MCSA 70-741 Cert Guide: Networking with Windows Server 2016, 1st edition

Published by Pearson IT Certification (May 26, 2017) © 2017

  • Michael S. Schulz
Products list

Details

  • A print text
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com
Products list

Access Details

  • Access courses online from any computer (PC or Mac) or tablet (Android or iOS)
  • Native app available for mobile use; use online, or download and work offline; data syncs automatically 
  • Purchase print or digital codes from your college bookstore, or printed access code cards here

Features

  • Interactive learning elements throughout, including exercises, quizzes, flashcards, and video tutorials
The MCSA 70-741 Cert Guide is the most comprehensive study guide available for certification candidates who want to pass Microsoft’s 70-741 exam and fully leverage Windows Server 2016’s most advanced networking services in production environments. With uniquely thorough technical coverage, carefully mapped to the exam’s objectives, it brings together all the information and insight students need to succeed on their MCSA 70-741: Networking with Windows Server 2016 exam.

Introduction xxix

Part I: Implement Windows Server 2016 DNS

Chapter 1 Installing and Configuring DNS Servers 3

“Do I Know This Already?” Quiz 3

Foundation Topics 7

DNS Fundamentals 7

DNS Queries 9

Difference Between Authoritative and Nonauthoritative Responses 9

Recursive Queries 10

Iterative Queries 10

Forwarding 10

Round Robin 11

Conditional Forwarding 12

DNS Server Caching 13

Cache Locking 14

Resource Record Types 14

File-Based Zone Types 15

Active Directory—Integrated Zone Types 16

Dynamic Update 17

Delegating DNS Administration 17

DNS Logging 18

Aging and Scavenging 20

DNS Backup 21

Netmask Ordering 21

Socket Pool 21

Nano Server 22

Windows Server 2016 DNS Installation 23

Using DNS with Active Directory 23

Using DNS Without Active Directory 24

DNS Server Installation Options 24

Tools for DNS Server Installation 24

Installing DNS with Server Manager 25

Installing DNS with PowerShell 36

Installing a DNS Server on RODC 36

Installing a DNS Server on Azure 39

Installing a DNS Server on a Nano Server 43

Nano Server Zero Footprint Model 44

Nano Server Deployment Scenarios 44

Nano Server Recovery Console 45

DNS Servers Supported on Nano Server 46

Adding Roles on Nano Server 46

Adding Nano Server to a Domain 49

Installing a DNS Server Package on Nano Server 50

Setting Static IP Addresses on Nano Server 50

Adding Drivers on Nano Server 50

Injecting Additional Drivers for Nano Server Deployment 51

Connecting with WinRM to Nano Server 51

Deploying Nano DNS Server During Image Creation 51

Deploying Nano Server and Adding the DNS Package Afterward 52

Deploying DNS Nano Server to Bare Metal Host 54

Configuring Nano Server as a DNS Client 55

Configure and Implement DNS Global Settings Using Windows PowerShell 56

Set-DnsServerGlobalQueryBlockList 56

Set-DnsServerResponseRateLimiting 56

Enabling RRL 57

Enabling RRL LogOnly-mode 57

Configuring RRL Exception Lists 57

Set-DnsServerZoneTransferPolicy 58

Set-DnsServerRecursionScope 58

Export-DnsServerZone 59

Configure Forwarders 59

Types of Forwarders 59

Configuring DNS Forwarder with PowerShell 60

Configuring Forwarder with DNS Manager Console 61

Selective Recursion Control Using DNS Server Policies 62

Configuring Root Hints 63

Configure DNS Delegation 65

Creating DNS Delegation Automatically 65

Ignoring DNS Delegation Option 65

Configuring DNS Delegation with PowerShell 66

Configure DNS Socket Pool 66

Configure Cache Locking 67

Configure DNS Logging 68

Monitoring Tab 68

Auditing and Analytic Event Logging 69

Configure DNS Delegated Administration 70

DNSAdmins Security Group 70

Privileged Account Management 71

Exam Preparation Tasks 72

Chapter 2 Creating and Configuring DNS Zones and Records 79

“Do I Know This Already?” Quiz 79

Foundation Topics 84

Zone Type Overview 84

Primary Zones 84

Secondary Zones 85

Stub Zones 86

File-Based Zone Types 88

Active Directory—Integrated Zone Types 89

Active Directory—Integrated Zones 89

msdcs Zone 91

Primary Zones 92

Forward Lookup Zones 92

Reverse Lookup Zones 93

Managing Primary Zones with PowerShell 93

Primary DNS Server as a Single Point of Failure 96

Fault Tolerance with AD-Integrated DNS Servers 96

Encrypted DNS Data Replication Traffic 96

Benefits of AD-Integrated Zones 97

Managing AD-Integrated Zones with PowerShell 97

Secondary Zones 98

Zone Transfer Process 98

Modifying Zone Transfer Settings Using the DNS Manager 99

Modifying Zone Transfer Settings Using the Command Line 100

Types of Zone Transfers 101

Using DNS Policies in a Primary/Secondary Deployment 101

Stub Zones 104

Stub Zone Name Resolution Process 104

Communication Between DNS Servers That Host Parent and Child Zones 105

Managing Stub Zones with PowerShell 105

GlobalNames Zones 105

Creating a GlobalNames Zone 105

Managing a GlobalNames Zone with PowerShell 106

DNSSEC 106

DNSSEC Zone Signing Wizard 107

Analyzing Zone-Level Statistics 107

Windows Server 2012 R2 DNS Server Statistics 108

Windows Server 2016 Enhanced Zone-Level Statistics 108

Zone Scavenging 109

Enabling and Disabling Scavenging 109

Starting the Scavenging Process 110

Scavenging Configuration with PowerShell 111

Record Options 111

Most Common Resource Records 112

TLSA Records and Unknown Record Types 112

Managing Resource Records with PowerShell 112

DNS Audit and Analytical Events 114

Enabling or Disabling Analytical DNS Logging 114

Exam Preparation Tasks 115

Chapter 3 Configuring and Managing DNS Policies 119

“Do I Know This Already?” Quiz 119

Foundation Topics 122

DHCP Options 122

DHCP Name Protection 123

Manage DNS Client Settings with PowerShell 125

Manage DNS Server Settings with PowerShell 126

Network Troubleshooting with PowerShell 132

Understanding Routing 134

Routing with Windows Server 2016 135

Split DNS 136

NRPT and Split DNS 137

DNS Policies 138

DNS Policy Elements 139

Types of DNS Policies and Differences 139

DNS Policy Parameters 140

Multiple Query Resolution DNS Policies 141

Using DNS Policies Based on Location 141

Using DNS Policies for Split-Brain 143

Selective Recursion Control with DNS Policies 145

How Selective Recursion Control with DNS Policies Works 146

Practice: Block Queries for a Domain with DNS Policies 146

Practice: Create a Server-Level Zone Transfer Policy 146

Practice: Create a Zone-Level Zone Transfer Policy 146

Practice: Block Queries from a Domain 147

Practice: Allow Queries Only from a Domain 147

Responses Based on Time of Day 147

Time-of-Day Responses with Azure App Server 149

Exam Preparation Tasks 151

Chapter 4 Understanding and Configuring DNSSEC 155

“Do I Know This Already?” Quiz 155

Foundation Topics 159

DNSSEC Planning 159

DNSSEC Requirements 160

Identifying Goals 161

DNSSEC Staging 162

Enabling DNSSEC 163

DNSSEC Functionality 165

DNSSEC and RODCs 165

DNSSEC Zone Signing Wizard 166

Key Master 170

Transferring the Key Master 171

Key Signing Key 172

Understanding ZSK 176

DNSSEC Monitoring 180

Event Viewer 180

DNSSEC Outages 181

DNSSEC Status Verification 181

Trust Anchors 182

DS Resource Record Set 186

Updating and Removing Trust Anchors 186

Trust Anchor Types 187

Trust Anchor Status 187

Trust Anchor Status Verification 187

Root Zone Trust Anchor 188

DNSSEC Priming 189

Trust Anchor Distribution with Active Directory 189

Trust Anchor Distribution in Active Directory Using DNS Manager 189

Trust Anchor Distribution in Active Directory Using PowerShell 190

ZSK/KSK Rollover Process 190

DNSSEC Clients 192

Name Resolution Policy 192

Security-aware Status 194

DNSSEC and Delegation 194

Chain of Trust 195

DNSSEC Record Types 197

RRset 198

DNSKEY Record 198

DS Record 199

RRSIG Record 199

NSEC/NSEC3 Records 200

Exam Preparation Tasks 202

Chapter 5 Understanding and Configuring DANE 209

“Do I Know This Already?” Quiz 210

Foundation Topics 213

DANE Overview 213

DANE Criteria 215

DANE Statements 215

DANE Operation Modes 215

DANE Bottlenecks 216

DANE Security 217

TLSA Records 218

Configuring DANE 224

DANE Example Configuration 224

Common DANE Failures 228

Exam Preparation Tasks 229

Part II: Implement Windows Server 2016 DHCP

Chapter 6 Installing and Configuring Windows Server 2016 DHCP Server 235

“Do I Know This Already?” Quiz 235

Foundation Topics 239

DHCP Fundamentals 239

DHCP Address Allocation Process 240

DHCP Lease Generation 240

DHCP Lease Renewal Process 241

DHCP Database 242

DHCP Backup 242

Moving a DHCP Database 243

DHCP Server Migration 243

DHCP Data Import 244

Exporting and Importing DHCP Data with netsh 244

DHCP Server Installation 244

Performing DHCP Post-Installation Tasks with PowerShell Commands 249

DHCP Authorization 251

Active Directory Requirements 251

Standalone DHCP Server Considerations 251

Unauthorized DHCP Servers 252

DHCP Scopes 252

Superscopes 252

Multicast Scopes 253

Creating and Configuring DHCP Scopes 256

Creating DHCP Scopes with PowerShell 259

DHCP Options 261

Common IPv4 DHCP Scope Options 261

PXE Boot Options 262

Common IPv6 DHCP Scope Options 262

Applying DHCP Options 263

DHCP Relay Agent 264

DHCP Security Options 264

Limited Network Access 265

DHCP Auditing 265

DHCP Name Protection 266

Just Enough Administration 267

DHCP High Availability 271

DHCP Clustering 271

Split Scopes 271

DHCP Failover 271

DHCP Failover Overview 271

Configuring DHCP Failover 272

DHCP Policies 275

DHCP Policy Conditions 275

DHCP Policies Example 276

Exam Preparation Tasks 279

Part III: Implement Windows Server 2016 IPAM

Chapter 7 Implementing Windows Server 2016 IPAM 285

“Do I Know This Already?” Quiz 286

Foundation Topics 289

IPAM Fundamentals 289

IPAM Architecture 290

IPAM Deployment Requirements 291

IPAM Deployment Considerations 292

IPAM Improvements in Windows Server 2012 R2 293

IPAM Improvements in Windows Server 2016 294

IPAM Provisioning 295

IPAM Network Communication 306

IPAM Administration 307

Configuring IPAM Options 312

Configure IPAM Managed Servers 313

Configuring IPAM Domains 314

Managing DNS Using IPAM 314

Create and Manage IP Blocks and Ranges 316

Managing IP Addressing 317

Adding Address Spaces to IPAM 317

Importing and Updating Address Spaces 319

Finding, Allocating, and Reclaiming IP Addresses 320

Finding and Allocating IP Addresses in IPAM 321

Reclaiming IP Addresses in IPAM 321

IP Address Tracking 321

Monitor Utilization of IP Address Spaces 322

Configure IPAM Database Storage Using SQL Server 324

Purging Utilization Data from IPAM Database 326

IPAM and SCVMM 326

Exam Preparation Tasks 328

Chapter 8 Managing DNS and DHCP Using Windows Server 2016 IPAM 333

“Do I Know This Already?” Quiz 334

Foundation Topics 338

Manage DHCP Server Properties Using IPAM 338

DHCP Server Properties 339

DHCP Server Options 342

Configure DHCP Scopes and Options Using IPAM 344

Configuring Predefined DHCP Options and Values 344

Configuring DHCP Scopes Using IPAM 345

Configure DHCP Policies and Failover Using IPAM 350

Creating DHCP Policies for Multiple DHCP Servers Using IPAM 350

Configuring DHCP Failover Using IPAM 351

Configure DNS Server Properties Using IPAM 353

Managing DNS Server Properties Using IPAM 353

Filtering the View of DNS Server Settings 354

Manage DNS Zones and Records Using IPAM 355

Managing DNS Zones and Records with PowerShell 355

Managing DNS Zone Settings Through IPAM 356

Managing Subdomains Through IPAM 358

Managing DNS Resource Records Using IPAM 360

Filtering the View of DNS Resource Records 362

Saving Views of IPAM DNS Zone Information 363

Manage DNS and DHCP Servers in Multiple Active Directory Forests Using IPAM 364

Prerequisites for Managing Multiple Active Directory Forests with IPAM 364

Configuring Multiple-Forest IPAM Management 365

Managing DNS Servers and Zones in a Multiple-Forest IPAM Environment 368

Using RBAC to Delegate DNS and DHCP Server Administration Using IPAM 370

Exam Preparation Tasks 374

Chapter 9 Windows Server 2016 IPAM Audit Changes and Events 381

“Do I Know This Already?” Quiz 381

Foundation Topics 383

Audit the Changes Performed on the DNS and DHCP Servers 383

IPAM Scheduled Tasks 384

IPAM Monitoring Views 385

Configuring Logical Groups and Custom Fields with the IPAM Console 387

Configuring Custom Fields with IPAM in PowerShell 393

Viewing Changes Performed on IPAM-Managed Servers 394

IPAM Configuration Events 396

Best Practices for Using the IPAM Event Catalog 397

Audit the IPAM Address Usage Trail 398

Best Practices for Monitoring, Auditing, and Managing 400

Audit DHCP Lease Events and User Logon Events 400

Exam Preparation Tasks 401

Part IV: Implement Network Connectivity and Remote Access Solutions

Chapter 10 Windows Server 2016 VPN and DirectAccess Solutions 405

“Do I Know This Already?” Quiz 405

Foundation Topics 410

Implementing Remote Access and S2S VPN Solutions Using RAS Gateway 410

Site-to-Site (S2S) VPN 412

Persistent or On-demand S2S VPN Connections 417

Configure Different VPN Protocol Options 417

Configure Authentication Options 419

Configure VPN Reconnect 420

Create and Configure VPN Connection Profiles 422

Configuring VPN Connection Profiles with PowerShell 424

App-Triggered VPN Feature 424

Scenarios for RAS VPN and S2S VPN and Appropriate Protocols 426

Remote Access VPN Connection Scenarios 426

VPN Connections with PPTP 426

VPN Connections with L2TP/IPsec 427

VPN Connections with SSTP 427

VPN Connections with IKEv2 428

On-premises S2S VPN Connection Scenarios 428

On-premises to Microsoft Azure S2S VPN Connection Scenarios 429

Web Application Proxy Scenarios 430

Install and Configure DirectAccess 431

DirectAccess Infrastructure Components 431

DirectAccess Key Components 432

DirectAccess Solution Component: DirectAccess Server 432

DirectAccess Solution Component: DirectAccess Client 434

DirectAccess Solution Component: Active Directory 435

DirectAccess Solution Component: DNS Server 435

Internal Name Resolution 436

External Name Resolution 436

NRPT for Local Name Resolution 437

Split-Brain DNS 437

LLMNR for Local Name Resolution 437

DirectAccess Solution Component: Network Location Server 438

DirectAccess Solution Component: KDC Proxy 440

DirectAccess Solution Component: Certification Service 440

DirectAccess Solution Component: Certificates 440

DirectAccess Solution Component: DNS64 441

DirectAccess Solution Component: 6to4 441

DirectAccess Solution Component: ISATAP 442

DirectAccess Solution Component: Teredo 442

DirectAccess Solution Component: Group Policy 443

DirectAccess Solution Component: WMI Filter 444

DirectAccess Solution Component: NCA 444

Implement DirectAccess Server Requirements 445

Basic DirectAccess Deployment 446

Configuring the Basic DirectAccess Infrastructure (Phase 1) 446

Configuring Server Network Settings 447

Configuring Routing 448

Configuring Firewalls 448

Configuring DNS Server 449

Configuring Active Directory 450

Configuring GPOs 451

Configuring Security Groups 464

Configuring Basic DirectAccess Server (Phase 2) 465

Installing the Remote Access Role 465

Configuring DirectAccess with the Getting Started Wizard 466

Updating Clients with the DirectAccess Configuration 469

Verifying the Basic DirectAccess Deployment (Phase 3) 470

Advanced DirectAccess Deployment 470

DirectAccess PowerShell Cmdlets 474

Implement DirectAccess Client Requirements 477

Troubleshooting DirectAccess 478

Exam Preparation Tasks 481

Chapter 11 Windows Server 2016 Network Policy Server 485

“Do I Know This Already?” Quiz 486

Foundation Topics 489

Implementing RADIUS 489

Registering the NPS Server in Active Directory 491

RADIUS Client Configuration 493

Implementing RADIUS Proxy 496

Implementing RADIUS Clients 497

Configuring a VPN Server as a RADIUS Client 498

Configuring a DirectAccess Server as a RADIUS Client 501

OTP Certificate Template Planning for Windows Server 2016 DirectAccess Server RADIUS Client 508

Configure NPS Templates 513

Configure RADIUS Accounting 516

NPS Log File Properties 517

NPS SQL Server Logging 517

ping user-name 518

Certificates 519

Using Certi

Need help? Get in touch