Stanislas Quastana's blog on TechNet

Windows Server, Windows Client, Cloud Computing, DirectAccess, sécurité des Systèmes d Information

MCP Designing and Implementing a Server Infrastructure (70-413) – another study guide

MCP Designing and Implementing a Server Infrastructure (70-413) – another study guide

  • Comments 2
  • Likes

This blog post is a study guide to help you to prepare Microsoft MCP 70-413 : Designing and Implementing a Server Infrastructure

Now to prepare seriously this certification, here is a lot of content to read and understand !! Like every other Microsoft Certification, a technical background and experience on Microsoft Infrastructure (Windows Server 2003 –> 2012) is better to have.

 

Designing and Implementing a Server Infrastructure
http://www.microsoft.com/learning/en-us/exam-70-413.aspx
http://borntolearn.mslearn.net/certification/server/w/wiki/496.413-designing-and-implementing-a-server-
infrastructure.aspx#fbid=AMleaZ90gRg

Exam prep: 70-413 and 70-414 - MCSE: Server Infrastructure
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/EXM05#fbid=WSaaPBvXrM5

  

****************************************

Plan and deploy a server infrastructure (20–25%)

****************************************

- Design an automated server installation strategy -
-> Design considerations including images and bare metal/virtual deployment; design a server implementation using Windows Assessment and Deployment Kit (ADK); design a virtual server deployment

Windows Deployment with the Windows ADK
http://technet.microsoft.com/library/hh824947.aspx

User State Migration Tool (USMT) Technical Reference : http://technet.microsoft.com/en-us/library/hh825256.aspx
Use the User State Migration Tool (USMT) to migrate user or application data from another version of Windows, to make the user data available on the destination computer
USMT 5.0 includes three command-line tools:
- ScanState.exe version 6.2
- LoadState.exe version 6.2
- UsmtUtils.exe version 6.2
USMT 5.0 also includes a set of three modifiable .xml files:
- MigApp.xml
- MigDocs.xml
- MigUser.xml     


- Plan and implement a server deployment infrastructure -
-> Configure multicast deployment; configure multi-site topology and distribution points; configure a multi-server topology; configure autonomous and replica Windows Deployment Services (WDS) servers

Windows Deployment Services Overview : http://technet.microsoft.com/library/hh831764
AD DS is not required if the WDS server is configured in Standalone mode
To initialize the WDS server in Standalone mode, you need not be a member of the Domain Users group.
The Windows Deployment Services server service is not cluster-aware. However, you can run multiple WDS servers in a network to provide fault-tolerance and load balancing
You cannot use Windows Deployment Services with the Server Core installation option

WDSUTIL is a command-line utility used for managing your Windows Deployment Services server. To run these commands, click Start, right-click Command Prompt, and click Run as administrator

T1 Line -> 1.544 Mbit/s       T3 line -> 44.736 Mbit/s

What's New for Windows Deployment Services for Windows Server http://technet.microsoft.com/en-US/library/hh974416
WDSclient.exe is a new standalone client that can perform Dynamic Driver Provisioning (DDP) queries, direct VHD application, and metadata queries

There are two types of multicast transmissions :
- Auto-Cast. This option indicates that as soon as an applicable client requests an install image, a multicast transmission of the selected image begins. Then, as other clients request the same image, they too are joined to the transmission that is already started.
- Scheduled-Cast. This option sets the start criteria for the transmission based on the number of clients that are requesting an image and/or a specific day and time. If you do not select either of these check boxes, the transmission will not start until you manually start

 

- Plan and implement server upgrade and migration -
-> Plan for role migration; migrate server roles; migrate servers across domains and forests; design a server consolidation strategy; plan for capacity and resource optimization

Install, Use, and Remove Windows Server Migration Tools

Administrators can use Windows Server Migration Tools to migrate server roles, features, operating system settings, and other data and shares to computers that are running Windows Server 2012 R2 Preview or Windows Server 2012

smigdeploy.exe
Powershell.exe -PSConsoleFile ServerMigration.psc1

Role you can migrate using the Windows Server Migration tools includes
- Hyper-V
- Network Policy Server
- Remote Access
- Print & documents services
- WSUS
- ADFS

Windows Server Migration Tools Cmdlets in Windows PowerShell
http://technet.microsoft.com/en-us/library/ee662315.aspx

Import-SmigServerSetting : Imports selected Windows features and operating system settings from a migration store identified in the Path parameter, and applies them to the local computer
http://technet.microsoft.com/en-us/library/ee662318.aspx

Export-SmigServerSetting  : Exports selected Windows features and operating system settings from the local computer, and stores them in a migration store
http://technet.microsoft.com/en-us/library/ee662317.aspx

Receive-SmigServerData : Allows a destination server to receive shares, folders, files, and associated permissions and share properties that are migrated from a source server.

Send-SmigServerData : Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000.

 

- Plan and deploy Virtual Machine Manager services -
-> Design Virtual Machine Manager service templates; define operating system profiles; configure hardware and capability profiles; manage services; configure image and template libraries; manage logical networks

Glossary for System Center 2012 - Virtual Machine Manager
http://technet.microsoft.com/en-us/library/hh369961.aspx

Know the component associated with templates for hardware profiles and guest OS profiles

How to Discover Physical Computers and Deploy as Hyper-V Hosts in VMM
http://technet.microsoft.com/en-us/library/gg610577.aspx

How to Create a Host Profile in VMM
http://technet.microsoft.com/en-us/library/gg610653.aspx

About Hardware Profiles
http://technet.microsoft.com/en-us/library/bb740879.aspx

Capability Profiles in SCVMM 2012
http://social.technet.microsoft.com/wiki/contents/articles/4149.capability-profiles-in-scvmm-2012.aspx

 

- Plan and implement file and storage services -
-> Planning considerations include iSCSI SANs, Fibre Channel SANs, Virtual Fibre Channel, storage spaces, storage pools, and data de-duplication; configure the iSCSI Target server; configure the Internet Storage Name server (iSNS); configure Network File System (NFS); install Device Specific Modules (DSMs)

know how to configure iscsi target

iSCSI Target Block Storage, How To
http://technet.microsoft.com/library/hh848268.aspx

iSNS Server Overview
http://technet.microsoft.com/library/cc772568.aspx

Deduplication is used on NTFS volumes, but can't be used on boot/system volumes or CSV
ddpeval.exe tool

Configuring an iSCSI Target (few text in French but all screenshot in the step by step are US) http://blogs.technet.com/b/stanislas/archive/2013/01/03/monter-son-nas-san-personnel-sous-windows-server-2012-partie-5-la-cible-iscsi.aspx

****************************************************

Design and implement network infrastructure services (20–25%)

****************************************************

- Design and maintain a Dynamic Host Configuration Protocol (DHCP) solution -
-> Design considerations including a highly available DHCP solution including split scope, DHCP failover, and DHCP failover clustering, DHCP interoperability, and DHCPv6; implement DHCP filtering; implement and configure a DHCP management pack; maintain a DHCP database

Compact DHCP database
JETPACK.EXE <database name> <temp database name>

DHCP Policies in Windows Server 2012
http://blogs.technet.com/b/teamdhcp/archive/2012/08/22/granular-dhcp-server-administration-using-dhcp-policies-in-windows-server-2012.aspx

DHCP Server Cmdlets in Windows PowerShell
http://technet.microsoft.com/en-us/library/jj590751.aspx

Use the PowerShell DHCP Module to Simplify DHCP Management
http://blogs.technet.com/b/heyscriptingguy/archive/2011/02/14/use-the-powershell-dhcp-module-to-simplify-dhcp-management.aspx

- Design a name resolution solution strategy -
-> Design considerations including secure name resolution, DNSSEC, DNS Socket Pool, cache locking, disjoint namespaces, DNS interoperability, migration to application partitions, IPv6, Single-Label DNS Name Resolution, zone hierarchy, and zone delegation

Delegation
For a DNS server to answer queries about any name, it must have a direct or indirect path to every zone in the namespace. These paths are created by means of delegation. A delegation is a record in a parent zone that lists a name server that is authoritative for the zone in the next level of the hierarchy. Delegations make it possible for servers in one zone to refer clients to servers in other zones

Recursive name resolution is the process by which a DNS server uses the hierarchy of zones and delegations to respond to queries for which it is not authoritative.In some configurations, DNS servers include root hints (that is, a list of names and IP addresses) that enable them to query the DNS root servers. In other configurations, servers forward all queries that they cannot answer to another server. Forwarding and root hints are both methods that DNS servers can use to resolve queries for which they are not authoritative

Dnscmd.exe : A command-line interface for managing DNS servers
http://technet.microsoft.com/en-us/library/cc772069.aspx

Configure the Socket Pool
http://technet.microsoft.com/library/ee649174.aspx

Deploying a GlobalNames Zone
http://technet.microsoft.com/en-us/library/cc731744.aspx

Adding a Cross-Forest GlobalNames Zone
http://technet.microsoft.com/library/cc794961.aspx

DNS Cache Locking : Cache locking provides for enhanced security against cache poisoning attacks
http://technet.microsoft.com/en-us/library/ee683892(v=ws.10).aspx

How To Create a Child Domain in Active Directory and Delegate the DNS Namespace to the Child Domain
http://support.microsoft.com/kb/255248/en-us

Understanding stub zones
http://technet.microsoft.com/en-us/library/cc779197(v=ws.10).aspx

Contrasting stub zones and conditional forwarders
http://technet.microsoft.com/en-us/library/cc780434(v=ws.10).aspx


- Design and manage an IP address management solution -
-> Design considerations including IP address management technologies including IPAM, Group Policy based, manual provisioning, and distributed vs. centralized placement; configure role-based access control; configure IPAM auditing; migrate IPs; manage and monitor multiple DHCP and DNS servers; configure data collection for IPAM

IP Address Management (IPAM) Overview
http://technet.microsoft.com/en-us/library/hh831353.aspx

IPAM Terminology
http://technet.microsoft.com/en-us/library/jj878341.aspx

Invoke-IpamGpoProvisioning
http://technet.microsoft.com/en-us/library/jj553805.aspx

Set-IpamConfiguration
http://technet.microsoft.com/en-us/library/jj590816.aspx

 

**********************************************

Design and implement network access services (15–20%)

**********************************************

- Design a VPN solution -
-> Design considerations including certificate deployment, firewall configuration, client/site to site, bandwidth, protocol implications, and VPN deployment configurations using Connection Manager Administration Kit (CMAK)

Remote Access (DirectAccess, Routing and Remote Access) Overview
http://technet.microsoft.com/en-us/library/hh831416.aspx

Connection Manager Administration Kit
http://technet.microsoft.com/library/cc752995.aspx

Windows 8 and Server 2012 VPN Compatibility and Interoperability
http://go.microsoft.com/fwlink/?prd=12364&pver=1.0&plcid=0x409&os=27&clcid=0x409&ar=RRAS&sar=VPN

AD CS Migration: Migrating the Certification Authority
http://technet.microsoft.com/en-us/library/ee126140(v=ws.10).aspx     

 

- Design a DirectAccess solution -
-> Design considerations including topology, migration from Forefront UAG, DirectAccess deployment, and enterprise certificates

Plan to Enable DirectAccess
http://technet.microsoft.com/en-us/library/jj574167.aspx

Add DirectAccess to an Existing Remote Access (VPN) Deployment
http://technet.microsoft.com/en-us/library/jj574220.aspx

French articles, tutoriel and videos about DirectAccess
http://blogs.technet.com/b/stanislas/archive/tags/directaccess/

Configure Force Tunneling for DirectAccess Clients
http://technet.microsoft.com/en-us/library/ee649127(v=WS.10).aspx

- Implement a scalable remote access solution -
-> Configure site-to-site VPN; configure packet filters; implement packet tracing; implement multi-site Remote Access; configure Remote Access clustered with Network Load Balancing (NLB); configure DirectAccess

- Design a network protection solution -
-> Design considerations including Network Access Protection (NAP) enforcement methods for DHCP, IPSec, VPN, and 802.1x, capacity, placement of servers, firewall, Network Policy Server (NPS), and remediation network

RADIUS Client
http://technet.microsoft.com/en-us/library/cc754033.aspx

- Implement a network protection solution -
-> Implement multi-RADIUS deployment; configure NAP enforcement for IPSec and 802.1x; deploy and configure the Endpoint Protection client; create anti-malware and firewall policies; monitor for compliance

Network Policy and Access Services
http://technet.microsoft.com/en-us/network/bb545879.aspx

Network Policy Server
http://technet.microsoft.com/en-us/library/cc732912.aspx

Network Policy and Access Services Overview
http://technet.microsoft.com/en-us/library/hh831683.aspx

Migrate Network Policy Server to Windows Server 2012
http://technet.microsoft.com/en-us/library/hh831652.aspx

 

**************************************************************

Design and implement an Active Directory infrastructure (logical) (20–25%)

***************************************************************

- Design a forest and domain infrastructure -
-> Design considerations including multi-forest architecture, trusts, functional levels, domain upgrade, domain migration, forest restructure, and hybrid cloud services

Creating Forest Trusts
http://technet.microsoft.com/en-us/library/cc816810(v=ws.10).aspx

Understanding When to Create a Shortcut Trust
http://technet.microsoft.com/library/cc754538

Understanding Domain and Forest Functional Levels
http://technet.microsoft.com/library/cc771294.aspx

Upgrade Domain Controllers to Windows Server 2012
http://technet.microsoft.com/en-us/library/hh994618

Requirements for Active Directory Recycle Bin
http://technet.microsoft.com/en-us/library/dd379484(v=ws.10).aspx

ADMT 3.2 Supported OS and Target Domains
http://support.microsoft.com/kb/2753560

Operations master roles
http://technet.microsoft.com/en-us/library/cc773108(v=ws.10).aspx

- Implement a forest and domain infrastructure -
-> Configure domain rename; configure Kerberos realm trusts; implement a domain upgrade; implement a domain migration; implement a forest restructure; deploy and manage a test forest including synchronization with production forests

Domain rename : Rendom.exe, repadmin.exe, Gpfixup.exe
use GPFixup after a domain rename

Gpfixup : Fix domain name dependencies in Group Policy Objects and Group Policy links after a domain rename operation
http://technet.microsoft.com/en-us/library/hh852336.aspx

Configure Universal Group Membership Caching in Active Directory
http://technet.microsoft.com/en-us/magazine/ff797984.aspx

 

- Design a Group Policy strategy -
-> Design considerations including inheritance blocking, enforced policies, loopback processing, security, and WMI filtering, site-linked Group Policy Objects (GPOs), slow-link processing, group strategies, organizational unit (OU) hierarchy, and Advanced Group Policy Management (AGPM)

Dcgpofix : Recreates the default Group Policy Objects (GPOs) for a domain
http://technet.microsoft.com/en-us/library/hh875588.aspx

MDOP Advanced Group Policy Management :
http://technet.microsoft.com/en-us/library/cc749396(v=ws.10).aspx

repadmin /showrepl
dcdiag /test:replications


- Design an Active Directory permission model -
-> Design considerations including Active Directory object security and Active Directory quotas; customize tasks to delegate in Delegate of Control Wizard; deploy administrative tools on the client computer; delegate permissions on administrative users (AdminSDHolder); configure Kerberos delegation

How to customize the task list in the Delegation Wizard
http://support.microsoft.com/kb/308404/en-us

Five common questions about AdminSdHolder and SDProp
http://blogs.technet.com/b/askds/archive/2009/05/07/five-common-questions-about-adminsdholder-and-sdprop.aspx

Managing inheritance of Group Policy
http://technet.microsoft.com/en-us/library/cc757050(v=ws.10).aspx

Block Inheritance :You can block inheritance for a domain or organizational unit. Blocking inheritance prevents Group Policy objects (GPOs) that are linked to higher sites, domains, or organizational units from being automatically inherited by the child-level
http://technet.microsoft.com/en-us/library/cc731076.aspx

Loopback processing of Group Policy
http://support.microsoft.com/kb/231287/en-us


***************************************************************

Design and implement an Active Directory infrastructure (physical) (20–25%)

***************************************************************

- Design an Active Directory sites topology -
-> Design considerations including proximity of domain controllers, replication optimization, and site link; monitor and resolve Active Directory replication conflicts

Design a domain controller strategy
-> Design considerations including global catalog, operations master roles, Read-Only Domain Controllers (RODCs), partial attribute set, and domain controller cloning

How to clone a virtual Domain Controller
http://blogs.technet.com/b/reference_point/archive/2013/03/07/how-to-clone-a-virtual-domain-controller.aspx

Sync-ADObject
http://technet.microsoft.com/en-us/library/hh852296.aspx

Get-ADDomainController
http://technet.microsoft.com/en-us/library/ee617217.aspx

Design and implement a branch office infrastructure
-> Design considerations including RODC, Universal Group Membership Caching (UGMC), global catalog, DNS, DHCP, and BranchCache; implement confidential attributes; delegate administration; modify filtered attributes set; configure password replication policy; configure hash publication

AD DS Fine-Grained Password and Account Lockout Policy Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc770842(v=ws.10).aspx

Branch Office Direct Printing Overview
http://technet.microsoft.com/en-us/library/jj134156.aspx

Branch Office Direct Printing Technical Details
http://technet.microsoft.com/en-us/library/jj134152.aspx

Prerequisites for Deploying an RODC
http://technet.microsoft.com/en-us/library/cc731243(v=ws.10).aspx

Customize the RODC Filtered Attribute Set
http://technet.microsoft.com/en-us/library/dd735458(v=ws.10).aspx

Password Replication Policy
http://technet.microsoft.com/en-us/library/cc730883(v=ws.10).aspx

How to optimize the location of a domain controller or global catalog that resides outside of a client's site
http://support.microsoft.com/kb/306602/en-us

BranchCache Overview
http://technet.microsoft.com/en-us/library/hh831696.aspx

What's New in BranchCache
http://technet.microsoft.com/en-us/library/jj127252.aspx

 

I encourage you also to download Windows Server 2012, install it and test it as much as you can because there are some questions where you need to have already manipulate User Interface or commands.

You can download eval version of Windows Server 2012 as :

 

- Stanislas Quastana -

Comments
  • Thanks!

  • Thanks you very Much . I will follow your approach

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment