Complete Guide to Windows Server 2019: Practical Steps for Success
Step-by-step practical guide for mastering Windows Server 2019
Table of contents
- Author: Shrihith Anantharam
- TABLE OF CONTENTS
- Introduction
- Module 1: Windows Server Administration Overview
- Module 2: Identity Services in Windows Server
- Topic: Deploying Windows Server Domain Controllers
- Practical Lab: Deploying and Configuring Domain Controllers in Windows Server 2019
- Step 1: Install Active Directory Domain Services (AD DS)
- Step 2: Configure Active Directory Domain Services
- Step 3: Implement Group Policy
- Step 4: Install and Configure Active Directory Certificate Services (AD CS)
- Step 5: Integrate with Azure Active Directory (Azure AD)
- Practice Task: Create and Manage User Accounts
- Module 3: Network Infrastructure Services
- Module 4: File Servers and Storage
- Module 5: Virtualization and Containers
- Module 6: High Availability and Disaster Recovery
- Module 7: Security Features
- Module 8: Remote Desktop Services
- Module 9: Remote Access and Web Services
- Module 10: Service Monitoring and Performance Monitoring
- Module 11: Upgrades and Migrations
- Module 12: Advanced Administration and Troubleshooting
- Module 13: System Backup and Restore
- Module 14: Windows Server Migration and Modernization
- Module 15: Automating Windows Server Administration
- Basic Questions
- Intermediate Questions
- Advanced Questions
- Conclusion
Author: Shrihith Anantharam
TABLE OF CONTENTS
Introduction
Module 1: Windows Server Administration Overview
Module 2: Identity Services in Windows Server
Module 3: Network Infrastructure Services
Module 4: File Servers and Storage
Module 5: Virtualization and Containers
Module 6: High Availability and Disaster Recovery
Module 7: Security Features
Module 8: Remote Desktop Services
Module 9: Remote Access and Web Services
Module 10: Service Monitoring and Performance Monitoring
Module 11: Upgrades and Migrations
Module 12: Advanced Administration and Troubleshooting
Module 13: System Backup and Restore
Module 14: Windows Server Migration and Modernization
Module 15: Automating Windows Server Administration
Basics Questions
Intermediate Questions
Advanced Questions
Conclusion
Introduction
Welcome to the Windows Server 2019 Administration Guide. In the dynamic world of technology, Windows Server 2019 shines as a powerful and adaptable platform, crafted to fulfil the diverse needs of contemporary businesses and IT infrastructures. This all-encompassing guide is designed to equip you with a profound understanding of Windows Server 2019's features, tools, and capabilities, empowering you to manage and administer your server environments with ease and efficiency.
Who This Guide Is For
This guide is tailored for IT professionals, system administrators, and anyone engaged in managing Windows Server environments. Whether you're a newcomer eager to delve into server administration or a seasoned expert aiming to refine your skills, this book provides invaluable insights and practical knowledge to propel your success.
What You Will Learn
Embark on a journey through the multifaceted world of Windows Server 2019 administration, where you will:
Set Up and Configure Servers: Master the installation and configuration of Windows Server 2019, including its core components and administration tools.
Manage Identity Services: Learn to deploy and manage Active Directory Domain Services, Group Policy, and integrate with Azure AD.
Network Infrastructure: Acquire expertise in deploying and managing DHCP, DNS, and configuring network settings.
File Servers and Storage: Delve into the complexities of configuring file servers, managing storage, and implementing DFS and SMB.
Virtualization and Containers: Discover virtualization with Hyper-V and containerization using Windows Containers.
High Availability and Disaster Recovery: Implement failover clustering, backup solutions, and disaster recovery strategies.
Security Features: Enforce security policies, auditing, and encryption to safeguard critical resources.
Remote Desktop Services: Establish and manage a virtual machine-based desktop infrastructure for remote access.
Service and Performance Monitoring: Utilize Performance Monitor, Event Viewer, and other tools for monitoring and troubleshooting.
Upgrades and Migrations: Conduct upgrades and migrations related to AD DS and storage.
System Backup and Restore: Configure and manage backup and restore solutions to ensure data integrity.
Advanced Administration: Apply advanced administration techniques and troubleshoot common issues.
Automation: Harness PowerShell and Task Scheduler to automate administrative tasks.
Server Migration and Modernization: Strategize and execute server migrations and integrate cloud services.
How to Use This Guide
Each module in this guide is meticulously crafted to be comprehensive and practical, featuring step-by-step instructions, real-world examples, and hands-on labs. By engaging with the exercises and practice tasks, you will gain a thorough understanding of each topic and be able to apply your knowledge to real-world scenarios.
Final Thoughts
As you navigate through this guide, you will cultivate the skills necessary to effectively manage and maintain Windows Server 2019 environments. Embrace the challenges, explore the features, and harness the power of Windows Server 2019 to advance your IT infrastructure. Let's embark on this journey and unlock the full potential of Windows Server 2019 together!
Module 1: Windows Server Administration Overview
Topic: Overview of Windows Server Administration Principles and Tools
Description: This section introduces the foundational concepts of Windows Server 2019, including Windows Server Core and the Windows Admin Center.
Practical Lab: Setting Up and Configuring Windows Server 2019
Step 1: Download and Install Windows Server 2019
Download the ISO File: Visit the official Microsoft website to download the Windows Server 2019 ISO file.
Create Bootable Media: Use a tool like Rufus to create a bootable USB drive from the ISO file.
Boot from USB: Insert the USB drive into your computer and boot from it.
Start Installation: Follow the installation wizard to select the edition (Standard GUI) and partition the disk.
Step 2: Install Windows Server 2019
Language and Region: Select your preferred language, time, currency format, and keyboard layout.
Install Now: Click "Install Now" to begin the installation process.
Select Edition: Choose "Windows Server 2019 Standard" and click "Next."
Accept License Terms: Read and accept the license terms.
Custom Installation: Select "Custom: Install Windows only (advanced)."
Select Partition: Choose the partition where you want to install Windows Server 2019.
Complete Installation: Follow the prompts to complete the installation.
Step 3: Configure Initial Settings
Set Administrator Password: Create a strong password for the administrator account.
Network Settings: Configure network settings, including IP address, DNS, and default gateway.
Time Zone: Set the correct time zone and date.
Restart: Restart the server to apply the changes.
Step 4: Install Windows Updates
Open Server Manager: Access Server Manager from the Start menu.
Check for Updates: Click on "Manage" and select "Add Roles and Features" to check for updates.
Install Updates: Install all available updates to ensure your server is up to date.
Step 5: Install VMware Tools
Open VMware Workstation: Launch VMware Workstation and select the virtual machine.
Install VMware Tools: Click on the "VM" menu and select "Install VMware Tools."
Restart VM: Restart the virtual machine to complete the installation.
Step 6: Manage Virtual Machine Settings
Power Management: Use the power button in VMware Workstation to start, stop, and restart the virtual machine.
Snapshot Management: Create snapshots to save the current state of the virtual machine.
Clone VM: Use the clone feature to create copies of the virtual machine.
Step 7: Configure Network and Shared Folders
Network Settings: Configure network adapters and settings in VMware Workstation.
Enable Shared Folders: Use VMware Tools to enable shared folders between the host and guest operating systems.
Step 8: Practice Task
Create User Account: Create a new user account and assign administrative privileges.
Configure Remote Desktop: Enable Remote Desktop and test remote access from another computer.
Module 2: Identity Services in Windows Server
Topic: Deploying Windows Server Domain Controllers
Description: This section covers the implementation of Group Policy, Active Directory Certificate Services, and Azure AD integration.
Practical Lab: Deploying and Configuring Domain Controllers in Windows Server 2019
Step 1: Install Active Directory Domain Services (AD DS)
Open Server Manager: Click on the Start menu, search for Server Manager, and open it.
Add Roles and Features: In Server Manager, click on Manage and then Add Roles and Features. Follow the wizard and select Role-based or feature-based installation.
Select Server: Choose the local server or the server you want to install AD DS on and click Next.
Select Active Directory Domain Services: Check the Active Directory Domain Services box. A pop-up window will appear to add required features. Click Add Features and then Next.
Install AD DS: Complete the wizard and click Install. Wait for the installation to complete.
Step 2: Configure Active Directory Domain Services
Promote Server to Domain Controller: After the installation is complete, click on Promote this server to a domain controller.
Deployment Configuration: Choose Add a new forest and enter your root domain name (e.g., contoso.com). Click Next.
Domain Controller Options: Select the Forest functional level and Domain functional level (choose the highest available). Enter a Directory Services Restore Mode (DSRM) password and click Next.
DNS Options: Click Next on the DNS options page.
Additional Options: Verify the NetBIOS domain name and click Next.
Paths: Specify the location of the AD database, log files, and SYSVOL folder, or use the default paths and click Next.
Review Options and Install: Review the options and click Next. Click Install to complete the promotion.
Step 3: Implement Group Policy
Open Group Policy Management: In Server Manager, go to Tools and select Group Policy Management.
Create a New GPO: Right-click on your domain or Organizational Unit (OU) and select Create a GPO in this domain, and Link it here. Enter a name for the new GPO and click OK.
Edit GPO: Right-click the newly created GPO and select Edit. Configure the policies as needed.
Step 4: Install and Configure Active Directory Certificate Services (AD CS)
Add Roles and Features: Open Server Manager, click on Manage, and select Add Roles and Features. Follow the wizard to add the Active Directory Certificate Services role.
Configure AD CS: After installation, click on Configure Active Directory Certificate Services on the destination server. Follow the wizard to configure the roles (Certification Authority, Certification Authority Web Enrollment, etc.). Select the credentials, specify the type of CA (Standalone or Enterprise), and configure the CA name and validity period.
Step 5: Integrate with Azure Active Directory (Azure AD)
- Set up Azure AD Connect: Download and install Azure AD Connect on your server. Open Azure AD Connect and select Express settings or Custom settings based on your requirements. Follow the wizard to connect your on-premises AD with Azure AD.
Practice Task: Create and Manage User Accounts
Create a User Account: Open Active Directory Users and Computers (ADUC) from Server Manager. Navigate to the desired OU, right-click, and select New > User. Enter user details and follow the wizard to create the user.
Assign Group Memberships: Right-click the user account, select Properties, go to the Member Of tab, and add the user to the necessary groups.
Configure Group Policies: Link a Group Policy Object (GPO) to the OU where the user resides and configure the necessary policies.
Module 3: Network Infrastructure Services
Topic: Deploying and Managing DHCP
Description: This section focuses on managing DNS, IP Addressing, and Name Resolution.
Practical Lab: Deploying and Managing DHCP in Windows Server 2019
Step 1: Install the DHCP Role
Open Server Manager: Click on the Start menu, search for Server Manager, and open it.
Add Roles and Features: In Server Manager, click on Manage and then Add Roles and Features. Follow the wizard and select Role-based or feature-based installation.
Select Server: Choose the local server or the server you want to install the DHCP role on and click Next.
Select DHCP Server: Check the DHCP Server box. A pop-up window will appear to add required features. Click Add Features and then Next.
Install DHCP: Complete the wizard and click Install. Wait for the installation to complete.
Step 2: Configure DHCP
Open DHCP Management Console: After the installation is complete, open DHCP from the Tools menu in Server Manager.
Create a New Scope: Right-click on IPv4 and select New Scope. Follow the New Scope Wizard to create a new DHCP scope:
Scope Name: Enter a name and description for the scope.
IP Address Range: Define the start and end IP addresses for the scope.
Subnet Mask: Enter the subnet mask.
Add Exclusions: Specify any IP addresses to exclude from the range.
Lease Duration: Set the lease duration for IP addresses.
Configure DHCP Options: Set default gateway, DNS servers, and WINS servers.
Activate Scope: Activate the new scope to start assigning IP addresses.
Step 3: Manage DNS
Open DNS Manager: Open DNS Manager from the Tools menu in Server Manager.
Configure Forward Lookup Zones: Right-click on Forward Lookup Zones and select New Zone. Follow the New Zone Wizard to create a new zone:
Zone Type: Choose Primary zone.
Zone Name: Enter the domain name (e.g., contoso.com).
Zone File: Choose to create a new zone file.
Dynamic Update: Choose the type of dynamic updates allowed.
Add DNS Records: Right-click on the new zone and select New Host (A or AAAA). Enter the host name and IP address, then click Add Host.
Step 4: Configure IP Addressing
- Set Static IP Addresses: For servers and critical infrastructure, configure static IP addresses to ensure they remain constant. Open Network and Sharing Center, select Change adapter settings, right-click on the network adapter, and select Properties. Select Internet Protocol Version 4 (TCP/IPv4), then click Properties. Set the IP address, subnet mask, default gateway, and DNS servers manually.
Step 5: Name Resolution with DNS and WINS
Enable and Configure WINS (if necessary): In cases where legacy systems require WINS, ensure it is installed and configured. Open Server Manager, add the WINS feature, and configure it as needed.
Manage DNS Records: Regularly update and manage DNS records to ensure proper name resolution within the network. Use DNS Manager to add, remove, or update DNS records.
Step 6: Monitor and Manage DHCP and DNS
Monitor DHCP Leases: Open the DHCP Management Console, navigate to the Address Leases node, and monitor the assigned leases.
Check DNS Resolution: Use tools like nslookup and ping to verify DNS name resolution.
Audit and Troubleshoot: Regularly audit DHCP and DNS logs for any issues or discrepancies. Use Event Viewer and built-in diagnostic tools to troubleshoot problems.
Practice Task: Configure a New DHCP Scope and DNS Zone
Create a New DHCP Scope: Follow the steps to create a new DHCP scope for a different subnet or VLAN.
Create a New DNS Zone: Follow the steps to create a new DNS zone and add DNS records for the new scope.
Module 4: File Servers and Storage
Topic: Configuring File Servers and Storage
Description: This section covers the implementation of File and Storage Services, including DFS and SMB.
Practical Lab: Configuring File Servers and Storage in Windows Server 2019
Step 1: Install File Server Role
Open Server Manager: Click on the Start menu, search for Server Manager, and open it.
Add Roles and Features: In Server Manager, click on Manage and then Add Roles and Features. Follow the wizard and select Role-based or feature-based installation.
Select Server: Choose the local server or the server you want to install the file server role on and click Next.
Select File and Storage Services: Expand File and Storage Services, then File and iSCSI Services, and check File Server. Click Next and then Install to complete the installation.
Step 2: Configure SMB File Shares
Open File and Storage Services: In Server Manager, click on File and Storage Services on the left pane. Select Shares from the submenu.
Create a New Share: Click on Tasks and select New Share. Choose the share profile based on your needs (e.g., SMB Share - Quick). Click Next.
Specify Share Location: Choose a volume and specify the folder where the share will be created. Click Next.
Configure Share Settings: Enter a name for the share and configure share settings (e.g., enable access-based enumeration, encrypt data access). Click Next.
Configure Permissions: Set permissions for the share by clicking on Customize permissions. Add or remove users and groups as needed and set the appropriate permissions. Click OK and then Next.
Confirm and Create: Review the settings and click Create to complete the process.
Step 3: Implementing Distributed File System (DFS)
Install DFS Roles: Open Server Manager, click on Manage, and select Add Roles and Features. Follow the wizard and expand File and Storage Services, then File and iSCSI Services. Check DFS Namespaces and DFS Replication, then click Next and Install.
Configure DFS Namespace: In Server Manager, go to Tools and open DFS Management. Right-click on Namespaces and select New Namespace. Enter the name of the server that will host the namespace and click Next. Enter a name for the namespace and follow the wizard to configure the namespace.
Add Folder Targets: Right-click on the new namespace and select New Folder. Enter a name for the folder and add folder targets by specifying the path to shared folders. Click OK to complete the process.
Configure DFS Replication: In DFS Management, right-click on Replication and select New Replication Group. Choose the replication group type and follow the wizard to configure replication settings. Add members and specify folders to replicate.
Step 4: Configure Quotas and File Screening
Install FSRM: Open Server Manager, click on Manage, and select Add Roles and Features. Follow the wizard and expand File and Storage Services, then File and iSCSI Services. Check File Server Resource Manager (FSRM), then click Next and Install.
Open FSRM: In Server Manager, go to Tools and open File Server Resource Manager.
Configure Quotas: In FSRM, right-click on Quota Management and select Create Quota. Choose a folder to apply the quota and configure quota properties (e.g., limit size, notifications). Click Create.
Configure File Screening: In FSRM, right-click on File Screening Management and select Create File Screen. Choose a folder to apply the file screen and configure file screening properties (e.g., block certain file types). Click Create.
Practice Task: Create SMB Share and Configure DFS Namespace
Create a New SMB Share: Follow the steps to create a new SMB share for a specific department or project.
Configure DFS Namespace: Set up a new DFS namespace and add folder targets for shared resources.
Module 5: Virtualization and Containers
Topic: Managing Virtual Machines Using Hyper-V
Description: Implementing Virtualization and Containerization with Hyper-V and Windows Containers.
Practical Lab: Managing Virtual Machines and Containers in Windows Server 2019
Step 1: Install Hyper-V Role
Open Server Manager:
- Click on the Start menu, search for Server Manager, and open it.
Add Roles and Features:
In Server Manager, click on Manage and then Add Roles and Features.
Follow the wizard and select Role-based or feature-based installation.
Select Server:
- Choose the local server or the server you want to install the Hyper-V role on and click Next.
Select Hyper-V:
Check the Hyper-V box. A pop-up window will appear to add required features.
Click Add Features and then Next.
Configure Hyper-V:
Follow the prompts to configure network adapters for virtual machines.
Click Next and then Install to complete the installation.
Step 2: Configure Hyper-V
Open Hyper-V Manager:
- Open Hyper-V Manager from the Start menu or Server Manager.
Create a Virtual Switch:
In Hyper-V Manager, click on Virtual Switch Manager.
Select New virtual network switch and choose the type of switch (External, Internal, or Private).
Configure the switch settings and click OK.
Create a New Virtual Machine:
In Hyper-V Manager, right-click on the server and select New > Virtual Machine.
Follow the New Virtual Machine Wizard to create the virtual machine:
Specify Name and Location: Enter a name and choose the location for the VM.
Specify Generation: Choose Generation 1 or Generation 2.
Assign Memory: Allocate memory for the VM.
Configure Networking: Attach the VM to a virtual switch.
Connect Virtual Hard Disk: Create a new virtual hard disk or attach an existing one.
Install Operating System: Choose the installation media for the OS.
Click Finish to create the VM.
Start and Configure the VM:
Right-click on the newly created VM and select Connect.
Click on Start to power on the VM.
Follow the installation steps to install the operating system on the VM.
Step 3: Implementing Containers in Windows Server 2019
Install Containers Feature:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard and check the Containers box.
Click Next and then Install to complete the installation.
Install Docker:
Open PowerShell as Administrator.
Run the following command to install Docker:
Install-Module -Name DockerMsftProvider -Repository PSGallery -Force Install-Package -Name docker -ProviderName DockerMsftProvider Restart-Computer -Force
Verify Docker Installation:
Open PowerShell and run:
docker version
Ensure Docker is installed and running correctly.
Step 4: Managing Virtual Machines and Containers
Create and Run Docker Containers:
Pull a Docker image from the Docker Hub:
docker pull hello-world
Run the Docker container:
docker run hello-world
Verify that the container runs successfully.
Manage Hyper-V Virtual Machines:
Use Hyper-V Manager to manage virtual machines.
Right-click on VMs to start, stop, pause, or restart them.
Use Checkpoints to save the state of a VM.
Monitor Performance:
- Use Task Manager or Performance Monitor to monitor the performance of virtual machines and containers.
Practice Task: Create and Manage VMs and Containers
Create a New VM:
- Follow the steps to create a new virtual machine with a different operating system.
Run a Docker Container:
- Pull and run a different Docker image (e.g., nginx, redis) and verify its operation.
Module 6: High Availability and Disaster Recovery
Topic: Implementing High Availability and Disaster Recovery Solutions
Description: Configuring Failover Clustering and Backup Solutions.
Practical Lab: Implementing High Availability and Disaster Recovery in Windows Server 2019
Step 1: Install Failover Clustering Feature
Open Server Manager:
- Click on the Start menu, search for Server Manager, and open it.
Add Roles and Features:
In Server Manager, click on Manage and then Add Roles and Features.
Follow the wizard and select Role-based or feature-based installation.
Select Server:
- Choose the local server or the server you want to install the failover clustering feature on and click Next.
Select Failover Clustering:
Check the Failover Clustering box. A pop-up window will appear to add required features.
Click Add Features and then Next.
Install Failover Clustering:
- Complete the wizard and click Install. Wait for the installation to complete.
Step 2: Validate Cluster Configuration
Open Failover Cluster Manager:
- Open Failover Cluster Manager from the Tools menu in Server Manager.
Validate Configuration:
Click on Validate Configuration in the right pane.
Follow the wizard to specify the servers you want to include in the cluster.
Run all tests to validate the configuration. Review the results and ensure all tests pass.
Step 3: Create a Failover Cluster
Create a Cluster:
In Failover Cluster Manager, click on Create Cluster.
Follow the wizard to specify the servers and configure the cluster:
Select Servers: Add the servers that will be part of the cluster.
Cluster Name and IP: Specify a name and IP address for the cluster.
Review the settings and complete the wizard to create the cluster.
Add Storage:
In Failover Cluster Manager, go to Storage and add the disks that will be used by the cluster.
Configure the storage settings as needed.
Step 4: Configure Cluster Roles
Add Cluster Roles:
In Failover Cluster Manager, go to Roles.
Click on Configure Role and follow the wizard to add roles to the cluster:
Choose the role you want to configure (e.g., File Server, Virtual Machine, SQL Server).
Configure the role settings and complete the wizard.
Manage Failover Settings:
Right-click on the configured role and select Properties.
Configure failover settings, including preferred owners and failover policies.
Step 5: Implement Backup Solutions
Install Windows Server Backup:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard and expand Windows Server Backup.
Check Windows Server Backup and click Next and Install.
Configure Backup Schedule:
Open Windows Server Backup from the Tools menu in Server Manager.
Click on Backup Schedule to create a backup schedule:
Choose the backup configuration (Full server or Custom).
Specify the backup time and frequency.
Select the destination for the backup (local disk or network share).
Complete the wizard to schedule the backup.
Perform One-Time Backup:
Click on Backup Once to create a one-time backup.
Follow the wizard to specify the backup settings and complete the process.
Step 6: Test Failover and Recovery
Simulate Failover:
In Failover Cluster Manager, right-click on a cluster role and select Move > Best Possible Node.
Observe the failover process and ensure the role comes online on another node.
Test Backup and Restore:
Use Windows Server Backup to create a backup.
Simulate a failure by deleting data and use the backup to restore the data.
Practice Task: Configure a Failover Cluster and Implement Backup
Create a Failover Cluster:
- Follow the steps to create a new failover cluster with multiple nodes.
Configure Backup Schedule:
- Set up a backup schedule to protect critical data and ensure recoverability.
Module 7: Security Features
Topic: Applying Security Features to Protect Critical Resources
Description: Implementing Security Policies, Auditing, and Encryption.
Practical Lab: Applying Security Features in Windows Server 2019
Step 1: Implement Security Policies
Open Group Policy Management:
- Open Server Manager, go to Tools, and select Group Policy Management.
Create a New Group Policy Object (GPO):
Navigate to the desired domain or Organizational Unit (OU).
Right-click and select Create a GPO in this domain, and Link it here.
Enter a name for the new GPO and click OK.
Edit the GPO:
Right-click the newly created GPO and select Edit.
Navigate to Computer Configuration > Policies > Windows Settings > Security Settings.
Configure security settings such as Account Policies, Local Policies, Windows Firewall with Advanced Security, and Software Restriction Policies.
Step 2: Configure Auditing
Enable Auditing via Group Policy:
Open the Group Policy Management Editor for the GPO you created.
Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration.
Expand Audit Policies and configure settings such as Audit Logon Events, Audit Account Management, and Audit Object Access.
Set Up File and Folder Auditing:
Open File Explorer and navigate to the file or folder you want to audit.
Right-click the file or folder, select Properties, go to the Security tab, and click Advanced.
Go to the Auditing tab and click Add.
Specify the Principal (user or group), select Type (Success, Failure, or All), and configure the Access to audit.
Click OK to save the settings.
Step 3: Implement Encryption
Enable BitLocker Drive Encryption:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard to install the BitLocker Drive Encryption feature.
After installation, open Control Panel, go to BitLocker Drive Encryption, and choose the drive to encrypt.
Follow the prompts to turn on BitLocker and set up encryption options (password, recovery key).
Configure Encrypting File System (EFS):
Open File Explorer and navigate to the file or folder you want to encrypt.
Right-click the file or folder, select Properties, go to the General tab, and click Advanced.
Check the box for Encrypt contents to secure data and click OK.
Click Apply and choose whether to encrypt the file/folder only or include subfolders and files.
Step 4: Implementing Security Baselines
Download Security Compliance Toolkit:
- Visit the Microsoft Security Compliance Toolkit page and download the toolkit.
Import Security Baselines:
Extract the downloaded files and open Local Group Policy Editor.
Right-click Administrative Templates and select Add/Remove Templates.
Import the security baselines from the toolkit.
Apply Security Baselines:
Open Group Policy Management and create a new GPO for the security baseline.
Import the settings from the security compliance toolkit into the new GPO.
Link the GPO to the appropriate domain or OU.
Step 5: Configure Windows Defender
Open Windows Security:
- Go to Settings > Update & Security > Windows Security.
Configure Windows Defender Settings:
Open Windows Security, go to Virus & threat protection, and configure real-time protection, cloud-delivered protection, and automatic sample submission.
Configure advanced settings such as exclusions and scan schedules.
Enable Controlled Folder Access:
In Windows Security, go to Virus & threat protection > Manage ransomware protection.
Turn on Controlled folder access to protect sensitive data from ransomware.
Practice Task: Apply Security Features and Configure Auditing
Create a New GPO for Security Policies:
- Follow the steps to create and edit a new GPO that applies security policies to protect critical resources.
Set Up Auditing for a Shared Folder:
- Configure auditing for a shared folder and review the audit logs in Event Viewer.
Enable BitLocker on a Drive:
- Enable BitLocker encryption on a drive and configure recovery options.
Module 8: Remote Desktop Services
Topic: Configuring Remote Desktop Services
Description: Setting Up and Managing a Virtual Machine-Based Desktop Infrastructure.
Practical Lab: Configuring Remote Desktop Services in Windows Server 2019
Step 1: Install Remote Desktop Services Role
Open Server Manager:
- Click on the Start menu, search for Server Manager, and open it.
Add Roles and Features:
In Server Manager, click on Manage and then Add Roles and Features.
Follow the wizard and select Role-based or feature-based installation.
Select Server:
- Choose the local server or the server you want to install the Remote Desktop Services role on and click Next.
Select Remote Desktop Services:
Check the Remote Desktop Services box. A pop-up window will appear to add required features.
Click Add Features and then Next.
Install Remote Desktop Services:
- Complete the wizard and click Install. Wait for the installation to complete.
Step 2: Configure Remote Desktop Services
Open Remote Desktop Services Configuration:
In Server Manager, click on Remote Desktop Services in the left pane.
Click on Quick Start under the Deploy section.
Deploying a Standard Deployment:
Select Standard deployment to set up a virtual machine-based desktop infrastructure.
Click Next and follow the wizard to configure deployment settings:
Deployment Type: Choose the type of deployment (e.g., session-based or virtual machine-based).
Session Collection: Create and configure a session collection if necessary.
Configure Licensing:
In the Remote Desktop Services section, select RD Licensing.
Click on Per User or Per Device licensing mode.
Configure the Remote Desktop licensing server.
Step 3: Set Up Remote Desktop Session Host (RDSH)
Add RD Session Host:
In the Remote Desktop Services section, select RD Session Host.
Click on Add RD Session Host Servers and follow the wizard to add a session host server.
Install Applications:
Install the necessary applications on the RD Session Host server.
Ensure the applications are configured correctly and accessible to users.
Step 4: Configure Remote Desktop Gateway (RD Gateway)
Add RD Gateway:
In the Remote Desktop Services section, select RD Gateway.
Click on Add RD Gateway Servers and follow the wizard to add a gateway server.
Configure Gateway Settings:
- Set up RD Gateway settings, including the server name, authentication method, and SSL certificates.
Step 5: Configure Remote Desktop Web Access (RD Web Access)
Add RD Web Access:
In the Remote Desktop Services section, select RD Web Access.
Click on Add RD Web Access Servers and follow the wizard to add a web access server.
Configure Web Access Settings:
Configure RD Web Access settings, including the URL, authentication method, and SSL certificates.
Ensure users can access the RD Web Access portal from their web browsers.
Step 6: Configure Remote Desktop Connection Broker (RD Connection Broker)
Add RD Connection Broker:
In the Remote Desktop Services section, select RD Connection Broker.
Click on Add RD Connection Broker Servers and follow the wizard to add a connection broker server.
Configure High Availability:
- Set up high availability for the RD Connection Broker to ensure continuous availability.
Step 7: Monitor and Manage Remote Desktop Services
Monitor RDS Performance:
Use Performance Monitor to track the performance of Remote Desktop Services.
Monitor key metrics such as CPU usage, memory usage, and network activity.
Manage User Sessions:
Use Remote Desktop Services Manager to manage user sessions.
Disconnect, log off, or send messages to active sessions as needed.
Update and Maintain Servers:
Regularly apply updates and patches to all RDS servers.
Ensure security settings are up to date and compliant with organizational policies.
Practice Task: Configure a Remote Desktop Environment
Set Up a Remote Desktop Session Host:
- Follow the steps to set up a Remote Desktop Session Host server and install necessary applications.
Configure RD Gateway and Web Access:
- Set up RD Gateway and RD Web Access servers to enable secure remote access to the session host.
Module 9: Remote Access and Web Services
Topic: Implementing Remote Access and Web Services
Description: Configuring VPN, DirectAccess, and Web Services.
Practical Lab: Implementing Remote Access and Web Services in Windows Server 2019
Step 1: Configuring VPN (Virtual Private Network)
Install Remote Access Role:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard and select Role-based or feature-based installation.
Choose the local server and click Next.
Select Remote Access and click Next.
Select DirectAccess and VPN (RAS) and click Next.
Complete the wizard and click Install.
Configure VPN:
Open the Routing and Remote Access console from the Tools menu in Server Manager.
Right-click on the server and select Configure and Enable Routing and Remote Access.
Follow the wizard to configure a VPN server:
Choose Remote access (dial-up or VPN).
Select VPN and configure the VPN connection settings (e.g., IP address assignment, authentication).
Click Finish to enable the VPN server.
Set Up VPN Clients:
On the client computer, open Network & Internet Settings and go to VPN.
Click Add a VPN connection and enter the VPN server details.
Connect to the VPN to test the configuration.
Step 2: Configuring DirectAccess
Add DirectAccess Configuration:
Open Server Manager, go to Remote Access Management Console, and select DirectAccess and VPN.
Click on Run the Remote Access Setup Wizard.
Choose Deploy DirectAccess only and follow the wizard:
Configure the DirectAccess client settings and add security groups.
Configure the network connectivity and authentication methods.
Specify the infrastructure servers (DNS, NLS).
Complete the wizard to enable DirectAccess.
Configure Group Policy for DirectAccess:
Open Group Policy Management.
Create or edit a Group Policy Object (GPO) linked to the OU containing DirectAccess clients.
Configure DirectAccess client settings in the GPO.
Step 3: Configuring Web Services (IIS)
Install Web Server (IIS) Role:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard and select Role-based or feature-based installation.
Choose the local server and click Next.
Select Web Server (IIS) and click Next.
Complete the wizard and click Install.
Configure IIS:
Open Internet Information Services (IIS) Manager from the Tools menu in Server Manager.
Select the server node and click on Add Website.
Enter the Site name, Physical path, and Binding information (IP address, port, hostname).
Click OK to create the website.
Configure Website Settings:
Select the website node in IIS Manager and configure settings such as Authentication, SSL Certificates, and Application Pools.
Add any necessary MIME types and Handlers for the website.
Step 4: Monitoring and Managing Remote Access and Web Services
Monitor VPN and DirectAccess:
Use Event Viewer to monitor VPN and DirectAccess events.
Track connection attempts, authentication successes, and failures.
Monitor IIS Performance:
Use Performance Monitor to track key metrics for IIS (CPU usage, memory usage, requests/sec).
Check IIS logs for detailed information on web requests and errors.
Manage User Access:
Use Active Directory Users and Computers (ADUC) to manage user accounts and permissions.
Ensure users have the appropriate group memberships for VPN and DirectAccess access.
Practice Task: Configure a VPN and Web Services
Set Up a VPN:
- Follow the steps to set up a VPN server and test connectivity from a client computer.
Create a Website in IIS:
- Create a new website in IIS, configure SSL, and test accessibility from a web browser.
Module 10: Service Monitoring and Performance Monitoring
Topic: Implementing Service Monitoring and Performance Monitoring
Description: Using Performance Monitor and Other Tools to Monitor and Troubleshoot Services.
Practical Lab: Implementing Service Monitoring and Performance Monitoring in Windows Server 2019
Step 1: Using Performance Monitor
Open Performance Monitor:
Click on the Start menu, type perfmon, and press Enter.
Alternatively, open Server Manager, go to Tools, and select Performance Monitor.
Add Performance Counters:
In Performance Monitor, click on the green plus sign (+) in the toolbar to add counters.
Select the desired performance counters (e.g., Processor, Memory, Disk) from the available list.
Click Add and then OK to display the selected counters in the graph.
Create Data Collector Sets:
In Performance Monitor, expand Data Collector Sets and right-click User Defined.
Select New > Data Collector Set.
Enter a name for the data collector set and choose the Create manually (Advanced) option.
Add the performance counters you want to monitor and specify the log format.
Configure the schedule and retention settings, then save the data collector set.
Step 2: Using Event Viewer
Open Event Viewer:
Click on the Start menu, type Event Viewer, and press Enter.
Alternatively, open Server Manager, go to Tools, and select Event Viewer.
Navigate Event Logs:
Expand Windows Logs to view Application, Security, Setup, and System logs.
Expand Applications and Services Logs for more specific logs related to various services.
Create Custom Views:
In Event Viewer, right-click Custom Views and select Create Custom View.
Specify the event log criteria, such as event level, log, source, and event ID.
Save the custom view with a meaningful name to easily access filtered logs.
Step 3: Using Resource Monitor
Open Resource Monitor:
Click on the Start menu, type resmon, and press Enter.
Alternatively, open Server Manager, go to Tools, and select Resource Monitor.
Monitor System Resources:
In Resource Monitor, navigate through the tabs to monitor CPU, Memory, Disk, and Network usage.
Use the graphs and lists to identify resource-intensive processes and analyze resource allocation.
Analyze Performance:
Use the Overview tab for a high-level view of resource usage.
Identify and troubleshoot performance bottlenecks using detailed metrics.
Step 4: Using Task Manager
Open Task Manager:
Press Ctrl + Shift + Esc to open Task Manager.
Alternatively, right-click on the taskbar and select Task Manager.
Monitor Processes and Applications:
Use the Processes tab to view running applications and processes.
Identify processes that are using high CPU, memory, disk, or network resources.
Analyze Performance:
Use the Performance tab to view real-time graphs of CPU, memory, disk, and network usage.
Use the App history tab to analyze resource usage over time for apps.
Manage Startup Programs:
- Use the Startup tab to enable or disable startup programs to optimize system performance.
Step 5: Using Windows Admin Center for Monitoring
Install Windows Admin Center:
Download and install Windows Admin Center on a management server or workstation.
Open Windows Admin Center and connect to the target server.
Monitor Server Performance:
Use the Performance Monitor tool in Windows Admin Center to view real-time performance data.
Configure performance alerts and notifications based on custom thresholds.
Analyze and Troubleshoot Issues:
- Use the Event Viewer, Resource Monitor, and Task Manager tools in Windows Admin Center to diagnose and troubleshoot performance issues.
Step 6: Implementing Alerts and Notifications
Configure Alerts in Performance Monitor:
In Performance Monitor, right-click on Alerts under Data Collector Sets.
Select New > Data Collector Set and choose Create manually (Advanced).
Add performance counters and specify alert thresholds.
Configure the alert action, such as sending an email notification or running a script.
Set Up Event Log Alerts:
In Event Viewer, create a custom view for the specific events you want to monitor.
Set up a task to trigger an action (e.g., send an email) when the event is logged.
Practice Task: Monitor and Troubleshoot a Performance Issue
Create a Data Collector Set in Performance Monitor:
- Set up a data collector set to monitor CPU, memory, and disk usage over time.
Analyze Event Logs for Errors and Warnings:
- Use Event Viewer to identify errors and warnings related to a specific service.
Optimize System Performance:
- Use Resource Monitor and Task Manager to identify and terminate resource-intensive processes.
Module 11: Upgrades and Migrations
Topic: Performing Upgrades and Migrations Related to AD DS and Storage
Description: Upgrading from Previous Windows Server Versions and Migrating Data.
Practical Lab: Performing Upgrades and Migrations in Windows Server 2019
Step 1: Preparing for an Upgrade
Check System Requirements:
Ensure the hardware meets the system requirements for Windows Server 2019.
Verify that all installed applications and drivers are compatible with Windows Server 2019.
Backup Data:
Use Windows Server Backup or a third-party tool to create a full backup of the server.
Ensure you have a backup of all critical data, including system state, applications, and databases.
Review Upgrade Paths:
Understand the supported upgrade paths (e.g., Windows Server 2016 to Windows Server 2019).
Check the Microsoft documentation for any specific considerations or prerequisites.
Step 2: Performing In-Place Upgrade
Insert Installation Media:
- Insert the Windows Server 2019 installation media (ISO file, USB drive, or DVD) into the server.
Run Setup.exe:
Open File Explorer and navigate to the installation media.
Run setup.exe to start the installation process.
Choose Upgrade Option:
Follow the wizard and select Upgrade: Install Windows and keep files, settings, and applications.
Complete the upgrade wizard, which will check for compatibility and proceed with the installation.
Complete Installation:
The server will restart several times during the upgrade process.
After the upgrade is complete, verify that all applications and services are functioning as expected.
Step 3: Migrating Active Directory Domain Services (AD DS)
Prepare the New Server:
- Install Windows Server 2019 on the new server and join it to the existing domain.
Install AD DS Role:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard to install the Active Directory Domain Services role on the new server.
Promote the New Server to Domain Controller:
After installing AD DS, click on Promote this server to a domain controller.
Follow the wizard to add the new server as a replica domain controller in the existing domain.
Transfer FSMO Roles:
Open Active Directory Users and Computers, Active Directory Domains and Trusts, and Active Directory Schema snap-ins.
Transfer the FSMO roles (Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master) to the new server.
Demote the Old Domain Controller:
On the old domain controller, open Server Manager and select Remove Roles and Features.
Follow the wizard to demote the old domain controller and remove the AD DS role.
Step 4: Migrating File Server Data
Prepare the New Server:
- Install Windows Server 2019 on the new file server and configure storage as needed.
Install File Server Role:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard to install the File and Storage Services role on the new server.
Use Storage Migration Service:
Open Windows Admin Center and select Storage Migration Service.
Create a new migration job and specify the source and destination servers.
Follow the wizard to migrate file shares, folders, and permissions to the new server.
Validate Migration:
After the migration is complete, verify that all data and permissions have been transferred correctly.
Update any necessary DNS records and update clients to point to the new file server.
Step 5: Post-Migration Tasks
Verify Functionality:
- Test all applications, services, and roles to ensure they are functioning as expected on the new server.
Update Documentation:
- Update your IT documentation to reflect the changes made during the upgrade and migration.
Monitor Performance:
- Use tools like Performance Monitor, Event Viewer, and Windows Admin Center to monitor the performance of the new server.
Decommission Old Server:
- Once you are confident that the new server is operating correctly, decommission the old server and repurpose or dispose of it according to your organization's policies.
Practice Task: Upgrade a Domain Controller and Migrate File Server Data
Perform In-Place Upgrade:
- Follow the steps to perform an in-place upgrade of a domain controller from Windows Server 2016 to Windows Server 2019.
Migrate File Server Data:
- Use Storage Migration Service to migrate data from an old file server to a new Windows Server 2019 file server.
Module 12: Advanced Administration and Troubleshooting
Topic: Advanced Administration and Troubleshooting
Description: Implementing Advanced Administration Techniques and Troubleshooting Common Issues.
Practical Lab: Advanced Administration and Troubleshooting in Windows Server 2019
Step 1: Implementing PowerShell for Advanced Administration
Open PowerShell:
- Click on the Start menu, type PowerShell, right-click on Windows PowerShell, and select Run as administrator.
Basic PowerShell Commands:
Use basic commands to get familiar with PowerShell:
Get-Help
: Display help information for cmdlets.Get-Command
: List all available cmdlets.Get-Service
: Display the status of services.
Advanced Scripting:
Write and execute PowerShell scripts to automate administrative tasks:
Create a script file (.ps1) using Notepad or any text editor.
Write a script to perform tasks such as creating users, managing files, or configuring settings.
Example: Create a new user
New-ADUser -Name "John Doe" -SamAccountName "jdoe" -UserPrincipalName "jdoe@contoso.com" -Path "OU=Users,DC=contoso,DC=com" -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force) -Enabled $true
Execute the script by running
.\
scriptname.ps
1
in PowerShell.
Step 2: Configuring Advanced Network Settings
Configure NIC Teaming:
Open Server Manager, go to Local Server, and click on NIC Teaming.
Click Tasks and select New Team.
Select the network adapters to include in the team and configure teaming settings.
Configure Network Load Balancing (NLB):
Open Server Manager, click on Manage, and select Add Roles and Features.
Install the Network Load Balancing feature.
Open NLB Manager from the Tools menu.
Create a new NLB cluster and add hosts to the cluster.
Configure the cluster settings, including the IP address and port rules.
Step 3: Implementing and Managing WSUS
Install Windows Server Update Services (WSUS):
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard to install the Windows Server Update Services role.
Select the required services and specify the location for the WSUS content.
Configure WSUS:
Open WSUS from the Tools menu in Server Manager.
Follow the wizard to configure the WSUS settings:
Specify the upstream server (Microsoft Update or another WSUS server).
Configure synchronization settings (schedule and categories).
Approve updates for deployment to client computers.
Deploy Updates Using WSUS:
Configure Group Policy to point client computers to the WSUS server:
Open Group Policy Management.
Create or edit a GPO linked to the domain or OU containing the client computers.
Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update.
Configure the Specify intranet Microsoft update service location policy.
Step 4: Troubleshooting Common Issues
Troubleshoot Network Issues:
Use
ping
,tracert
, andipconfig
to diagnose network connectivity issues.Check the status of network interfaces using
Get-NetAdapter
in PowerShell.Use Network Monitor or Wireshark to analyze network traffic.
Troubleshoot Service Failures:
Open Event Viewer and navigate to Windows Logs > System to check for service-related events.
Use
Get-Service
in PowerShell to check the status of services.Restart services using
Restart-Service -Name "ServiceName"
.
Troubleshoot Disk and Storage Issues:
Use Disk Management to check the status of disks and partitions.
Use Check Disk (
chkdsk
) to scan and repair disk errors.Monitor disk performance using Performance Monitor and check for bottlenecks.
Step 5: Implementing Advanced Security Settings
Configure Advanced Firewall Settings:
Open Windows Defender Firewall with Advanced Security from the Tools menu in Server Manager.
Create and configure inbound and outbound firewall rules.
Use IPsec to secure network communications.
Implement Multi-Factor Authentication (MFA):
Integrate with Azure Multi-Factor Authentication to enhance security.
Configure MFA settings and enforce MFA policies for user access.
Practice Task: Perform Advanced Administration and Troubleshooting
Create and Execute a PowerShell Script:
- Write a PowerShell script to automate a common administrative task and execute it.
Configure NIC Teaming and NLB:
- Set up NIC Teaming and configure Network Load Balancing on a set of servers.
Deploy Updates Using WSUS:
- Install and configure WSUS, and deploy updates to client computers.
Troubleshoot a Service Failure:
- Simulate a service failure and use the troubleshooting steps to resolve it.
Module 13: System Backup and Restore
Topic: Implementing Backup and Restore Solutions
Description: Configuring and Managing Windows Server Backup, and Restoring Data.
Practical Lab: Implementing Backup and Restore Solutions in Windows Server 2019
Step 1: Install Windows Server Backup Feature
Open Server Manager:
- Click on the Start menu, search for Server Manager, and open it.
Add Roles and Features:
In Server Manager, click on Manage and then Add Roles and Features.
Follow the wizard and select Role-based or feature-based installation.
Select Server:
- Choose the local server or the server you want to install the Windows Server Backup feature on and click Next.
Select Windows Server Backup:
Expand Features, check the Windows Server Backup box, and click Next.
Complete the wizard and click Install. Wait for the installation to complete.
Step 2: Configure Windows Server Backup
Open Windows Server Backup:
- Open Server Manager, go to Tools, and select Windows Server Backup.
Set Up Backup Schedule:
In the Actions pane, click on Backup Schedule to open the Backup Schedule Wizard.
Follow the wizard to configure the backup schedule:
Backup Configuration: Choose between a full server backup or a custom backup.
Backup Schedule: Specify the days and times for the backup.
Destination Type: Choose the backup destination (local disk, network share, or external drive).
Backup Destination: Specify the location for the backup.
Completing the Wizard: Review the settings and click Finish to create the backup schedule.
Perform One-Time Backup:
In the Actions pane, click on Backup Once to open the Backup Once Wizard.
Follow the wizard to specify the backup configuration and destination, then perform the backup.
Step 3: Restore Data Using Windows Server Backup
Open Windows Server Backup:
- Open Server Manager, go to Tools, and select Windows Server Backup.
Initiate Restore:
In the Actions pane, click on Recover to open the Recovery Wizard.
Follow the wizard to restore data from a previous backup:
Getting Started: Select the location of the backup to restore from (local disk, network share, or external drive).
Select Backup Date: Choose the date and time of the backup to restore.
Specify Recovery Type: Choose the type of recovery (files and folders, volumes, applications, or system state).
Specify Recovery Options: Configure the recovery options, such as destination and overwrite settings.
Completing the Wizard: Review the settings and click Recover to start the restoration process.
Step 4: Implementing Advanced Backup Solutions
Configure System State Backup:
Open Windows Server Backup, click on Backup Schedule, and choose Custom.
In the Select Items for Backup page, choose Add Items, and select System State.
Complete the wizard to schedule regular system state backups.
Use PowerShell for Backup:
Open Windows PowerShell as an administrator.
Use PowerShell cmdlets to configure and manage backups:
Example: Create a one-time backup
wbadmin start backup -backupTarget:E: -include:C: -allCritical -quiet
Example: Schedule a regular backup
New-WBBackupTarget -NetworkShare \\Server\Backup -UserName user -Password pass Add-WBBackupTarget -Policy $policy -Target $backupTarget Set-WBSchedule -Policy $policy -Schedule 03:00 Enable-WBBackup -Policy $policy
Step 5: Testing Backup and Restore
Verify Backup Completeness:
Check the backup logs in Windows Server Backup to ensure the backups are completed successfully.
Test the backup by restoring a small set of data.
Simulate Data Loss:
Simulate data loss by deleting files or folders.
Use Windows Server Backup to restore the deleted data and verify the restoration.
Practice Task: Configure and Test Backup and Restore
Set Up a Regular Backup Schedule:
- Follow the steps to configure a regular backup schedule for critical data and system state.
Perform a One-Time Backup:
- Perform a one-time backup of the server and verify the backup.
Test Data Restoration:
- Simulate data loss and use the backup to restore the data.
Module 14: Windows Server Migration and Modernization
Topic: Migrating and Modernizing Windows Server Infrastructure
Description: Planning and Executing Windows Server Migrations and Integrating Cloud Services.
Practical Lab: Migrating and Modernizing Windows Server Infrastructure
Step 1: Assessing the Current Environment
Inventory Current Infrastructure:
Use tools like Microsoft Assessment and Planning (MAP) Toolkit to collect inventory data.
Identify servers, applications, and services running in the current environment.
Evaluate hardware and software requirements for the new environment.
Analyze Compatibility:
Ensure all applications and services are compatible with the target Windows Server version.
Identify any potential compatibility issues and plan for mitigation.
Step 2: Planning the Migration
Develop a Migration Plan:
Create a detailed migration plan, including timelines, resource allocation, and risk management.
Determine the sequence of migration for servers, applications, and services.
Choose Migration Tools:
Identify the appropriate tools for the migration process:
Windows Server Migration Tools: Built-in tools for migrating roles and features.
Storage Migration Service: Simplifies data migration from legacy servers to Windows Server 2019.
Azure Migrate: For migrating workloads to Azure.
Step 3: Preparing for Migration
Install Windows Server Migration Tools:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard and select Windows Server Migration Tools under Features.
Complete the wizard to install the tools.
Prepare Source and Destination Servers:
Ensure both source and destination servers meet the requirements for migration.
Install necessary updates and patches on both servers.
Disable any non-essential services to minimize disruption during migration.
Step 4: Migrating Roles and Features
Export Roles and Features from Source Server:
Open Windows PowerShell as an administrator on the source server.
Use the
Export-SmigServerSetting
cmdlet to export roles, features, and other settings:Export-SmigServerSetting -FeatureID DHCP, DNS -Path C:\Migration -Verbose
Transfer the exported settings to the destination server.
Import Roles and Features on Destination Server:
Open Windows PowerShell as an administrator on the destination server.
Use the
Import-SmigServerSetting
cmdlet to import roles, features, and settings:Import-SmigServerSetting -FeatureID DHCP, DNS -Path C:\Migration -Verbose
Verify that the roles and features have been successfully migrated and configured.
Step 5: Migrating Data Using Storage Migration Service
Install Storage Migration Service:
Open Server Manager, click on Manage, and select Add Roles and Features.
Follow the wizard and install the Storage Migration Service role.
Set Up Migration Job:
Open Windows Admin Center and select Storage Migration Service.
Create a new migration job and specify the source and destination servers.
Configure the job settings, including data transfer options and schedules.
Start the migration job and monitor its progress.
Validate Migration:
After the migration is complete, verify that all data has been transferred correctly.
Update any necessary configurations and ensure applications and services are functioning as expected.
Step 6: Integrating Cloud Services
Set Up Azure Migrate:
Open the Azure portal and create a new Azure Migrate project.
Use the Azure Migrate: Server Migration tool to assess on-premises servers.
Install the Azure Migrate appliance on the on-premises server to collect data.
Plan and Execute Migration to Azure:
Review the assessment reports generated by Azure Migrate.
Configure the migration settings and select the workloads to be migrated.
Start the migration process and monitor its progress through the Azure portal.
Optimize and Secure Azure Resources:
After migration, optimize the Azure resources for performance and cost.
Implement security best practices to protect the migrated workloads.
Practice Task: Plan and Execute a Server Migration
Create a Migration Plan:
- Develop a detailed migration plan for moving a critical server to Windows Server 2019.
Perform Data Migration:
- Use Storage Migration Service to migrate data from a legacy server to the new environment.
Integrate Cloud Services:
- Set up Azure Migrate and execute a test migration of a workload to Azure.
Module 15: Automating Windows Server Administration
Topic: Automating Administration with PowerShell and Task Scheduler
Description: Using PowerShell Scripts and Task Scheduler to Automate Administrative Tasks.
Practical Lab: Automating Windows Server Administration
Step 1: Writing PowerShell Scripts for Automation
Open PowerShell ISE:
- Click on the Start menu, type PowerShell ISE, and open it as an administrator.
Create a PowerShell Script:
In the PowerShell ISE, click on New Script.
Write a script to automate administrative tasks. Example:
# Script to create a new user in Active Directory Import-Module ActiveDirectory $username = "jdoe" $password = ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force $ou = "OU=Users,DC=contoso,DC=com" New-ADUser -Name "John Doe" -SamAccountName $username -UserPrincipalName "$username@contoso.com" -Path $ou -AccountPassword $password -Enabled $true
Save the Script:
- Save the script with a .ps1 extension (e.g., CreateUser.ps1).
Step 2: Running PowerShell Scripts
Set Execution Policy:
Open PowerShell as an administrator and set the execution policy:
Set-ExecutionPolicy RemoteSigned
Confirm the change by typing Y and pressing Enter.
Run the Script:
Navigate to the directory where the script is saved and run it:
.\CreateUser.ps1
Step 3: Scheduling Tasks with Task Scheduler
Open Task Scheduler:
- Click on the Start menu, type Task Scheduler, and open it.
Create a Basic Task:
In Task Scheduler, click on Create Basic Task.
Enter a name and description for the task and click Next.
Set Trigger:
Choose the trigger for the task (e.g., daily, weekly, at startup) and click Next.
Configure the trigger settings and click Next.
Set Action:
Choose Start a program and click Next.
Click Browse and select PowerShell.exe from the system32 folder.
In the Add arguments field, enter the path to the script:
-File "C:\Scripts\CreateUser.ps1"
Click Next and review the settings.
Finish:
- Click Finish to create the task.
Step 4: Using Advanced Task Scheduler Options
Create a Task with Advanced Options:
- In Task Scheduler, click on Create Task for more advanced options.
General Tab:
- Enter the task name and description. Configure user account settings and security options.
Triggers Tab:
- Add multiple triggers with different schedules and conditions.
Actions Tab:
- Add multiple actions, such as starting programs, sending emails, or displaying messages.
Conditions Tab:
- Configure conditions that must be met for the task to run (e.g., only run when the computer is idle).
Settings Tab:
- Configure additional settings, such as stopping the task if it runs longer than a specified time and allowing the task to be run on demand.
Step 5: Monitoring and Managing Scheduled Tasks
View Scheduled Tasks:
- Open Task Scheduler and navigate to the Task Scheduler Library to view and manage all scheduled tasks.
Edit or Delete Tasks:
- Right-click on a task to edit its properties, disable it, or delete it.
Check Task History:
- Use the History tab to view the execution history and diagnose any issues.
Practice Task: Automate a Daily Backup Task
Write a PowerShell Script for Backup:
Create a script to perform a backup using Windows Server Backup:
wbadmin start backup -backupTarget:E: -include:C: -allCritical -quiet
Save the script as DailyBackup.ps1.
Schedule the Backup Task:
- Use Task Scheduler to create a daily task that runs the backup script.
Basic Questions
What is the difference between a primary, extended, and logical partition?
Primary Partition: A bootable partition that can contain the operating system and other system files. You can have up to four primary partitions on a single hard drive.
Extended Partition: Used to overcome the limit of four primary partitions. It cannot be used directly to store data but can contain multiple logical partitions.
Logical Partition: Created within an extended partition and used to store data. There is no limit to the number of logical partitions within an extended partition.
Can you explain the difference between basic and dynamic disks?
Basic Disk: Uses traditional partition tables (MBR or GPT) and can contain primary and extended partitions.
Dynamic Disk: Uses a dynamic volume structure, allowing the creation of volumes that span multiple disks (spanned and striped volumes) and provide features like fault tolerance (mirrored and RAID-5 volumes).
What is diskpart and how do you use it?
- Diskpart: A command-line utility in Windows used for managing disk partitions. You can use it to create, delete, and resize partitions. For example, to list disks, type
list disk
; to select a disk, typeselect disk X
; and to create a partition, typecreate partition primary
.
- Diskpart: A command-line utility in Windows used for managing disk partitions. You can use it to create, delete, and resize partitions. For example, to list disks, type
How do you extend a partition in Windows Server?
Using Disk Management: Right-click the partition you want to extend, select "Extend Volume," and follow the wizard.
Using Diskpart: Open Command Prompt as an administrator, type
diskpart
, select the disk and partition, and then use theextend
command.
How do you shrink a partition in Windows Server?
Using Disk Management: Right-click the partition, select "Shrink Volume," and specify the amount of space to shrink.
Using Diskpart: Open Command Prompt as an administrator, type
diskpart
, select the disk and partition, and then use theshrink
command.
What is RAID and what are the different RAID levels?
RAID: Stands for Redundant Array of Independent Disks, a technology that combines multiple disk drives into a single unit for redundancy or performance improvement.
RAID Levels: Common levels include RAID 0 (striping for performance), RAID 1 (mirroring for redundancy), RAID 5 (striping with parity), and RAID 10 (a combination of RAID 1 and RAID 0 for both redundancy and performance).
What is the purpose of the Windows Registry?
- The Windows Registry is a hierarchical database that stores low-level settings and configurations for the operating system and applications.
How do you create a new user account in Active Directory?
- Open Active Directory Users and Computers (ADUC), right-click on the container or OU where you want to create the user, select "New" > "User," and follow the wizard to enter user details and credentials.
What is the difference between a domain and a forest in Active Directory?
Domain: A logical group of network objects (users, computers, devices) that share the same Active Directory database.
Forest: A collection of one or more domains that share a common schema and global catalog. It represents the top-level container in Active Directory.
What is DNS and what is its role in a network?
- DNS: Stands for Domain Name System, which translates human-readable domain names (like www.example.com) into IP addresses (like 192.168.1.1).
Intermediate Questions
How do you configure a static IP address on a Windows Server?
- Open Network and Sharing Center, click on "Change adapter settings," right-click the network adapter, select "Properties," double-click on "Internet Protocol Version 4 (TCP/IPv4)," select "Use the following IP address," and enter the IP address, subnet mask, and default gateway.
What are the steps to install and configure Active Directory Domain Services (AD DS)?
- Open Server Manager, click on "Add roles and features," select "Active Directory Domain Services," complete the wizard, and then run
dcpromo
to promote the server to a domain controller.
- Open Server Manager, click on "Add roles and features," select "Active Directory Domain Services," complete the wizard, and then run
How do you set up a VPN on a Windows Server?
- Open Server Manager, install the "Remote Access" role, configure "Routing and Remote Access," set up the VPN by selecting "VPN Access," and configure VPN properties such as IP address assignment and user permissions.
What is Group Policy and how do you use it to manage user settings?
- Group Policy is a feature in Active Directory that allows centralized management and configuration of operating systems, applications, and user settings. You can use the Group Policy Management Console (GPMC) to create and manage Group Policy Objects (GPOs) and link them to OUs, domains, or sites.
How do you perform a backup and restore of a Windows Server?
- Use Windows Server Backup (WSB). Open the WSB console, create a backup schedule or run a one-time backup, and select the items to back up. For restore, open the WSB console, select the backup to restore from, and follow the wizard to restore files, applications, or the entire system.
What are the steps to install and configure DHCP on a Windows Server?
- Open Server Manager, click on "Add roles and features," select "DHCP Server," complete the wizard, and then open the DHCP console to configure scopes, options, and reservations.
How do you monitor server performance using Performance Monitor?
- Open Performance Monitor (perfmon), add counters for the resources you want to monitor (CPU, memory, disk, network), and review real-time or historical data to analyze performance.
What is the difference between Windows Server Standard and Datacenter editions?
Windows Server Standard: Designed for smaller environments with limited virtualization needs (up to two virtual instances).
Windows Server Datacenter: Designed for larger environments with extensive virtualization needs (unlimited virtual instances) and includes additional features like Storage Spaces Direct and Shielded VMs.
How do you troubleshoot network connectivity issues on a Windows Server?
- Use tools like ping, tracert, ipconfig, and nslookup to diagnose and troubleshoot network issues. Check network adapter settings, firewall rules, and DNS configurations.
What is the purpose of Windows Updates and how do you manage them?
- Windows Updates provide security patches, bug fixes, and feature improvements. You can manage updates using Windows Update settings, Group Policy, or Windows Server Update Services (WSUS).
Advanced Questions
How do you implement and manage Active Directory Federation Services (AD FS)?
- Install the AD FS role via Server Manager, configure the federation service, set up relying party trusts and claims rules, and ensure secure communication with SSL certificates.
What are the steps to set up and configure a Windows Server Update Services (WSUS) server?
- Install the WSUS role via Server Manager, configure the update source and proxy settings, select products and classifications to update, configure automatic approval rules, and schedule update synchronizations.
How do you configure and manage Windows Server Failover Clustering (WSFC)?
- Install the Failover Clustering feature, validate the cluster configuration, create the cluster, add nodes, and configure cluster resources and roles.
What are the best practices for securing a Windows Server environment?
- Implement strong passwords and account policies, enable firewalls, apply security patches regularly, use antivirus and anti-malware software, configure auditing and monitoring, and restrict administrative privileges.
How do you implement and manage BitLocker Drive Encryption on a Windows Server?
- Enable BitLocker via Control Panel or Group Policy, configure encryption settings, choose the authentication method (PIN, password, TPM), and back up recovery keys.
What are the steps to set up and configure a Remote Desktop Services (RDS) environment?
- Install the RDS role via Server Manager, configure the RD Session Host, RD Connection Broker, RD Web Access, and RD Gateway roles, and create and publish RemoteApp programs or virtual desktops.
How do you configure and manage Windows Server Backup?
- Open the Windows Server Backup console, create a backup schedule or run a one-time backup, select the items to back up (files, applications, or the entire system), and specify the backup destination (local disk, network share, or external drive).
What are the steps to set up and configure a Hyper-V environment on a Windows Server?
- Install the Hyper-V role via Server Manager, create virtual switches, create and configure virtual machines, and manage virtual machine settings (memory, storage, network).
How do you implement and manage Network Access Protection (NAP) on a Windows Server?
- Install the NAP role via Server Manager, configure NAP policies and enforcement methods (DHCP, VPN, IPsec), configure NAP health policies, and monitor NAP compliance.
What are the steps to set up and configure a Windows Server Essentials experience?
- Install the Windows Server Essentials Experience role via Server Manager, complete the configuration wizard, set up user accounts and groups, configure shared folders and storage, and enable client computer backups and remote access.
Conclusion
Congratulations on completing this comprehensive guide to Windows Server 2019 Administration! Throughout these modules, you've gained hands-on experience with a wide range of tasks, from setting up and configuring servers to implementing high availability, security features, and automation. With the skills and knowledge you've acquired, you'll be well-equipped to manage and maintain Windows Server 2019 environments effectively. Remember, continuous learning and practice are key to mastering server administration. Keep exploring new features, tools, and best practices to stay ahead in your IT career. If you have any further questions or need additional resources, don't hesitate to reach out. Happy administering!
/