WINDOWS SERVER ADMINISTRATION

Prepared By Fibertrain
Course Outline
Understanding Server Hardware & Operating System
.
Understanding Raid & Raid Types
Understanding Microsoft Active Directory
Active Directory Structures
Understanding DNS Server
Understanding DHCP Server
DHCP Server Installation & Configuration
Installing & Configuring Active Directory Domain
Configuring OUs, Users, Groups
Configuring Domain Join On Staffs’ PCs
Understanding Windows Group Policy Object(GPO)
Configuring Policies – Password Policy
Configuring Policies – Account Lockout
Configuring Policies – Logon Hours/Restrictions
Configuring Policies – Folder Redirection
Configuring Policies – Software Installation
Configuring Policies – Block USB Devices
Configuring Policies – Desktop Wallpaper
Configuring Policies – Miscellaneous Tasks
Understanding Server Hardware & Operating
System

Servers are high-powered computers built to store, process, and manage

network data, Applications, and other systems (Clients).

Servers are used by Organizations to manage access to a centralized

resource or service in a network.
 SERVER HARDWARE
n Desktop Servers

HARDWARE VENDORS

DELL
HP
LENOVO
IBM

PowerEdge – T40 ProLiant – ML20 ThinkServer – TS140

From Dell From HP
From Lenovo
SERVER HARDWARE
. Rack Mountable Servers

HP Proliant DL380
Gen 10 Server
SERVER HARD DRIVES
.

Server Hard Drive

Hard Drive Tray

Server Operating Systems
Server operating systems (OS) are the core programs that enable all server
functionality. Operating systems for servers must be able to handle the
Following:

Comprehensive management of users, security, and processes

Managing and monitoring client computers, software, and activity

Installing and deploying applications and patches to clients

Types Of Server Operating System

Windows Server OS
• Windows Server 2008
• Windows Server 2012
• Windows Server 2016
• Windows Server 2019
• Windows Server 2022
Types Of Server Operating System

Linux OS
• Ubuntu
• CentOs
• RedHat
• Suse
Unix OS
• HP-UX
• IBM AIX
• Solaris
Types Of Servers
Domain Controller

DNS Server

DHCP Server

Email Server

Load Balancing Server

Print Server
Understanding RAID Levels

RAID (redundant array of inexpensive disks or redundant

array of independent disks)

is a data storage virtualization technology that combines

multiple physical disk drives components into one or more
logical units for the purposes of data redundancy
and performance improvement.
RAID LEVELS
RAID 0 – striping

RAID 1 – mirroring

RAID 5 – striping with parity

RAID 6 – striping with double parity

RAID 10 – combining mirroring and striping

 RAID 0
In a RAID 0 system, data are split up into blocks that get written
across all the drives in the array.

Need Minimum of 2 Drives for RAID 0

Drives Must Be Same Size, Same

Writing/Reading Speed, Same Caching Speed.
RAID 0 (Continued)

RAID 0 offers great performance, both in read and write

operations.

All storage capacity is used.

RAID 0 is not fault-tolerant. If one of the

drives fail, all data in the RAID 0 array
are lost.
RAID 0 (Continued)

Ideal Use Of Raid 0

RAID 0 is ideal for non-critical
storage of data that have to be
read/written at a high speed,
such as video editing.
RAID 1

In Raid 1, Data are stored twice by writing

them to both the data drive and a mirror drive.

Need Minimum of 2 Drives for RAID 1

Drives Must Be Same Size, Same

Writing/Reading Speed, Same Caching Speed.
RAID 1 (Continued)

In case a drive fails, data do not have to be

rebuilt, they just have to be copied to the
replacement drive.

The main disadvantage is that the storage

capacity is only half of the total drive capacity
because all data get written twice.
RAID 1 (Continued)
Ideal use.

RAID-1 is ideal for mission critical storage,

Example- accounting systems, WebApp, etc.
It is also suitable for small servers in which
only two data drives will be used.
RAID 5
RAID 5 is the most common secure RAID level. It requires at least 3 drives but
can work with up to 16.

The parity data (Data Backup) are not

written to a fixed drive, they are spread
across all drives, as the drawing below
shows.
RAID 5 (Continued)
RAID 5 array can withstand a single drive failure without losing data or
access to data.

Advantages of RAID 5
1. Read data transactions are very fast
2. If a drive fails, you still have access to all data, even while the
failed drive is being replaced
Disadvantages Of RAID 5

1. Drive failures have an effect on throughput

2. If one of the hard drives in an array using 4TB fails and is replaced,
restoring the data (the rebuild time) may take a day or longer
RAID 5 (Continued)

Ideal use

It is ideal for file and application servers that have a limited

number of data drives.
RAID 6

RAID 6 is like RAID 5, but the parity

data (Backup Data) are written to two
drives.
It requires at least 4 drives to do RAID
6.
RAID 6 (Continued)
Do you remember the setbacks in RAID 5?

if a drive in a RAID 5 systems dies and is replaced by a new drive, it takes hours or
even more than a day to rebuild the swapped drive. If another drive dies during that
rebuilding time, you still lose all of your data.

But in a RAID 6, the RAID array will even survive that second failure.
Advantages of RAID 6

Like with RAID 5, read data transactions are very fast.

If two drives fail, you still have access to all data, even while the failed
drives are being replaced. So RAID 6 is more secure than RAID 5.
Disadvantages of RAID 6
Write data transactions are slower than RAID 5 due to the additional parity
data that have to be calculated.

Drive failures have an effect on throughput, although this is still acceptable.

Rebuilding an array in which one drive failed can take a long time.
RAID 6 (Continued)

Ideal use

It is preferable over RAID 5 in file and application servers that use

many large drives for data storage.
RAID 10

RAID 10 is a nested or hybrid RAID

configuration.
RAID 10 makes it possible to combine
the advantages of RAID 0 (which is
SPEED) and RAID 1 (which is FAULT
TOLERANCE) in one single RAID
system.
Advantages of RAID 10

If something goes wrong with one of the disks in a RAID 10 configuration,

the rebuild time is very fast since all that is needed is copying all the data
from the surviving drive to a new drive.

This can take as little as 30 minutes for drives of 1 TB.

Disadvantages of RAID 10

Half of the storage capacity goes to mirroring, so compared

to large RAID 5 or RAID 6 arrays, this is an expensive way to
have redundancy.
Microsoft Active Directory
Microsoft Active Directory is a database and a directory service. It is an
identity and access management solution that allows System Administrators
to define who can do what on the network. Enterprises rely on Active
Directory to efficiently manage their networks.

As a database Service, Active Directory allows you to store user

information such as emails, phone numbers, and passwords. As a directory
service, it allows users to be authenticated and authorized in order to
access a resource on the network.
 Active Directory Services
1. Active Directory Domain services (ADDS). ADDS is the fundamental and
primary directory service in a Windows domain Network that stores and
authenticates network resources.

2. Active Directory Rights Management Services (ADRMS). ADRMS uses

information rights management to manage and restrict access to documents in
your Active Directory network.
 Active Directory Services (Continued)
3. Active Directory Certificate Services (ADCS). ADCS acts as a Certificate
Authority and provides public key infrastructure functionality in your Active
Directory environment.

4. Active Directory Federation Services (ADFS). ADFS facilitates federated

identity management and single sign-on access to applications.
Active Directory Services (Continued)

5. Active Directory Lightweight Directory Services (ADLDS). ADLDS provides

directory services to applications independent of Active Directory and its
restrictions. It can also be run as a stand-alone directory with multiple AD LDS
instances.
6. Global Catalog - A Global Catalog server is a domain controller that contains
information about every object stored in the entire forest. This facilitates and
speeds up the search for information in Active Directory.
 Active Directory Logical Structures
1. Domain – A domain is a logical group of users and computers that share the
characteristics of centralized security and administration.
2. Tree – A tree is a collection of Active Directory domains that share a contiguous
namespace. In other word, a Tree is a child or sub-domain
3. Organizational Unit – An organizational unit (OU) is a container object that
helps to organize objects for the purpose of administration or group policy
application.
4. Forest – A forest is the largest unit in Active Directory and is a collection of trees
that share a common Schema, it’s the totality of your Active Directory
Infrastructure.
5. Federated Trust – This is a way of allowing users in one forest to access resources
own by other users in another forest.
 Active Directory Physical Structures
1. Domain Controllers – Domain controllers are the Server-based systems
(hardware Server) that store the Active Directory database.
2. Site – Sites are groups of IP subnets that are connected together at high speed.
The purpose of defining sites in Active Directory is to control network traffic
relating to directory synchronization. A site can also be the physical location
that the Domain Controller resides.
3. Site Link – Its any type of WAN connection/IP Routing used to connect two or
more sites together (eg. MPLS, VPN).
 Benefits Of Active Directory
1. Active Directory acts as a centralized management tool and is highly scalable.
2. It lets you oversee your IT network from a single console.
3. Active Directory allows you to customize objects to meet your organization's
requirements.
4. It comes with a built-in replication feature that allows you to distribute data
across the DCs in your network.
5. It also comes with a backup and recovery feature that lets you restore
information as and when needed once it has been configured.
Before Installing Active Directory

Please, Ensure that

1. The Server Is Connected to a Network CLIENT
2. Server has Static IP Address Assigned Windows 10 PC
DELL SERVER
IP Address – 192.168.10.20
IP Address – 192.168.10.10 Subnet Mask – 255.255.255.0
Subnet Mask – 255.255.255.0 Default gateway – none
Default gateway – none Preferred DNS – 192.168.10.10
Preferred DNS – 192.168.10.10
Before Installing Active Directory (Continued)

CLIENT
Pls ensure that the windows Windows 10 PC
10 PC can ping the Server,
IP Address – 192.168.10.20
and vice versa
DELL SERVER
If the ping fails, check the following;
IP Address – 192.168.10.10
• Network Discovery
• Windows Firewall Settings
Installing Active Directory
.
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
Installing Active Directory (Continued)
What Is Organizational Units (Ous)
Configuring OUs

On the Server,
Click tools,

Then Select Active Directory Users

And Computers
Configuring OUs
Configuring OUs
Configuring OUs
Configuring OUs
Configuring OUs
Configuring OUs

Right-Click On The Company’s OU,

Create Other Ous For

SALES
ADMIN
HR
MARKETING
LEGAL
Configuring OUs
We have just Created an OU for SALES Department,

Repeat this Process to Create OUs for Other

Departments

ADMIN
HR
MARKETING
LEGAL
Configuring OUs

When you are done creating the OUs,

Everything should look like what we have

on the Image
Configuring Users

➢ Click on tools

➢ And click on active directory users and computer

➢ Right click on the OUS that you created and click on new

➢ After that click on user and add the Information in the box after that click on next

➢ After that you are going to put the password you want to be using in the box and note, your password must meet
the password requirements, That means you must have a minimum password length, password complexity and
your password must be both alphabet, number and symbols.

➢ After that click on the box saying user cannot change password
Joining Staff Pc’s to the Company
Domain
➢Right click on the file explorer
➢Click on this PC’S
➢Right click on this PC’S and click on properties
➢Click on advanced system setting
➢Click on Computer name
➢Click on change
➢And put it on domain and add the domain name then click okay
➢After that the system will ask you to restart
➢Once its restarted you are done with that
DHCP Server Installation
➢Click on manage
➢Add Roles and features
➢Click on next, next, next
➢Click on the box says DHCP server then add roles and features
➢Click on next, next, next
➢Click on install, Click on complete DHCP Configuration and click on next,
commit and close
Configuring DHCP Server
➢ Click on tools ➢ Insert the IP Address you want to exclude
➢ Click on DHCP
from and where you want to stop

➢ Expand the Box ➢ Add

➢ Click on IPV4
➢ Right click on IPV4 and click New scope
➢ Next
➢ Add the scope Name and next
➢ Now you are adding IP Address Range
➢ Insert the starting IP Address e.g (192.168.1.1
➢ Insert the ending IP add e.g (192.168.1.254)
➢ Next
➢ Now you are Adding Inclusion and Delay
➢ Next, Next, Next
➢ Router IP add, Next
➢ DNS server IP add Add and Next
➢ Wins server IP add Add and next, next
and finish
➢ Now you can go ahead to the window
PC’S and put it on obtain IP Add
Automatically
Log On Hour Configuration
➢ On server manager
➢ Click on tools and click on active directory user’s and computer
➢ Expand the domain name
➢ Expand the OU
➢ Expand the Employee OUS
➢ Double click on the department
➢ Click on the user Account
➢ Click on Account
➢ Click on Log on Hours
➢ Now you can now permit on denied the log on hour
Password Policy & Account Lockout
Policy Configuration
➢ Click on Tools
➢Select group policy management
➢Expand forest and expand domain name
➢Right click on domain name and click
options says (create a GPO in this domain
and link it here
➢Name it password policy and account
lockout and click okay
➢Right click on the new created GPO and
select edit
➢Under computer configure, expand policy
➢Expand window setting, expand security setting
➢Under security setting, click on Account policy
➢Double click on password policy
➢Double click on password history (don’t on it)
➢Double click on maximum password, age put 90
➢Maximum password age (30)
➢Double click on password length put (10)
and click okay
➢Double click on password must meet complexity
requirement click yes and click done
Account Lockout Policy
➢ Double click on Account Lockout policy
➢Double click on Account Lockout threshold and put time you want
➢Click okay and okay
➢Double click on account lockout counter after and change from 30 to 7 or 10
➢Right click on the GPO and marked enforced
➢Now go to the (CMD)
➢Type (GP update / Force) restart the window 10, Restart the PC’S
Folder Redirection
➢ On server Drive C
➢ Create a new folder and name it User’s file and documents
➢After shared the folder and copy the Network path
➢ Go to the server manager
➢ Click on tools
➢ Click on group policy management
➢ Right click on your Domain Name
➢ Click on the option says (Create a new GPO and link it here)
➢ Name it folder redirection and click okay
➢Right click on the newly created GPO and click edit
➢ On user configuration
➢ Click on policy & click window setting
Folder Redirection
➢Click on FOLDER REDIRECTION
➢ Right click on Desktop
➢ Expand the box put it on Basic redirect everyone’s folder to the same location
➢ Paste the network path that you copied after shared the folder in the box
➢ Click okay and yes
➢ After click on the setting
➢ and unclick the option says Grant the user exclusive right to desktop.
➢ Click okay and yes
➢ Go to the newly created GPO ad right click then click Enforced
After open Server (CMD) and type (GP Update / Force ) then enter, Server will restart
then restart the window.
To Verify: any file or document you put on windows 10 desktop will appear
automatically on server.
Configuring USB Blocking
➢ On server manager
➢ Click on the tools
➢ Click on group policy management
➢Right click on your domain name
➢ Click the options saying (Create a new GPO in
this domain and link it here)
➢ Name it USB BLOCKAGE
➢ Right click on the newly created GPO and
click on edit
➢ Under computer configuration drop down
➢Click on policies
➢ Click on Administrative Templates
➢ Click on system
➢ Double click on removable storage classes
➢ Click on enable, apply, okay.
➢ Right click on the GPO and click on enforced
➢ Enter server CMD
➢ Type GP update / Force
➢ Server will Restart. Done.
Software Installation
➢ On server file explorer
➢ Create a new folder and name it software installation
➢ After that, put the software inside the new created folder
➢ Right click on the new folder and share it
➢ Copy the network path
➢ Then go to the server manager
➢ Click on tools and click on group policy management
➢ Expand the forest
➢ Expand the domains
➢ Then right click on your domain name and click on the option says (create a GPO in this
domain and have it here)
➢Name it software installation and click okay
➢Expand your domain name to see the newly created GPO and right click on it.
➢You can configure this on both user or computer configuration
Software Installation
➢ Depends on any you decide to use
➢ So lets assume we configure on computer configuration
➢ Expand computer configuration
➢ Expand policies
➢ Expand software setting
➢ Right click on software installation
➢ Click on properties
➢ Paste the network you copy in the box
➢ And click on assign and click on OK
➢ Right click again on the software installation
➢ Click on new, click on package
➢ And click on the software you want to install
Software Installation
➢ Click on open
➢ Wait for some seconds the software will appear automatically in the box, that is finish
➢ Go back to the newly created GPO and right click on it
➢ After that click on Enforced
➢ Now go ahead to CMD and put this command (GP Update / Force) hit enter button and
server will ask you (Do You want to restart)
➢ Click yes
➢Server will restart automatically
Go to windows 10 and restart
After you restart, Search for the software name, you will see it installed on windows 10
automatically.
Configuring OUs, Users, Groups
Right click on the file explorer