Windows Server Assignment

Course Code: IT1C (WinSrvr)

Course Name: Windows Server and Active Directory Administration
Assignment: Windows Server Project
Textbook: Eckert, Jason. (2020). Hands-On Windows Server 2019 (3e). Cengage.
Software: Windows 10 or 11 (Pro/Enterprise/Education), Windows Server 2019

Materials and Resources

Assignment Description
In this project, you will create the following setup:

Assignment Steps
Perform the following tasks:
1. Install a new VM called server1 that is connected to the External virtual switch. Add a second NIC
to server1 that is connected to the Private virtual switch and assign it a static IP of 192.168.255.1.
Configure an Active Directory domain on server1 that hosts a new domain in a new forest called
yourname.com. Ensure that server1 is a global catalog and that your domain and forest use the
highest functional levels. (4 marks)
2. Configure server1 as a DHCP server that provides addresses to clients on the 192.168.255.0
network (192.168.255.100-200) and the DNS server 192.168.255.1. Next, configure server1 as a
WDS server that hosts the install.wim from the Windows Server 2019 DVD. The WDS server should
not join computers to the domain after installation. (4 marks)
3. Install server2 from your WDS server and set its static IP address and name afterwards. Next, join
it to your domain. (2 marks)

IT1C(WinSrvr)-Assignment Version 2.4 Page 1 of 5

4. Configure the DHCP service on server1: (10 marks, one for each task)
a. Modify the 192.168.255.0 scope you created earlier so that it is called “Sales LAN” and
uses a lease period of 4 days. Ensure that the scope sets the default gateway and DNS
server on the client to 192.168.255.1.
b. Add an exclusion to the scope for 192.168.255.188 (used by a UNIX server that has a static
IP address) as well as the static IPs used by server1 and server2.
c. Add a reservation called “Ricoh8320Printer” that assigns 192.168.255.191 to the MAC
address 00-01-03-E1-0F-B7.
d. Convert your exclusion for server2 to a reservation.
e. Create a scope called “Mfg LAN” that assigned addresses from the range 172.16.5.1-
172.16.5.254 for a lease period of unlimited. Ensure that the scope sets the default
gateway and DNS server on the client to 172.16.0.200. Since your DHCP server does not
have a network interface on the 172.16.0.0 network, we will assume that a DHCP relay
agent will be configured on a router to forward requests for this network to your DHCP
server.
f. Add a server option that sets the WINS server for all clients in the company to
192.168.255.1.
g. Ensure that Windows 98 clients that receive an IP address from the “Sales LAN” scope
instead receive a gateway of 192.168.255.253, a DNS server of 10.0.1.2, and a WINS server
of 10.0.2.2).
h. Ensure that your classroom VoIP phone model will receive a default gateway of
192.168.255.222 on that Sales LAN.
i. Ensure that your DHCP server always updates A and PTR records for all clients.
j. Configure server2 as a DHCP server in a failover relationship with server1.
5. Configure server1 and server2 as WINS servers in a push/pull relationship and ensure that NetBIOS
name records for both your computers are automatically created in the WINS database
(remember the bug in Server 2019). Next, add a static mapping to the WINS database for
192.168.255.188 (which is used by a UNIX server named SCIBORG that has a static IP address).
(3 marks)
6. Configure the DNS service on server1: (7 marks, one for each task)
a. Create a standard forward lookup zone called yourname.net that accepts secure and
unsecure dynamic updates.
b. Add the following A records to your zone:
webserver.yourname.net = 192.168.255.222
webserver.yourname.net = 192.168.255.223
webserver.yourname.net = 192.168.255.224
fileserver.yourname.net = 192.168.255.225
mailserver.yourname.net = 192.168.255.226
c. Add a CNAME record that maps www.yourname.net to webserver.yourname.net.
d. Add an MX record (priority = 20) for mailserver.yourname.net for the yourname.net zone.
e. Ensure that your DNS server can also use the WINS servers you created earlier for name
resolution if FQDN name resolution fails.
f. Ensure that any FQDN name resolution requests for the acme.com domain are forwarded
to 192.168.255.226.
g. Add a standard primary reverse lookup zone for the 192.168.255.0 network that does not
allow dynamic updates and create the appropriate PTR records for

IT1C(WinSrvr)-Assignment Version 2.4 Page 2 of 5

 webserver.yourname.net.
7. Configure the DNS service on server2 to host a secondary copy of the yourname.net forward
lookup zone and 192.168.255.0 reverse lookup zone from the previous steps. Ensure that the
secondary zones query the primary zones every 5 minutes for new records. Test that both servers
can be queried for the records and that round robin functionality is working. (3 marks)
8. Convert the yourname.net and 192.168.255.0 zones on server1 to be Active Directory integrated
and accept secure dynamic updates only. (2 marks)
9. Configure server1 as a VPN server. The VPN network should use IP addresses on the 172.16.0.0
network. Moreover, the VPN server should use a RADIUS server configured on server1 for
authentication and logging, as well as use an NPS policy that disconnects idle sessions after 2
minutes. Test your configuration from server2 using split tunneling. (6 marks)
10. Configure a domain-based DFS namespace for your domain called warehouse and add three
shared folders (called share1 through share3) to this namespace that meet the following criteria.
(4 marks)
a. Share1 and share2 reside on server1.
b. Share3 resides on both server1 and server2, with the contents synchronized using DFS
replication.
11. Create the following OU structure underneath your domain: (6 marks)

12. Create a nested group structure that allows permissions to be easily assigned to: (3 marks, 1 mark
for each task)
a. Members of the Sales, Mfg, Engrg, and IT groups (in your domain)
b. Mfg members in No.Amer, So.Amer, and Canada (in your domain)
c. Members of the Sales, Mfg, Engrg, and IT groups (in your entire forest)
13. Create a local group called Project-Printer within the File/Print OU. Next, create a fictitious printer
on your host OS that grants Print permission only to members of the Mfg (forest-wide) while using
this local group. (3 marks)
14. Create 3 user accounts (of your choice) within the 6 OUs that “should” contain user accounts.
Each user account should be a member of the appropriate groups from the previous step.
(6 marks)
15. Develop a workstation naming convention, and pre-stage computer accounts for 2 workstations
within the Workstations OU (for general-purpose workstations) as well as pre-stage computer
accounts for 2 workstations within the same 6 OUs that contain user accounts from the previous
step. (6 marks)
16. Create and link a new GPO called GPO-Mfg to the Mfg OU that: (9 marks, one for each task)
a. Locks out users for 2 hours if they log in 3 times unsuccessfully within 1 minute.
b. Removes Control Panel access.

IT1C(WinSrvr)-Assignment Version 2.4 Page 3 of 5

 c. Ensures that the Print Spooler service is always started.
d. Specifies that the system event log should be 40MB in size maximum and that old events
will be cleared automatically as necessary.
e. Sets the background wallpaper (your choice).
f. Gives Bob the right to log on locally and shut down the computer.
g. Assigns a software package (of your choice) to all computers.
h. Redirects the Desktop and Documents folders for users to a shared folder on server1.
i. Prevents the Windows Calculator program from executing.
17. Test your GPO by temporarily moving your server2 computer account into the Mfg OU, and by
logging on to it using a user account within the Mfg OU. Next, ensure that GPO-Mfg does not apply
to users or computers within the So.Amer OU. (1 mark)
18. Create a conditional forwarder in DNS to world.com (IP = 192.168.255.188). (1 mark) Next, create
a 2-way transitive Realm trust relationship between your forest and world.com. (1 mark)
19. Configure your domain with 3 sites (Kitchener, London, Toronto). (1 mark) Ensure that your DC
account resides within the closest site to your physical classroom location. (1 mark) Ensure that
intersite replication occurs every 90 minutes between all locations. (1 mark)
20. Configure server1 as a CA that auto-enrolls all users and computers within the domain for generic
user and computer certificates and test your results by restarting server2 and logging in as
Administrator in the domain. In the Certification Authority console on server1, right-click Issued
Certificates, click Export List and save the list as C:\project\certificates.txt. (4 marks)
21. Configure server1 as an iSCSI SAN that shares a 50GB iSCSI virtual disk to server2. Format this
virtual disk with NTFS and ensure that server2 can access it using X:\. Also ensure that data
deduplication is enabled for X:\. (6 marks)
22. Take a sample performance baseline for server1 and server2. Save these baselines as
server1baseline.html and server2baseline.html in the C:\project folder on server1. (2 marks)
23. Configure server1 as a WSUS server that provides updates to the computers within the domain (do
not download the updates – only download the Windows Update Catalog). (4 marks)
24. Obtain the projectscript.ps1 PowerShell script from your instructor and replace any instances of
yourname.com with the actual name of your domain. Also replace any instances of
DC=yourname,DC=com with the actual name of your domain. Next, execute it on server1 as
Administrator to generate 11 text files (file1.txt to file11.txt) in the C:\project folder. Next,
compress the C:\project folder to a file called yourname.zip and send it to your instructor.
BONUS: Optional (1 mark each)
a. Install a Server 2019 Standard Core virtual machine called server3 (IP = 192.168.255.11,
DNS/gateway = 192.168.255.1), join it to your domain, and configure it to host an IIS
container. Send a screenshot of the output of docker ps while your container is running
for this bonus mark.
b. Install two additional Server 2019 Datacenter virtual machines (server4 and server5) with
an appropriate IP configuration, joined to your domain. Next, configure server4 and
server5 as a Failover Cluster file server (you will need to add a 1GB Q:\ volume to your
iSCSI Target for the quorum). Send screenshots of both the Roles and Nodes sections
within Failover Cluster Manager to your instructor for this bonus mark.

Rubric

IT1C(WinSrvr)-Assignment Version 2.4 Page 4 of 5

See the marks assigned to each question as outlined in the assignment steps/instructions. This
assignment is out of 100 total marks.

IT1C(WinSrvr)-Assignment Version 2.4 Page 5 of 5