Introduction to Microsoft Windows Server 2019

Windows Server 2019 is a powerful operating system developed by Microsoft

for managing enterprise-level infrastructure, applications, and services. It
provides advanced security, cloud integration, and improved performance for
businesses of all sizes.

Purpose of Windows Server 2019

Windows Server 2019 is designed to:

1. Manage and Host Applications – It provides a stable environment for

running applications such as web servers, databases, and enterprise
software.

2. Enable Virtualization – With Hyper-V, it allows multiple virtual machines

(VMs) to run on a single physical server.

3. Improve Security – Features like Windows Defender Advanced Threat

Protection (ATP) and Shielded VMs enhance system security.

4. Facilitate Cloud Integration – Azure Hybrid Services allow easy integration

with Microsoft Azure cloud.

5. Enhance File and Storage Management – Features like Storage Spaces

Direct (S2D) improve data management and failover clustering.
6. Simplify Administration – Windows Admin Center provides a centralized
management interface for servers.

Windows Server 2019 Versions and Licensing

Windows Server 2019 is available in different editions based on

organizational needs:

1. Windows Server 2019 Essentials

Designed for small businesses (up to 25 users and 50 devices).

No need for Client Access Licenses (CALs).

Limited virtualization capabilities.

2. Windows Server 2019 Standard

Suitable for organizations with minimal virtualization needs.

Supports up to two virtual machines (VMs).

Requires CALs for users and devices.

3. Windows Server 2019 Datacenter

Designed for large enterprises with heavy workloads.

Supports unlimited virtualization (unlimited VMs).

Includes advanced features like Storage Spaces Direct and Shielded VMs.

Requires CALs for users and devices.

Standard vs. Datacenter Edition

If a company needs heavy virtualization, Datacenter is the best option. If

virtualization needs are minimal, Standard is sufficient.

Three Different Interfaces in Windows Server 2019

Windows Server 2019 provides three interface options:

1. Desktop Experience – This includes a full graphical user interface (GUI)
similar to Windows 10. It is ideal for users who prefer a traditional Windows
environment.

2. Server Core – A minimal installation without a GUI. It is lightweight, secure,

and requires fewer resources, making it ideal for data centers and high-
performance environments.

3. Nano Server (Deprecated for GUI use) – Previously used for lightweight
applications, now mainly for container-based workloads.

Desktop Experience

This installation includes the full Windows Explorer, Control Panel, and
graphical management tools.

It is best suited for administrators who prefer GUI-based management tools.

Requires more system resources compared to Server Core.

Commonly used in small businesses and organizations without advanced

PowerShell or command-line expertise.

Server Core
A lightweight installation with no desktop interface, designed for remote
management.

Only supports command-line tools like PowerShell and Windows Admin

Center.

Ideal for domain controllers, Hyper-V hosts, and cloud servers.

More secure and requires fewer updates compared to the Desktop

Experience.

Windows Server 2019 Interface

1. Windows Admin Center – A web-based management tool for configuring

and monitoring Windows Server.

2. PowerShell & Command Prompt – Used for server configuration,

automation, and scripting.

3. Server Manager – GUI-based tool for managing server roles and features
(available only in Desktop Experience).

4. Hyper-V Manager – Used for creating and managing virtual machines.

5. Task Manager & Performance Monitor – Helps monitor system performance
and resource usage.

Conclusion

Windows Server 2019 is a versatile and powerful operating system for

managing enterprise environments. Whether using Standard or Datacenter
Edition, organizations can leverage its features for security, virtualization,
and cloud integration. Administrators can choose between Desktop
Experience and Server Core based on their preferences and workload
requirements.

Installing and Managing Windows Server 2019: A Detailed Guide

Windows Server 2019 is a powerful operating system designed for enterprise

environments, offering security, virtualization, cloud integration, and
management capabilities. Below is a step-by-step guide on installation and
management.

---

1. System Requirements

Before installing Windows Server 2019, ensure your hardware meets the
minimum system requirements:
Processor: 1.4 GHz 64-bit processor (minimum), 2 GHz or faster
recommended

RAM: 512 MB (Server Core), 2 GB (Desktop Experience), 8 GB recommended

Storage: 32 GB minimum, 50 GB or more recommended

Network: Gigabit (10/100/1000) Ethernet adapter

Firmware: UEFI with Secure Boot and TPM recommended for security features

---

2. Installation of Windows Server 2019

Step 1: Download Windows Server 2019

Download the ISO file from Microsoft’s official website.

Create a bootable USB using Rufus or Windows Media Creation Tool.

Step 2: Boot from USB/DVD

Insert the bootable USB/DVD into the server.

Restart the system and enter BIOS (usually by pressing F2, F12, DEL, or ESC).

Set the boot order to USB/DVD first and restart.

Step 3: Start the Installation

1. Select Language, Time, and Keyboard Layout, then click Next.

2. Click Install Now.

3. Choose Windows Server 2019 Edition (Standard, Datacenter, Core, or

Desktop Experience).

4. Accept the License Terms and click Next.

5. Choose Custom Installation (for fresh installation).

6. Select the disk where Windows Server will be installed and click Next.
7. Wait for installation to complete and the system will reboot.

---

3. Initial Configuration Post-Installation

Step 1: Set Up Administrator Password

After reboot, set up a strong Administrator Password.

Step 2: Configure Network Settings

1. Open Control Panel → Network and Sharing Center.

2. Click Ethernet → Properties → IPv4.

3. Set a Static IP Address, Subnet Mask, and Default Gateway.

Step 3: Enable Remote Desktop

1. Open System Properties (sysdm.cpl).

2. Go to Remote Settings → Allow remote connections.

3. Configure firewall rules to allow Remote Desktop connections.

Step 4: Install and Configure Windows Updates

1. Open Settings → Update & Security → Windows Update.

2. Check for updates and install important patches.

---

4. Managing Windows Server 2019

A. Server Manager
Server Manager is the main tool for managing Windows Server 2019.

Open Server Manager (servermanager.exe).

Add roles and features as needed.

B. Active Directory (AD DS) Installation

1. Open Server Manager → Add Roles and Features.

2. Select Active Directory Domain Services (AD DS).

3. Install and configure a new forest if setting up a domain controller.

C. DNS & DHCP Configuration

DNS: Installed with AD DS to manage domain name resolutions.

DHCP: Assigns IP addresses dynamically within the network.

D. File and Storage Management

Use File Server Role to share files over the network.

Set up NTFS Permissions for security.

E. Group Policy Management

Open Group Policy Management Console (GPMC).

Create and manage policies to control security settings and user

permissions.

F. Windows Server Backup

Configure automatic backups using Windows Server Backup or third-party

tools.

---

5. Security and Maintenance

A. Windows Defender & Firewall

Ensure Windows Defender is enabled.

Configure Windows Firewall rules for security.

B. Role-Based Access Control (RBAC)

Assign specific roles and permissions to users.

C. Regular Patching & Updates

Schedule automatic Windows updates to keep the server secure.

D. Monitoring & Performance Management

Use Task Manager, Performance Monitor, and Event Viewer to check system
health.

---

Conclusion
Windows Server 2019 is a robust system that requires careful installation and
management. By following best practices—such as regular updates, security
configurations, and role-based administration—you can ensure a stable and
secure server environment.

Would you like guidance on a specific feature or setup process?

Active Directory (AD) Overview

Active Directory (AD) is a Microsoft directory service used to manage users,

computers, and resources within a network. It provides authentication,
authorization, and centralized management for Windows-based
environments.

---

1. What is a Domain Controller?

A Domain Controller (DC) is a server that runs Active Directory Domain

Services (AD DS) and is responsible for:

Authenticating and authorizing users and devices.

Storing directory data (users, groups, computers, policies).

Enforcing security policies.

Managing trust relationships between domains.

When a user logs in, the DC checks their credentials and grants access to
network resources.

---

2. Creating Your First Domain

A domain is a logical group of network objects (users, computers, printers)

managed under one security policy. To create your first domain:

Steps to Set Up a Domain Controller (DC) on Windows Server:

1. Install Windows Server and set a static IP address.

2. Install the Active Directory Domain Services (AD DS) role:

Open Server Manager > Manage > Add Roles and Features

Select Active Directory Domain Services (AD DS)

Complete the installation.

3. Promote the server to a domain controller:

Open Server Manager > Click Notifications > Select Promote this server to a
domain controller

Choose Add a new forest and enter your domain name (e.g., example.com).

Configure Domain Name System (DNS) settings.

Set up an Administrator password for the Directory Services Restore Mode

(DSRM).

Complete the installation and restart.

Once completed, your first domain is ready, and the server is now a Primary
Domain Controller (PDC).

---

3. Multiple Domain Controllers for Redundancy

To ensure high availability and prevent a single point of failure, organizations
deploy multiple domain controllers. This provides:

Redundancy: If one DC fails, another takes over authentication.

Load Balancing: Distributes authentication requests across multiple DCs.

Faster Authentication: Users authenticate to the nearest DC.

Replication: Changes made in one DC are synchronized across others.

How to Add an Additional Domain Controller:

1. Install Windows Server on a second machine.

2. Join the server to the existing domain.

3. Install AD DS and promote the server as an additional domain controller.

4. Ensure Active Directory Replication is working using the repadmin

/replsummary command.
---

4. Active Directory Users and Computers (ADUC)

Active Directory Users and Computers (ADUC) is a management tool used to

manage:

User accounts (create, reset passwords, disable/enable accounts).

Computer accounts (add/remove devices from the domain).

Groups (security/distribution groups for permissions).

Organizational Units (OUs) (structuring users and resources into logical

units).

How to Open ADUC:

1. Run dsa.msc in the Run dialog or Command Prompt.

2. Navigate through the domain structure to manage users and computers.

---

5. Active Directory Administrative Center (ADAC)

The Active Directory Administrative Center (ADAC) is a modern, GUI-based

tool for managing AD. It provides:

Simplified user management.

Resetting passwords and unlocking accounts.

Advanced search for objects.

Managing Dynamic Access Control (DAC).

How to Open ADAC:

1. Open Server Manager > Tools > Active Directory Administrative Center

ADAC is more powerful than ADUC and includes PowerShell History for
automation.
---

6. Read-Only Domain Controllers (RODC)

A Read-Only Domain Controller (RODC) is a special type of DC that contains a

read-only copy of Active Directory. It is used in:

Branch offices with low security (e.g., remote locations).

Scenarios where full DC access is risky (e.g., lower-trust environments).

Reduced replication bandwidth for better performance in slow network

connections.

Key Features of RODC:

No direct updates: Changes are forwarded to a writable DC.

Credential caching: Stores user credentials only for specific users.

Improved security: If compromised, attackers cannot modify AD.

How to Deploy an RODC:

1. Install Windows Server and join it to the existing domain.

2. Install Active Directory Domain Services (AD DS).

3. Promote the server as an RODC by selecting Read-Only Domain Controller

during setup.

---

7. Group Policy (GPO)

Group Policy is a feature in AD used to enforce security settings and

configurations across computers and users.

What Can You Control with GPO?

Security Settings (password policies, firewall settings).

Software Deployment (install applications automatically).

User Restrictions (disable USB access, prevent certain apps).

Logon Scripts (execute scripts at login/logout).

How to Create and Apply a GPO:

1. Open Group Policy Management Console (GPMC) (gpmc.msc).

2. Right-click the domain or Organizational Unit (OU) and select Create a

GPO.

3. Configure settings and link it to the appropriate OU.

4. Use gpupdate /force to apply changes immediately.

---

Conclusion

Active Directory is a critical tool for managing enterprise networks.

Understanding domain controllers, redundancy, user management, RODCs,
and Group Policy helps ensure a secure and efficient IT environment. Would
you like a hands-on guide for setting up AD in a lab environment?
Setting Up a Windows Server 2019 with AD DS and DHCP

In this guide, we’ll go through the steps to set up a Windows Server 2019,
install Active Directory Domain Services (AD DS), promote the server as a
Domain Controller, and configure DHCP.

---

1. Setting Up Windows Server 2019

Before installing any services, ensure you have:

✅ A clean installation of Windows Server 2019

✅ A static IP address assigned to the server

✅ A strong administrator password

Steps:

1. Install Windows Server 2019

Boot from the installation media and follow the setup wizard.

Choose "Windows Server 2019 Standard (Desktop Experience)" for a GUI.

Set the administrator password after installation.

2. Set a Static IP Address

Open Control Panel → Network and Sharing Center

Click Change adapter settings

Right-click on Ethernet → Properties

Select Internet Protocol Version 4 (TCP/IPv4) → Properties

Enter a static IP (e.g., 192.168.1.10), subnet, and gateway.

---

2. Installing Active Directory Domain Services (AD DS)

AD DS allows the server to function as a Domain Controller (DC), managing

users, computers, and policies.

Steps:
1. Open Server Manager

2. Click Manage → Add Roles and Features

3. Choose Role-based or feature-based installation

4. Select Active Directory Domain Services (AD DS)

5. Click Add Features when prompted

6. Proceed with the installation and wait for it to complete

---

3. Promoting the Server as a Domain Controller

Once AD DS is installed, the server must be promoted to a Domain

Controller.
Steps:

1. Open Server Manager → Click Notifications (flag icon)

2. Click Promote this server to a domain controller

3. Choose:

Add a new forest (if setting up a new domain)

Enter a domain name (e.g., mydomain.local)

4. Click Next, set a DSRM password (used for recovery)

5. Accept defaults for DNS, NetBIOS, and Paths

6. Click Install and wait for the process to complete

7. The server will restart as a Domain Controller

---

4. Setting Up DHCP

DHCP assigns IP addresses automatically to devices on the network.

Steps:

1. Open Server Manager → Click Add Roles and Features

2. Select DHCP Server and click Next

3. Proceed with installation and wait for completion

4. Open DHCP Management Console (dhcpmgmt.msc)

5. Configure a New Scope:

Right-click on IPv4 → New Scope

Enter a Scope Name (e.g., "Office Network")

Define an IP range (e.g., 192.168.1.100 to 192.168.1.200)

Set Subnet Mask (e.g., 255.255.255.0)

Add an Exclusion Range (optional)

Set Lease Duration (default: 8 days)

Configure the Default Gateway (e.g., 192.168.1.1)

Set the DNS Server (use Domain Controller IP, e.g., 192.168.1.10)

Activate the Scope

---

Verification & Testing

✅ Check AD DS
Open Active Directory Users and Computers (dsa.msc)

Ensure your domain is listed

Create a test user

✅ Test DHCP

Connect a client machine

Run ipconfig /release and ipconfig /renew

Verify the IP is assigned correctly

---

This setup creates a basic network infrastructure with centralized

authentication (AD DS) and dynamic IP assignment (DHCP). Let me know if
you need further clarifications!