MCP Designing and Implementing a Server Infrastructure (70-413) – another study guide
This blog post is a study guide to help you to prepare Microsoft MCP 70-413 : Designing and Implementing a Server Infrastructure
Now to prepare seriously this certification, here is a lot of content to read and understand !! Like every other Microsoft Certification, a technical background and experience on Microsoft Infrastructure (Windows Server 2003 –> 2012) is better to have.
Designing and Implementing a Server Infrastructure
https://www.microsoft.com/learning/en-us/exam-70-413.aspx
https://borntolearn.mslearn.net/certification/server/w/wiki/496.413-designing-and-implementing-a-server-infrastructure.aspx#fbid=AMleaZ90gRg
Exam prep: 70-413 and 70-414 - MCSE: Server Infrastructure
https://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/EXM05#fbid=WSaaPBvXrM5
****************************************
Plan and deploy a server infrastructure (20–25%)
****************************************
- Design an automated server installation strategy -
-> Design considerations including images and bare metal/virtual deployment; design a server implementation using Windows Assessment and Deployment Kit (ADK); design a virtual server deployment
Windows Deployment with the Windows ADK
https://technet.microsoft.com/library/hh824947.aspx
User State Migration Tool (USMT) Technical Reference : https://technet.microsoft.com/en-us/library/hh825256.aspx
Use the User State Migration Tool (USMT) to migrate user or application data from another version of Windows, to make the user data available on the destination computer
USMT 5.0 includes three command-line tools:
- ScanState.exe version 6.2
- LoadState.exe version 6.2
- UsmtUtils.exe version 6.2
USMT 5.0 also includes a set of three modifiable .xml files:
- MigApp.xml
- MigDocs.xml
- MigUser.xml
- Plan and implement a server deployment infrastructure -
-> Configure multicast deployment; configure multi-site topology and distribution points; configure a multi-server topology; configure autonomous and replica Windows Deployment Services (WDS) servers
Windows Deployment Services Overview : https://technet.microsoft.com/library/hh831764
AD DS is not required if the WDS server is configured in Standalone mode
To initialize the WDS server in Standalone mode, you need not be a member of the Domain Users group.
The Windows Deployment Services server service is not cluster-aware. However, you can run multiple WDS servers in a network to provide fault-tolerance and load balancing
You cannot use Windows Deployment Services with the Server Core installation option
WDSUTIL is a command-line utility used for managing your Windows Deployment Services server. To run these commands, click Start, right-click Command Prompt, and click Run as administrator
T1 Line -> 1.544 Mbit/s T3 line -> 44.736 Mbit/s
What's New for Windows Deployment Services for Windows Server https://technet.microsoft.com/en-US/library/hh974416
WDSclient.exe is a new standalone client that can perform Dynamic Driver Provisioning (DDP) queries, direct VHD application, and metadata queries
There are two types of multicast transmissions :
- Auto-Cast. This option indicates that as soon as an applicable client requests an install image, a multicast transmission of the selected image begins. Then, as other clients request the same image, they too are joined to the transmission that is already started.
- Scheduled-Cast. This option sets the start criteria for the transmission based on the number of clients that are requesting an image and/or a specific day and time. If you do not select either of these check boxes, the transmission will not start until you manually start
- Plan and implement server upgrade and migration -
-> Plan for role migration; migrate server roles; migrate servers across domains and forests; design a server consolidation strategy; plan for capacity and resource optimization
Install, Use, and Remove Windows Server Migration Tools
Administrators can use Windows Server Migration Tools to migrate server roles, features, operating system settings, and other data and shares to computers that are running Windows Server 2012 R2 Preview or Windows Server 2012
smigdeploy.exe
Powershell.exe -PSConsoleFile ServerMigration.psc1
Role you can migrate using the Windows Server Migration tools includes
- Hyper-V
- Network Policy Server
- Remote Access
- Print & documents services
- WSUS
- ADFS
Windows Server Migration Tools Cmdlets in Windows PowerShell
https://technet.microsoft.com/en-us/library/ee662315.aspx
Import-SmigServerSetting : Imports selected Windows features and operating system settings from a migration store identified in the Path parameter, and applies them to the local computer
https://technet.microsoft.com/en-us/library/ee662318.aspx
Export-SmigServerSetting : Exports selected Windows features and operating system settings from the local computer, and stores them in a migration store
https://technet.microsoft.com/en-us/library/ee662317.aspx
Receive-SmigServerData : Allows a destination server to receive shares, folders, files, and associated permissions and share properties that are migrated from a source server.
Send-SmigServerData : Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000.
- Plan and deploy Virtual Machine Manager services -
-> Design Virtual Machine Manager service templates; define operating system profiles; configure hardware and capability profiles; manage services; configure image and template libraries; manage logical networks
Glossary for System Center 2012 - Virtual Machine Manager
https://technet.microsoft.com/en-us/library/hh369961.aspx
Know the component associated with templates for hardware profiles and guest OS profiles
How to Discover Physical Computers and Deploy as Hyper-V Hosts in VMM
https://technet.microsoft.com/en-us/library/gg610577.aspx
How to Create a Host Profile in VMM
https://technet.microsoft.com/en-us/library/gg610653.aspx
About Hardware Profiles
https://technet.microsoft.com/en-us/library/bb740879.aspx
Capability Profiles in SCVMM 2012
https://social.technet.microsoft.com/wiki/contents/articles/4149.capability-profiles-in-scvmm-2012.aspx
- Plan and implement file and storage services -
-> Planning considerations include iSCSI SANs, Fibre Channel SANs, Virtual Fibre Channel, storage spaces, storage pools, and data de-duplication; configure the iSCSI Target server; configure the Internet Storage Name server (iSNS); configure Network File System (NFS); install Device Specific Modules (DSMs)
know how to configure iscsi target
iSCSI Target Block Storage, How To
https://technet.microsoft.com/library/hh848268.aspx
iSNS Server Overview
https://technet.microsoft.com/library/cc772568.aspx
Deduplication is used on NTFS volumes, but can't be used on boot/system volumes or CSV
ddpeval.exe tool
Configuring an iSCSI Target (few text in French but all screenshot in the step by step are US) https://blogs.technet.com/b/stanislas/archive/2013/01/03/monter-son-nas-san-personnel-sous-windows-server-2012-partie-5-la-cible-iscsi.aspx
****************************************************
Design and implement network infrastructure services (20–25%)
****************************************************
- Design and maintain a Dynamic Host Configuration Protocol (DHCP) solution -
-> Design considerations including a highly available DHCP solution including split scope, DHCP failover, and DHCP failover clustering, DHCP interoperability, and DHCPv6; implement DHCP filtering; implement and configure a DHCP management pack; maintain a DHCP database
Compact DHCP database
JETPACK.EXE <database name> <temp database name>
DHCP Policies in Windows Server 2012
https://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-server-administration-using-dhcp-policies-in-windows-server-2012.aspx
DHCP Server Cmdlets in Windows PowerShell
https://technet.microsoft.com/en-us/library/jj590751.aspx
Use the PowerShell DHCP Module to Simplify DHCP Management
https://blogs.technet.com/b/heyscriptingguy/archive/2011/02/14/use-the-powershell-dhcp-module-to-simplify-dhcp-management.aspx
- Design a name resolution solution strategy -
-> Design considerations including secure name resolution, DNSSEC, DNS Socket Pool, cache locking, disjoint namespaces, DNS interoperability, migration to application partitions, IPv6, Single-Label DNS Name Resolution, zone hierarchy, and zone delegation
Delegation
For a DNS server to answer queries about any name, it must have a direct or indirect path to every zone in the namespace. These paths are created by means of delegation. A delegation is a record in a parent zone that lists a name server that is authoritative for the zone in the next level of the hierarchy. Delegations make it possible for servers in one zone to refer clients to servers in other zones
Recursive name resolution is the process by which a DNS server uses the hierarchy of zones and delegations to respond to queries for which it is not authoritative.In some configurations, DNS servers include root hints (that is, a list of names and IP addresses) that enable them to query the DNS root servers. In other configurations, servers forward all queries that they cannot answer to another server. Forwarding and root hints are both methods that DNS servers can use to resolve queries for which they are not authoritative
Dnscmd.exe : A command-line interface for managing DNS servers
https://technet.microsoft.com/en-us/library/cc772069.aspx
Configure the Socket Pool
https://technet.microsoft.com/library/ee649174.aspx
Deploying a GlobalNames Zone
https://technet.microsoft.com/en-us/library/cc731744.aspx
Adding a Cross-Forest GlobalNames Zone
https://technet.microsoft.com/library/cc794961.aspx
DNS Cache Locking : Cache locking provides for enhanced security against cache poisoning attacks
https://technet.microsoft.com/en-us/library/ee683892(v=ws.10).aspx
How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain
https://support.microsoft.com/kb/255248/en-us
Understanding stub zones
https://technet.microsoft.com/en-us/library/cc779197(v=ws.10).aspx
Contrasting stub zones and conditional forwarders
https://technet.microsoft.com/en-us/library/cc780434(v=ws.10).aspx
- Design and manage an IP address management solution -
-> Design considerations including IP address management technologies including IPAM, Group Policy based, manual provisioning, and distributed vs. centralized placement; configure role-based access control; configure IPAM auditing; migrate IPs; manage and monitor multiple DHCP and DNS servers; configure data collection for IPAM
IP Address Management (IPAM) Overview
https://technet.microsoft.com/en-us/library/hh831353.aspx
IPAM Terminology
https://technet.microsoft.com/en-us/library/jj878341.aspx
Invoke-IpamGpoProvisioning
https://technet.microsoft.com/en-us/library/jj553805.aspx
Set-IpamConfiguration
https://technet.microsoft.com/en-us/library/jj590816.aspx
**********************************************
Design and implement network access services (15–20%)
**********************************************
- Design a VPN solution -
-> Design considerations including certificate deployment, firewall configuration, client/site to site, bandwidth, protocol implications, and VPN deployment configurations using Connection Manager Administration Kit (CMAK)
Remote Access (DirectAccess, Routing and Remote Access) Overview
https://technet.microsoft.com/en-us/library/dn636119.aspx
Connection Manager Administration Kit
https://technet.microsoft.com/library/cc752995.aspx
Windows 8 and Server 2012 VPN Compatibility and Interoperability
https://go.microsoft.com/fwlink/?prd=12364&pver=1.0&plcid=0x409&os=27&clcid=0x409&ar=RRAS&sar=VPN
AD CS Migration: Migrating the Certification Authority
https://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx
- Design a DirectAccess solution -
-> Design considerations including topology, migration from Forefront UAG, DirectAccess deployment, and enterprise certificates
Plan to Enable DirectAccess
https://technet.microsoft.com/en-us/library/jj574167.aspx
Add DirectAccess to an Existing Remote Access (VPN) Deployment
https://technet.microsoft.com/en-us/library/jj574220.aspx
French articles, tutoriel and videos about DirectAccess
https://blogs.technet.com/b/stanislas/archive/tags/directaccess/
Configure Force Tunneling for DirectAccess Clients
https://technet.microsoft.com/en-us/library/ee649127(v=WS.10).aspx
- Implement a scalable remote access solution -
-> Configure site-to-site VPN; configure packet filters; implement packet tracing; implement multi-site Remote Access; configure Remote Access clustered with Network Load Balancing (NLB); configure DirectAccess
- Design a network protection solution -
-> Design considerations including Network Access Protection (NAP) enforcement methods for DHCP, IPSec, VPN, and 802.1x, capacity, placement of servers, firewall, Network Policy Server (NPS), and remediation network
RADIUS Client
https://technet.microsoft.com/en-us/library/cc754033.aspx
- Implement a network protection solution -
-> Implement multi-RADIUS deployment; configure NAP enforcement for IPSec and 802.1x; deploy and configure the Endpoint Protection client; create anti-malware and firewall policies; monitor for compliance
Network Policy and Access Services
https://technet.microsoft.com/en-us/network/bb545879.aspx
Network Policy Server
https://technet.microsoft.com/en-us/library/cc732912.aspx
Network Policy and Access Services Overview
https://technet.microsoft.com/en-us/library/hh831683.aspx
Migrate Network Policy Server to Windows Server 2012
https://technet.microsoft.com/en-us/library/hh831652.aspx
**************************************************************
Design and implement an Active Directory infrastructure (logical) (20–25%)
***************************************************************
- Design a forest and domain infrastructure -
-> Design considerations including multi-forest architecture, trusts, functional levels, domain upgrade, domain migration, forest restructure, and hybrid cloud services
Creating Forest Trusts
https://technet.microsoft.com/en-us/library/cc816810(v=ws.10).aspx
Understanding When to Create a Shortcut Trust
https://technet.microsoft.com/library/cc754538
Understanding Domain and Forest Functional Levels
https://technet.microsoft.com/library/cc771294.aspx
Upgrade Domain Controllers to Windows Server 2012
https://technet.microsoft.com/en-us/library/hh994618
Requirements for Active Directory Recycle Bin
https://technet.microsoft.com/en-us/library/dd379484(v=ws.10).aspx
ADMT 3.2 Supported OS and Target Domains
https://support.microsoft.com/kb/2753560
Operations master roles
https://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx
- Implement a forest and domain infrastructure -
-> Configure domain rename; configure Kerberos realm trusts; implement a domain upgrade; implement a domain migration; implement a forest restructure; deploy and manage a test forest including synchronization with production forests
Domain rename : Rendom.exe, repadmin.exe, Gpfixup.exe
use GPFixup after a domain rename
Gpfixup : Fix domain name dependencies in Group Policy Objects and Group Policy links after a domain rename operation
https://technet.microsoft.com/en-us/library/hh852336.aspx
Configure Universal Group Membership Caching in Active Directory
https://technet.microsoft.com/en-us/magazine/ff797984.aspx
- Design a Group Policy strategy -
-> Design considerations including inheritance blocking, enforced policies, loopback processing, security, and WMI filtering, site-linked Group Policy Objects (GPOs), slow-link processing, group strategies, organizational unit (OU) hierarchy, and Advanced Group Policy Management (AGPM)
Dcgpofix : Recreates the default Group Policy Objects (GPOs) for a domain
https://technet.microsoft.com/en-us/library/hh875588.aspx