Configuring Advanced Windows Server 2012

(1)

MCT USE ONL

Y. STUDENT USE PROHIBITED

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T

20412D

Configuring Advanced Windows Server

®

(2)

MCT USE ONL

Y. STUDENT USE PROHIBITED

ii Configuring Advanced Windows Server®_{2012 Services}

Information in this document, including URLs and other Internet website references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.

Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.

The names of manufacturers, products, or URLs are provided for informational purposes only and Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not responsible for the contents of any linked site or any link contained in a linked site, or any changes or updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission received from any linked site. Microsoft is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement of Microsoft of the site or the products contained therein.

Microsoft and the trademarks listed at

http://www.microsoft.com/about/legal/en/us/IntellectualProperty/Trademarks/EN-US.aspxare trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.

Product Number: 20412D Part Number: X19-61278 Released: May, 2014

(3)

MCT USE ONL

Y. STUDENT USE PROHIBITED

MICROSOFT LICENSE TERMS

MICROSOFT INSTRUCTOR-LED COURSEWARE

These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which includes the media on which you received it, if any. These license terms also apply to Trainer Content and any updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms apply.

BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT. If you comply with these license terms, you have the rights below for each license you acquire. 1. DEFINITIONS.

a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning Competency Member, or such other entity as Microsoft may designate from time to time.

b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led Courseware conducted by a Trainer at or through an Authorized Learning Center.

c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.

d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee. e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft

Instructor-Led Courseware or Trainer Content.

f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a Microsoft Certified Trainer under the Microsoft Certification Program.

g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led

Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware. h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy

Program.

i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network program in good standing that currently holds the Learning Competency status.

j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft Official Course that educates IT professionals and developers on Microsoft technologies.

k. “MPN Member” means an active silver or gold-level Microsoft Partner Network program member in good standing.

(4)

MCT USE ONL

Y. STUDENT USE PROHIBITED

l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device that you personally own or control that meets or exceeds the hardware level specified for the particular Microsoft Instructor-Led Courseware.

m. “Private Training Session” means the instructor-led training classes provided by MPN Members for

corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware. These classes are not advertised or promoted to the general public and class attendance is restricted to individuals employed by or contracted by the corporate customer.

n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program Member to teach an Authorized Training Session, and/or (ii) a MCT.

o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-release course feedback form. To clarify, Trainer Content does not include any software, virtual hard disks or virtual machines.

2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed Content.

2.1 Below are five separate sets of use rights. Only one set of rights apply to you. a. If you are a Microsoft IT Academy Program Member:

i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.

ii. For each license you acquire on behalf of an End User or Trainer, you may either:

1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User who is enrolled in the Authorized Training Session, and only immediately prior to the commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or

2. provide one (1) End User with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or

3. provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content,

provided you comply with the following:

iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid license to the Licensed Content,

iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session,

v. you will ensure that each End User provided with the hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,

vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session,

(5)

MCT USE ONL

Y. STUDENT USE PROHIBITED

vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Authorized Training Sessions,

viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training Session that uses a MOC title, and

ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources for the Microsoft Instructor-Led Courseware.

b. If you are a Microsoft Learning Competency Member:

1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Authorized Training Session and only immediately prior to the

commencement of the Authorized Training Session that is the subject matter of the Microsoft Instructor-Led Courseware provided, or

2. provide one (1) End User attending the Authorized Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or

3. you will provide one (1) Trainer with the unique redemption code and instructions on how they can access one (1) Trainer Content,

iv. you will ensure that each End User attending an Authorized Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training Session,

v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,

vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Authorized Training Session,

vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training Sessions,

viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Authorized Training Sessions using MOC, ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.

(6)

MCT USE ONL

Y. STUDENT USE PROHIBITED

c. If you are a MPN Member:

1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End User attending the Private Training Session, and only immediately prior to the commencement of the Private Training Session that is the subject matter of the Microsoft Instructor-Led Courseware being provided, or

2. provide one (1) End User who is attending the Private Training Session with the unique redemption code and instructions on how they can access one (1) digital version of the Microsoft Instructor-Led Courseware, or

3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique redemption code and instructions on how they can access one (1) Trainer Content,

iv. you will ensure that each End User attending an Private Training Session has their own valid licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session, v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led

Courseware will be presented with a copy of this agreement and each End User will agree that their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to denote their acceptance of this agreement in a manner that is enforceable under local law prior to their accessing the Microsoft Instructor-Led Courseware,

vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed copy of the Trainer Content that is the subject of the Private Training Session,

vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training Sessions,

viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the subject of the MOC title being taught for all your Private Training Sessions using MOC,

ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and x. you will only provide access to the Trainer Content to Trainers.

d. If you are an End User:

For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware. You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control. e. If you are a Trainer.

i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized Training Session or Private Training Session, and install one (1) additional copy on another Personal Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not install or use a copy of the Trainer Content on a device you do not own or control. You may also print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training Session or Private Training Session.

(7)

MCT USE ONL

Y. STUDENT USE PROHIBITED

ii. You may customize the written portions of the Trainer Content that are logically associated with instruction of a training session in accordance with the most recent version of the MCT agreement. If you elect to exercise the foregoing rights, you agree to comply with the following: (i)

customizations may only be used for teaching Authorized Training Sessions and Private Training Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of

“customize” refers only to changing the order of slides and content, and/or not using all the slides or content, it does not mean changing or modifying any slide or content.

2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not separate their components and install them on different devices.

2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any third parties without the express written permission of Microsoft.

2.4 Third Party Programs and Services. The Licensed Content may contain third party programs or services. These license terms will apply to your use of those third party programs or services, unless other terms accompany those programs and services.

2.5 Additional Terms. Some Licensed Content may contain components with additional terms, conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also apply to your use of that respective component and supplements the terms described in this agreement.

3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject

matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the other provisions in this agreement, these terms also apply:

a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of the Microsoft technology. The technology may not work the way a final version of the technology will and we may change the technology for the final version. We also may not release a final version. Licensed Content based on the final version of the technology may not contain the same information as the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you with any further content, including any Licensed Content based on the final version of the technology. b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or

through its third party designee, you give to Microsoft without charge, the right to use, share and commercialize your feedback in any way and for any purpose. You also give to third parties, without charge, any patent rights needed for their products, technologies and services to use or interface with any specific parts of a Microsoft software, Microsoft product, or service that includes the feedback. You will not give feedback that is subject to a license that requires Microsoft to license its software,

technologies, or products to third parties because we include your feedback in them. These rights survive this agreement.

c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning

Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the Licensed Content on the Pre-release technology,or (ii) sixty (60) days after the commercial release of the technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”). Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies of the Licensed Content in your possession or under your control.

(8)

MCT USE ONL

Y. STUDENT USE PROHIBITED

4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some

rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more rights despite this limitation, you may use the Licensed Content only as expressly permitted in this

agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:

 access or allow any individual to access the Licensed Content if they have not acquired a valid license for the Licensed Content,

 alter, remove or obscure any copyright or other protective notices (including watermarks), branding or identifications contained in the Licensed Content,

 modify or create a derivative work of any Licensed Content,

 publicly display, or make the Licensed Content available for others to access or use,

 copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or distribute the Licensed Content to any third party,

 work around any technical limitations in the Licensed Content, or

 reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the Licensed Content except and only to the extent that applicable law expressly permits, despite this limitation.

5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to

you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the Licensed Content.

6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.

You must comply with all domestic and international export laws and regulations that apply to the Licensed Content. These laws include restrictions on destinations, end users and end use. For additional information, see www.microsoft.com/exporting.

7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it. 8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail

to comply with the terms and conditions of this agreement. Upon termination of this agreement for any reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in your possession or under your control.

9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed

Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the contents of any third party sites, any links contained in third party sites, or any changes or updates to third party sites. Microsoft is not responsible for webcasting or any other form of transmission received from any third party sites. Microsoft is providing these links to third party sites to you only as a

convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.

10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and

supplements are the entire agreement for the Licensed Content, updates and supplements.

11. APPLICABLE LAW.

a. United States. If you acquired the Licensed Content in the United States, Washington state law governs the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws principles. The laws of the state where you live govern all other claims, including claims under state consumer protection laws, unfair competition laws, and in tort.

(9)

MCT USE ONL

Y. STUDENT USE PROHIBITED

b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that country apply.

12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws

of your country. You may also have rights with respect to the party from whom you acquired the Licensed Content. This agreement does not change your rights under the laws of your country if the laws of your country do not permit it to do so.

13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE

AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.

14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.

This limitation applies to

o anything related to the Licensed Content, services, content (including code) on third party Internet sites or third-party programs; and

o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence, or other tort to the extent permitted by applicable law.

It also applies even if Microsoft knew or should have known about the possibility of the damages. The above limitation or exclusion may not apply to you because your country may not allow the exclusion or limitation of incidental, consequential or other damages.

Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement are provided below in French.

Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses dans ce contrat sont fournies ci-dessous en français.

EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute

utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues

consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.

LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES

DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages

directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.

Cette limitation concerne:

 tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code) figurant sur des sites Internet tiers ou dans des programmes tiers; et.

 les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.

(10)

MCT USE ONL

Y. STUDENT USE PROHIBITED

Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre égard.

EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits

prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre pays si celles-ci ne le permettent pas.

(11)

MCT USE ONL

Y. STUDENT USE PROHIBITED

(12)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xii Configuring Advanced Windows Server®_{2012 Services}

Acknowledgments

Microsoft Learning wants to acknowledge and thank the following individuals for their contribution toward developing this title. Their effort at various stages in the development has ensured that you have a good classroom experience.

Stan Reimer – Subject Matter Expert

Stan Reimer is president of S. R. Technical Services Inc., and he works as a consultant, trainer, and author. Stan has extensive experience consulting on Exchange Server and Active Directory deployments for some of the largest companies in Canada. Stan is the lead author for two Active Directory books for Microsoft Press. For the last ten years, Stan has been writing courseware for Microsoft Learning, specializing in Active Directory and Exchange Server courses. Stan has been a Microsoft Certified Trainer (MCT) for 14 years.

Byron Wright – Subject Matter Expert

Byron Wright is a partner in a consulting firm, where he performs network consulting, computer-systems Implementation, and technical training. Byron is also a sessional instructor for the Asper School of Business at the University of Manitoba, where he teaches management information systems and networking. Byron has authored and coauthored a number of books on Windows servers, Windows clients, and Exchange Server, including the Windows Server 2008 Active Directory Resource Kit. To recognize Byron’s commitment to sharing knowledge with the technical community, he has been given the Microsoft MVP Award for Exchange Server.

Damir Dizdarevic– Subject Matter Expert

Damir Dizdarevic is an MCT, Microsoft Certified Solutions Expert (MCSE), Microsoft Certified Technology Specialist (MCTS), and a Microsoft Certified Information Technology Professional (MCITP). He is a manager and trainer of the Learning Center at Logosoft d.o.o., in Sarajevo, Bosnia, and Herzegovina. He also works as a consultant on IT infrastructure and messaging projects. Damir has more than 17 years of experience on Microsoft platforms, and he specializes in Windows Server, Exchange Server, security, and

virtualization. He has worked as a subject matter expert and technical reviewer on many Microsoft Official Courses (MOC) courses, and has published more than 400 articles in various IT magazines, such as

Windows IT Pro and INFO Magazine. He's also a frequent and highly rated speaker on most of Microsoft conferences in Eastern Europe. Additionally, Damir is a Microsoft Most Valuable Professional (MVP) for Windows Server, seven years in a row. His technical blog is available at http://dizdarevic.ba/ddamirblog.

Orin Thomas – Subject Matter Expert

Orin Thomas is an MVP and an MCT, and he has multiple Microsoft MCSE and MCITP certifications. He has written more than 20 books for Microsoft Press, and is a contributing editor at Windows IT Pro magazine. He has been working in IT since the early 1990s. He is a regular speaker at events such as TechED in Australia and around the world on Windows Server, Windows Client, System Center, and security topics. Orin founded and runs the Melbourne System Center Users Group.

(13)

MCT USE ONL

Y. STUDENT USE PROHIBITED

Configuring Advanced Windows Server®_{2012 Services xiii}

David M. Franklyn – Subject Matter Expert

David M. Franklyn, MCT, MCSE, Microsoft Certified IT Professional (MCITP), Microsoft Most Valuable Professional (MVP) Windows Expert--II Pro, is a Senior Information Technology Trainer and Consultant at Auburn University in Montgomery, Alabama, and the owner of DaveMCT, Inc. LLC. He is also Adjunct Faculty with MyITStudy.com. He is an Eastern USA Regional Lead MCT. Dave has been a Microsoft MVP since 2011 and has been teaching at Auburn University since 1998. Dave began working with in 1976, when he started out in the mainframe world and moved early into the networking arena. Before joining Auburn University, Dave spent 22 years in the U.S. Air Force as an electronic communications and computer systems specialist, retiring in 1998. Dave is president of the Montgomery Windows IT Professional Group, and is a guest speaker at many events involving Microsoft products.

Gary Dunlop – Subject Matter

Expert

Gary Dunlop is based in Winnipeg, Canada, and is a technical consultant and trainer for Broadview Networks. He has authored a number of Microsoft Learning titles and has been an MCT since 1997. Gary has authored a number of Microsoft Learning titles and has been an MCT since 1997.

David Susemiehl – Subject Matter Expert

David Susemiehl has worked as consultant, trainer, and courseware developer since 1996. David has extensive experience consulting on Microsoft Systems Management Server and Microsoft System Center Configuration Manager 2007, as well as Active Directory, Exchange Server, and Terminal Server/Citrix deployments. David has developed courseware for Microsoft and Hewlett-Packard, and delivered those courses successfully in Europe, Central America, and across North America. For the last several years, David has been writing courseware for Microsoft Learning, and consulting on infrastructure transitions in Michigan.

Ulf B. Simon-Weinder – Technical Reviewer

Ulf B. Simon-Weidner got his first jobs in digital electronics and microprocessor programming, then moved into programming and building network infrastructures, the area in which he has worked for more than 20 years. He is also an independent author, consultant, speaker, and trainer. Ulf has received the yearly award as Microsoft Most Valuable Professional (MVP) for Windows Server – Directory Services 10 times, and has been a Microsoft Certified Trainer since 2001. Throughout his professional career, he has had numerous consulting engagements with major European or global corporations. He also published many books and articles about Active Directory, Windows Server Infrastructures, Client and Security. Ulf is a frequent visiting speaker for conferences such as Microsoft TechEd North America and Europe, the Directory Experts Conference and The Experts Conference.

(14)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xiv Configuring Advanced Windows Server®_{2012 Services}

Module 1: Implementing Advanced Network Services

Lesson 1: Configuring Advanced DHCP Features 1-2

Lesson 2: Configuring Advanced DNS Settings 1-13

Lesson 3: Implementing IPAM 1-25

Lesson 4: Managing IP Address Spaces with IPAM 1-33

Lab: Implementing Advanced Network Services 1-43

Module 2: Implementing Advanced File Services

Lesson 1: Configuring iSCSI Storage 2-2

Lesson 2: Configuring BranchCache 2-10

Lesson 3: Optimizing Storage Usage 2-18

Lab A: Implementing Advanced File Services 2-28

Lab B: Implementing BranchCache 2-34

Module 3: Implementing Dynamic Access Control

Lesson 1: Overview of DAC 3-2

Lesson 2: Implementing DAC Components 3-9

Lesson 3: Implementing DAC for Access Control 3-16

Lesson 4: Implementing Access Denied Assistance 3-20

Lesson 5: Implementing and Managing Work Folders 3-23

Lab: Implementing Secure Data Access 3-27

Module 4: Implementing Distributed Active Directory

®

_{Domain Services Deployments}

Lesson 1: Overview of Distributed AD DS Deployments 4-2

Lesson 2: Deploying a Distributed AD DS Environment 4-9

Lesson 3: Configuring AD DS Trusts 4-18

Lab: Implementing Distributed AD DS Deployments 4-23

Module 5: Implementing Active Directory Domain Services Sites and Replication

Lesson 1: AD DS Replication Overview 5-2

Lesson 2: Configuring AD DS Sites 5-10

Lesson 3: Configuring and Monitoring AD DS Replication 5-17

Lab: Implementing AD DS Sites and Replication 5-25

Module 6: Implementing AD CS

Lesson 1: Using Certificates in a Business Environment 6-2

Lesson 2: PKI Overview 6-9

Lesson 3: Deploying CAs 6-17

(15)

MCT USE ONL

Y. STUDENT USE PROHIBITED

Configuring Advanced Windows Server®_{2012 Services xv}

Lesson 4: Deploying and Managing Certificate Templates 6-32

Lesson 5: Implementing Certificate Distribution and Revocation 6-38

Lesson 6: Managing Certificate Recovery 6-48

Lab B: Deploying and Managing Certificates 6-53

Module 7: Implementing Active Directory Rights Management Services

Lesson 1: AD RMS Overview 7-2

Lesson 2: Deploying and Managing an AD RMS Infrastructure 7-7

Lesson 3: Configuring AD RMS Content Protection 7-12

Lesson 4: Configuring External Access to AD RMS 7-18

Lab: Implementing AD RMS 7-24

Module 8: Implementing and Administering AD FS

Lesson 1: Overview of AD FS 8-2

Lesson 2: Deploying AD FS 8-12

Lesson 3: Implementing AD FS for a Single Organization 8-19

Lab A: Implementing AD FS 8-27

Lesson 4: Deploying AD FS in a Business-to-Business Federation Scenario 8-33

Lesson 5: Extending AD FS to External Clients 8-38

Lab B: Implementing AD FS for External Partners and Users 8-45

Module 9: Implementing Network Load Balancing

Lesson 1: Overview of NLB 9-2

Lesson 2: Configuring an NLB Cluster 9-6

Lesson 3: Planning an NLB Implementation 9-11

Lab: Implementing NLB 9-17

Module 10: Implementing Failover Clustering

Lesson 1: Overview of Failover Clustering 10-2

Lesson 2: Implementing a Failover Cluster 10-19

Lesson 3: Configuring Highly Available Applications and Services

on a Failover Cluster 10-25

Lesson 4: Maintaining a Failover Cluster 10-30

Lesson 5: Implementing a Multisite Failover Cluster 10-35

Lab: Implementing Failover Clustering 10-41

Module 11: Implementing Failover Clustering with Hyper-V

Lesson 1: Overview of Integrating Hyper-V with Failover Clustering 11-2

Lesson 2: Implementing Hyper-V Virtual Machines on Failover Clusters 11-8

Lesson 3: Implementing Hyper-V Virtual Machine Movement 11-19

(16)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xvi Configuring Advanced Windows Server®_{2012 Services}

Module 12: Implementing Business Continuity and Disaster Recovery

Lesson 1: Data Protection Overview 12-2

Lesson 2: Implementing Windows Server Backup 12-8

Lesson 3: Implementing Server and Data Recovery 12-18

Lab: Implementing Windows Server Backup and Restore 12-23

Lab Answer Keys

Module 1 Lab: Implementing Advanced Network Services L1-1

Module 2 Lab A: Implementing Advanced File Services L2-11

Module 2 Lab B: Implementing BranchCache L2-18

Module 3 Lab: Implementing Secure Data Access L3-25

Module 4 Lab: Implementing Distributed AD DS Deployments L4-39

Module 5 Lab: Implementing AD DS Sites and Replication L5-45

Module 6 Lab A: Deploying and Configuring a CA Hierarchy L6-53

Module 6 Lab B: Deploying and Managing Certificates L6-59

Module 7 Lab: Implementing AD RMS L7-69

Module 8 Lab A: Implementing AD FS L8-83

Module 8 Lab B: Implementing AD FS for External Partners and Users L8-89

Module 9 Lab: Implementing NLB L9-101

Module 10 Lab: Implementing Failover Clustering L10-107

Module 11 Lab: Implementing Failover Clustering with Hyper-V L11-117

(17)

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xvii

About This Course

This course is intended for information technology (IT) professionals who have hands-on experience implementing, managing, and maintaining a Windows Server 2012 or Windows Server 2012 R2 environment who wish to acquire the skills and knowledge necessary to perform advanced services management and provisioning within that Windows Server 2012 environment.

Course Description

Get hands-on instruction and practice configuring advanced Windows Server 2012, including Windows Server 2012 R2, services in this five-day Microsoft Official Course. This course is the third part in a series of three courses that provides the skills and knowledge necessary to implement a core Windows Server 2012 infrastructure in an existing enterprise environment.

The three courses collectively cover implementing, managing, maintaining, and provisioning services and infrastructure in a Windows Server 2012 environment. Although there is some cross-over of skills and tasks across these courses, this course focuses on advanced configuration of services necessary to deploy, manage, and maintain a Windows Server 2012 infrastructure, such as advanced networking services, Active Directory Domain Services (AD DS), Active Directory Rights Management Services (AD RMS), Active Directory Federation Services (AD FS), Network Load Balancing, failover clustering, business continuity, and disaster-recovery services. This course also covers access and information provisioning, and protection technologies such as Dynamic Access Control (DAC), and Web Application Proxy integration with ADFS and Workplace Join.

This course maps directly to and is the preferred choice for hands-on preparation for Microsoft Certified Solutions Associate (MCSA): Exam 412: Configuring Advanced Windows Server 2012 Services, which is the third of three exams required for MCSA: Windows Server 2012 certification.

Note: Labs in this course are based on the General Availability release of Windows Server 2012 R2 and

Windows 8.1.

Module 1 starts the course with topics on advanced network configuration. Students will already be familiar with Domain Name System (DNS) and Dynamic Host Configuration Protocol (DHCP) services, and this course is designed for more advanced configurations that they may not have encountered. IP Address Management (IPAM) is a new Windows Server 2012 feature that will help students streamline the

management of IP addressing in the organization.

Modules 2 and 3 provide a block of topics that are focused on file services. Module 2 expands on previous knowledge that students have acquired on how to configure file services in a Windows Server

environment by introducing some advanced configuration options. Module 3 describes the new Windows Server 2012 feature that provides even more advanced options for managing and auditing access to file server resources in Windows Server 2012.

Modules 4 through 8 discuss the more advanced topics in implementing AD DS and other Active Directory role services. Modules 4 and 5 describe the scenario where an organization has a highly

complicated environment that cannot be easily managed with a single AD DS domain and site. Therefore, these modules describe how to implement multi-domain and multi-site AD DS environments.

Modules 6 through 8 take AD DS implementation in a different direction. While modules 4 and 5 focused on providing AD DS services to users inside the organization, modules 6 to 8 switch the focus to providing some AD DS services outside of the organization. This includes authentication and authorization to users or services that might be in the same forest, but that might also be in a different AD DS forest, or might not even have any AD DS accounts.

(18)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xviii About This Course

Module 6 describes how to implement a public key infrastructure (PKI) environment that will meet internal certificate services requirements and external requirements. Module 7 describes how to implement an Active Directory Rights Management Services (AD RMS) deployment to enable internal access restrictions to be extended outside the organization’s boundaries. Module 8 describes how to implement Active Directory Federation Services (AD FS) environments to extend authentication services to users who might not have any accounts in the internal AD DS forest.

Modules 9 and 10 provide details on two different options for making applications and services highly available in a Windows Server 2012 environment. Module 9 describes Network Load Balancing (NLB), which is used primarily for web-based applications. Module 10 describes failover clustering, which can be used to make many other applications and services highly available. Module 11 expands on the failover clustering content from Module 10, by describing how to integrate Hyper-VTM_{virtual machines with} failover clustering.

Module 12 provides instruction on how to plan for and recover from various data and server loss scenarios in Windows Server 2012. Because of the options for integrating high availability with disaster recovery, this module will build on the high-availability content that was presented in the previous modules, but will also include scenarios and procedures for ensuring data and service availability in the event of failure in a highly available environment.

Audience

This course is intended for candidates who would typically be experienced Windows Server Administrators who have real-world experience working in a Windows Server 2008 or Windows Server 2012 enterprise environment. The audience also includes IT professionals who want to take the course 70-412,

Configuring Advanced Windows Server 2012 Services. Lastly, the audience includes IT professionals who wish to take the Microsoft Certified Solutions Expert (MCSE) exams in DataCenter, Desktop Infrastructure, Messaging, Collaboration and Communications. This course may help them as they prepare for the Microsoft Certified Solutions Associate (MCSA) exams, which are a pre-requisite for their individual specialties.

Student Prerequisites

This course requires that you meet the following prerequisites:

• Experience working with Windows Server 2008 or Windows Server 2012 servers day to day in an enterprise environment.

• Knowledge equivalent to the content covered in courses 20410C: Installing and Configuring Windows Server 2012; and 20411C: Administering Windows Server 2012.

Course Objectives

After completing this course, the students will be able to:

• Configure advanced features for DHCP and DNS, and configure IP address management. • Configure file services to meet advanced business requirements.

• Configure Dynamic Access Control (DAC) to manage and audit access to shared files. • Plan and implement an AD DS deployment that includes multiple domains and forests. • Plan and implement an AD DS deployment that includes multiple locations and data centers. • Implement and configure an Active Directory Certificate Services (AD CS) deployment.

(19)

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xix

• Implement and configure an Active Directory Rights Management Services (AD RMS) deployment. • Implement and configure an Active Directory Federation Services (AD FS) deployment.

• Provide high availability and load balancing for web-based applications by implementing Network Load Balancing (NLB).

• Provide high availability for network services and applications by implementing failover clustering. • Deploy and manage Windows Server 2012 Hyper-V virtual machines in a failover cluster.

• Implement a backup and disaster-recovery solution based on business and technical requirements.

Course Outline

The course outline is as follows:

Module 1: “Implementing Advanced Network Services” Module 2: “Implementing Advanced File Services” Module 3: “Implementing Dynamic Access Control”

Module 4: “Implementing Distributed Active Directory Domain Services Deployments” Module 5: “Implementing Active Directory Domain Services Sites and Replication” Module 6: “Implementing Active Directory Certificate Services”

Module 7: “Implementing Active Directory Rights Management Services” Module 8: “Implementing and Administering AD FS”

Module 9: “Implementing Network Load Balancing” Module 10: “Implementing Failover Clustering”

Module 11: “Implementing Failover Clustering with Hyper-V”

Module 12: “Implementing Business Continuity and Disaster Recovery”

Exam/Course Mapping

This course, 20412C: Configuring Advanced Windows Server®_{2012 Services, has a direct mapping of its}

content tothe objective domain for the Microsoft exam 70-412: Configuring Advanced Windows Server 2012 Services.

The table below is provided as a study aid that will assist you in preparation for taking this exam and to show you how the exam objectives and the course content fit together. The course is not designed exclusively to support the exam but rather provides broader knowledge and skills to allow a real-world implementation of the particular technology. The course will also contain content that is not directly covered in the examination and will utilize the unique experience and skills of your qualified Microsoft Certified Trainer.

Note: The exam objectives are available online at the following URL:

(20)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xx About This Course

Exam Objective Domain: 70-412: Configuring Advanced Windows

Server 2012 Services Course Content

1. Configure and Manage High Availability (16%) Module Lesson Lab

1.1 Configure Network Load Balancing (NLB).

This objective may include but is not limited to: Installing NLB nodes; configuring NLB prerequisites; configuring affinity; configuring port rules; configuring cluster operation mode; upgrading an NLB cluster

Mod 9 Lesson 1/2/3 Mod 9 Ex 1/2/3 1.2 Configure failover clustering.

This objective may include but is not limited to: Configuring Quorum; configuring cluster networking; restoring single node or cluster configuration; configuring cluster storage; implement Cluster Aware Updating; upgrade a cluster ; configure and optimize clustered shared volumes; configure clusters without network names; configure storage spaces

Mod 10 Lesson 1/2/3/4/5 Mod 10 Ex 1/2/3/4 1.3 Manage failover clustering roles.

This objective may include but is not limited to:

Configuring role-specific settings including continuously available shares; configure VM monitoring ; configuring failover and preference settings; configure guest clustering Mod 10 Lesson 1/3 Mod 10 Lab Ex 2 Mod 11 Lesson 1/2 Mod 11 Lab Ex 1/2 1.4 Manage virtual machine (VM) movement.

This objective may include but is not limited to: Perform live migration; perform quick migration; performing storage migration; import, export, and copy VMs; configure Virtual Machine network health protection; configure drain on shutdown

Mod 11 Lesson 1/2/3

Mod 11 Lab Ex 2/3

2. Configure File and Storage Solutions (18%)

2.1 Configure advanced file services.

This objective may include but is not limited to: Configuring Network File System (NFS) data store; configuring BranchCache; configuring File Classification Infrastructure (FCI) using the File Server Resource Manager (FSRM); configuring file access auditing

Mod 2 Lesson 2/3 Mod 2 Lab A Ex 2 Lab B Ex 1/2/3/4 2.2 Implement Dynamic Access Control (DAC).

This objective may include but is not limited to: Configuring user and device claim types; implementing policy changes and staging; performing access-denied remediation; configuring file classification; create and configure Central Access rules and policies; create and configure resource properties and lists

Mod 3 Lesson 1/2/3/4 Mod 3 LAB Ex 1/2/3 2.3 Configure and optimize storage.

This objective may include but is not limited to: Configuring iSCSI Target and Initiator; configuring Internet Storage Name Server (iSNS); implementing thin provisioning and trim; managing server free space using Features on Demand; configure tiered storage

Mod 2 Lesson 1/3

Mod 2 Lab A Ex 1

(21)

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xxi

3. Implement Business Continuity and Disaster Recovery (14%)

3.1 Configure and manage backups.

This objective may include but is not limited to: Configuring Windows Server backups; configuring Windows Azure backups; configuring role-specific backups; managing VSS settings using VSSAdmin;

Mod 12 Lesson 1/2 Mod 12 Lab Ex 1/2 3.2 Recover servers.

This objective may include but is not limited to: Restore from backups; perform a Bare Metal Restore (BMR); recover servers using Windows Recovery Environment (Win RE) and safe mode; configuring the Boot Configuration Data (BCD) store

Mod 12 Lesson 1/2/3 Mod 12 Ex 1/2 3.3 Configure site-level fault tolerance.

This objective may include but is not limited to: Configuring Hyper-V Replica including Hyper-V Replica Broker and VMs; configuring multi-site clustering including network settings, Quorum, and failover settings; configure Hyper-V Replica extended replication; configure Global Update Manager; recover a multi-site failover cluster Mod 11 Lessons 1/3 Mod 11 Lab Ex 1 Mod 10 Lesson 1/5 Mod 10 Lab Ex 1

4. Configure Network Services (17%)

4.1 Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution.

This objective may include but is not limited to: Create and configure superscopes and multicast scopes; implementing DHCPv6; configuring high availability for DHCP including DHCP failover and split scopes; configuring DHCP Name Protection; configure DNS registration

Mod 1 Lesson 1 Mod 1 Lab Ex 1

4.2 Implement an advanced DNS solution.

This objective may include but is not limited to: Configuring security for DNS including DNSSEC, DNS Socket Pool, and cache locking; configuring DNS logging; configuring delegated administration; configuring recursion; configuring netmask ordering; configuring a GlobalNames zone; analyze zone level statistics

4.3 Deploy and manage IPAM.

This objective may include but is not limited to: Provision IPAM manually or by using Group Policy ; configuring server discovery; creating and managing IP blocks and ranges; monitoring utilization of IP address space; migrate to IPAM; delegate IPAM administration; manage IPAM collections; configure IPAM database storage

Mod 1 Lesson 3/4

Mod 1 Lab Ex 3

(22)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xxii About This Course

5. Configure the Active Directory Infrastructure (15%)

5. 1 Configure a forest or a domain

This objective may include but is not limited to: Implement multi-domain and multi-forest Active Directory environments including interoperability with previous versions of Active Directory; upgrade existing domains and forests including environment preparation and functional levels; configuring multiple user principal name (UPN) suffixes

Mod 4 Lesson 1/2 Mod 4 Lab Ex 1

5.2 Configure trusts.

This objective may include but is not limited to: Configuring external, forest, shortcut, and realm trusts; configuring trust authentication; configuring SID filtering; configuring name suffix routing

5.3 Configure sites.

This objective may include but is not limited to: Configure sites and subnets; create and configure site links; manage site coverage; manage registration SRV records; move domain controllers between sites

Mod 5 Lesson 2/3 Mod 5 Lab Ex 1/2

5.4 Manage Active Directory and System Volume (SYSVOL) replication.

This objective may include but is not limited to: Configuring replication to read-only domain controllers (RODCs); configuring Password Replication Policy (PRP) for RODCs; monitoring and managing replication; upgrading SYSVOL replication to Distributed File System Replication (DFSR)

Mod 5 Lesson 1/3 Mod 5 Lab Ex 3/4

6. Configure Access and Information Protection Solutions (19%)

6.1 Implement Active Directory Federation Services (AD FS).

This objective may include but is not limited to: Install AD FS; Implement claims-based authentication including Relying Party Trusts; configure authentication policies; configure Workplace Join; configure multi-factor authentication Mod 8 Lesson 1/2/3/4/5 Mod 8 Lab A Ex 1/2 Lab B Ex 1/2 6.2 Install and configure Active Directory Certificate Services (AD CS).

This objective may include but is not limited to: Install an Enterprise Certificate Authority (CA); Configure CRL distribution points; install and configure Online Responder; implement administrative role separation; configuring CA backup and recovery

Mod 6 Lesson 1/2/3/5 Mod 6 Lab A Ex 1/2 Lab B Ex 3 6.3 Manage certificates.

This objective may include but is not limited to: Manage certificate templates; implement and manage certificate deployment, validation, and revocation; manage certificate renewal; managing certificate enrollment and renewal to computers and users using Group Policies; configure and manage key archival and recovery

Mod 6 Lesson 4/5/6 Mod 6 Lab B Ex 1/2/3/4 6.4 Install and configure Active Directory Rights Management Services (AD RMS).

This objective may include but is not limited to: Installing a licensing or certificate AD RMS server; managing AD RMS Service Connection Point (SCP); managing RMS templates; configuring Exclusion Policies; backup and restore AD RMS

Mod 7 Lesson 1/2/3/4

Mod 7 Lab Ex 1/2/3/4

(23)

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xxiii

Note: Attending this course in itself will not successfully prepare you to pass any associated certification exams.

The taking of this course does not guarantee that you will automatically pass any certification exam. In addition to attendance at this course, you should also have the following:

• Real-world, hands-on experience Installing and configuring a Windows Server 2012 Infrastructure • Windows 7 or Windows 8 client configuration experience

• Additional study outside of the content in this handbook

There may also be additional study and preparation resources, such as practice tests, available for you to prepare for this exam. Details of these are available at the following URL:

http://www.microsoft.com/learning/en-us/exam-70-412.aspx, under Preparation options.

You should familiarize yourself with the audience profile and exam prerequisites to ensure you are sufficiently prepared before taking the certification exam. The complete audience profile for this exam is available at the following URL: http://www.microsoft.com/learning/en-us/course.aspx?ID=20412C, under Overview, Audience Profile.

You should also check out the Microsoft Virtual Academy, http://www.microsoftvirtualAcademy.com to view further additional study resources and online courses which are available to assist you with exam preparation and career development.

The exam/course mapping table outlined above is accurate at the time of printing, however it is subject to change at any time and Microsoft bears no responsibility for any discrepancies between the version published here and the version available online and will provide no notification of such changes

(24)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xxiv About This Course

Course Materials

The following materials are included with your kit:

• Course Handbook: a succinct classroom learning guide that provides the critical technical information in a crisp, tightly focused format, which is essential for an effective in-class learning experience.

You may be accessing either a printed course hand book or digital courseware material via the Arvato Skillpipe reader. Your Microsoft Certified Trainer will provide specific details but both contain the following:

o Lessons: guide you through the learning objectives and provide the key points that are critical to the success of the in-class learning experience.

o Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned in the module.

o Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge and skills retention.

o Lab Answer Keys: provide step-by-step lab solution guidance.

Course Companion Content on the http://www.microsoft.com/learning/en/us/companion-moc.aspx Site: searchable, easy-to-browse digital content with integrated premium online resources

that supplement the Course Handbook.

o Modules: include companion content, such as questions and answers, detailed demo steps and additional reading links, for each lesson. Additionally, they include Lab Review questions and answers and Module Reviews and Takeaways sections, which contain the review questions and answers, best practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios with answers.

o Resources: include well-categorized additional resources that give you immediate access to the most current premium content on TechNet, MSDN®_{, or Microsoft Press}®_.

• Course evaluation: at the end of the course, you will have the opportunity to complete an online evaluation to provide feedback on the course, training facility, and instructor.

o To provide additional comments or feedback on the course, send an email to

[email protected]. To inquire about the Microsoft Certification Program, send an email to [email protected].

(25)

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xxv

Virtual Machine Environment

This section provides the information for setting up the classroom environment to support the business scenario of the course.

Virtual Machine Configuration

In this course, you will use virtual machines built in Microsoft®_{Hyper-V to perform the labs.}

Important: At the end of each lab, you may need to revert the virtual machines to a snapshot.

You can find the instructions for this procedure at the end of each lab

The following table shows the role of each virtual machine that is used in this course:

Virtual machine �Role

20412C-LON-DC1/-B Windows Server 2012

Domain controller in the Adatum.com domain

20412C-LON-CA1 Windows Server 2012 Standalone server

20412C-LON-CL1 Windows 8 client computer

Member of the Adatum.com domain

20412C-LON-CL2 Windows 8 client computer

Member of the Adatum.com domain

20412C-LON-CORE Windows Server 2012

Member server in the Adatum.com domain

20412C-LON-SVR1/-B Windows Server 2012

20412C-LON-SVR2 Windows Server 2012

(26)

MCT USE ONL

Y. STUDENT USE PROHIBITED

xxvi About This Course

Virtual machine �Role

20412C-TREY-CL1 Windows 8 client computer

Member of the Treyresearch.net domain

20412C-TREY-DC1 Windows Server 2012

Domain controller in the Treyresearch.net domain

20412C-LON-HOST1 Windows Server 2012

20412C-LON-HOST2 Windows Server 2012

20412C-TOR-DC1 Windows Server 2012

Software Configuration

The following software is installed in the course

• Windows Server 2012 R2

• Windows 8.1

• Microsoft Office 2013

• Windows Identity Foundation SDK 4.0

Classroom Setup

Each classroom computer will have the same virtual machine configured in the same way.

You may be accessing the lab virtual machines in either in a hosted online environment with a web browser or by using Hyper-V on a local machine. The labs and virtual machines are the same in both scenarios however there may be some slight variations because of hosting requirements. Any discrepancies will be called out in the Lab Notes on the hosted lab platform.

(27)

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course xxvii

Course Hardware Level

Where labs are being run locally, to ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions (CPLS) classrooms in which Official Microsoft Learning Product courseware is taught. This includes:

Hardware Level 7

• Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor • Dual 120 gigabyte (GB) hard disks 7200 RM Serial ATA (SATA) or better*

• 16 GB RAM • DVD drive • Network adapter

• Super VGA (SVGA) 17-inch monitor

• Microsoft Mouse or compatible pointing device • Sound card with amplified speakers

*Striped

In addition, the instructor computer must be connected to a projection display device that supports SVGA 1024 x 768 pixels, 16-bit colors.

(28)

MCT USE ONL

(29)

MCT USE ONL

Y. STUDENT USE PROHIBITED

1-1

Module 1

Implementing Advanced Network Services

Module Overview

In Windows Server®_{2012, network services such as Domain Name System (DNS) provide critical support for} name resolution of network and Internet resources. Within DNS, DNS Security Extensions (DNSSEC) is an advanced feature that provides a means of securing DNS responses to client queries so that malicious users cannot tamper with them. With Dynamic Host Configuration Protocol (DHCP), you can manage and distribute IP addresses to client computers. DHCP is essential for managing IP-based networks. DHCP failover is an advanced feature that can prevent clients from losing access to the network in case of a DHCP server failure. IP Address Management (IPAM) provides a unified means of controlling IP addressing. This module introduces DNS and DHCP improvements, and IP address management, and it provides details about how to implement these features.

Objectives

After completing this module, you will be able to: • Configure advanced DHCP features.

• Configure advanced DNS settings. • Implement IPAM.

Configuring Advanced Windows Server 2012

MCT USE ONL

Y. STUDENT USE PROHIBITED

20412D

Configuring Advanced Windows Server

®

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

Acknowledgments

Stan Reimer – Subject Matter Expert

Byron Wright – Subject Matter Expert

Damir Dizdarevic– Subject Matter Expert

Orin Thomas – Subject Matter Expert

MCT USE ONL

Y. STUDENT USE PROHIBITED

David M. Franklyn – Subject Matter Expert

Gary Dunlop – Subject Matter

Expert

David Susemiehl – Subject Matter Expert

Ulf B. Simon-Weinder – Technical Reviewer

MCT USE ONL

Y. STUDENT USE PROHIBITED

Contents

Module 1: Implementing Advanced Network Services

Module 2: Implementing Advanced File Services

Module 3: Implementing Dynamic Access Control

Module 4: Implementing Distributed Active Directory

Domain Services Deployments

Module 5: Implementing Active Directory Domain Services Sites and Replication

Module 6: Implementing AD CS

MCT USE ONL

Y. STUDENT USE PROHIBITED

Module 7: Implementing Active Directory Rights Management Services

Module 8: Implementing and Administering AD FS

Module 9: Implementing Network Load Balancing

Module 10: Implementing Failover Clustering

Module 11: Implementing Failover Clustering with Hyper-V

MCT USE ONL

Y. STUDENT USE PROHIBITED

Module 12: Implementing Business Continuity and Disaster Recovery

Lab Answer Keys

MCT USE ONL

Y. STUDENT USE PROHIBITED

About This Course

Course Description

MCT USE ONL

Y. STUDENT USE PROHIBITED

Audience

Student Prerequisites

Course Objectives

MCT USE ONL

Y. STUDENT USE PROHIBITED

Course Outline

Exam/Course Mapping

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

MCT USE ONL

Y. STUDENT USE PROHIBITED

_{Domain Services Deployments}