DEBRE MARKOS UNIVERSITY

INSTITUTE OF TECHNOLOGY
SCHOOL OF COMPUTING
INFORMATION TECHNOLOGY ACADEMIC PROGRAM
LAB MANUAL

Program: Undergraduate
Course Code: ITec4112
Year: Four
Course Title: System and Network Administration

Prepared By:
Minalu Chalie (MSc)
Information Technology Academic Program
Table of Contents
Objective of the Manual........................................................................................................................ iii
CHAPTER ONE ..................................................................................................................................... 1
1. Windows workgroup ........................................................................................................................ 1
1.1. Change workgroup in Windows 10 from System Properties ................................................... 1
1.1. Change the workgroup in Windows 10 from Command Prompt............................................. 4
1.2. Change workgroup in Windows 10 from PowerShell ............................................................. 5
CHAPTER TWO .................................................................................................................................... 6
2. Introduction to Windows Server 2016 ............................................................................................. 6
2.1. Installation of Windows server 2016 ....................................................................................... 6
2.2. Working as an Administrator on Windows server 2016 ........................................................ 12
2.2.1. Rebooting the Server .......................................................................................................... 12
2.2.4. Creating a local user account in Windows server 2016...................................................... 14
2.2.5. The Run Prompt and the Command Line ........................................................................... 16
2.2.6. Configuring the Windows Firewall .................................................................................... 17
2.2.7. Adding Roles and Features ................................................................................................. 17
CHAPTER THREE .............................................................................................................................. 21
3. Installation and Configuration of Domain Name System (DNS) .................................................. 21
3.1. Installation of Domain Name System (DNS) Role ................................................................ 21
3.2. Configuration of a DNS Server .............................................................................................. 26
3.3. Nslookup ................................................................................................................................ 35
CHAPTER FOUR ................................................................................................................................. 40
4. Active Directory ............................................................................................................................. 40
4.1. Active Directory Domain (AD Domain) ................................................................................ 40
4.1.1. Microsoft Active Directory Domain Services (AD DS) .................................................... 41
4.1.2. Installation of Active Directory Domain Services role ...................................................... 41
4.1.3. Promote the Server as a Domain Controller ....................................................................... 47
4.2. Active Directory Console ....................................................................................................... 51
CHAPTER FIVE .................................................................................................................................. 52
5. Creating of Users, Computers and Groups Account in Active Directory Domain Services ......... 52
5.1. User Account creation in a Domain controller....................................................................... 52
5.2. Creating steps of users group account .................................................................................... 56
5.3. Adding a Domain user account in to a Domain group account ............................................. 59
Page | i
 5.4. Creating a client machine (Computer) Account in a domain controller ................................ 59
5.5. Joining a Client Machine to a Domain controller server from the client side ....................... 61
5.6. Enabling and Using Fine-Grained Password Policies in Active Directory Domain Services64
CHAPTER SIX ..................................................................................................................................... 68
6. File and Storage Services ............................................................................................................... 68
6.1. Shared folder setup ................................................................................................................. 68
6.2. Disk quota management ......................................................................................................... 78
6.2.1. Creating a quota .................................................................................................................. 80
6.3. File Screening Management ................................................................................................... 82
CHAPTER SEVEN .............................................................................................................................. 88
7. Group policy Management ............................................................................................................. 88
7.1. Configuration of a Group policy ............................................................................................ 88
CHAPTER EIGHT ............................................................................................................................... 95
8. Installation and Configuration of DHCP role ................................................................................ 95
8.1. Steps of the installation of DHCP role ................................................................................... 95
8.2. Configuration of DHCP role after installation ..................................................................... 100
8.2.1. Creating a new IPv4 DHCP scope .................................................................................... 104
CHAPTER NINE ................................................................................................................................ 112
9. Installation and Configuration of a Print Server .......................................................................... 112
9.1. Print and Document Services role installation ..................................................................... 112
CHAPTER TEN.................................................................................................................................. 117
10. Backup ..................................................................................................................................... 117
10.1. Types of Backups ................................................................................................................. 118
10.1.1. Full Backup ................................................................................................................... 118
10.1.2. Incremental Backup ...................................................................................................... 118
10.1.3. Differential Backup ....................................................................................................... 118
10.1.4. Synthetic Full Backup ................................................................................................... 119
10.1.5. Incremental-Forever Backup ........................................................................................ 119
10.2. Installation of Windows server 2016 Backup components .................................................. 119
References ........................................................................................................................................... 129

Page | ii
Objective of the Manual
This laboratory manual is prepared to help and guide Network and System Administration course to
understand the general practical application concepts using Windows Server 2016 operating system.
After successfully completing the learning session using this manual, students are expected to
understand and be able to implement the following topics:
➢ Windows Server 2016 installation and administration
➢ Adding Roles and Features
➢ Domain Name System (DNS)
➢ Active Directory and Active Directory Domain Name Service
➢ Fine-Grained password policies in Active Directory Domain Name Service
➢ Shared folder setup
➢ File server and Disk quota management
➢ Group Policy Management
➢ Audit policy
➢ Dynamic Host Configuration Protocol (DHCP)
➢ Configuration of File transfer protocol (FTP)
➢ Install and configure a print server
➢ Backup and Restore
➢ Removing roles and features from Windows Server 2016

Page | iii
Required Hardware and Software

Hardware and Software required for the practical session are listed in the following tables:

No. Required Hardware Description

1. Computer Used to as a main working area by running the virtual
machine workstation

No Required Software Description

1 Virtual Machine Workstation Used to run Window Server 2016 and
Window 10 operating systems
simultaneously
2 Window Server 2016 Used to working on it’s a Network
Administrator

3 Window Operating System Serves us as a client machine

Page | iv
 CHAPTER ONE
1. Windows Workgroup
In computer networking, a workgroup is a collection of computers on a local area network (LAN)
that share common resources and responsibilities. The term is most commonly associated with
Microsoft Windows workgroups but also applies to other environments. Windows workgroups can be
found in homes, schools, and small businesses.

Workgroups are similar to Homegroups in that they are how Windows organizes resources and
allows access to each on an internal network. Windows 10 creates a Workgroup by default when
installed, but occasionally you may need to change it.

Workgroups are small peer-to-peer local area networks, where each computer has its own set of rules
and settings, managed by the administrator of that device, and a unique computer name in that
workgroup. To easily access another computer from the same network and share resources with it,
both computers must be part of the same workgroup. Since every computer in a workgroup handles
security separately, one option is to have a user account defined on the computer you want to access.
Alternatively, users can set their devices to share resources with everyone in their workgroup.

In contrast, domains are used in big networks, which include servers alongside desktop computers,
laptops, network printers, and many other devices. In network domains, everything is managed and
configured by the network administrator(s). The domain has a standard set of rules and settings that
apply to all network computers and devices. To access a computer from a domain, you don't need a
user account defined on that specific computer. You need a user account created for that domain,
assigned to you by the network administrator. Therefore, you can log to any computer from the
domain, using the same domain user account.

1.1. Change workgroup in Windows 10 from System Properties

To view your existing Windows 10 workgroup, search for "workgroup" in your taskbar's Search field,
and then click or tap on "Show which workgroup this computer is on."

Page | 1
An alternative is to use the "View basic information about your computer" window from the Control
Panel. Where you see the existing workgroup, press on Change settings on the right.

Page | 2
The System Properties window opens, where you see your current Windows 10 workgroup in the
appropriate section of the Computer Name tab. To modify the workgroup you're in, all you have to do
is change the workgroup name. Click or tap on Change.

This opens the "Computer Name/Domain Changes" window. You can see the Workgroup field at the
bottom - in our case, the name is the default WORKGROUP. Type the name of the workgroup you
want to join instead, and click or tap OK.

Page | 3
It might take a few seconds, and a pop-up welcomes you to device requires a restart in order for the
changes to be applied. Press OK again.

1.1. Change the workgroup in Windows 10 from Command Prompt

Some users prefer using a command-line environment to change the Windows 10 workgroup. If
you're one of them, open CMD as administrator and run the following command:

wmic computersystem where name="%computername%" call joindomainorworkgroup

name="Workgroup_Name"

Replace Workgroup_Name with the name of the workgroup you want to join or create, as seen
below.

Page | 4
 1.2. Change workgroup in Windows 10 from PowerShell
If you're a fan of PowerShell, you can use this tool as well to change the Windows 10 workgroup.
First, launch PowerShell as administrator.
Second, enter the following command: Add-Computer -WorkGroupName "Workgroup_Name"

Replace Workgroup_Name with the name of the workgroup you want to join or create, as you can see
in the next image.

Page | 5
 CHAPTER TWO

2. Introduction To Windows Server 2016

Microsoft Windows Server 2016 is Microsoft's server operating system (OS). It was specifically
developed to serve as a platform for running networked applications. Windows Server 2016 was
released for general availability on Oct. 12, 2016, and was developed concurrently with Windows 10.

2.1. Installation of Windows server 2016

In this easy step by step guide, we will learn how to install and activate Windows Server 2016.
Before you start make sure you have the minimum requirements to install Windows Server on the
machine. The basic requirements are: -

Processor: minimum 1.4 GHZ

RAM: minimum 512 MB
Disk Space: 32 GB as a minimum disk space requirement
Other requirements:
DVD drive
Super VGA (800 x 600) or higher-resolution monitor.
Now that we have everything we need, we can start:
Insert the Windows Server 2016 DVD, and once you get the following message press Enter or any
key from your keyboard to boot from the setup.

Wait for a while till the setup loads all necessary files (Depending on your machine, it will take
couple of minutes)

Page | 6
 Once the setup files are loaded, the setup will start with the following screen. You can change
these to meet your needs (the default values should be fine for now)

Now click on Install now button to start the installation process

Page | 7
Select the appropriate version of the windows server that meets your organization’s needs then
click Next. Make sure that you’ve chosen an appropriate edition of Windows server.
➢

➢
Put a check mark in the box next to the I accept license terms and click on the Next button. License
term is about the way you want to buy license for your server from Microsoft.

Page | 8
Select the Custom: Install Windows only (advanced) option for clean installation. Clean installation is
the term used against upgrade. When you upgrade a Windows server you can have your settings,
apps, etc. from previous version of Windows. When you do the clean installation you can’t have the
settings, apps, etc.

Select the hard drive that you want to install the windows server on, and then click on the New button
to do the partitions.

After clicking on the New button, some options appear. Specify the amount of the drive based
on MB and click on the Apply button. A warning appears which wants you to give the permission to
system to create a drive for system files. Click on ok button, if you want to add more drives do this
process again. When finished hit Next.

Page | 9
After clicking Next the System starts coping all the files from the external drive to internal hard drive.
It will take a while so is patient. Be aware that your system will be restarted several times.

When the system copied all the files and restarted, finalize your task by entering the required details.
Type complex password (composed of uppercase, lowercase, symbol and numbers) twice in the
boxes and click on the Finish button. User name is Administrator by default.

Page | 10
After you logged in the Windows you see the something like the picture below. Welcome to
Windows Server 2016.

Once you Log in, Windows Server 2016 will show the Server Manager

Page | 11
 2.2. Working as an Administrator on Windows server 2016

2.2.1. Rebooting the Server

To power down (or reboot) your server, move your mouse to the upper, right corner of the screen.
When you do, Windows will display a series of icons along the right side of the screen. Click the
Settings icon and you will be taken to the Settings page, which you can see in the below Figure. As
you can see in the figure, the bottom row of icons includes a Power button. You can use this icon to
shut down or to reboot the server.

2.2.2. Accessing the Administrative Tools

There are a couple of different ways to access the administrative tools in Windows Server 2016. One
way involves using the Server Manager. As you can see in the below figure, the Server Manager’s
Tools menu contains all of the administrative tools that you are probably familiar with the other
previous versions of Windows Servers.

Page | 12
 2.2.3. Accessing Applications

To access all of the tiles that the Start screen is hiding, right click on an empty area of the Start
screen. When you do, a blue bar will appear at the bottom of the screen, as shown in the below
Figure, Click on the All Apps icon that appears on this bar.

Page | 13
 2.2.4. Creating a local user account in Windows server 2016
To create a local user account
➢ Open Computer Management.
➢ In the console tree, click Users.
Where?
➢ Server Manager\ Tools\ Computer Management\ Local Users and Groups

Page | 14
 Under Local Users and Groups select Users folder and on the Action menu, click New User.

➢ Type the appropriate information in the dialog box.

Select or clear the check boxes for:

➢ User must change password at next logon
➢ User cannot change password
➢ Password never expires
➢ Account is disabled
➢ Click Create, and then click Close.

Page | 15
Additional considerations:
To perform this procedure, you must provide credentials for the Administrator account on the local
computer (if you are prompted), or you must be a member of the Administrators group on the local
computer.
A user name cannot be identical to any other user name or group name on the computer that is being
administered. The user name can contain up to 20 uppercase characters or lowercase characters,
except for the following: “ “ / \ { } [ ] : ; | = + , * ? < > @.
A user name cannot consist only of periods (.) Or spaces.
In Password and Confirm password, you can type a password containing up to
127 characters.
The use of strong passwords and appropriate password policies can help protect your computer from
attack.

2.2.5. The Run Prompt and the Command Line

The Run prompt and the Command Prompt are both easily accessible. To reach these items, navigate
into Desktop mode. Upon doing so, move your mouse pointer to the lower, left corner of the screen.
When the Start tile appears, right click on it and you will see a menu listing options for Run,
Command Prompt and Command Prompt (Admin).

Page | 16
 2.2.6. Configuring the Windows Firewall
It’s possible to control the Windows Firewall through group policy settings or manually. If you need
to access the Windows Firewall you can do so by opening the Server Manager and then choosing
the Windows Firewall with Advanced Security command from the Tools menu, as shown in the
below Figure.

2.2.7. Adding Roles and Features

The easiest way to access the Add roles and features is to open the Server Manager and choose the
Add Roles and Features command from the Manage menu, as shown in the below Figure. This
causes Windows to launch the Add Roles and Features wizard. In many ways this wizard is similar to
what you might be used to in some of the previous versions of Windows Server, but there are a few
differences.

Page | 17
When the wizard begins, click Next to bypass the Welcome screen. The next screen that you will see
asks you if you want to perform a Role based or a feature-based installation or if you would prefer
to perform a Remote Desktop Services installation. Unless you are configuring the server to run the
Remote Desktop Services, you should choose the Role Based or Feature Based Installation option.
Click Next to continue.

The next screen that you will see is very different from anything that existed in previous versions of
Windows Server. This screen asks you where you would like to install the role or feature. Although
this is a seemingly simple question, the wizard gives you a few different options, as shown in the
below Figure.

Page | 18
In previous versions of Windows Server, it was assumed that if you were installing a role or a feature
then you were performing the installation on the local server. Windows Server 2016 still allows you
to perform local installations of roles and features. As a matter of fact, this is the default behavior. If
you were to simply click Next on the screen above then the wizard would assume that the roles or
features that you choose later on will be installed on the local server. Although this is the default
behavior, it is not your only option.

2.2.8. Adding Servers to the Server Pool

The advantage to populating the server pool is that doing so allows you to manage multiple Windows
servers through a single pane of glass.

If you want to add additional servers to the server pool, open Server Manager and choose the Add
Servers command from the Manage menu as shown in below figures.

2.2.9. Working with Roles and Features

In the previous article I walked you through the process of installing roles and features onto
Windows Server 2016. I want to wrap up this series by showing you what to do after the roles and
features have been installed. If you look the figure in below, you will see the Server Manager
dashboard. There are several items on this screen that are worth paying attention to.

Page | 19
The first thing that you will probably notice is the big, orange section near the center of the screen.
This section is designed to help you to quickly get the server configured. As you can see in the figure,
this section contains links that you can click to add roles and features, add other servers to
manage, or to create server groups. As you have seen throughout this series, all of these tasks can be
performed manually, but if you forget how to do so then you can simply click on one of these links to
get the ball rolling.

The next most important thing is the column on the left. This column lists a number of different
Server Manager Views. At the moment the Dashboard view is selected, but you can switch to a
different view by clicking on the view.

Some of the views that are listed are standard for Windows Server 2016. The Dashboard, Local
Server, All Servers, and File and Storage Services views are created by default. There are also views
that may exist as a result of the way that you have configured your server. For example, in the figure
above the AD DS and DNS exist as a direct result of installing the corresponding roles and features.

Page | 20
 CHAPTER THREE

3. Installation And Configuration of Domain Name System

Domain Name System (DNS) is a hierarchical naming system for computer systems, services or for
that matter any resource participating in the internet. Much information with domain name is
assigned to each of the participants. DNS translates the names of domain into meaningful to humans
into binary identifiers that are associated with the equipment of network to locate and address these
devices.

3.1. Installation of Domain Name System (DNS) Role

Steps:
To add a new role to Windows Server 2016, you use Server Manager. Start Server Manager, click the
Manage menu, and then select Add Roles and Features.

Click Next on the Add Roles and Features Wizard Before you begin window that pops up. If you
checked Skip this page by default sometime in the past, that page will, of course, not appear.

Page | 21
Now, it's time to select the installation type. For DNS servers, you will be selecting the Role-based
or feature-based installation.

Page | 22
Next, you will choose which server you want to install the DNS server role on from the server pool.
Select the server you want, in our case there is one server named “DMUServer” with IP address
192.168.0.1 and the operating System is Microsoft Windows Server 2016 and click Next.

Next, Select “DNS Server” from “Add Roles and features Wizard” popup window

At this point, you will see a pop-up window informing you that some additional tools are required to
manage the DNS Server. These tools do not necessarily have to be installed on the same server you
are installing the DNS role on.

Page | 23
N.B If your working environment only does remote administration; you do not have to install the
DNS Server Tools.
Next you should see the Features window. No need to make any changes here; just click Next, and
now there is an informational window about DNS Server and what it does, although one would
assume that if you've gotten this far, you are already aware of what it is. Click Next to move on.

This is the final confirmation screen before installation completes. You can check the box to “Restart
the destination server automatically”, if you like. Installing the DNS Server does not require a
restart, but unless you've planned for the downtime, keep that box unchecked, just in case.

Page | 24
After you clicked “Install” button from the previous step; the installation process is staring and
click Close button when it finishes the installation process.

Page | 25
Finally, The DNS Server role should be installed on your server. There should be a new DNS Role
tile in your Server Manager.

3.2. Configuration of a DNS Server

Within Server Manager, to configure the DNS Server, click the Tools menu and select DNS. This
brings up the DNS Manager window.

The “DNS Manager” window looks like as shown below

Page | 26
Select your server on the left side of DNS Manager Window to open zone list.

Right click on Forward Lookup Zones and click on New Zone from context menu to bring up the
New Zone Wizard.

A forward lookup zone is used for DNS clients to obtain such information as Internet Protocol (IP)
addresses that correspond to DNS domain names or services that is stored in the zone.

Page | 27
➢ In the next window click Next.
In the next step you can select the type of DNS you want to use. The primary zone will be located on
your server; the secondary zone will be located on another server. The secondary zone is used in large
networks for load balancing. Choose Primary zone and click on Next to continue.

➢ Enter a name for the new zone and click on Next button.

Page | 28
➢ Select “don’t allow dynamic updates”, Dynamic updates allows to DNS clients to register their
resource records in DNS database automatically, but if the network is small we can make updates of
DNS database manually.

➢ Next click on Finish

Page | 29
➢ In earlier step we have chosen “Do not to allow dynamic updates”; so we should add records to
zone manually. First, add record of the server itself. To do this right click on zone name and click
on New Host (A or AAAA).

Then the enter name and IP-address of the DNS Server in appropriate fields and then click Add Host.

Page | 30
As you can see on the right side of the DNS Manager window, the new host is now created and it’s
possible to create records for client computers in exactly the same way.

Next we have to add Reverse Lookup Zone. To do this right click on Reverse Lookup Zone and
click on New Zone to bring up the New Zone Wizard.

Reverse lookup zone provides mapping from Internet Protocol (IP) addresses back to DNS domain
names.

Page | 31
➢ Choose Primary zone and click on Next to continue.

➢ Select the type of IP-address, check on IPv4 and click on Next to continue.

Page | 32
➢ In Network ID field enter the first three octets of your DNS Server IP address.

➢ Just click on Next.

Page | 33
Check “Do not allow dynamic updates” and press Next.

➢ Click on Finish button and the DNS server is now configured and ready for use.

As you can see on the right side of DNS Manager Window, Reverse Lookup Zone is now created.

Page | 34
 3.3. Nslookup
Nslookup is a command line driven utility supplied as part of most Windows operating systems that
can reveal information related to domain names and the Internet Protocol (IP) addresses associated
with them.

Open your Administrator: windows PowerShell on your server or CMD on your windows client
machine and type Nslookup command.
c:\nslookup (Press enter)
Default Server: DMUServer.dmucs.local (The default DNS Server)
Address: 192.168.0.1 (IP address of the default DNS Server)
Here for the first time when we are trying to run Nslookup command on powershell our server name
will be definitely expressed as an unknown.

The reason for this is the DNS server does not possess a record for the server itself. Or simply it does
not know what its own name is. By creating a New Pointer (PTR) static entry we can fix this and let
DNS server know its own name.
Follow the following Steps:
1. Open the DNS management console, go to your reverse lookup zone and right click on it
and select “New Pointer (PTR)”.

Page | 35
2. In the New Pointer (PTR) window enter the IP address of DNS server and click Browse
button to select the host name of the server

Page | 36
Page | 37
Page | 38
3. Finally, go to Server Manager Tools menu and select Services option and find the DNS Server
service and right click on it and select Restart.

Page | 39
 CHAPTER FOUR
4. Active Directory
Active directory is a centralized and standardized system that automates network management of
user data, security, and distributed resources; Enables interoperation with other directories.
Active Directory is designed especially for distributed networking environments.

Active Directory features:

➢ Support for the X.500 standard for global directories.
➢ The capability for secure extension of network operations to the Web.
➢ A hierarchical organization that provides a single point of access for system
administration. (Management of user accounts, clients, servers, and applications, for
example) to reduce redundancy and errors.
➢ An object-oriented storage organization, which allows easier access to information.
➢ Support for the Lightweight Directory Access Protocol (LDAP) to enable inter-directory
operability.
➢ X.500 Directory Service is a standard way to develop an electronic directory of people in
an organization so that it can be part of a global directory available to anyone in the
world with Internet access. Such a directory is sometimes called a global White Pages
directory. The idea is to be able to look up people in a user-friendly way by name,
department, or organization.
➢ LDAP (Lightweight Directory Access Protocol) is a software protocol for enabling
anyone to locate organizations, individuals, and other resources such as files and devices
in a network, whether on the public Internet or on a corporate Intranet.

4.1. Active Directory Domain (AD Domain)

An Active Directory domain is a collection of objects within a Microsoft Active Directory

network. An object can be a single user or a group or it can be a hardware component, such as a
computer or printer. Each domain holds a database containing object identity information.
Active Directory domains are grouped in a tree structure; a group of Active Directory trees is
known as a forest, which is the highest level of organization within Active Directory. Active
Directory domains can have multiple child domains, which in turn can have their own child
domains. Authentication within Active Directory works through a transitive trust relationship.

Page | 40
Active Directory domains can be identified using a DNS name, which can be the same as an
organization's public domain name, a sub-domain or an alternate version (which may end in
.local). While Group Policy can be applied to an entire domain, it is typical to apply policies to
sub-groups of objects known as organizational units (OUs). All object attributes, such as
usernames, must be unique within a single domain and, by extension, an OU.

4.1.1. Microsoft Active Directory Domain Services (AD DS)

Active Directory Domain Services (AD DS) is a server role in Active Directory that allows
administrators to manage and store information about resources from a network, as well as
application data, in a distributed database. AD DS can also help Administrators manage a
network's elements (computers and end users) and reorder them into a custom hierarchy.

The structure of the hierarchy includes an Active Directory Forest, the forest's domains and
organizational units in those domains. AD DS integrates security by authenticating logons and
controlling who has access to directory resources.

An Active Directory Forest is the highest level of organization within Active Directory. Each
forest shares a single database, a single global address list and a security boundary. By default, a
user or administrator in one forest cannot access another forest.

An organizational unit (OU) is a container within a Microsoft Active Directory domain which
can hold users, groups and computers. It is the smallest unit to which an administrator can assign
Group Policy settings or account permissions. An organizational unit can have multiple OUs
within it, but all attributes within the containing OU must be unique. Active Directory
organizational units cannot contain objects from other domains.

4.1.2. Installation of Active Directory Domain Services role

Requirements:
➢ Minimum: 1.4 GHz 64-bit processor
➢ Minimum: 512 MB RAM
➢ Minimum: 32 GB or greater
Active directory Domain Name service installation in Windows Server 2012 is divided into the
following two parts:
➢ Install Active directory Domain Services
➢ Promote server as Domain controller

Page | 41
➢ Install Active Directory Domain Service
1. Add Roles and Features
First, Open server manager-> Select Add roles and features from Dashboard/Mange options.

➢ Select Next on Add Roles and Features Wizard page.

2. Installation Type
Select Role-based or feature-based installation option in Add Roles and Features Wizard page.

3. Select Server and Server Role

Select the server from the server pool. It will automatically show the server in the list. Typically,
you’ll see only your server in this list.
Page | 42
Select Active Directory Domain services in Role lists as shown below.

Page | 43
 4. Add Features
After selecting Role, it will pop up a window to install additional services, choose add features
from popup window.

Page | 44
If you want to install any other additional features you can select from this page.

The next window is “AD DS” which describes about the AD DS and its functions.

Page | 45
5. Installation of Active Directory Domain Name Service
6. Select Next in Add Roles and Features Wizard page.
7. Confirm the installation selections. Check the Restart check box to restart server
automatically after installation and click “Install”

8. The installation starts and it takes some minutes to finish; after the installation is finished
click Close button.

Page | 46
 4.1.3. Promote the Server as a Domain Controller

4.1.3.1. Server Notification to Promote

After installing Active directory services, select Promote server to a domain controller from the
server manager notification page.

4.1.3.2. Deployment Configuration

Select Deployment option as per your requirement. Here we are installing our first Active
directory in our server, so we have to select “Add a New Forest”.

Page | 47
Next, Give the root domain name, in our case as you can see in the below figure the root domai
is “dmucs.local”.

Page | 48
 4.1.3.3. Domain Controller Options
Select forest and domain functional level. You have to also set your DSRM password here.
Next screen is DNS delegation; if you have any other DNS in your network, you can delegate the
DNS options. This screen might display this message: “A delegation for this DNS server
cannot be created because the authoritative parent zone cannot be found”.

4.1.3.4. NetBIOS and Directory Path

Enter NetBIOS name in the next screen.

Page | 49
Next, select the folder path for Active directory database files; by default it will be stored in
“C:\Windows\NTDS” folder.

Next, review all your options and click on Next button.

Page | 50
Finally, Prerequisites check window will appear and if the prerequisite check passed successfully
click Install button to start the installation process.

4.2. Active Directory Console

Before prompting server as Domain controller, it will check the entire prerequisite, if any prerequisite
is not installed means it will not start the installation until to complete the prerequisite installation.
After completing installation reboot the server, if you checked the reboot automatically option means
it will get restart automatically,
Finally, after the installation, you can launch the Active directory console as shown below.

Page | 51
 CHAPTER FIVE

5. Creating of Users, Computers and Groups Account in Active Directory

Domain Services

5.1. User Account creation in a Domain controller

Step 1: Open Active Directory Users and Computers
Open AD Users and Computers snap-in from Server Manager. You can also open AD Users and
Computers snap-ins by typing dsa.msc on RUN program. You can open RUN application pressing
Windows Key + ‘R’ on your keyboard.

Step 2: Create an Organizational Unit

Organizational Unit or simply OU is a container object of Active Directory Domain which can hold
users, computers, and other objects. Basically, you create user accounts and computers inside an OU.
We will create an OU named “Informatic_staff”. Right-click on the domain in AD (dmucs.local)
chooses New and click Organizational Unit.

Page | 52
Type the name Staff on the name field of the Organizational Unit. Check the Protect container from
accidental deletion option. This option will protect this object from accidental deletion.

Step 3: Create a New domain user account under the organizational unit
Right-click the Informatic_staff Organizational Unit (OU), click New and click User.

Page | 53
Now type the user information. Type the first name and last name. Here user logon name is the name
that the user will use to actually log in the computer in the network. So when user tries to log in, he
will type [email protected] on username field. Then, click Next.

Now type the password. Check user must change password at next logon. The user will be forced
to change the password when user logs in. Click Next.

Page | 54
 Finally, Review the user configuration and click Finish.

You have successfully created a user account. You can open the properties of the user account to
configure settings.

Page | 55
Summary of creating a Domain user account in Active Directory Domain name service:
➢ Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Users and Computers.
➢ In the Active Directory Users and Computers window, expand <domain name>.com.
➢ Right-click Users, point to New, and then click User.
➢ In the New Object - User dialog box, do the following:
Use this To do this
First name Type a first name for the account
User logon name Type the appropriate account name from the
previous list

➢ Click Next.
➢ In the Password box, type a password for the account, and then in the Confirm password
box, type the password again.
➢ Select User must change password at next logon then click next.
➢ Click Finish.
➢ Repeat steps 3 through 8 for all your remaining accounts.

5.2. Creating steps of users group account

To create a group of users account in Active Directory on the Domain Controller you have to follow
the following steps
➢ Click Start, point to Programs, point to Administrative Tools, and then click Active
Directory Users and Computers.
➢ In Active Directory Users and Computers window, expand <domain name>.com
➢ In the console tree, right-click the folder in which you want to add a new group.
➢ Click New, and then click Group.

Page | 56
 ➢
Type the name of the new group. Use a name that you can easily associate with the role or service for
which you are creating.
In the New Object - Group dialog box, do the following:
➢ In Group scope, click Global scope.
➢ In Group type, click Security.
➢ Click Ok.

Page | 57
 ➢ Repeat steps 3 through 7 for all your remaining groups.
Here we are created “TAs” Group which is associated to Technical Assistants of our
dmucs.local domain.

Page | 58
 5.3. Adding a Domain user account in to a Domain group account
Right click on your user account which you want to add in a group account.

Enter your group name which you want to adding a user in it in the place of text area and click
ok.

➢
Finally, you have to get a message for the operation successfulness

5.4. Creating a client machine (Computer) Account in a domain controller

Go to the server manager on the Tools menu click Active Directory Users and Computers

Page | 59
Right click on your domain and from the drop-down options select New -> Computer

The “New Object-Computer” window will pop up and write the name of the client machine
on the Computer name: field, if you want to assign the client machine to a specific user or
group other than to a Domain Administrator click the Change button in the right side of User or
group: field.

Page | 60
In our case we are assigned the Minalu pc to the user Long Chalie in a dmucs.local
domain.

5.5. Joining a Client Machine to a Domain controller server from the client side
First you have to set up a static IP address for the client.

Page | 61
Steps:
Open your client machine “Computer” and click on the System Properties button. In our case
the client machine is Windows 10.
Now click on the advanced system settings link on the left-hand side.

1. When the advanced system settings open, switch to the computer name tab.

2. Click on the change button, from here you can change your Computers Name to a more
friendly name.

Page | 62
3. Now type in the name of your domain, ours is dmucs.local, but yours will be whatever
you made it when you set up Active Directory.

Page | 63
 4. When you enter client machine, or click OK, you will be asked for the user’s name and
password of a Domain Administrator user account.
5. If you specify the correct credentials, you will be welcomed to the Domain.
6. Finally, you must restart the client machine to apply these changes.
7. After restarting the client machine, the window log on status changed. By clicking Switch
User tab you can log on to the domain
8. By clicking other user, you can log on to DMUCS domain using an already domain
member user account.
9. Next, you have to change the already given password for your domain member account
by yours own new one, and be able to log on, Click “OK”.
10. Next, enter your old password and the new one with confirmation and go on.
11. If your new password meets the password policy of the domain password policy, you
have to get a message that says “Your password has been changed” and click “OK”
then “Welcome” and “Preparing your desktop” screens will appear successively.

5.6. Enabling and Using Fine-Grained Password Policies in Active Directory Domain
Services
Fine-grained password policies are used to specify multiple password policies in a single domain
and apply different restrictions for password and account lockout policies to different sets of
users in a domain. Fine-grained password policies apply only to global security groups and user
objects and also, they cannot be applied to an organizational unit directly.
Other considerations are:
➢ Only members of the Domain Admins group can set fine-grained password policies, but
this can be delegated.
➢ Managing the policies is done through Active Directory Administrative Center and/or
Windows PowerShell.
To enable the Fine-grained password policies (FGPP) the following steps will be satisfied: -
Open the Active Directory Administrative Center (ADAC) from the Server Manger Tools menu,
Switch to the Tree View and navigate to the System, Password Settings Container.

Page | 64
Right-click the Password Settings Container object and select “New”, “Password Settings”

Page | 65
In the “Create Password Policy” UI, fill all the fields that are appropriate.

Page | 66
It’s suggested a descriptive name and description of why you create a new policy, how this
policy differ from the default Password policy. And what group it will apply to.

Page | 67
 CHAPTER SIX

6. File and Storage Services

6.1. Shared folder setup

There are different ways to share a folder in Server 2016. Most efficient way is to use the Server
Manager. Here, we will configure some shared folder from domain controller named dmucs.
local. So, let’s setup some shared folders. To do so, open Server Manager. Click File and
Storage Services on the left pane. Then click Shares from the list. You will see the list of shared
folders on this server. As you can see below there are two folders, netlogon and sysvol shared by
default. This is because the server is Active Directory Domain Control.

Now let’s have a scenario, we want to share a folder named Academic Materials to Technical
Assistant users’ group. We want only the Technical Assistant group of users to view and execute
the contents of the folder. We already have Students users group set up and assigned users into the
group. So, let’s create the shared folder. To create a new shared folder, click Tasks and click New
Share in Server Manager Console.
Page | 68
New Share wizard pops up. There are number of share profiles by default. You can choose any
of these share profiles as you can see below. In our case we will choose SMB Share – Quick
and click Next.

Now you are asked to provide the share location of the folder that you want to share. Here the
chosen custom location is as C:\Acadamic Materials. Then click Next.

Page | 69
Type the Share name and description of the shared folder. Then click Next. Click OK to create
the new directory on path doesn’t exist warning will pop up.

Page | 70
Now configure other settings. Here, you will check to Enable access-based enumeration. This
option makes the folder visible for users that have permission to access the folder otherwise the
folder will be hidden. Allow caching of share option makes the folder to be accessed even when
the user is offline. Click Next.

Then, configure the folder permission. The shared folder has shared folder permission and NTFS
permission. These both permission works together to allow/deny users to access the shared
folder. Microsoft recommends allowing full control for share permission and using NTFS
permission to restrict and configure folder access. As you can see below, Share permissions:
Everyone Full Control. The permission shown here is the inherited NTFS permission from drive
NTFS permission. To change the permission, click Customize permission.

Page | 71
Click Disable inheritance. Then select Convert inherited permission into explicit
permissions on this object.

You can see the changes below. Remove both User groups from the permission. This Users group
contains all the users of the domain. We don’t want all the users of the domain to access this
shared folder so remove it. Click Add to add the Technical Assistant group. Click Select a
principal and add TAs group. Select the basic permissions and click OK.

Page | 72
Page | 73
Now the overall permission for the Academic Materials folder looks like this. Users of TAs
group can only read the files of Academic Materials folder.

Page | 74
Now let’s come back to the wizard and Click Next.

Page | 75
Review the settings and click Create.

The shared folder is now created. You can view the shared folder in Server Manager Console.

In this way you can configure shared folder using Server Manager. Remember, NTFS
permissions and shared folder permissions are different. If NTFS permission and shared folder
permission are conflicting, then the most restrictive permission is applied. For example, if you
configure NTFS permission to Full Control and shared permission to Read on a folder then the
permission applied will be Read only. Best practice to manage permissions for shared folder is,
configure full control permission for everyone and restrict the folder access using NTFS
permission. You can see the details of the shared folder by right clicking on it and select
properties from the given options.
Page | 76
In the properties of a shared folder window there are three options that you are going to see
and configure, these are permissions, settings and management properties.

Page | 77
 6.2. Disk quota management
Disk quota management is a permission specified by administrators that set limits on the user,
workgroups, or other groups of storage space. By setting a quota, this helps prevents a server or
share from becoming full of data, but still allows users to save files.

Before to set or enable a disk quota the File Server Resource Manager (FSRM) role must be
installed in your server, to install it follow the next steps:
➢ Go to the Server manager and click on Add Roles and features from the Manage
menu.
➢ Select role- based or feature based installation and click Next in the next pop-up window.
➢ Select your destination server from the server selection window and click Next.
➢ Select file and storage services -> File and ISCSI services -> File server resource
manager roles from server roles window.

Page | 78
Click on Add Features.

Click Next.

Page | 79
In the confirmation window click Install button and the installation takes few minutes to
complete.

6.2.1. Creating a quota

Open Server Manager using the icon on the desktop Taskbar or from the Start screen as usual.
Select File Server Resource Manager from the Tools menu in Server Manager.

Page | 80
In the left pane of File Server Resource Manager, expand Quota Management and click
Quotas. In the Actions menu click Create Quota.

In the Create Quota dialog, click Browse to select the folder to which you want to apply the
quota. In this example, c:\Acadamic Materials and then selected Auto apply template and
create quotas on existing and new subfolders to make certain that any folders added for new
users are also included in the quota policy.

Page | 81
Derive properties from this quota template (recommended), Select the quota template you’d like
to apply and click Create.

Your quota has been created successfully.

6.3. File Screening Management

On the File Screening Management node of the File Server Resource Manager, you can
perform the following tasks:
➢ Create file screens to control the types of files that users can save, and generate
notifications when users attempt to save unauthorized files.
➢ Define file screening templates that can be applied to new volumes or folders and that
can be used across an organization.

Page | 82
 ➢ Create file screening exceptions that extend the flexibility of the file screening rules.
For example, you can:

Ensure that no music files are stored on personal folders on a server—yet you could allow
storage of specific types of media files that support legal rights management or comply with
company policies. In the same scenario, you might want to give a boss in the company special
privileges to store any type of files in his personal folder.

Implement a screening process to notify you by e-mail when an executable file is stored on a
shared folder, including information about the user who stored the file and the exact location of
the file, so that you can take the appropriate precautionary steps.

Steps of file screening management

Go to Tools select File Server resource manager.

In the Create File Group Properties window, in the File group name box, you can see the
available included and excluded file groups and create your own file group by right click on File
group.

➢
Page | 83
➢
In the Create File Group Properties window, in the File screen template name box, you can see
the available file templates with screening type and file group groups and also you can create
your own file templates by right clicking on File screen template and select Create file template.

You can create a file screen option for your shared folder on file screens name box by right
clicking and selecting Create File Screen option.

Page | 84
On the File screen window the first step is click the Browse button under file screen path option
and select your shared folder directory or the file screen path.

Page | 85
Page | 86
For file screen properties you can either use properties from a file screen template
(recommended) or define your custom file screen properties.

In this example the selected file screen property is “Block Executable Files” under derive
property of the file screen template

Finally, after you select the file screen path and the file screen property you can create your file
screen by clicking the button Create.
You have successfully created a file screen for the folder Acadamic Materials as shown as
below.

Exercise
1. Write steps and make disk partition in window server 2016?

Page | 87
 CHAPTER SEVEN

7. Group policy Management

Group Policy is a hierarchical infrastructure that allows a network administrator in charge of

Microsoft's Active Directory to implement specific configurations for users and computers.
Group Policy can also be used to define user, security and networking policies at the machine
level.

7.1. Configuration of a Group policy

As usual we used our dmucs.local domain and our windows seven client, in this group policy
our aim will be restrict few applications such as Notepad.exe, calculator.exe and paint.exe for
the group called Technical Assistant that we already created earlier.
Steps:
On the server manager go to Tools, find and click Group policy Management

Page | 88
As usual on the domain server, create a new GPO, in our case the new GPO will be Technical
Assistant.

Next, right click on Technical Assistant GPO and click Edit

Page | 89
Next, on the Group Policy Management Editor, expand User Configuration, Policies, and
Administrative Templates, and then click System, next double click Don’t run specified
Windows applications, click Enabled and click Show.

In the Show Contents box, in the Value list, type notepad.exe, Calc.exe, and Paint.exe then
click OK

Page | 90
Next, click Control Panel, on the right pane, double click Prohibit access to Control Panel
and PC Settings, then click Enabled and click OK…

Page | 91
Next, let’s Link the Technical Assistant GPO to our domain, right click dmucs.local and click
Link an Existing GPO…

Page | 92
On the Select GPO box, under Group Policy Object, click Technical Support and then click
OK to proceed…

Next, you can open Command prompt (CMD) and type gpupdate /boot /force

Page | 93
Next, log in to your Windows client PC, in our case the client machine operating system is
Windows 10 ultimate and log in as a long DMUCS domain user account. Once you successfully
log on, try open notepad and Control Panel and you will be presented with Restrictions
warning box Next, back to your Domain Server and open Control Panel (remember that our
Domain Server is longed in as Domain Administrator).

What you need to do to solve the above small issue just a simple step where as in the Group
Policy Management, click Technical Assistant GPO, on the right pane, under Security
Filtering, click Authenticated Users and then click Remove and click OK to confirm remove
the Authenticated Users group.
Next, still in the Security Filtering, we can “Add” Students group so that only this group will
effected with this GPO.

Exercise
1. How to make Audit police setting in Window Server 2016?
2. How to change an account name, enabled or disabled an account, created or deleted an
account, changed a password, or changed a user group.
3. How to change local security policies and to see if someone has changed user rights
assignments, auditing policies, or trust policies?

Page | 94
 CHAPTER EIGHT

8. Installation and Configuration of DHCP role

Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically
provides an Internet Protocol (IP) host with its IP address and other related configuration
information such as the subnet mask and default gateway.

Benefits of DHCP

Safe and reliable configuration. DHCP minimizes configuration errors caused by manual IP
address configuration, such as typographical errors, as well as address conflicts caused by a
currently assigned IP address accidentally being reissued to another computer.

Reduced network administration.

➢ TCP/IP configuration is centralized and automated.
➢ Network administrators can centrally define global and subnet-specific TCP/IP
configurations.
➢ Clients can be automatically assigned a full range of additional TCP/IP configuration
values by using DHCP options.
➢ Address changes for client configurations that must be updated frequently, such as
remote access clients that move around constantly, can be made efficiently and
automatically when the client restarts in its new location.
➢ Most routers can forward DHCP configuration requests, eliminating the requirement of
setting up a DHCP server on every subnet, unless there is another reason to do so.

8.1. Steps of the installation of DHCP role

We ensure that computer has at least one static IP address assigned before starting the role
installation.
➢ Start the Server Manager
➢ Click Add Roles and Features from the Manage Menu
➢ On Add Roles and Features wizard begins and click
➢ elect the Role-based or feature-based installation option and click Next.
➢ If you have more than one server managed through the server manager console, select the
desired server you’d like to install DHCP on.

Page | 95
➢ From the Roles lists, check the DHCP Server role, click Add Features on the popup
window.

Page | 96
➢ Just Click Next.

➢ Select additional features you desire or leave as default and click Next.

Page | 97
Page | 98
Keep in mind ‘Things to note’ and click Next.

➢ Confirm information on summary page and click Install.

Page | 99
 ➢ After installation process is completed, click Close.

8.2. Configuration of DHCP role after installation

Post Deployment: open the Server Manager Click on the warning (Notification) icon and then
click on ‘Complete DHCP Configuration’

Page | 100
➢ On DHCP Post-Install wizard, click next.

On Authorization, select a domain user account that has permissions to create objects in the Net
Services container in Active directory (For security lock-down) or simply use a domain admin
account and click Next.

Page | 101
Confirm on summary page that the security groups had been created and Authorizing DHCP
server role done. Close the screen

For the security groups to come into effect, we need to restart the DHCP Server service.

Page | 102
Click on Tools on Server Manager menu and click on Services

Page | 103
Finally Locate “DHCP Server” service, click on the Restart Service icon to restart the service.

8.2.1. Creating a new IPv4 DHCP scope

A scope is needed so we can define a range of IP addresses that can be handed out to clients.
Steps: -
➢ From Server Manager Tools menu chooses DHCP.
Right click IPv4 and choose new Scope.

Page | 104
 ➢ Click Next

➢ Give the scope a meaningful name that you want in addition to the description about it and click
Next.

Page | 105
➢ In this case the scope starts at .20 and let it end at .254. You may wish to change this to
your needs.

➢ In this our IPV4 scope we do not set exclusions or delays but you may need them and can
exclude some range of IP address here.

Page | 106
➢ Accept the defaults and click Next

➢ Yes, we will configure DHCP options. Click Next.

Page | 107
➢ In our case the router is at 192.168.160.2 and Click Next.

➢ Under normal circumstances the wizard will detect the DNS server that is installed during the
installation of the DNS server role or a domain. Click Next.

Page | 108
➢ Here we do not support any WINS servers so just Click Next.

➢ Windows Internet Name Service (WINS) is Microsoft's implementation of NetBIOS Name

Service (NBNS), a name server and service for NetBIOS computer names. Effectively,
WINS is to NetBIOS names what DNS is to domain names — a central mapping of host
names to network addresses.
➢ Click Next

Page | 109
➢ Just Click Finish

➢ Here is our IPv4 DHCP scope.

Page | 110
Exercise
1. How to enable Web Server (IIS) role and FTP Server role service in Window Server 2016?
2. How to create FTP users?
3. How to creating FTP site?
4. How to make Window Firewall setup?

Page | 111
 CHAPTER NINE

9. Installation and Configuration of a Print Server

9.1. Print and Document Services role installation

1. Open the Server Manager console.
➢ To install and configure the print server in Windows Server, you must install Print and
Documents Services role. Go to Server Manager Dashboard click Manage tab then click Add
roles and features.

2. On the Before You Begin page click Next and select Role-based or feature based installation
then click Next.
3. On the Server Selection page, choose the server you want then click Next.
4. Select and tick the check box of “Print and Document Services” on the Server Roles page.

5. Now the component and features want to be installed; just click Add Features and then click
Next.
Page | 112
6. Leave the Features page by default and click Next. You don’t need to install any features
for print and document services, so do nothing on this page.

7. On the Print and Document Services page read all notification and click Next. It is necessary
once to read this page carefully.

8. Select the Print Server and Internet Printing options from Role Services.

Page | 113
Print and Document Role Services:

➢ Print Server: is the core print management and services.

➢ Distributed Scan: Server is for Document Scanner if you have it.
➢ Internet Printing: will let you manage your printers through the browser.
➢ LDP Services: will share printers between Linux and UNIX base OS.
Don’t change anything Web Server, just click Next on Web Server Roles (IIS), Role Services and
Confirmation page to finish the IIS Web Server options.

Page | 114
9. Click Install on the Confirmation page to finish the IIS Web Server options.

10. Finally click Close due to the installation of Print and document services successful
completion.

Page | 115
Exercise
1. How to install of printer in Window Server 2016?
2. How to share a printer to domain user computers?

Page | 116
 CHAPTER TEN

10. Backup
A backup, or the process of backing up, refers to the copying and archiving of computer data so
it may be used to restore the original after a data loss event.

Backup causes:
➢ Software bugs routinely corrupt documents.
➢ Users accidentally delete data files.
➢ Hackers and disgruntled employees erase disks.
➢ Hardware problems and natural disasters take out entire machine rooms
If executed correctly, backups allow an administrator to restore a filesystem to the condition it
was in at the time of the last backup. Backups must be done carefully and on a strict schedule.
The backup system and backup media must also be tested regularly to verify that they are
working correctly.

Backups Recommendations:
➢ Perform all backups from a central location
➢ Label your media
➢ Pick a reasonable backup interval
➢ Choose filesystems carefully
➢ Make daily dumps fit on one piece of media
➢ Keep media off-site
➢ Protect your backups
➢ Limit activity during backups – use snapshots
➢ Verify your media
➢ Develop a media life cycle
➢ Design your data for backups
➢ Prepare for the worst

Page | 117
 10.1. Types of Backups

10.1.1. Full Backup

A full backup is exactly what the name implies. It is a full copy of your entire data set. Although
full backups arguably provide the best protection, most organizations only use them on a
periodic basis because they are time consuming, and often require a large number of tapes or
disk.

10.1.2. Incremental Backup

Because full backups are so time consuming, incremental backups were introduced as a way of
decreasing the amount of time that it takes to do a backup. Incremental backups only backup the
data that has changed since the previous backup. For example, suppose that you created a full
back up on Monday, and used incremental backups for the rest of the week. Tuesday's backup
would only contain the data that has changed since Monday. Wednesday's backup would only
contain the data that has changed since Tuesday.

The primary disadvantage to incremental backups is that they can be time-consuming to restore.
Going back to the above example, suppose that you wanted to restore the backup from
Wednesday. To do so, you would have to first restore Monday's full backup. After that, you
would have to restore Tuesday's backup disk, followed by Wednesday's. If any of the disks
happen to be missing or damaged, then you will not be able to perform the full restoration.

10.1.3. Differential Backup

A differential backup is similar to an incremental backup in that it starts with a full backup, and
subsequent backups only contain data that has changed. The difference is that while an
incremental backup only includes the data that has changed since the previous backup, a
differential backup contains all of the data that has changed since the last full backup.

Suppose for example that you wanted to create a full backup on Monday and differential
backups for the rest of the week. Tuesday's backup would contain all of the data that has
changed since Monday. It would therefore be identical to an incremental backup at this point.
On Wednesday, however, the differential backup would backup any data that had changed since
Monday.

.
Page | 118
 10.1.4. Synthetic Full Backup
A synthetic full backup is a variation of an incremental backup. Like any other incremental
backup, the actual backup process involves taking a full backup, followed by a series of
incremental backups. But synthetic backups take things one step further.

What makes a synthetic backup different from an incremental backup is that the backup server
actually produces full backups. It does this by combining the existing full backup with the data
from the incremental backups. The end result is a full backup that is indistinguishable from a full
backup that has been created in the traditional way.

As you can imagine, the primary advantage to synthetic full backups is greatly reduced restore
times. Restoring a synthetic full backup doesn't require the backup operator to restore multiple
tape sets as an incremental backup does. Synthetic full backups provide all of the advantages of a
true full backup, but offer the decreased backup times and decrease bandwidth usage of an
incremental backup.

10.1.5. Incremental-Forever Backup

Incremental-forever backups are often used by disk-to-disk-to-tape backup systems. The

basic idea is that like an incremental backup, and incremental-forever backup begins by taking a
full backup of the data set. After that point, only incremental backups are taken.

What makes an incremental-forever backup different from a normal incremental backup is the
availability of data. As you will recall, restoring an incremental backup requires the tape
containing the full backup, and every subsequent backup up to the backup that you want to
restore. While this is also true for an incremental-forever backup, the backup server typically
stores all of the backup sets on either a large disk array or in a tape library. It automates the
restoration process so that you don't have to figure out which tape sets need to be restored. In
essence, the process of restoring the incremental data becomes completely transparent and
mimics the process of restoring a full backup.

10.2. Installation of Windows server 2016 Backup components

➢ Log on to the domain controller (DC) with a domain admin account and open a
PowerShell prompt using the blue icon on the desktop taskbar or from the Start
screen.

Page | 119
 ➢ In the PowerShell console, type add-windowsfeature windows-server-backup and
press Enter.

➢ Or you can follow the GUI procedure to install the Windows Server Backup feature from
the Server manager window Add roles and Features option.
➢ Open Server Manager from the desktop taskbar (or from the Start screen if it’s not
already open) and select Windows Server Backup from the Tools menu.

Page | 120
In the webadmin console, click Local Backup in the left pane.

Now select Backup Schedule under Actions in the far right pane.

Page | 121
On the Select Backup Configuration screen, select Full server (recommended) and click Next.

Page | 122
On the specify Backup time select the time when do you want to run a backup in this example
once in a day at 9:00 is selected because usually most of the backup in the organizations was
done in the night due to the server goes very slow when making the backup.

Page | 123
On the Specify Backup Destination Type screen, select your dedicated backup destination type in
this case Backup to a volume is selected.

On the Select Destination volume screen click Add button and add your dedicated backup
volume in the Backup destination menu.

Page | 124
Select your backup destination volume and click OK.

Page | 125
Just Click Next.

Click Finish on the confirmation screen.

Page | 126
After successfully created the backup schedule close the backup schedule wizard.

Finally, the webadmin window looks like as shown as below.

Page | 127
Exercise
Question 1. How to restore a Windows Server 2016 Domain Controller from a Backup?
Question 2. How to removing roles and features in Windows Server 2016?
Question 3: How to control a computer from a remote location?
Question 3: Install and configure Ubuntu Server 14.04 Trusty Tahr?

Page | 128
References

➢ Microsoft official Academic course, Networking fundamentals, Exam98-366

193.140.54.45/network/NetworkingFundamentals.pdf
➢ An Introduction to Computer Networks, Release 1.96, Peter L Dordal, September 05, 2017
https://intronetworks.cs.luc.edu/current/ComputerNetworks.pdf
➢ Microsoft Press eBook Introducing Windows Server 2012 R2
https://download.microsoft.com/DOWNLOAD/4/8/A/48A3ADA5-063D-4C7F-AA11-
F9A3AE8C8B55/MICROSOFT_PRESS_EBOOK_INTRODUCING_WINDOWS_SERVER
_2012_R2_PDF.PDF
➢ https://technet.microsoft.com/en-us/library
➢ Installing and Configuring Windows Server 2012 R2 Exam Ref 70-410, Craig Zacker
https://ptgmedia.pearsoncmg.com/images/9780735684249/.../9780735684249.pdf
➢ https://docs.microsoft.com/en-us/windows-server
➢ https://www.tutorialspoint.com/windows_server_2012/
➢ https://theitbros.com/windows/windows-server/

Page | 129