MCSAWindows Server® 2016

Complete Study Guide

MCSAWindows Server® 2016

Complete Study Guide Exam 70-740, 70-741, 70-742

Will Panek

Senior Acquisitions Editor: Kenyon BrownDevelopment Editor: Kim WimpsettTechnical Editors: Rodney R. Fournier and Chris CraytonSenior Production Editor: Rebecca Anderson and Christine O’ConnorCopy Editor: Judy FlynnEditorial Manager: Mary Beth WakefieldProduction Manager: Kathleen WisorExecutive Editor: Jim MinatelBook Designers: Bill Gibson and Judy FungProofreader: Nancy CarrascoIndexer: Jack LewisProject Coordinator, Cover: Brent SavageCover Designer: WileyCover Image: Getty Images Inc./Jeremy Woodhouse

Copyright © 2018 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-35914-2 ISBN: 978-1-119-35916-6 (ebk.)ISBN: 978-1-119-35915-9 (ebk.)

Manufactured in the United States of America

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permit-ted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or war-ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2018932871

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Windows Server is a registered trademark of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

10 9 8 7 6 5 4 3 2 1

This book is dedicated to the three ladies of my life, Crystal, Alexandria,

and Paige.

AcknowledgmentsI would like to thank my wife and best friend, Crystal. She is always the light at the end of my tunnel. I want to thank my two daughters, Alexandria and Paige, for all of their love and support during the writing of all my books. The three of them are my support system, and I couldn’t do any of this without them.

I want to thank all of my family and friends who always help me when I’m writing my books. I want to thank my brothers Rick, Gary, and Rob. I want to thank my great friends Shaun, Jeremy, and Gene.

I would like to thank all of my friends and co-workers at StormWind Studios. I want to especially thank the team who I work with on a daily basis and that includes Tom W, Dan Y, Corey F, Ronda, Dan J, Jessica, Dave, Tiffany, Tara, Ashley, Brittany, Doug, Mike, Vince, Desiree, Ryan, Ralph, Dan G, Tyler, Jeff B, Shayne, Patrick, Noemi, Michelle, Zachary, Colin, and the man who makes it all possible, Tom Graunke. Thanks to all of you for everything that you do. I would not have been able to complete this book without all of your help and support.

I want to thank everyone on my Sybex team, especially my development editor, Kim Wimpsett, who helped me make this the best book possible, and Rodney R. Fournier, who is the technical editor of many of my books. It’s always good to have the very best technical guy backing you up. I want to thank Rebecca Anderson and Christine O’Connor, who were my production editors, and Judy Flynn for being the Copy Editor.

I want to also thank Chris Crayton who is my Technical Proofreader. Special thanks to my acquisitions editor, Kenyon Brown, who was the lead for the entire book. Finally, I want to thank everyone else behind the scenes that helped make this book possible. It’s truly an amazing thing to have so many people work on my books to help make them the very best. I can’t thank you all enough for your hard work.

About the Author

William Panek holds the following certifications: MCP, MCP+I, MCSA, MCSA+ Security and Messaging, MCSE-NT (3.51 & 4.0), MCSE 2000, 2003, 2012/2012 R2, MCSE+Security and Messaging, MCDBA, MCT, MCTS, MCITP, CCNA, CCDA, and CHFI. Will is also a four-time and current Microsoft MVP winner.

After many successful years in the computer industry, Will decided that he could better use his talents and his personality as an instructor. He began teaching for schools such as Boston University and the University

of Maryland, just to name a few. He has done consulting and training for some of the biggest government and corporate companies in the world, including the United States Secret Service, Cisco, United States Air Force, and US Army.

In 2015, Will became a Sr. Microsoft Instructor for StormWind Studios (www.stormwindstudios.com). He currently lives in New Hampshire with his wife and two daughters. Will was also a Representative in the New Hampshire House of Representatives from 2010 to 2012. In his spare time, he likes to do blacksmithing, shooting (trap and skeet), snowmobiling, playing racquetball, and riding his Harley. Will is also a commercially rated helicopter pilot.

Contents at a GlanceIntroduction xxxvii

Assessment Test lv

Chapter 1 Installing Windows Server 2016 1

Chapter 2 Installing in the Enterprise 45

Chapter 3 Configuring Storage and Replication 85

Chapter 4 Understanding Hyper-V 137

Chapter 5 Configuring High Availability 187

Chapter 6 Understanding Clustering 215

Chapter 7 Configuring Windows Containers 251

Chapter 8 Maintaining Windows Server 277

Chapter 9 Understanding Monitoring 319

Chapter 10 Configuring TCP/IP 351

Chapter 11 Configuring DNS 401

Chapter 12 Configuring DHCP 467

Chapter 13 Implement IP Address Management 515

Chapter 14 Configuring Network Access 557

Chapter 15 Understanding File Services 627

Chapter 16 Configuring High Availability 667

Chapter 17 Implementing Software Defined Networking 729

Chapter 18 Installing Active Directory 783

Chapter 19 Administer Active Directory 825

Chapter 20 Maintaining Active Directory 885

Chapter 21 Implementing GPOs 961

Chapter 22 Understanding Certificates 1025

Chapter 23 Configure Access and Information Protection Solutions 1055

Appendix Answers to the Review Questions 1097

Index 1119

ContentsIntroduction xxxvii

Assessment Test lv

Chapter 1 Installing Windows Server 2016 1

Features and Advantages of Windows Server 2016 2Planning the Windows Server 2016 Installation 6

Server Roles in Windows Server 2016 6Migrating Roles and Features to Windows Server 2016 10Deciding Which Windows Server 2016 Versions to Use 11Deciding on the Type of Installation 13NIC Teaming 16Installing Windows Server 2016 17

Activating and Servicing Windows 31Key Management Service 32Automatic Virtual Machine Activation 33Active Directory–Based Activation 34Servicing Windows Server 2016 34

Using Windows Deployment Services 35Preparing the WDS Server 36WDS Server Requirements 36Network Services 37Installing the WDS Server Components 37Preparing the WDS Client 39

Understanding Features On Demand 39Summary 41Video Resources 41Exam Essentials 41Review Questions 42

Chapter 2 Installing in the Enterprise 45

Understanding Automated Deployment Options 46An Overview of the Microsoft Deployment

Toolkit 2013 Update 2 47An Overview of Unattended Installation 55An Overview of the System Preparation Tool

and Disk Imaging 57Overview of the Windows Assessment

and Deployment Kit 61Windows Imaging and Configuration Designer 62Summary of Windows Server 2016 Deployment Options 62

xiv Contents

Deploying Unattended Installations 64Using the System Preparation Tool to Prepare an

Installation for Imaging 65Using Windows Imaging and Configuration Designer

(Windows ICD) to Create a Disk Image 67Installing from a Disk Image 69Using the Deployment Image Servicing

and Management Tool 70Using Windows System Image Manager

to Create Answer Files 73Microsoft Assessment and Planning (MAP) Toolkit 75

Understanding Hyper-V 77What Is Virtualization? 78Linux and FreeBSD Image Deployments 78

Summary 79Video Resources 80Exam Essentials 80Review Questions 81

Chapter 3 Configuring Storage and Replication 85

Understanding File Systems 86Resilient File System (ReFS) 87NTFS 88

Storage in Windows Server 2016 91Initializing Disks 91Configuring Basic and Dynamic Disks 92Managing Volumes 94Storage Spaces in Windows Server 2016 95Redundant Array of Independent Disks 96Mount Points 99Microsoft MPIO 100Configuring iSCSI Target 102Internet Storage Name Service 103Implement Thin Provisioning and Trim 105Fibre Channel 106Network Attached Storage 106Virtual Disk Service 106Understanding Data Center Bridging 108

Configuring Permissions 109Understanding SMB 109Understanding NTFS 110Understanding Shared Permissions 112How NTFS Security and Shared Permissions

Work Together 114Understanding NFS Shares 116

Contents xv

Configuring Disk Quotas 118Windows PowerShell 120Using Server Manager 125

Booting from a VHD 126Understanding Data Deduplication 127

Backup and Restoring Deduplicated Volumes 128Installing and Enabling Data Deduplication 129Monitoring Data Deduplicated 132

Summary 132Video Resources 133Exam Essentials 133Review Questions 135

Chapter 4 Understanding Hyper-V 137

Hyper-V Overview 139What Is Virtualization? 139Hyper-V Features 140Hyper-V Architecture 145Hyper-V Requirements 147

Hyper-V Installation and Configuration 148Install the Hyper-V Role 148Hyper-V in Server Manager 151Using Hyper-V Manager 152Configure Hyper-V Settings 153Manage Virtual Switches 154Managing Virtual Hard Disks 157

Configuring Virtual Machines 162Creating and Managing Virtual Machines 162Linux and FreeBSD Image Deployments 175

PowerShell Commands 179Summary 182Video Resources 183Exam Essentials 183Review Questions 185

Chapter 5 Configuring High Availability 187

Components of High Availability 188Achieving High Availability 189

High Availability Foundation 190Understanding Network Load Balancing 191

NLB Requirements 193Installing NLB Nodes 193Upgrading an NLB Cluster 198PowerShell Commands for an NLB Cluster 199

xvi Contents

Achieving High Availability with Hyper-V 200Implementing a Hyper-V Replica 201Understanding Live Migration 205Implementing Storage Migration 208PowerShell Commands for Hyper-V High Availability 210

Summary 211Video Resources 212Exam Essentials 212Review Questions 213

Chapter 6 Understanding Clustering 215

Achieving High Availability with Failover Clustering 216Failover Clustering Requirements 218Workgroup and Multi-Domain clusters 219Site-Aware, Stretched, or Geographically Dispersed

Clusters (Geoclustering) 220Cluster Quorum 220Validating a Cluster Configuration 223Creating a Cluster 228Clustered Application Settings 231Resource Properties 233

Windows Server 2016 Clustering Features 236PowerShell Commands for Clustering 239Implementing Storage Spaces Direct 241

The Benefits of Storage Spaces Direct 243Deployment Options 243Requirements to Set Up Storage Spaces Direct 244Storage Spaces Direct Using Windows PowerShell 245

Summary 247Video Resources 247Exam Essentials 247Review Questions 248

Chapter 7 Configuring Windows Containers 251

Understanding Windows Containers 252Container Terminology 253Install and Configure Server Containers 253Install and Configure Windows Containers 260Tagging an Image 265Uninstall an Operating System Image 265Creating New Images Using Dockerfile 266Understanding Hyper-V Containers 268Managing Container Networking 269Using Docker Hub Repository 270Using Microsoft Azure for Images 271

Contents xvii

Using PowerShell for Containers 271Summary 273Video Resources 274Exam Essentials 274Review Questions 275

Chapter 8 Maintaining Windows Server 277

Configuring Windows Server Updates 278Windows Update 279Using Windows Server Update Services 282

Understanding Backups 297Overview of the Windows Server 2016 Backup Utility 298Setting Up an Active Directory Backup 303Restoring Active Directory 306Active Directory Recycle Bin 308Understanding the ntdsutil Utility 309Wbadmin Command-Line Utility 310Backing Up Virtual Machines 311

PowerShell Commands 312Summary 314Video Resources 315Exam Essentials 315Review Questions 316

Chapter 9 Understanding Monitoring 319

Overview of Windows Server 2016 Performance Monitoring 321Using Windows Server 2016 Performance Tools 323

Introducing Performance Monitor 323Using Other Monitoring Tools 332

Summary 347Video Resources 348Exam Essentials 348Review Questions 349

Chapter 10 Configuring TCP/IP 351

Understanding TCP/IP 352Details of the TCP/IP Model 352How TCP/IP Layers Communicate 353Understanding Port Numbers 354

Understanding IP Addressing 355The Hierarchical IP Addressing Scheme 355Understanding Network Classes 356

Subnetting a Network 360Implementing Subnetting 361An Easier Way to Apply Subnetting 368

xviii Contents

Applying Subnetting the Traditional Way 372Working with Classless Inter-Domain Routing 379Supernetting 382

Understanding IPv6 383IPv6 History and Need 383New and Improved IPv6 Concepts 384IPv6 Addressing Concepts 386IPv6 Integration/Migration 391

Summary 395Exam Essentials 395Review Questions 397

Chapter 11 Configuring DNS 401

Introducing DNS 402The Form of an IP Address 403Understanding Servers, Clients, and Resolvers 408Understanding the DNS Process 409

Introducing DNS Database Zones 415Understanding Primary Zones 415Understanding Secondary Zones 416Understanding Active Directory Integrated DNS 417Understanding Stub Zones 419GlobalName Zones 420Zone Transfers and Replication 421

Advantages of DNS in Windows Server 2016 424Background Zone Loading 424Support for IPv6 Addresses 425Support for Read-Only Domain Controllers 425DNS Socket Pools 425DNS Cache Locking 426Response Rate Limiting 426Unknown Record Support 427IPv6 Root Hints 427DNS Security Extensions 427DNS Devolution 428Record Weighting 429Netmask Ordering 429DnsUpdateProxy Group 429DNS Policies 429

Introducing DNS Record Types 430Start of Authority (SOA) Records 431Name Server Records 432Host Record 433Alias Record 433

Contents xix

Pointer Record 433Mail Exchanger Record 434Service Record 434

Configuring DNS 435Installing DNS 436Load Balancing with Round Robin 436Configuring a Caching-Only Server 437Setting Zone Properties 438Configuring Zones for Dynamic Updates 441Delegating Zones for DNS 442DNS Forwarding 443Manually Creating DNS Records 444DNS Aging and Scavenging 445

Monitoring and Troubleshooting DNS 445Monitoring DNS with the DNS Snap-In 446Troubleshooting DNS 448Integrating Dynamic DNS and IPv4 DHCP 457

DNS PowerShell Commands 458Summary 461Exam Essentials 462Review Questions 464

Chapter 12 Configuring DHCP 467

Understanding DHCP 468Introducing the DORA Process 469Advantages and Disadvantages of DHCP 470Ipconfig Lease Options 471Understanding Scope Details 472

Installing and Authorizing DHCP 474Installing DHCP 474Introducing the DHCP Snap-In 475Authorizing DHCP for Active Directory 476

Creating and Managing DHCP Scopes 478Creating a New Scope in IPv4 479Creating a New Scope in IPv6 486Changing Scope Properties (IPv4 and IPv6) 489Changing Server Properties 490Managing Reservations and Exclusions 491Setting Scope Options for IPv4 493Activating and Deactivating Scopes 496Creating a Superscope for IPv4 496Creating IPv4 Multicast Scopes 497Integrating Dynamic DNS and IPv4 DHCP 499Using DHCP Failover Architecture 501Working with the DHCP Database Files 502

xx Contents

Working with Advanced DHCP Configuration Options 503Implement DHCPv6 504Configure High Availability for DHCP,

Including DHCP Failover and Split Scopes 505Configure DHCP Name Protection 507

PowerShell Commands 508Summary 510Exam Essentials 511Review Questions 512

Chapter 13 Implement IP Address Management 515

Understanding IPAM 516Installing IPAM 517Provision IPAM Manually or by Using Group Policy 520Configure Server Discovery 526Create and Manage IP Blocks and Ranges 527

Managing Services 528Managing DNS 529Managing DHCP 534

IPAM Access and Auditing 539Migrate to IPAM 541Delegate IPAM Administration 541Manage IPAM Collections 545Virtual Machine Manager and IPAM 545Auditing IPAM 547

PowerShell Commands for IPAM 550Summary 553Exam Essentials 553Video Resources 553Review Questions 554

Chapter 14 Configuring Network Access 557

Overview of Dial-Up Networking 558What DUN Does 559How DUN Works 559

Overview of Virtual Private Networks 562What VPNs Do 563VPNs and Windows Server 2016 563How VPNs Work 564

Configuring Your Remote Access Server 567Configuring PPP Options 567

Understanding a VPN 574How a VPN Works 574Enabling RRAS as a VPN 575

Contents xxi

Configuring a VPN 575Configuring VPN Ports 575Troubleshooting VPNs 576

Managing Your Remote Access Server 579Managing Remote Users with a RADIUS Server 579Monitoring Overall Activity 579Controlling Remote Access Logging 579Reviewing the Remote Access Event Log 583Monitoring Ports and Port Activity 583Network Address Translation 584Configuring Routes 584RAS Gateway 586

Configuring a VPN Client 586The General Tab 587The Options Tab 588The Security Tab 589The Networking Tab 591The Sharing Tab 592

Configuring a Web Application Proxy 593Publishing Applications 593Configuring Pass-Through Authentication 594

Understanding DirectAccess 595DirectAccess vs. VPNs 595Understanding the DirectAccess Process 595Knowing the DirectAccess Infrastructure Requirements 597

Overview of Wireless Access 598Configuring Wireless Access 599

Remote Access Security 600User Authentication 600Connection Security 602Access Control 603

Configuring User Access 603Setting Up User Profiles 604Using Network Access Policies 606NPS as a RADIUS Proxy Server 609Importing and Exporting NPS Policies 611Using Remote Access Profiles 613Setting Up a VPN Network Access Policy 616

Configuring Security 618Controlling Server Security 618Configuring Network Access Protection 620

PowerShell for Remote Access 622Summary 623

xxii Contents

Exam Essentials 624Video Resources 624Review Questions 625

Chapter 15 Understanding File Services 627

Configuring File Server Resource Manager 628FSRM Features 628Installing the FSRM Role Service 629

Configure File and Disk Encryption 630Using BitLocker Drive Encryption 630Features of BitLocker 631Windows 7 and 2008 R2 vs. Windows 10 and 2016 633Using EFS Drive Encryption 635

Configuring Distributed File System 637Advantages of DFS 637Types of DFS 638What’s New in Windows Server 2016 640Remote Differential Compression 642

Configure Advanced File Services 645Configure the NFS Data Store 645Configure BranchCache 646

Implementing an Audit Policy 653Overview of Auditing 653Implementing Auditing 654Viewing Auditing Information 655Using the Auditpol.exe Command 656Windows Server 2016 Auditing Features 657

Configure and Optimize Storage 658Configure iSCSI Target and Initiator 658Configure Internet Storage Name Server 659Implement Thin Provisioning and Trim 661Manage Server Free Space Using Features on Demand 661Configure Tiered Storage 662

Summary 662Exam Essentials 662Review Questions 664

Chapter 16 Configuring High Availability 667

Components of High Availability 668Achieving High Availability 669

High Availability Foundation 670Understanding Network Load Balancing 671

NLB Requirements 673Installing NLB Nodes 673

Contents xxiii

Upgrading an NLB Cluster 678Setting the Affinity 678PowerShell Commands for an NLB Cluster 679

Achieving High Availability with Failover Clustering 680Failover Clustering Requirements 682Workgroup and Multi-Domain Clusters 684Site-Aware, Stretched, or Geographically Dispersed

Clusters (Geoclustering) 684Cluster Quorum 685Validating a Cluster Configuration 687Creating a Cluster 692Clustered Application Settings 695Resource Properties 697

Windows Server 2016 Clustering Features 700PowerShell Commands for Clustering 704Implementing Storage Spaces Direct 705

The Benefits of Storage Spaces Direct 707Deployment Options 708Requirements to Set up Storage Spaces Direct 708Storage Spaces Direct Using Windows PowerShell 709

Achieving High Availability with Hyper-V 711Implementing a Hyper-V Replica 711Understanding Live Migration 719Implementing Storage Migration 722PowerShell Commands for Hyper-V High Availability 724

Summary 725Exam Essentials 726Video Resources 726Review Questions 727

Chapter 17 Implementing Software Defined Networking 729

Understanding Software Defined Networking 730Network Controllers 731Internal DNS Service (iDNS) 731Remote Direct Memory Access and Switch

Embedded Teaming 734Windows Server Containers 735Hyper-V Components 737

Hyper-V Overview 737What Is Virtualization? 737Hyper-V Features 738Hyper-V Architecture 743Hyper-V Requirements 744

xxiv Contents

Hyper-V Installation and Configuration 746Install the Hyper-V Role 746Hyper-V in Server Manager 749Using Hyper-V Manager 749Configure Hyper-V Settings 751Manage Virtual Switches 752Managing Virtual Hard Disks 755

Configuring Virtual Machines 760Creating and Managing Virtual Machines 760Linux and FreeBSD Image Deployments 772

PowerShell Commands 776Summary 780Exam Essentials 780Review Questions 781

Chapter 18 Installing Active Directory 783

Verifying the File System 784Resilient File System (ReFS) 785NTFS 786

Verifying Network Connectivity 789Basic Connectivity Tests 789Tools and Techniques for Testing Network Configuration 790

Understanding Domain and Forest Functionality 792About the Domain Functional Level 792About Forest Functionality 794

Planning the Domain Structure 795Installing Active Directory 796

New to Active Directory 796Read-Only Domain Controllers 797Adprep 797Active Directory Prerequisites 798The Installation Process 798Deploying Active Directory in Windows Azure 806Installing Additional Domain Controllers

by Using Install from Media 806Verifying Active Directory Installation 807

Using Event Viewer 807Using Active Directory Administrative Tools 809Testing from Clients 811

Creating and Configuring Application Data Partitions 812Creating Application Data Partitions 813Managing Replicas 814Removing Replicas 815Using ntdsutil to Manage Application Data Partitions 815

Contents xxv

Configuring DNS Integration with Active Directory 817Summary 819Exam Essentials 819Review Questions 821

Chapter 19 Administer Active Directory 825

Active Directory Overview 826Understanding Active Directory Features 827Understanding Security Principals 828

An Overview of OUs 829The Purpose of OUs 830Benefits of OUs 830

Planning the OU Structure 831Logical Grouping of Resources 831Understanding OU Inheritance 833Delegating Administrative Control 833Applying Group Policies 835

Creating OUs 835Managing OUs 839

Moving, Deleting, and Renaming OUs 839Administering Properties of OUs 840Delegating Control of OUs 841

Troubleshooting OUs 844Creating and Managing Active Directory Objects 845

Overview of Active Directory Objects 845Managing Object Properties 852Understanding Groups 856Filtering and Advanced Active Directory Features 858Moving, Renaming, and Deleting Active Directory Objects 859Resetting an Existing Computer Account 861Understanding Dynamic Access Control 861Managing Security and Permissions 862Using ACLs and ACEs 863

Using Group Policy for Security 864Fine-Grained Password Policies 866

Publishing Active Directory Objects 868Making Active Directory Objects Available to Users 869Publishing Printers 869Publishing Shared Folders 870Querying Active Directory 871Using the Active Directory Administrative Center 872

Using the Command Prompt for Active Directory Configuration 876

xxvi Contents

PowerShell for Active Directory 877Summary 879Exam Essentials 879Review Questions 881

Chapter 20 Maintaining Active Directory 885

Overview of Network Planning 886The Three Types of Networks 887Exploring Network Constraints 887

Overview of Active Directory Replication and Sites 888Replicating Active Directory 889Understanding Active Directory Site Concepts 889Understanding Distributed File System Replication 893

Implementing Sites and Subnets 894Creating Sites 895Creating Subnets 897Configuring Sites 898

Configuring Replication 899Intrasite Replication 900Intersite Replication 900RODCs and Replication 906Configuring Server Topology 907Using Universal Group Membership Caching 910Configuring DNS SRV Records 911

Monitoring and Troubleshooting Active Directory Replication 911About System Monitor 912Troubleshooting Replication 912

Reasons for Creating Multiple Domains 914Reasons for Using Multiple Domains 914Drawbacks of Multiple Domains 917

Creating Domain Trees and Forests 917Planning Trees and Forests 918The Promotion Process 921Creating a Domain Tree 922Joining a New Domain Tree to a Forest 924Adding Additional Domain Controllers 924

Demoting a Domain Controller 925Managing Multiple Domains 926

Managing Single-Master Operations 927Managing Trusts 931Managing UPN Suffixes 935Name Suffix Routing 935Managing Global Catalog Servers 935

Contents xxvii

Managing Universal Group Membership Caching 937Upgrading Existing Domains and Forests 938

Maintain Active Directory 939Overview of the Windows Server 2016 Backup Utility 940Setting Up an Active Directory Backup 945Restoring Active Directory 946Active Directory Recycle Bin 948Restartable Active Directory 948Offline Maintenance 949Monitoring Replication 951Using the ADSI Editor 952Wbadmin Command-Line Utility 952

Summary 953Exam Essentials 954Review Questions 957

Chapter 21 Implementing GPOs 961

Introducing Group Policy 962Understanding Group Policy Settings 963The Security Settings Section of the GPO 966Client-Side Extensions 967Group Policy Objects 967Group Policy Inheritance 968

Planning a Group Policy Strategy 969Implementing Group Policy 970

Creating GPOs 970Linking Existing GPOs to Active Directory 973Forcing a GPO to Update 973

Managing Group Policy 975Managing GPOs 975Security Filtering of a Group Policy 977Delegating Administrative Control of GPOs 979Controlling Inheritance and Filtering Group Policy 980Assigning Script Policies 981Understanding the Loopback Policy 983Managing Network Configuration 983Configuring Network Settings 985Automatically Enrolling User and

Computer Certificates in Group Policy 985Redirecting Folders 987Managing GPOs with Windows PowerShell

Group Policy Cmdlets 988Item-Level Targeting 989Back Up, Restore, Import, Copy, and Migration Tables 990

xxviii Contents

Deploying Software Through a GPO 993The Software Management Life Cycle 993The Windows Installer 995Deploying Applications 999

Implementing Software Deployment 1000Preparing for Software Deployment 1000Software Restriction Policies 1001Using AppLocker 1002Group Policy Slow Link Detection 1002Publishing and Assigning Applications 1002Applying Software Updates 1004Verifying Software Installation 1005Configuring Automatic Updates in Group Policy 1006

Configuring Software Deployment Settings 1006The Software Installation Properties Dialog Box 1007Removing Programs 1010Microsoft Windows Installer Settings 1011

Troubleshooting Group Policies 1011RSoP in Logging Mode 1013RSoP in Planning Mode 1015Using the gpresult.exe Command 1016Using the Group Policy Infrastructure Status Dashboard 1018

Summary 1018Exam Essentials 1019Review Questions 1021

Chapter 22 Understanding Certificates 1025

Features of Windows Server 2016 Certificate Services 1026Active Directory Certificate Services Roles 1027Planning the Certificate Authority Hierarchy 1028Installing AD CS 1034Configuring Active Directory Certificate Services 1037

PowerShell for AD CS 1048Summary 1049Exam Essentials 1050Review Questions 1051

Chapter 23 Configure Access and Information Protection Solutions 1055

Implement Active Directory Federation Services 1056What Is a Claim? 1056What’s New for AD FS in Windows Server 2016? 1060Active Directory Federation Services Installation 1062