Windows Server 2016

S.NO COURSE CONTENT PAGE NO

1 Network and Networking 5
2 Types of Networks 5
3 Network Devices 10
4 Software’s 11
5 Installation of windows server 2016 14
6 Installation of windows 10 21
7 IP Address 31
 IP Version 4
 Binary Decimal Conversion
 Classes
 Subnet Mask
 Public and Private IP
8 Active Directory Domain directory 44
 Structure
 Domain
 Tree
 Organizational Unit
 Forest
 Components of Active Directory
9 Steps to Install ADDS 51
 Prerequisites
10 Steps to Change Computer Name 52
11 Steps to Assign IP 2016 55
12 Steps to Check IP Address 58
13 Steps to Install ADDS / DNS 59
14 Steps to Configure ADDS 67
15 Steps to ADDS Client (or) member Server 74
 Prerequisites
16 Steps to create users 79
17 Steps to create user from CMD 83
18 Steps To Configure Logon to 84
 To verify go to client 1 computer and login as “Abdullah” user
19 Steps to configure log on Hours 88
20 Steps to configure log on hours for Multiple Users 91
21 Steps to configure or enable Active Directory Recycle Bin 95
22 Password Policy 98
23 Account Lockout Policy 100
24 Steps to Unlock Account 104
25 Steps to create Organization Unit 105
 Steps to create sub OU
 Steps to create User in OU
 Steps to Move User between OU's
 Steps to delete OU’
 Windows Server 2016

26 Steps to configure Delegating Control 112

27 Group Policy 115

 Remove Games, Music, Pictures, Etc
 Update Policy
 To Verify
 To Deny Group Policy For User From Organizational Unit
28 Steps To Deny The Control Of Organizational Unit 125
 Steps To Deny USB On Domain
 Steps To Block Domain Policy On Organizational Unit
 Steps to configure enforce policy
29 Groups 133
 Steps to add users in groups
 Sharing
 Steps to access share folder
 Steps to modify sharing
30 Security 142
 To verify
31 Office files 146
32 Home folder 148
33 Disk quotas 150
34 profile 153
35 NIC Teaming 154
36 Steps to configure Additional Domain Controller 155
37 Steps to configure Child Domain Controller 160
38 (A) Steps to Transfer FSMO Roles 165
(B) Steps To Seize FSMO 168
 FSMO Lab
39 DNS 188
 Steps to install DNS
 Steps to configure primary DNS server [forward lookup zone]
 Steps to configure primary reverse lookup zone
 Steps to add Host and Pointer record
 Steps to configure secondary DNS
 Install DNS server
40 DHCP 208
 Steps to install DHCP role
 Authorising DHCP server
 Steps to configure DHCP
 DHCP-Dynamic Host configure Protocol
 Steps to configure DHCP Reservation
 DHCP server Backup & Restore
 Configure DHCP server Failover
41 Client configuration 243
 Windows Server 2016

42 Steps to Reserve IP 245

43 Steps to modify scope range 246
44 Steps to configure failover 244
45 Steps to verify failover DHCP 251
46 WDS 252
 Steps to install WDS
 Steps to configure WDS
 Steps to add install image and booting image
 Client side configuration
47 NIC Teaming 290
 Windows Server 2016

1. What is the Difference between Network and Networking?

Network: Network is a group of two or more Computers linked together for sharing
information, Sharing Software, Sharing Hardware, Remote Access etc, with each
other.
Computer Networks can be used in Home, Schools, Colleges, Hospitals, Shopping
Malls, Banks, Software companies, Airports, Government sector, etc
Network can be Wire / Wireless.
In computer Network commonly used devices are Computers (Desktop/Laptop),
Servers, Network Interface Card, Hubs, Switches, Routers, Firewalls, Printers, Cables
etc.
The biggest Computer Network is INTERNET.
Networking: Networking is the Process of establishing and configuring Computer
Network.
In networking we can use Software’s, Services, and Protocols to establish
communication between Hardware Devices.

2. Types of Computer Network

There are several different types of computer networks. Computer networks can be
characterized by their size as well as their purpose.
The size of a network can be expressed by the geographic area they occupy and the
number of computers that are part of the network. Networks can cover anything
from a handful of devices within a single Room/Building to millions of devices spread
across the entire globe.
Common types of Network’s are

1. Local Area Network ( LAN):

 Windows Server 2016
 A Computer network which is spread within a Room / Building.
 The smallest LAN may only use two computers / Users, while larger LANs can accommodate
thousands of computers / Users.
 A LAN typically relies mostly on wired connections for increased speed and security, but
wireless connections can also be part of a LAN. High speed and relatively low cost are the
defining characteristics of LANs.
 A LAN is very useful for sharing resources like Printer, sharing Data with security and sharing
single Internet connection.
 LAN’s are Owned, Controlled and Managed by same organization.
 Devices used in LAN are Computer, Server, Network Interface Card, Cables, Hubs, Switches
etc
 Ethernet Technology is widely used in LAN’s.

Metropolitan Area Network (MAN) :

 Windows Server 2016
 MAN is spread across a big city
 A MAN is often used to connect several LANs together to form a bigger network.
 MAN can cover an area from several miles to tens of miles.
 A MAN is typically owned and operated by a single entity such as a government body or large corporation
(Internet Service Provider (ISP)
 MANs can provide fast communication via high-speed carriers, such as fiber optic cables.
 MAN Is larger than a LAN, but smaller than a WAN

Wide Area Network:

  WAN, occupies a very large area, such as an entire country or the entire world.
 A WAN can contain multiple smaller networks, such as LANs or MANs.
 WANs transmit data at much slower speeds than LANs, most commonly at about 1.5 megabits
per second (Mbps) or less
 Best example of WAN is Internet.
 WAN technologies are Lease lines, Frame relay etc.
Windows Server 2016
 Windows Server 2016

Networking Components / Devices

The common N/w Devices are

1. Computer
2. Server
3. Hub
4. Switch
5. NIC – Network Interface Card
6. Router
7. Cables

**************************************************************************

Difference between Computer and Server:

Computer (Desktop/Laptop) is an electronic device which is used to store, retrieve
and process Data.
Computers are used in home, schools, colleges, companies to make a document,
send mail, internet browsing, play games, and for audio / video etc
Servers are like computer but with more capabilities.
Servers are specially used in companies to manage computers, users, and huge
data.

Note: one of the main differences between Desktop computer and Server
machine is its Hardware, in Desktop we have One Processor but in server we
can have Four Processor, RAM in Desktop is up to 16 GB, but in Server we can
get 64GB and more.
-------------------------------------------------------------------------------------------------------------------------------
 Windows Server 2016

Difference between Hubs - Switch:

Note: Hub and Switch are used to connect all end devices together on a network, but
Both have different capabilities.

HUB SWITCH
 Hub is a Dummy device.  Switch is an intelligent device.
 When a hub receives a packet of data from  When a switch receives a packet of data, it
one of the connected computers, determines what computer or device the packet
it broadcasts that data packet to all the other is intended for and sends it to that computer
connected computers, no matter which one is only. It does not broadcast the packet to all
the final destination of that data packet . computers as a hub does 
 Collision occurs in Hub.  No Collision in Switch.
 No Memory in Hub.  Switch uses MAC table to keep connected
computers MAC address.
 No configuration/Security is possible in Hub.  Configuration/Security can be done in a Switch.

 Hub has less number of ports,  Switch have many ports,

Ex: 8, 16 Ex : 16, 24, 32, 48, 96 etc
 Hub is less in cost.  Switch is very expensive.
 Hub is out-dated.  Switch is used in every LAN.

***************************************************************************
3. Network Interface Card: (NIC)
1. Also known as LAN card or Ethernet card or Network Adapter.
2. NIC card is used to connect a computer to a Network (LAN) or Internet
3. NIC card is both Wire and Wireless.
4. Every NIC has two addresses MAC(Hardware )address and IP address (Software)
5.  MAC addresses are linked to the hardware of NIC when it is manufactured.

6. MAC address is unique address, No two NIC’s can have same MAC address.
7. MAC address is 48-bit Hex-Decimal address
Ex: B8-70-F4-2E-3E-EF.
8. Out of 48-bits first 24-bits is for Vendor ID and next 24-bits are for Card ID.

Note: Both MAC address and IP address are used in communication.

 Windows Server 2016

Router:
1. Router makes communication between two or more network’s
2. Router can be used between two LAN segments, or between
WAN/Internet.
3. Router can also be used as a security device
4. Router maintains Routing table, in this table Router keeps information of all
the other networks.

4. Types of Software’s
 Software is a set of Instructions that enables a user to interact with Hardware.
 Software is the language of computer.
 Software is also known as Program.
 Software’s can be divided into following categories

1. System Software :
 System Software is set of programs that control and manage the
operations of computer hardware and other Application’s.
 System software is directly installed on Hardware.
 It Controls and monitors the proper use of various hardware resources
like CPU, memory, peripheral devices like monitor, printer etc.
 Without system software Computer is a Dummy machine.

Ex: Microsoft windows, Linux, UNIX, Macintosh etc

Note: There are two types of Operating Systems
 Windows Server 2016

Server Operating System Client Operating System

1. A server operating system is a multi-user 1. A client operating system is generally
operating system where it is optimized for a single user operating system where
multiple user access at the same time can only 1 user can be actively using the
manage all Resources. computer at any one time.
2. Server O/S can manage Client O/S computer
2. Client O/S cannot manage other
computer.
3. Server O/S can act as web server, database
server, email server and other server-like 3. In client O/S we cannot configure
roles(DNS,DHCP etc) any Roles / Services.
4. Server O/S is designed for Administration
purpose.

4. Client O/S is designed for running

5. Server O/S is costly. client applications faster like Office,
Photoshop, to play Games and for
better Audio and Video.
5. Client O/S is cheaper than Server
6. Only a trained Professional can Operate/ O/S.
configure server O/S.
7. Server O/S needs special Hardware, like
More RAM, More Hard Disk, Faster 6. Client O/S is easy to operate.
Processor etc
7. Client O/S can be installed on
EX : Win NT 4.0, Win 2000, Win 2003, Win 2008, Win Minimum Hardware, like 1 GB RAM,
2008 R2, Win 2012, Win 2012 R2 etc. 40 GB hard disk, any latest Processor

EX: Win 98, Win up, Win vista, Win 7, Win 8,

Win 8.1 etc
 Windows Server 2016

2. Application Software :
Application software’s helps a user to perform specific tasks. Application
software’s are installed over system software.
Following are some examples
 Word processors : word applications helps you to make
documents and helps you to check spellings mistakes, decorate
text, change size, using different font etc
Ex: Word, coral etc
 Spreadsheets : Spreadsheets have Row’s and Column’s that helps
to do calculation like total, average automatically
Ex: Excel, Lotus etc
 Presentation software : using this software we can create
Presentation for office meetings, class rooms etc
Ex: Power Point
 Database management systems : These are used to manage
Database
Ex: Access, Oracle etc
 Web Browser’s : This are used to access websites over Internet
Ex: Internet Explorer, Chrome, Opera etc
 Utility software: Utility software is a collection of one or
more programs that helps the user in system
maintenance task. Utility programs help the users in disk
formatting, data compression, data backup, scanning for
viruses etc.
Ex: Anti-virus, Disk cleaner, Data backup utility etc

3. Programming languages :
 This is used by programmers to developed new programmers and
application’s.
 The most popular programming language are C++, JAVA etc

5. Windows Server 2016 Installation.

 Windows Server 2016
Installation started now, this screen you can able to configure language, region and time, keyboard
settings. We should configure correct settings here and then select “Next” for continue

You should select “Install Now” in coming screen.

 Windows Server 2016

We can choose the Server 2016 version on this menu. We need Server 2016 Standard with GUI so
selected “Server 2016 Standard (Desktop Experience).
Also, if you need to install Server 2016 without GUI you should select “Windows Server 2016
Standard” here. Further Windows Server 2016 has different edition: Datacenter, Standard and
Essentials editions.
 Windows Server 2016
We can see the license terms on this screen, select “I accept License Terms” then click Next to

continue
Select “Custom: Install Windows only (advanced)” here because we will do a clean installation OS.
But if you need an in-place upgrade you should select “Upgrade: Install and Keep files, settings and
applications” here. This option suitable for supported OS, features, services and roles. But keep in
mind you should not prefer in-place upgrade for critical roles like Active Directory Services, etc.
 Windows Server 2016
We can select and configure disc information on this screen. (You can set the installation disc, size,
etc.) Used default settings here.

You can see that the necessary files are copied and the installation process is running on this screen.

The installation process is done and rebooting.

 Windows Server 2016

Screen showing that the necessary settings were made before the server was started.
 Windows Server 2016
We can set a password for the local administrator account. You should configure a secure password
for local admin.

On the login screen, we can login with “Administrator” account and related password.
 Windows Server 2016
And finally, you can see new Server 2016 interface. It’s similar to old Server 2012 interface but there
are a lot of new features coming with Server 2016.

You should fully patch 2016 before new Server you add or configure roles, services.
 Windows Server 2016

6. Steps to Install Windows 10

1. Insert bootable Windows 10 DVD or USB Drive and restart your computer.

2. If your DVD or USB is bootable, then your computer will automatically boot from bootable
Windows 10 USB or DVD.

In case, it is not a bootable installation media, then you need to visit BIOS and their make
appropriate changes to boot from USB or DVD.

Alternatively, when you see the black screen after reboot, press ESC or F12 key for bringing boot
selection menu. Boot key varies from ESC to F1, F2, F8, F10, F11, F12 and Del key and depends on
PC/Motherboard manufacturers.

Once you get the boot menu, select the installation media drive and hit Enter.

3. Once your system successfully boots from your desired Windows 10 installation media, you will
see different options and you need to select according to your requirements

 Language to install
 Time and Currency Format
 Keyboard or Input method

After selecting all the details, click on the “Next” button.

 Windows Server 2016

4. In the next window, you will see a blue color window with a button labeled as “Install now“. You
need to click on it to continue the setup.
 Windows Server 2016
5. In this window, you will be asked to enter the 25 character product key in the space provided and
then click on the Next button.

If you don’t have a product key for the moment, then you can also click on Skip button and enter the
product key later.

Note: In above step, if you enter the product key, then you will not see the additional window where
you can select the edition which you want to install on your computer.
 Windows Server 2016

6. Now you will see the license agreement window, if you want, you can read all the terms and
conditions, check the option labeled as “I accept the license terms” and hit the “Next” button.

7. in the next window, you will see two different options:
 Windows Server 2016
 Upgrade: Install Windows and keep files, settings, and applications
 Custom: Install Windows Only (Advanced)

To perform a clean installation of Windows 10, you need to click on the second option i.e. Custom:
Install Windows Only (Advanced).

8. in the next windows, you need to choose the drive on which you want to install the copy of
Windows 10. If the drive already running a copy of Windows and you want to remove it, then you
need to format the system drive where the window is already installed. Of course, this will free up
space drive space.

To format the system drive, you need to select the drive and click on the “format” option at the
bottom of the window.
 Windows Server 2016

In case, you have installed the new SSD (Solid State Drive) and Hard Drive and you have not created
any partition yet, then you will see unallocated space depending on the size on the drive .

To create a partition, you need to select the drive and click on “New” button. Make sure to allocate
a minimum of 20 GB or you can create a partition of more size depending on the space on your hard
drive. Click “Apply” to complete the process.
 Windows Server 2016
The system will additionally create a partition with name “System Reserved” to ensure that system
work fine. The size of this partition is around 100MB in most of the cases .

Note: After formatting the drive, you will lose all the data on the C drive and settings which include
installed apps, games, and any personal data lying on the desktop, Music, Video, Pictures and
related folders.

9. Select the drive where you want to install the copy of Windows 10 and click on the “Next” button.

At this point, the installation of Windows will start. It will take around 20-25 minutes to complete
the installation process.
 Windows Server 2016

During the installation, your system may reboot two or three times.

Note: At the time or reboot, make sure to unplug the USB drive or DVD drive otherwise it will load
the complete setup again. Or if your Flash drive is bootable then don’t press any key on your
keyboard.

10. Once the installation is completed. You will see the blue color screen.

Here you can click on “Use Custom Settings” button if you want to go with default settings. You can
also click on “Customize” button if you want to customize settings.
 Windows Server 2016

Keep following the instruction as mentioned on the screen and in few seconds Windows 10 home
screens will appear.

This is how you can install Windows 10 using USB or DVD Drive
 Windows Server 2016
If you have not entered the 25 character windows key above, then go to settings -> Update &
security -> Activation. Here you need to enter the key to activate the windows.

7. IP ADDRESS
 Internet Protocol (IP) address is also known as logical address or Software address
 Windows Server 2016
 IP address is a unique address used to identify a device over a Network, Every device like computer;
server, router, firewall etc have one IP address in a network.
 IP address is assigned to Network Interfaces (NIC); devices with multiple NIC have multiple IP
address.
 No two devices can have same IP address in a Network.
 Without IP address communication is not possible.
 There are two versions of IP address IP Version 4 and IP Version 6

IP Version 4:
1. IP v4 is a 32-bit Binary number.
2. This 32-bits are divided in two 4-octet, each octet contains 8-bits.
3. Octets are separated by a “.” Dot
Ex: 192.168.1.10
4. IP address if further divided in two Classes, Network and Host portion, Public and private
address etc

Note: IP v4 is in binary but for User convenience they are written in Dotted-
Decimal Notation.
Numbers:
Binary: 0, 1 (Bits)
Decimal: 0,1,2,3,4,5,6,7,8,9
Hex-Decimal: 0,1,2,3,4,5,6,7,8,9,A,B,C,D,E,F
Octet: 0, 1,2,3,4,5,6,7.

Binary to Decimal conversion:

Windows Server 2016
 Windows Server 2016

Note:
 In any octet if we have all bits as “ 0 ” that in
decimal it is “ 0 ”
 In any octet if all bits are “1” than decimal will be
“255”
 So in every octet we can get decimal numbers
between 0-255.

Classes:
 Windows Server 2016
IPv4 is divided in to five classes, so that can be used in various situations as per the requirement of
hosts per network.

Class Range Use

A 1 – 126
Used in LAN and WAN /
B 128 – 191 INTERNET.

C 192 – 223

D Reserved for Multicasting

224 – 239

E Reserved for Experimental Purpose

240 – 255

 “0” is used for Default Routing.

 “127” is used for Loopback address.
 We cannot assign any address from class D and class E to any Device.
 0 and 127 also cannot be assigned.

Two Components makes up the address

 N
o
H
w
t
e
I
s
P
k
r
in Windows Server 2016

In entire Network “Network Portion” should be same, and “Host Portion” Should be
different.
 Windows Server 2016

How to write IP address from class a, B, and C.

Class A:
10.0.0.0 10.0.1.3 10.0.2.3

10.0.0.1 10.0.1.4 10.0.2.4

10.0.0.2 10.0.1.5

10.0.0.3 10.0.1.6

10.0.0.4 10.0.2.255

10.0.255.255

10.0.0.254 10.0.1.254 10.1.0.0

10.0.0.255 10.0.1.255 10.1.0.1

10.0.1.0 10.0.2.0

10.0.1.1 10.0.2.1

10.0.1.2 10.0.2.2 10.255.255.255

First IP “10.0.0.0” is network ID and last IP “10.255.255.255” is Broadcast ID which

cannot be assigned to any device.
In above example Network Portion is “10” which is from class A, which should be
same in whole network and other three numbers, should be different in whole
network.

Class B:
172.16.0.0 172.16.2.3
 Windows Server 2016
172.16.0.1 172.16.2.4

172.16.0.2 172.16.2.5

172.16.0.3 172.16.2.6

172.16.0.4

172.16.0.5 172.16.2.255

172.16.3.0

172.16.3.1

172.16.0.254 172.16.3.2

172.16.0.255 172.16.3.4

172.16.1.0 172.16.3.5

172.16.1.1

172.16.1.2

172.16.1.3 172.16.255.255

172.16.1.4

172.16.1.254

172.16.1.255

172.16.2.0

172.16.2.1

172.16.2.2

In above example 172.16.0.0 in Network ID and 172.16.255.255 is Broadcast ID.

The above example is from class B, so Network Portion is first two octets “172.16” which should
be same in whole network, and other two octets are Host Portion which should be different
 Windows Server 2016

Class C:
192.168.1.0

192.168.1.1

192.168.1.2

192.168.1.254

192.168.1.255

In above example First number “192.168.1.0” is Network ID, and Last Number “192.168.1.255” is Broadcast
ID.

Network ID: Network ID is always ZERO’S in Host portion.

Broadcast ID: Broadcast ID is always ONE’S in host portion.

192.168.1 Is the Network portion it should be same whole network and last octet is Host portion which
should be different in whole Network.

Calculate the Number of Network’s and Host’s in Class a, B, and C.

 Windows Server 2016

Subnet Mask
Subnet Mask differentiates/Separates Network number and Host number of an IP
address.
In Subnet Mask network portion is always in “1” and Host Portion is always in “0”
 PUBLIC IP
Windows Server 2016

Public and Private IP address

1. Public IP addresses are used over the Internet,

without Public IP we cannot access Internet.

2. Public IP are paid IP’s, user should Purchase

public IP.

Note: Beside Private IP address range, all IP’s from class

A, B, and C are Public IP’s.
PRIVATE IP
5
2
C
B
0
A
1. Private IP addresses are used inside a private
Network.

2. Private IP address are free, anyone can use

Private IP in their network.

A: 10.0.0.0

B: 172.16.0.0

C: 192.168.0.0 -
Range of Private IP

-
10.255.255.255.

172.31.255.255.

192.168.255.255.
 Windows Server 2016

Computer Network can be organized in two way’s

WORKGROUP
 Windows Server 2016

1. In Workgroup computers are grouped together to exchange Files, Printers,

Internet Connection etc but without Central Administration.
2. In Workgroup all computers are Peers, no computer can control other
computer.
3. Each computer has a set of user accounts. To log on to any computer in the
workgroup, you must have an account on that computer.
4. Each User controls Resources and Security locally on their computers.
5. To make any changes in Network we should go to each computer manually.
6. To take Backup or to install any application we should go to each computer
manually.
7. All computers must be on same Local network.
8. Computer in Workgroup network are limited (Max=20), if more computers
are added then management will be difficult.
9. To manage Workgroup network no Trained Professional is needed, with
basic Networking knowledge we can manage Workgroup.
10.No special Server (Machine/Operating system) is needed, with basic
computers hardware and by using any client O/S we can Configure/Manage
Workgroup.
 Windows Server 2016

DOMAIN / Client-Server Model

1. Grouping of computers with Central Administration.

2. In a Domain one Computer/Server can control whole network.
3. Server keeps information of all Users, Groups, and Data etc so from any Client computer
you can access your account and Data.
4. Changes made in Server will automatically affect all the computers.
5. Security is more in Domain.
6. Application’s can be installed in Client computer from Server computer.
7. Users Backup can be taken from Server.
8. Computers can be in same Network or Different Network.
9. Any number of computers can be added in a Network.
10. Special Server (Machine/Operation System) is required in Domain.

Note: The difference between Workgroup and Domain is ACTIVE DIRECTORY.

 S
s
h
P
U
O
lT
a
g
L
y
o
r
D
e
iv
t
c
A folders etc
Windows Server 2016

8. ACTIVE DIRECTORY DOMAIN SERVICES

1. Active directory is a Centralized Database.
2. Active directory Database contains information of all the Objects
OBJECTS: User, Computer, Group, Organization unit, Printer, Sites, Share

3. Active directory provides single point of User logon Authentication.

4. Active directory provides single point of Authorization.
5. Easy management using Group Policy.
6. Active directory is scalable to any size of Network.
Note: Active Directory is designed in a hierarchical tree structure,
Active Directory depends on two Internet Standards DNS and LADP.

ACTIVE DIRECTORY STRUCTURE

 Windows Server 2016

DOMAIN

VIRTUALNETWORKS.COM

1. A Domain is a collection of Objects which share same

Database.
2. In Domain all Objects share same Namespace.
3. Domain is a Logical secure boundary.
4. Domain is the core component of Active Directory.
5. With Domain Forest is created.
 Windows Server 2016

TREE

VIRTUALNETWORKS.COM

HYD.VERTUALNETWORKS.COM BAN.VIRTUALNETWORKS.COM

1. Tree is a logical grouping of multiple Domains which share contiguous namespace.

Contiguous Namespace: Contiguous Namespace is a domain that shares the same root
domain name
Ex: Domain Name is “VIRTUALNETWORKS.COM”; Contiguous Namespace is
“HYD.VIRTUALNETWORKS.COM”
2. Adding a Domain to a Tree becomes a Child of the Tree Root Domain.
3. Tree Root Domain is called as Parent Domain.
4. By default Parent-Child is created in a Tree.
5. Group policies, Administration do not flow across domains in a Tree.

Organizational Unit
 Windows Server 2016

1. Organization Unit is used to organize Objects in Active Directory.

2. Organization Unit contains similar Objects.
3. OU contains Objects from same Domain.
4. Any number of OU’s can be created in a Domain.
5. Within an OU we can create Sub-OU.
6. OU’s are created for three main purposes
 Easy Management
 Delegating Control
 Group Policy

Note: You can arrange objects that have similar administrative and security requirements into
organizational units. Organizational units provide multiple levels of administrative authority, so
that you can apply Group Policy settings and delegate administrative control.
This delegation simplifies the task of managing these objects and enables you to structure Active
Directory to fit your organization’s requirements.

FOREST
 Windows Server 2016

Forest
1. Forest is a collection of multiple domain Trees.
2. All Domains in a Forest share’s common Schema and Global Catlog server.
3. Forest allows a big organization to operate independently, by allowing multiple Trees.
4. In organization if they wants’ to communicate they can communicate with each other.
5. Trust is created between different Trees for communication.
6. Trees in Forest have Different Naming Structure.
7. A forest is the highest level of the logical structure hierarchy.

Other logical Components of Active Directory:

Schema:
 The Active Directory schema contains definitions for all the objects that are used to store
information in the directory.
 There is one schema per forest. However, a copy of the schema exists on every domain
controller in the forest.
 This way, every domain controller has quick access to any object definition that it might
need, and every domain controller uses the same definition when it creates a given
object.

Global Catlog:
 The global catlog stores a full copy of all Active Directory objects in the directory for its
host domain and a partial copy of all objects for all other domains in the forest.
 Users in a forest do not need to be aware of directory structure because all users see a
single directory through the global catlog.
 Applications and clients can query the global catlog to locate any object in a forest.
 Windows Server 2016
 The global catlog is hosted on one or more domain controllers in the forest. It contains a
partial replica of every domain directory partition in the forest. These partial replicas
include replicas of every object in the forest, including the attributes most frequently used
in search operations and the attributes required to locate a full replica of the object.
 A global catlog is created automatically on the first domain controller in the forest.
Optionally, other domain controllers can be configured to serve as global catalogs.
 More Global Catlog servers can provide quicker responses, but more Global catlog servers
means more Replication traffic

Replication:
 Replication process ensures that changes made to one domain controller are
synchronized to all other domain controllers within the domain.
 Any change in a Domain controller will take 15 Seconds to replicate with other Domain
Controller in the same site.
 Between other sites it can take up to 15Minutes.

 Replication is a necessary factor in Active Directory to ensure

1. Fault Tolerance: If one domain controller fails, the Active Directory

database is still available from other domain controllers, which store the same
information.

2. Load balancing: When many workstations are accessing Active Directory, the
information they are requesting is retrieved faster when there is more than
one domain controller to provide it.

3. Proximity of information: Workstations get the information from a local

domain controller instead of across a slow WAN link.

Physical Components of Active Directory

Domain Controllers:

 Domain Controllers are computers that stores Active Directory Database.

 Windows Server 2016
 More than one Domain Controllers can be part of same Domain.

Site:

 Site is a physical structure or topology of your network.

 Branches are the sites

9. Steps to Install ADDS

Prerequisites:
1. Server Operating System (2012,2016)
2. Administrative account
3. Workgroup computer
4. IP address
5. Change computer name
6. Install ADDS / DNS roles
7. Configure ADDS
 Windows Server 2016

IP: 10.0.0.1 IP: 10.0.0.2

Mask: 255.0.0.0 Mask: 255.0.0.0
DNS: 10.0.0.1 DNS: 10.0.0.1

10. Steps to change computer name

 Go to server manager.
 Click to local manager.
 Then click on computer name.
 Windows Server 2016

 THEN CLICK TO CHANGE BUTTON.

 GIVE THE COMPUTER NAME .

 THEN CLICK OK BUTTON.
 Windows Server 2016

 AGAIN CLICK TO OK BUTTON.

 THEN CLICK TO CLOSE BUTTON.

 Windows Server 2016

 CLICK BELOW TO RESTART NOW.

11. STEPS TO ASSIGN IP 2016

 Windows Server 2016
1. GO TO SERVER MANAGER
 CLICK ON LOCAL SERVER
 CLICK ON ETHERNET0

2. RIGHT CLICK ON ETHERNET0

 RIGHT CLICK ON PROPERTIES

3. SELECT (TCP/IPV4)
 THEN CLICK ON PROPERTIES
 Windows Server 2016

4. USE THE IP FOLLOWING ADDRESS

 CLICK ON OK BUTTON

5. CLICK ON CLOSE BUTTON

 Windows Server 2016

12. STEPS TO CHECK IP ADDRESS

1. PRESS WINDOWS KEY + R
 Windows Server 2016
 WRITE CMD AND THEN CLICK ON OK BUTTON

2. WRITE IP CONFIGUR

13. STEPS TO INSTALL ADDS AND DNS

1. GO TO START
 Windows Server 2016
2. CLICK ON SERVER MANAGER

3. CLICK ON MANAGE
4. CLICK ON ADD ROLE AND FEATURE

5. CLICK ON NEXT BUTTON

 Windows Server 2016

6. SELECT A ROLE BASE AND FEATURE BASE INSTALLATON

7. CLICK ON NEXT BUTTON

8. SELECT SERVER
 THEN AGAIN CLICK ON NEXT
 Windows Server 2016

9. CHECK THE BOX ACTIVE DIRECTORY DOMAIN SERVICE

 CLICK ON ADD FEATURE

 Windows Server 2016

10. CHECK THE BOX DNS

 CLICK ON ADD FEATURE

 Windows Server 2016

11. CLICK ON NEXT

12. AGAIN CLICK ON NEXT

 Windows Server 2016

13. AGAIN CLICK ON NEXT

14. AGAIN CLICK ON NEXT

 Windows Server 2016

15. CHECK THE BOX RESTART THE DESTINATION SERVER AUTOMATICALLY IF REQUIRED
 CLICK ON YES BUTTON
 CLICK ON INSTALL BUTTON

16. NOW INSTALLATION IS IN PROGRESS

 Windows Server 2016

17. INSTALLATION SUCCEEDED

 CLICK ON CLOSE BUTTON

14. STEPS TO CONFIGURE ADDS

 Windows Server 2016
1. GO TO SERVER MANAGER.
 CLICK ON NOTIFICATION.
 PROMOTE THIS SERVER TO A DOMAIN CONTROLLER.

2. SELECT ADD A NEW FOREST AND ASSIGN FOREST NAME / DOMAIN NAME.
 CLICK ON NEXT.

3. SELECT FOREST AND DOMAIN FUNCTIONING LEVEL.

 NOW ASSIGN DSRM PASS WORD.
 NOW CLICK ON NEXT.
 Windows Server 2016

4. CLICK ON NEXT.

5. NOW AGAIN CLICK ON NEXT.

 Windows Server 2016

6. NOW IT WILL SHOW ADS DATABASE FOLDER LOCATION, IF YOU WANT YOU CAN CHANGE
THE LOCATION.
 CLICK ON NEXT.
 Windows Server 2016

7. NOW REVIEW ALL OPTIONS IF, YOU WANT TO CHANGE CLICK ON PREVIOUS AND CHANGE
THE SETTINGS, IF NOT CLICK ON NEXT.
 Windows Server 2016
8. NOW ALL PREREQISITES CHECKS PASSED SUCCESSFULLY.
 CLICK INSTALL TO BEGI INSTALLATION.

9. NOW ADS CONFIGURATION PROCESS IS ON.

 Windows Server 2016
10. NOW SERVER IS SUCCESSFULLY CONFIGURED AS A DOMAIN CONTROLLER, NOW IT WILL
REBOOT.

11. NOW WHEN WE LOGIN ADMINISTRATOR NAME WILL APPEAR WITH DOMAIN NAME.
 Windows Server 2016

12. TO VERIFY GO TO CMD AND SAY NET ACCOUNTS, IT WILL SHOW PRIMARY.

15. STEPS TO ADD CLIENT or MEMBER SERVER

Client:

 Client is a computer which is added into a Domain.

 Client computers are used by End users.
 Client computers are installed with Client Operating System.
Ex: win7, win8 etc
Member Server:

 Member server is a computer which is added into a Domain

 Member servers are used to Install and Configure other Roles like DHCP, FTP, MAIL SERVER,
WEB SERVER etc
 Member server are installed with Server Operation system
Ex: server 2008, 2012, 2016
Note: Adding Member server or Client into a Domain is same
 Windows Server 2016

PREREQUIRMENTS
1. Computer with client o / s ( 7, 8, 8.1 or 10 )
2. Ip address and DNS address
3. Computer should be in workgroup
4. Administrator account
5. Go to start
 Right click on computer properties
 Windows Server 2016

6. CLICK ON CHANGE SETTING

 Windows Server 2016

6. CLICK ON CHANGE BUTTON.

7. UNDER MEMBER OF SELECT DOMAIN AND GIVE DOMAIN NAME

 CLICK ON OK BUTTON.
 Windows Server 2016

8. NOW ENTER USER NAME AND PASSWORD OF DOMAIN ADMINISTRATOR

 CLICK ON OK BUTTON

9. NOW CLIENT IS SUCCESSFULLY ADDED TO “VIRTUAL NETWORK DOMAIN”

 CLICK OK AND RESTART THE COMPUTER
 Windows Server 2016

10. CLICK ON OK BUTTON.

NOTE: TO VERIFY.

 GO TO SERVER MANAGER
 CLICK ON TOOL BUTTON
 CLICK ON ACTIVE DIRECTORY USERS AND COMPUTERS
 EXPAND DOMAIN NAME
 CLICK ON COMPUTER AND VERIFY
 L
m
D
o
in
lU
a
c
r
e
s
Users are of two types
1. Local User
2. Domain User

Local user:
Windows Server 2016

16. STEPS TO CREATE USERS

 Local user is created in a Workgroup Computer

 Local user can access same computer
Domain User:
 User is one of the most important Object in Active Directory
 User Account which is created in Active Directory are also known as Domain user
 A user requires an Active Directory user account to log on to a computer in a domain .
 Domain User can access the Recourse of entire Domain, Security and Policies can be
implemented on Domain user from Server.

Note: By-default in Windows Operating System two User accounts are created
1. Administrator
 Windows Server 2016
2. Guest (Disable By-default)

1. GO TO SERVER MSNAGER
 CLICK ON TOOLS
 CLICK ON ACTIVE DIRECTORY USERS AND COMPUTERS

2. EXPAND DOMAIN
 RIGHT CLICK ON USER
 CLICK ON NEW
 CLICK ON USER
 Windows Server 2016

3. GIVE USER NAME AND LOGON NAME

 CLICK ON NEXT

4. CLICK ON ACTIVE DURECTORY USERS AND COMPUTERS

 CLICK ON VIRTUAL NETWORKS
 Windows Server 2016

5. GIVE SOME PASSWORD EXAMPLE : (ABC@123 )

 AND SELECT SOME POLICY
 CLICK ON NEXT BUTTON

6. CLICK ON FINISH BUTTON

 Windows Server 2016

NOTE: TO VERIFY.
 Go to server manager
 Click on tools
 Select on active directory users and computers
 Expand domain click on users folder.

17. STEPS TO CREATE USER FROM CMD

1. Go To CMD And Type The Following Command.
 Windows Server 2016

18. Steps to configure logon to

1. Go to server manager  tools active directory users and computers

2. Right click on user  properties

3. Account logon to
 Windows Server 2016

4. Select the following computers and type the computer name  click on ADD  OK
 Windows Server 2016

To verify go to client1 computer and login as “Abdullah”

user
 Windows Server 2016
5. Now Abdullah user cannot login to client1 computer, because he is allocated to “client50”
computer

19. Steps to configure logon hours

 Windows Server 2016
Ex: Monday to Friday, from 8:00are till 5:00 pm
1. Go to active directory users and computer right click on user {SHAKEEL user} 
properties

2. Go to account  logon hours

3. By default is permitted from Sunday to Saturday and from 12:00am

To 12:00pm
 Windows Server 2016

4. Now change logon hours timings, in this example for SHAKEEL user logon hours is from
morning 8:00am to 5:00pm and Monday to Friday  ok

NOTE: go to client computer and login as shakeel user, between 8:00am to 6:00pm and
login will be allowed
 Windows Server 2016

But if you login before 8:00am or after 6:00pm than it will show the following message

20. STEPS TO CONFIGURE LOGON TO FOR MULTIPLE USERS

1. Go to active directory user and computers select multiple users right click properties
 Windows Server 2016

2. Account  check the box computer restrictions then click on logon to

3. Select the followings computers and type all the computers names  click on ADD
 Windows Server 2016

4. Ok

Steps to configure logon hours for multiple users

1. Go to active directory users and computers  select multiple users  properties
 Windows Server 2016

2. Account  check the box logon hours and click on logon hours

3. Change the timings according to scenario

Ex: Monday to Friday 10:00p am till 7:00 pm
 Windows Server 2016

4. ok

21. Steps to configure or enable active directory recycle bin

1. Go to server manager  tools  active directory administrative center
 Windows Server 2016

2. Click on domain name click on enable recycle bin

3. Click on ok for confirmation

 Windows Server 2016

4. Click ok to refresh

To verify
1. Now go to active directory users and computers  right/click on users and delete
2. Now go to back active directory administrative center  click on domain name 
double/click on deleted object

3. We can see the deleted object  select your object and click on restore
 Windows Server 2016

Note
Now the deleted object is restored successfully to verify go to active directory users and
computers and verify

22. Passwords policies

1. Go to server manager  tools  group policy management
 Windows Server 2016

2. Expand forest  expand domain  expand domain name  right/click on default domain
policy  edit

3. Under computer configuration  expand policies  expand window settings  expand

security setting  expand account policies  password policy
 Windows Server 2016

4. Now in the right pane we can see password policies

23. Account Lockout Policy

To change Account Lockout Policy  Go to Domain Controller  Tools  Group Policy
Management
 Windows Server 2016

Expand Forest  Expand Domains  Expand Domain Name “KNOC.COM”  Right Click on Default
Domain Policy  Edit
 Windows Server 2016

Under Computer Configuration  Expand Policies  Expand Windows Settings  Expand Security
settings  Expand Account Policies  Select Account Lockout Policies
 Windows Server 2016
Now Right Click on Policy  Properties and change the value

1. Account lockout threshold : In this option we need to mention the invalid attempts, if two
invalid attempts are configured than account will be locked out if the uses is submitting
three invalid passwords
2. Account lockout duration : This option defines for how long account will be locked out
3. Reset account counter after: This option defines the time period in which a user can submit
invalid password before his account is locked out.

Note: Now go to client computer and give invalid passwords and user account will be locked, it
will show following message
 Windows Server 2016

24. Steps to Un-Lock Account:

Right Click on User  Properties
 Windows Server 2016
Accounts  UN-CHECK the box “UNLOCK ACCOUNT”  apply  ok.

25. Steps to create organizational unit

1. Go to Active directory users and computers
2. Right click on the domain name  new  organizational unit

3. Give some name and click ok

 Windows Server 2016

Steps to create sub organizational unit

1. Go to active directory users and computers  right click on organizational unit (IT) new 
organizational unit give some space  ok
 Windows Server 2016

Steps to create users in organizational unit

1. Go to active directory users and computers  organizational unit  new  user

 Windows Server 2016

2. And follow the steps

Steps to move users between organizational units

1. Right click on user  move

 Windows Server 2016

2. Select destination organizational unit  ok

Steps to delete organizational unit

1. Right/click on organizational unit  delete

 Windows Server 2016

2. Click on yes

3. Now it will show that organizational unit is protected from deletion

4. Now go to active directory users and computers  view  advanced features

 Windows Server 2016

5. Right click on organizational unit  properties

6. Object  un-check the box  “protect object from accidental deletion”  ok

 Windows Server 2016

7. Right /click on organizational unit  delete

26. Steps to configure delegating control

 Windows Server 2016
1. Right click on organizational unit  delegate control.

2. Add user to whom you are delegating [egg: Ayesha]  next.

 Windows Server 2016

3. Now delegate some controls  next.

4. Finish.
 Windows Server 2016

27. Group policy

A. steps to remove games, music, picture etc. from start menu for organizational unit
 Windows Server 2016
1. Go to server manager  tools  group policy management

2. Expand forest  expand domain  right click on any organizational unit the create a GPO in this
domain and link it here.

3. Use some GPO name and click on OK

 Windows Server 2016

4. Right click on the created GPO and edit

5. Under user configuration  expand policies  expand administrative templates  select start
menu and taskbar.
 Windows Server 2016

6. in the right pane, select the option that you want to disable and then right click on the option and
edit.

7. Select enable and apply OK.

 Windows Server 2016

NOTE: now do the same configuration for all other options.

B. UPDATE POLICY:

1. To update group policy  go to RUN and type the command Pupate /force
 Windows Server 2016

C. TO VERIFY:
1. Go to client computers and log in as any user from accounts organizational unit.
 Windows Server 2016

2. for this user games, music, pictures options are disabled.

NOTE: in this same computer log in with a user from different organizational unit, that user can
access games, music, pictures etc.

D. STEPS TO DENY GROUP POLICY FOR A USER FROM ORGANIZATIONAL UNIT.

1. Go to server manager  tools group policy management.
 Windows Server 2016

2. Expand forest  expand domain expand domain name  expand organizational unit
[accounts]  select GPO  delegation  advance.

3. Click on ADD
 Windows Server 2016

4. Add user  OK

5. Now select the user  under permission for users (Ayesha) check the box “deny”  apply group
policy
 Windows Server 2016

6. Click on YES  OK.

NOTE: go to RUN  GP update

 Windows Server 2016
E. TO VERIFY
1. Go to client computers and log in as Ayesha user

2. Now the user (Ayesha) can access all options.

 Windows Server 2016

28. Steps to deny control on organizational unit

1. Expand forest à expand domain à right click on organizational unit (create a
GPO) and give some name (deny control panel)

2. Right click on GPO à edit.

 Windows Server 2016

3. Under user configuration à expand policies à expand administrative

àtemplates à select control panel.

4. In right pane, right click on prohibit access to control panel and pc settings à
edit.

5. Enable à apply à OK.

 Windows Server 2016

NOTE:
1. Now go to run à pupate force.
2. To verify go to client computer and login as account users.
 Windows Server 2016

Steps to deny USB on domain

1. Go to server manager à tools à group policy management.

2. Expand forest à expand domain à expand domain name à expand

organizational (accounts) àselect GPO -à delegation à advance.

3. Right click on virtual networks and create GPO.

4. Give some name à ok

5. Now right click on created GPO à edit.

 Windows Server 2016

Under user configuration à expand policies à expand administrative

templates à expand system à select removable storage access

6. Right click on all removable storage process à edit

 Windows Server 2016

7. Select enabled àapply à ok.

NOTE: go to run à gnu update.

 Windows Server 2016

Steps to block domain policy on organizational unit

1. Go to server manager à tools à group policy management.
2. Expand forest à expand domain à expand domain name à virtual networks.

3. Right click on organizational unit à block inheritance.

4. Now it will show blue color
 Windows Server 2016

Steps to configure enforce policy

1. Right click on policy  enforce
 Windows Server 2016

29. Groups
Steps to create groups
1. Go to active directory users and computers  right click on domain or
organizational unit.

2. Assign group name  select scope and select group type ok

NOTE: follow the same steps and create more groups.

Steps to Add users in groups.

 Windows Server 2016

1. Right click on group  properties

2. Members  add

3. Enter the user names  ok

 Windows Server 2016

4. Apply  ok

Sharing
 Windows Server 2016

1. Create some folders in any drive and add some files

2. To share the folders with users  right click on folder  properties

3. Sharing  share

4. Click on dropdown and select find people  add users to whom you want to
share ( user, group or everyone)
 Windows Server 2016

5. Now assign sharing permissions  share

 Windows Server 2016

6. Done
 Windows Server 2016

7. Close

Steps to access share folder

 Windows Server 2016

1. Go to client computer  log in as user

2. Go to run and type the address  ok

Steps to modifying sharing

 Windows Server 2016

1. Go to file sharing and select the user or group and change permissions.

30. Security
 Windows Server 2016

1. Right click on created share folders  properties

2. Security  edit

3. Click on add ( to add

user, group or everyone)
enter the name of the
object  ok

4. Now select the user and

deny write permissions and
allow read permission 
apply
 Windows Server 2016

5. In windows security alert  click in yes.

6. Ok ok
 Windows Server 2016

To verify
1. Go to client computer and log in as any user and access the shade folder and
try to make some changes and in that folder  it will show you access is
denied.
 Windows Server 2016

31. Offline files

1. Log in as user in client computer and access shade folders

2. Right click on folder  always available offline

 Windows Server 2016

3. For offline folders it will show a green color circle

NOTE: now disconnect client computer from server and access offline folder
Windows Server 2016
 Windows Server 2016

32. Home folder

1. Create a shade folder in server
2. Right click on user  properties

3. Profile  under home folder  connect  choose any drive letter  give the
path ( \\serverIP\share folder) --> apply  ok
 Windows Server 2016

To verify
1. Go to client computer and log in a user

2. Go to my computer and check the network drive

33. Disk quotas

 Windows Server 2016

1. Right click on the volume  properties

2. Quota  enable quota management and deny disk space to user exceeding
quota  select limit disk space and assign any space  and select both log
event box  apply

3. Ok  ok
 Windows Server 2016

To verify
1. Go to client computers and log in
 Windows Server 2016

34. Profile
1. Create a shade folder in server
2. Right click on user  properties
 Windows Server 2016

3. Profile  profile path (\\servername\shade folder name) --> ok

To verify
1. Go to client computer and log in as user and make some changes on desktop.
Now log off from that computer and log in to other computer and user will get
same option
 Windows Server 2016

35. NIC TEAMING

1. Go to server manager  local server  click on NIC TEAMING and disable
2. Under teams  click on tasks  new team
3. Give team some name and select NIC  OK

36. Steps to Configure Additional Domain Controller

1. STEP

Open server manager

 Windows Server 2016

Click on notification
Promote the domain controller

2. STEP
Select
(1)Add a domain controller to an existing domain
(2)Give domain name
(3)Enter user name

(4)Next
 Windows Server 2016

3. STEP
Enter password
Next

4. STEP
Next
 Windows Server 2016

5. STEP
Next
 Windows Server 2016

6. STEP
Next

7. STEP
Next
 Windows Server 2016

8. STEP
Install
 Windows Server 2016

37. Steps to Configure Child Domain Controller

1. STEP
Promote the server to a domain controller

2. STEP

(1) Add a domain to an existing domain

(2) Select a domain type

(3) Parent domain type

(4) Enter new/Child domain name

(5) Change
 Windows Server 2016

3. STEP

Enter parent user name and password

Ok
 Windows Server 2016

4. STEP
Enter DSRM Password
Next

5. STEP
Select DNS Option
Next

6. STEP
It will show net BIOS name
Next
 Windows Server 2016

7. STEP
Next

8. STEP
 Windows Server 2016

Next

9. STEP
Install

38. (A) Steps to transfer FSMO Roles

1. STEP
 Windows Server 2016

Go to CDM
NTDSTIL
ROLES
CONNECTIONS
CONNECT TO SERVER ex: ADC1
QUIT

2. STEP
Transfer RID Master
Yes

3. STEP
Transfer infrastructure master
Yes
 Windows Server 2016

4. STEP
Transfer naming master
Yes

5. STEP
Transfer schema master
Yes
 Windows Server 2016

6. STEP
Transfer PDC
Yes

7. STEP
Now go to CMD of ADC1
Net account
NOTE: It will display PRIMARY

(B) STEPS TO SEIZE FSMO

1. STEP
Go to CMD
 Windows Server 2016

NITDSTIL
ROLES
CONNECTIONS
CONNECT TO SERVER ex: ADC1
QUIT

2. STEP
Seize RID master
Yes

3. STEP
Seize infrastructure master
Yes
 Windows Server 2016

4. STEP
Seize schema master
Yes

5. STEP
Seize naming master
Yes
 Windows Server 2016

6. STEP
Seize PDC
Yes

7. STEP
Now go to CMD and type net account it will show PRIMARY
Windows Server 2016
 Windows Server 2016

FSMO – Flexible Single Master Operation Roles

There are Five FSMO roles in Active Directory
1. Schema master These two Roles are common in whole Forest
2. Domain naming master

3. RID master
These three Roles are present in every Domain
4. PDC emulator
5. Infrastructure master

1. SCHEMA MASTER:
 The schema master FSMO role holder DC is responsible for performing updates to the
directory schema.
 This DC is the only one that can process updates to the directory schema. Once the Schema
update is complete, it is replicated from the schema master to all other DCs in the directory.
 There is only one schema master in whole Forest.
2. Domain Naming Master:
 The domain naming master FSMO role holder DC is responsible for making changes to the
forest-wide domain name space of the directory.
 This DC is the only one that can add or remove a domain from the directory.

NOTE: No two Domain Controllers can hold Schema Master and Domain naming master role at same time in
whole Forest.

3. RID MASTER:
 The RID master FSMO role holder is the single DC responsible for processing RID Pool
requests from all DCs within a given domain. It is also responsible for removing an object
from its domain and putting it in another domain during an object move. 
 When a DC creates a security principal object such as a user or group, it attaches a unique
Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs
created in a domain), and a relative ID (RID) that is unique for each security principal SID
created in a domain. 
 Windows Server 2016
 Each Windows DC in a domain is allocated a pool of RIDs that it is allowed to assign to the
security principals it creates. When a DC's allocated RID pool falls below a threshold, that
DC

 issues a request for additional RIDs to the domain's RID master. The domain RID master
responds to the request by retrieving RIDs from the domain's unallocated RID pool and
assigns them to the pool of the requesting DC.
 There is one RID master per domain in a directory.

4. PDC EMULATOR:

 The PDC emulator is necessary to synchronize time in an enterprise. Windows includes the
W32Time (Windows Time) time service that is required by the Kerberos authentication
protocol. All Windows-based computers within an enterprise use a common time. The
purpose of the time service is to ensure that the Windows Time service uses a hierarchical
relationship that controls authority and does not permit loops to ensure appropriate
common time usage.

 Password changes performed by other DCs in the domain are replicated preferentially to the
PDC emulator.
 Authentication failures that occur at a given DC in a domain because of an incorrect
password are forwarded to the PDC emulator before a bad password failure message is
reported to the user.
 Account lockout is processed on the PDC emulator.
 There is one PDC EMULATOR per domain in a directory.

5. INFRASTRUCTURE MASTER:

 When an object in one domain is referenced by another object in another domain, it

represents the reference by the GUID, the SID (for references to security principals), and the
DN of the object being referenced. The infrastructure FSMO role holder is the DC

 responsible for updating an object's SID and distinguished name in a cross-domain object
reference. 
 There is one INFRASTRUCTURE MASTER per domain in a directory.

FSMO Roles can be Transfer and can be Seize

 Windows Server 2016
Transfer:

 Transferring of FSMO roles is possible if both the Domain Controllers are working.
 Transfer of role is safe.

Seize:

 Seizing of FSMO role should only be attempted if the existing server with the 
FSMO role is no longer available. 
 If you perform a seizure of the FSMO roles from a DC, you 
need to ensure two things.
 The current holder is actually dead and offline, and that 
the old DC will NEVER return to the network. 
 If you do an FSMO role Seize and then bring the previous 
holder back online, you'll have a problem.

FSMO LAB

SYS 1 SYS 2
Domain Controller
Additional Domain Controller

IP: 10.0.0.1 10.0.0.2

Mask: 255.0.0.0 255.0.0.0

P. DNS: 10.0.0.1 10.0.0.1

 Windows Server 2016

Lab 1: Transferring roles through Graphical User Interface

1. First configure Primary Domain Controller and Additional Domain controller
2. Now log in to Primary Domain Controller as Administrator.
3. Go to Server Manager
4. Tools
5. Active Directory Users and Computers
6. Now Right Click on Domain name  Operations Masters

Now we can see three Domain Wide Roles. 1. RID, 2. PDC, 3.INFRASTRUCTUR

Select the role you want to Transfer  Change

 Windows Server 2016

Yes

Now we can see RID role is transferred to SYS2, like this transfer remaining two roles.
 Windows Server 2016

To transfer Domain Naming Master

Go to Tools  Active Directory Domains and Trusts  Right Click on Active Directory Domains and Trusts 
Operational Master
 Windows Server 2016

Change

Yes

OK
 Windows Server 2016

To Transfer SCHEMA MASTER Role Go to RUN and type the command  OK

Now again go to RUN  MMC  OK

Now go to File  Add / Remove snap-in

 Windows Server 2016

Select Active Directory Schema  Add  ok

 Windows Server 2016
Now Right Click on  Active Directory Schema  Operations Master

Change

Yes
 Windows Server 2016

Ok

LAB 2: Steps to Transfer FSMO Roles through Command Prompt

Go to Primary Domain Controller  log in as Administrator  Go to CMD

NTDSUTIL
ROLES
CONNECTIONS
CONNECT TO SERVER SYS2
QUIT

NOTE: Now Transfer Roles

 Windows Server 2016

TRANSFER RID MASTER  YES

TRANSFER PDC  YES

TRANSFER INFRASTRUCTURE MASTER  YES

TRANSFER NAMING MASTER  YES

TRANSFER SCHEMA MASTER  YES

 Windows Server 2016
Now QUIT  QUIT

Now go to  CMD  NET ACCOUNTS

It will display as BACKUP.

LAB 3: STEPS TO SEIZE ROLES

Note: Seizing is done when Domain Controller which holds FSMO record/record’s is Down, so go to Domain
Controller which is up and follow the following step’s

 Go to CMD
NTDSUTIL
ROLES
CONNECTIONS
CONNECT TO SERVER SYS1
QUIT
 Windows Server 2016

SEIZE PDC  YES

SEIZE RID MASTER

SEIZE INFRASTRUCTURE MASTER

SEIZE NAMING MASTER

 Windows Server 2016

SEIZE SCHEMA MASTER

Note: Now this Domain Controller holds all the five FSMO Roles, so it acts as Primary Domain controller.
 Windows Server 2016

39. DNS
1. STEPS TO INSTALL DNS
1. Go to server manager  manage  Add Roles and Features

2. Next

3. Select Role based or Feature based installation  Next

 Windows Server 2016

4. Select servers  Next

5. Select DNS  Add features  Next

 Windows Server 2016

6. Next  Next
7. Check the box restarts the destination server automatically if
required  Yes  Install  Close

2. STEPS TO CONFIGURE PRIMARY DNS SERVER [FORWARD LOOKUP ZONE]

 Windows Server 2016

1. Go to server manager  Tools  DNS

2. Expand server  Right click on forward lookup zone  New zone

3. Next
 Windows Server 2016

4. Select primary zone  Next

5. Select to all DNS server running on domain controllers  Next

 Windows Server 2016

6. Enter the zone name  Next

7. Select allow only secure domain updates  Next

 Windows Server 2016

8. Finish

3. STEPS TO CONFIGURE PRIMARY REVERSE LOOKUP ZONE

1. Access DNS  Right click on Reverse lookup zone  New zone
 Windows Server 2016

2. Next

3. Select primary zone  Next

 Windows Server 2016

4. Select

5. Select IPV4  Next

 Windows Server 2016

6. Select the Network ID  Next

7. Select the allow only dynamic updates  Next

 Windows Server 2016

8. Finish

4. STEPS TO ADD HOST RECORD AND POINTER RECORD

 Windows Server 2016

1. Go to DNS  Expand server Expand Forward lookup zone  Right

click on domain name  New host

2. Enter client name  IP address  Check the box create associated

pointer (PTR)  Add host
 Windows Server 2016

3. Click on ok button
 Windows Server 2016

5. STEPS TO CONFIGURE SECONDARY DNS

REQUIRMENTS:
1. Window server OS
2. IP address and DNS address
3. Member server
1. INSTALL DNS SERVER
1. Go to DNS  Right click on forward lookup zone  New zone

2. Next
 Windows Server 2016

3. Select secondary zone  Next

4. Enter primary zone name  Next

 Windows Server 2016

5. Enter the IP of primary master/primary DNS server  Next

6. Next
 Windows Server 2016

7. Finish

8. Now go to primary DNS server  Right click on domain name 

Properties
 Windows Server 2016

9. Zone transfer check the box allow zone transfer  Only to the
following servers  Edit

10. Enter the IP of secondary DNS  Enter  Ok

 Windows Server 2016

11. Click on ok

12. Apply  Ok
 Windows Server 2016

13. New zone to secondary DNS  Right click on zone  Transfer from
master  Refresh
 Windows Server 2016

40. DHCP
STEPS TO INSTALL DHCP ROLE
1. Go to server manager manageAdd Roles and Features

2. Click on Next

3. Select role based installation  Next

 Windows Server 2016

4. Select your serverNext

5. Check DHCP box Add features  Next

 Windows Server 2016

6. Next

7. Next
 Windows Server 2016

8. Check the box restart the destination  yes Install

AUTHORISING DHCP SERVER

 Windows Server 2016

1. Go to server manager  Click on Notification  complete DHCP

Configuration

2. Next

3. Select user  commit

 Windows Server 2016

4. Close

STEPS TO CONFIGURE DHCP

 Windows Server 2016

1. Go to server manager Tools  DHCP

2. Go to server name  expand IPV4  Right click on IPV4 New scope

3. Click on Next
 Windows Server 2016

4. Enter scope name  Next

5. Enter IP Address range  subnet mask  Next

 Windows Server 2016

6. Enter IP exclusion  Add Next

 Windows Server 2016

7. Enter lease duration  Next

8. Select  yes, I want to configure this now  Next

 Windows Server 2016

9. Enter router IP  Add  Next

 Windows Server 2016

10. Enter DNS Server Name  Resolve  Add  Next

11. Next
 Windows Server 2016

12. Yes, I want to activate this scope now  Next

 Windows Server 2016

13. Finish

DHCP – Dynamic Host Configuration Protocol

 Windows Server 2016
 Dynamic Host Configuration Protocol (DHCP) is a client/server protocol that automatically provides
an Internet Protocol (IP) host with its IP address and other related configuration information such as
the subnet mask, default gateway and Dns address.
 Every device on a TCP/IP-based network must have a unique unicast IP address to access the
network and its resources. Without DHCP, IP addresses for computer must be configured manually.
 With DHCP, this entire process is automated and managed centrally. The DHCP server maintains a
pool of IP addresses and leases an address to any DHCP-enabled client when it starts up on the
network. Because the IP addresses are dynamic (leased) rather than static (permanently assigned),
addresses no longer in use are automatically returned to the pool for reallocation.

The network administrator establishes DHCP servers that maintain TCP/IP configuration information and
provide address configuration to DHCP-enabled clients in the form of a lease offer. The DHCP server stores
the configuration information in a database that includes.

 Valid TCP/IP configuration parameters for all clients on the network.

 Valid IP addresses, maintained in a pool for assignment to clients, as well as excluded addresses.

 Reserved IP addresses associated with particular DHCP clients. This allows consistent assignment of
a single IP address to a single DHCP client.

 The lease duration, or the length of time for which the IP address can be used before a lease
renewal is required.

A DHCP-enabled client, upon accepting a lease offer, receives:

 A valid IP address for the subnet to which it is connecting.

 Requested DHCP options, which are additional parameters that a DHCP server is configured to
assign to clients. Some examples of DHCP options are Router (default gateway), DNS Servers, and
DNS Domain Name.

Benefits of DHCP:

 Reliable IP address configuration. DHCP minimizes configuration errors caused by manual IP

address configuration, such as typographical errors, or address conflicts caused by the assignment of
an IP address to more than one computer at the same time.

 Reduced network administration. DHCP includes the following features to reduce network
administration:

 Centralized and automated TCP/IP configuration.

 The ability to define TCP/IP configurations from a central location.

 Windows Server 2016
 The ability to assign a full range of additional TCP/IP configuration values by means of DHCP
options.

 The efficient handling of IP address changes for clients that must be updated frequently, such
as those for portable computers that move to different locations on a wireless network.

Steps to Install DHCP

SYS 1 SYS 2
IP: 10.0.0.1 ....................

Mask: 255.0.0.0 ....................

P. DNS: 10.0.0.1 ....................

Domain Controller Client

Go to Domain controller or Member server  Log in as Administrator  Server Manager 

Manage  Add Roles and Features
 Windows Server 2016

Select Role-based or feature-based installation  next

Select server from Server pool  Next

 Windows Server 2016

Check the box DHCP

Click on Add Features

 Windows Server 2016

Select Restart Server option  Yes  Install

Close
 Windows Server 2016

Next
 Windows Server 2016

Commit
 Windows Server 2016
Steps to Configure DHCP:

Create new scope wizard options

IP Address Range:
This option allows you to specify the starting and ending IP addresses that define the range of the scope,
along with the subnet mask you want to assign to the distributed addresses.
Add Exclusion 
This option allows you to specify the IP addresses within the defined range that you do not want to lease to DHCP clients.
Lease Duration:
This option allows you to define the lease duration values. These lease durations are then assigned to DHCP clients.
Configure DHCP Options:
This option allows you to determine whether to configure DHCP options for the scope through subsequent wizard options in the
New Scope Wizard or later.
Depending on the selected option here you may see further options. If you select the option to configure DHCP options later, the
wizard does not give you an opportunity to activate the scope. You must activate the scope manually before it can begin leasing
addresses.
Router(DefaultGateway):
This option allows you to specify which default gateway (and alternates) should be assigned to DHCP clients.
DNS and Domain Name:
This option allows you to specify both the parent domain to be assigned to client computers and the addresses of DNS servers to
be assigned to the client.
WINS SERVER:
This option allows you to specify the addresses of WINS servers to be assigned to the client. Clients use WINS servers to
convert NetBIOS names to IP addresses.
ActivateScope.
This option allows you to determine whether the scope should be activated after the wizard has completed.

To configure DHCP  go to DHCP server  Login as Administrator  Server Manager  Tools 

DHCP
 Windows Server 2016
Now Expand IPV4  Right Click  New Scope

Give any Scope Name  Next

Enter Address Range  Subnet Mask  Next

 Windows Server 2016

Add Exclusions (Optional)  Next

 Windows Server 2016
Assign Lease Duration  Next

Select “Yes I want to configure these options now”  Next

Configure ROUTER IP address  Add  Next

 Windows Server 2016

Give DNS server name  Click on Resolve  Add IP address  Next

 Windows Server 2016

After Clicking on Add DNS Validation process will complete, Than click on Next

In WINS Server  Click on Next

 Windows Server 2016

Select “Yes I want to activate this scope now”  Next

Finish
Windows Server 2016
 Windows Server 2016

DHCP Client side configuration:

Now go to Client computer  In Ethernet Cart Properties  TCP/IPV4 Properties  Select “Obtain
an IP address automatically”  ok

Now go to CMD  and check the IP Address configuration  Client computer will IP Configuration
from DHCP

Steps to configure DHCP Reservation

 Windows Server 2016
Go to DHCP  Expand Scope  Right Click on Reservation  New Reservation

Give any Reservation name  Mention the IP Address that you want to be reserved  Than enter
the MAC address of the network adapter of the computer for which the reservation is being made in
the box provided  add  close

DHCP Server Backup and Restore:

 Windows Server 2016

TO Backup the DHCP Database

Steps:
• go to DHCP console
• R/C on server name
• select backup
• select location to save backup file
• ok
• now delete the existing scope
TO get that scope Back
• in DHCP console R/C on server name
• select restore
• select the location of file for restoration
• yes
• ok
• ok

Configuring DHCP Server Failover:

 Windows Server 2016

objective:
To configure High Availability of DHCP Server Using DHCP Failover

pre-requisites:
1) A computer running windows 2012 (DC)
2) A computer running windows 2012 (Member Server), Install DHCP.
Steps in sys1:
• go to DHCP console
• in left pane expand server name
• expand IPv4
• R/C on scope
• select configure failover
• next
• click add server to add the failover server
• in add server, browse and select the server (sys2.knco.com)
• ok
• select mode, enable message authentication and enter shared
secret
• next
• finish

• close
 Windows Server 2016

Steps in sys2 (Member server):

• go to server manager
• select notification complete DHCP configuration
• next
• click commit, to authorize server sys2.knco.com
• close

verification:
go to DHCP console and verify the scope replicated form sys1

41. CLIENT CONFIGURATION

 Windows Server 2016

 Go to client configuration and select obtain an IP automatically 

obtain DNS Server automatically  ok  ok  close

NOTE: To verify
 Windows Server 2016

 Go to DHCP Server  Expand server 1  Expand IP Version 4 

Expand scope  select Address Lease

42. STEPS TO RESERVE IP

 Windows Server 2016

1. Access DHCP  Expand pool  Right click on Reservation 

New Reservation

2. Enter Reservation name  Enter IP Address  Enter MAC

Address  Add  Close

43. STEPS TO MODIFY SCOPE RANGE

1. Access DHCP  Right click o scope  Properties
 Windows Server 2016

2. Now increase or decrease the range

44. STEPS TO CONFIGURE FAILOVER

NOTE: Take a member sever and install DHCP Role
 Windows Server 2016

1. Access DHCP  Right click on scope  Configure Failure

2. Next

3. Select the server  Browse  Enter the failure DHCP server

name  ok
 Windows Server 2016

4. It will take failure DHCP IP  Click on next

5. Configure the required options  Next

 Windows Server 2016

6. Finish
 Windows Server 2016

7. Close

45. STEPS TO VERIFY FAILOVER DHCP

 Windows Server 2016

1. Access failover DHCP  Now access DHCP Role  Go to scope and

verify

46. WDS
1. STEPS TO INSTALL WDS
 Windows Server 2016

1. Go to server manager  manage  Add roles and features

2. Next

3. Select role based or feature based installation  Next

 Windows Server 2016

4. Select your server from server pool  Next

5. Check the box WDS  Add features  Next

 Windows Server 2016

6. Next

7. Next
 Windows Server 2016

8. Next

9. Check the box restarts the destination  Yes  Install  Close

 Windows Server 2016

2. STEPS TO CONFIGURE WDS

 Windows Server 2016

1. Go to server manager  Tools  Window Development Services

2. Expand servers  Right click on server names  Configure server

3. Next
 Windows Server 2016

4. Next

5. Select Remote Installation Folder  Next

 Windows Server 2016

6. Yes

7. Next
 Windows Server 2016

8. Select respond to all computers (known/unknown)  Next

9. Finish
 Windows Server 2016

Note: Now access WDS server  Right click on server name  All task 
Start
 Windows Server 2016

3. Steps to Add Install Image and Booting Image

1. Install Images:
1. Access WDS  Expand server  Right click on install image  Add
install image

2. Next
 Windows Server 2016

\
3. Find the location of install image from OS DVD sources folder

Browse
 Windows Server 2016

4. Open CD DVD

5. Open source folder  open

 Windows Server 2016

6. Select install.win files  Open

7. Next
 Windows Server 2016

8. Select your OS  Next

9. Next

10. Finish
 Windows Server 2016

2. Booting Image
 Windows Server 2016

1. Go to WDS server  Expand server  Right click on Booting image

 Add boot image

2. Browse  select Boot image from OS location

3. Next
 Windows Server 2016

4. Next  Next

5. Finish
 Windows Server 2016

4. Client Side Configuration

 Windows Server 2016

1. Now go to client computers  Enter in BIOS  Select first Boot as

LAN / server/ network  Save and Exit
2. Once client computer reboot press “F12” to start installation in
client computer from WDS server

Windows Deployment Services

 Windows Deployment Services enables you to deploy Windows operating systems.
 Windows Server 2016
 You can use it to set up new computers by using a network-based installation.
 This means that you do not have to install each operating system directly from installation media,
for example a DVD or USB drive.
 Allows network-based installation of Windows operating systems, including Windows 7, Windows 8,
Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2.

The following are requirements for installing this role, depending on whether you choose the default
installation (both Deployment Server and Transport Server), or only the Transport Server role service

 Active Directory Domain Services (AD DS): A Windows Deployment Services server must be a
member of an Active Directory Domain Services (AD DS) domain or a domain controller for an AD DS
domain. 
The AD DS domain and forest versions are irrelevant; all domain and forest configurations support
Windows Deployment Services.
 DHCP: You must have a working Dynamic Host Configuration Protocol (DHCP) server with an active
scope on the network because Windows Deployment Services uses PXE, which relies on DHCP for IP
addressing.
 DNS: You must have a working Domain Name System (DNS) server on the network before you can
run Windows Deployment Services.
 NTFS volume: The server running Windows Deployment Services requires an NTFS file system
volume for the image store.
 Credentials: To install the role, you must be a member of the Local Administrators group on the
server. To initialize the server, you must be a member of the Domain Users group.

During installation, on the Select role services page, the wizard presents the option to select role services to
be installed in Windows Deployment Services. You can choose to install the Deployment Server and
Transport Server, or leave both roles selected.

 Transport Server. This option provides a subset of the functionality of Windows Deployment
Services. It contains only the core networking parts. You can use Transport Server to create
multicast namespaces that transmit data (including operating system images) from a standalone
server. You can also use it if you want to have a PXE server that allows clients to PXE boot and
download your own custom setup application. You should use this option if you want to use either
of these scenarios, but you do not want to incorporate all of Windows Deployment Services.

 Deployment Server. This option provides the full functionality of Windows Deployment Services,
which you can use to configure and remotely install Windows operating systems. Note that
Deployment Server is dependent on the core parts of Transport Server. 

Steps to install Windows Deployment Services

 Windows Server 2016

IP: SYS 1 SYS 2 10.0.0.1

.....................

Mask: 255.0.0.0 .....................

P. DNS: 10.0.0.1 .....................

Domain Controller / WDS Server WDS Client

 Before installing WDS, Install and Configure ADDS.

 DNS with all records
 DHCP with one active scope
 A computer connected to Network.
 Go to Domain Controller / Member Server login as Administrator and First Install WDS from add
roles and features

Steps to Install Windows Deployment Services

Go to Server  Log in as Administrator  Server Manager  Manage  Add roles and Features
 Windows Server 2016

Select Role-based Installation  Next

Select the server where you want to install this Role  Next
 Windows Server 2016

Now check the box “WINDOWS DEPLOYMENT SERVICES”  Next

 Windows Server 2016
Next

Next

Select both the Services  Next

 Windows Server 2016

Click on RESTART SERVER AUTOMATICALLY  Yes Install

 Windows Server 2016
Steps to Configure Windows Deployment Services:

Go to WDS server  Log in as Administrator  Go to Server Manager  Tools  Windows Deployment

Services

Right click on Server Name  Configure Server

 Windows Server 2016
In before you begin page  Click on NEXT

Select Integrated with Active Directory  NEXT

 Windows Server 2016

Browse and select “RemoteInstall” folder location  NEXT

Check both the boxes and click on Next

 Windows Server 2016

Select Respond to all client computers (Known and Unknown)  NEXT

Now Windows Deployment Services Configuration Wizard will complete  than click on FINISH
 Windows Server 2016

Steps to add BOOT IMAGE to WDS Server (Win 7)

Go to Windows Deployment Server Computer  Log in as Administrator  Tools  Windows Deployment

Server  Expand Server  Right Click on Boot Image  Add Boot Image

Browse the “BOOT.WIN” file from WIN 7 DVD (EX: F:\Sources\Boot.Win)  click on open
 Windows Server 2016

Next
 Windows Server 2016
Give any name to Image Ex: WINDOWS 7  Next

In Summary page click on Next

Image will be added  click FINISH

 Windows Server 2016

Steps to add WINDOWS 7 INSTALL IMAGE to WDS server

Go to Tools  Windows Deployment Server  Right click on Install Images  Add Install Image

Give any name to Image Group Ex: ClientGroup1  Next

 Windows Server 2016

Browse and Select INSTALL.WIN file from WINDOWS 7 O/S DVD (Ex: F:\Sources\Install.wim)  Next
 Windows Server 2016
Select the Image  Next

In Summary page Click on NEXT

Now click on Finish.

 Windows Server 2016

Note: WDS Configuration is completed

 Now go to Client Computer and do the following steps

 Select the First Boot Device as NETWORK BOOT
 Save and Exit

Following screen will appear in client computer

 Windows Server 2016

Now it ask you to press F12

After pressing F12 it will start loading files from WDS and follow the steps
 Windows Server 2016

47. NIC TEAMING

1. Access server manager  local server  Click on disabled option
beside NIC Teaming

2. Under team option  Now click on task  New teams

 Windows Server 2016

3. Give some team name and select your NIC’S  Click on additional
properties  Select load balancing mode (address hash)  ok

4. Now go to server manager  Click on NIC team

5. Now right click on NIC team  Go to properties and assign IP address

 Windows Server 2016

6. Now NIC team has a IP