Server Roles
This is a guide on server roles.
File and Storage Services
And as far as roles themselves are concerned, I would certainly say that this is one of the simpler roles, there's really not much configuration. And I should also point out that if all you are concerned with on any given server is creating a few simple shared folders, then it's actually not necessary to install the role.
You can still share any folder on any server, even if the role is not there. But it doesn't give you any centralized management of those shares if you don't install the role. So again, if it's going to be a file server, I certainly recommend that you do add this role. Now, just to speed things up, I have already added it.
But we will still see all of the interfaces, we just won't have to wait for the install to complete. And lastly, I should also point out that even if you haven't installed it on a new installation of Windows Server 2019, you will still see a file and storage services node in your Server Manager dashboard.
And that's just because by default, you have some volume management capabilities. So if I just click on this quickly, you will always see Volumes, Disks, and Storage Pools available to you on any install of Server 2019, okay?
[Video description begins] In the navigation pane, he clicks on File and Storage Services. A page for it opens. It has a left pane with the following options: Servers, Volumes, Shares, etc. Volume expands to show two sub-options: Disks and Storage Pools. A page for Servers is open on the right. It has two sections: Servers and Events. Under Servers, a table is present with the following columns: Server Name, IPv4 Address, Manageability, etc. A server is listed in the table. [Video description ends]
So even though that node is there, what you won't see are these options for Shares, iSCSI and Work Folders until you install the file server role. So these are there because I have already added the role. But let's go back and see that process. So we will return to the dashboard, Click Add roles and features, Click on Next.
[Video description begins] Under Quick Start, he clicks on Add roles and features. An Add Roles and Features Wizard opens. It has the following steps on the left: Before you Begin, Installation Type, Server Selection, Server Roles, etc. Currently, Step 1: Before you Begin is open. At the bottom, the following buttons are present: Previous, Next, Install, and Cancel. Step 2: Installation Type opens. It has two options with radio buttons. Here, the Role-based or feature-based installation option is selected. [Video description ends]
For the first few screens here, it is a role based or a feature based installation. It's on this local server here and you will find it under File and Storage Services.
[Video description begins] He clicks the Next button. Step 3: Server Selection opens. It has two options with radio buttons. Here, the Select a server from the server pool option is selected. Below it, there is a table for Server Pool where a server is listed. He clicks the Next button. Step 4: Server Roles opens. There are two sections: Roles and Description. Under Roles, a list of servers is present with checkboxes. Currently, the check-box for File and Storage Services is selected. A drop-down icon is present ahead of it. [Video description ends]
And again, by default, you would only have 1 of 12 installed, so let's expand. And expand file and iSCSI Services and it's this very first option for File Server.
[Video description begins] File and Storage Services expands to show the following options: File and iSCSI Services and Storage Services. A drop-down icon is present ahead of File and iSCSI Services. File and iSCSI Services expands to show the following options: File server, DFS Namespaces, File Server Resource Manager, etc. A check-box is present beside each option. Currently, the check-box for File Server is selected. [Video description ends]
Now, that's all you need, but I will tell you that if you are looking to configure a more robust file server, then I would suggest that you also add the File Server Resource Manager role. But we are going to see that in an upcoming demonstration. So we won't worry about it for the time being, we can just add the File Server role, which, as you can see, is already installed in my case, but I'll just click on Next. And from that point, you can add some other features if you want.
[Video description begins] Step 5: Features opens. There are two sections: Features and Description. Under Features, a list of features is present with checkboxes. Currently, the check-box for .Net Framework 4.7 Features is selected. A drop-down icon is present ahead of it. [Video description ends]
But again, we don't really need anything at this point. So this is where it ends for me, because it's already installed. But I would just have to click on Next then Install, wait maybe a minute at most, for that installation to complete. There is no reboot required for installing that role and really that's it, okay? So all I would have to do again would be to click Next and Install, but I will just click on Cancel.
[Video description begins] The Wizard closes. The Server Manager Dashboard is open. [Video description ends]
So with that now installed, if we go back to File and Storage Services, what you now have are Shares, iSCSI and Work Folders, okay?
[Video description begins] In the File and Storage Services, the Servers page is open. [Video description ends]
[Video description begins] In the left pane, the following options are present: Shares, iSCSI, and Work Folders. [Video description ends]
So for the time being, let's just focus on Shares. And currently, of course, there are no shares, because this role was just installed.
[Video description begins] A page for Shares opens. It has three sections: Shares, Volume, and Quota. [Video description ends]
But we have the option to create a file share by clicking New Share Wizard. Then you have a few different options in terms of the profile.
[Video description begins] Under Shares, the following link is present: To create a file share, start the New Share Wizard. He clicks on it. A wizard titled New Share Wizard opens. On the left, it has the following steps: Select Profile, Share Location, Share Name, Other Settings, Permissions, Confirmation, and Results. Step 1: Select Profile is open. On the right, two sections are present: File share profile and Description. A list of profile options is present under File share profile. The following buttons are present at the bottom: Previous, Next, Create, and Cancel. [Video description ends]
It asks for SMB Share, that's Server Message, which is simply the file sharing protocol of Windows and it gives you a description. There is SMB share Advanced with a few more options. There are SMB Share Applications as well. And then NFS, if you have any UNIX systems for the most part. Okay, so let's just go with the first option here for SMB Share Quick, click on Next. Again, specify of course the server, the location in terms of the volume.
[Video description begins] Step 2: Share Location opens. On the right, there are two sections: Server and Share location. Under Server, a table is present with a server. [Video description ends]
I only have a C drive in this case Click on Next, then the share name really can be anything that you want, okay?
[Video description begins] Under Server, a table is present with four columns. One server is listed in the table. Under Share location, two options are present with radio buttons: Select by volume and Type a custom path. Here, Select by volume is selected. It has a table with four columns. C: directory is listed in the table. [Video description ends]
[Video description begins] Step 3: Share Name opens. It has input fields for the following options: Share name, Share description, Local path to share, and Remote path to share. [Video description ends]
But do note that it creates a folder, if you just go with the default called Shares. Okay, so this is acting as the parent folder for all shares, you don't have to do that. You could place it really anywhere, but again, I'll just go with the default for the time being.
[Video description begins] The Local path to share is set as C:\Shares\. [Video description ends]
So let's just call this something like Documents.
[Video description begins] In the input field for Share name, he types Documents. [Video description ends]
So the entire path is now C:\ Shares\Documents. Then the UNC or the universal naming convention path is \\ name of server \name of share. I will leave it set to documents, click on Next. Then there are options for access-based enumeration, whereby users will only see shares to which they have permission.
[Video description begins] Step 4: Other Settings opens. It has three options with checkboxes. Here, the Allow caching of share options is selected. [Video description ends]
In other words, if you don't have permission, you don't see it. And you can also allow for caching of shares, if you want to, for offline users. And you can encrypt the data access, I won't bother with any of these options for the time being. We'll just disable them all, click on Next.
[Video description begins] Step 5: Permissions opens. It has a table with the following columns: Type, Principal, Access, and Applies To. It has a list of Folder permissions. A Customize permissions button is present below it. [Video description ends]
You certainly can adjust the permissions, if you want, if you feel that's necessary. But do take note of the default permissions and just familiarize yourself with what they are. But again for the time being, let's just leave everything at their default values, click on Next.
[Video description begins] Step 6: Confirmation opens. It has a box with two sections: Share Location and Share Properties. A summary for each setting is present under each section. [Video description ends]
There is the confirmation with the summary, Click on Create and our share has now been created, okay?
[Video description begins] Step 7: Results opens. It shows the credited with progress bar. A Close button appears at the bottom. He clicks the close button. The wizard closes. The screen shifts to the Shares page. [Video description ends]
So let's just verify it, we can go to the C drive and we should now see, of course, the main folder called Shares.
[Video description begins] In the Windows task bar, he clicks on the Explorer icon. A File Explorer opens. [Video description ends]
And there is the Documents folder inside of it. Okay, so again, it's this centralized management of the shares that you get by installing this role.
[Video description begins] The current breadcrumb is: This PC > Local Disk (C:) > Shares. It has a Documents folder. [Video description ends]
If you didn't install the role, you would not see this administrative interface.
[Video description begins] The Shares page is open. [Video description ends]
You could still share the folder, okay, let me just quickly go back in here. You can right-click on any folder and choose Properties and go to the Sharing tab and still configure sharing.
[Video description begins] He shifts to the File Explorer. He right clicks on the Documents folder. [Video description ends]
[Video description begins] A pop-up window titled Documents Properties opens. Under the Sharing tab, the following sections are present: Network File and Folder Sharing and Advanced Sharing. Under Network File and Folder Sharing, a Share button is present. OK, Cancel, and Apply buttons are present at the bottom. [Video description ends]
But again, no centralized management of all shares. So that's really all there is to just initially setting up the file server role.
File Server Resource Manager
Now in this video, we'll take a look at enhancing the capabilities of our file server by adding in the File Server Resource Manager role. Now again, just for the sake of saving a little bit of time, I've already added the role, but we will still see how you add it, and then we'll overview some of the features.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open. [Video description ends]
So from the dashboard, just click Add roles and features. Click Next a few times to get to the Server Roles.
[Video description begins] An Add Roles and Features Wizard opens. The following steps are present on the left: Before you begin, Installation Type, Server Selection, etc. Step 1: Before you begin is currently open. Previous, Next, Install, and Cancel buttons are present at the bottom. [Video description ends]
And you'll find this under File and Storage Services.
[Video description begins] Step 4: Server Roles opens. There are two sections: Roles and Description. Under Roles, a list of servers is present with checkboxes. Currently, the checkbox for File and Storage Services is selected. A drop-down icon is present ahead of it. [Video description ends]
Then expand File and iSCSI Services, and it's just a few options below the File Server option.
[Video description begins] File and Storage Services expands to show the following options: File and iSCSI Services and Storage Services. A drop-down icon is present ahead of File and iSCSI Services. File and iSCSI Services expands to show the following options: File server, DFS Namespaces, File Server Resource Manager, etc. A check-box is present for each option. Currently, checkboxes for File Server and File Server Resource Manager are selected. [Video description ends]
Right there, File Server Resource Manager. Now in most practical scenarios, I would generally recommend that you install both the File Server component and the File Server Resource Manager at the same time. But clearly it's not necessary. You can install either at any time. Just click Next and add any other features if you want, but nothing is required here. So then simply click on Install and really that's it.
[Video description begins] Step 5: Features opens. There are two sections: Features and Description. Under Features, a list of features is present with checkboxes. Currently, the check-box for .Net Framework 4.7 Features is selected. [Video description ends]
But let's just go back to the previous page here and select the File Server Resource Manager just to see the description.
[Video description begins] Step 4: Server Roles opens. [Video description ends]
It tells you that it helps you to manage and understand the files and folders on a file server by scheduling file management tasks and storage reports, classifying files and folders, configuring folder quotas and defining file screening policies.
So those are the basic options that become available, once you install this role. Now I can just Cancel this, because again I have already installed it. And if we go back to File and Storage Services on the left hand side, there's nothing immediately different about the interface, with maybe one exception.
[Video description begins] The Add Roles and Features Wizard closes. The screen shifts to the Server Manager Dashboard. The File and Storage Services > Servers page opens. [Video description ends]
If you go to Shares, down in the lower right hand corner, it says QUOTA.
[Video description begins] The Shares page opens. [Video description ends]
And this is where you can configure quotas but if you have not yet installed the File Server Resource Manager, it actually tells you that you need that feature to be able to set and manage quotas. Once it has been installed, then we get a link that says to set a quota open the configuration dialog box.
So all I'm trying to point out here is that if you see this option available then it indicates that the File Server Resource Manager role has already been installed. But it's not just a feature, if you will, that you'll find in this interface, it's a tool that becomes available from your Tools menu. So if you go to the upper right and click on Tools, there is the File Server Resource Manager.
[Video description begins] In the menu bar, he clicks on Tools. A list of options appears. [Video description ends]
So as we saw in the description, you now have options for configuring quota management to ensure that people don't use up all of the space in a share, you can manage it.
[Video description begins] A window titled File Server Resource Manager opens. It has a menu bar with the following options: File, Action, View, etc. A toolbar is present with the following buttons: Previous, Next, Help, etc. The navigation pane contains the following folders: Quota Management, File Screening Management, Storage Reports Management, etc. In the center, the same options are displayed. An Actions pane is present on the right. [Video description ends]
Now we'll see quotas a little bit later on as well. So for the time being, we're just over viewing these features. File Screening Management allows you to block certain types of files in any given share. So if for example, you want to ensure that more dangerous files like executable or scripts are not stored, then you can absolutely block those. Maybe you could block certain types of media content because they take up a lot of space.
That's really up to you, but it's simply preventing certain types of files. Storage Reports basically just allows you to see what's going on. So you have a much better idea of the overall utilization of this file server. Classification Management allows you to do exactly that. You can classify various content based on certain characteristics. And then configure other tasks based on the classification.
This is something that's commonly used with information protection. And then File Management Tasks are fairly general tasks, such as deleting, moving or copying files, but perhaps based on a schedule to ensure that they don't cut into sort of your standard business hours.
But, again, we'll see many of these as we go through some upcoming demonstrations. But the idea, again, of the File Server Resource Manager tool is just to enhance the capabilities of a file server with some additional features. And perhaps most notably, for you as an administrator, some options to better understand the usage of this file server.
Quota Management
In this video, let's take a look at working with quotas using our File Server Resource Manager tool. And, again, this can be located from the Tools menu of Server Manager.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open. [Video description ends]
Then choose File Server Resource Manager. And we can expand Quota Management over on the left.
[Video description begins] A window titled File Server Resource Manager opens. It has a menu bar with the following options: File, Action, View, etc. A toolbar is present with the following buttons: Previous, Next, Help, etc. The navigation pane contains the following folders: Quota Management, File Screening Management, Storage Reports Management, etc. In the center, the same options are displayed. An Actions pane is present on the right. [Video description ends]
And you effectively have two options. You can absolutely just create your own manual or custom quotas. Or you can work with templates. Now, we'll see both. And we'll also see how you can work with the templates to still customize things, okay? But let's begin with just a regular quota, if you will. We can simply right-click and choose Create Quota.
[Video description begins] He right clicks in the center pane. [Video description ends]
Now, the path, of course, is the folder on which the quota will be applied.
[Video description begins] A pop-up window titled Create Quota opens. It has an input field for Quota path. A Browse button is present beside it. A section titled Quota properties is present below it. It has two options with radio buttons. Currently, Derive properties from this quota template is selected. A drop-down for templates is present below it. Currently, it is set to 100 MB Limit. Create and Cancel buttons are present at the bottom. [Video description ends]
So let's browse and let's choose maybe the share that was created just a little earlier. It was this Documents folder, click on OK. And then you have the option to choose from one of the available templates. And that is recommended and it's the default. Now, by no means do you have to use a template. It's just that all of that values are preset if you do.
So it's certainly a little bit easier. You can hit the drop-down here and you can choose from these available templates. And there are several available. As mentioned, we'll see how to work with the templates in a little bit. But for the time being, let's just go with a custom quota. So we can click Custom Properties.
[Video description begins] Under Quota properties, he selects Custom properties. A pop-up window titled Quota Properties of C:\Shares\Documents opens. At the top, a drop down is present for Copy properties from quota template (optional). A Copy button is present beside it. Below it, a tab titled Settings is present. It has two sections: Space limit and Notification thresholds. OK and Cancel buttons are present at the bottom. [Video description ends]
And it already has the path because we've chosen it. Now, you still have the option to copy from a template if you want to. You can just hit the drop-down here, choose an option, and then click on the Copy button. But, as mentioned, we'll see that later. So let's just set some manual values here.
[Video description begins] Under Space limit, an input field is present for Limit. A drop-down is present beside it. Currently, it is set as MB. [Video description ends]
Let's maybe go with 3 gigabytes.
[Video description begins] He sets the Limit as 3 and the drop-down as GB. [Video description ends]
Now, hard versus soft really is just how you want to implement the quota in terms of if the users will be actually denied using any more space.
[Video description begins] Under Space limit, two options are present with radio buttons: Hard Quota and Soft Quota. [Video description ends]
That's a hard quota. If they are completely stopped from storing anything else beyond that, then that's a hard quota. A soft quota does allow users to exceed the limit. And it's primarily just used for you as an administrator to track the usage.
So it actually says, just use this for monitoring. We'll leave it set as a hard quota. And then you can also have notification thresholds, whereby the user will receive an email, for example, once they get to a certain point. You can also specify if you want to log that event.
[Video description begins] Under Notification thresholds, a table is present with the following columns: Threshold, E-mail, Event Log, etc. An Add button is present below it. [Video description ends]
So let's click on Add. And let's just go with maybe 90% just to change it up.
[Video description begins] A pop-up window titled Add Threshold opens. At the top, an input field is present for Generate notifications when usage reaches (%). OK and Cancel buttons are present at the bottom. [Video description ends]
And we can send an email, okay?
[Video description begins] In the input field for Generate notifications when usage reaches (%), he types 90. The following tabs are present below it: E-mail Message, Event Log, Command, etc. Currently, the E-mail Message tab is selected. Under the E-mail Message tab, two options are present with checkboxes. He selects the check-box for Send e-mail to the following administrators. [Video description ends]
Now, I don't have an email server set up at this point in time. So this won't actually work, but you get the idea. So we can send an email to the administrators. And we can send an email to the user who exceeds the threshold.
[Video description begins] He also selects the check-box for Send e-mail to the user who exceeded the threshold. Below it, a section titled E-mail message is present. It has input fields for Subject and Message body. [Video description ends]
And it does give you a subject by default with a variable that simply says [Quota Threshold]%, which would equate to 90% in this case. And a message body, again, with several variables. So you can change that to whatever you want, click on OK.
[Video description begins] A notification titled File Server Resource Manager appears. Yes and No buttons are present at the bottom. [Video description ends]
And just choose Yes here because this is telling me that I don't have the SMTP server set up yet. But there is my threshold warning.
[Video description begins] The pop-up window closes. The screen shifts to the Quota Properties of C:\Shares\Documents window. Under Notification thresholds, a row named Warning (90%) appears. [Video description ends]
And it will send an email, okay? Click on OK, click Create.
[Video description begins] The pop-up window closes. The screen shifts to the Create Quota window. [Video description ends]
And we can save this as a template if you want to at this point.
[Video description begins] A pop-up window titled Save Custom Properties as a Template opens. It has two options with radio buttons. OK and Cancel buttons are present at the bottom. [Video description ends]
But, again, that's up to you. I won't bother, so I'll go with the option that says Save the custom quota without creating a template and click on OK. So it shows up that the quota entry has been applied to that folder.
[Video description begins] The pop-up window closes. The screen shifts to the File Server Resource Manager window. [Video description ends]
So now let's actually go to File Explorer window.
[Video description begins] In the center pane, a table is present with a Source Template named C:\Shares\Documents. [Video description ends]
And let's access this server via its UNC. So in my case, that's \\srv0474. There is the share.
[Video description begins] A folder named Documents appears. [Video description ends]
And I'm going to map a network drive to this folder. And now, if we go to the This PC window, that shows up as a 3 gig drive.
[Video description begins] He right clicks on the Documents folder. A context menu appears. He selects Map Network Drive. A pop-up with the same title opens. It has a drop-down for Drive. Currently, it is set as Z:. Finish and Cancel buttons are present at the bottom. He clicks the Finish button. The pop-up window closes. The screen shifts to the File Explorer window. The Documents (\\srv0474) (Z:) is open. [Video description ends]
So there is a quota essentially in effect, okay? Now, in terms of the templates, as mentioned, these templates are predefined.
[Video description begins] He closes the file explorer. The screen shifts to the File Server Resource Manager window. [Video description ends]
So you can certainly just use one of these.
[Video description begins] In the navigation pane, under Quota Management, he clicks on Quota Templates. A table with four columns appears in the center pane: Quota Template, Limit, Quota Type, and Description. It has a list of templates. [Video description ends]
Or in fact, you can edit one of these templates if you want to. So if, for example, we click on the 5 gig limit, we can double-click, I should say, and you can make changes here.
[Video description begins] A pop-up window titled Quota Template Properties for 5 GB Limit opens. It has a tab titled Settings. There are two sections: Space limit and Notification thresholds. Under Space limit, an input field is present for Limit. Currently, it is set as 5.000 GB. Below it, two options with radio buttons are present: Hard Quota and Soft Quota. Under Notification thresholds, a table is present with the following columns: Threshold, E-mail, Event Log, etc. OK and Cancel buttons are present at the bottom. [Video description ends]
So you could specify a different limit. You could change it from hard to soft. You could change the notification thresholds. That's up to you. But the recommended approach is to create a new template and then copy some of the properties if they are fairly close. That will keep all of these templates exactly as they are. And then you just start creating your own, okay?
[Video description begins] He clicks the Cancel button. The pop-up window closes. The screen shifts to the File Server Resource Manager window. [Video description ends]
So in here, we can just right-click and we can choose to create a new template.
[Video description begins] He right clicks in the center pane. A pop-up window titled Create Quota Template opens. At the top, a drop-down is present for Copy properties from quota template. A Copy button is present at the bottom. There are input fields for Template name and Description. Below it, there are two sections: Space Limit and Notification thresholds. At the bottom, OK and Cancel buttons are present. [Video description ends]
And let's just immediately give it a name. Let's call it MyTemplate. And, of course, you could give it a description. But here is where you can copy most of the properties from an existing template. So let's hit the drop-down and let's go with that 5 gig limit. Click the Copy button. And all of those properties went in automatically. Now, you can still make some changes if you want to. For example, we could change it to a soft quota because as it is, it's exactly the same as the 5 gig limit.
[Video description begins] Under the Space limit section, there is an input field for Limit. It is set to 5 GB. Below it, there are two options with radio buttons: Hard quota and Soft quota. [Video description ends]
We could change the notification settings if you want to. But just making that single change really is enough. Click on OK, and there is the new template.
[Video description begins] Under the Notification thresholds section, there is a table. In it, three thresholds are listed. The pop-up window closes. The screen shifts to the File Server Resource Manager window. A row named My Template appears in the table. [Video description ends]
More or less the same as the 5 gig, except it's a soft instead of a hard. Now, if we were to go back and make another entry in the custom quotas, if you will, we can use that new template. So let's right-click and choose Create Quota.
[Video description begins] He right clicks in the center pane. A context menu appears. He selects Create Quota. The pop-up window titled Create Quota opens. [Video description ends]
And if we hit the drop-down here for the template, MyTemplate appears, okay?
[Video description begins] Under Quota properties, he clicks the drop-down present for Derive properties from this quota template (recommended). [Video description ends]
So, again, all of that really is up to you. But when you do want to control the usage of any kind of directory, then definitely you would want to consider implementing quotas.
Print Servers
In this video, we'll take a look at installing the print server role to a server. And again, this is done through your Server Manager Dashboard, just by clicking the Add roles and features option.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open. [Video description ends]
[Video description begins] The Add Roles and Features Wizard opens. The following steps are present on the left: Before you begin, Installation Type, Server Selection, Features, etc. Step 1: Before You Begin. Previous, Next, Install, and Cancel buttons are present at the bottom. [Video description ends]
And again, we just have to click on Next.
[Video description begins] Step 2: Installation Type opens. It has two options with radio buttons. Role-based or feature-based installation is selected by default. [Video description ends]
Choose Role-based. Next, choose this server, click on Next.
[Video description begins] Step 3: Server Selection opens. It has two options with radio buttons. Select a server from the server pool is selected by default. Below it, a section titled Server Pool is present. It has a table with three columns. One server is listed in the table. Step 4: Server Roles opens. It has two sections: Roles and Description. Under Roles, a list of servers with check boxes is present. Currently, File and Storage Services is selected. [Video description ends]
And this is its own category, if you will. It's called Print and Document Services.
[Video description begins] In the list, he clicks on Print and Document Services. A pop-up window titled Add Roles and Features Wizard opens. The following question is present at the top: Add features that are required for Print and Document Services? Below it, a box is present with a list of tools. Add Features and Cancel buttons are present at the bottom. [Video description ends]
And there are a few additional features that are required, most notably the Remote Server Administration Tools. And we can just click Add features here.
[Video description begins] The pop-up window closes. The screen shifts to the Add Roles and Features Wizard. On the left, the following steps appear below Features: Print and Document Services and Role Services. [Video description ends]
Then choose Next.
[Video description begins] Step 5: Features opens. It has two sections: Features and Description. Under Features, a list of features is present with checkboxes. Currently, the check-box for .Net Framework 4.7 Features is selected. [Video description ends]
And again, if you want to add any additional features, you certainly can. But nothing is really required to just add the Print and Document Services role. So let's click Next again.
[Video description begins] Step 6: Print and Document Services opens. [Video description ends]
And it does come up to tell you a little bit about Type 3 versus Type 4 printer drivers. Now, Type 4 has been around for quite some time now. I believe it was introduced with Windows Server 2012 and Windows 8 on the client side. But there may certainly still be a number of Type 3 printer drivers in your environment. So if that's the case, that's fine, because both are supported. Now, just quickly, Type 3 versus Type 4 really comes down to the total number of drivers that you will likely need to manage.
Type 3 have been around for quite some time, probably since about Windows 2000, really without much of a change. And it boils down to the fact that they were quite vendor-specific. So you would end up with a lot of drivers because you needed to support perhaps a lot of different printers. Type 4 printer drivers try to be a little more generic so that the same driver can support many different printers. So again, just be mindful of what you have and if you need to support a number of Type 3 printer drivers. Click on Next.
[Video description begins] Step 6.1: Role Services opens. It has two sections: Role services and Description. Under Role services, three services are present. A check-box is present ahead of each service. Currently, the check-box for Print Server is selected. [Video description ends]
And then you have three options in terms of the Role Services, just the Print Server component itself, the Internet Printing service, and LPD, or line printer daemon service, if you have any Unix-based computers. So clearly this is up to you, but the Print Server really is the only necessary component. It installs the management capabilities for the printers. And we can then just click Next and choose Install.
[Video description begins] Step 7: Confirmation opens. [Video description ends]
And again, this does not require a reboot, so it shouldn't take much time to install.
[Video description begins] Step 8: Results opens. It has a progress bar for Feature installation. A Close button appears at the bottom. [Video description ends]
So we'll just let that complete. And then we'll just come back and take a quick look at the changes.
[Video description begins] He clicks the close button. The wizard closes. The screen shifts to the Server Manger Dashboard. [Video description ends]
Okay, so that installation has completed. We get a successful notification here in our notifications window.
[Video description begins] In the menu bar, a notification titled Feature installation appears. [Video description ends]
And now over on the left-hand side of the dashboard page, we do see Print Services.
[Video description begins] In the navigation pane, Print Services appears below File and Storage Services. A page for it opens in the center. It has two sections: Servers and Events. Under Servers, a table is present with the following columns: Server Name, IPv4 Address, Manageability, etc. A server is listed in the table. [Video description ends]
We can select this, and it shows us that this server is essentially now a print server. Now it's just showing us some basic log information here, and some events down below. But if we now click on Tools, we also have the Print Management interface.
[Video description begins] A window titled Print Management opens. It has a menu bar with the following options: File, Action, View, etc. A toolbar is present with the following buttons: Previous, Next, Help. etc. The navigation pane contains the following folders: Custom Filters, Print Servers, and Deployed Printers. Here, Print Server expands to show the following server: SRV0474. An Actions pane is present on the right. [Video description ends]
So in here, we see the actual print servers that have been set up, this server of course being one of them. But we can see the drivers, any forms, any ports, and any printers that have been configured here.
[Video description begins] Server SRV0474 is expanded to show the following options: Drivers, Forms, Ports, and Printers. [Video description ends]
And we see which printers have been deployed. And there are even some custom filters that you can choose here to see All Printers, All Drivers, Printers Not Ready, and Printers With Jobs. So you can just filter out those jobs, those printers, those drivers that you want to work with.
Okay, so now what we have, again is a centralized management of all of our print servers through this interface, as opposed to always having to manage each one independently. Okay, we can just right-click on Print Servers here. And you can add or remove servers.
[Video description begins] A pop-up window titled Add/Remove Servers opens. It has a tab titled Configure Print Management. There are two sections: Specify print server and Print servers. Under Specify print server, an input field is present for Add servers. A Browse button is present beside it. OK, Cancel, and Help buttons are present at the bottom. [Video description ends]
So for all of the print servers that you might have in your environment, all you have to do is specify the name or just browse for it. I only have this one. But I could just keep adding all of the print servers and have this centralized administrative access to all of them.
Active Directory
In this demonstration, we'll take a look at installing what is perhaps the most necessary role in any given Windows environment at least, which is Active Directory Domain Services.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open in the center pane. [Video description ends]
Now, there are a lot of configuration options when it comes to installing Active Directory. For example, do you already have a domain setup and you are just looking to add another domain controller? Or, are you starting from scratch with no domains? Or are you adding another domain to an existing forest? So again, a lot of options there. In this particular case, I do have an existing domain, but there is only one domain controller.
So, we'll take a look at adding a second domain controller to an existing domain which is always recommended because you don't just want to have a single domain controller, because that represents a single point of failure. So, you should always have at least two. Now, there are two steps, if you will, to just even doing that, you need to add the role.
Then you need to configure the system to be a domain controller. They are two separate processes. So, we will see how to add the role and how to configure the system, all in this presentation. So in terms of just adding the role from the Server Manager dashboard, we can just click Add roles and features.
[Video description begins] Under Quick Start, he clicks on Add roles and Features. The Add Roles and Features Wizard appears. On the left, it has the following stages: Before you Begin, Installation Type, Server Selection, etc. Currently, Before you Begin is open on the right. At the bottom, there are four buttons: Previous, Next, Install, and Cancel. [Video description ends]
Click Next a few times here to get to the role selection page.
[Video description begins] He shifts to the Server roles page. The heading is Select server roles. It has a list of Roles with check boxes. Some of these are: Active Directory Certificate Services, Active Directory Domain Services, DNS Server, etc. [Video description ends]
And, we'll choose Active Directory Domain Services.
[Video description begins] He clicks the check box for Active Directory Domain Services. A pop-up titled Add Roles and Features Wizard appears. It contains a list of Group Policy Management tools. Below the list, a check box is present for Include management tools (if applicable). It is selected by default. At the bottom, there are two buttons: Add Features and Cancel. [Video description ends]
There are several additional features required. We'll add all of those, and then click on Next.
[Video description begins] He clicks the Add Features button. The screen shifts back to the Select server roles page. The Features page opens. The heading is Select features. It has a list of features with check boxes. Group Policy Management is selected by default. [Video description ends]
And on the Features page, by default it adds in the Group Policy Management Console. That's not required, but I do recommend you leave it on so that you can access and configure group policies from this system as well. So let's just click on Next.
[Video description begins] The AD DS page opens. The heading is Active Directory Domain Services. It has a section titled Things to note. [Video description ends]
And then it does tell you some considerations, if you will, on this page. Things to note, it says, to help ensure that users can still log on to the network in the case of a server outage, install a minimum of two. So that just reiterates what I just said, you should always have at least two. And Active Directory requires a DNS server to be installed on the network.
Now, in my case, where I already have Active Directory, I already have DNS because you cannot have Active Directory without DNS. But, there's no harm in installing DNS on this server as well, okay? Now, if you didn't have one at all, you would be prompted to install the DNS server on this machine. So in other words, if you were just starting from scratch, you would have to set up a DNS server. Okay, so we can just click Next here. And this, in and of itself, will not require a restart.
[Video description begins] The Confirmation page opens. The heading is: Confirm installation selections. There is a check box for Restart the destination server automatically if required. Below it, the selected Group Policy Management tools are listed. [Video description ends]
But once we configure the system as a domain controller, it will. So we can go ahead and just click on Install. This will still take a few minutes so we'll just pause and let this part complete.
[Video description begins] He clicks the Install button. The Results page opens. The installation begins. [Video description ends]
Then we'll come back and we'll complete the configuration and make this system a domain controller.
[Video description begins] The installation completes. The following link appears: Promote this server to a domain controller. [Video description ends]
Okay, so the feature installation has completed. So now we can take a look at the second part, if you will, which is to promote this server to a domain controller. And it does give you a link for that right here in this window. But if you were to close this, that's fine.
[Video description begins] He clicks the Close button. The screen shifts back to the Server Manager Dashboard. In the navigation pane, the following option appears: AD DS. [Video description ends]
There is a notification here whereby it also tells us that you need to promote this server to be a domain controller. So this post deployment configuration is necessary, okay?
[Video description begins] He clicks the notification icon on the menu bar. The notification drop-down appears. It reads: Post-deployment Configuration. The following link is present below it: Promote this server to a domain controller. [Video description ends]
And, in fact, even if you were to dismiss this, over on the left-hand side, it now shows AD DS, or Active Directory Domain Services. And if we click here, it also says, Configuration is required, we can click More.
[Video description begins] In the navigation pane, he clicks on AD DS. A page for it opens in the center pane. It has the following sections: Servers and Events. The following information is displayed under Servers: Configuration requested for Active Directory Domain Services at SRV0474. A More link is present beside it. Below the information, a table is present with the following columns: Server Name, IPv4 Address, Manageability, Last Update, and Windows Activation. It contains a server named SRV0474. [Video description ends]
[Video description begins] He clicks the More link. A pop-up titled All Servers Task Details appears. The heading is All Servers Task Details and Notifications. It has a table with the following columns: Status, Task Name, Action, etc. The Task Name is Post-deployment Configuration. The Action column has the following link: Promote this server to a domain controller. [Video description ends]
And we see the same link, Promote this server to be a domain controller.
[Video description begins] He closes the pop-up. The screen shifts back to the Server Manager AD DS page. [Video description ends]
So, any one of those is fine, but clearly, this is what needs to be done now. So let's go ahead and click Promote this server to be a domain controller.
[Video description begins] He clicks the notification icon on the menu bar. The notification drop-down appears. He clicks on the link. An Active Directory Domain Services Configuration Wizard appears. On the left, it has the following stages: Deployment Configuration, Domain Controller Options, Additional Options, etc. Currently, Deployment Configuration is open on the right. For deployment operation, it has three options with radio buttons. Add a domain controller to an existing domain is selected by default. The Domain is set as diallonics.com. The current user is: DIALLONICS\pcadmin. At the bottom, the following buttons are present: Previous, Next, Install, and Cancel. [Video description ends]
And here is where you see some of the options to set up a new domain or a new forest. So again, in my case, I just want to add a domain controller to the existing domain. The existing domain is already there. The current user that I'm using is administrative so I can just click on Next.
[Video description begins] The Domain Controller Options page opens on the right. For domain controller capabilities and site information, there are three options with check boxes. Currently, the following options are selected: Domain Name System (DNS) server and Global Catalog (GC). The Site name is set as Default-First-Site-Name. Below it, for Directory Services Restore Mode (DSRM), input fields are present for Password and Confirm password. [Video description ends]
Then again, in terms of these additional options, this really would depend on the current state of your organization. So, if you only had a single domain controller like I do here, then you would certainly want an additional DNS server as well. And possibly even another global catalog server.
This way you have at least two of all of them. Okay, so I'm going to leave those as they are. I'm going to leave the Default-First-Site-Name as it is, I haven't done any site configuration here. So all I need to do is set password for the Directory Services Restore Mode, if I needed to do a restore. So we'll just enter that in. And confirm of course.
[Video description begins] In the input fields for Password and Confirm password, he enters the required values. [Video description ends]
And click on Next.
[Video description begins] A page titled DNS Options opens. The following information is displayed at the top: A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found. A Show more link is present next to it. Below these, a check box is present for Update DNS delegation. [Video description ends]
Now, there are some DNS options here. And in fact, it tells me that a delegation for this DNS server cannot be created because the authoritative parent zone cannot be found. Now, we can correct this after the fact. So this isn't really an error per se. But if you click the Show more button, it just tells you a little bit more about this.
[Video description begins] He clicks the Show more link. A pop-up titled DNS Options appears. An OK button is present at the bottom. [Video description ends]
And, it really comes down to ensuring reliable name resolution from outside the domain. Otherwise, no action is required. Okay, so this isn't an error, it's just a notification. So we can click on OK, and just click on Next.
[Video description begins] A page titled Additional Options opens. It has the following section: Specify Install From Media (IFM) Options and Specify additional replication options. Under Specify Install From Media (IFM) Options, a check box is present for Install from media. Under Specify additional replication options, a drop-down is present for Replicate from. It is set as Any domain controller. [Video description ends]
Now in terms of the replication, this is where it gets all of its Active Directory information. So, any other domain controller already has that information. So we can just leave this as its default as well. But you can hit the drop down here. And you could explicitly choose which domain controller if, from a networking perspective, any one of these was a little bit closer than any other. I only have one, so I'll leave it at the option to choose Any domain controller.
[Video description begins] He clicks on the drop-down for Replicate from. Another option appears: DC0421.diallonics.com. [Video description ends]
Click on Next. Then you can specify paths for the Active Directory database, the log files and the SYSVOL folder.
[Video description begins] A page titled Paths opens. It has input fields for Database folder, Log files folder, and SYSVOL folder. The path for Database folder and Log files folder is set as C:\Windows\NTDS. The path for SYSVOL folder is set as C:\Windows\SYSVOL. [Video description ends]
Again, I'm just going to go with defaults. Click on Next, review the options.
[Video description begins] A page titled Review Options opens. It has a section titled Review your selections. The following details are displayed here: Site Name, Additional Options, Source domain controller, etc. [Video description ends]
Click on Next, and there's going to be a prerequisite check here.
[Video description begins] A page titled Prerequisites Check opens. The following message is displayed at the top: All prerequisites checks passed successfully. Click 'Install' to begin installation. At the bottom, four buttons are present: Previous, Next, Install, and Cancel. [Video description ends]
Again, a couple of warnings, if you will, about Windows Server 2019 domain controllers. Having a default for the security setting named, Allow cryptography algorithms compatible with Windows NT 4.0 that prevents weaker cryptography algorithms, okay? It's just letting you know. Then it's also reiterating the DNS delegation for this DNS server.
So we saw that earlier, but up above, it says that all prerequisite checks have passed successfully. So we can go ahead and click on Install. This will take a few minutes and this one does require a reboot. So, we'll pause one more time. And we'll let this complete and then we'll come back and verify that we are seeing all of the Active Directory Domain Services component successfully installed.
[Video description begins] A page titled Installation opens. The installation process begins. [Video description ends]
All right, so the promotion of the domain controller has completed and everything has rebooted.
[Video description begins] He shifts back to the Server Manager Dashboard. [Video description ends]
So, really, the fastest way to check for all of your Active Directory components is to just go to your Tools menu. And, you should now see several tools beginning with Active Directory.
[Video description begins] In the menu bar, he clicks on Tools. A list of tools appears. Some of these are: Active Directory Administrative Center, Active Directory Domains and Trusts, Active Directory Users and Computers, etc. [Video description ends]
So, let's just quickly check Active Directory Users and Computers. And as long as our interface comes up, and we are seeing the domain
with all of the user accounts and the computer accounts there, then this promotion to a domain controller has succeeded, okay?
[Video description begins] A window titled Active Directory Users and Computers appears. It has a menu bar with the following options: File, Action, View, and Help. A tool bar is present with the following options: Backward, Forward, filter, etc. On the left, there is a navigation pane. It contains a folder named Saved Queries and a domain named diallonics.com. [Video description ends]
[Video description begins] In the navigation pane, he clicks on diallonics.com. It expands to show the following list of folders: Builtin, Computers, Users, etc. He clicks on computers. A page for it opens in the center pane. It contains a list of items with their Type. [Video description ends]
So again, when it comes to installing Active Directory itself as a role, there's not all that much to it. But then you need to decide what kind of configuration you want to set up for this particular server. Again, with respect to it being an additional domain controller or if you are going to set up a new domain or a new domain in an existing forest.
Installing DHCP
Continuing with adding roles to our server, in this demonstration, we'll take a look at adding the DHCP role, or Dynamic Host Configuration Protocol to allow this system to allocate IP address configurations to client systems.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open. [Video description ends]
So like every other role, we can get started by going to the dashboard page of Server Manager, and just click Add roles and features.
[Video description begins] The Add Roles and Features Wizard opens. [Video description ends]
Click on Next, Next again and Next again and the role is simply DHCP Server.
[Video description begins] Step 2: Installation Type opens. It has two options with radio buttons: Role-based or feature-based installation and Remote Desktop Services installation. The first option is selected by default. Step 3: Server Selection opens. It has two options with radio buttons. Select a server from the server pool is selected by default. A section titled Server Pool is present below it. [Video description ends]
[Video description begins] Step 4: Server Selection opens. It has a list of Roles with checkboxes. Some of these are: Active Directory Domain Services, DHCP Server, DNS Server, etc. The checkboxes for Active Directory Domain Services, DNS Server, File and Storage Services, and Print and Document Services are selected. He selects the check-box for DHCP Server. A pop-up titled Add Roles and Features Wizard appears. It has the following tools listed: Remote server Administration Tools, Role Administration Tools, and DHCP Server Tools. Below it, there is a check box for Include management tools. It is selected by default. At the bottom, two buttons are present: Add Features and Cancel. [Video description ends]
Then as per usual, we will add in the required features as well, then click on Next.
[Video description begins] He clicks the Add Features button. The screen shifts back to Step 4: Server Roles. On the left, a step named DHCP Server appears below the Features step. Step 5: Features opens. It has a list of features with checkboxes. Here, the check-box for Group Policy Management is selected. [Video description ends]
And on the Features page, there is nothing else that's required for DHCP, so we can just click Next again. And it gives you a couple of things in terms of considerations.
[Video description begins] Step 6: DHCP Server opens. [Video description ends]
You should configure at least one static IP address on this computer, which I do have. And before installing it, you should plan your subnets, scopes and exclusions and store that plan in a safe place. Now, if you haven't done any of that, it's still fine to install the service, because you don't have to do any configuration at this point.
In fact, we'll see once this completes in the post configuration tasks, that we can actually just leave this server in what's known as a deauthorized state whereby it's not allowed to hand out any IP address configuration. So again, it's fine to install the role and not really do anything with it yet. So let's just click on Next and we can go ahead and choose Install.
[Video description begins] Step 7: Confirmation opens. It shows the summary of selected features. He clicks the Install button. Step 8: Results opens. The installation begins. [Video description ends]
Now, as mentioned, there is certainly post installation tasks that will have to be done to set things up. Most notably, you have to set up the scopes. But when this completes, you also have to set up some security groups and they will be done automatically, you just have to complete the wizard. But in terms of actually getting the server to a functional state, you certainly have to create some scopes.
Now, we'll see that in an upcoming demonstration, so we won't bother with that for the time being. And this installation shouldn't take too much longer. So we'll just give this a few seconds, and actually there it is. So there is a link here already that says to complete the DHCP configuration. So let's just go ahead and click on that.
[Video description begins] A pop-up titled DHCP Post-Install configuration wizard opens. On the left, it has the following steps: Description, Authorization, and Summary. Step 1: Description is open. At the bottom, four buttons are present: Previous, Next, Commit, and Cancel. [Video description ends]
And here, it tells you that you need to create the following security groups for the delegation of DHCP Server Administration, DHCP Administrators and DHCP Users, okay? So that's going to be configured automatically. And then there's the Authorization option. So let's just click on Next, and here's the option for Authorization.
[Video description begins] Step 2: Authorization opens. It has the following options with radio buttons: Use the following user's credentials, Use alternate credentials, and Skip AD authorization. Use the following user's credentials is selected by default. It has an input box for User Name. It is set as DIALLONICS\pcadmin. [Video description ends]
So you can authorize using the account that you're using right now or you can use alternate credentials if you don't have the permissions, or you can, in fact, skip the authorization.
[Video description begins] He selects the radio button for Skip AD authorization. [Video description ends]
So that's sort of the safe play if you really aren't certain as to what the configuration will be. Maybe you just want to configure a test server as well. So in either case, if you skip the authorization, this system is essentially not allowed to hand out IP address configurations to clients. So again, that keeps things a little safer for now. So we can click on Commit here to complete this.
[Video description begins] He clicks the Commit button. Step 3: Summary opens. The creation of security groups begins. A Close button appears at the bottom. [Video description ends]
And as mentioned, it will actually create those security groups for you. And we do have to at least restart the DHCP server service, okay, for everything to go into effect. If you want to reboot the entire server that's certainly fine, but it really only needs a service restart. So we can just click on Close and Close again in the installation wizard.
[Video description begins] The screen shifts back to the Server Manager Dashboard. [Video description ends]
And then you can just go to your services console or reboot whatever you like, but that is the only thing that's really necessary to complete the installation of DHCP.
DHCP Scopes and Options
Now that we have the DHCP role successfully installed on our server, in this demonstration, we'll take a look at configuring a scope or a pool of addresses that can be allocated to our client systems. So from the Server Manager Dashboard, you can just click the Tools menu, then choose DHCP.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open. [Video description ends]
Now, I've already opened that.
[Video description begins] A DHCP console window opens. It has a menu bar with the following options: File, Action, View, and Help. A toolbar is present with the following icons: Go Backward, Go Forward, New Folder, etc. It has a navigation pane with a domain named srv0474.diallonics.com. It expands to show a list of folders. An Actions pane is present on the right. [Video description ends]
So here is the administrative interface. And in a practical Active Directory environment, the first thing you'll need to do if you want to use this server is to authorize it. And this helps to prevent rogue DHCP servers from just popping up.
Now, I've already done that, but all you have to do is right click directly on the server. And then just choose Authorize, mine says Unauthorize because it's already been authorized, but you can unauthorize at any time if you need to. So with that done, we can take a look at setting up the scope. And in this case we'll use IP version 4. So you can just right click that protocol, and choose New Scope.
[Video description begins] A New Scope Wizard opens. Back, Next, and Cancel buttons are present at the bottom. [Video description ends]
A wizard pops up, so we'll click Next.
[Video description begins] In the same window, the heading changes to Scope Name. There are input fields for Name and Description. [Video description ends]
And let's just call this MyScope. And in a practical environment, I do recommend you give it a meaningful description, but for the time being let's just click Next.
[Video description begins] The heading changes to IP Address Range. There are two sections: Configuration settings for DHCP Server and Configuration settings that propagate to DHCP Client. Under Configuration settings for DHCP Server, input fields are present for Start IP address and end IP address. Under Configuration settings that propagate to DHCP Client, there are input fields for Length and Subnet mask. [Video description ends]
And for the IP address range, I'm going to use 10.40.4.150 as the start address, and 10.40.4.200 as the ending address, with a length of 24 bits or 255.255.255.0 for the subnet mask, click Next.
[Video description begins] The heading changes to Add Exclusions and Delay. There are input fields for Start IP address and End IP address. [Video description ends]
And I'm not concerned with any exclusions and/or delays of transmission. So we'll just leave this page blank, click on Next.
[Video description begins] The heading changes to Lease Duration. Three spinners are present for Days, Hours, and Minutes. [Video description ends]
The lease duration is by default eight days. You can set that really to whatever you like. I'm going to leave it at its default, and click Next.
[Video description begins] The heading changes to Configure DHCP Options. There are two options with radio buttons under the following question: Do you want to configure the DHCP options for this scope now? [Video description ends]
And in terms of the options, you would almost always want these configured. You don't have to do it now, but it does give you the option to do so, so we might as well. And primarily, what you'll want to enter here is a DNS server and a default gateway.
If you still use the WINS service, then that is an option as well. But that is becoming less and less common in most environments these days. So let's say Yes, to configure these options now and click on Next.
[Video description begins] The heading changes to Router (Default Gateway). An input field is present for IP address. Below it, a display box is present. Add, Remove, Up, and Down buttons are present beside it. [Video description ends]
The default gateway is first, so we'll enter the value for that, 10.40.4.1. And click on Add, choose Next.
[Video description begins] The heading changes to Domain Name and DNS Servers. An input field is present for Parent domain, Server name, and IP address. A display box is present below IP address. Add, Remove, Up, and Down buttons are present beside it. [Video description ends]
And the parent domain will likely get picked up if this server is already a member of the domain, or particularly if it's a domain controller, or maybe a DNS server. But if nothing is here, just enter in the name of the domain, and the name of a server to use as the DNS server.
[Video description begins] Currently, Parent domain is set as diallonics.com. [Video description ends]
Now, this particular system in fact is the same one that we used earlier to install Active Directory on. So it's picking up the primary DNS server for this Active Directory domain as well as itself, that's why these two options are already there. But you could put in any server name here. So just for the sake of argument, I'll put in the domain controller, the primary domain controller if you will, the first one that was installed which is 0421.
[Video description begins] In the input field for Server name, he types dc0421. A Resolve button is present below it. [Video description ends]
And I'll click the Resolve button, and the IP address comes in automatically.
[Video description begins] 10.40.4.21 appears in the input field for IP address. [Video description ends]
Now that entry is already there, so I won't bother adding anything. But really that's all you need to do, it's just to enter the name of a valid DNS server and click Resolve, as long as your DNS is already set up, that should work. Click Next, and here's the WINS option which is not in use in this network.
[Video description begins] The heading changes to WINS Servers. There are input fields for Server name and IP address. [Video description ends]
So we'll leave that blank and click Next.
[Video description begins] The heading changes to Activate Scope. It has the following question: Do you want to activate the scope now? Under it, two options are present with radio buttons. [Video description ends]
And in terms of activation, if you were to activate now, then it will go into effect and clients will start requesting addresses from this server, okay? So I'm going to leave this deactivated just to ensure that it does not allocate any addresses.
[Video description begins] He selects the radio button for No, I will activate this scope later. [Video description ends]
And then click on Next, and then Finish.
[Video description begins] The heading changes to Completing the New Scope Wizard. A Finish button appears at the bottom. [Video description ends]
Okay, so the scope has been created.
[Video description begins] The wizard closes. The screen shifts to the DHCP window. In the navigation pane, under IPv4, a folder named Scope [10.40.4.0] My Scope appears. [Video description ends]
The little red arrow, it might be a little bit hard to see, but that indicates that it is currently inactive. And if you still have changes or any additional configuration that you want to do, then I do recommend even in a practical environment to leave it deactivated until you're certain everything is ready to go.
So it's no harm to create the scopes and just leave them in this deactivated state. Once you are ready, you can right click, and you can just choose to Activate at any point in time, okay? So we'll just leave it deactivated for the time being. We will see some additional options in our next demonstration, but that is how you can get started, with setting up a DHCP scope.
DHCP Reservations
Now in this video, we'll take a look at setting up a reservation in a DHCP scope. And you can access this by just selecting your scope and choosing Reservations.
[Video description begins] A DHCP console opens. It has a menu bar with the following options: File, Action, View, and Help. A tool bar is present with the following icons: Backward, Forward, New Folder, etc. On the left is a navigation pane. It contains a domain named srv0474.diallonics.com. It expands to show a list of folders. Currently, under the Scope folder, Address Pool is selected. A page for it is open in the center pane. An Action pane is present on the right. In the navigation pane, under the Scope folder, he clicks on Reservations. A page for it opens in the center pane. [Video description ends]
And it tells you that a reservation ensures that a DHCP client is always assigned the same IP address. So let's quickly go back to the Address Pool here and, in my case, the starting address is 10.40.4.150.
[Video description begins] He shifts back to the Address Pool page. It has a table with the following columns: Start IP Address, End IP Address, and Description. It contains one row of data. [Video description ends]
And the ending address is 10.40.4.200. So a client receiving an address from this scope can get anything within that range, okay? And I will tell you that once a client gets an address, it tends to like to reuse the same one over and over again, but there's no guarantee. It depends on the lease duration, and if any given system is on or off when the lease expires, so it's possible that it can change quite simply. So if you then have clients that should get the same address all the time, this is where the reservation becomes useful.
Now that said, I will tell you that it's not necessary to use reservations, it probably would just come down to the numbers. If, for example, you were in a smaller environment, and let's just imagine you had five servers that should always have the same IP address configuration. Well, it wouldn't take much to just statically configure those servers and ensure that they always have the same address by just not making them DHCP clients in the first place.
But if you had dozens or possibly even hundreds of systems, that should be DHCP clients so that they do obtain their configuration automatically. But then they should still have the same address, then this is where the reservations certainly become useful.They still request an IP address configuration from the DHCP server and they get the default gateway and the DNS server and whatever other options you've configured, but they always get the same address, okay? So, to set up your reservation, you can just right click and choose New Reservation. But before we do this, you do need to uniquely identify the target system.
[Video description begins] In the navigation pane, he right-clicks on Reservations. The following options appear: New Reservation, View, Refresh, and Help. [Video description ends]
So to do that, you need a unique value, which in the case of DHCP is the MAC address. Now if you don't know the MAC address and the system is remote from you, you can obtain it, there are a couple of different ways but here's a fairly simple option. If you just go to your command prompt and ping the target system, as long as you get a reply, then you have its MAC address.
[Video description begins] He shifts to a terminal window . The command prompt is: C:\Users\pcadmin>. The following command is present at the top: ping srv0473. An output for it is present. Below it, there is another command: arp -a. A table is displayed below it. It has the following columns: Internet Address, Physical Address, and Type. It contains a list of IP addresses. [Video description ends]
So I've already done that, okay, I got my reply. Then you can type in arp, for address resolution protocol, space -a, and it will show you the ARP cache. So there is the IP address of the system that I pinged, and there is its MAC address. So all I did was to copy this and now I can just paste it in to the reservation, okay?
[Video description begins] In the table, he points at the following IP address: 10.40.4.73. He then points at its Physical Address: 00-50-56-be-cd-53. [Video description ends]
[Video description begins] He shifts back to the DHCP Console. [Video description ends]
So let's right-click on Reservations, choose New Reservation. And for the name, I do recommend that you include the name of the target system.
[Video description begins] A pop-up titled New Reservation appears. It has the following fields: Reservation name, IP address, MAC address, and Description. For Supported types, the following three options are present with radio buttons: Both, DHCP, and BOOTP. Both is selected by default. Add and Cancel buttons are present at the bottom. [Video description ends]
So in my case, I'm just going to go with SRV0473, and the address I'll assign will be 4.73, okay.
[Video description begins] He sets the Reservation name as SRV0473. [Video description ends]
[Video description begins] He sets the IP address as 10.40.4.73. [Video description ends]
Now, in my case and bear in mind that this is just a lab environment, this value is outside of the range of the scope. Now, that's fine, that will work. But usually what you're wanting to do is set up the range of addresses and then just say, this value, this value, that value and so on, will be reserved for certain clients. So usually, reservations are within the range of the scope, okay?
But, again, this is just a lab environment, for the sake of argument we'll just leave it at that. But here of course we need the MAC address, so I could just right click, and paste and there it is. I'll leave the supported types at both for DHCP and BOOTP, click Add, and that's it. I can click on Close and there is the reservation, okay?
[Video description begins] He shifts back to the DHCP Console. In the navigation pane, under Reservations, a folder named [10.40.4.73] SRV0473 appears. He clicks on it. A table with the following columns appears in the center pane: Option Name, Vendor, Value, and Class. It contains three items. [Video description ends]
So again, you can create as many reservations as you want. And the benefit is that they still get the options that are configured within the scope, the router, the DNS server, the DNS name, and whatever else has been configured. But now you can be confident that they will always get the same IP address. Now before we finish here, I do also want to mention one quick point about reservations, where I have encountered a little bit of confusion.
When you create the scope in the first place, it asks you if you want to exclude any addresses from the scope so that they aren't handed out at all. And I have found that some people tend to think that once you create the reservation, you must then also exclude it from the scope so that it's not assigned to any other client. That is not the case, okay?
The reservation ensures that this client gets that IP address, no other system will. If you create an exclusion, it means that that address is not handed out at all, that's what exclusion means, okay? So do not confuse the two. If you create a reservation and you want it to be allocated, it cannot be excluded from the pool, okay? So, that's how you can go about setting up your reservations. And again, just bear in mind, you always need that MAC address to be able to ensure that this particular system will always get that IP address.
Installing DNS
Now in this video, we'll take a look at installing the DNS role onto a server.
[Video description begins] The Server Manager window opens. The Dashboard page is currently open in the center pane. [Video description ends]
And I have switched off to a different server because the one we were using in all previous demonstrations had the Active Directory Domain Services role installed. In other words, it became a domain controller, and DNS is already on that server. So this is just a member server, and it does not have DNS, so we can get started by just clicking Add roles and features from our Server Manager dashboard page.
[Video description begins] The Add Roles and Features Wizard appears. On the left, it has the following steps: Before you Begin, Installation Type, Server Selection, etc. Currently, step-1: Before you Begin is open on the right. At the bottom, there are four buttons: Previous, Next, Install, and Cancel. [Video description ends]
And just click next a few times to select this local server.
[Video description begins] Step 3: Server Selection appears. There are two options with radio buttons. The following option is selected by default: Select a server from the server pool. A section titled Server Pool is present below it. It contains a server named SRV0473.diallonics.com. [Video description ends]
And of course the role then is just DNS server. This prompts for some remote administration tools.
[Video description begins] He clicks the Next button. Step 4: Server roles appears. It has a list of Roles with check boxes. Some of these are: Active Directory Domain Services, DHCP Server, DNS Server, etc. He selects DNS Server. A pop-up titled Add Roles and Features Wizard appears. The following tools are listed here: Remote server Administration Tools, Role Administration Tools, and DNS Server Tools. Below it, a check box is present for Include management tools (if applicable). It is selected by default. At the bottom, two buttons are present: Add Features and Cancel. [Video description ends]
We'll add those features and click Next.
[Video description begins] He clicks the Add Features button. The screen shifts back to Step 4: Server roles. Step 5: Features appears. It has a list of features with check boxes. [Video description ends]
And we leave the feature as it is and click next.
[Video description begins] Step 6: DNS Server appears. It has a section titled Things to note. [Video description ends]
And then it does tell you a few things to note. It says that DNS server integration with Active Directory domain services automatically replicates DNS data along with other directory service data making it easier to manage. Now that is absolutely true. But again, there's a little bit of confusion I find sometimes with this idea.
It will replicate the DNS server information to other servers provided those other servers are also domain controllers, okay? So in other words, what you can have is an Active Directory integrated DNS zone, meaning all of the information that is configured for DNS is stored within the Active Directory. But Active Directory information only replicates to other domain controllers.
It does not replicate to non-domain controllers. This system is not a domain controller, okay? So to get the information to replicate to this system, you need to use what's known as zone transfers. Now we will see that in our next demonstration.
So I'm not going to bother with any more on that point for the time being. But I do want to reiterate, this server is not a domain controller. It therefore does not receive any DNS information from our existing DNS structure, okay? We'll set that up later, but we can certainly still add the role. So, we'll click on Next and choose Install, okay?
[Video description begins] Step 7: Confirmation appears. There is a check box for Restart the destination server automatically if required. Below it, the selected DNS Server tools are listed. Step 8: Results appears. The installation begins. [Video description ends]
And if you have a very large complex DNS configuration, the transfer of the zones can take a bit of time. But just installing the feature shouldn't take all that long. And I don't believe this requires a reboot either. So we'll just let this feature complete the installation and just verify that everything succeeded here, but again, that's just all you need to do.
And while we're waiting for this, I should also point out that you can have as many DNS servers as you like. And like most other services, it is absolutely recommended that you have more than one. Now that said, if you already have two domain controllers, like I do, and they are both DNS servers, like mine are, then you already have two DNS servers.
So there's already some resiliency there, but it still doesn't hurt to have another one, okay? And again, in this case, this will be a DNS server that is not a domain controller. So if for some reason we were to lose both domain controllers, that would still cause some problems for sure.
But this DNS server in and of itself would still be working, okay? So again, it's certainly not a bad idea to have a fair amount of redundancy setup when it comes to DNS as it's a very necessary service in Active Directory. So, that has completed successfully, so we can just click on Close.
[Video description begins] The screen shifts back to the Server Manager Dashboard page. [Video description ends]
And if we go to the Tools menu now, we should see DNS is available. So as mentioned, we'll take a look at the zone configuration in an upcoming demonstration.
DNS Zones
Okay, in this demonstration, we'll take a look at setting up DNS zones. But before we get to that, I would like to point out the difference between DNS servers that are domain controllers and DNS servers that are not.
[Video description begins] A DNS Manager window opens. It has a menu bar at the top with the following options: File, Action, View, and Help. A tool bar is present with the following buttons: Back, Forward, Help, etc. In the navigation pane, under SRV0473, an folder named Forward Lookup Zones is selected. [Video description ends]
Now, I'm currently on a DNS server that is not a domain controller. This is the one that was just used in the previous demonstration to simply install the role. And I've just launched the DNS Manager for the first time. And there are no Forward Lookup Zones present, okay? So that, if you will is, let's just call it the standard type of zone whereby you know the name of a system, but not its IP address.
A reverse lookup zone is effectively the exact opposite, you know the IP address, but you don't know the name. So most of the time, we know the name, that's a forward lookup zone. And again on this newly installed server, there are no forward lookup zones, okay? But I also have the system that is a domain controller here. Let me just switch over to it, here it is and I did not configure anything on this server in terms of DNS.
[Video description begins] A second DNS Manager window opens. In the navigation pane, under Forward Lookup Zones, two zones are present: _msdcs.diallonics.com and diallonics.com. The same two zones are listed in a table present in the center pane with the following columns: Name, Type, Status, etc. [Video description ends]
All I did was to install Active Directory on to this server and I did choose to add the DNS role. But I didn't configure any zones at all. Yet, there is already a forward lookup zone on this system due to Active Directory replication, okay? And note, the type of the zone here for our test domain, it says Active Directory-Integrated and that is a Primary zone.
Okay, that's fine, it is still a primary zone, meaning that I can make changes directly on this server. But the fact that it is Active Directory-Integrated means that any changes I make will propagate to all other DNS servers that are also domain controllers, okay? But these changes do not propagate to DNS servers that are not domain controllers. And clearly, that is exactly what I have here. This is the non-domain controller and there are no zones whatsoever, okay?
[Video description begins] He shifts to the first DNS Manager window. [Video description ends]
So I can create whatever zones I want to on either server. It's perfectly fine to host more than one DNS zone. But if I do it on this system, then this will be the only system hosting this domain. Now, I could fire up another DNS server. And I could make a secondary zone on that server to act as a backup, if you will, to the primary zone on this server. I can also make a secondary zone on this server that is still a backup to the Active Directory-Integrated zone on the other DNS server that is a domain controller.
But it is still not going to receive changes automatically, at least not through Active Directory replication. It has to receive the changes through what's known as zone transfers, okay? So let's take a quick look at some of the options that are available. And/or perhaps that aren't available on this non-domain controller DNS server. So for starters, to create a forward lookup zone, I can just right-click Forward Lookup Zones and choose New Zone.
[Video description begins] A New Zone Wizard appears. It has two buttons: Next and Cancel. [Video description ends]
A wizard appears, I can just click on Next.
[Video description begins] The Wizard heading is Zone Type. There are three options: Primary zone, Secondary zone, and Stub zone. Primary zone is selected by default. A check box is present at the bottom to store the zone in Active Directory. Currently, it is unavailable. There are three buttons at the bottom: Back, Next, and Cancel. [Video description ends]
So here's the first option that, if you will, is not available. I can create a primary zone, which means it can be updated directly on this server. But note that the option to store the zone in the Active Directory is not available. And it tells you, it's only available if the DNS server is a writable domain controller, okay? So there is an option that is not available on a non-domain controller DNS server. Let's quickly switch back to the domain controller.
[Video description begins] He shifts to the second DNS Manager window. [Video description ends]
And if I right-click to create a New Zone here and choose Next, I absolutely can create a primary zone.
[Video description begins] In the navigation pane, he right-clicks on Forward Lookup Zones. A list of options appears. He clicks on New Zone. The New Zone Wizard appears. [Video description ends]
And by default, it is going to be stored in the Active Directory.
[Video description begins] The Wizard heading is Zone Type. Primary zone is selected by default. The check box to store the zone in Active Directory is selected. [Video description ends]
Now, you can turn that off, okay, it does not have to be an Active Directory-Integrated zone. That's up to you, but typically, you would want that. This ensures that all information with respect to this zone is replicated to all domain controllers. So it's very resilient in that regard. But you do still have the option to create a primary zone, again, that can be updated directly on the server.
But then not stored it in the Active Directory which then means what you should do is set up a secondary zone for the same DNS namespace on a separate server. And make sure that zone transfers are in place, okay? So again, if it's a domain controller, you can create a primary zone that is Active Directory-Integrated. If it's not a domain controller, you do not have the option to store in the Active Directory, okay?
[Video description begins] He clicks the Cancel button. The New Zone Wizard closes. [Video description ends]
[Video description begins] He shifts to the first DNS Manager window. The New Zone Wizard is open. [Video description ends]
But let's take a look at creating both a primary zone on this server that is not in the Active Directory and a secondary zone that is a copy of the Active Directory zone. Okay, so first we'll start with the primary zone. And we'll choose Next and let's just call this Test.com.
[Video description begins] The Wizard heading changes to Zone Name. An input box is present to enter Zone name. [Video description ends]
Click on Next, we'll create a file with the same name, Test.com.dns, choose Next.
[Video description begins] The Wizard heading changes to Zone File. There are two options. The first option is: Create a new file with this file name. An input box is present beneath it. It reads: Test.com.dns. The second option is: Use this existing file. An input box is present beneath it. [Video description ends]
[Video description begins] The Wizard heading changes to Dynamic Update. There are three options to select the type of dynamic updates. The first option is: Allow only secure dynamic updates (recommended for Active Directory). The second option is: Allow both nonsecure and secure dynamic updates. The third option is: Do not allow dynamic updates. Currently, the third option is selected. [Video description ends]
We won't worry about the dynamic updates option. But I will tell you quickly that the option to only allow secure dynamic updates is only available for Active Directory-integrated zones. So there's another option that's not available when you are not a domain controller. You can still have secure dynamic updates, but you have to allow both nonsecure and secure, okay? Again, I won't worry about it at this point, let's just click on Next for the default, choose Finish. That's it, okay, the zone has been created.
[Video description begins] The final page of the New Zone Wizard appears. It contains the following details: Name, Type, Lookup type, etc. There are three buttons at the bottom: Back, Finish, and Cancel. He clicks the Finish button. The New Zone Wizard closes. The first DNS Manager window is open. A new zone named Test.com, appears in the table in the center pane. [Video description ends]
Now, we'll talk about some of the actual records that you can create in our next demonstration. But there's the zone, now, as it stands, this is the only copy of that zone. So if this server were to go down, there would be no redundancy for that zone. So again, what I should do is now go to another DNS server and create a secondary zone for this same zone and designate this system as the master.
Okay, it will then transfer that information to the secondary server. So we can get an idea as to how that happens by creating a secondary zone on this server for the Active Directory-integrated zone. So let's right-click again, for Forward Lookup Zones, choose New Zone, click on Next.
[Video description begins] The New Zone Wizard appears. [Video description ends]
And we'll create a secondary zone here, which is a copy of a zone that exists on another server, okay?
[Video description begins] The Wizard heading is Zone Type. He selects the Secondary zone option. [Video description ends]
Click on Next, the name of our test domain here is dialonics.com, click on Next.
[Video description begins] The Wizard heading changes to Zone Name. [Video description ends]
So now it wants to know which DNS server is the master server, okay?
[Video description begins] The Wizard heading changes to Master DNS Servers. A table titled Master Servers is present. It has three columns: IP Address, Server FQDN, and Validated. Input fields are present under each column. Three buttons are present next to the table: Delete, Up, and Down. [Video description ends]
In my case, I'll put in the IP address, that's 10.40.4.21 and I'll hit Enter.
[Video description begins] In the first row of the table, he enters the following IP address: 10.40.4.21. [Video description ends]
That has been verified, click on Next, click on Finish and there it is, okay?
[Video description begins] The final page of the New Zone Wizard appears. It contains the following details: Name, Type, Lookup type, etc. There are three buttons at the bottom: Back, Finish, and Cancel. He clicks the Finish button. The New Zone Wizard closes. The first DNS Manager window is open. A second zone named diallonics.com, appears in the table in the center pane. [Video description ends]
So again, this is a secondary zone now and I would have to ensure that zone transfers are set up on the master server.
[Video description begins] He selects diallonics.com in the table. [Video description ends]
But that will now also send the information for that zone, not only to all other domain controllers, but to this server as well. So now, I've got even more redundancy for that domain. Okay, so that's how you can get started with creating your forward lookup zones on your DNS servers that are both domain controllers and non-domain controllers.
DNS Record Types and Zone Transfers
Okay, now that we have some zones set up on our DNS server, in this demonstration we'll take a look at configuring resource records, and we'll also take a look at setting up zone transfers.
[Video description begins] The DNS Manager window opens. In the navigation pane, a folder named Forward Lookup Zones is open. It contains the following zones: Test.com and diallonics.com. The same folders are listed in the center pane with their Type, Status, DNSSEC Status, and Key Master. [Video description ends]
In my case, on this particular server, I have a primary Forward Lookup Zone called Test.com, which, if you will, is a standalone zone. It's not a copy of any other zone, and likewise, I don't have any other redundant copies of this zone anywhere else.
[Video description begins] In the navigation pane, he clicks on Test.com. A page for it opens in the center pane. A table is displayed with the following columns: Name, Type, and Data. It contains two items. [Video description ends]
But I also have a secondary zone, that is acting as a backup, if you will, to the Active Directory integrated zone, that already exists in this environment.
[Video description begins] In the navigation pane, he clicks on diallonics.com. In the center pane, the following error appears: Zone Not loaded by DNS Server. [Video description ends]
But there's a red X on the name of the zone, indicating that it was unable to transfer the zone information, okay? So we'll see how to set that up, so that all of the records from the existing zone, will in fact transfer to this one. Now also since this one is a secondary zone, I cannot create records in this zone directly. They have to be created in the primary or the master zone.
Then they get transferred to this one. You can only create new records in a primary zone, okay? But that's exactly what my Test.com zone is. It is primary, so I can make changes directly right here. So you can just right-click on the zone, and as mentioned, the most common record types are Host or A, which stands for address, and that, quite simply, is just the name and the IP address.
[Video description begins] In the navigation pane, he right-clicks on Test.com. A list of options appears. [Video description ends]
The AAAA version is if you have TCP/IP version 6. We won't worry about that for the time being. Then a CNAME, which is a canonical name, is an alias, quite literally an alternate name for a server. Sometimes you want to refer to the same system, by more than one name. For example, if you have a mail server, you might want to call it mail.mydomain.com.
But if you are accessing that same system through web mail, you might also want to call it webmail.myserver.com, okay? That's an alias. It's the same system but two different names, and speaking of mail, that's the other record type that we'll see, which is the Mail Exchanger or MX record, and this is necessary, if you want public Internet-based mail, okay?
So again, we'll see all three of those. But I will also point out there are many types of DNS records. If you choose other DNS records here, there is quite a list, and you can just go through any one of them and select it, and it will give you a description down below.
[Video description begins] A pop-up titled Resource Record Type appears. It has a list of resource record types. A Description box is present below it. At the bottom, there are two buttons: Create Record and Cancel. [Video description ends]
So if you aren't particularly familiar with DNS record types, I do suggest that you take some time to go through this list and just see which ones might be applicable to you, okay? But let's just cancel this, and we'll create our first host record in the Test.com zone here, by right-clicking and choosing New Host.
[Video description begins] He clicks the Cancel button. The screen shifts back to the DNS Manager window. [Video description ends]
Okay, so we'll just make up a name.
[Video description begins] A pop-up titled New Host appears. It has input fields for Name, Fully qualified domain name, and IP address. Below these, a check box is present for Create associated pointer (PTR) record. Add Host and Cancel buttons are present at the bottom. [Video description ends]
Let's just call this TestComp1, and it automatically adds the name of the domain to the name, so its fully qualified domain name is TestComp1.Test.com, and then we'll just make up an IP address, okay? Let's just go with 10.10.10.10, and click Add Host, and that's it, okay?
[Video description begins] A dialog box titled DNS appears. It reads: The host record TestComp1.Test.com was successfully created. An OK button is present at the bottom. [Video description ends]
Now, I will also tell you, that you do not have to manually create records for every single system in the zone.
[Video description begins] He clicks the OK button. In the New Host pop-up window, he clicks the Done button. The screen shifts back to the DNS Manager window. The TestComp1 now appears in the table displayed in the center pane. Its type is Host. [Video description ends]
In many cases, you can have your client systems update the DNS server automatically. So if, for example, you have a DHCP server as well, then that DHCP server, will assign an IP address configuration to a client. It will say here is your IP address and here is the DNS server that you should use. Once it has that information, then the client can contact that DNS server and update the record itself, okay? That's dynamic updates. You can right-click on the zone, choose Properties, and right here, you can allow for dynamic updates.
[Video description begins] In the navigation pane, he right-clicks on Test.com. A list of options appears. [Video description ends]
[Video description begins] A pop-up titled Test.com Properties appears. It has the following tabs: Name Servers, WINS, Zone Transfers, General, and Start of Authority (SOA). The General tab is currently open. The Status is Running. The Type is Primary. The Zone file name is Test.com.dns. The Dynamic updates is set as None. At the bottom, four buttons are present: OK, Cancel, Apply, and Help. [Video description ends]
Now, Nonsecure and secure is the only option for a zone that is not an Active Directory integrated zone. If it's Active Directory integrated, then you can choose secure only, okay?
[Video description begins] He sets Dynamic updates as Nonsecure and secure. [Video description ends]
But by allowing that, as mentioned, clients will quite literally inform the DNS server, here I am. I have this name and I was given this IP address, and it will also update if for any reason the IP address might change. Okay, so anyway, I just wanted to point that out. But that's all there is to creating a host record.
[Video description begins] He clicks the Cancel button. The screen shifts back to the DNS Manager window. [Video description ends]
Now in terms of the alias, the CNAME record, this points to the same system, okay? It's just a different name for the same computer. So let's choose CNAME here, and the alias name will be, let's go with TestComputer1, okay, as opposed to TestComp1.
[Video description begins] In the navigation pane, he right-clicks on Test.com. A list of options appears. A pop-up titled New Resource Record appears. It has the following fields: Alias Name, Fully qualified domain name (FQDN), and Fully qualified domain name (FQDN) for target host. A Browse button is present next to Fully qualified domain name (FQDN) for target host. At the bottom, OK and Cancel buttons are present. [Video description ends]
So the fully qualified domain name, then for the target host will be TestComp1. We can just browse for this, okay?
[Video description begins] He clicks the Browse button. A pop-up titled Browse appears. It has the following fields: Look in, Records, Selection, and Record types. Look in is set as DNS. The SRV0473 server is present under records. At the bottom, OK and Cancel buttons are present. [Video description ends]
This is the server that we are querying here, this current server, this Forward Lookup Zone, this particular zone, and there is the host.
[Video description begins] He clicks on SRV0473. It expands to show a folder named Forward Lookup Zones > Test.com > TestComp1. [Video description ends]
Choose it, click on OK, click on OK and there it is, okay?
[Video description begins] The screen shifts back to New Resource Record. TestComp1.Test.com is now set as the Fully qualified domain name for target host. The screen shifts back to the DNS Manager window. An item named TestComputer1 of type Alias (CNAME) appears in the table displayed in the center pane. [Video description ends]
So this alias now points to this previous host of TestComp1. So either name can now be used to map to 10.10.10.10, okay? Now, in terms of the MX record, typically what I like to recommend here is that you still create a host record for the mail server, then the MX record just points to the host. So let's do this, let's right-click and choose New Host, and we'll call it MailSrv1, and we'll make up another IP address, 10.10.10.20, and we'll add that host, okay?
[Video description begins] In the navigation pane, he right-clicks on Test.com. From the list of options, he clicks on New Host. The New Host pop-up appears. [Video description ends]
[Video description begins] The Fully qualified domain name gets set as MailSrv1.Test.com. [Video description ends]
[Video description begins] The DNS dialog box appears. It reads: The host record MailSrv1.Test.com was successfully created. [Video description ends]
So we still want that host record for our mail server, but this is not going to designate this as a Mail Exchanger.
[Video description begins] He clicks the OK button. The screen shifts back to New Host. He clicks the Done button. The screen shifts back to the DNS Manager window. An item named MailSrv1 of type Host appears in the table. [Video description ends]
So we'll right-click, choose New Mail Exchanger, okay, and we can just Browse for that host.
[Video description begins] In the navigation pane, he right-clicks on Test.com. [Video description ends]
[Video description begins] In the navigation pane, he right-clicks on Test.com. A pop-up titled New Resource Record appears. It has the following fields: Host or child domain, Fully qualified domain name (FQDN), Fully qualified domain name (FQDN) of mail server, and Mail server priority. A Browse button is present next to Fully qualified domain name of mail server. At the bottom, OK, Cancel, and Help buttons are present. The Browse pop-up appears. [Video description ends]
So let's do the browse again. Double-click the server, double-click Forward Lookup Zone, double-click this zone, and then choose the host.
[Video description begins] Under Records, he clicks on SRV0473. It expands to show a folder named Forward Lookup Zones. It contains a folder named Test.com. He clicks on it. It has a file named MailSrv1. [Video description ends]
Click on OK, click on OK, and that's it.
[Video description begins] The screen shifts back to New Resource Record. [Video description ends]
There is your MX record, okay?
[Video description begins] The screen shifts back to the DNS Manager window. An item of type Mail Exchanger appears in the table. [Video description ends]
So that's how you can manually create records in your primary zone. But as mentioned, let's take a look at zone transfers. There is already a zone that exists for this name, and we have to allow transfers to happen to this server for any records to get populated into this zone.
[Video description begins] In the navigation pane, he clicks on diallonics.com. [Video description ends]
So let's switch over to the primary copy of this zone, which I have right here, okay?
[Video description begins] He switches to another DNS Manager window. In the navigation pane, under Forward Lookup Zones, there are two folders: _msdcs.diallonics.com and diallonics.com. Currently, diallonics.com is selected. In the center pane a table is displayed with the following columns: Name, Type, Data, and Timestamp. [Video description ends]
This is the domain controller. This is the primary copy, if you will, so I can right-click on this one. Okay, so to set up the zone transfers, we can right-click on the zone and choose Properties, and there's two things that you will likely need to set here.
[Video description begins] In the navigation pane, he right-clicks on diallonics.com. A list of options appears. [Video description ends]
[Video description begins] A pop-up titled diallonics.com Properties appears. It has the following tabs: WINS, Zone Transfers, Security, General, Start of Authority (SOA), and Name Servers. The General tab is currently open. The Status is Running. The Type is Active Directory-Integrated. The Replication is All DNS servers in this domain. The Dynamic updates is set as Secure only. At the bottom, four buttons are present: OK, Cancel, Apply, and Help. [Video description ends]
The zone transfer, which is right there on the Zone Transfers tab. But I like to also use the Name Servers tab, here in terms of setting this up. Because what you can do in terms of the zone transfer is to allow zone transfers only two servers listed on the Name Servers tab. So what you are doing, is informing this zone, that there is another name server.
[Video description begins] He shifts to the Zone Transfers tab. It has a check box for Allow zone Transfers. He selects it. The following options with radio button appear: To any server, Only to servers listed on the Name Servers tab, and Only to the following servers. To any server is selected by default. Below these, a table is present with the following columns: IP Address and Server FQDN. Four buttons are present at the bottom: OK, Cancel, Apply, and Help. [Video description ends]
So you can do so by adding it to the list of name servers here, okay?
[Video description begins] He shifts to the Name Servers tab. It has a list of Server Fully Qualified Domain Name with their IP Addresses. Below it, there are three buttons: Add, Edit, and Remove. [Video description ends]
That way, transfers will be allowed to any and all servers listed here. Now you can explicitly create that list here, but I like using the option for the Name Servers tab because it does create specific records that say, these are my name servers.
[Video description begins] He shifts back to the Zone Transfers tab. [Video description ends]
These are the ones that are allowed, if you will, to resolve names. So once those are configured, then you just choose this option to enable the zone transfers, okay?
[Video description begins] He selects the following option: Only to servers listed on the Name Servers tab. [Video description ends]
So in fact, we can set that right now, but then let's go to the Name Servers tab, and we're going to add that other server. So click on Add, and a fully qualified name in my case is srv0473.dialonics, again the name of our lab here, .com, and we can just click Resolve to resolve that IP address.
[Video description begins] A pop-up titled New Name Server Record appears. It has an input field for Server fully qualified domain name. A Resolve button is present beside it. Below the input field, a table is present for IP Addresses of this NS record. It has two columns: IP Address and Validated. The following buttons are present next to the table: Delete, Up, and Down. OK and Cancel buttons are present at the bottom. [Video description ends]
Now it is showing an error, if you will, here, but it says, The server with this IP address is not authoritative for the required zone.
[Video description begins] The IP address for the given domain name appears in the table. The IP address is 10.40.4.73. [Video description ends]
That's fine. It doesn't need to be, okay? It's not the authoritative server because it's not the primary zone. It's just a backup, if you will. So for all intents and purposes we can ignore that. Click on OK, and now it is listed on the Name Servers tab.
[Video description begins] The screen shifts back to diallonics.com Properties. The domain name srv0474.diallonics.com now appears in the table present in the Name Servers tab. [Video description ends]
So again, just quickly going back to the Zone Transfers tab. We can tell it Allow zone transfers, Only to servers listed on the Name Servers tab. Now we can click on OK, and we have set up the zone transfer. Now this might take maybe a minute, maybe less, but let's just go back to the other server now, and let's see if we can initiate the zone transfer, okay?