Windows Server 2022 Administration For Beginners

1. Windows Server 2022 Promo Skillshare: Welcome to the comprehensive Windows Server Administration course, a beginner course designer to equip you with the essential knowledge and skills necessary to learn a successful IT career. My name is in an IT professional with 20 years of experience. I have had numerous individuals started there IT careers through my courses. I have been a system administrator for several years and I'm excited to share with you what I've learned throughout my career. By the time you complete this course, you will be equipped with the knowledge and skills required to secure your first IT job or advance your career. You will be able to confidently deploy and manage Active Directory, implement users and group management, Manage File and Print Services, perform backups and recovery and much more. My course is designed for beginners with easy to understand lessons and step-by-step instructions to guide you through the fundamental concepts of Windows Server Administration. At the beginning of this course, you will set up your lab environment by installing VMware player, the free VMware virtualization application. Then I will show you how to install and configure Windows Server. You will create your first domain and join a Windows workstation to that domain. Then I will show you how to centralize the administration of several Windows Servers into one place so that you can be more productive. Next, we will see how to create and configure DHCP and DNS services. After that, we will deal with backups and how to backup your servers so that you can restore them from a crash or any other disaster situation. Then I will show you how to set up and configure a printer server. This is the right course for you if you are a fresh computer science graduates who wants to get a first IT job at desktop support technician, who wants to advance his career and earn more a computer onto the looking to break into the IT industry. So why wait, join me today and embark on your journey to becoming a skillet Windows Server administrator. 2. Create And Configure your Virtual Machine: In this lesson, you are going to create the virtual machine that will host your first Windows Server. I suggest you follow with me and create that virtual machine on your computer. This is a hands on course and you need to test and practice what you learn. This is the better way to quickly muster Windows Server. Alright, now, open VMware Workstation player you have installed earlier. Click on create a new virtual machine. On the first page of the wizard, you can choose to install the operating system immediately after creating the virtual machine, or choose to install the operating system later, choose this option and click Next. Here, you have to select your guest operating system. Vmware allows you to choose between Microsoft, Windows, Linux, and or another operating system. In the version list, you have to select the version of Windows you want to install. The time I'm recording this video. Vmware didn't offer the Windows Server 2022. The latest Windows version available is 2019. But this is not a problem because these versions here are just templates that allow VMware player to help you choose the recommended a hardware configuration to run Windows Server. It will not prevent you from installing Windows Server 2022. So I select Windows Server 2019 and go ahead. Here, you need to enter a name for your virtual machine. Name it Windows Server 2022, gooey. This is because you are going to install the Windows server with the desktop experience. In other words, the graphical user interface, the gooey. In this field, you can choose the location where the VM files will be stored. I will keep the default location and click Next. On this screen, you need to specify the disk capacity by default, VMware suggests 60 gb. This suggestion is based on the operating system version we have selected in the previous step, 60 gb are okay for Windows Server 2022 VM, you have to keep in mind that the hardware requirements in terms of disk space, the number of CPUs, and memory size depend on the role your server we'll hold. E.g. a. File server will need more than 60 gb of disk space. You have to choose whether you want to store the virtual disk as a single file or split it into multiple files. Splitting the disk makes it easy to move the virtual machine to another computer, but may reduce performance with very large discs, I prefer to store the virtual disk as a single file. So I will select this option and click Next. In the end, you get the summary screen with the virtual machine name, the location of the virtual machine files, the hard disk size, the memory size, 2 gb is the minimum size, are required to run Windows Server 2,019.20, 22. In other devices, you can see that VMware has created the two CPUs for these VM. The VM also has CD and DVD drive, the USB controller, a printer, and a sound card. I will show you in a moment how you can change the default configuration for those devices. When done, click on Finish to create the VM. As you can see, the VM has been created and added to the list of available VMs. Now you have to edit your virtual machine and change some default configurations. The first element in the list is the memory. And you can change the default memory size. If you have enough memory on your host machine, you can raise the size to three or 4 gb. This way, Windows server will run smoothly. By default, the VM has two CPUs. I will keep this number in the network adapter menu. You need to select the virtual network to allow this virtual machine to communicate with other virtual machines and with external networks, I mean by that Internet. So select Custom and in the list, select VM net aids. You don't have to change the configuration of the other devices. When done, click on. Okay, congratulations, you did it. Now you are ready to install Windows Server 2022. Thanks for watching and see you in the next lesson. 3. The Different Windows Server Editions: Because small businesses don't have the same needs, requirements and financial resources as large businesses, Microsoft released Windows Server in different editions. Each edition is designed to meet the needs of each organization from the small to the large one. The difference resides in the features available and the price of each edition. Before choosing your Windows Server Edition, first, you must assess your organization's needs in terms of the number of users, the devices you need to connect to your network and the available budget. There are primarily three windows Server editions. Windows Server Essentials Edition. This edition is designed for small sizes organizations with up to 25 users and 50 devices. You can only run one instance of the server on a physical or virtual machine. This is the cheapest edition and hence has fewer features and capabilities than the other ones. Windows Server Standard Edition is designed for small to medium-sized organizations with less than 250 users. It allows you to run one instance on a physical server and two additional virtual instances on that server. In other words, when you purchase a Windows Server Standard Edition licenses, you can run three servers, one physical server, and to virtual servers, let's say a medium-sized enterprise and need the following services to run its business, an Active Directory to authenticate users on the network. The DHCP service to automatically assign IP addresses to devices connected to the network. A DNS service to allow devices to resolve URLs and access the Internet, a print server and a file sharing server. You can then run the Active Directory, the DHCP and DNS services on the physical server. Run the print server on the first virtual machine and defined server on the second one. Windows Server Datacenter Edition is optimized it for larger scale virtualization. It allows one server to run and they limited the number of virtualized Windows Server instances. It's the edition that costs the most. The advantage is that instead of having many physical servers, that costs you energy and maintenance, you can have one physical server with enough resources in terms of CPUs, memory size, and disk space. And start the data center edition and the run as many windows Server virtual instances as you need. This brief presentation of the different windows Server 2022 editions can help you choose the right edition for your organization, depending on your organization's size and what services you need to run on your servers. Thanks for watching. See you in the next lesson. 4. Download Windows Server 2022: To download Windows Server 2022, open your favorite browser and type the following keywords. Windows Server 2022 download. The first result is the link to the Microsoft Evaluation Center. So click on that link. Make sure that you are under the Windows Server 2022 section. As you can see, the evaluation version is valid for 180 days. It will give you enough time to test and evaluate Windows Server 2022 and play with all its features when the evaluation period is over, windows Server will continue to run, but it will shut down every hour. Microsoft does that to prevent people from abusing the evaluation versions of its products. Here, you have to select what you want to do. Do you want to try Windows Server on Azure? Or do you want to download the deployment image as you want to deploy Windows Server or on a virtual machine, you have to download the ISO image before clicking on continue. Let's expand the prerequisites section and see the prerequisites for Windows Server 2022. Like we have seen above, the evaluation period, is valid for 180 days. The second point states that the evaluation version of Windows Server must activate over the Internet in the first ten days to avoid automatic shutdown, the activation is automatic. You just need to ensure that the server can access the Internet. When done, click on Continue. Here you have to fill in your information, enter your first name, your last name, the company name. You can enter your name instead. For the company size, I select one. For the job title, select whatever you want, I choose IT or technical manager. In the work email address field, you can enter your personal email address if you don't have a work email address and your phone, choose your country. It's Algeria for me. If you don't want to receive information and promotional e-mails from Microsoft, then uncheck this option, click Continue. On this page, you are asked to choose your language. I choose English. Now, you are all set to go and start downloading the ISO image by clicking on the download button. The Windows Server 2022 image file is more than 5 gb in size. So depending on your Internet speed, your Download can complete in a few minutes or a few hours. If you have a slow Internet speed, click Okay to start did download. And when the download is complete, you will be ready to launch the installation of your first Windows Server. This is what you are going to discover in the following lessons. Thanks for watching and see you in the next lesson. 5. Intalling Windows Server 2022: In this lesson, you are going to install your first Windows Server 2022 machine. You have set your virtual machine up and it's now ready to host Windows Server 2022. So let's open VMware player. Select the virtual machine, windows Server 2022 Gui, the one you created earlier. And before starting the deployment of Windows Server, you will need to attach the image file to the virtual machine to boot the VM from this image. To do that, click on Edit virtual machine settings. Select a CD and DVD. Select use image file and click on the Browse button to select the ISO file of the Windows Server 2022 image. Click OK to validate what you have done here is attach the ISO image file through the virtual machine so that this one will see the ISO file as if it was a CD or a DVD. Now, you can start your VM by clicking on the play virtual machine. Press a keyboard key to start from the CD or the DVD. This setup process begins On the first screen. There is the language to install, but there is only the English language available. And this is because when I have downloaded the ISO image file, I selected the English language. You can choose the time and currency format. It's English by default, the keyboard inputs method, as I have a French keyboard, I will choose the French layout. Click Next to continue, click install. Now to begin the installation, the setup is starting. On this screen. You need to select the operating system you want to install. You have choices between the Windows Server Standard Edition and Windows Server Datacenter Edition. And for both editions, you have the core option and the desktop experience option for your first Windows Server installation, choose the desktop experience option. The desktop experience is the full installation of Windows Server with all the graphical interfaces. The desktop experience edition is helpful if you want to install and use applications on your Windows Server. And it's also easy to configure Windows Server using the graphical interface than typing commands, especially for a beginner administrator. The disadvantage of the desktop experience option is that it consumes a lot of disk space and the needs more resources to run, like the CPU and the memory. The Windows Server Core version, in the other hand, we'd installed Windows without the graphical interface. Server footprint is low, but you need to use the command line to configure windows. The Core version is suitable for specific server roles like Active Directory, DHCP, and DNS. I will ask you later in this course to create another virtual machine and install Windows Server Core version. And I will give you all the necessary instructions to do that. But for now, let's keep moving with the desktop experience version. Accepts the Microsoft software license terms and click Next. Which type of installation do you want? The first option installed Microsoft Server and keep files is applicable when an operating system is already installed and you want to keep the existing configuration, this is not currently the case. So select the second option, instead, install Microsoft server operating system only. Here you need to select the disk on which you want to install Windows Server, as there is only one disk on this machine selected and click Next. The Installation begins. This will take a moment to complete, so I will post the video and resume the video afterwards. The installation has finished it and you'll need to complete the configuration. First, you will need to enter a password for the administrator account. The administrator account is the account that has the highest privileges on the server. It can e.g. create order users accounts, change users passwords and many other operations that a standard user accounts do. So enter the password twice and click on Finish. Alright, you are done with the installation. Windows Server displays the welcome screen and you need to press control alt delete keys to unlock the screen. But if you press control alt delete keys, you will lock your computer or laptop screen. Vmware player has replaced the control alt, delete keys, weed control Alt, insert keys to not conflict with the host operating system. Type the administrator password. Yes, you did it. You are now logged in Windows Server 2022. Congratulations. In the following lessons, you will do the first configurations like setting up the server's IP address, changing the default hostname, and so on. So keep learning and see you in the next lesson. 6. Installing VMWare Tools: After creating your virtual machine on VMware player and deploying the operating system, your next step is to install the VMware Tools. So what are VMware Tools and why you should install them? You must note that many VMware features are not available until you install VMware Tools, e.g. the fullscreen feature is not available by default in VMware player. If I extend the VMware player window to display it in full screen, you can notice that the guest operating system screen does not fulfill the entire space and keep displaying in limited screen size. So to overcome this limitation and unlock the fullscreen feature and others, you will need to install VMware Tools. To install the VMware Tools, you should first be logged in to your system. You can notice that the guest operating system screen resolution stays limited. And when I move the mouse, e.g. to the left of the screen, you can see that I get to mouse pointers, one for the guest operating system. And the second one is the mouse pointer of mine Windows ten host operating system. After you install VMware Tools, you will only get one mouse pointer for the two operating systems, the guest and the host. This is another feature of VMware Tools. To install. Vmware Tools, open the player menu, go to manage, then click on install VMware Tools. Next, open Windows Explorer. You can see that the visual DVD drive has been mounted on Windows Server 2022. So click on the DVD to display its contents. Then double-click on the setup program to launch the installation. The installation is pretty simple. Just keep following the steps. Keep the typical option selected, and click Next. The installation is complete. So click Finish. You must restart your system to apply the configuration. So click Yes. So let's see if now I can have my Windows server desktop in full screen mode by resizing the VM Ware player screen. Yes, it works. I have my desktop in the full screen mode now. Now I want you to do the same thing on the Windows Server 2022 core version and installed the VMware Tools. 7. Changing The Server Name: In this lesson, we are going to change the name of Windows Server 2022. When installing Windows Server 2022, the setup program creates a default name for the server. This name starts with the word when followed by a random series of alphanumeric characters. As a system administrator, you will have to change this name based on your organization's naming standards. In this lesson, I will show you two methods to change the server name. The first one using the Server Manager, and the second one using power chair. Sounds good. Alright, let's begin. Open the Server Manager. If it's not already, open it, click on the local server to display the server settings. Next to the computer name, click on the default name hyperlink to display the system properties. As I said, the default server name starts with the word when, followed by a random alphanumeric characters. And you are going to change that by clicking on the Change button for the new name. I will type survey for the server, followed by DC for a domain controller, dash 01 for the sequence number, it's your first domain controller. When done, click Okay. The computer needs to be restarted in order for the new name to take effect. I'm not going to click Okay to show you how to rename the server using PowerShell first, open PowerShell command prompt. Then type the following command. Rename dash computer, coat, S L, E, D, C dash 01, coat. Hit Enter. You'll get a warning that says the changing will take effect after restarting the computer. So let's restart the computer using the following command. Restart, dash computer. Press Enter. Wait for the server to restart. The server has restarted. Let's see if the new servers name has taken effect. Yes, the new name is effective. Good job. 8. Configure Networking: When you run your server for the first time, it will get an IP address, dynamically assign it by the DHCP server. In general, it's better to use a static IP address on servers because servers will host services that the clients will use and it will be a problem if the IP address of the server change frequently. Of course, there is a way to assign static IP addresses through the DHCP server with reservations, I prefer to assign static IPs to network devices and servers and use DHCP to assign IPs to clients, devices such as workstations, laptops, and mobile devices. If you wonder what's a DHCP is and how it works, don't worry, you will learn how to use DHCP in the upcoming lessons. For now, let's assign a static IP address to this server. On the Server Manager, click on local server, then click on the hyperlink next two Ethernet zero to display the network interface configuration. Right-click on the network interface and click on status. Then click on details to display the current IP address. You can see here the IP address of the server, the subnet mask, the default gateway, the DHCP server IP address. This is the IP of the DHCP server that's assigned. It might be to your server. Here you have the IP of the DNS server. Now, we will change this dynamic IP address to a static IP. The IP I'm going to assign to this server will be 1902168 to 1710. I will keep the same subnet mask, the same gateway, and DNS server. I close this window and click on Properties. I select Internet protocol version four, and click on Properties. Select, use the following IP address. And the type, the new IP, 190 to 168 to 1710. When I press the Tab key, windows will feel the subnet mask field. With the appropriate subnet mask. I entered the default gateway that remains the same. Mentor, the DNS server IP. For the alternate DNS server, I will enter the Google DNS IP 8888. We are all set to go. Click, Okay, close, close. Let's check the cure and several IP address. Yes, this server is now using the new IP address. Let's check if our server can reach or the networks. I ping the google.com. Yes. I get a reply from Google. We are assured that our server can communicate on the network. Good job. Thanks for watching. See you in the next lesson. 9. Enable The Ping: In this lesson, we are going to enable the pink on the server. The pink is an important troubleshooting tool that administrator use a lot. It allows us to check whether a server is aligned or not. It's the first network troubleshooting step we usually take. The pink is not allowed by default on Windows Server. You have to follow it by enabling a traffic rule on the firewall. And this is what we are going to do now. To open the windows firewall, click on the Start Menu and click on Control Panel and click on System and Security. Then click on Windows Defender firewall. Upfront, you can see that the firewall is enable it on this server. You can guess that base it on the green icons. There are two firewall profiles on this server. One that applies to the private networks, and the second one applies to the guests or public networks. Private networks are local networks, such as your organization network or a home network. And public networks, are those networks open to everyone, such as a public Wi-Fi hotspots. And for each of these profiles, you can apply different rules. E.g. I. May allow the pink on my private network, but the night on public networks, because I don't want a bad actor to run a scan to discover my network. You may also a no fun sharing on your private network, but you will not know it's on a public network and permit strangers to access your files. When we will promote our server to a domain controller, you will see a third profile that applies to domain. To enable the incoming ping traffic. Click on Advanced Settings, click on inbound rules. You can see a list of inbound rules. In the first column, you have the rules name, the group to which the road belongs, the profile that's the rules applies to. You can apply the rule to specific profile or to all profiles. Here we have the rules status enabled or disabled. The action performed by the rule allows the traffic or denies it. The local address shows the local IP address on which we allow or deny the traffic. The server may have several network interfaces. We had several IP addresses. In some cases, you can apply the rule on a specific IP or two, all IPs by choosing any. Here we have the protocol, TCP, UDP or ICMP protocol, the protocol number. Okay, now let's allow the incoming ping traffic. A quick way to do it is to filter on the protocol we need to configure to shorten the list. Click on filter by a group to display the available filters, then click on filter by file and printer sharing. This is the filter that contains the ICMP rule we want to allow. The root we want to enable is the first one, file and printer sharing echo request, ICMP before in selected and right-click and then click on Enable rule. The root is now enable it. And normally we can now being our server. So let's do a desk. I excite the full-screen mode to display my Windows ten desktop. Open the command prompt. I type but the ping command followed by the server's IP address. Yes, it's a success. I get a reply from the server. Now, let's see what happens if I disabled the firewall rule. Try the pink again. I recall the previous command by pressing the upper arrow key, I get a request timeout, it's a failure. Let's enable the rule. Again. There's the Bing. Yes, we are good to go. Now. We need to do the same operation on the Windows Server Core system. But this time we will do it differently by using a PowerShell command, because the Windows Server Core doesn't have a menu we can use to do this configuration. First enter 15 to excite it to the command line. Then enter the following command. I'm going to copy it and paste it. It's a long command. Heritage is, the command is set nets firewall, followed by a dash, display name and the name of the route I want to change. It's the same rule we have seen on the firewall of the Windows Server desktop experience version. And at the end, we specify the action we want to perform. Here, we will enable this rule. Okay, I press Enter. Yes. Now let's see if I can ping the server. I pinged these server core IP address that ends by 20. Yes, the pink works. If you want to disable the firewall rule, type the same command, and replace two by false. Okay, now we shouldn't be able to ping the server. Of course, the pink fades. Let's enable the pink again. Okay, let's test the ping. Yes, it works. Good job guys. See you in next lesson. 10. Allowing Remote Desktop Access: In this lesson, we are going to enable the remote desktop connection. The remote desktop connection allows the system administrator to remotely connect to the Windows Server through the network, even if the server is located several miles from the administrator desktop. Remote desktop connection is a handy tool that you will often use in your daily system administration tasks. Remote desktop connection is not enabled by default on Windows server machines. To enable it on the Server Manager. Click on local server. Next to the remote desktop, click on the hyperlink that says disabled. You can see that they don't allow remote connection to this computer. Option is the default. Selection. Selects a lower remote connection to this computer. A warning box displays and says that a remote desktop firewall exception will be enabled it, and it warns you that you have chosen to enable the remote desktop connection for all network connections on this computer to enable it for selected network connections. Open windows, firewall with advanced settings, it means that even networks outside your organization are allowed to connect to this server remotely. For security reasons, it's recommended to restrict the remote access to specific networks you control, and you do that using the server firewall. Click Okay. This option is an interesting one. Hello connections Audi from computers running a remote desktop with the network level authentication. It's a nose. Only computers already authenticated on the network to connect remotely to this server. So if you want to enable remote access to the server from the Internet, you should disable this option. Then next step is to select the user's allowed to access this server remotely. You can read that the users listed below can connect to this computer and any members of the administrators group can connect even if they are not listed. And the administrator user already has access. So you don't have to add it to this list. If you want to add users that are not in the administrator group, click on the Add button and select them. Before we can add users to this list, we need first to create them. So let's do that. Right-click on the Start button, then click on Computer Management. Select Local Users and Groups. Open the Users folder, right-click and select a new user. Let's choose a funny names for our users. The first one is Superman, we the superpowers. I will keep a blank. The full name and the description fields. It's just for the sake of demonstration and check the option. User must change password at next login, then type the password twice. When done, click on the Create button. Okay, now let's create our second user, and it will be Batman. This reminds me of the movie Batman versus Superman. Yes, The two users are now created for Superman. And because it has superpowers, we will add it to the administrator group. Click Apply. Okay. We all know that Batman is a hero without superpowers, but Batman has super gadgets. So we will keep it in the user's group. Yes. I need to apply the changes I made in this dialogue box before going further. Okay, now let's do a test. We will open a remote connection using the Superman user. Then we will do the same test using the Batman user. I excite the full-screen mode to display my Windows ten desktop. I type RDB and click on the remote desktop connection application. In the computer field, you need to type the server's IP address. You can see that it's already in. This is because I have done the test before recording this video and the remote desktop application, save it the IP address. So click connector here. The Remote Desktop Connection tries to connect me with the administrator account. So I need to change the user. And for that, I click on the remote choices hyperlink, click, use a different account, enter the username, Superman and the password. Okay? Click Yes to ignore the warning. Yes, the Superman session is now getting open. The Superman user was able to open a remote session on the server without being added to the user list. This is because Superman, an administrator, as we said, all administrators have explicit remote access to the server. Now, let's do the test with Batman. But the connection was denied because the user account is not authorize it. For remote login. It seems that Batmans super gadgets are not enough to grant him remote access to the server. To allow Batman to connect to the server remotely, we need to add data to the user list. I type Batman, check the name to ensure that I didn't say I made a typo. Yes. Batman is now on the list and he should be able to connect on the server remotely. So let's do a test. This time, Batman can open a remote session or the server. Welcome to the Justice League. Thank you for watching guys see you in next lesson. 11. Understanding Active Directory and Domain Controllers: In this video, we will try to understand what is a domain, a domain controller, and an Active Directory. If you plan to become a system administrator, you must understand those concepts. So what is a domain? A domain is a form of a computer network, access it and administrative with a common set of rules. All user accounts, passwords, computers, printers, groups, and all the objects are registered within a central database called Active Directory. And this server that holds the Active Directory database is called the domain controller. A domain controller, commonly referred to as a DC, is the central point of contact, sort of a center or an herb that is accessible before almost any network communication can occur. The easiest way to describe it is a storage container for all identification on the network. Without a domain, you have to create a username and a password on each computer you want to access. If you have hundreds of users and computers, imagine the amount of work that could be done. And even after creating the users profiles, what happens if some users asked to change their passwords? You must do it on all those computers. It's an overwhelming process with a domain controller, however, things are easier. Usernames and passwords are created only once on the domain controller, and you can't access any computer on the network using those credentials. Each Windows domain contains at least one domain controller. Usually there is more than one domain controller for redundancy and performance reasons. If there is only one domain controller, there are risks that this one breaks down and then your entire network will be unavailable. But if you have two domain controllers, even if one breaks down, the second one will be available to authenticate users and allow them to access the network resources. The other advantage of having multiple domain controllers is improving your network performance. Imagine this situation. Your organization has multiple sites spread around the country with one domain controller and install it on the head office on the branch of his. All the users should get be authenticated on that domain controller prior to accessing their computer or any other resources on the network. This will generate network traffic over the enterocytes link. And performance can drop down with a slow and unreliable connection. Now, if you put a domain controller on the branch office, it allows users authentication on that local DC. Instead of requesting authentication on the head office DC, it's fast and decreases network traffic between locations. The number of disease you should have in your organization depends on the number of users, locations, the reliability, and the speed of your links, and other constraints. In conclusion, we can say that domain allows you to manage a large computers network. It provides access to the domain resources based on user's authentication. You need at least one domain controller to manage your domain. 12. Create Your First Domain Controller: A domain controller is the most important server in your network. Users computers, and all the network resources rely on the domain controller to authenticate and access shared resources. It's important to you as a system administrator, to know how to set up a domain controller from scratch, even though your organization has its domain controllers already operational. There are cases when you need to create a new domain controllers, e.g. your organization, opening a new branch office. You can then create a new domain controller and join it to the existing domain. It allows users to authenticate locally on that domain controller. Instead of authenticating on the remote domain controller using the wide area network that could impact performance. We will use the Server Manager to create our domain controller using the Add Roles and Features shortcut or the Manage menu. In the wizard that popups, you should pay attention to some recommendations before you continue. The first is to ensure that the administrator password has a strong password. This point is very important. You must choose a strong password for that administrator account. The administrator password shouldn't be easily guess it or crack it. Because if someone gets access to the administrator account, he will own all your domain and the consequences will be terrible. My recommendation is to use a password of at least 12 characters, mixing between letters, numbers, and symbols. The second point is to ensure that the domain controller server has a static IP address. And the third point is to ensure that the server has all these security updates. Install it. If you have an started your server from a recent ISO image, It's probably contains a recent security updates already integrated into the image. Otherwise, you installed the updates first, then you continue. You can also install the updates afterwards when you have met all the prerequisites, press the next button. Here, select the first choice, are all visit or feet or base it and click Next. Here, you have to select the server you want to promote. If you manage multiple servers in the Server Manager console, you will see them in the server pool. After you select the server, click Next. On this screen, you will have the list of available roles that your server can hold. For a domain controller, choose Active Directory Domain Services. A pop-up screen appears to add unnecessary features related to that role. If you wonder, what's the difference between a rod and a feeder? Think about a road as services that the server offers to the users or the other servers and computers. E.g. a. Domain controller offers authentication services to allow users to authenticate and open a session on their computers. A fight server allows users to share files, on the other hand, features or Option on a server components that can support the functionality of a role, as it's the case for the Active Directory features we are adding here. Features can also improve these servers functionality, but regardless of which road is installed, e.g. a. Disk encryption feature can be installed on a domain controller, file server, or any other server. Alright, now click on Add Filter button, then click Next. On this screen, you can add additional features, but it's not mandatory. So I click Next on the ADD ESS screen, there are some notes you should consider to help ensure that users can still log on the network. In the case of a server outage and start a minimum of two domain controllers, it's crucial, you don't want all your infrastructure to rely on one domain controller. The second note states that the domain controller or a DDS requires a DNS. If you don't have a DNS server install it, you will be prompted to install the DNS server role in this machine, and this is what we will do shortly. I click Next on the summary screen, you get the roles and features you are about to start on this server. Check them and if it's okay, go ahead and start the installation. You can notice this option right here allowing you to restart the server if required automatically. I don't encourage you to check this option on a production server if start is needed after installing the role or features learned off working hours to not impact users and your company business. I click on the start button to start the installation. The installation succeeded, but additional steps are required to make this machine a domain controller. I close the wizard. You can notice the AD DS role that has been added under the rules and server Groups section. Over here, you notice this yellow triangle that generally represents a sign of a warning or a notification. If I click on the icon, I can read more about these notification. It's about a post-deployment configuration action to promote this server to a domain controller. So unless I perform this task, I don't have a domain controller yet, so let's do it. I get another wizard. The first step is choosing the deployment operation. There are three choices. The first is add a domain controller to an existing domain. We don't have a domain yet, so it's not the option to choose. The second is add a new domain to an existing forest. This option is to choose when you have a domain or multiple domains and you need to add a new one. In this case, the domains are the trees that form the forest. The third option is a new forest. This is the option I'm going to choose to create a forest with one domain. Next, you need to specify the domain name. Let's say the domain name I want to use is intact.com. It reflects my company name, Fintech Corp. If my company already has a domain name, Xin tech.com for his Internet website. Creating the same domain name for my local network will create confusion when the internet users want to access the company websites. Suppose a local user types in www.zinctech.com to access the company website. In that case, the local DNS server will say, Oh, I know this domain name. It's the local domain controller. And each will redirect the user to the domain controller instead of the Internet websites. To avoid this situation, you can prefix the domain name with something like LAN or local or Corp. My domain name will be corp dot Xin tech.com. Perfect. I click Next. On this screen, you will need to choose the forest functional level from the list. If you don't have an older version of Windows Server, already install it on your network. Choose Windows Server 2016 to benefit from the latest features and functionalities. But if you have an existing domain controller with Windows Server 2012 or Windows 2008 in your network, you have to choose the oldest version of your current domain controller. Otherwise, it won't work. The domain functional level will be the same version as the forest level. Next, you will need to specify the domain controller capabilities, such as if you need to install the DNS server on this domain controller, I will keep this option, check it as we don't have an existing DNS server. You can notice here that my DC will be a global catalog and this feature is grayed out and you can't change it because the first domain controller in the forest must be a global catalog. A global catalog is an index of all the objects in the domain, such as User Accounts, computers, servers, and other resources. So if you search for such an object in the domain, it will be the role of the global catalog to answer your requests. The last feature, read only domain controller or air ODC allows you to create a domain controller that an administrator or any other person can't change. You can't e.g. create a new user account or change the user password on that domain controller. You may wonder why I need a read only domain controller if I can't do anything with it, the answer is that arrow disease can be useful in certain situations. E.g. you have a branch office with a few users and you don't have a system administrator over there to administer servers. So you can install a read only domain controller in that office. And this arrow DC will keep synchronizing with the domain controllers in your headquarter. So if you want to change the password of a user working in the branch office, you do it on the domain controller of the headquarter. The second advantage of the arrow dc in a remote branch office is you don't have to matter about its security as the server is in read only mode, it can't be compromised by a third party actor. As you can see, the feature is grayed out because the first domain controller can be a read only domain controller. Alright? Now you must type the directory services and Restore Mode password, this password we serve for authority restore. I really explain the authority of restore when covering the backup and recovery section, I typed the password twice. Click Next. On this screen, we get a warning stating that a delegation for these DNS server can not be created because the authoritative parent zone cannot be found. You can click on the Show more shortcuts actually, the more details we get this warning because we don't have a DNS server yet, so we can ignore it and click Next. To continue. On this screen, you need to choose the net bios domain name of your domain. The net bios domain name is that the shorter name of your domain without the.com or dot something. The wizard is suggesting Corp net bios name. He took the first word of my domain name, corp.syntax.com. I want a more significant net. Buy your domain name. I will choose Xin tech instead, okay? There is nothing to change on this screen. I will keep the default locations and click Next here you can review your selections and ensure everything is correct. You can use an interesting option to export these setting to a PowerShell script to automate additional installations. Click on the View Script button, then you can save the script. Let's create a new folder and name it script. Type a name for the script, and save it. Perfect. I click Next to continue with the Wizard, all the prerequisites checks pass it successfully. I can click on Start to begin installation. Good. You can ignore these warnings here. It will not prevent a starting the installation. Another one in here states that a reboot is needed after the installation. It's not a problem. We can reboot these server. It's not in production mode. Okay, let's open the session. You can notice that the username format has changed. The net bios domain name is intake recede, the username administrator. We know that we are opening a session on Zantac domain. I type the password. Okay. You can notice here the DNS role that has been added during the domain controller configuration. Now, our domain controller is all set to go. Good job. 13. Join A Server To a Domain: Now that we have our domain controller setup and online, we need to join our second server to that domain. When you have set up the core server, this one was a member of a work group by default, and now we will move it to the zinc domain. Some prerequisites need to be met before successfully joining a server or a computer to the domain. The most important one is that the server must resolve the domain name. In our case, it's corp dot Xin tech.com. This is the role of the DNS server. You remember that when we added the AD DS role, do is ask us if we wanted to enable the DNS server URL and we did, the DNS server role will allow the domain controller to resolve all servers and computers names of the fintech domain. So our first step is to change the IP of the peripheral DNS server, use it by the core server to point to the domain controller. Here I have my two servers side-by-side. On the left side is the core server I want to join to the domain, and on the right side is the domain controller. On the core server, you can notice that this one is a member of a work group name. It were grouped before we join the server to the domain, we need first to test if our domain controller is online by thinking it's IP address. So I need to excite it to the command line by typing the menu number 15. I type being followed by the IP address of the domain controller. Yes, the domain controller is online and it's replying to my pink. Perfect. Now let's test the DNS resolution by pinging the domain name corp dot Xin tech.com. The ping request could not find corp.syntax.com to fix that. We need to change the DNS settings on this server. Let's go back to the main menu by typing the S config command. To change the network settings, we need to use a menu aids selected the network adapter. Here we have only one network adapter cell type one. You can see that the peripheral DNS server points to this IP address, that we need to change it to the IP address of the domain controller. The alternate DNS server is the Google server. We keep this one and change it if we want to allow the server to access the Internet. In the real world, not all servers, a load to access the Internet for security reasons. To change the DNS settings, select the option to type the IP of the new DNS server. Then type the IP of the Alternate server AIDS dot dot, dot eight. Press Enter to confirm. Now let's test it. If we can ping the domain name. Yes, I can be in the corp.syntax.com domain name, this server, I can now resolve the domain name to IP address. We can go ahead and join this server to the domain. Choose menu one to join the server to the domain. You can type D to join the server to the domain, or W to join it to a worker group. I type D. Then I type the name of my domain corp dot Xin tech.com. Next, I need to specify the domain administrator username and password to join this server to the domain, the username is Administrator. I type the password. Joining the dots in tech.com, I get a word in stating that the changes will take effect after restarting the computer. Here you can read that the server has successfully joined to the domain. I tie that to restart the computer. Whoops, I wanted to change the computer name. I don't want to change the server name, so I will keep this blanket to cancel and press Enter. Now, let's restart the server by choosing menu 13 type Yes, to confirm. Perfect, this server has restarted. So let's open the administrator session. You can see here that the server is now a member of corp.syntax.com domain. You can also check this from the domain controller by going to the Tools menu. Then click on Active Directory, Administrative Center, click on computers. And here it is. Our server is a member of the domain. All the future servers and computers that you will join to the domain will be listed under this location. You did it. Good job guys. See you in the next lesson. 14. Join a Workstation to The Domain: In a previous lesson, we have learned how to join a Windows Server Core edition to the domain. This lesson will teach you how to join a Windows workstation to a domain. The process is pretty simple. You should first ensure that the workstation is online, as well as the Windows domain controller. On the Windows 11 workstation, you should ensure that the workstation can ping the domain you want to join. In our case, corp.syntax.com. For that, you need to change the DNS settings of the workstation and use as the primary DNS server, the IP address of the domain controller that holds the DNS server URL. Without that, the workstation couldn't reach the domain, as we can test by pinging the domain name corp dot Xin tech.com. The ping requests that could not find a host corp.syntax.com. And this is because I'm not using the correct DNS server to resolve this domain name. So let's change the DNS settings for this machine. I Right-click on the Start Menu. Then I click on Settings. In the search bar, I type Ethernet. Then I click on Ethernet settings next to the DNS server assignment section, click on the Edit button. Change the DNS setting from automatic DHCP to manual. Under the IP v4, toggle on the button, then type the IP address of the domain DNS server. For the alternate DNS server type, the Google DNS server IP address to a node, the workstation to reach the internet. When done, click on the Save button. Yes. Let's try a pink to the dots in tech.com domain. Yes, this time it works. We can reach the domain. Now. We can join these workstation to the domain. I go back to the settings, click on System, scroll all the way down to the bottom and click on About menu. Click on domain or work group, hyperlink. On the display window, you can see that the PC is by default member of our group. Here you can see the name of the PC. By default, windows give it the name desktop, dash, followed by random characters and numbers. We are going to change that in the description field. You can give this workstation description, e.g. admin PC. Now, click on the Change button to change the computer name. I will type w, r, K for workstation, followed by NY to specify the location of this workstation. And y stands for New York City. And I can add the year of acquisition 22, followed by a sequence number 001, naming your PCs or your servers depends on the naming convention. You use it by your organization. If it doesn't exist, choose one that best fits your needs. On member of section, click on domain, then type the name of the domain you want to join corp dot Xin tech.com. Click Okay to confirm. In gets prompted to enter the username and the password of an account with permission to join the domain, I will use the administrator account. I typed the password. Okay. I get a message that welcomes me to the dominant chord towards intake.com, the operation has succeeded, perfect. Now I get prompted to restart the computer to apply the changes. Okay, Let's do that. I close this window and restart the computer. I am prompted to open a session with the local account Xin. To open a session on the domain, click on other user. I type administrator the username. You can notice that in designing two, it shows the computer name instead of the domain name. If I go ahead, I will open a session locally and not on the domain. To specify two windows that I want to open a session on the domain, I need to proceed the administrator username by the domain name Xin tech, backslash administrator. Then I typed the password. Let's check if effectively the workstation is a member of the domain corp.syntax.com. I open the Settings window. Click on the About menu. You can see the new name of the workstation and the full name of the device includes the domain name. You can also check it by clicking on the domain or worker group hyperlink. You can see here the name of the domain we have joined. You can also check that on the domain controller. Open the Tools menu, then click on Active Directory Administrative Center. On the left side, click on computers. Here it is. Our windows 11 workstation is officially a member of the domain corp dot Xin tech.com. Good job guys. Thanks for watching and see you in the next lesson. 15. Windows Admin Center: In the previous lessons, we have used the Server Manager to accomplish administration tasks on the Windows server. The server Manager allows you to quickly manage a brand new server by adding roles and features. It lunch right after you login. It's a handy tool. The Server Manager is not the only administration tool you can use to manage your servers. Microsoft has another interesting tool. It is Windows Admin Center. You can use it to manage your on-premises systems as well as your system in Azure. Windows Admin Center is a web-based tool. It's accessible from your browser and allows you to perform nearly all your administrative tasks through the same interface. You can use Windows Admin Center in different modes, the two main modes, or the desktop mode and the gateway mode. The desktop mode, you and stone Windows Admin Center on your Windows ten or Windows 11 workstation, and from there, you manage your servers. This mode is typically use it by a single administrator. In the gateway mode, you install the Windows Admin Center on a Windows Server Machine and access the Admin Center tool from your desktop via your browser. This mode is suitable for large number of stuff. The Admin Center tool can be installed on Windows Server 2016, 2019. Of course, Windows Server 2022. There is an exception, though, you can't and start Windows Admin Center tool on a domain controller. As the tool is accessible via a browser, you should open the TCP port 65 16 on the servers firewall. On this course, we will understand Windows Admin Center on the workstation. In the upcoming lessons, I will show you how to download and start and use this tool. Thanks for watching. See you in the next lesson. 16. Installing Windows Admin Center: In this lesson, we are going to install the Windows Admin Center on the Windows 11 workstation. As I said previously, installing Windows Admin Center on a Windows ten or Windows. Workstation is suitable for a single administrator. If you are working on a team of mini system administrators, choosing the gateway server mode, installation would be better. Alright, let's download the tool. I open the web browser in the search engine type Windows Admin Center. The first result is the best match the Microsoft website. I will click on the download now link to open the download page. Under the Windows Admin Center section. Click on the Continue button to download the installation package. You need first to complete this form before you can download the package, I will do it quickly and check this box not to receive a new user e-mails from Microsoft. Then click on Continue. The download starts, wait till the end, then click on the Open, find a link to start this setup. I'm going to follow the setup wizard. Click Next. By default, the Admin Center will run on port 65 16. You can change it if you want. I will keep the default port and check can create a desktop shortcut to lunch Windows Admin Center. Finally, I start the installation. One more thing before I close the setup wizard and open windows Admin Center. Note that the first time you open windows Admin Center, you will have to select a certificate. So make sure to do it. I close the window, I close the browser, I double-click on the shortcut to lunch at the tool. Here, I need to select the certificates and click Okay. Windows Admin Center is loading. Perfect. Windows Admin Center is unsorted and ready to use. In the next lesson, we will see how to configure and use the tool to administer our servers. Thanks for watching and see you in the next lesson. 17. Using Windows Admin Center: The first time you launch windows Admin Center, you get these page with only the local machine on the list. To manage our servers, we need first to add them by clicking on the Add button. Windows Admin Center give us four choices to add machines to manage. We can add servers running Windows Server or Azure Stack. We can add the Windows PCs server clusters. And finally, we can add Azure VMs. As we are using on-premises servers. I will go with the first option to add my servers. You have three ways to add a server to manage. The first one is by typing the name of the server. You can also import a list of servers by using a text file or a CSV file. These are the two a load of formats. And the third way is by searching active directory. We can type the server's name and do a search. Or you can type asterisk to list all the servers available in the Active Directory. To list the servers from the Active Directory, make sure that your domain controllers server is running. To add the server, select it and click the Add button. This server has been added to the list in the type comment, you can see that it's a server. The last Connected time is never because we didn't connect to this server yet. The account user to manage this server is the domain administrator account. Alright, let's connect to this server and see the different tools we can use. On the left panel, there are different tools you can use to manage your server. Let's explore some of them and see what they can offer to the administrator. We are. The first one is the Overview tool. It displays general information about the server, such as the computer name, the domain name, the operating system running on the server. The version of these operating system, the standard memory, the available disk space, the processor, the manufacturer, VMware for the server, because we are running this server on a virtual machine on the VMware player. Here we have the CPU load, the memory utilization. And over here we have the network traffic over the Ethernet interface. Alright? There are Azure tools you can use if you have virtual machines running on Azure or Azure services, the devices to displace the different components of the server. We have batteries, disk drivers, keyboards, monitors, etc.. You can display the events login for that server, e.g. the system events. You can manage this server firewall and add incoming or outgoing rules. You can display the in standard applications. You can manage local users and groups. You can configure the network interface and change the IP address, e.g. you can even run PowerShell commands on the server. When I click on the PowerShell tool, it will display the PowerShell terminal. From the prompt, you can see that I'm connected to the domain controller server, and each command I will type will run on that server. E.g. I. Will type IP config to display the IP configuration of the server. You can open any of these tools in a separate window. It can be handy in some cases. You can display the running processes. You can manage the registry. Harry's an interesting tool, remote desktop that will allow you to open a session on the server remotely, you have to enter the username and the password. Ensure that the automatically connect with these certificates presented by this server machine. Checkbox is enabled, then click on connected to open a session. Now I'm remotely connected to this server and I can do what I have to do. Alright? You can use the roles and features tool to add a role or feature on the remote server, you have to select the role or the feature you wanted to add and click on the button. You can manage these services running on the server. Here you have the storage tool and finally, the Update tool to manage the updates on the server. Alright, now let's explore the Windows Admin Center Settings and see how we can configure and personalize this tool. The first setting is account. And as you can see, I'm logged into the tool with the domain administrator account. It's the same account. I have used it to open a session on this workstation. If you want to manage Azure services in the Windows Admin Center, you must be registered with an Azure account. You can change the language you want to use in Windows Admin Center. You can personalize the appearance of the Admin Center tool. You can choose between the light mode and the dark mode. The dark mode is pretty cool, I will keep it. The extensions setting allows you to add additional tools that are not available by default in Windows Admin Center. Some of these tools are developed by Microsoft and others are developed by third party companies. E.g. I. Can add the Active Directory tool to manage the Active Directory objects on the domain controller to install the tool, select it, then click on the Start button. It's installing. Once the tooth is installed, Windows Admin Center will reload the page. The tool is now installed it and as you can see, it's no longer listed in the available extensions list. It will be listed in the standard extensions. Let's go back to the Windows Admin Center Tools page to see the newly added the Active Directory tool connects to the server? Yes, the Active Directory tool is now available in the Tools list and I can use it. Let's go back to the settings page. Another interesting setting is the updates. It could be interesting to activate the auto update to get the latest updates when release it and benefit from the new tools and features. Alright, now that you know more about Windows Admin Center, I want you to add the second server to be managed ID then explored and test the different tools to get more familiarized with Windows Admin Center. 18. What's DHCP and How it Works: To communicate on the network, each device needs an IP address. This IP address will allow the device, whether a computer or a server, or a printer, to be visible to other devices in the network. There are two ways to assign an IP address to a device manually and dynamically, you can assign an IP address manually if you have a few devices on your network, less than ten, more than that, it becomes difficult to do it manually. Some organizations may have hundreds or thousands of devices in them network. In this case, a DHCP server would be of a grid help. A DHCP server is a network management protocol that assign IP addresses to devices that requested. The acronym DHCP stands for Dynamic Host Configuration Protocol. How does DHCP server work? When a DHCP server operates based on the client-server model. When a device, the client is first connected to the network, broadcasts a request to all devices present on the network, asking if there is a DHCP server. If a DHCP server exists, it will reply to the client by offering him and might be address the client then when request the IP address from the DHCP server. Finally, the DHCP server assigns the client with the IP address. The fourth steps we just describe it are often abbreviated as Dora, discovery of her requests to acknowledge. In conclusion, every device on your network and need an IP address to communicate. You can assign these IP address manually or dynamically using a DHCP server. Assigning IPs manually is not practical in large networks. It's a lot of work and maintenance. You have to keep track of each device, IP, so that you will not assign the same to another device with the DHCP server. However, the task is more straight forward. You have to set the IP range you want to use on your network. And the DHCP server will do the job for you, making sure to assign each device a unique IP address. 19. Configuring The DHCP Server: We will install the DHCP role on the domain controller server using the Windows Admin Center tool in this lesson, first, ensure that the domain controller server is running. Then launch the Windows Admin Center tool and connect to the server. In the tools list, select the Roles and Features tool. Select the DHCP server role and click on the Install button. The following roles and features will be installed. Dhcp server and DHCP server tools. If you check this box, the server will automatically reboot if required. I don't recommend you do that on a production server unless your server is redundant. E.g. if you have two domain controllers on your network, you can restart one of them without interrupting this service. When done, click on the Yes button to start the installation. You will get a notification that states that the installation has started. You can click on the bell icon to display the installation progress. Okay, the DHCP role has been installed successfully. But if you search for the DHCP tool in the Tools list, you will not find it. This is because the DHCP tool is not available by default and you need to add it from the available extensions. To do so, click on the Settings icon, then click on Extensions under the list of the available extensions. Select DHCP. Then click on the Start button. The extension is uninstalling. Okay, let's connect again to the server. Now, the DHCP tool is available in the Tools list, so you can use it to configure the different DHCP server parameters. But wait a second, we are not entirely done. A post deployment task needs to be completed before the DHCP server can assign IPs to domain join that computers. Here, I'm logged into the DHCP server. Over here, you can see a notification. It's a post DHCP deployment configuration task that needs to be completed. Unfortunately, these Notification doesn't appear when using the Windows Admin Center tool. A downside of using the Admin Center tool to add the new roles. You can miss some important notifications to ensure not to miss those notifications. Always open a session on the target server and check if there is any post-deployment notification. To complete this post deployment task. Click on this hyperlink on the display, the wizard, you can read that the following steps will be performed at the two completes, the DHCP server configuration on the target computer, it will create the following security groups, the DHCP administrators group and the DHCP users group. This will authorize the DHCP server on the target computer if domain joined, in other words, without creating these two groups on the Active Directory Domain Join at computers may not receive IP address from the DHCP server. I click Next On this page, you have to enter the username to use to create the groups and authorize the DHCP server in the Active Directory, usually you need to use an administrator account. I will use the suggested administrator account and click on the Commit button to confirm my choice. On the summary page, you can read that the security groups have been created. And I'm asking you to restart the DHCP server service on the target computer for the security groups to be effective. This is what I will do by clicking the Start button. I type services. Click to open the services. Let's scroll down and search for the DHCP server service. Heritage is I right-click, then click on restart to restart this service. This service has been restarted. Now, the DHCP server is ready to use. Thanks for watching and see you in the next lesson. 20. Prepare Your Network IP Plan: Before going further in configuring the DHCP server, you will need first to understand how we are network is organized it Let's say you are using the network 170 to 16 to 170 with the subnet mask to 55 to 55 to 550. This network will allow you to use 254 IP addresses. In other words, you can use a 254 devices in this network. Perfect, Now let's identify some devices you will encounter the most in your network. You will have servers, computers, printers, copiers, routers, and firewalls. It's not an exhaustive list. Of course, each of these devices will use a might be addressed to communicate in the network, and these IPs should be organized it in ranges for convenience, e.g. servers will use the IP range that starts at 170 to 16 to 1,710.30. The printers will use the range 31-40. The computers will use the range 41-100 and the router will use the IP 170 to 16 to 17. To the router is usually the gateway that allows the other devices to reach the external network. Now that you know we are network structure, it will be easy to create the dhcp scope to assign IDs to computers in the appropriate IP range. In another lesson, I will show you how to create and configure a dhcp scope. But for now, it's important to understand the importance of organizing your network IP structure. So back to the dhcp scope, there are two ways to define the dhcp scope. The first one is by creating a scope that uses the entire network range, starting 1-254. But if you do that, the DHCP server can assign a computer and might be addressed, reserve the two servers or printers. To avoid this situation, you need to exclude these two IP ranges from the dhcp scope. The second is to create a dhcp scope that only uses the IP range dedicated to computers. It's the simple and fastest way. Now that you have identified the IP range, it's trying to create the dhcp scope on the DHCP server. So thanks for watching and see you in next lesson. 21. Create The DHCP Scope: In the previous lesson, you have learned how to organize your network using IP ranges for each type of device. In this lesson, we will rely on those IP ranges to create DHCP scopes and assign IP addresses inside these ranges to devices. In the Server Manager, open the Tools menu, then click on DHCP. Let's make this window bigger. On the left, there is the DHCP server name. Under the DHCP server, there are two folders, IPV4 and IPV6. When you click on the IPV4, you are prompted to add a scope. In short, a scalp is a range of IP addresses assigned to computers requesting a dynamic IP address to create a new scope, right-click on the IPV4 container, then click on new scope. On the wizards first screen, click on the Next button. You need to enter a name for your scope. Let's name it PC, because we are going to use the scope to assign IP addresses to PCs. You can add a description if you want. When done, click on the Next button. Here you need to enter the range of addresses that the scope distributes. The starting IP address will be 190 to 168, to 17, 41, and the ending IP address will be 190 to 168 to 17 dot 100. The subnet mask is 255 to 55 to 550. I click Next to continue. Here, you can exclude a range of addresses that are not distributed by the DHCP server. In our case, I don't need to do that because the IP range I define it is exclusively dedicated to computers. So I click Next. Here you have to define the lease duration. The list duration specifies how long the client can use an IP address from this scope. By default, the lease duration is eight days when an IP address is assigned it to a computer. This one, we'll use it for eight days before the DHCP server can give this IP address to another computer, I will keep it a default value and click on the Next button. On this page, you need to configure DHCP options. Mainly you need to specify the default gateway, the DNS, servers, and winds settings for that scope. Keep the default selection on Yes and click Next. The first DHCP option you will need to specify is the default gateway, which is in most cases, the IP address of the router that allows the computers to access the external networks, in other terms, the Internet. In our case, the gateway IP address will be 1902168 to 17 dots into this is the IP address of the VMware virtual router. In a real environment, you will enter the IP address of your company router. I click Next. To continue. Here, you need to specify the domain name and DNS servers. The parent domain is my domain name corp dot Xin tech.com. And here you have the IP address of the DNS server. If you have more than one DNS server on your network, you can add them by typing the IP address and clicking on the Add button. This will allow the computers to use an alternate DNS server if the primary DNS server is not available. I click Next on this page, you can enter the winds servers. Wins is a Microsoft proprietary protocol that resolves net bios names of computers and servers to IP addresses. Nowadays wins Servers. Let's use it and replace it by DNS servers. So I'm not going to use this feature. I click Next. Finally, ask it if I want to activate this scope now, you can read here that clients can obtain address leases only if a scope is activated, I choose Yes. And I click on Next. Alright, I completed the wizard, so I click on Finish. Now you can see the newly created scope. There is the IP address of the network. And the scope's name. Under the scope, there is the address book. The address pool contains the IP range with the start IP address and the IP address. There are the address leases when the DHCP server starts assigning IP addresses to clients, you will see under this table be attributed IP address, the name of the computer, the lease, expiration, etc. The reservation can be used to tell the DHCP server to reserve a set of IPs for a specific devices. When this device asks the DHCP server for an IP address, the DHCP server will always assign these device the same IP address. There is no exploration leaves for that IP address. This could be interesting if you want to manage IPs of some type of devices using the DHCP server, e.g. you can create a reservation for the network printers to ensure that their IPs, we keep the same. Because if a printer IP keeps changing, users might not reach the printer and hence counts print their documents in the scope options, you will find the different options we set earlier, the router, IP address, the DNS servers, and the domain name. Alright, now that we have correctly set our scalp, there is one more step before the DHCP server can work appropriately in our lab environment. These extra step is unnecessary in a real environment. When you install VMware player, the setup program will deploy a virtual DHCP service to allow virtual machines you create to get an IP address. Let's log into the Windows 11 machine to show you that I open the command prompt. I type IP config slash or command to display the network configuration. Here we have the IP address, the subnet mask, the default gateway. And over here we have the IP address of the DHCP server assignment, the IP address to this PC. You can notice that it's not the IP address of the windows DHCP server to allow the Windows clients machine to get its IP address from the windows DHCP server and nods from the VMware DHCP server, you must disable this service. To do so, you need to open the Windows Start menu on your host computer. Type services. To open the services manager, search for the VMware DHCP service, heritages. I stop the service. Next, I need to disable this service not to run again the next time I restart my computer, apply, okay, now that the VMware DHCP service is disabled, we are ready to go. Let's do a test on the Windows 11 machine. First, I type IP config slash release to free up the IP address I get from the VMware DHCP server. Perfect. Next, I type IP config slash renew to request a new IP address. Yes, I get a new IP address. And then we 41, it seems that I get this IP from the windows DHCP server to be certain, Let's check it. On the Windows Server, I click on the address leases to display the IPs assigned it by the server. At first glance, it's empty. You need to refresh the view to see the data. As you can see here is the IP address of the windows 11 computer. In this column, you have the computer's name. The lease expiration. The unique ID represents the MAC address of the computer. Alright, we did it. Our DHCP server is working as expected. Thanks for watching and see you in the next lesson. 22. Introduction to Domain Name System (DNS): Dns servers are an important piece of the Windows domain ecosystem. The primary role of the DNS server is to translate the host names to IP addresses. You can look at the DNS server like a phone book. When someone wants to call a person who doesn't have their phone number, he searches for that person's name in the phone book, gets her phone number, and then makes the phone call. The same thing applies to the computer world when you want to open a webpage, say www.microsoft.com, your computer sends a request to the DNS server, translating these URL into an IP address and sending it back to your computer to establish the connection. This operation is called name resolution. Back to the beginning of the Internet, name resolution was implemented with a simple text file called hosts file, that contains a simple list of all servers on the Internet and their corresponding IP addresses. But as more and more servers were added to the Internet, maintaining this file became complicated. Dns servers implement a hierarchical method of name resolution in which servers are resorbed only a specific segment of hosts on the Internet. And delegates are requests that they did not manage. E.g. the DNS server of your local domain can only resolve the names of computers, servers that belong to your domain. To resolve URLs on the Internet, your DNS server will forward the request to public DNS servers on the Internet. On Windows Server Operating Systems. Dns servers keep records of all devices in the network and their corresponding IP addresses. So when you want to connect to a device on the network using the devices name, the DNS server will look at its record set to find the entry corresponding to the device name and get the IP address that allows you to connect to that device on Windows server, a DNS server role is automatically added when you create a domain controller. To add additional domain servers, use the Add Roles and Features in the Server Manager. It was a brief introduction to DNS server concepts. We will go into more detail in the upcoming lessons. Thank you for watching. 23. Understand DNS Zones and Records: A DNS zone is a portion of the domain name space that contains DNS resource records that allow a client to resolve a domain name to an IP address. Windows server will automatically create a DNS zone for your domain name. When you create your first domain controller is my domain name is corp.syntax.com. Dns zone for that domain is created and will contain all network devices that are part of this domain and their corresponding IP addresses. There are mainly two DNS zone types, forward lookup zones, reverse lookup zones. The Forward Lookup Zone resolves names to IP addresses, e.g. if a user wants to reach a server using its name, the request is sent to the DNS server that looks in its forward lookup zones for a corresponding IP address. To illustrate that type, the NS lookup command followed by the hostname. As a result, the command will return the fully qualified domain name of the host and its IP address. The second zone type is a reverse lookup zones. It does the exact opposite of the Forward Lookup Zone. It's matches an IP address to the host domain name. It's like knowing a person's phone number, but not knowing her name. When you type NS lookup followed by the device IP, the DNS server will receive a request for matching this IP address to a hostname if the corresponding record exists in the server lookup zone, the DNS server will return the fully qualified domain name. The reverse look up zone is not active by default, you should create it manually. When you issue an NS lookup command with no reverse lookup zone defined it, you will get your replied that says can't find the IP address non-existing domain. Now, let's talk about DNS resource records. At the beginning of this lesson, I said that DNS zones contain DNS, the resource records that match a network device name to its corresponding IP address. Resource records can do more than matching names and IP addresses. Some can indicate which service server can deliver to the client, the head or the resource records you may encounter host a records also known as an a record. It's the most common DNS resource record. These kind of resource record contains the hostname and its associated IP address. Host. A resource exists for IPV4 or IPV6 that is hosted quiet a record. The earliest or CNAME record allows you to provide an alternate name to an existing host record, e.g. if your file server DNS name is the following, you can create an alias record with the following name, fine.corp.syntax.com. So whenever you want to access your file server, you can just use the earliest name instead of the hostname. The audience will redirect the query's to the host record. You can see a friend. The advantage of using the alias, it's convenient, easier to remember the earliest name instead of the complicated the hostname. The second advantage of the earliest name is when you replace your server. Imagine that you want your users to use a new file server instead of the old one. In this case, you need to change the file server name references in each of your users computers. But if you configure your users computers to use the alias name, the only change you need to make is just to point the earliest to the new file server name. You will proceed with the word change. Instead of doing changes on every computer, pointers, records or PTR enable you to connect an IP address to the hostname. They are hosted in the reverse look up zone. If an appropriate reverse lookup zones exists, a PTR record is automatically created by default when you create a host record, main exchanger records are used to locate the main server responsible for accepting email messages on behind domain name. Suppose you have a mail server like Microsoft Exchange in your domain. You probably have mimics record on your DNS servers that points to that mail server. When an email is sent to a main box in your domain, the center main server will issue a dynamics and lookup request to get the IP address of your mail server if an MX record exists in your DNS servers descending main server, we establish a connection with your mail server to send the e-mail. That's all for this lesson. Thank you for watching. 24. Create DNS (A) Record: In this lesson, I will show you how to create a host, a record on the Server Manager. Click on the Tools menu, then click on DNS to open the DNS Manager. On the top-left side, you have the DNS node under which you will have the DNS server. And beneath the DNS server node, you have designs. Zones you will work on the most are the forward lookup zones and the reverse lookup zones. If I expand the Forward Lookup Zone, sir, I will find my domain name, corp.syntax.com. If I click on it, you can see the different records on the right side of the panel. Most of the records under the Forward Lookup Zone, our host a records with the hostname, the type of the DNS records, and the host's IP address. You can notice that some records have this name between parenthesis, same as parent folder. This means that this record represents the DNS server itself as indicated by the IP address. Also, as I said in a previous lesson, summary, courts and decades, the service delivered by the host. Here, the server provides the name server service. Most of these host a records are created automatically when the host joins the domain. If a specific condition is met, I will bring the windows 11 books to the front to show you what the condition is. I open the control panel. Click on Network and Internet. Then on Network and Sharing Center. I click on the Ethernet interface to open the properties panel. Click on the Properties button, selects a IPV4, then click on Properties. Click on the Advanced Search button, click on the DNS. This property you see here, registered these connections addresses in DNS. Check it allows the horse to create a host, a DNS record. This property is selected by default. So if you don't see the DNS record related to a host, you should start your troubleshooting by verifying if this property is jacket or not. Let's close those windows. I switch back to the Windows Server. Before creating the DNS record, you may ask, why should I need to create a DNS record manually? The answer could be the need to access a network resource like a printer using a DNS name and instead of the printers IP address. Once your printer is referenced in your DNS server, it will be more convenient for you to use the printers DNS name instead of its IP address to create a host, a record, right-click and then select a new host. First, I need to type the hostname. I will type printer zero-one. Then I type the IP address of the printer. When done, click on Add the host. Yes, the host, record the printer zero-one with the fully qualified name was successfully created. Perfect. Parody is the new DNS host a record we, the associated IP address. 25. Create DNS Alias Record: In this lesson, we will see how to create a CNAME record. C name stands for canonical name. Think of it as an alias name. It refers to the same object who's in a different name. Let's illustrate that. Let's say we have a DNS record for the server. Nyse larvae be zero-one with the IP address set 192-160-8010. So whenever you want to access the server, you must use either the IP address or the host name. In a small network with fewer servers, you may remember the IPs and the host names, but it's hard to remember all the IPs in a large network with hundreds of servers. On top of that, if the organization you work in uses and friendly names for its servers, it will be hard for administrators and users to use those servers. To access servers more efficiently. You can use a CNAME records with easy to remember servers names if the server and why a survey zero-one hosts a file server service, you can create a CNAME record. We the alias file share and pointed to the host a record. So every time a user wants to access the files server, here we'll use the alias instead of the complicated a hostname. Another scenario where the DNS CNAME record could be helpful is when two services are hosted on the same server. Imagine that the server hosts a print service on top of the file sharing service, you can then create a second CNAME record with the printer. From the Server Manager, click on the DNS link in the left pane and then click on the DNS server you want to manage. In our case, we have only one DNS server on the list. I right-click on the DNS server, then on the DNS Manager. On the DNS Manager, I double-click on the domain corp.syntax.com. This will display the DNS records for that domain. Most of them are host a records to add a CNAME record, I right-click, then I click on new alias C9. In this window, I need to enter the alias name. It will be file share. I need to type the fully qualified domain name for the target host in this field. Or I can browse and search for it. I double-click on the DNS server, open the lookup forward zone, open the cooperators in tech.com directory. I scroll down and select the SR v p or t zero-one host, which is the core server with the IP address. I click OK to validate. So I have the alias name and the fully qualified domain name for my target host. Perfect, I click Okay to create the record. Alright, Now let's test. If all of this works. I can do a test using the ping command. I type being followed by the earliest name. Yes, I got a reply from the target host. Now, users can access a file shares on that server by opening File Explorer and type in backslash, backslash, find, share, and heritage. So CNAME records or alias names are helpful in those situations. Now, let's pretend that the target host, 190 to 168 to 17, 20 will host a file server role and a printer server role. I want you to create a second CNAME record for the same host target and give it the name printer. Just follow the steps I did. 26. Backup and Restore Introduction: As a system administrator, your role is to ensure the organization's data is safe and available to users. Anytime, you must ensure that you always have an up to date copy of the organization's data available and read to use in case of a loss of the original data. By data, I mean any information valuable to your organization. It could be simple files like Word documents, Excel spreadsheets, customer databases, payroll databases, et cetera. This operation of safe keeping, the data is called backup. Many stories exist of companies that have gone out of business because of data loss due to a cyberattack, hardware failure, or natural disaster. As you may guess, backup is essential and neglecting it may lead to big trouble for your company. Let's see in detail why you should take backup operation seriously. Backup helps prevent data loss, whether it's accidental or on purpose. For example, a user could accidentally delete his Excel spreadsheet and ask you to restore it. There are also examples where a user screws up a file and wants to return to an older version. Data loss could result from system crashes or hardware failure. Even if nowadays servers are more robust with redundant parts, multiple disks, and CPU's, it's not rare that hardware failure occurs and leads to server inoperability. In that case, you must be able to restore your data to a new server. If necessary, cyberattacks and ransomware could result in data destruction or encryption. And if you don't have a good set of backups, you may be forced to pay ransom to the cyber criminals with no guarantee to recover your data. Backups also help you to recover from a disaster. Your server room could take fire or be flooded or hit by an earthquake, but if you keep your backup set in the same facility, you will lose your servers and backups. The best practices suggest keeping one copy of the backup media a remote location. Another reason why backup is important is for archive purposes. Archiving data is essential for various legal, regulatory, and business reasons. Here are some examples of legal reasons. Compliance with data retention laws. Many countries and industries have specific data retention laws and regulations requiring organizations to retain certain data types for a specific period. Failure to comply with these laws can result in legal penalties. For example, the Sarbanes Oxley Act mandates the retention of financial records for seven years. In the United States, specific industries such as healthcare, finance and telecommunications have specific regulations that require organization to retain data for compliance purposes. Archiving helps organizations meet these regulatory requirements. Tax compliance. Tax authorities may require organizations to retain financial and tax related records for a specific period. Archiving these records helps ensure compliance with tax laws. Archives are generally stored off site in a secure, remote location. If the archive is stored on a tape, you should consider storing a compatible tape drive with your archive and the appropriate software for reading the tapes. Imagine after six years you need to access your archives and your newly acquired tape drive or backup software cannot read the archive tape, you will be in trouble. Now that you know the importance of doing backups, the next step consists of identifying the data to backup. This is generally done by following the organization's policy if it exists. Otherwise you should create one will significantly help you to perform this task. Usually, the organization's policy contains the following sections back up data specifications. This section should define what data is to be backed up, including file types, folders, and applications. Identifying data to backup is an exercise you should conduct by involving key stakeholders. Talk to your business owners, department heads, and other key stakeholders to get their input on which data is most critical to your organization. Other data is more system related. This is the data that is required for your operating systems and other system software to function properly. Having backups of this data will help you restore your servers and applications more quickly, schedule and frequency. This section should specify how often backups are to be performed. The frequency will depend on the criticality of the data and the risk of data loss. The more critical the data, the higher the backup frequency backup method. This section should specify the method for backing up data. It could be local backup, a cloud backup, or hybrid backup. Each one of those methods have their advantages and disadvantages. For example, a local backup offers a faster recovery time compared to a cloud backup, especially for large amounts of data. On the other hand, the cloud backup is accessible from anywhere with an Internet connection. It's helpful in case you recover from a disaster by setting up a new infrastructure in a remote location. Retention periods, this section should specify how long backups will be retained. The retention period will depend on the regulatory requirements and the business needs recovery procedures. This section should specify the procedures to be used to recover data from backups. This should include steps for testing and validating backups. Now that you have identified the data to back up and established your backup policy, it's time to talk about the backup schedule. But before we do so, you need to understand the different types of backups. There are mainly three main types of backup, the full backup, the incremental backup, and the differential backup. Understanding those three types of backups will help you set up your backup schedule accordingly. A full backup, as the name implies, involves copying all the data in a specific data set or system at a given point in time. Full backups are comprehensive and can be used to restore data without needing any other backup sets. They are also easy to set up. The downside is that full backups consume more storage space and take longer to complete than incremental and differential backups. Because of that, the typically performed less frequently due to their resource and time intensive nature. Generally speaking, a full backup is performed once a week or once a month. To better understand, let's consider this scenario. On Sunday, our source data size is 3 gigabytes. The data grows by 1 gigabyte each day. On Sunday, the full back up size is 3 gigabytes on Monday. The back up size will be 4 gigabytes on Tuesday, five gigabyte, and so on. For example, if those backups are stored on an S, the final backup size on Wednesday will be 18 gigabytes. This is why you should be careful with full backups, you can quickly run out of storage space. The incremental backup only copies the data that has changed since the last backup. It's faster and requires less storage space than full backup. The downside is that you cannot restore an incremental backup without the full backup. Let's take the same scenario where we have 3 gigabytes of initial data to back up. As we can't perform an incremental backup without first performing a full backup, we do a full backup of our three gigabyte data on Sunday. On Monday we will perform our first incremental backup that results in 1 gigabyte of backup data representing the daily data growth on Tuesday. The incremental backup size will be 1 gigabyte, and so on. Because the incremental backup copies the data changed since the last backup, the incremental backup size will be 1 gigabyte daily on Wednesday. The total backup size on the repository will be 6 gigabytes. It's much smaller compared to the 18 gigabyte of the full backup scenario. The differential backup only copies the changed data since the last full backup. Not the nuance here, like the incremental backup that copies data since the last backup, the differential backup always takes the last full backup. As a reference to illustrate that, let's take our backup scenario. We performed the full backup of 3 gigabytes of data on Sunday. On Monday we have 1 gigabyte of additional data to backup. On Tuesday we have another 1 gigabyte of additional data, but the differential backup will copy 2 gigabytes Because between the full backup on Sunday and on Tuesday, we have a data growth of 2 gigabytes following the same logic, the differential backup. We'll copy 3 gigabytes of data on Wednesday. The total size of data backed up till Wednesday is nine gigabyte Regarding performance and data size, the differential backup sits between the full backup with 18 gigabyte of copied data and the incremental backup with 6 gigabytes of copied data. Now that you better understand the different types of backups, let's talk about backup schedule. Usually, when creating our backup schedule, we typically consider the backup types we will use and when we should run our backup. For example, when performing a full backup to copy large size of data, you had better launch it on the last day of the week at night and let it run throughout the weekend. Be aware that a full backup is resource and time consuming. If you run it during business hours, it could negatively impact the production system, Usually in your schedule. You need to perform a full backup once a week, usually on the last day of the week, or during the weekend for the rest of the days of the week. You perform an incremental backup. Now that you have secured your data by backing them up, you have to consider protecting the backups themselves. It's very important the backup should be protected from unauthorized access and from being altered or destroyed. You protect your backups from unauthorized access by encrypting them. Most of the backup software offers this functionality. Even if the Windows server backup service does not provide backup encryption functionality, you could use third party encryption software. Choose a secure location to store your backups. You can put back up media in a safe located in a secure room. Far enough from the machine room. It will ensure that if something happens in the machine room like a fire, it will not affect the backup media. It's even better to have multiple locations to store your backups. The 321 rule is a good guideline to follow having three copies of the backup, two of which are local, but on different types of media such as a hardware drive and an external hard drive with at least one copy stored off site. This will help protect your data from various threats such as fire theft and natural disasters. How do you feel on the day when you attempt to restore a backup only to discover that it's completely unusable? This frustrating scenario is a common challenge for mini system administrators who have overlooked the critical step of testing their backups to guarantee the readiness of your backups for the moment you require them, it is imperative to conduct regular testing. You can set up a schedule for these tests, either monthly or quarterly, by restoring a backup within a dedicated testing environment. Typically utilizing dedicated servers for these purposes. In conclusion, as a system administrator, your role in ensuring the safety and availability of your organization's data is crucial. Here is a summary of key takeaways. Your primary responsibility is safeguarding the organization's data, including everything from documents and spreadsheets to databases. Neglecting backup can lead to severe consequences, including data loss due to accidents, system failures, cyberattacks, and natural disasters. Backup helps prevent data loss, whether accidental or intentional. Its safeguards against system crashes and hardware failures. Ensuring data recovery protects against system attacks and ransomware by enabling data restoration without paying ransoms, allows recovery from disasters by keeping backup copies in remote locations, serves legal and regulatory compliance requirements. By archiving data full backups copy all data are comprehensive but resource intensive, and are typically performed less frequently. Incremental backups copy only changed data since the last backup, saving storage space, but requiring a full backup for restoration. Differential backups copy data changed since the last full backup, offering a balance between size and performance schedule. Full backups during non business hours to minimize disruption. Perform full backups weekly, usually on the last day of the week or during the weekend. Use incremental backups for daily data changes, encrypt backups to prevent unauthorized access, store backups in secure locations. Such safers in a separate secure room follow the 321 rule. Maintain three copies of backups, two locally on different media types and one of site to protect against various threats. By following these guidelines and understanding the importance of backup and data protection, you can effectively fulfill your role as a system administrator and ensure the continuity of your organization's operations even in the face of unexpected challenges. 27. Install Windows Server Backup Feature: The Windows server back up feature is not available by default on the Windows server. Before you start backing up your servers, you must install this feature. To do so, click on the Role and Features link on the dashboard, on the Wizard. Click Next, Keep the role based or feature based installation option selected and click next. This screen, you must select the server you want to install this feature. Here you can see our two Windows servers in the list select the server on which you want to install the feature. If you forget the server name, you can get it by clicking on local server, and here is the local server name. Okay, I select my server and click next. Windows Server Backup is not a road, it's a feature. I click on Features. I scroll the features list all the way down. I click on the Windows Server Backup feature, then I click next. Before I click the installed button, I want to talk about this feature, restart the destination server automatically if required. If I check this feature, I will get a warning that says if the restart is required, this server restarts automatically without additional notifications. I don't recommend enabling this option, especially on a production server so as not to disturb your system. If a restart is required, you must schedule it outside business hours. Now I click on the installed button to start the installation and wait till the installation completes. All right, the installation is completed. I can close the wizard. You can now start using the Windows Server backup feature by clicking on the Tools menu, scrolling down and clicking on the feature. The Windows server backup panel opens, and now I can start backing up my servers and data. We will see how to use this feature in detail in the following lectures. 28. Backup LAB Preparation: Before we start backing up data and restoring it, we need first to prepare our lab environment. The scenario we are going to use is to back up data from the Guy server to the core server. For that, we need to create a shared folder on the core server that will receive the backup files. First, ensure that the two servers, the guy server and the core server are up and running on the core server type 15. To excite to the line command, we are going to create the shared folder by using powershell commands. The first command I'm going to use is the new item command to create the shared folder or the folder on this server. Because the next step is to share this folder, there are two steps. I'm going to type this command, new item name. I give the name for my folder. For example, share path. I need to specify where I'm going to create this folder. I'm going to create it on the C drive. I need to specify the item type. Whether it's a file or a folder item type. It's directory enter. My folder name share has been created. We can check that by typing the command C, colon backslash. Here you can see the folder we just created. Now the next step is to make this folder sharable with other users. For best practice, I'm going to share this folder only with administrator because the data we are going to save on this folder are sensitive and we need to avoid that everyone will access this share and access this data. I'm going to create the share by issuing this command, new SMB share, Here it is. Name my share, rename it share. I need to specify the path of the folder. I'm going to share my case, it's on the C drive. Okay. And I need to specify the access rights. As I said, we are going to grant full access to just administrators users. And hit Enter. Okay. Now the folder has been successfully shared, now we are ready to go. 29. Performing a Full Backup: Now that you have correctly installed the Windows server backup feature, you are ready to perform nor first backup. In this lesson, we are performing a backup and storing a copy of that backup on the Windows Core Server. Ensure that the Windows Core Server is up and running back to the gooey version on the Server Manager dashboard. Open the Tools menu, then click on Windows Server Backup. Before performing our backup, let's look at the window server backup window. The window is split into three areas. The actions panel, the local backup panel in the middle, and the local backup panel on the left. When I right click on the local backup icon, I get a list of tasks, backup schedule, backup ones, recover, and configure performance settings. You can notice that the same task list exists on the actions panel on the right side, on the central panel, you have list of messages representing the state of the backup and recovery tasks executed on this server. To see more details about any task, double click on it. You can see the backup location where the backup copy is stored. Here is the tasks status, whether it's success or a failure. Under the status details zone, you have the tasks start and end, the time, the size of the backup copy transferred. If you want to see more details about the backup content, click on View List of all backed up files. Okay. Under the status area, you have the status of the last backup. It was a successful backup time when this last backup was executed and you can click on View Details to get more details about this backup in this area, You will see the status of the scheduled backup if any. In this case, we don't have any scheduled backup, we cannot see any status under all backups area. You will see the total backups performed on this server, the date and time of the latest copy, the date and time of the oldest copy. You can see the details of the different backup copies here. Okay. Now we are ready to perform our first backup. I click on the backup once shortcut, which will allow me to run a one time backup on the displayed wizard. I get the different options selected by default because I won't create a scheduled backup. I click the next button. Here I must select whether I want to perform a full server or custom backup. A full backup will perform a backup of the wall server with the data application, system state, et cetera. The backup size will be almost 16 gigabytes of data. The custom backup will allow me to back up individual folders, files, or drives of the server. Let's begin with a full server backup. I click next. At this step, I need to select my backup destination. Whether I want to store my backup copy on the local drives on the same server or a remote shared folder in a different location. Storing the backup copy on the same server is not recommended because if something bad happens and it's caches, you will lose access to your backup copy. Better option is to store your backup copy on a remote location, such as shared folder on another server. I click next. Here I need to specify the location of the remote folder by typing the part of that folder. I enter backslash. Backslash, followed by the server's name or its IP address backslash, and the name of the shared folder. Under the access control area, I have the inherit option selected by default. This means that this option makes the backup accessible to everybody who has access to the specified remote shared folder. Select this option when you are sure the remote shared folder is only accessible by authorized persons, for example, the ITT. If you are not sure about the remote shared folder and who has access to it, choose the note inherit option. The wizard will prompt you to enter the credential of the user who will access to the backup copy. All other users without this credential cannot access the backup copy. Remember that as a system administrator, you must protect the organization's data to prevent unauthorized users from accessing sensitive data. I will keep these options selected and click next. Now I will enter my credentials. I type the domain name, the user will be the administrator. I enter the password on the confirmation page, check the options you have read, and if everything is okay, click on the backup button to start the backup operation. All right. The backup has been completed. I can close the wizard here, you have the backup status. It was successful. You can see more details, the size, and the items backed up. Okay. Now, let's test the access rights to our backup. We have selected earlier in the backup wizard not to inherit access rights. Normally, only the administrator can access the backup copy. Any other user will not be able to access the backup copy First, I will try to access the backup copy as an administrator from this server. I open Windows Explorer, I type the path to the shared folder, open the shared folder, I can see the Windows image back up folder, I open it. Under that folder, you have the folder with the name of the server we have backed up. Inside this folder, we have the backup folders and files. If I open the backup folder with the backup name and the date and time, I will see the backup copies with the other files representing the meta data necessary for the recovery operation. The first file is the main backup copy with 15 gigabytes of size. There are other backup copies that represent the system state and other system files and other XML files that are metadata. Metadata is not a user or system data, but is the data necessary to the system to perform a task, such as a recovery task. Windows creates multiple backup copies to allow us when performing a restore. Select individual items to restore, for example. In some situations we need to recover the system state without having to recover the entire server. Now let's see if another user other than the administrator, can get access to the backup copy. For that, I will use the Windows 11 machine. All right, let's open a session. As a regular user, I created a user named Tony Stark for fun. I entered the password. I open Windows Explorer, then I enter the backup shared path, open the shared folder, you can see the Windows Image backup that contains the server backup copy. Now let's see if Tony Star can open the backup folder. No way even Iron Man cannot access the backup folder. In the next lesson, we will see how to perform a custom backup. 30. Performing a Custom Backup: In this lesson, I will show you how to perform a custom backup. Sometimes you don't need to save the wall data on the server and only need to save specific files or folders. Here is when custom backup comes in handy. To run a custom backup, I click on Back up, one shortcut, click here, I select Custom and click next. Here I need to add the items I want to back up, Let's pretend that I want to save the temp folder content. I select that folder, click okay, I click next, I select the storage destination on the remote shared folder. I click next, I enter the path to the remote shared folder. When performing a full backup, I have chosen not to inherit permissions. For this case, I will choose inherit permissions so that we can check if someone else could get access to the backup copy. I get a warning stating that the shared folder already contains a backup, and if I want to overwrite that backup, I click okay to confirm. Finally, I run the backup. The custom backup has completed successfully, so I can the wizard, I can now see the details of my backup by clicking on View Details. I click on View List of all backup files. Here is the list of the items back up. Perfect. Let's close this. It's the moment of yes, this time Tony Stark was able to access the backup folder. Tony was able to access the backup folder because he already has permissions to access the shared folder and all its contents. If Tony Stark is a member of the IT team and is authorized to work on backups, that's fine. Otherwise, it's not good. You must be careful with the security of your backup. Even inside the IT team, not everyone may be allowed to access the backup copies. This depends on the security policies of your organization. Congratulations, now you know how to perform a custom backup. 31. Schedule a Backup: In this lesson, I will show you how to schedule backup. A scheduled backup is executed automatically and regularly at a specific date and time. Scheduled backups give you peace of mind. You don't have to worry about running your backup manually with the risk of forgetting schedule a backup in Windows server, click on the backup schedule, shortcut in the action panel. The first page of the wizard explains how you need to create a scheduled backup. You need to specify what you need to back up whether a full server backup, a system state backup, or selected files and folders backup, When and how often to back up your server and where to store the backups. I click next here, I need to specify whether I want to perform a full server backup or a custom backup. I will choose custom backup and click next. Here I need to add the items I want to back up. Let's continue with saving the ten folder example. Click here, I need to specify how often I need to run my backup. The first option is once a day, and you can pick the time of the day from the list. If you need to run your backup more than once a day, choose the second option and pick the times from the list. For the demonstration purposes, I will select once a day and select the time. Let's say 12:00 A.M. I click next in this page, you need to specify the destination of your backup. You can choose to back up to a hard disk. In this case, you must use dedicated hard drive for the backup if there is no available disc attached to the server, you will see this message when you click on Next. No disc available for use as a backup storage. To use this option, make sure that the server has another free local disk or plug a USB disc to the server you can choose to copy the backup to a volume. Volume is logical storage space within a partition of a disc. Example, you can have one physical disk on your server, but this disc is formatted into two partitions. For example, the first partition will contain disc volume, and the second one the disc volume D. You can choose volume D as destination for your backup. Finally, you can back up to a shared folder. I select this option and click next. Get warning that when you use a remote shared folder as a destination, each backup will raise the previous one and only the latest backup will be available. This is an important point to have in mind. Windows backup doesn't offer the possibility to create incremental or differential backups. If you want to keep multiple backup copies, you must move the previous backup copy to another storage location before the following scheduled backup fires up. Okay. Now I need to enter the backup location. I enter the path to the remote share. I click next, I need to enter the user's credentials, who has right access to the share. Okay. On the confirmation page, review the options you selected. If accurate, click on the finished button to create the scheduled backup. Okay. The scheduled backup has been successfully created. The wizard now you can notice the Windows backup tool has added this section here with information on the scheduled backup. Here are the settings, the backed up items. You can read selected files located on the C drive. There is no file excluded from the backup. Here is the backup technique used by Windows. The destination to the shared folder, the backup day and time. Here you can read more details about the destination you have, the path, the capacity of the remote storage. In this case, there is no information available when using an S or an external disk. You may see more details about the storage capacity, used space, et cetera. This lesson showed you how to schedule automatic backups on a Windows server. Remember that scheduling backups ensures regular data protection without manual intervention, reducing the risk of forgetting to back up important data. The Windows server backup feature allows performing basic backup operations if you want more advanced backup functions such as incremental and differential backup, and more flexible backup frequencies, you must use third party software. 32. Restoring from a Backup: Now that you know how to perform a backup, it's time to recover your packup. You will perform a backup recovery mainly in two situations. You recover data because the original one has been deleted, corrupted, encrypted by ransomware, et cetera. The second case is to test your backups. What is the backup utility if it's available on the day you need it? Testing your backup from time to time is mandatory to recover a backup. Click the recover link in the actions panel. Here you need to specify where your backup is stored are two options on this server or in another location. If I select the first option and click next, you will see the available backups executed on this server. The oldest available backup was executed on this date. You can also see the same date involved on the calendar. The newest available backup was executed on the 11th of the month. It's highlighted in bold on the calendar between the oldest and the newest backup. Another one is executed on Sunday eight. When you select the backup you want to recover. You can see here the date, time, and backup location. Here I click next. Here you have to select what you want to recover, files and folders. Hypervi is not available because our backup doesn't concern Hypervisor volumes. If you have backed up an entire volume, applications and system states would be available. If we have done a full server backup, I will keep files and folders selected and click next. Here are the available items contained in the backup. When I click on the Temp folder I saved earlier, you will see its content. From here, you can select all the files or just the files you want to recover. I will select this file to recover, and click next. Here I need to choose the recovery destination. I can choose the original location or another location. Let's keep the original location selected. Here I need to specify if the recovery process will create a copy of the recovered item so that I will get the two copies. This is useful to avoid mistakenly overwriting a good file because sometimes errors happen and you don't recover the correct file, you are sure you can overwrite the existing version. I don't recommend this. You can also choose not to recover the items that already exists on the recovery destination. This can be useful when, for example, you are restoring deleted files. The recovery process will then recover only files not present in the destination. The security settings allow you to specify if you want to recover items with the same original access rights. I keep this option selected. I select Create Copies and click next. Review your settings on the confirmation page. If everything is okay, click on the Recover button to start the recovery process. All right. The file recovery process has been successfully completed. I can close the whizzer if I want to see details about this recovery. I double click on the latest message. If you want to see more details, click on View List of all recovered files. You can see that I have restored to the Temp folder. This file here is the date and time of the file copy I have restored. Now let's open Windows Explorer, Open the Temp folder. As you can see, here is the original file, and here is the restored file copy. Now if I am sure I have restored the correct file, I can remove the original file and keep the copy. Congratulations, Now you know how to recover data from a buckup. 33. Introduction To Virtualization: Before the advent of virtualization, organizations relied on physical servers to host their applications. System administrators adhered to best practices by assigning one server per application. However, this approach often resulted in resource wastage, as applications did not consistently utilize all allocated resources, leaving them idle. Meanwhile, the organization incurred necessary costs for power and cooling inactive servers. Launching a new application requires the purchase of a new server, followed by the set up of the operating system and necessary configurations. A time consuming and expensive process. Virtualization emerged as a transformative solution, reshaping the landscape. Instead of acquiring individual servers for single applications, organization could invest in large, more potent servers to host a hypervisor. This hypervisor in turn, could manage multiple virtual servers known as virtual machines. Vms Virtualization significantly streamlined processes for system administrators and organizations. It enabled the rapid deployment of servers to meet the demands of various teams for projects or to scale existing capacity, thereby enhancing overall efficiency. Here are some key benefits of virtualization. Resource optimization efficiently utilize hardware resources by running multiple virtual machines on a single physical server, reducing hardware costs and energy consumption. Cost saving, consolidate servers, reduce hardware requirements and lower operational costs by running multiple virtual machines on a single physical server. Flexibility and scalability easily scale up or down by dynamically allocating resources to virtual machines based on demand. Providing flexibility and adaptability to changing workloads. Faster provisioning an administrator can quickly deploy new virtual machines, reducing the time required to provision and configure hardware resources. Familiarizing yourself with key terms related to virtualization is crucial. One fundamental term is Hypervisor. Hypervisor is software or firmware that enables the creation and management of virtual machines on physical server, allowing multiple operating system to run independently and efficiently share hardware resources. The host refers to the physical machine or server that runs the Hypervisor. The guest refers to a virtual machine, VM, running on Hypervisor within host system to enhance comprehension of these concepts, visual representation can help a lot. At the bottom, there is the hardware layer, which is the physical server. On top of that, there is the host OS, which is the OS that runs on the physical server. Then there is the Hypervisor, the software that allows us to create, manage, and run virtual machines. Finally, virtual machines are running their operating system, referred to as the guest OS. In conclusion, Virtualization transforms IT infrastructure, offering efficiency, flexibility, and cost effectiveness by optimizing resource usage, providing scalability and streamlining processes. Virtualization has become an indispensable tool for modern organizations. Armed with a solid understanding of key concepts like the hypervisor and the roles of hosts and guests, you are ready to delve deeper into the Windows virtualization world we will discover in the upcoming lessons. 34. LAB: Installing Windows Server Data Center: This lesson focuses on crafting a new virtual machine within our lab environment using VMware Player. Our goal is to install Windows Server Datacenter Edition. Window Server. Datacenter Edition allows us to create multiple virtual machines on a single server. If you remember the first lessons when we talked about the different Windows Server editions, we said that the Windows Server Standard Edition allow us to create a maximum number of two virtual machines. If we need to create more than two virtual machines on the same server, we need to install the Datacenter Edition. The virtual machine we will create in our lab will have the following capabilities. Two virtual CPUs, 4 gigabytes of Ram and 50 gigabytes of disk space provide enough resources to run a virtual server effectively for our testing purposes. After our VM is created, we will install the Window Server Datacenter Edition on it. We need to meet some prerequisites so we can use the Window server Datacenter Edition effectively. As our goal is to run a virtual machine inside the nother virtual machine. The CPU of the computer you use for your lab should support virtualization technology. Most modern Intel CPUs, as well as IMD CPUs, support this technology. You activate this feature in the bias if it's not already activated. I will show you later how to check if this feature is available on your computer before we create the new VM on VMware. First I will show you how to check if your computer supports CPU virtualization feature and if it's enabled to do so, click on the Start menu type system. Then click on System information on the System Summary page. Scroll down and check if these lines here about hyper V are available. If you see features like VM monitor mode extension and virtualization enabled on firmware, that means that your computer supports CPU visualization feature. The value column shows whether the feature is enabled or not. If not, restart your computer, Enter the bias search for the CPU virtualization feature and enable it. Now let's create the VMware virtual machine. I will install the operating system later, option selected, and click next. I keep the guest operating system as Microsoft Windows. The version is a Windows Server 2022. Click next, I give a name to my VM. I will add center at the end. Click Net for the disk size. I will type 50 gigabytes. I click next on the summary page. I check if everything is fine and click Finish to create the VM perfect. The VM is now created. Before I launch it, I need to edit some settings to attach the O disk containing the Windows Server data center image and upgrade the memory size. I select CD, DVD, click Use Image, then click on Browser to attach the image file. Okay, I forgot to upgrade the memory size. Let's do it. I need at least 4 gigabytes to easily run both the window server data center and the VM I will create later on that server. Okay, now we are ready to go. Here you select your language, time zone, and keyboard input method. For me, it will be French. I click Start now to start the installation. Here I select Windows Server Data Center Desktop Experience, And click next. I accept the license agreement and click next for the installation type. I select Custom. I select the disc on which I will install the new OS. Click next, the installation begins. All right, here I need to enter the administrator password. Let's open a session. The next step is to install the VMware, additional tools to benefit from a better desktop resolution. Open the Player menu, then manage and click on Install VMware Tools. Okay, I finish. To close the set up, I must restart the system so that the installer tools will be available. Let's try to resize the VM desktop perfect. The Server Manager is starting. When you install the Window server data center. The Hypervisor is not automatically available, you must enable it. To do that, open the managed menu and click Add Roles and Features. Click Next. Next in the roles list, select Hypervi, then click on the Add Features button. We get an error message. It says that the validation process found a problem. It seems that the processor doesn't have the required virtualization capabilities. I get this error because I missed a step when configuring my VM settings. Let's fix that. Right now, I need to edit the VM settings. I select processors, you can see that the virtualization options are not enabled. I must enable them to install the hyper V role, but I can't do it while the VM is running. I must shut the VM down. I select the VM and edit the settings. Select Processor, and check all the virtualization options. Okay, start the VM. Let's do the operation once again. This time it worked. I click next. Here you can select the virtual switch that will be used to interconnect all the VMs you will create. In the Hypervisor, the Windows data center server network interface will play the role of the virtual switch. I click next. I'm not going to migrate in VM right now. I will keep the default path locations for the VM files. I click and wait until the road is installed. Perfect, the installation has finished. I can close the wizard. You can now see the Hypervisor menu added to the server manager. But the Hypervisor is not available yet until we restart the server to complete the installation process. Let's restart the server. I opened the tool menu, now you can see that Hypervi Manager is available. Here it is. The Hypervisor is now up and running. We can create virtual machines. This is what we will do in the following lessons. 35. Preparing Windows Datacenter Server For First Use: Before starting to create and managing virtual machines on the data center server. First, we need to prepare this server by changing the server's name and joining the server to our domain. To successfully join this server to the domain, we need to change the IP address and ensure that the DNS server points to the domain controller that hosts the DNS server roles. Without indicating the correct DNS server, we will not be able to join this server to the domain. Also ensure that the domain controller is up and running. Okay, back to the data center server. I write a click on the network icon on the taskbar and click on Open Networks and Internet settings. Click on Change Adapter Options. All right, here you can see two network interfaces. The Internet zero, which is the physical network adapter of the data center server. I'm abusing the term physical here because we are running this server on a VMware virtual machine. But if the server was a physical server, this would be the physical network interface. Just here there is the V Internet interface. This virtual interface was created over the Internet zero interface. When we have enabled the hyper V role, this virtual interface will allow the communication between the VM's we will create on that server. And also allow those VMs to communicate with the host and external networks. If we need to change the IP address of the host, we need to do it through this virtual interface and not through the physical interface. If I display the status of this interface, you can see that there is nothing configured here. On the other hand, if we do the same on the virtual interface, you can see the IP configuration of that interface. Okay, What I will do now is to click on Properties, select IPV four properties, and I will assign a static IP address to this server in the DNS zone, I type the IP address of the domain controller. Okay, close this. Now let's change the computer name. I will enter, for example, center V01. I enter the domain name Corp Intec.com Okay, I'm prompted to enter the domain administrator credentials, which I will do. The server has been joined to the domain. Okay. Looks like we have an error. It seems that it didn't like when we changed the DNS server. Anyway, I will restart the server and see if the server has been successfully joined to the domain, or if the error persists. I will deal with it. Let's check if our server has been successfully joined to the domain. Click on Settings click System About. It seems that everything is fine and the server is now part of the domain. Can double check that on the domain controller. Okay, let's open the active directory administrative center. Click on Computers Heritage. Our server has been successfully added to the domain. In the following lessons, we will see how to create, configure, and manage virtual machines with hy perv. 36. Create a New VM in Windows Hyper-V Manager: After successfully installing the hypervisor, it's time for us to create our first virtual machine. In this lesson, we will create and configure a VM that will be used to install our second domain controller. First, we need to open the Hypervmnager. I write a click on the server that hosts this role and click HyperVmnager. On the left panel, we have the Hyper V Manager node and the name of the server holding the Hypervisor role. To create a new virtual machine, we can write, click on the host's name, click New, then click virtual machine. You can also do the same action from the actions panel by clicking on the new menu and selecting the virtual machine, the new virtual machine with displays. I have to follow the steps on the first page, I click next. On this page, we choose the virtual machine name. As we are going to create a virtual machine for our second domain controller, I will choose a name like SRV DC 02. You can choose to change the path where the virtual machine will be located. I will keep the default path and click next. Here you must choose the Virtual Machine. Generation. Generation one is the older generation that supports 32 bit and 64 bit guest operating systems. Generation two is the newer virtual machine generation that provides support for newer virtualization features such as UFI based firmware. And it requires a 64 bit guest operating system, which is the architecture of the newer Windows operating systems. Nowadays, I select generation two and click Next. Here you need to enter the start up memory size. The start up memory is the memory allocated by the Hypervisor to allow the guest operating system to start. You can specify a minimum from 32 gigabytes through terabytes as stated, to improve performance, specify more than the minimum amount recommended for the operating system. 1 gigabyte As start up memory is enough for the Windows Server Coredion, you can choose to use dynamic memory for this virtual machine. This will allow the Hypervisor to allocate the adequate memory size needed by the virtual machine. For example, if you choose 2 gigabytes for your virtual machine and the virtual machine is idle and only uses 1 gigabyte, the extra memory can be allocated to other virtual machines. It's a useful feature when there are many VMs and not enough memory space in the host server. However, some applications may not work well with dynamic memory. An example of that is database applications. If you plan to use your VM to host database application like Microsoft QL server, then it's better to choose a static memory size. Instead, I click next. Here, choose the network adapter for connecting the VM to the network. I choose the virtual switch I created earlier when enabling the hyper vial, I click Next on this page, we create the VM's disc. By default the disc name is the same as the virtual machine name with the VHD extension. Here is the location where the disk will be stored. Here we specify the disk size. You can choose up to 64 terabytes if available on the host server. For our core server, we just need 30 gigabytes. You can also choose to use an existing virtual disk. If you already have one, you can attach it to this virtual machine. Or you can choose to attach a virtual hard disk later. Okay, I click next. Here you must choose whether you want to install an operating system later, or you can select a disk image and attach it to the virtual machine. I will install the operating system later. I click next, the summary page. Check the virtual machine configuration. If everything is fine, click Finish to create the virtual machine. Perfect. The virtual machine is now created and its state is off. Before starting the virtual machine, we have to fine tune some settings. Under the hardware section, you have the different hardware settings of the virtual machine, such as the firmware and the secure boot, which is enabled on this via the memory size. As you can see here, we have the start up memory size of 1 gigabyte. As we enabled the dynamic memory, the minimum Ram the VM can use is 512 megabytes. And the maximum Ram the VM can use is 1 terabyte. As the host server only has 4 gigabytes of available Ram, I will choose 2 gigabytes as the maximum for my virtual machine. I click Apply. To confirm these settings, you can choose the number of CPU's the VM can use. I will keep one CPU. Here we have the disc we created in the wizard. What we need is to add a DVD drive to this VM so that we can attach the Zo image containing the operating system we will install on this VM. I click on Caz controller, select DVD drive, and then click A. Now I can attach the Zoimage, select the image file, and then click on Browse Search for the Zo image. I think it's not on this server. I need to copy it first. Here it is. I click Apply to save the settings. The DVD drive has been added and you can see the O image file name attached to it. Here is the VM network adapter which is connected to the virtual switch. You can enable virtual land or van if you use them on your network. Over here under the management section, you have other settings we are not going to detail. In this lesson, I click okay to close this window. In the next lesson, we will start our VM and install the Window Server Core Edition. 37. Installing Windows Server on Hyper-V VM: After creating the VM in the Hyper V manager, it's time to install Windows server on this VM. I want you to install the Windows Server standard Co edition. As an exercise, after you do that, we will prepare this VM to be the second domain controller for our domain, we will change the server's name, the IP address, and the DNS servers. We will make the first domain controller, which also holds the DNS server role as the preferred DNS server to allow our new server to resolve the domain name, Coorpotzintec.com The alternate DNS server will be the new server itself. As the server will be a domain controller, it will also hold a DNS server role. It's best practice for a DNS server to use itself and another DNS server for resolving DNS queries might encounter a brief delay when starting the VM. Due to the boot order settings, the VM might first attempt to boot from the network displaying the message start XE over IPV four. We will need to modify the boot order to prioritize booting from the DVD. To resolve this, first I must stop the VM. Next, I open the VM settings, click on firmware. Here is the boot order. The VM attempts to boot from the network adapter, then from the disc, and finally from the DVD drive. To speed up the boot process, I will move the DVD drive to the first position. I confirm that. Let's start the VM again. Perfect, I get the message for pressing any key to start from the DVD. Okay, I wasn't fast enough. Let's do it again. Perfect. Now it's booting from the DVD. If you get a message stating that no image is available on the DVD drive, ensure you have attached the O image file to the DVD drive. If not, go to the VM settings and attach it. Now I want you to complete the Windows Server standard coydition deployment. When done, we will prepare it and promote it as a domain controller. After finishing installing the operating system, start the VM and open a session. First we will change the server's IP address and make it static. We will then enter the DNS server IPs, so this server can resolve the Corp.syntec.com After that, we will change the computer's name. Once these configurations are in place, execute a series of power share commands to promote the server to the domain controller role. This ensures that our Windows server is seamlessly integrated into the network infrastructure and reinforces the reliability of our domain by having redundant domain controllers. Let's begin with the network interface type eight to enter the network settings menu type one to select the network interface. As you can see, the DHCP is enabled and the DHCP server dynamically assigns the IP address. Let's change that to a static IP address. I type S for static IP address, I enter the following IP address for that server. Okay, I will keep the same network mask. I will also keep the default gateway. Okay, now let's enter the DNS server IP's. I type two to set DNS servers for the preferred DNS server IP, I enter the IP of the domain controller, which is also the DNS server for the Corpzintec.com domain. For the alternate DNS server, I enter the IP address of this server. This is a Microsoft best practice to indicate two DNS servers for reliability and redundancy. Okay, now let's change the computer's name. I type SV DC 02. Perfect. I need to restart the computer so that the new name takes effect before promoting the server as a domain controller. Ensure the primary domain controller is up and running and you can Pp.syntec.com domain. To do so I excite to the command line ping the domain name, Syntec.com Perfect, the domain name resolves to its IP address, the domain controller replies as expected. Now we are ready to promote this server. The first power share command will enable the active directory domain services feature. On this server, I type the following command. Install Windows feature Name. Ad domain services include management tools. I get a error message, the roll roll service or feature name is not valid. Ad domain services, IC, I type an extra S at the end of this argument. I will fix that. Okay, the command is now running, perfect. The installation of the feature is a success, and no restart is needed. Now the server is ready to be promoted to the role of a domain controller by issuing the following command. Install DDS domain controller install DNS. The install DNS argument will make this server a DNS server followed by credential. Open parenthesis get credential followed by the domain administrator user closing parenthesis, domain name, Cortech.com I'm prompted to enter the administrator password. Yes, I need to enter the password again once more to complete the operation, the server must restart. I answer yes, The command is currently in progress. Okay, the computer will reboot. I close this message. Perfect. It seems that the server is now part of the Zintec domain. Let's open a domain session. As you can observe, the server is now part of the domain. To check if the server is a domain controller, I will switch to the primary domain controller. The server I will open the active directory administrative center. Click on this, open the domain container. Click on the domain controllers container. Here it is, our secondary domain server. In the type column, you can see that the server is a domain controller. The operation is a success. Good job.