps to configure logon hours for multiple users
1. Go to active directory users and computers → select multiple users → properties
2. Account → check the box→ logon hours and click on logon hours
Mohammed Shakeel - 9491886134 Page 93
Windows Server 2016
3. Change the timings according to scenario
Ex: Monday to Friday 10:00p am till 7:00 pm
4. ok
Mohammed Shakeel - 9491886134 Page 94
Windows Server 2016
21. Steps to configure or enable active directory recycle bin
1. Go to server manager → tools → active directory administrative center
2. Click on domain name→ click on enable recycle bin
Mohammed Shakeel - 9491886134 Page 95
Windows Server 2016
3. Click on ok for confirmation
4. Click ok to refresh
To verify
1. Now go to active directory users and computers → right/click on users and delete
2. Now go to back active directory administrative center → click on domain name →
double/click on deleted object
Mohammed Shakeel - 9491886134 Page 96
Windows Server 2016
3. We can see the deleted object → select your object and click on restore
Note
Now the deleted object is restored successfully to verify go to active directory users and
computers and verify
Mohammed Shakeel - 9491886134 Page 97
Windows Server 2016
22. Passwords policies
1. Go to server manager → tools → group policy management
2. Expand forest → expand domain → expand domain name → right/click on default domain
policy → edit
Mohammed Shakeel - 9491886134 Page 98
Windows Server 2016
3. Under computer configuration → expand policies → expand window settings → expand
security setting → expand account policies → password policy
4. Now in the right pane we can see password policies
Mohammed Shakeel - 9491886134 Page 99
Windows Server 2016
23. Account Lockout Policy
To change Account Lockout Policy → Go to Domain Controller → Tools → Group Policy
Management
Expand Forest → Expand Domains → Expand Domain Name “KNOC.COM” → Right Click on Default
Domain Policy → Edit
Mohammed Shakeel - 9491886134 Page 100
Windows Server 2016
Under Computer Configuration → Expand Policies → Expand Windows Settings → Expand Security
settings → Expand Account Policies → Select Account Lockout Policies
Mohammed Shakeel - 9491886134 Page 101
Windows Server 2016
Now Right Click on Policy → Properties and change the value
1. Account lockout threshold : In this option we need to mention the invalid attempts, if two
invalid attempts are configured than account will be locked out if the uses is submitting
three invalid passwords
2. Account lockout duration : This option defines for how long account will be locked out
3. Reset account counter after: This option defines the time period in which a user can
submit invalid password before his account is locked out.
Mohammed Shakeel - 9491886134 Page 102
Windows Server 2016
Note: Now go to client computer and give invalid passwords and user account will be locked, it
will show following message
Mohammed Shakeel - 9491886134 Page 103
Windows Server 2016
24. Steps to Un-Lock Account:
Right Click on User → Properties
Accounts → UN-CHECK the box “UNLOCK ACCOUNT” → apply → ok.
Mohammed Shakeel - 9491886134 Page 104
Windows Server 2016
25. Steps to create organizational unit
1. Go to Active directory users and computers
2. Right click on the domain name → new → organizational unit
3. Give some name and click ok
Mohammed Shakeel - 9491886134 Page 105
Windows Server 2016
Steps to create sub organizational unit
1. Go to active directory users and computers → right click on organizational unit (IT)→ new →
organizational unit give some space → ok
Mohammed Shakeel - 9491886134 Page 106
Windows Server 2016
Steps to create users in organizational unit
1. Go to active directory users and computers → organizational unit → new → user
2. And follow the steps
Mohammed Shakeel - 9491886134 Page 107
Windows Server 2016
Steps to move users between organizational units
1. Right click on user → move
2. Select destination organizational unit → ok
Mohammed Shakeel - 9491886134 Page 108
Windows Server 2016
Steps to delete organizational unit
1. Right/click on organizational unit → delete
2. Click on yes
3. Now it will show that organizational unit is protected from deletion
4. Now go to active directory users and computers → view → advanced features
Mohammed Shakeel - 9491886134 Page 109
Windows Server 2016
5. Right click on organizational unit → properties
Mohammed Shakeel - 9491886134 Page 110
Windows Server 2016
6. Object → un-check the box → “protect object from accidental deletion” → ok
7. Right /click on organizational unit → delete
Mohammed Shakeel - 9491886134 Page 111
Windows Server 2016
26. Steps to configure delegating control
1. Right click on organizational unit → delegate control.
Mohammed Shakeel - 9491886134 Page 112
Windows Server 2016
2. Add user to whom you are delegating [egg: Ayesha] → next.
3. Now delegate some controls → next.
Mohammed Shakeel - 9491886134 Page 113
Windows Server 2016
4. Finish.
Mohammed Shakeel - 9491886134 Page 114
Windows Server 2016
27. Group policy
A. steps to remove games, music, picture etc. from start menu for organizational unit
1. Go to server manager → tools → group policy management
2. Expand forest → expand domain → right click on any organizational unit the create a GPO in this
domain and link it here.
Mohammed Shakeel - 9491886134 Page 115
Windows Server 2016
3. Use some GPO name and click on OK
4. Right click on the created GPO and edit
5. Under user configuration → expand policies → expand administrative templates → select start
menu and taskbar.
Mohammed Shakeel - 9491886134 Page 116
Windows Server 2016
6. in the right pane, select the option that you want to disable and then right click on the option and
edit.
Mohammed Shakeel - 9491886134 Page 117
Windows Server 2016
7. Select enable and apply OK.
NOTE: now do the same configuration for all other options.
Mohammed Shakeel - 9491886134 Page 118
Windows Server 2016
B. UPDATE POLICY:
1. To update group policy → go to RUN and type the command Pupate /force
Mohammed Shakeel - 9491886134 Page 119
Windows Server 2016
C. TO VERIFY:
1. Go to client computers and log in as any user from accounts organizational unit.
2. for this user games, music, pictures options are disabled.
NOTE: in this same computer log in with a user from different organizational unit, that user can
access games, music, pictures etc.
Mohammed Shakeel - 9491886134 Page 120
Windows Server 2016
D. STEPS TO DENY GROUP POLICY FOR A USER FROM ORGANIZATIONAL UNIT.
1. Go to server manager → tools→ group policy management.
2. Expand forest → expand domain→ expand domain name → expand organizational unit
[accounts] → select GPO → delegation → advance.
Mohammed Shakeel - 9491886134 Page 121
Windows Server 2016
3. Click on ADD
4. Add user → OK
5. Now select the user → under permission for users (Ayesha) check the box “deny” → apply group
policy
Mohammed Shakeel - 9491886134 Page 122
Windows Server 2016
6. Click on YES → OK.
NOTE: go to RUN → GP update
Mohammed Shakeel - 9491886134 Page 123
Windows Server 2016
E. TO VERIFY
1. Go to client computers and log in as Ayesha user
2. Now the user (Ayesha) can access all options.
Mohammed Shakeel - 9491886134 Page 124
Windows Server 2016
28. Steps to deny control on organizational unit
1. Expand forest → expand domain → right click on organizational unit (create a
GPO) and give some name (deny control panel)
2. Right click on GPO → edit.
Mohammed Shakeel - 9491886134 Page 125
Windows Server 2016
3. Under user configuration → expand policies → expand administrative
→templates → select control panel.
4. In right pane, right click on prohibit access to control panel and pc settings →
edit.
5. Enable → apply → OK.
Mohammed Shakeel - 9491886134 Page 126
Windows Server 2016
NOTE:
1. Now go to run → pupate force.
2. To verify go to client computer and login as account users.
Mohammed Shakeel - 9491886134 Page 127
Windows Server 2016
Steps to deny USB on domain
1. Go to server manager → tools → group policy management.
2. Expand forest → expand domain → expand domain name → expand
organizational (accounts) →select GPO -→ delegation → advance.
3. Right click on virtual networks and create GPO.
4. Give some name → ok
5. Now right click on created GPO → edit.
Mohammed Shakeel - 9491886134 Page 128
Windows Server 2016
Under user configuration → expand policies → expand administrative
templates → expand system → select removable storage access
6. Right click on all removable storage process → edit
Mohammed Shakeel - 9491886134 Page 129
Windows Server 2016
7. Select enabled →apply → ok.
NOTE: go to run → gnu update.
Mohammed Shakeel - 9491886134 Page 130
Windows Server 2016
Steps to block domain policy on organizational unit
1. Go to server manager → tools → group policy management.
2. Expand forest → expand domain → expand domain name → virtual networks.
3. Right click on organizational unit → block inheritance.
4. Now it will show blue color
Mohammed Shakeel - 9491886134 Page 131
Windows Server 2016
Steps to configure enforce policy
1. Right click on policy → enforce
Mohammed Shakeel - 9491886134 Page 132
Windows Server 2016
29. Groups
Steps to create groups
1. Go to active directory users and computers → right click on domain or
organizational unit.
2. Assign group name → select scope and select group type→ ok
NOTE: follow the same steps and create more groups.
Mohammed Shakeel - 9491886134 Page 133
Windows Server 2016
Steps to Add users in groups.
1. Right click on group → properties
2. Members → add
Mohammed Shakeel - 9491886134 Page 134
Windows Server 2016
3. Enter the user names → ok
4. Apply → ok
Mohammed Shakeel - 9491886134 Page 135
Windows Server 2016
Sharing
1. Create some folders in any drive and add some files
2. To share the folders with users → right click on folder → properties
3. Sharing → share
Mohammed Shakeel - 9491886134 Page 136
Windows Server 2016
4. Click on dropdown and select find people → add users to whom you want to
share ( user, group or everyone)
5. Now assign sharing permissions → share
Mohammed Shakeel - 9491886134 Page 137
Windows Server 2016
6. Done
Mohammed Shakeel - 9491886134 Page 138
Windows Server 2016
7. Close
Mohammed Shakeel - 9491886134 Page 139
Windows Server 2016
Steps to access share folder
1. Go to client computer → log in as user
2. Go to run and type the address → ok
Mohammed Shakeel - 9491886134 Page 140
Windows Server 2016
Steps to modifying sharing
1. Go to file sharing and select the user or group and change permissions.
Mohammed Shakeel - 9491886134 Page 141
Windows Server 2016
30. Security
1. Right click on created share folders → properties
2. Security → edit
Mohammed Shakeel - 9491886134 Page 142
Windows Server 2016
3. Click on add ( to add user, group or everyone) enter the name of the object →
ok
4. Now select the user and deny write permissions and allow read permission →
apply
Mohammed Shakeel - 9491886134 Page 143
Windows Server 2016
5. In windows security alert → click in yes.
6. Ok →ok
Mohammed Shakeel - 9491886134 Page 144
Windows Server 2016
To verify
1. Go to client computer and log in as any user and access the shade folder and
try to make some changes and in that folder → it will show you access is
denied.
Mohammed Shakeel - 9491886134 Page 145
Windows Server 2016
31. Offline files
1. Log in as user in client computer and access shade folders
2. Right click on folder → always available offline
Mohammed Shakeel - 9491886134 Page 146
Windows Server 2016
3. For offline folders it will show a green color circle
NOTE: now disconnect client computer from server and access offline folder
Mohammed Shakeel - 9491886134 Page 147
Windows Server 2016
32. Home folder
1. Create a shade folder in server
2. Right click on user → properties
3. Profile → under home folder → connect → choose any drive letter → give the
path ( \\serverIP\share folder) --> apply → ok
Mohammed Shakeel - 9491886134 Page 148
Windows Server 2016
To verify
1. Go to client computer and log in a user
2. Go to my computer and check the network drive
Mohammed Shakeel - 9491886134 Page 149
Windows Server 2016
33. Disk quotas
1. Right click on the volume → properties
2. Quota → enable quota management and deny disk space to user exceeding
quota → select limit disk space and assign any space → and select both log
event box → apply
Mohammed Shakeel - 9491886134 Page 150
Windows Server 2016
3. Ok → ok
Mohammed Shakeel - 9491886134 Page 151
Windows Server 2016
To verify
1. Go to client computers and log in
Mohammed Shakeel - 9491886134 Page 152
Windows Server 2016
34. Profile
1. Create a shade folder in server
2. Right click on user → properties
3. Profile → profile path (\\servername\shade folder name) --> ok
Mohammed Shakeel - 9491886134 Page 153
Windows Server 2016
To verify
1. Go to client computer and log in as user and make some changes on desktop.
Now log off from that computer and log in to other computer and user will get
same option
35. NIC TEAMING
1. Go to server manager → local server → click on NIC TEAMING and disable
2. Under teams → click on tasks → new team
3. Give team some name and select NIC → OK
Mohammed Shakeel - 9491886134 Page 154
Windows Server 2016
36. Steps to Configure Additional Domain Controller
1. STEP
Open server manager
Click on notification
Promote the domain controller
2. STEP
Select
(1)Add a domain controller to an existing domain
(2)Give domain name
(3)Enter user name
Mohammed Shakeel - 9491886134 Page 155
Windows Server 2016
(4)Next
3. STEP
Enter password
Next
Mohammed Shakeel - 9491886134 Page 156
Windows Server 2016
4. STEP
Next
5. STEP
Next
Mohammed Shakeel - 9491886134 Page 157
Windows Server 2016
6. STEP
Next
7. STEP
Next
Mohammed Shakeel - 9491886134 Page 158
Windows Server 2016
8. STEP
Install
Mohammed Shakeel - 9491886134 Page 159
Windows Server 2016
37. Steps to Configure Child Domain Controller
1. STEP
Promote the server to a domain controller
2. STEP
(1) Add a domain to an existing domain
(2) Select a domain type
(3) Parent domain type
(4) Enter new/Child domain name
(5) Change
Mohammed Shakeel - 9491886134 Page 160
Windows Server 2016
3. STEP
Enter parent user name and password
Ok
Mohammed Shakeel - 9491886134 Page 161
Windows Server 2016
4. STEP
Enter DSRM Password
Next
5. STEP
Select DNS Option
Next
6. STEP
It will show net BIOS name
Next
Mohammed Shakeel - 9491886134 Page 162
Windows Server 2016
7. STEP
Next
Mohammed Shakeel - 9491886134 Page 163
Windows Server 2016
8. STEP
Next
9. STEP
Install
Mohammed Shakeel - 9491886134 Page 164
Windows Server 2016
38. (A) Steps to transfer FSMO Roles
1. STEP
Go to CDM
NTDSTIL
ROLES
CONNECTIONS
CONNECT TO SERVER ex: ADC1
QUIT
2. STEP
Transfer RID Master
Yes
Mohammed Shakeel - 9491886134 Page 165
Windows Server 2016
3. STEP
Transfer infrastructure master
Yes
4. STEP
Transfer naming master
Yes
Mohammed Shakeel - 9491886134 Page 166
Windows Server 2016
5. STEP
Transfer schema master
Yes
6. STEP
Transfer PDC
Yes
7. STEP
Now go to CMD of ADC1
Net account
NOTE: It will display PRIMARY
Mohammed Shakeel - 9491886134 Page 167
Windows Server 2016
(B) STEPS TO SEIZE FSMO
1. STEP
Go to CMD
NITDSTIL
ROLES
CONNECTIONS
CONNECT TO SERVER ex: ADC1
QUIT
2. STEP
Seize RID master
Yes
Mohammed Shakeel - 9491886134 Page 168
Windows Server 2016
3. STEP
Seize infrastructure master
Yes
4. STEP
Seize schema master
Yes
5. STEP
Seize naming master
Yes
Mohammed Shakeel - 9491886134 Page 169
Windows Server 2016
6. STEP
Seize PDC
Yes
7. STEP
Now go to CMD and type net account it will show PRIMARY
Mohammed Shakeel - 9491886134 Page 170
Windows Server 2016
Mohammed Shakeel - 9491886134 Page 171
Windows Server 2016
FSMO – Flexible Single Master Operation Roles
There are Five FSMO roles in Active Directory
1. Schema master These two Roles are common in whole Forest
2. Domain naming master
3. RID master
These three Roles are present in every Domain
4. PDC emulator
5. Infrastructure master
1. SCHEMA MASTER:
➢ The schema master FSMO role holder DC is responsible for performing updates to the
directory schema.
➢ This DC is the only one that can process updates to the directory schema. Once the Schema
update is complete, it is replicated from the schema master to all other DCs in the directory.
➢ There is only one schema master in whole Forest.
2. Domain Naming Master:
➢ The domain naming master FSMO role holder DC is responsible for making changes to the
forest-wide domain name space of the directory.
➢ This DC is the only one that can add or remove a domain from the directory.
NOTE: No two Domain Controllers can hold Schema Master and Domain naming master role at same time in
whole Forest.
3. RID MASTER:
➢ The RID master FSMO role holder is the single DC responsible for processing RID Pool
requests from all DCs within a given domain. It is also responsible for removing an object
from its domain and putting it in another domain during an object move.
➢ When a DC creates a security principal object such as a user or group, it attaches a unique
Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs
created in a domain), and a relative ID (RID) that is unique for each security principal SID
created in a domain.
Mohammed Shakeel - 9491886134 Page 172
Windows Server 2016
➢ Each Windows DC in a domain is allocated a pool of RIDs that it is allowed to assign to the
security principals it creates. When a DC's allocated RID pool falls below a threshold, that
DC
➢
➢ issues a request for additional RIDs to the domain's RID master. The domain RID master
responds to the request by retrieving RIDs from the domain's unallocated RID pool and
assigns them to the pool of the requesting DC.
➢ There is one RID master per domain in a directory.
4. PDC EMULATOR:
➢ The PDC emulator is necessary to synchronize time in an enterprise. Windows includes the
W32Time (Windows Time) time service that is required by the Kerberos authentication
protocol. All Windows-based computers within an enterprise use a common time. The
purpose of the time service is to ensure that the Windows Time service uses a hierarchical
relationship that controls authority and does not permit loops to ensure appropriate
common time usage.
➢ Password changes performed by other DCs in the domain are replicated preferentially to the
PDC emulator.
➢ Authentication failures that occur at a given DC in a domain because of an incorrect
password are forwarded to the PDC emulator before a bad password failure message is
reported to the user.
➢ Account lockout is processed on the PDC emulator.
➢ There is one PDC EMULATOR per domain in a directory.
5. INFRASTRUCTURE MASTER:
➢ When an object in one domain is referenced by another object in another domain, it
represents the reference by the GUID, the SID (for references to security principals), and the
DN of the object being referenced. The infrastructure FSMO role holder is the DC
➢
➢ responsible for updating an object's SID and distinguished name in a cross-domain object
reference.
➢ There is one INFRASTRUCTURE MASTER per domain in a directory.
FSMO Roles can be Transfer and can be Seize
Mohammed Shakeel - 9491886134 Page 173
Windows Server 2016
Transfer:
➢ Transferring of FSMO roles is possible if both the Domain Controllers are working.
➢ Transfer of role is safe.
Seize:
➢ Seizing of FSMO role should only be attempted if the existing server with the
FSMO role is no longer available.
➢ If you perform a seizure of the FSMO roles from a DC, you
need to ensure two things.
➢ The current holder is actually dead and offline, and that
the old DC will NEVER return to the network.
➢ If you do an FSMO role Seize and then bring the previous
holder back online, you'll have a problem.
FSMO LAB
SYS 1 SYS 2
Domain Controller Additional Domain Controller
IP: 10.0.0.1 10.0.0.2
Mask: 255.0.0.0 255.0.0.0
P. DNS: 10.0.0.1 10.0.0.1
Mohammed Shakeel - 9491886134 Page 174
Windows Server 2016
Lab 1: Transferring roles through Graphical User Interface
1. First configure Primary Domain Controller and Additional Domain controller
2. Now log in to Primary Domain Controller as Administrator.
3. Go to Server Manager
4. Tools
5. Active Directory Users and Computers
6. Now Right Click on Domain name → Operations Masters
Now we can see three Domain Wide Roles. 1. RID, 2. PDC, 3.INFRASTRUCTUR
Select the role you want to Transfer → Change
Mohammed Shakeel - 9491886134 Page 175
Windows Server 2016
Yes
Now we can see RID role is transferred to SYS2, like this transfer remaining two roles.
Mohammed Shakeel - 9491886134 Page 176
Windows Server 2016
To transfer Domain Naming Master
Go to Tools → Active Directory Domains and Trusts → Right Click on Active Directory Domains and Trusts →
Operational Master
Mohammed Shakeel - 9491886134 Page 177
Windows Server 2016
Change
Yes
OK
Mohammed Shakeel - 9491886134 Page 178
Windows Server 2016
To Transfer SCHEMA MASTER Role Go to RUN and type the command → OK
Now again go to RUN → MMC → OK
Now go to File → Add / Remove snap-in
Mohammed Shakeel - 9491886134 Page 179
Windows Server 2016
Select Active Directory Schema → Add → ok
Mohammed Shakeel - 9491886134 Page 180
Windows Server 2016
Now Right Click on → Active Directory Schema → Operations Master
Mohammed Shakeel - 9491886134 Page 181
Windows Server 2016
Change
Yes
Ok
Mohammed Shakeel - 9491886134 Page 182
Windows Server 2016
LAB 2: Steps to Transfer FSMO Roles through Command Prompt
Go to Primary Domain Controller → log in as Administrator → Go to CMD
NTDSUTIL
ROLES
CONNECTIONS
CONNECT TO SERVER SYS2
QUIT
NOTE: Now Transfer Roles
TRANSFER RID MASTER → YES
Mohammed Shakeel - 9491886134 Page 183
Windows Server 2016
TRANSFER PDC → YES
TRANSFER INFRASTRUCTURE MASTER → YES
TRANSFER NAMING MASTER → YES
TRANSFER SCHEMA MASTER → YES
Now QUIT → QUIT
Now go to → CMD → NET ACCOUNTS
It will display as BACKUP.
Mohammed Shakeel - 9491886134 Page 184
Windows Server 2016
LAB 3: STEPS TO SEIZE ROLES
Note: Seizing is done when Domain Controller which holds FSMO record/record’s is Down, so go to Domain
Controller which is up and follow the following step’s
➢ Go to CMD
NTDSUTIL
ROLES
CONNECTIONS
CONNECT TO SERVER SYS1
QUIT
Mohammed Shakeel - 9491886134 Page 185
Windows Server 2016
SEIZE PDC → YES
SEIZE RID MASTER
SEIZE INFRASTRUCTURE MASTER
SEIZE NAMING MASTER
Mohammed Shakeel - 9491886134 Page 186
Windows Server 2016
SEIZE SCHEMA MASTER
Note: Now this Domain Controller holds all the five FSMO Roles, so it acts as Primary Domain controller.
Mohammed Shakeel - 9491886134 Page 187
Windows Server 2016
39. DNS
1. STEPS TO INSTALL DNS
1. Go to server manager ➔ manage ➔ Add Roles and Features
2. Next
Mohammed Shakeel - 9491886134 Page 188
Windows Server 2016
3. Select Role based or Feature based installation ➔ Next
4. Select servers ➔ Next
Mohammed Shakeel - 9491886134 Page 189
Windows Server 2016
5. Select DNS ➔ Add features ➔ Next
6. Next ➔ Next
7. Check the box restarts the destination server automatically if
required ➔ Yes ➔ Install ➔ Close
Mohammed Shakeel - 9491886134 Page 190
Windows Server 2016
2. STEPS TO CONFIGURE PRIMARY DNS SERVER [FORWARD LOOKUP ZONE]
1. Go to server manager ➔ Tools ➔ DNS
2. Expand server ➔ Right click on forward lookup zone ➔ New zone
Mohammed Shakeel - 9491886134 Page 191
Windows Server 2016
3. Next
4. Select primary zone ➔ Next
Mohammed Shakeel - 9491886134 Page 192
Windows Server 2016
5. Select to all DNS server running on domain controllers ➔ Next
6. Enter the zone name ➔ Next
Mohammed Shakeel - 9491886134 Page 193
Windows Server 2016
7. Select allow only secure domain updates ➔ Next
8. Finish
Mohammed Shakeel - 9491886134 Page 194
Windows Server 2016
3. STEPS TO CONFIGURE PRIMARY REVERSE LOOKUP ZONE
1. Access DNS ➔ Right click on Reverse lookup zone ➔ New zone
2. Next
Mohammed Shakeel - 9491886134 Page 195
Windows Server 2016
3. Select primary zone ➔ Next
4. Select
Mohammed Shakeel - 9491886134 Page 196
Windows Server 2016
5. Select IPV4 ➔ Next
6. Select the Network ID ➔ Next
Mohammed Shakeel - 9491886134 Page 197
Windows Server 2016
7. Select the allow only dynamic updates ➔ Next
8. Finish
Mohammed Shakeel - 9491886134 Page 198
Windows Server 2016
4. STEPS TO ADD HOST RECORD AND POINTER RECORD
1. Go to DNS ➔ Expand server ➔Expand Forward lookup zone ➔ Right
click on domain name ➔ New host
2. Enter client name ➔ IP address ➔ Check the box create associated
pointer (PTR) ➔ Add host
Mohammed Shakeel - 9491886134 Page 199
Windows Server 2016
3. Click on ok button
Mohammed Shakeel - 9491886134 Page 200
Windows Server 2016
5. STEPS TO CONFIGURE SECONDARY DNS
REQUIRMENTS:
1. Window server OS
2. IP address and DNS address
3. Member server
1. INSTALL DNS SERVER
1. Go to DNS ➔ Right click on forward lookup zone ➔ New zone
2. Next
Mohammed Shakeel - 9491886134 Page 201
Windows Server 2016
3. Select secondary zone ➔ Next
4. Enter primary zone name ➔ Next
Mohammed Shakeel - 9491886134 Page 202
Windows Server 2016
5. Enter the IP of primary master/primary DNS server ➔ Next
6. Next
Mohammed Shakeel - 9491886134 Page 203
Windows Server 2016
7. Finish
8. Now go to primary DNS server ➔ Right click on domain name ➔
Properties
Mohammed Shakeel - 9491886134 Page 204
Windows Server 2016
9. Zone transfer check the box allow zone transfer ➔ Only to the
following servers ➔ Edit
10. Enter the IP of secondary DNS ➔ Enter ➔ Ok
Mohammed Shakeel - 9491886134 Page 205
Windows Server 2016
11. Click on ok
12. Apply ➔ Ok
Mohammed Shakeel - 9491886134 Page 206
Windows Server 2016
13. New zone to secondary DNS ➔ Right click on zone ➔ Transfer from
master ➔ Refresh
Mohammed Shakeel - 9491886134 Page 207
Windows Server 2016
40. DHCP
STEPS TO INSTALL DHCP ROLE
1. Go to server manager ➔manage➔Add Roles and Features
2. Click on Next
Mohammed Shakeel - 9491886134 Page 208
Windows Server 2016
3. Select role based installation ➔ Next
4. Select your server➔Next
Mohammed Shakeel - 9491886134 Page 209
Windows Server 2016
5. Check DHCP box ➔Add features ➔ Next
6. Next
Mohammed Shakeel - 9491886134 Page 210
Windows Server 2016
7. Next
8. Check the box restart the destination ➔ yes ➔Install
Mohammed Shakeel - 9491886134 Page 211
Windows Server 2016
AUTHORISING DHCP SERVER
1. Go to server manager ➔ Click on Notification ➔ complete DHCP
Configuration
2. Next
Mohammed Shakeel - 9491886134 Page 212
Windows Server 2016
3. Select user ➔ commit
4. Close
Mohammed Shakeel - 9491886134 Page 213
Windows Server 2016
STEPS TO CONFIGURE DHCP
1. Go to server manager ➔Tools ➔ DHCP
2. Go to server name ➔ expand IPV4 ➔ Right click on IPV4 ➔New scope
Mohammed Shakeel - 9491886134 Page 214
Windows Server 2016
3. Click on Next
4. Enter scope name ➔ Next
Mohammed Shakeel - 9491886134 Page 215
Windows Server 2016
5. Enter IP Address range ➔ subnet mask ➔ Next
Mohammed Shakeel - 9491886134 Page 216
Windows Server 2016
6. Enter IP exclusion ➔ Add ➔Next
Mohammed Shakeel - 9491886134 Page 217
Windows Server 2016
7. Enter lease duration ➔ Next
8. Select ➔ yes, I want to configure this now ➔ Next
Mohammed Shakeel - 9491886134 Page 218
Windows Server 2016
9. Enter router IP ➔ Add ➔ Next
Mohammed Shakeel - 9491886134 Page 219
Windows Server 2016
10. Enter DNS Server Name ➔ Resolve ➔ Add ➔ Next
11. Next
Mohammed Shakeel - 9491886134 Page 220
Windows Server 2016
12. Yes, I want to activate this scope now ➔ Next
Mohammed Shakeel - 9491886134 Page 221
Windows Server 2016
13. Finish
Mohammed Shakeel - 9491886134 Page 222
Windows Server 2016
DHCP – Dynamic Host Configuration Protocol
➢ Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides
an Internet Protocol (IP) host with its IP address and other related configuration information such as
the subnet mask, default gateway and Dns address.
➢ Every device on a TCP/IP-based network must have a unique unicast IP address to access the
network and its resources. Without DHCP, IP addresses for computer must be configured manually.
➢ With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a
pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the
network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned),
addresses no longer in use are automatically returned to the pool for reallocation.
The network administrator establishes DHCP servers that maintain TCP/IP configuration information and
provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores
the configuration information in a database that includes.
• Valid TCP/IP configuration parameters for all clients on the network.
• Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses.
• Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment of
a single IP address to a single DHCP client.
• The lease duration, or the length of time for which the IP address can be used before a lease
renewal is required.
A DHCP-enabled client, upon accepting a lease offer, receives:
• A valid IP address for the subnet to which it is connecting.
• Requested DHCP options, which are additional parameters that a DHCP server is configured to
assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers, and
DNS Domain Name.
Benefits of DHCP:
• Reliable IP address configuration. DHCP minimizes configuration errors caused by manual IP
address configuration, such as typographical errors, or address conflicts caused by the assignment of
an IP address to more than one computer at the same time.
• Reduced network administration. DHCP includes the following features to reduce network
administration:
▪ Centralized and automated TCP/IP configuration.
Mohammed Shakeel - 9491886134 Page 223
Windows Server 2016
▪ The ability to define TCP/IP configurations from a central location.
▪ The ability to assign a full range of additional TCP/IP configuration values by means of DHCP
options.
▪ The efficient handling of IP address changes for clients that must be updated frequently, such
as those for portable computers that move to different locations on a wireless network.
Steps to Install DHCP
SYS 1 SYS 2
IP: 10.0.0.1 ....................
Mask: 255.0.0.0 ....................
P. DNS: 10.0.0.1 ....................
Domain Controller Client
Go to Domain controller or Member server → Log in as Administrator → Server Manager →
Manage → Add Roles and Features
Mohammed Shakeel - 9491886134 Page 224
Windows Server 2016
Select Role-based or feature-based installation → next
Select server from Server pool → Next
Mohammed Shakeel - 9491886134 Page 225
Windows Server 2016
Check the box DHCP
Click on Add Features
Mohammed Shakeel - 9491886134 Page 226
Windows Server 2016
Select Restart Server option → Yes → Install
Mohammed Shakeel - 9491886134 Page 227
Windows Server 2016
Close
Next
Mohammed Shakeel - 9491886134 Page 228
Windows Server 2016
Commit
Mohammed Shakeel - 9491886134 Page 229
Windows Server 2016
Steps to Configure DHCP:
Create new scope wizard options
IP Address Range:
This option allows you to specify the starting and ending IP addresses that define the range of the scope,
along with the subnet mask you want to assign to the distributed addresses.
Add Exclusion
This option allows you to specify the IP addresses within the defined range that you do not want to lease to DHCP clients.
Lease Duration:
This option allows you to define the lease duration values. These lease durations are then assigned to DHCP clients.
Configure DHCP Options:
This option allows you to determine whether to configure DHCP options for the scope through subsequent wizard options in the
New Scope Wizard or later.
Depending on the selected option here you may see further options. If you select the option to configure DHCP options later, the
wizard does not give you an opportunity to activate the scope. You must activate the scope manually before it can begin leasing
addresses.
Router(DefaultGateway):
This option allows you to specify which default gateway (and alternates) should be assigned to DHCP clients.
DNS and Domain Name:
This option allows you to specify both the parent domain to be assigned to client computers and the addresses of DNS servers to
be assigned to the client.
WINS SERVER:
This option allows you to specify the addresses of WINS servers to be assigned to the client. Clients use WINS servers to
convert NetBIOS names to IP addresses.
ActivateScope.
This option allows you to determine whether the scope should be activated after the wizard has completed.
To configure DHCP → go to DHCP server → Login as Administrator → Server Manager → Tools →
DHCP
Mohammed Shakeel - 9491886134 Page 230
Windows Server 2016
Now Expand IPV4 → Right Click → New Scope
Give any Scope Name → Next
Enter Address Range → Subnet Mask → Next
Mohammed Shakeel - 9491886134 Page 231
Windows Server 2016
Add Exclusions (Optional) → Next
Mohammed Shakeel - 9491886134 Page 232
Windows Server 2016
Assign Lease Duration → Next
Select “Yes I want to configure these options now” → Next
Mohammed Shakeel - 9491886134 Page 233
Windows Server 2016
Configure ROUTER IP address → Add → Next
Give DNS server name → Click on Resolve → Add IP address → Next
Mohammed Shakeel - 9491886134 Page 234
Windows Server 2016
After Clicking on Add DNS Validation process will complete, Than click on Next
In WINS Server → Click on Next
Mohammed Shakeel - 9491886134 Page 235
Windows Server 2016
Select “Yes I want to activate this scope now” → Next
Finish
Mohammed Shakeel - 9491886134 Page 236
Windows Server 2016
Mohammed Shakeel - 9491886134 Page 237
Windows Server 2016
DHCP Client side configuration:
Now go to Client computer → In Ethernet Cart Properties → TCP/IPV4 Properties → Select “Obtain
an IP address automatically” → ok
Now go to CMD → and check the IP Address configuration → Client computer will IP Configuration
from DHCP
Mohammed Shakeel - 9491886134 Page 238
Windows Server 2016
Steps to configure DHCP Reservation
Go to DHCP → Expand Scope → Right Click on Reservation → New Reservation
Give any Reservation name → Mention the IP Address that you want to be reserved → Than enter
the MAC address of the network adapter of the computer for which the reservation is being made in
the box provided → add → close
Mohammed Shakeel - 9491886134 Page 239
Windows Server 2016
DHCP Server Backup and Restore:
TO Backup the DHCP Database
Steps:
• go to DHCP console
• R/C on server name
• select backup
• select location to save backup file
• ok
• now delete the existing scope
TO get that scope Back
• in DHCP console R/C on server name
• select restore
• select the location of file for restoration
• yes
• ok
• ok
Mohammed Shakeel - 9491886134 Page 240
Windows Server 2016
Configuring DHCP Server Failover:
objective:
To configure High Availability of DHCP Server Using DHCP Failover
pre-requisites:
1) A computer running windows 2012 (DC)
2) A computer running windows 2012 (Member Server), Install DHCP.
Steps in sys1:
• go to DHCP console
• in left pane expand server name
• expand IPv4
• R/C on scope
• select configure failover
• next
• click add server to add the failover server
• in add server, browse and select the server (sys2.knco.com)
• ok
• select mode, enable message authentication and enter shared
secret
• next
Mohammed Shakeel - 9491886134 Page 241
Windows Server 2016
• finish
• close
Steps in sys2 (Member server):
• go to server manager
• select notification complete DHCP configuration
• next
• click commit, to authorize server sys2.knco.com
• close
verification:
go to DHCP console and verify the scope replicated form sys1
Mohammed Shakeel - 9491886134 Page 242
Windows Server 2016
41. CLIENT CONFIGURATION
➔ Go to client configuration and select obtain an IP automatically ➔
obtain DNS Server automatically ➔ ok ➔ ok ➔ close
Mohammed Shakeel - 9491886134 Page 243
Windows Server 2016
NOTE: To verify
➔ Go to DHCP Server ➔ Expand server 1 ➔ Expand IP Version 4 ➔
Expand scope ➔ select Address Lease
Mohammed Shakeel - 9491886134 Page 244
Windows Server 2016
42. STEPS TO RESERVE IP
1. Access DHCP ➔ Expand pool ➔ Right click on Reservation ➔
New Reservation
2. Enter Reservation name ➔ Enter IP Address ➔ Enter MAC
Address ➔ Add ➔ Close
Mohammed Shakeel - 9491886134 Page 245
Windows Server 2016
43. STEPS TO MODIFY SCOPE RANGE
1. Access DHCP ➔ Right click o scope ➔ Properties
2. Now increase or decrease the range
Mohammed Shakeel - 9491886134 Page 246
Windows Server 2016
44. STEPS TO CONFIGURE FAILOVER
NOTE: Take a member sever and install DHCP Role
1. Access DHCP ➔ Right click on scope ➔ Configure Failure
2. Next
Mohammed Shakeel - 9491886134 Page 247
Windows Server 2016
3. Select the server ➔ Browse ➔ Enter the failure DHCP server
name ➔ ok
4. It will take failure DHCP IP ➔ Click on next
Mohammed Shakeel - 9491886134 Page 248
Windows Server 2016
5. Configure the required options ➔ Next
6. Finish
Mohammed Shakeel - 9491886134 Page 249
Windows Server 2016
7. Close
Mohammed Shakeel - 9491886134 Page 250
Windows Server 2016
45. STEPS TO VERIFY FAILOVER DHCP
1. Access failover DHCP ➔ Now access DHCP Role ➔ Go to scope and
verify
Mohammed Shakeel - 9491886134 Page 251
Windows Server 2016
46. WDS
1. STEPS TO INSTALL WDS
1. Go to server manager ➔ manage ➔ Add roles and features
2. Next
Mohammed Shakeel - 9491886134 Page 252
Windows Server 2016
3. Select role based or feature based installation ➔ Next
4. Select your server from server pool ➔ Next
Mohammed Shakeel - 9491886134 Page 253
Windows Server 2016
5. Check the box WDS ➔ Add features ➔ Next
6. Next
Mohammed Shakeel - 9491886134 Page 254
Windows Server 2016
7. Next
8. Next
Mohammed Shakeel - 9491886134 Page 255
Windows Server 2016
9. Check the box restarts the destination ➔ Yes ➔ Install ➔ Close
Mohammed Shakeel - 9491886134 Page 256
Windows Server 2016
2. STEPS TO CONFIGURE WDS
1. Go to server manager ➔ Tools ➔ Window Development Services
2. Expand servers ➔ Right click on server names ➔ Configure server
Mohammed Shakeel - 9491886134 Page 257
Windows Server 2016
3. Next
4. Next
Mohammed Shakeel - 9491886134 Page 258
Windows Server 2016
5. Select Remote Installation Folder ➔ Next
6. Yes
Mohammed Shakeel - 9491886134 Page 259
Windows Server 2016
7. Next
8. Select respond to all computers (known/unknown) ➔ Next
Mohammed Shakeel - 9491886134 Page 260
Windows Server 2016
9. Finish
Note: Now access WDS server ➔ Right click on server name ➔ All task ➔
Start
Mohammed Shakeel - 9491886134 Page 261
Windows Server 2016
3. Steps to Add Install Image and Booting Image
1. Install Images:
1. Access WDS ➔ Expand server ➔ Right click on install image ➔ Add
install image
2. Next
Mohammed Shakeel - 9491886134 Page 262
Windows Server 2016
\
3. Find the location of install image from OS DVD sources folder
Browse
Mohammed Shakeel - 9491886134 Page 263
Windows Server 2016
4. Open CD DVD
5. Open source folder ➔ open
Mohammed Shakeel - 9491886134 Page 264
Windows Server 2016
6. Select install.win files ➔ Open
7. Next
Mohammed Shakeel - 9491886134 Page 265
Windows Server 2016
8. Select your OS ➔ Next
9. Next
Mohammed Shakeel - 9491886134 Page 266
Windows Server 2016
10. Finish
Mohammed Shakeel - 9491886134 Page 267
Windows Server 2016
2. Booting Image
1. Go to WDS server ➔ Expand server ➔ Right click on Booting image
➔ Add boot image
2. Browse ➔ select Boot image from OS location
Mohammed Shakeel - 9491886134 Page 268
Windows Server 2016
3. Next
4. Next ➔ Next
Mohammed Shakeel - 9491886134 Page 269
Windows Server 2016
5. Finish
Mohammed Shakeel - 9491886134 Page 270
Windows Server 2016
4. Client Side Configuration
1. Now go to client computers ➔ Enter in BIOS ➔ Select first Boot as
LAN / server/ network ➔ Save and Exit
2. Once client computer reboot press “F12” to start installation in
client computer from WDS server
Mohammed Shakeel - 9491886134 Page 271
Windows Server 2016
Windows Deployment Services
➢ Windows Deployment Services enables you to deploy Windows operating systems.
➢ You can use it to set up new computers by using a network-based installation.
➢ This means that you do not have to install each operating system directly from installation media,
for example a DVD or USB drive.
➢ Allows network-based installation of Windows operating systems, including Windows 7, Windows 8,
Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.
The following are requirements for installing this role, depending on whether you choose the default
installation (both Deployment Server and Transport Server), or only the Transport Server role service
➢ Active Directory Domain Services (AD DS): A Windows Deployment Services server must be a
member of an Active Directory Domain Services (AD DS) domain or a domain controller for an AD DS
domain.
The AD DS domain and forest versions are irrelevant; all domain and forest configurations support
Windows Deployment Services.
➢ DHCP: You must have a working Dynamic Host Configuration Protocol (DHCP) server with an active
scope on the network because Windows Deployment Services uses PXE, which relies on DHCP for IP
addressing.
➢ DNS: You must have a working Domain Name System (DNS) server on the network before you can
run Windows Deployment Services.
➢ NTFS volume: The server running Windows Deployment Services requires an NTFS file system
volume for the image store.
➢ Credentials: To install the role, you must be a member of the Local Administrators group on the
server. To initialize the server, you must be a member of the Domain Users group.
During installation, on the Select role services page, the wizard presents the option to select role services to
be installed in Windows Deployment Services. You can choose to install the Deployment Server and
Transport Server, or leave both roles selected.
• Transport Server. This option provides a subset of the functionality of Windows Deployment
Services. It contains only the core networking parts. You can use Transport Server to create
multicast namespaces that transmit data (including operating system images) from a standalone
server. You can also use it if you want to have a PXE server that allows clients to PXE boot and
download your own custom setup application. You should use this option if you want to use either
of these scenarios, but you do not want to incorporate all of Windows Deployment Services.
• Deployment Server. This option provides the full functionality of Windows Deployment Services,
which you can use to configure and remotely install Windows operating systems. Note that
Deployment Server is dependent on the core parts of Transport Server.
Mohammed Shakeel - 9491886134 Page 272
Windows Server 2016
Steps to install Windows Deployment Services
IP: 10.0.0.1
SYS 1 .....................
SYS 2
Mask: 255.0.0.0 .....................
P. DNS: 10.0.0.1 .....................
Domain Controller / WDS Server WDS Client
➢ Before installing WDS, Install and Configure ADDS.
➢ DNS with all records
➢ DHCP with one active scope
➢ A computer connected to Network.
➢ Go to Domain Controller / Member Server login as Administrator and First Install WDS from add
roles and features
Steps to Install Windows Deployment Services
Go to Server → Log in as Administrator → Server Manager → Manage → Add roles and Features
Mohammed Shakeel - 9491886134 Page 273
Windows Server 2016
Select Role-based Installation → Next
Select the server where you want to install this Role → Next
Mohammed Shakeel - 9491886134 Page 274
Windows Server 2016
Now check the box “WINDOWS DEPLOYMENT SERVICES” → Next
Mohammed Shakeel - 9491886134 Page 275
Windows Server 2016
Next
Next
Select both the Services → Next
Mohammed Shakeel - 9491886134 Page 276
Windows Server 2016
Click on RESTART SERVER AUTOMATICALLY → Yes →Install
Mohammed Shakeel - 9491886134 Page 277
Windows Server 2016
Steps to Configure Windows Deployment Services:
Go to WDS server → Log in as Administrator → Go to Server Manager → Tools → Windows Deployment
Services
Right click on Server Name → Configure Server
Mohammed Shakeel - 9491886134 Page 278
Windows Server 2016
In before you begin page → Click on NEXT
Select Integrated with Active Directory → NEXT
Mohammed Shakeel - 9491886134 Page 279
Windows Server 2016
Browse and select “RemoteInstall” folder location → NEXT
Mohammed Shakeel - 9491886134 Page 280
Windows Server 2016
Check both the boxes and click on Next
Select Respond to all client computers (Known and Unknown) → NEXT
Mohammed Shakeel - 9491886134 Page 281
Windows Server 2016
Now Windows Deployment Services Configuration Wizard will complete → than click on FINISH
Steps to add BOOT IMAGE to WDS Server (Win 7)
Go to Windows Deployment Server Computer → Log in as Administrator → Tools → Windows Deployment
Server → Expand Server → Right Click on Boot Image → Add Boot Image
Browse the “BOOT.WIN” file from WIN 7 DVD (EX: F:\Sources\Boot.Win) → click on open
Mohammed Shakeel - 9491886134 Page 282
Windows Server 2016
Next
Mohammed Shakeel - 9491886134 Page 283
Windows Server 2016
Give any name to Image Ex: WINDOWS 7 → Next
In Summary page click on Next
Image will be added → click FINISH
Mohammed Shakeel - 9491886134 Page 284
Windows Server 2016
Steps to add WINDOWS 7 INSTALL IMAGE to WDS server
Go to Tools → Windows Deployment Server → Right click on Install Images → Add Install Image
Give any name to Image Group Ex: ClientGroup1 → Next
Mohammed Shakeel - 9491886134 Page 285
Windows Server 2016
Browse and Select INSTALL.WIN file from WINDOWS 7 O/S DVD (Ex: F:\Sources\Install.wim) → Next
Mohammed Shakeel - 9491886134 Page 286
Windows Server 2016
Select the Image → Next
In Summary page Click on NEXT
Now click on Finish.
Mohammed Shakeel - 9491886134 Page 287
Windows Server 2016
Note: WDS Configuration is completed
➢ Now go to Client Computer and do the following steps
➢ Select the First Boot Device as NETWORK BOOT
➢ Save and Exit
Following screen will appear in client computer
Mohammed Shakeel - 9491886134 Page 288
Windows Server 2016
Now it ask you to press F12
After pressing F12 it will start loading files from WDS and follow the steps
Mohammed Shakeel - 9491886134 Page 289
Windows Server 2016
47. NIC TEAMING
1. Access server manager ➔ local server ➔ Click on disabled option
beside NIC Teaming
2. Under team option ➔ Now click on task ➔ New teams
Mohammed Shakeel - 9491886134 Page 290
Windows Server 2016
3. Give some team name and select your NIC’S ➔ Click on additional
properties ➔ Select load balancing mode (address hash) ➔ ok
4. Now go to server manager ➔ Click on NIC team
Mohammed Shakeel - 9491886134 Page 291
Windows Server 2016
5. Now right click on NIC team ➔ Go to properties and assign IP address
6. Now NIC team has a IP
Mohammed Shakeel - 9491886134 Page 292
You might also like
- 2021 Q2 DroneDeploy's Ultimate How-To Guide v2No ratings yet2021 Q2 DroneDeploy's Ultimate How-To Guide v239 pages
- A.1.2 TestOut Server Pro 2016 - Install and Storage Objectives by Course SectionNo ratings yetA.1.2 TestOut Server Pro 2016 - Install and Storage Objectives by Course Section7 pages
- The Complete Spring Boot: A Comprehensive Guide to Modern Java ApplicationsFrom EverandThe Complete Spring Boot: A Comprehensive Guide to Modern Java ApplicationsNo ratings yet
- Active Directory Rights Management Services A Clear and Concise ReferenceFrom EverandActive Directory Rights Management Services A Clear and Concise ReferenceNo ratings yet
- CentOS Stream 9 Essentials: Learn to Install, Administer, and Deploy CentOS Stream 9 SystemsFrom EverandCentOS Stream 9 Essentials: Learn to Install, Administer, and Deploy CentOS Stream 9 SystemsNo ratings yet
- Lotus Domino Interview Questions, Answers, and Explanations: Lotus Domino Certification ReviewFrom EverandLotus Domino Interview Questions, Answers, and Explanations: Lotus Domino Certification ReviewNo ratings yet
- DRBD-Cookbook: How to create your own cluster solution, without SAN or NAS!From EverandDRBD-Cookbook: How to create your own cluster solution, without SAN or NAS!No ratings yet
- Microsoft Certified Systems Engineer: Types of NetworksNo ratings yetMicrosoft Certified Systems Engineer: Types of Networks163 pages
- Introduction To Networks and Networking Concepts: Learning ObjectivesNo ratings yetIntroduction To Networks and Networking Concepts: Learning Objectives16 pages
- Mcse - Microsoft Certified Systems Engineer: Types of NetworksNo ratings yetMcse - Microsoft Certified Systems Engineer: Types of Networks80 pages
- W5-Configuring Network Connections For Windows 10No ratings yetW5-Configuring Network Connections For Windows 1010 pages
- Practical File of Computer Networks (CSEN3102) : Bachelor of Technology IN Computer Science and Information TechnologyNo ratings yetPractical File of Computer Networks (CSEN3102) : Bachelor of Technology IN Computer Science and Information Technology40 pages
- Microsoft Official Course: Networking With Windows Server 2016No ratings yetMicrosoft Official Course: Networking With Windows Server 201619 pages
- Microsoft Official Course: Networking With Windows Server 2016No ratings yetMicrosoft Official Course: Networking With Windows Server 201619 pages
- Windows Networking Design Implementation Guide: Document ID: 10624No ratings yetWindows Networking Design Implementation Guide: Document ID: 1062427 pages
- Red Hat Enterprise Linux 9 Essentials: Learn to Install, Administer, and Deploy RHEL 9 SystemsFrom EverandRed Hat Enterprise Linux 9 Essentials: Learn to Install, Administer, and Deploy RHEL 9 SystemsNo ratings yet
- MCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417From EverandMCSA Windows Server 2012 R2 Complete Study Guide: Exams 70-410, 70-411, 70-412, and 70-417No ratings yet
- CentOS Stream 9 Essentials: Learn to Install, Administer, and Deploy CentOS Stream 9 SystemsFrom EverandCentOS Stream 9 Essentials: Learn to Install, Administer, and Deploy CentOS Stream 9 SystemsNo ratings yet
- Hands-On Linux Administration on Azure - Second Edition: Develop, maintain, and automate applications on the Azure cloud platform, 2nd EditionFrom EverandHands-On Linux Administration on Azure - Second Edition: Develop, maintain, and automate applications on the Azure cloud platform, 2nd Edition2/5 (1)
- Quick Start Guide: Spectrum Technology PlatformNo ratings yetQuick Start Guide: Spectrum Technology Platform4 pages
- Tdif 06d Attribute Profile - Release 4.8 - Finance 1No ratings yetTdif 06d Attribute Profile - Release 4.8 - Finance 180 pages
- Get Spring Essentials 1st Edition Kunjumohamed Shameer Sattari Hamidreza free all chapters100% (5)Get Spring Essentials 1st Edition Kunjumohamed Shameer Sattari Hamidreza free all chapters55 pages
- Basics of Database Development Batch5 May-2023 V3No ratings yetBasics of Database Development Batch5 May-2023 V3243 pages
- Object Detection Classification and Tracking of Everyday Common ObjectsNo ratings yetObject Detection Classification and Tracking of Everyday Common Objects5 pages
- 28 - 2D Seismic Response Analysis of Bridge AbundmentNo ratings yet28 - 2D Seismic Response Analysis of Bridge Abundment26 pages
- UMC Unified Management Control Centre V1R5 Windows-Based Installation Guide (Web, PON) A02No ratings yetUMC Unified Management Control Centre V1R5 Windows-Based Installation Guide (Web, PON) A0271 pages
- 3BDS013986-600 en System 800xa For AC 100 6.0 Aspect Object Types PDFNo ratings yet3BDS013986-600 en System 800xa For AC 100 6.0 Aspect Object Types PDF194 pages
- Report Submission Instructions With Document Approval SheetNo ratings yetReport Submission Instructions With Document Approval Sheet2 pages
- ABP LTD. - ABS Production Is Out of Network - Root Cause AnalysisNo ratings yetABP LTD. - ABS Production Is Out of Network - Root Cause Analysis6 pages
