Windows server 2022 administration course

●​ Foundations of Active Directory Domains

●​ Virtualization used by microsoft is Hyper Virtualization.
o​ Before you have an pc for each server
o​ With Hyper V you can have multiple servers in the same computer
o​ The resources are shared. If SQL needs more RAM, it will use
and FTP will use less, and vice versa. They share resources so
they can allocate hardware resources as needed.
●​ Foundation Microsoft cloud services
o​ As a service, provides companies services so they don’t need to
worry about infrastructure.
▪​ Virtual machines, virtual storage, virtual network, virtual
firewalls, loadbalances, apps, databases
▪​ Azure is Microsoft official inner infrastructure as a service
(IAAS)
●​ Basically you pay monthly what you use
▪​ Microsoft 365 is (PAAS)
●​ Both are connected. Microsoft 365 depends on
azure

●​ POWER SHELL FOUNDATIONS SERVER 2022

o​ Verb-noun system
▪​ Get (get some information), set (modify something), add
(add some user for example), move, copy, so on…
▪​ After a “-“ comes the noun: get-service (use tab after writing
get-s for example to get options, to roll back shift tab)
●​ Get-service: shows services running
●​ Stop-service “parameter”
●​ Start-service “parameter”
●​ Get-help
●​ Get-process
●​ Get-eventlog
●​ Erase
 ▪​ Parameter is a required piece of information that power
shell needs to do its job
▪​ Pipe (|) is used to transfer the object with a new command,
ie:
●​ Get-evenlog -logname system newest 5 | format-list |
out-file c:\\log.txt

●​ SEARCHING FOR COMMANDS IN POWER SHELL

o​ Get-command: shows all commands available
o​ Get-command -verb
o​ Get-command -noun net: nothing will occur
▪​ Use the wildcard * to search
●​ Get-command -noun *net: get commands that ends
with net
●​ get-command -noun net*: get commands that starts
with net
●​ get-command -noun *net*: get commands that have
net
▪​ CAN USE WILD CARD WITH VERB TOO
●​ IMPORT MODULES
o​ To check the modules use get-modules
o​ To import new modules (like AD):
▪​ Import-module -name activedirectory

USERS AND OUS (Organization Units)

●​ Users and logins
●​ Ous: containerise things, separate these objects from objects, ease to
navigate
o​ NY users, Dallas users, Birmingham users
o​ NY OU, Dallas OU, Birmingham OU (each OU can ha other Ous)
o​ Many companies divide the Ou system in a department section
 ●​ A user account can only be part of one OU, as its parent.
●​ Ous can use to handle group polices objects (GPO).
o​ GPO deploy settings and features like enable things, or disable
things accordingly to users, permitted accesses out to our objects.
Can be applied at a parent or a child OU.
●​ An object can only be part of a single OU
●​ The users can be given rights to other places
●​ OU is a container. If delete New York, delete child objects.

WORKING WITH ADDS GROUPS

●​ There are two types of groups:
o​ Distribution: email list
o​ Securitty: Permissions and email (most used
●​ Group scope:
o​ Global

▪​ Rule of thumb: Group users together, like departments,

management level, security clearance, etc

▪​ Global groups can only have the users on the domain it was
created, but they can have rights from another domain. If you
 delete the group, you don’t delete the users of the group attached
to that function.
o​ Domain Local:

▪​ You can create a domain local group to link all the global groups
to be given permission to an ACL in a firewall i.e..

▪​ If need a separate permission, you can create a new domain local

to “read and execute” for example.​

▪​ A – G – DL – P: accounts go to global groups, global groups go

to domain local groups, and domain local groups and domain
local groups get permissions to resources.
o​ Universal: That’s when working in large, big groups

▪​ Create a universal group and link each of the groups inside the
universal group. You now have a single group that represents all
the salespeople (for ie.) in the entire company. The universal
group will replicate in every domain.

▪​ You will have a replica of this group in every domain in your

forest.
●​ In the folder, go to security, change permissions, click advanced, find now, you
will see groups that don’t show in active directory. For example, interactive
groups are groups that are connected locally to the active directory. Network
group is a group that is connected through network in active directory. Basically,
denying interactive only permits access via network, and denying network only
permits access via local.

UNIVERSAL GROUP MEMBERSHIP

CACHING(UGMC)
●​ Enabled per site
●​ By default, every 8 hours the domain controller will cache the list (ugmc)
●​ Solve the problem of authentication time taking too long without having to
duplicate the global catalog (if it is in a remote server, not in the same
DC)
●​ In a perfect world you must have a global catalog in every site, however
if replication load is a concern, you could use universal group
membership caching
USERS, ORGANIZATIONAL UNITS, AND GROUP
MANAGED WITH POWER SHELL
REMEMBER MICROSOFT HAVE A DOCUMENTATION FOR EVERY
COMMAND

●​ CREATE a organization unit

o​ Get-command -noun *org*
o​ New-ADOrganizationalUnit -name “Research” -Path
“DC=examlabpractice,DC=com”
●​ CREATE a user
o​ Get-ADUser -Filter
o​ New-ADuser -name “Bill Jhonson” -Givenname “Bill” -Surname
“Jhonson” -SamAccountname “BillJohnson” -userPrincipalName
[email protected] -Path
“OU=Research,DC=examlabpractice,DC=com”
-accountPassword(Read-host -AsSecureString “Input
Password:”) -enabled $true
●​ CREATE a group
o​ New-ADGroup -name “ResearchAndDev” -SanAccountname
“ResearchAndDev” -groupCategory Security -GroupScope Global
-Displayname “Research and Development” -Path
“OU=Research,DC=examlabpractice,DC=com” -Description “This
is the R&D group”
o​ CHALLENGE: ADD A MEMBER TO THE GROUP (BILL)

GROUP MANAGER SERVICE ACCOUNT

●​ Powershell
○​ add-KdsRootKey -EffectiveTime ((Get-Date).AddHours(-10))
○​ new-ADServiceAccount -Name TestGMSA -DNSHostName
testgmsa.examlabpractice.com
-PrincipalsAllowedToDelegateToAccount “Domain computers”
DNS CONCEPTS WITHIN SERVER 2022 AD
●​ DNS = naming service we utilize for associating names and words with
IP addresses
●​ Stub zone: you replicate the data base, from one domain to another
domain
○​ The stub only replicates information about what his address is all
the time.
■​ If his address changes, his IP changes, he will let the stub
know.
■​ A stub is a partial database of that other database. If you
have multiple domains it allows one domain to find the
other domain's information.