MCP Designing and Implementing a Server Infrastructure (70-413) – another study guide

This blog post is a study guide to help you to prepare Microsoft MCP 70-413 : Designing and Implementing a Server Infrastructure

Now to prepare seriously this certification, here is a lot of content to read and understand !! Like every other Microsoft Certification, a technical background and experience on Microsoft Infrastructure (Windows Server 2003 –> 2012) is better to have.


Designing and Implementing a Server Infrastructure

Exam prep: 70-413 and 70-414 - MCSE: Server Infrastructure



Plan and deploy a server infrastructure (20–25%)


- Design an automated server installation strategy -
-> Design considerations including images and bare metal/virtual deployment; design a server implementation using Windows Assessment and Deployment Kit (ADK); design a virtual server deployment

Windows Deployment with the Windows ADK

User State Migration Tool (USMT) Technical Reference :
Use the User State Migration Tool (USMT) to migrate user or application data from another version of Windows, to make the user data available on the destination computer
USMT 5.0 includes three command-line tools:
- ScanState.exe version 6.2
- LoadState.exe version 6.2
- UsmtUtils.exe version 6.2
USMT 5.0 also includes a set of three modifiable .xml files:
- MigApp.xml
- MigDocs.xml
- MigUser.xml     

- Plan and implement a server deployment infrastructure -
-> Configure multicast deployment; configure multi-site topology and distribution points; configure a multi-server topology; configure autonomous and replica Windows Deployment Services (WDS) servers

Windows Deployment Services Overview :
AD DS is not required if the WDS server is configured in Standalone mode
To initialize the WDS server in Standalone mode, you need not be a member of the Domain Users group.
The Windows Deployment Services server service is not cluster-aware. However, you can run multiple WDS servers in a network to provide fault-tolerance and load balancing
You cannot use Windows Deployment Services with the Server Core installation option

WDSUTIL is a command-line utility used for managing your Windows Deployment Services server. To run these commands, click Start, right-click Command Prompt, and click Run as administrator

T1 Line -> 1.544 Mbit/s T3 line -> 44.736 Mbit/s

What's New for Windows Deployment Services for Windows Server
WDSclient.exe is a new standalone client that can perform Dynamic Driver Provisioning (DDP) queries, direct VHD application, and metadata queries

There are two types of multicast transmissions :
- Auto-Cast. This option indicates that as soon as an applicable client requests an install image, a multicast transmission of the selected image begins. Then, as other clients request the same image, they too are joined to the transmission that is already started.
- Scheduled-Cast. This option sets the start criteria for the transmission based on the number of clients that are requesting an image and/or a specific day and time. If you do not select either of these check boxes, the transmission will not start until you manually start


- Plan and implement server upgrade and migration -
-> Plan for role migration; migrate server roles; migrate servers across domains and forests; design a server consolidation strategy; plan for capacity and resource optimization

Install, Use, and Remove Windows Server Migration Tools

Administrators can use Windows Server Migration Tools to migrate server roles, features, operating system settings, and other data and shares to computers that are running Windows Server 2012 R2 Preview or Windows Server 2012

Powershell.exe -PSConsoleFile ServerMigration.psc1

Role you can migrate using the Windows Server Migration tools includes
- Hyper-V
- Network Policy Server
- Remote Access
- Print & documents services

Windows Server Migration Tools Cmdlets in Windows PowerShell

Import-SmigServerSetting : Imports selected Windows features and operating system settings from a migration store identified in the Path parameter, and applies them to the local computer

Export-SmigServerSetting : Exports selected Windows features and operating system settings from the local computer, and stores them in a migration store

Receive-SmigServerData : Allows a destination server to receive shares, folders, files, and associated permissions and share properties that are migrated from a source server.

Send-SmigServerData : Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000.


- Plan and deploy Virtual Machine Manager services -
-> Design Virtual Machine Manager service templates; define operating system profiles; configure hardware and capability profiles; manage services; configure image and template libraries; manage logical networks

Glossary for System Center 2012 - Virtual Machine Manager

Know the component associated with templates for hardware profiles and guest OS profiles

How to Discover Physical Computers and Deploy as Hyper-V Hosts in VMM

How to Create a Host Profile in VMM

About Hardware Profiles

Capability Profiles in SCVMM 2012


- Plan and implement file and storage services -
-> Planning considerations include iSCSI SANs, Fibre Channel SANs, Virtual Fibre Channel, storage spaces, storage pools, and data de-duplication; configure the iSCSI Target server; configure the Internet Storage Name server (iSNS); configure Network File System (NFS); install Device Specific Modules (DSMs)

know how to configure iscsi target

iSCSI Target Block Storage, How To

iSNS Server Overview

Deduplication is used on NTFS volumes, but can't be used on boot/system volumes or CSV
ddpeval.exe tool

Configuring an iSCSI Target (few text in French but all screenshot in the step by step are US)


Design and implement network infrastructure services (20–25%)


- Design and maintain a Dynamic Host Configuration Protocol (DHCP) solution -
-> Design considerations including a highly available DHCP solution including split scope, DHCP failover, and DHCP failover clustering, DHCP interoperability, and DHCPv6; implement DHCP filtering; implement and configure a DHCP management pack; maintain a DHCP database

Compact DHCP database
JETPACK.EXE <database name> <temp database name>

DHCP Policies in Windows Server 2012

DHCP Server Cmdlets in Windows PowerShell

Use the PowerShell DHCP Module to Simplify DHCP Management

- Design a name resolution solution strategy -
-> Design considerations including secure name resolution, DNSSEC, DNS Socket Pool, cache locking, disjoint namespaces, DNS interoperability, migration to application partitions, IPv6, Single-Label DNS Name Resolution, zone hierarchy, and zone delegation

For a DNS server to answer queries about any name, it must have a direct or indirect path to every zone in the namespace. These paths are created by means of delegation. A delegation is a record in a parent zone that lists a name server that is authoritative for the zone in the next level of the hierarchy. Delegations make it possible for servers in one zone to refer clients to servers in other zones

Recursive name resolution is the process by which a DNS server uses the hierarchy of zones and delegations to respond to queries for which it is not authoritative.In some configurations, DNS servers include root hints (that is, a list of names and IP addresses) that enable them to query the DNS root servers. In other configurations, servers forward all queries that they cannot answer to another server. Forwarding and root hints are both methods that DNS servers can use to resolve queries for which they are not authoritative

Dnscmd.exe : A command-line interface for managing DNS servers

Configure the Socket Pool

Deploying a GlobalNames Zone

Adding a Cross-Forest GlobalNames Zone

DNS Cache Locking : Cache locking provides for enhanced security against cache poisoning attacks

How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain

Understanding stub zones

Contrasting stub zones and conditional forwarders

- Design and manage an IP address management solution -
-> Design considerations including IP address management technologies including IPAM, Group Policy based, manual provisioning, and distributed vs. centralized placement; configure role-based access control; configure IPAM auditing; migrate IPs; manage and monitor multiple DHCP and DNS servers; configure data collection for IPAM

IP Address Management (IPAM) Overview

IPAM Terminology





Design and implement network access services (15–20%)


- Design a VPN solution -
-> Design considerations including certificate deployment, firewall configuration, client/site to site, bandwidth, protocol implications, and VPN deployment configurations using Connection Manager Administration Kit (CMAK)

Remote Access (DirectAccess, Routing and Remote Access) Overview

Connection Manager Administration Kit

Windows 8 and Server 2012 VPN Compatibility and Interoperability

AD CS Migration: Migrating the Certification Authority     


- Design a DirectAccess solution -
-> Design considerations including topology, migration from Forefront UAG, DirectAccess deployment, and enterprise certificates

Plan to Enable DirectAccess

Add DirectAccess to an Existing Remote Access (VPN) Deployment

French articles, tutoriel and videos about DirectAccess

Configure Force Tunneling for DirectAccess Clients

- Implement a scalable remote access solution -
-> Configure site-to-site VPN; configure packet filters; implement packet tracing; implement multi-site Remote Access; configure Remote Access clustered with Network Load Balancing (NLB); configure DirectAccess

- Design a network protection solution -
-> Design considerations including Network Access Protection (NAP) enforcement methods for DHCP, IPSec, VPN, and 802.1x, capacity, placement of servers, firewall, Network Policy Server (NPS), and remediation network


- Implement a network protection solution -
-> Implement multi-RADIUS deployment; configure NAP enforcement for IPSec and 802.1x; deploy and configure the Endpoint Protection client; create anti-malware and firewall policies; monitor for compliance

Network Policy and Access Services

Network Policy Server

Network Policy and Access Services Overview

Migrate Network Policy Server to Windows Server 2012



Design and implement an Active Directory infrastructure (logical) (20–25%)


- Design a forest and domain infrastructure -
-> Design considerations including multi-forest architecture, trusts, functional levels, domain upgrade, domain migration, forest restructure, and hybrid cloud services

Creating Forest Trusts

Understanding When to Create a Shortcut Trust

Understanding Domain and Forest Functional Levels

Upgrade Domain Controllers to Windows Server 2012

Requirements for Active Directory Recycle Bin

ADMT 3.2 Supported OS and Target Domains

Operations master roles

- Implement a forest and domain infrastructure -
-> Configure domain rename; configure Kerberos realm trusts; implement a domain upgrade; implement a domain migration; implement a forest restructure; deploy and manage a test forest including synchronization with production forests

Domain rename : Rendom.exe, repadmin.exe, Gpfixup.exe
use GPFixup after a domain rename

Gpfixup : Fix domain name dependencies in Group Policy Objects and Group Policy links after a domain rename operation

Configure Universal Group Membership Caching in Active Directory


- Design a Group Policy strategy -
-> Design considerations including inheritance blocking, enforced policies, loopback processing, security, and WMI filtering, site-linked Group Policy Objects (GPOs), slow-link processing, group strategies, organizational unit (OU) hierarchy, and Advanced Group Policy Management (AGPM)

Dcgpofix : Recreates the default Group Policy Objects (GPOs) for a domain