Upgrading Your Skills to MCSA Windows Server 2012 (70-417)

Andres Bohren

Hallo zusammen,

Kürzlich habe ich die Prüfung 70-417 Upgrading Your Skills to MCSA Windows Server 2012 erfolgreich abgelegt.

Nachfolgend findet ihr meine Notizen welche ich mir für die Prüfungsvorbereitung gemacht habe.

Free ebook: Introducing Windows Server 2012 (RTM Edition)
http://blogs.msdn.com/b/microsoft_press/archive/2012/09/05/free-ebook-introducing-windows-server-2012-rtm-edition.aspx

Technet Library: Windows Server 2012 R2 and Windows Server 2012
http://technet.microsoft.com/en-us/library/hh801901.aspx

What's New in Windows Server
http://technet.microsoft.com/en-us/library/dn250016.aspx

Editions
http://www.microsoft.com/de-de/server/windows-server/2012/editionen.aspx
Windows Server 2012 Standard (2 VM)
Windows Server 2012 Datacenter (Unlimited VM)
Windows Server 2012 Foundation (No Hyper-V)
Windows Server 2012 Essentials (No Hyper-V)
Windows Hyper-V Server 2012
Windows Storage Server 2012 Workgroup
Windows Storage Server 2012 Standard
Windows Multipoint Server 2012 Standard
Windows Multipoint Server 2012 Premium

System Requirements
http://technet.microsoft.com/en-us/library/dn303418.aspx
CPU: 1.4 GHZ x64
RAM: 512 MB minimum
Disk: 32 GB minimum

Failoverclustering
http://technet.microsoft.com/de-de/library/hh831579.aspx
Standard Cluster 64 Nodes (Windows 2008 R2 16 Nodes)

Teaming
http://technet.microsoft.com/en-us/library/jj130849.aspx
Get-NetLbfoTeam
Get-Command *team*
Get-Command -Module NetLbfo

Sconfig
Konfigurieren eines Server Core-Servers mit "Sconfig.cmd"
http://technet.microsoft.com/de-de/library/jj647766.aspx
sconfig.cmd

Configure-SMRemoting
Configure Remote Management in Server Manager
http://technet.microsoft.com/en-us/library/hh921475.aspx
Configure-SMRemoting -enable

Manage Windows Server 2008 with 2012 Server Manager
Install the following Components
- Dotnet Framework 4
- Windows Management Framework 3.0

WinRM
http://support.microsoft.com/kb/2019527
By default WinRM HTTP uses port 80.  On Windows 7 and higher the default port is 5985.
By default WinRM HTTPS uses port 443.  On Windows 7 and higher the default port is 5986.

Firewall Rules
http://technet.microsoft.com/en-us/library/jj554869.aspx
Get-NetFirewallRule | where {$_.name -like "*remotesvc*"} | fl
Enable-NetFirewallRule -DisplayGroup "Remote Service Management"

Windows Remote Shell (WinRS)
http://technet.microsoft.com/en-us/library/dd163506.aspx
WinRs -R:Server2 ipconfig

Get-WindowsFeature
Install-WindowsFeature -name [Feature] -computername [Computer] -Restart
Install-WindowsFeature -name Server-Gui-Mgmt-Infra, Server-Gui-Shell
Remove-WindowsFeature -name Server-Gui-Shell

Minimal Server Interface
http://msdn.microsoft.com/en-us/library/windows/desktop/hh848064(v=vs.85).aspx
Minimal Server Interface: Server-Gui-Mgmt-Infra
Server with GUI:  Server-Gui-Mgmt-Infra, Server-Gui-Shell

http://technet.microsoft.com/de-de/library/dd379545(v=ws.10).aspx
Install-WindowsFeature Migration
SmigDeploy.exe /package /architecture amd64 /os WS08R2 /path
W2008: Smigdeploy.exe
Add-PSSnapin Microsoft.windows.ServerManager.Migration

DataCollectorSet
Create a Data Collector Set from a Template
http://technet.microsoft.com/en-us/cc766318.aspx

DSIM
Deployment Image Servicing and Management Command-Line Options
http://technet.microsoft.com/en-us/library/dd744382(v=ws.10).aspx
DSIM /Get-ImageInfo /ImageFile:C:\Images\install.wim
DISM /online /Get-CurrentEdition
DISM /online /Get-TargetEditions
DISM /online /Set-Edition:ServerEnterprise /ProductKey:489J6-VHDMP-X63PK-3K798-CPX3Y
DISM /online /get-features
DISM /online /Enable-Feature /FeatureName:SNMP  /Quiet /NoRestart
DISM /online /Enable-Feature /FeatureName:Server-Gui-Management /FeatureName:Server-Gui-Shell /Quiet /NoRestart
Dism /Mount-Wim /WimFile:C:\test\offline\install.wim /name:"Windows Vista HomeBasic" /MountDir:C:\test\offline
Dism /Commit-Wim /MountDir:C:\test\offline
Dism /Unmount-Wim /MountDir:C:\test\offline /commit
Dism /Cleanup-Wim

Manage Virtual Hard Disks
http://technet.microsoft.com/en-us/library/dd851645.aspx
New-VirtualDisk
http://technet.microsoft.com/en-us/library/hh848643.aspx
New-VirtualDisk [-StoragePoolFriendlyName] <String[]> -FriendlyName <String> [-AsJob] [-AutoNumberOfColumns] [-AutoWriteCacheSize] [-CimSession <CimSession[]> ] [-Interleave <UInt64> ] [-IsEnclosureAware <Boolean> ] [-NumberOfColumns <UInt16> ] [-NumberOfDataCopies <UInt16> ] [-OtherUsageDescription <String> ] [-PhysicalDiskRedundancy <UInt16> ] [-PhysicalDisksToUse <CimInstance[]> ] [-ProvisioningType <ProvisioningType> ] [-ResiliencySettingName <String> ] [-Size <UInt64> ] [-StorageTiers <CimInstance[]> ] [-StorageTierSizes <UInt64[]> ] [-ThrottleLimit <Int32> ] [-Usage <Usage> ] [-UseMaximumSize] [-WriteCacheSize <UInt64> ] [ <CommonParameters>]
New-VirtualDisk -FriendlyName <String> -StoragePoolName <String[]> [-AsJob] [-AutoNumberOfColumns] [-AutoWriteCacheSize] [-CimSession <CimSession[]> ] [-Interleave <UInt64> ] [-IsEnclosureAware <Boolean> ] [-NumberOfColumns <UInt16> ] [-NumberOfDataCopies <UInt16> ] [-OtherUsageDescription <String> ] [-PhysicalDiskRedundancy <UInt16> ] [-PhysicalDisksToUse <CimInstance[]> ] [-ProvisioningType <ProvisioningType> ] [-ResiliencySettingName <String> ] [-Size <UInt64> ] [-StorageTiers <CimInstance[]> ] [-StorageTierSizes <UInt64[]> ] [-ThrottleLimit <Int32> ] [-Usage <Usage> ] [-UseMaximumSize] [-WriteCacheSize <UInt64> ] [ <CommonParameters>]
New-VirtualDisk -FriendlyName <String> -StoragePoolUniqueId <String[]> [-AsJob] [-AutoNumberOfColumns] [-AutoWriteCacheSize] [-CimSession <CimSession[]> ] [-Interleave <UInt64> ] [-IsEnclosureAware <Boolean> ] [-NumberOfColumns <UInt16> ] [-NumberOfDataCopies <UInt16> ] [-OtherUsageDescription <String> ] [-PhysicalDiskRedundancy <UInt16> ] [-PhysicalDisksToUse <CimInstance[]> ] [-ProvisioningType <ProvisioningType> ] [-ResiliencySettingName <String> ] [-Size <UInt64> ] [-StorageTiers <CimInstance[]> ] [-StorageTierSizes <UInt64[]> ] [-ThrottleLimit <Int32> ] [-Usage <Usage> ] [-UseMaximumSize] [-WriteCacheSize <UInt64> ] [ <CommonParameters>]
New-VirtualDisk -FriendlyName <String> -InputObject <CimInstance[]> [-AsJob] [-AutoNumberOfColumns] [-AutoWriteCacheSize] [-CimSession <CimSession[]> ] [-Interleave <UInt64> ] [-IsEnclosureAware <Boolean> ] [-NumberOfColumns <UInt16> ] [-NumberOfDataCopies <UInt16> ] [-OtherUsageDescription <String> ] [-PhysicalDiskRedundancy <UInt16> ] [-PhysicalDisksToUse <CimInstance[]> ] [-ProvisioningType <ProvisioningType> ] [-ResiliencySettingName <String> ] [-Size <UInt64> ] [-StorageTiers <CimInstance[]> ] [-StorageTierSizes <UInt64[]> ] [-ThrottleLimit <Int32> ] [-Usage <Usage> ] [-UseMaximumSize] [-WriteCacheSize <UInt64> ] [ <CommonParameters>]

Managed Service Accounts
http://www.lanbugs.de/howtos/windows-tipps-tricks/manage-service-accounts-msa-fur-services-unter-windows-2008-r2/

Import-Module activedirectory
New-ADServiceAccount -name msa1
New-ADServiceAccount -name msa2 -AccountPassword (ConvertTo-SecureString -AsPlainText 1q2w3e4r%T -Force)
Add-ADComputerServiceAccount -Identity romulus -ServiceAccount msa1
Add-ADComputerServiceAccount -Identity romulus -ServiceAccount msa2

Import-Module ActiveDirectory
Install-ADServiceAccount -Identity msa1
Install-ADServiceAccount -Identity msa2

http://technet.microsoft.com/en-us/library/cc990289.aspx
sc create Dienst1 type= own binpath= c:\dienst1.exe
sc create Dienst2 type= own binpath= c:\dienst2.exe

http://support.microsoft.com/kb/816587/en-us
C:\Windows\System32\config\netlogon.dns
_ldap._tcp.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
_ldap._tcp.Default-First-Site-Name._sites.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
_ldap._tcp.gc._msdcs.corp.icewolf.ch. 600 IN SRV 0 100 3268 ICESRV02.corp.icewolf.ch.
_ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.corp.icewolf.ch. 600 IN SRV 0 100 3268 ICESRV02.corp.icewolf.ch.
_ldap._tcp.fe8bf45a-1515-46f3-bddf-08f57a1d2830.domains._msdcs.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
cccf9502-e99d-481e-99bc-f18edd0e2f7f._msdcs.corp.icewolf.ch. 600 IN CNAME ICESRV02.corp.icewolf.ch.
_kerberos._tcp.dc._msdcs.corp.icewolf.ch. 600 IN SRV 0 100 88 ICESRV02.corp.icewolf.ch.
_kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.corp.icewolf.ch. 600 IN SRV 0 100 88 ICESRV02.corp.icewolf.ch.
_ldap._tcp.dc._msdcs.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
_ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
_kerberos._tcp.corp.icewolf.ch. 600 IN SRV 0 100 88 ICESRV02.corp.icewolf.ch.
_kerberos._tcp.Default-First-Site-Name._sites.corp.icewolf.ch. 600 IN SRV 0 100 88 ICESRV02.corp.icewolf.ch.
_gc._tcp.corp.icewolf.ch. 600 IN SRV 0 100 3268 ICESRV02.corp.icewolf.ch.
_gc._tcp.Default-First-Site-Name._sites.corp.icewolf.ch. 600 IN SRV 0 100 3268 ICESRV02.corp.icewolf.ch.
_kerberos._udp.corp.icewolf.ch. 600 IN SRV 0 100 88 ICESRV02.corp.icewolf.ch.
_kpasswd._tcp.corp.icewolf.ch. 600 IN SRV 0 100 464 ICESRV02.corp.icewolf.ch.
_kpasswd._udp.corp.icewolf.ch. 600 IN SRV 0 100 464 ICESRV02.corp.icewolf.ch.
_ldap._tcp.ForestDnsZones.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
_ldap._tcp.DomainDnsZones.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
_ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.corp.icewolf.ch. 600 IN SRV 0 100 389 ICESRV02.corp.icewolf.ch.
corp.icewolf.ch. 600 IN A 172.21.175.20
gc._msdcs.corp.icewolf.ch. 600 IN A 172.21.175.20
ForestDnsZones.corp.icewolf.ch. 600 IN A 172.21.175.20
DomainDnsZones.corp.icewolf.ch. 600 IN A 172.21.175.20

Dsmgmt
http://technet.microsoft.com/de-de/library/cc732473(v=ws.10).aspx

LocalAccountTokenFilterPolicy for UAC
http://support.microsoft.com/kb/942817/en-us

iSNS-Server (Internet iStorage Name Service-Server)
http://technet.microsoft.com/de-de/library/cc772568.aspx

IPAM
http://technet.microsoft.com/de-de/library/hh831353.aspx
IPAM cannot installad on a Domain Controller


NAP  Health Registration Authority (HRA)
Configure HRA Automatic Discovery http://technet.microsoft.com/en-us/library/dd296901(v=ws.10).aspx
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\NetworkAccessProtection\ClientConfig\Enroll\HcsGroups\EnableDiscovery=1 (DWORD)
_hra._tcp.domain.local
priority       = 10
weight         = 10
port           = 443
svr hostname   = lfnap02.domain.local

Auto-Provision your NAP clients with DNS!
http://blogs.technet.com/b/nap/archive/2008/05/15/auto-provision-your-nap-clients-with-dns.aspx

Virtual Domain Controller Cloning in Windows Server 2012
http://blogs.technet.com/b/askpfeplat/archive/2012/10/01/virtual-domain-controller-cloning-in-windows-server-2012.aspx
New-ADDCCloneConfigFile -IPv4Address 10.2.1.10 -IPv4DefaultGateway 10.2.1.1 -IPv4SubnetMask 255.255.255.0 -IPv4DNSResolver 10.1.1.10,10.1.1.11 -Static -SiteName CORPDR

Path of DCCloneConfig.XML
- %windir%\NTDS
- Wherever the DIT lives (if you've changed the path to D:\NTDS, for example)
- The root of any removable media

 What's New in File Server Resource Manager in Windows Server 2012
http://technet.microsoft.com/en-us/library/hh831746.aspx
File Classification Infrastructure  
Dynamic Access Control
Access-Denied Assistance.

Sysocmgr
http://technet.microsoft.com/en-us/library/cc773290.aspx
http://support.microsoft.com/kb/222444/de

OCSetup (Befehlszeilenoptionen)
http://technet.microsoft.com/de-de/library/dd799247(v=ws.10).aspx

http://technet.microsoft.com/en-us/library/jj574166.aspx
dcpromo is depreciated but works for unattended installations
dcpromo /unattended:<answerfile>

Install-ADDSForest
http://technet.microsoft.com/en-us/library/hh974720.aspx

Import-Module ADDSDeployment
Install-ADDSForest `
-CreateDnsDelegation:$false `
-DatabasePath "C:\Windows\NTDS" `
-DomainMode "Win2012" `
-DomainName "resu.local" `
-DomainNetbiosName "RESU" `
-ForestMode "Win2012" `
-InstallDns:$true `
-LogPath "C:\Windows\NTDS" `
-NoRebootOnCompletion:$false `
-SysvolPath "C:\Windows\SYSVOL" `
-Force:$true

Installing AD DS from Media - Install From Media (IFM)
http://technet.microsoft.com/en-us/library/cc770654(v=ws.10).aspx
ntdsutil.exe
ativate instance ntds
ifm
create Full C:\InstallationMedia

AD Snapshot
http://technet.microsoft.com/en-us/library/cc731620.aspx
ntdsutil.exe
ativate instance ntds
list all
create
mount {GUID}
list mounted

Dsamain
http://technet.microsoft.com/en-us/library/cc772168.aspx
dsamain.exe /dbpath C:\$SNAP_200704181137_VOLUMEC$\WINDOWS\NTDS\ntds.dit /ldapport 51389 /sslport 51636 /gcport 53268 /gcsslport 53269

Install-ADFSFarm
http://technet.microsoft.com/en-us/library/jj553792.aspx

Reset Computer Account
Netdom.exe /reset
NLTest
Powershell

http://msmvps.com/blogs/acefekay/archive/2012/01/06/using-group-nesting-strategy-ad-best-practices-for-group-strategy.aspx
IGDLA (Identity / Global Group / Domain Local Group / Access)
AGDLP (Account / Global Group / Domain Local Group / Permission)


djoin (Offline Joing)
http://technet.microsoft.com/de-de/library/ff793312(v=ws.10).aspx
Schrittweise Anleitung zum Offline-Domänenbeitritt ("Djoin.exe")
http://technet.microsoft.com/de-de/library/offline-domain-join-djoin-step-by-step(v=ws.10).aspx

redircmp
Redirects the default container for newly created computers to a specified target organizational unit (OU)
http://technet.microsoft.com/de-de/library/cc770619(v=ws.10).aspx

FineGrainedPasswordPolicy
Get-ADFineGrainedPasswordPolicy
http://technet.microsoft.com/en-us/library/ee617231.aspx

Dcgpofix
http://technet.microsoft.com/en-us/library/hh875588.aspx
DCGPOFix [/ignoreschema] [/target: {Domain | DC | Both}]

GPO Order
Local, Site, Domain, OU (OU Setting wins)
Enforced Settings are Applied in Reverse Order: OU, Domain, Site
http://blogs.technet.com/b/musings_of_a_technical_tam/archive/2012/02/15/understanding-the-structure-of-a-group-policy-object-part-2.aspx

GPO cmdlets
Get-Command *GP*
Get-Command -Module GroupPolicy

Windows Azure Online Backup
Windows Azure Online Backup Cmdlets in Windows Powershell
http://technet.microsoft.com/en-us/library/hh770400.aspx
Set-OBMachineSetting
Start-OBRegistration

Backup
Install the Windows Server Backup Feature
Sign up for Microsoft Online Services
Download the Windows Azure Online Backup
Run the Register Server Wizard

Resouce Metering
http://technet.microsoft.com/en-us/library/hh831661.aspx
get-command *.vmres*
Get-VM <virtual machine name> | Enable-VMResourceMetering
Get-VM <virtual machine name> | Measure-VM

Install PSWA
Install and Use Windows PowerShell Web Access
http://technet.microsoft.com/en-us/library/hh831611.aspx
Install-WindowsFeature –Name WindowsPowerShellWebAccess
Install-PswaWebApplication –webApplicationName myWebApp –useTestCertificate
Add-PswaAuthorizationRule –UserName Contoso\JSmith -ComputerName Contoso_214 -ConfigurationName NewAdminsOnly

Scale-Out File Server
http://technet.microsoft.com/en-us/library/hh831349.aspx
Incompatible with: Branch Cache, DFS, File Server Resource Manager
Scale Out Fileservice mit SMB 3.0

/*File and Storage*/
Boot from iSCSI --> Benötigt iSCSI HW Initiator
iSCSI Target Server
Data Deduplication (Not on Systemdrive)
Multiterabity Volumes
Storage Spaces and Storage Pools
Unified Remote Management of File and Storage Services in Server Manager
Windows PowerShell cmdlets for File an Storage Services

ReFS (Resilient File System)
http://technet.microsoft.com/de-de/library/hh831724.aspx
- Metadata integrity with Checksums
- Integrity Streams

BranchCache
http://technet.microsoft.com/de-de/library/hh831696.aspx
BranchCache (Hosted Cache / Distributed Cache)
Ab Windows 2008 R2
Clients ab Vista
-BITS
-SMB 3.0
-HTTP/S

Grüsse
Andres Bohren