Razne crtice iz pripreme za MSCA 70-410 (WIN 2012 R2) – deo 1
Domain Controller roles :
Ili FSMO roles (Flexible Single Master Operation), mogu se preneti na bilo koj DC u domenu.
* Schema master – DC responsible for performing updates to the directory schema
* Domain naming master – This DC is the only one that can add or remove a domain from the directory
* RID master – the single DC responsible for processing RID Pool requests from all DCs within a given domain. RID – relative ID vezan za dati server, i svaki server ima dozvoljenu količinu RID-ova. Kada mu ponestane, traži još od RID master DC servera.
* PDC emulator – necessary to synchronize time in an enterprise. The PDC emulator of a domain is authoritative for the domain. Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator.
Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
Account lockout is processed on the PDC emulator. At any time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
* Infrastructure master – DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC).
The global catalog is a distributed data repository that contains a searchable, partial representation of every object in every domain in a multidomain Active Directory Domain Services (AD DS) forest. The global catalog is stored on domain controllers that have been designated as global catalog servers and is distributed through multimaster replication. Searches that are directed to the global catalog are faster because they do not involve referrals to different domain controllers.
The global catalog is built and updated automatically by the AD DS replication system.
Security groups
Groups are characterized by a scope that identifies the extent to which the group is applied in the domain tree or forest. The following three group scopes are defined by AD :
* Universal – scope is all the domains in a AD forest
* Global – scope is a single domain
* Domain Local – assign permissions to LOCAL resources.
Neki cmdlets koji se često javljaju u pitanjima :
* Add-AdPrincipalGroupMembership – Adds a member to one or more Active Directory groups, adds a user, group, service account, or computer as a new member to one or more Active Directory groups.
* Install-AddsDomainController – Installs a domain controller in Active Directory
* Install WindowsFeature – Installs one or more roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2.
* Install AddsDomain – Installs a new Active Directory domain configuration.
* Rename-AdObject – Changes the name of an Active Directory object
* Set-AdAccountControl – Modifies user account control (UAC) values for an Active Directory account (user or computer), used to stop user from changing password
* Set-AdGroup – Modifies an Active Directory group properties, may be used to change SAM name of a group, or users who can manage this AD group.
* Set-User – on Exchange 2016, modify user attributes
* Add-NetLbfoTeamMember – Specifies if an account is enabled, Adds a new member (network adapter) to a specified NIC team.
* Send-SmigServerData – Migrates folders, files, and associated permissions and share properties from a source server to a destination server through port 7000. The destination server must be in the same subnet as the source server, and the cmdlet Receive-SmigServerData must be run on the destination server at the same time Send-SmigServerData is running on the source server.
* Add-AppxProvisionedPackage – Adds an app package (.appx) that will install for each new user to a Windows image.
* The Add-DhcpServerv6Reservation cmdlet reserves a specified IPv6 address for the client identified by the specified Dynamic Host Configuration Protocol (DHCP) v6 unique identifier (ID) (DUID) and identity association ID (IAID).
* The Remove-ADComputer cmdlet removes an Active Directory computer.
* Get-ADComputer – (LastLogon) daje podatke o restartu mašine u domenu
* Uninstall-addsdomaincontroller–forceremoval – removal of a DC
* To manage NIC teaming with Windows PowerShell, you use the cmdlets in the NetLbfoTeam module
* Set-AppLockerPolicy – Sets the AppLocker policy for the specified Group Policy object (GPO). When the Merge parameter is used, rules in the specified AppLocker policy will be merged with the AppLocker rules in the target GPO.
* Enable-PSRemoting – Configures the computer to receive remote commands.
* Enable-PSSessionConfiguration cmdlet enables registered session configurations that have been disabled
* New-NetSwitchTeam – Creates a new switch team.
* Set-VMNetworkAdapter – Configures features of the virtual network adapter in a virtual machine or the management operating system.
* Install-ADDSDomainController – Installs a domain controller in Active Directory.
* Install-ADDSDomain – Installs a new Active Directory domain configuration.
* Install-ADDSForest – Installs a new Active Directory forest configuration.
* Install-WindowsFeature – Installs one or more Windows Server roles, role services, or features on either the local or a specified remote server that is running Windows Server 2012 R2
* Set-Disk – Takes a Disk object or unique disk identifiers and a set of attributes, and updates the physical disk on the system.
* Remove-WindowsFeature ServerGui-Shell – When you uninstall “Server-GUI-Shell” you are left WITHOUNT File Explorer and IE10, but WITH MMC and Server Manager work.
* Add-DhcpServerv6Reservation – reserves a specified IPv6 address for the client identified by the DHCPv6 unique identifier and a DHCPv6 identity association ID.
* Set-VMNetworkAdapter – Configures features of the virtual network adapter in a virtual machine or the management operating system.
* Set-ExecutionPolicy – Changes the user preference for the Windows PowerShell execution policy.
* Dsget user – Displays the properties of a user in the directory. There are two variations of this command. The first variation displays the properties of multiple users. The second variation displays the group membership information of a single user.
* Set-DnsServerGlobalQueryBlockList – changes settings of a global query block list on a DNS server. If you need the DNS server to resolve names such as ISATAP (Intra-site Automatic Tunnel Addressing Protocol) and WPAD (Web Proxy Automatic Discovery Protocol), remove these names from the list.
* Set-DnsClientServerAddress – sets one or more IP addresses for DNS servers associated with an interface
* Start-DscConfiguration – applies (DSC) configuration to nodes (DSC – desired state configuration)
Hyper-V
* Virtual machine checkpoints (formerly known as virtual machine snapshots) capture the state, data, and hardware configuration of a running virtual machine. If the virtual machine has no checkpoints, you can change where these checkpoint files are stored. Do not expand a virtual hard disk when it is used in a virtual machine that has checkpoints. Doing so will make the checkpoints unusable. To change a VMs checkpoint location, said VM must be powered down.
* Integration Services settings on virtual machines includes services such as operating system shutdown, time synchronization, data exchange, Heart beat, and Backup
Disks
Storage pools – A collection of physical disks that enable you to aggregate disks, expand capacity in a flexible manner, and delegate administration. Storage Pools use unallocated space. Disk removal is ONLY possible all data from it has already been evicted (to other disks in the pool).
Storage spaces – Virtual disks created from free space in a storage pool. Storage spaces have such attributes as resiliency level, storage tiers, fixed provisioning, and precise administrative control. The fault tolerance built into Storage Spaces is provided at the disk level, not at the volume level.
* All storage that meets acceptable criteria for Storage Spaces will be placed in the Primordial Pool. This can be considered the default pool for devices from which any other pools will be created.
* There are three kinds of physical disks that you can attach to a virtual machine in Windows Server 2012 Hyper-V: Passthrough disks, iSCSI disks, or Fibre Channel disks.
* A storage space with three-way mirroring can tolerate two disk failures but requires a minimum of five disks.
Virtual hard disks are stored as .vhd or .vhdx files and created using “Computer Management”.
Diskpart is a CLI for creating virtual hard discs.
VHD : The original and more compatible format, which supports files up to 2,040 GB.
VHDX : A new version of the format that supports files up to 64 TB, but can be read only by computers running Windows Server 2012 and Windows 8.
Virtual hard disk type options :
Fixed size allocates all disk space for the VHD file at once.
* Thin provisioning (Dynamically expanding) – The system allocates space from the storage pool to the disk as needed, up to the maximum specified size. No space is actually used until data is stored on a volume on the virtual disk, and the amount of space used will grow or shrink as data is written to or deleted from the disk. Enabled by default in Windows Server 2012, thin provisioned Storage Space does not support being clustered.
* A storage space with three-way mirroring can tolerate two disk failures but requires a minimum of five disks.
* The pass-through disk is a physical disk that is connected directly to the VM, and is exlusively used by this VM. It is the fastest disk for a VM. To ensure the Guest has exclusive access to the storage, it must be placed in an “Offline” state from the Hyper-V server perspective. This raw piece of storage is not limited in size.
Disk types/configurations :
Basic disks – have partitions (primary and extended), supports MBR and GPT, must be NTFS file system
Dynamic disks – enhanced disk type, support RAID, have volumes (which may be on multiple disks), supports MBR and GPT, dynamic disks are not generally used to contain system boot volumes, only on Win 2000 and newer.
Changing between a basic/fixed and dynamic disk type does not alter the size of a snapshot much at all. However, since a snapshot is a record of a VMs state at the exact time that the snapshot was taken, shutting down the VM before taking the snapshot prevents the snapshot from having to contain all of the data in RAM.
Disk initialization/partition style :
MBR – the self-database is contained in the last 1 megabyte (MB) of the disk, up to 4 partitions (or 3primary + 1extended) and 2TB in size
GPT – the self-database is contained in a 1-MB redundant primary and backup partition tables, partitions may be larger than 2TB, up to 128 partitions (WIN 2012 limit), do 18EB, Sa njega se ne može boot-ovati OS (sem ako nije EFI).
Disk summary :
DNS
006 DNS servers option – IP Address of your DNS Server, e.g, 10.10.10.1
015 DNS Domain Name – Specifies the connection-specific DNS domain suffix to be used by the DHCP client.
119 DNS Domain Name – that is for example test.local (your AD domain name)
