Windows Server 2016 Unleashed

Rand Morimoto, Ph.D., MCSE, CISSP, has been in the computer industry for more than 30 years and has authored, coauthored, or been a contributing writer for dozens of books on Windows, Security, Exchange, Office 365, and Microsoft Azure. Rand is the president of Convergent Computing, an IT-consulting firm in the San Francisco Bay area that has been one of the key early adopter program partners with Microsoft. Convergent Computing implements the latest Microsoft technologies, including Microsoft Windows Server 2016, System Center 2016, Windows 10, Azure Stack, Office 365, and Azure (public) in production environments months before the initial product releases to the general public. Jeffrey Shapiro, MCSE, MCT, leads MISIQ, a technical consulting company specializing in all areas of Microsoft systems, including Windows Server, SQL Server, IIS, PKI, all aspects of .NET software development, and Microsoft’s Azure cloud services. He helps CIOs and CTOs plan, architect, and manage their network and IT operations assets. He has nearly 30 years’ experience in all aspects of information technology and has authored and co-authored more than 20 books from software engineering to IT infrastructure and computer and network systems. He began architecting Windows Client-Server systems as early as 1993 and supported numerous Windows NT networks for most of the 1990s. A prolific IT writer, he was one of the first authors to cover the advent of Active Directory in 1999, and has written extensively on Windows Server technology. His books cover Windows Server NT, and Windows Server 2000 through Windows Server 2016. Jeffrey is also a high-availability expert and has architected some of the world’s largest Windows Server networks, some of them consisting of 100s of servers and server clusters all over the world. He has consulted for some of the United States’ largest corporations, such as Blue Cross Blue Shield, Con Edison, Disney, Universal Studios, and several counties and cities across North America. He is an expert SQL Server DBA and .NET Programmer. Guy Yardeni, MCITP, CISSP, MVP, is an accomplished infrastructure architect, author, and overall geek-for-hire. Guy has been working in the IT industry for more than 16 years and has extensive experience designing, implementing, and supporting enterprise technology solutions. Guy is an expert at connecting business requirements to technology solutions and driving to successful completion the technical details of the effort while maintaining overall goals and vision. Guy maintains a widely read technical blog at www.rdpfiles.com and is a Windows MVP. Omar Droubi, MCTS, has maintained a successful career and delivered quality work as a senior Information Technology professional for more than 20 years by keeping current with the latest technological developments and trends. As a writer, he has co-authored several Sams Publishing best-selling books, including Microsoft Windows Server 2003 Unleashed through Windows Server 2012 Unleashed. Omar has also been a contributing writer and technical reviewer on several Microsoft Exchange Server books and publications. He has been deeply involved in testing, designing, and prototyping Windows 10 and Windows Server 2016 for the past few years, and has assisted organizations in getting the most out of the latest features included in these products. Michael Noel, MVP, is an internationally recognized technology expert, bestselling author, and well-known public speaker on a broad range of IT topics. He has authored more than 20 major industry books that have been translated into more than a dozen languages worldwide. In addition, Michael has presented at more than 200 technical and business conferences in more than 70 countries around the world. Currently a partner at Convergent Computing (cco.com) in the San Francisco Bay area, Michael’s writing and extensive public-speaking experience across all seven continents leverage his real-world expertise in helping organizations realize business value from Information Technology infrastructure. Andrew Abbate, MCITP, enjoys the position of principal consultant and partner at Convergent Computing. With more than 20 years of experience in IT, Andrew’s area of expertise is understanding a business’s needs and translating that to process and technologies to solve real problems. Having worked with companies from the Fortune Ten to companies of 10, Andrew has a unique perspective on IT and a grasp on “big picture” consulting. Andrew has also written eight industry books on varying technologies ranging from Windows to Security to Unified Communications. Chris Amaris, MCITP, MCTS, CISSP/ISSAP, CHS III, is the chief technology officer and cofounder of Convergent Computing. He has more than 30 years’ experience consulting for Fortune 500 companies, leading companies in the technology selection, architecture, design, and deployment of complex enterprise and hosted cloud integration projects. Chris specializes in leveraging Microsoft Azure, Windows 2016, and System Center to achieve a high degree of on-premise to cloud integration, automation, and self-service, reducing the level of effort and time-to-market for organizations while providing high levels of fault tolerance and availability. Chris is also an author, writer, and technical editor for a number of IT books, including System Center 2012 Unleashed, and conducts trainings and seminars on Azure, Windows, and System Center technologies worldwide.

• Introduction     1 How This Book Is Organized     1 Part I:  Windows Server 2016 OverviewChapter 1  Windows Server 2016 Technology Primer     5 Windows Server 2016 Defined     6 When Is the Right Time to Migrate?     16 Versions of Windows Server 2016     18 Improvements for Continuous Availability     22 Enhancements for Flexible Identity and Security     25 Enabling Users to Work Anywhere     31 Simplifying the Datacenter     38 Addition of Migration Tools     48 Identifying Which Windows Server 2016 Service to Install or Migrate to First     49 Chapter 2  Planning, Prototyping, Migrating, and Deploying Windows Server 2016     55 Determining the Scope of Your Project     56 Identifying the Business Goals and Objectives to Implement Windows Server     56 Identifying the Technical Goals and Objectives to Implement Windows Server     59 The Discovery Phase: Understanding the Existing Environment     65 The Design Phase: Documenting the Vision and the Plan     69 The Migration Planning Phase: Documenting the Process for Migration     73 The Prototype Phase: Creating and Testing the Plan     79 The Pilot Phase: Validating the Plan to a Limited Number of Users     81 The Migration/Implementation Phase: Conducting the Migration or Installation     83 Chapter 3  Installing Windows Server 2016 and Server Core     89 Planning for a Server Installation     90 Installing a Clean Version of Windows Server 2016 Operating System     95 Upgrading to Windows Server 2016     104 Understanding Server Core Installation     107 Managing and Configuring a Server Core Installation     110 Performing an Unattended Windows Server 2016 Installation     118 Nano Server     118 Part II:  Windows Server 2016 Active DirectoryChapter 4  Active Directory Domain Services Primer     125 The Evolution of Directory Services     126 Understanding the Development of AD DS     128 AD DS Structure     128 Outlining AD DS Components     131 Understanding Domain Trusts     136 Defining Organizational Units     137 Outlining the Role of Groups in an AD DS Environment     139 Understanding AD DS Replication     141 Outlining the Role of DNS in AD DS     143 Outlining AD DS Security     145 Getting Familiar with AD DS Features in Windows Server 2016     145 Chapter 5  Designing a Windows Server 2016 Active Directory     159 Understanding AD DS Domain Design     160 Choosing a Domain Namespace     161 Examining Domain Design Features     163 Choosing a Domain Structure     164 Understanding the Single-Domain Model     165 Understanding the Multiple-Domain Model     168 Understanding the Multiple Trees in a Single-Forest Model     170 Reviewing the Federated-Forests Model     172 Understanding the Empty-Root Domain Model     175 Understanding the Placeholder Domain Model     178 Understanding the Special-Purpose Domain Model     179 Renaming an AD DS Domain     180 Chapter 6 Designing Organizational Unit and Group Structure     185 Defining Organizational Units in AD DS     186 Defining AD Groups     188 OU and Group Design     192 Starting an OU Design     193 Using OUs to Delegate Administration     194 Group Policies and OU Design     196 Understanding Group Design     197 Exploring Sample Design Models     199 Chapter 7  Active Directory Infrastructure     207 Understanding AD DS Replication in Depth     207 Understanding Active Directory Sites     212 Planning Replication Topology     219 Windows Server 2016 IPv6 Support     226 Detailing Real-World Replication Designs     229 Deploying Read-Only Domain Controllers     232 Deploying a Clone Virtualized DC     236 Chapter 8  Creating Federated Forests and Lightweight Directories     241 Keeping a Distributed Environment in Sync     241 Active Directory Federation Services     247 Synchronizing Directory Information with Microsoft Identity Manager     251 Harnessing the Power and Potential of MIM     254 Part III:  Networking ServicesChapter 9  Domain Name System, WINS, and DNSSEC     259 The Need for DNS     261 Getting Started with DNS on Windows Server 2016     264 Resource Records     267 Understanding DNS Zones     272 Performing Zone Transfers     276 Understanding DNS Queries     279 Other DNS Components     280 Understanding the Evolution of Microsoft DNS     288 DNS in Windows Server 2016     289 DNS in an Active Directory Domain Services Environment     291 Troubleshooting DNS     295 Secure DNS with DNSSEC     304 Reviewing the Windows Internet Naming Service     310 Installing and Configuring WINS     311 Planning, Migrating, and Maintaining WINS     316 Chapter 10  DHCP, IPv6, IPAM     321 Understanding the Components of an Enterprise Network     321 Exploring DHCP     323 Exploring DHCP Changes in Windows Server 2016     331 Enhancing DHCP Reliability     338 Exploring Advanced DHCP Concepts     349 Securing DHCP     350 IPv6 Introduction     351 Configuring IPv6 on Windows Server 2016     362 IP Address Management     370 Installing the IPAM Server and Client Features     371 Exploring the IPAM Console     387 Chapter 11  Internet Information Services     391 Understanding Internet Information Services     10     392 Planning and Designing IIS 10     396 Installing and Upgrading IIS 10     397 Installing and Configuring Websites     403 Installing and Configuring FTP Services     413 Securing IIS 10     422 Part IV:  SecurityChapter 12  Server-Level Security     433 Defining Windows Server 2016 Security     434 Deploying Physical Security     435 Using the Integrated Windows Firewall with Advanced Security     437 Hardening Servers     442 Examining File-Level Security     450 Malware and Backup Protection     454 Windows Server Update     456 Chapter 13  Securing Data in Transit     463 Introduction to Securing Data in Transit in Windows Server 2016     464 Deploying a Public Key Infrastructure with Windows Server 2016     465 Understanding Active Directory Certificate Services in Windows Server 2016     467 Active Directory Rights Management Services     476 Using IPsec Encryption with Windows Server 2016     479 Chapter 14  Network Policy and Access Services, Routing and Remote Access and DirectAccess     483 Installing a Network Policy Server     484 Deploying a Virtual Private Network Using RRAS     485 Configuring DirectAccess     491 Part V:  Migrating to Windows Server 2016Chapter 15  Migrating to Active Directory 2016     495 Beginning the Migration Process     496 Big Bang Migration     499 Phased Migration     503 Multiple Domain Consolidation Migration     519 Chapter 16  Compatibility Testing     537 The Importance of Compatibility Testing     538 Preparing for Compatibility Testing     539 Researching Products and Applications     545 Verifying Compatibility with Vendors     548 Microsoft Assessment and Planning Toolkit     554 Lab-Testing Existing Applications     554 Documenting the Results of the Compatibility Testing     557 Determining Whether a Prototype Phase Is Required     557 Part VI:  Windows Server 2016 Administration and ManagementChapter 17  Windows Server 2016 Administration     561 Defining the Administrative Model     562 Examining Active Directory Site Administration     563 Configuring Sites     566 Windows Server 2016 Active Directory Groups     574 Creating Groups     575 Managing Users with Local Security and Group Policies     580 Managing Printers with the Print Management Console     588 Chapter 18  Windows Server 2016 Group Policies and Policy Management     595 Group Policy Overview     596 Group Policy Processing: How Does It Work?     597 Local Group Policies     600 Domain-Based Group Policies     601 Security Templates     602 Understanding Group Policy     603 Group Policy Policies Node     615 Group Policy Preferences Node     618 Policy Management Tools     618 Designing a Group Policy Infrastructure     626 GPO Administrative Tasks     629 Chapter 19 Windows Server 2016 Management and Maintenance Practices     651 Going Green with Windows Server 2016     652 Server Manager Dashboard     653 Managing Windows Server 2016 Roles and Features     655 Creating a Server Group     660 Viewing Events     660 Server Manager Storage Page     670 Auditing the Environment     673 Managing Windows Server 2016 Remotely     682 Common Practices for Securing and Managing Windows Server 2016     688 Keeping Up with Service Packs and Updates     689 Maintaining Windows Server 2016     693 Chapter 20  Automating Tasks Using PowerShell Scripting     707 Understanding Shells     708 Introduction to PowerShell     710 Understanding PowerShell Fundamentals     712 Using Windows PowerShell     739 Chapter 21  Documenting a Windows Server 2016 Environment     771 Benefits of Documentation     772 Types of Documents     773 Planning to Document the Windows Server 2016 Environment     774 Knowledge Sharing and Knowledge Management     774 Windows Server 2016 Project Documents     775 Administration and Maintenance Documents     788 Network Infrastructure     792 Disaster Recovery Documentation     793 Change Management Procedures     796 Performance Documentation     796 Baselining Records for Documentation Comparisons     796 Routine Reporting     796 Security Documentation     797 Part VII:  Remote and Mobile TechnologiesChapter 22  Server-to-Client Remote and Mobile Access     801 Remote Access in Windows Server 2016     803 VPN in Windows Server 2016     805 RAS System Authentication Options     808 VPN Protocols     810 DirectAccess in Windows Server 2016     815 Choosing Between Traditional VPN Technologies and DirectAccess     826 Setting Up the Unified Remote Access Role     829 DirectAccess Scenario     830 VPN Scenario     836 Monitoring the Remote Access Server     847 Chapter 23  Remote Desktop Services     851 Why Implement Remote Desktop Services?     852 How Remote Desktop Works     855 Understanding the Name Change     857 RDS Roles     857 Configuration Options and Fine-Tuning Terminology     865 Planning for RDS     872 Deploying RDS     877 Deploying Virtual Desktops     888 Enabling RemoteFX     896 Securing and Supporting RDS     898 Part VIII:  Desktop AdministrationChapter 24  Windows Server 2016 Administration Tools for Desktops     903 Managing Desktops and Servers     904 Operating System Deployment Options     905 Windows Server 2016 Windows Deployment Services     908 Installing Windows Deployment Services     910 Customizing Boot Images     921 Creating Discover Images     925 Pre-Creating Active Directory Computer Accounts for WDS (Prestaged Systems)     926 Creating Custom Installations Using Capture Images     930 Automating Image Deployment Using Unattend Files     933 General Desktop Administration Tasks     934 Chapter 25  Group Policy Management for Network Clients     937 The Need for Group Policies     938 Windows Group Policies     939 Group Policy Feature Set     942 Planning Workgroup and Standalone Local Group Policy Configuration     947 Planning Domain Group Policy Objects     950 Managing Computers with Domain Policies     959 Configuring Preference Item-Level Targeting     967 Managing Users with Policies     977 Managing Active Directory with Policies     984 Chapter 26  Storage     999 Storage Spaces and Storage Pools     999 Managing Windows Server 2016 Disks     1010 Configuring Storage Spaces Direct     1014 Part IX:  Fault-Tolerance TechnologiesChapter 27  File System Management     1023 File System Access Services and Technologies     1023 Adding the File and Storage Services Role     1027 Managing Data Access Using Windows Server 2016 Shares     1028 File Server Resource Manager     1032 The Distributed File System     1044 Planning a DFS Deployment     1048 Installing and Configuring DFS     1051 Using the Volume Shadow Copy Service     1057 Configuring Data Deduplication     1060 Dynamic Access Control     1062 Chapter 28  Operational Fault Tolerance (Clustering/Network Load Balancing)     1073 Building Fault-Tolerant Windows Server 2016 Systems     1075 Windows Server 2016 Clustering Technologies     1077 Determining the Correct Clustering Technology     1083 Overview of Failover Clusters     1085 Deploying Failover Clusters     1090 Backing Up and Restoring Failover Clusters     1113 Deploying Network Load-Balancing Clusters     1117 Managing NLB Clusters     1125 Network Teaming     1127 Chapter 29  Backing Up the Windows Server 2016 Environment     1131 Understanding Your Backup and Recovery Needs and Options     1132 Creating the Disaster Recovery Solution     1135 Documenting the Enterprise     1136 Developing a Backup Strategy     1137 Windows Server Backup Overview     1138 Using Windows Server Backup     1141 Managing Backups Using the Command-Line Utility Wbadmin.exe and Windows PowerShell Cmdlets     1146 Backing Up Active Directory     1150 Backing Up Windows Server 2016 Roles     1153 Volume Shadow Copy Service     1154 Extending Server Backup to the Enterprise with Data Protection Manager 2016     1155 Chapter 30  Recovering from a Disaster     1157 Ongoing Backup and Recovery Preparedness     1157 When Disasters Strike     1161 Disaster Scenario Troubleshooting     1163 Recovering from a Server or System Failure     1166 Managing and Accessing Windows Server Backup Media     1173 Windows Server Backup Volume Recovery     1174 Recovering Role Services and Features     1176 Part X:  Optimizing, Tuning, Debugging, and Problem SolvingChapter 31  Optimizing Windows Server 2016 for Branch Office Communications     1185 Key Branch Office Features in Windows Server 2016     1186 Understanding Read-Only Domain Controllers     1186 Using BitLocker with Windows Server 2016     1202 BranchCache in Windows Server 2016     1213 Printing with Branch Office Direct Printing     1226 Chapter 32  Logging and Debugging     1229 Using the Task Manager for Logging and Debugging     1229 Using Event Viewer for Logging and Debugging     1237 Performance Monitoring     1248 Setting Baseline Values     1275 Using the Debugging Tools Available in Windows Server 2016     1277 Task Scheduler     1291 Chapter 33  Capacity Analysis and Performance Optimization     1299 Defining Capacity Analysis     1299 Using Capacity-Analysis Tools     1303 Monitoring System Performance     1317 Optimizing Performance by Server Roles     1325 Part XI:  Integrated Windows Application ServicesChapter 34  SharePoint 2016 Products     1333 History of SharePoint Technologies     1333 Identifying the Need for SharePoint 2016 Products     1335 Designing a SharePoint 2016 Farm     1339 Exploring a Basic SharePoint 2016 Site     1343 Lists and Libraries in SharePoint 2016     1345 Managing the Site Collection     1351 Chapter 35  Windows Server Virtualization     1357 Understanding Microsoft’s Virtualization Strategy     1357 Integration of Hypervisor Technology in Windows Server     1360 Windows Containers and Hyper-V Containers in Windows Server 2016     1368 Planning Your Implementation of Hyper-V     1368 Installing the Microsoft Hyper-V Role     1371 Becoming Familiar with the Hyper-V Administrative Console     1374 Installing a Guest Operating System Session     1380 Modifying Guest Session Configuration Settings     1384 Launching a Hyper-V Guest Session     1387 Using Snapshots of Guest Operating System Sessions     1389 Quick Migration and Live Migration     1391 Utilizing Hyper-V Replica for Site-to-Site Redundancy     1404 Hyper-V Containers in Windows Server 2016     1410 Windows Docker Containers     1412 Chapter 36  Integrating System Center Operations Manager 2016 with Windows Server 2016     1417 Windows Server 2016 Monitoring     1418 Understanding How OpsMgr Works     1419 OpsMgr Architecture Components     1423 Securing OpsMgr     1433 Fault Tolerance and Disaster Recovery     1438 Understanding OpsMgr Components     1444 Putting it All Together in a Design     1448 Index     1459