You're reading from Administering Windows Server Hybrid Core Infrastructure AZ-800 Exam Guide Design, implement, and manage Windows Server core infrastructure on-premises and in the cloud

Product type Paperback

Published in Dec 2022

Publisher Packt

ISBN-13 9781803239200

Length 502 pages

Edition 1st Edition

Languages

PowerShell

Tools

Windows Server

Concepts

Design

Author (1):

Steve Miles

View More author details

Table of Contents (22) Chapters

Preface

1. Part 1: Hybrid Identity

2. Chapter 1: Implementing and Managing Active Directory Domain Services FREE CHAPTER

3. Chapter 2: Implementing and Managing Azure Active Directory Domain Services

4. Chapter 3: Managing Users and Computers with Group Policy

5. Chapter 4: Implementing and Managing Hybrid Identities

6. Part 2: Hybrid Networking

7. Chapter 5: Implementing and Managing On-Premises Network Infrastructure

8. Chapter 6: Implementing and Managing Azure Network Infrastructure

9. Part 3: Hybrid Storage

10. Chapter 7: Implementing Windows Server Storage Services

11. Chapter 8: Implementing a Hybrid File Server Infrastructure

12. Part 4: Hybrid Compute

13. Chapter 9: Implementing and Managing Hyper-V on Windows Server

14. Chapter 10: Implementing and Managing Windows Server Containers

15. Chapter 11: Managing Windows Server Azure Virtual Machines

16. Chapter 12: Managing Windows Server in a Hybrid Environment

17. Chapter 13: Managing Windows Servers Using Azure Services

18. Part 5: Exam Prep

19. Chapter 14: Exam Preparation Practice Tests

20. Index

Why subscribe?

21. Other Books You May Enjoy

Managing Active Directory Domain Services

This section will introduce managing AD DS and the tools that are used. We will look at Active Directory Administrative Center, Remote Server Administration Tools, Windows Admin Center, and PowerShell, along with the AD module and other additional management tools.

Active Directory Administrative Center (ADAC) is a PowerShell-based GUI available in Windows Server (not in Windows Server Core).

The following tasks can be carried out with this tool:

Manage multiple domains through a single tool instance
Search the directory for objects
Create and manage directory objects, such as users, groups, computers, and OUs
Manage Dynamic Access Control
Create and manage fine-grained password policies
AD recycle bin operations

This tool replaces the functionality previously provided through the Microsoft Management Console (MMC) snap-in tool known as Active Directory Users and Computers.

Further information about ADAC can be found at https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/adac/active-directory-administrative-center.

Now, let’s look at the management tools that can be used for the Azure AD DS managed domain.

RSAT

RSAT allows you to manage servers remotely via a GUI; a set of AD DS tools is included. This was the primary tool console until the introduction of WAC, which we will look at in the next section.

The consoles for these tools are available on Windows 10/11 and Windows Server. With Windows 10/11, these tools are now included within the OS rather than a separate download, which was added through the Optional features setting.

Further information about RSAT can be found at https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/remote-server-administration-tools.

WAC

This browser-based admin tool can be downloaded and installed locally on Windows 10/11 and Windows Server. It can also be accessed directly via the Azure portal, so no download or local install is required, much like CloudShell has to install PowerShell locally.

For a local install of WAC, you must ensure your network allows the required ports; the default is port 6516 for standalone mode in Windows 10. The gateway mode in Windows Server is TCP 443. Both can be changed.

Further information about WAC can be found at https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/overview.

PowerShell with the AD module

This is an alternative to using a GUI to manage AD DS. You can use PowerShell commands via an AD module that provides a collection of cmdlets.

If you wish to use the module on a local install of PowerShell on a client/desktop OS such as Windows 10/11, then the module is part of RSAT, which you will need to download and install.

Further information about the AD module can be found at https://docs.microsoft.com/en-us/powershell/module/activedirectory/?view=windowsserver2022-ps.

MMC snap-in tools

MMC is a GUI console that contains a collection of tools called snap-ins. The following snap-in tools are available for managing AD DS, most of which are self-explanatory:

Active Directory Users and Computers allows you to carry out everyday tasks to manage objects such as users, groups, and computers; this is replaced by ADAC and provides additional capabilities
Active Directory Sites and Services allows you to create and manage sites, subnets, replication, and associated services
Active Directory Domains and Trusts allow you to create and manage domain and forest trusts
Active Directory Schema snap-in allows you to view and modify the schema

Further information about MMC can be found at https://docs.microsoft.com/en-us/troubleshoot/windows-server/system-management-components/what-is-microsoft-management-console.

This section looked at a variety of AD DS management tools. In the next section, we will look at some of AD DS’s monitoring and troubleshooting tools.

Monitoring and troubleshooting tools

In this section, we will look at some of AD DS’s monitoring and troubleshooting tools.

Performance monitoring tools

Windows Server contains the following built-in native tools for monitoring performance and analyzing service operations:

Performance monitor – Directory Replication Agent (DRA) counters
Resource Monitor
Task Manager
Event Viewer

These tools can help you analyze and identify any overutilization and depletion of these system resources. They will help you find the root cause and the source of any system performance issues caused by a bottleneck. A system can only suffer from one bottleneck at a time; this could lie in the CPU, memory, disk, or networking. You should address each in turn and then move on to the next.

Repadmin

This tool helps you view the service’s health and diagnose replication problems between DCs. It allows you to view the replication topology, manually create a replication topology, and force replication. It is available when the AD DS role is installed on a server and is also included as part of the AD DS tools in the RSAT tools.

Further information and syntax about Repadmin can be found at https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc770963(v=ws.11).

dcdiag

This tool will analyze the state of the health of AD DS DCs. It is available when the AD DS role is installed on a server and is also included as part of the AD DS tools in the RSAT tools.

Further information and syntax about dcdiag can be found at https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc731968(v=ws.11).

netdom

This tool allows you to manage AD DS trusts; it can also join a computer to a domain, manage computer accounts, query for domain information such as which DCs hold the FSMO roles, and more. It is available when the AD DS role is installed on a server and is also included as part of the AD DS tools in the RSAT tools.

Further information and syntax about netdom can be found at https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-r2-and-2012/cc772217(v=ws.11).

In this section, we looked at some of AD DS’s monitoring and troubleshooting tools. In the next section, we will complete a hands-on exercise to reinforce some of the concepts covered in this chapter.