MCSA 70-741 Cert Guide: Networking with Windows Server 2016, 1st edition
Published by Pearson IT Certification (May 26, 2017) © 2017
- Michael S. Schulz
Price Reduced From: $49.99
Details
- A print text
- Free shipping
- Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
Access Details
- Access courses online from any computer (PC or Mac) or tablet (Android or iOS)
- Native app available for mobile use; use online, or download and work offline; data syncs automatically
- Purchase print or digital codes from your college bookstore, or printed access code cards here
Features
- Interactive learning elements throughout, including exercises, quizzes, flashcards, and video tutorials
Introduction xxix
Part I: Implement Windows Server 2016 DNS
Chapter 1 Installing and Configuring DNS Servers 3
“Do I Know This Already?” Quiz 3
Foundation Topics 7
DNS Fundamentals 7
DNS Queries 9
Difference Between Authoritative and Nonauthoritative Responses 9
Recursive Queries 10
Iterative Queries 10
Forwarding 10
Round Robin 11
Conditional Forwarding 12
DNS Server Caching 13
Cache Locking 14
Resource Record Types 14
File-Based Zone Types 15
Active Directory—Integrated Zone Types 16
Dynamic Update 17
Delegating DNS Administration 17
DNS Logging 18
Aging and Scavenging 20
DNS Backup 21
Netmask Ordering 21
Socket Pool 21
Nano Server 22
Windows Server 2016 DNS Installation 23
Using DNS with Active Directory 23
Using DNS Without Active Directory 24
DNS Server Installation Options 24
Tools for DNS Server Installation 24
Installing DNS with Server Manager 25
Installing DNS with PowerShell 36
Installing a DNS Server on RODC 36
Installing a DNS Server on Azure 39
Installing a DNS Server on a Nano Server 43
Nano Server Zero Footprint Model 44
Nano Server Deployment Scenarios 44
Nano Server Recovery Console 45
DNS Servers Supported on Nano Server 46
Adding Roles on Nano Server 46
Adding Nano Server to a Domain 49
Installing a DNS Server Package on Nano Server 50
Setting Static IP Addresses on Nano Server 50
Adding Drivers on Nano Server 50
Injecting Additional Drivers for Nano Server Deployment 51
Connecting with WinRM to Nano Server 51
Deploying Nano DNS Server During Image Creation 51
Deploying Nano Server and Adding the DNS Package Afterward 52
Deploying DNS Nano Server to Bare Metal Host 54
Configuring Nano Server as a DNS Client 55
Configure and Implement DNS Global Settings Using Windows PowerShell 56
Set-DnsServerGlobalQueryBlockList 56
Set-DnsServerResponseRateLimiting 56
Enabling RRL 57
Enabling RRL LogOnly-mode 57
Configuring RRL Exception Lists 57
Set-DnsServerZoneTransferPolicy 58
Set-DnsServerRecursionScope 58
Export-DnsServerZone 59
Configure Forwarders 59
Types of Forwarders 59
Configuring DNS Forwarder with PowerShell 60
Configuring Forwarder with DNS Manager Console 61
Selective Recursion Control Using DNS Server Policies 62
Configuring Root Hints 63
Configure DNS Delegation 65
Creating DNS Delegation Automatically 65
Ignoring DNS Delegation Option 65
Configuring DNS Delegation with PowerShell 66
Configure DNS Socket Pool 66
Configure Cache Locking 67
Configure DNS Logging 68
Monitoring Tab 68
Auditing and Analytic Event Logging 69
Configure DNS Delegated Administration 70
DNSAdmins Security Group 70
Privileged Account Management 71
Exam Preparation Tasks 72
Chapter 2 Creating and Configuring DNS Zones and Records 79
“Do I Know This Already?” Quiz 79
Foundation Topics 84
Zone Type Overview 84
Primary Zones 84
Secondary Zones 85
Stub Zones 86
File-Based Zone Types 88
Active Directory—Integrated Zone Types 89
Active Directory—Integrated Zones 89
msdcs Zone 91
Primary Zones 92
Forward Lookup Zones 92
Reverse Lookup Zones 93
Managing Primary Zones with PowerShell 93
Primary DNS Server as a Single Point of Failure 96
Fault Tolerance with AD-Integrated DNS Servers 96
Encrypted DNS Data Replication Traffic 96
Benefits of AD-Integrated Zones 97
Managing AD-Integrated Zones with PowerShell 97
Secondary Zones 98
Zone Transfer Process 98
Modifying Zone Transfer Settings Using the DNS Manager 99
Modifying Zone Transfer Settings Using the Command Line 100
Types of Zone Transfers 101
Using DNS Policies in a Primary/Secondary Deployment 101
Stub Zones 104
Stub Zone Name Resolution Process 104
Communication Between DNS Servers That Host Parent and Child Zones 105
Managing Stub Zones with PowerShell 105
GlobalNames Zones 105
Creating a GlobalNames Zone 105
Managing a GlobalNames Zone with PowerShell 106
DNSSEC 106
DNSSEC Zone Signing Wizard 107
Analyzing Zone-Level Statistics 107
Windows Server 2012 R2 DNS Server Statistics 108
Windows Server 2016 Enhanced Zone-Level Statistics 108
Zone Scavenging 109
Enabling and Disabling Scavenging 109
Starting the Scavenging Process 110
Scavenging Configuration with PowerShell 111
Record Options 111
Most Common Resource Records 112
TLSA Records and Unknown Record Types 112
Managing Resource Records with PowerShell 112
DNS Audit and Analytical Events 114
Enabling or Disabling Analytical DNS Logging 114
Exam Preparation Tasks 115
Chapter 3 Configuring and Managing DNS Policies 119
“Do I Know This Already?” Quiz 119
Foundation Topics 122
DHCP Options 122
DHCP Name Protection 123
Manage DNS Client Settings with PowerShell 125
Manage DNS Server Settings with PowerShell 126
Network Troubleshooting with PowerShell 132
Understanding Routing 134
Routing with Windows Server 2016 135
Split DNS 136
NRPT and Split DNS 137
DNS Policies 138
DNS Policy Elements 139
Types of DNS Policies and Differences 139
DNS Policy Parameters 140
Multiple Query Resolution DNS Policies 141
Using DNS Policies Based on Location 141
Using DNS Policies for Split-Brain 143
Selective Recursion Control with DNS Policies 145
How Selective Recursion Control with DNS Policies Works 146
Practice: Block Queries for a Domain with DNS Policies 146
Practice: Create a Server-Level Zone Transfer Policy 146
Practice: Create a Zone-Level Zone Transfer Policy 146
Practice: Block Queries from a Domain 147
Practice: Allow Queries Only from a Domain 147
Responses Based on Time of Day 147
Time-of-Day Responses with Azure App Server 149
Exam Preparation Tasks 151
Chapter 4 Understanding and Configuring DNSSEC 155
“Do I Know This Already?” Quiz 155
Foundation Topics 159
DNSSEC Planning 159
DNSSEC Requirements 160
Identifying Goals 161
DNSSEC Staging 162
Enabling DNSSEC 163
DNSSEC Functionality 165
DNSSEC and RODCs 165
DNSSEC Zone Signing Wizard 166
Key Master 170
Transferring the Key Master 171
Key Signing Key 172
Understanding ZSK 176
DNSSEC Monitoring 180
Event Viewer 180
DNSSEC Outages 181
DNSSEC Status Verification 181
Trust Anchors 182
DS Resource Record Set 186
Updating and Removing Trust Anchors 186
Trust Anchor Types 187
Trust Anchor Status 187
Trust Anchor Status Verification 187
Root Zone Trust Anchor 188
DNSSEC Priming 189
Trust Anchor Distribution with Active Directory 189
Trust Anchor Distribution in Active Directory Using DNS Manager 189
Trust Anchor Distribution in Active Directory Using PowerShell 190
ZSK/KSK Rollover Process 190
DNSSEC Clients 192
Name Resolution Policy 192
Security-aware Status 194
DNSSEC and Delegation 194
Chain of Trust 195
DNSSEC Record Types 197
RRset 198
DNSKEY Record 198
DS Record 199
RRSIG Record 199
NSEC/NSEC3 Records 200
Exam Preparation Tasks 202
Chapter 5 Understanding and Configuring DANE 209
“Do I Know This Already?” Quiz 210
Foundation Topics 213
DANE Overview 213
DANE Criteria 215
DANE Statements 215
DANE Operation Modes 215
DANE Bottlenecks 216
DANE Security 217
TLSA Records 218
Configuring DANE 224
DANE Example Configuration 224
Common DANE Failures 228
Exam Preparation Tasks 229
Part II: Implement Windows Server 2016 DHCP
Chapter 6 Installing and Configuring Windows Server 2016 DHCP Server 235
“Do I Know This Already?” Quiz 235
Foundation Topics 239
DHCP Fundamentals 239
DHCP Address Allocation Process 240
DHCP Lease Generation 240
DHCP Lease Renewal Process 241
DHCP Database 242
DHCP Backup 242
Moving a DHCP Database 243
DHCP Server Migration 243
DHCP Data Import 244
Exporting and Importing DHCP Data with netsh 244
DHCP Server Installation 244
Performing DHCP Post-Installation Tasks with PowerShell Commands 249
DHCP Authorization 251
Active Directory Requirements 251
Standalone DHCP Server Considerations 251
Unauthorized DHCP Servers 252
DHCP Scopes 252
Superscopes 252
Multicast Scopes 253
Creating and Configuring DHCP Scopes 256
Creating DHCP Scopes with PowerShell 259
DHCP Options 261
Common IPv4 DHCP Scope Options 261
PXE Boot Options 262
Common IPv6 DHCP Scope Options 262
Applying DHCP Options 263
DHCP Relay Agent 264
DHCP Security Options 264
Limited Network Access 265
DHCP Auditing 265
DHCP Name Protection 266
Just Enough Administration 267
DHCP High Availability 271
DHCP Clustering 271
Split Scopes 271
DHCP Failover 271
DHCP Failover Overview 271
Configuring DHCP Failover 272
DHCP Policies 275
DHCP Policy Conditions 275
DHCP Policies Example 276
Exam Preparation Tasks 279
Part III: Implement Windows Server 2016 IPAM
Chapter 7 Implementing Windows Server 2016 IPAM 285
“Do I Know This Already?” Quiz 286
Foundation Topics 289
IPAM Fundamentals 289
IPAM Architecture 290
IPAM Deployment Requirements 291
IPAM Deployment Considerations 292
IPAM Improvements in Windows Server 2012 R2 293
IPAM Improvements in Windows Server 2016 294
IPAM Provisioning 295
IPAM Network Communication 306
IPAM Administration 307
Configuring IPAM Options 312
Configure IPAM Managed Servers 313
Configuring IPAM Domains 314
Managing DNS Using IPAM 314
Create and Manage IP Blocks and Ranges 316
Managing IP Addressing 317
Adding Address Spaces to IPAM 317
Importing and Updating Address Spaces 319
Finding, Allocating, and Reclaiming IP Addresses 320
Finding and Allocating IP Addresses in IPAM 321
Reclaiming IP Addresses in IPAM 321
IP Address Tracking 321
Monitor Utilization of IP Address Spaces 322
Configure IPAM Database Storage Using SQL Server 324
Purging Utilization Data from IPAM Database 326
IPAM and SCVMM 326
Exam Preparation Tasks 328
Chapter 8 Managing DNS and DHCP Using Windows Server 2016 IPAM 333
“Do I Know This Already?” Quiz 334
Foundation Topics 338
Manage DHCP Server Properties Using IPAM 338
DHCP Server Properties 339
DHCP Server Options 342
Configure DHCP Scopes and Options Using IPAM 344
Configuring Predefined DHCP Options and Values 344
Configuring DHCP Scopes Using IPAM 345
Configure DHCP Policies and Failover Using IPAM 350
Creating DHCP Policies for Multiple DHCP Servers Using IPAM 350
Configuring DHCP Failover Using IPAM 351
Configure DNS Server Properties Using IPAM 353
Managing DNS Server Properties Using IPAM 353
Filtering the View of DNS Server Settings 354
Manage DNS Zones and Records Using IPAM 355
Managing DNS Zones and Records with PowerShell 355
Managing DNS Zone Settings Through IPAM 356
Managing Subdomains Through IPAM 358
Managing DNS Resource Records Using IPAM 360
Filtering the View of DNS Resource Records 362
Saving Views of IPAM DNS Zone Information 363
Manage DNS and DHCP Servers in Multiple Active Directory Forests Using IPAM 364
Prerequisites for Managing Multiple Active Directory Forests with IPAM 364
Configuring Multiple-Forest IPAM Management 365
Managing DNS Servers and Zones in a Multiple-Forest IPAM Environment 368
Using RBAC to Delegate DNS and DHCP Server Administration Using IPAM 370
Exam Preparation Tasks 374
Chapter 9 Windows Server 2016 IPAM Audit Changes and Events 381
“Do I Know This Already?” Quiz 381
Foundation Topics 383
Audit the Changes Performed on the DNS and DHCP Servers 383
IPAM Scheduled Tasks 384
IPAM Monitoring Views 385
Configuring Logical Groups and Custom Fields with the IPAM Console 387
Configuring Custom Fields with IPAM in PowerShell 393
Viewing Changes Performed on IPAM-Managed Servers 394
IPAM Configuration Events 396
Best Practices for Using the IPAM Event Catalog 397
Audit the IPAM Address Usage Trail 398
Best Practices for Monitoring, Auditing, and Managing 400
Audit DHCP Lease Events and User Logon Events 400
Exam Preparation Tasks 401
Part IV: Implement Network Connectivity and Remote Access Solutions
Chapter 10 Windows Server 2016 VPN and DirectAccess Solutions 405
“Do I Know This Already?” Quiz 405
Foundation Topics 410
Implementing Remote Access and S2S VPN Solutions Using RAS Gateway 410
Site-to-Site (S2S) VPN 412
Persistent or On-demand S2S VPN Connections 417
Configure Different VPN Protocol Options 417
Configure Authentication Options 419
Configure VPN Reconnect 420
Create and Configure VPN Connection Profiles 422
Configuring VPN Connection Profiles with PowerShell 424
App-Triggered VPN Feature 424
Scenarios for RAS VPN and S2S VPN and Appropriate Protocols 426
Remote Access VPN Connection Scenarios 426
VPN Connections with PPTP 426
VPN Connections with L2TP/IPsec 427
VPN Connections with SSTP 427
VPN Connections with IKEv2 428
On-premises S2S VPN Connection Scenarios 428
On-premises to Microsoft Azure S2S VPN Connection Scenarios 429
Web Application Proxy Scenarios 430
Install and Configure DirectAccess 431
DirectAccess Infrastructure Components 431
DirectAccess Key Components 432
DirectAccess Solution Component: DirectAccess Server 432
DirectAccess Solution Component: DirectAccess Client 434
DirectAccess Solution Component: Active Directory 435
DirectAccess Solution Component: DNS Server 435
Internal Name Resolution 436
External Name Resolution 436
NRPT for Local Name Resolution 437
Split-Brain DNS 437
LLMNR for Local Name Resolution 437
DirectAccess Solution Component: Network Location Server 438
DirectAccess Solution Component: KDC Proxy 440
DirectAccess Solution Component: Certification Service 440
DirectAccess Solution Component: Certificates 440
DirectAccess Solution Component: DNS64 441
DirectAccess Solution Component: 6to4 441
DirectAccess Solution Component: ISATAP 442
DirectAccess Solution Component: Teredo 442
DirectAccess Solution Component: Group Policy 443
DirectAccess Solution Component: WMI Filter 444
DirectAccess Solution Component: NCA 444
Implement DirectAccess Server Requirements 445
Basic DirectAccess Deployment 446
Configuring the Basic DirectAccess Infrastructure (Phase 1) 446
Configuring Server Network Settings 447
Configuring Routing 448
Configuring Firewalls 448
Configuring DNS Server 449
Configuring Active Directory 450
Configuring GPOs 451
Configuring Security Groups 464
Configuring Basic DirectAccess Server (Phase 2) 465
Installing the Remote Access Role 465
Configuring DirectAccess with the Getting Started Wizard 466
Updating Clients with the DirectAccess Configuration 469
Verifying the Basic DirectAccess Deployment (Phase 3) 470
Advanced DirectAccess Deployment 470
DirectAccess PowerShell Cmdlets 474
Implement DirectAccess Client Requirements 477
Troubleshooting DirectAccess 478
Exam Preparation Tasks 481
Chapter 11 Windows Server 2016 Network Policy Server 485
“Do I Know This Already?” Quiz 486
Foundation Topics 489
Implementing RADIUS 489
Registering the NPS Server in Active Directory 491
RADIUS Client Configuration 493
Implementing RADIUS Proxy 496
Implementing RADIUS Clients 497
Configuring a VPN Server as a RADIUS Client 498
Configuring a DirectAccess Server as a RADIUS Client 501
OTP Certificate Template Planning for Windows Server 2016 DirectAccess Server RADIUS Client 508
Configure NPS Templates 513
Configure RADIUS Accounting 516
NPS Log File Properties 517
NPS SQL Server Logging 517
ping user-name 518
Certificates 519
Using Certi
Need help? Get in touch