8. Upgrading Your Skills to
MCSA Windows Server
2012
EXAM
417
Any of the following certifications qualify:
• MCSA: Windows Server 2008
• MCITP: Virtualization Administrator
• MCITP: Enterprise Messaging Administrator
• MCITP: Lync Server Administrator
• MCITP: SharePoint Administrator
• MCITP: Enterprise Desktop Administrator
Exam level of difficulty increases as you progress from 410 > 411 > 412
There are actually three skill levels for Microsoft Certifications. Associate level is the foundation for a career in IT. Expert level is the recognized standard for IT excellence. Master level is the pinnacle of recognition for deep technical expertise.
At the Associate level, the MCSA focuses on a set of core skills across a technology, and includes business context.
At the Expert level, the MCSE focuses on using multiple technologies to create business solutions, rather than focusing on the job role.
Exam level of difficulty increases as you progress from 410 > 411 > 412
“may include but not limited to”
Concentrate on new features but don’t discount the tried and tested methods.
Don’t forget the basics
Read the question and the limitations e.g. “company policy states…” or “minimise purchase…”
Know how to carry out the tasks in both GUI and PowerShell
Install Servers
Not just a simple case of put the CD in and click “next, next”.
Planning on what hardware you can and cannot install Server 2012 e.g. x86 Servers vs. x64 servers
Upgrading current servers and considerations such as 2008 /R2 / Core
Moving from one edition of Server 2012 to another e.g. using online servicing with DISM
Configure Servers
You’ve installed it…now what?!
Switching between a full GUI Server 2012 install to a Server Core install by using the Removing the User Interfaces and infrastructure feature. Make sure that you know to do this using Server Manager and PowerShell.
What do you use for NIC Teaming – Server Manager
Configure local storage
You need some storage space…it’s all Just a bunch of disks (JBOD)
Software RAID – knowing when to use Mirrored volumes, spanned volumes, RAID5
Creating storage pools – requirements that you need for creating a storage pool
Adding new disks to a storage space
Creating large volumes i.e. using GPT disks over MBR
ANS: B
Now we’re coming into the nuts and bolts of the exam as at this point we have a working server and we can now do something with it. Adding the different roles and features to carry out the following tasks.
Configure file and share access
This is the typical scenario of knowing your security (NTFS) permissions from your share permissions. Know the result of when you are combining the permissions.
Creating hidden shares
Using previous versions – configuring the Volume Shadow Copy Service
Configure print and document services
All about sharing a print device in a range of scenarios
Making available a driver for different Operating Systems
Print pooling
Prioritising the use of one printer for a user group over another user group
Configure servers for remote management
How to manage a Server Core machine from another Server 2012 machine – what settings it needs
Using WinRM quick config command on the machine that you wish to remotely manage (opens up the correct firewall ports)
Configuring Windows Firewall with the right port numbers for remote machines to connect to
ANS: C
Hyper-V has got a whole lot more powerful in Server 2012 and it is a major focus of the exam.
Create and configure virtual machine settings
Know ALL the settings and what they do!
Using dynamic memory and how it can help to manage your VMs better
Installing and leveraging integration services
Assigning permissions that you need when you are managing a VM’s settings?
Create and configure virtual machine storage
What are the strengths and limitations of a VHD versus a VHDX – know your differencing, fixed and dynamically expanding disks
The requirements that you have when configuring a pass through disk
How you manage snapshots especially when you want to change the snapshot file location
Create and configure virtual networks
How to implement it and optimise it i.e. go through the settings!
Know the limitations of legacy network adapters (cannot assign a specified amount of network bandwidth to a virtual machine)
ANS: C
This is definitely where you should not forget the basics!
Configure IPv4 and IPv6 addressing
Subnetting is definitely something that you need to be able to do. An onscreen calculator is provided! You also get a board and pen – use it!Know the IPv6 prefixes
Deploy and configure Dynamic Host Configuration Protocol (DHCP) service
You don’t need to remember DORA but it helps!
Creating scopes, filters, reservations, and exclusions – and when to use them!
Deploy and configure DNS service
How to configure AD integration of primary zones, configure forwarders, root hints
ANS: A
Source: MeasureUp
Installing Active Directory we do it a few times but we administer it a LOT.
So the kind of topics that you get examined on range from the things you do a lot, to something that you may have done once.
Install domain controllers
Relates to the “Installing Server 2012” objective domain.
Simple stuff such as adding and removing a machine from the domain including how to do it on Server core.
Installing a domain controller using the Install From Media option which helps to install additional domain controllers by minimising the replication of data so it is good for remote sites.
Create and manage Active Directory users and computers
Create, copy, configure users and computers
Assigning user rights
Carry out bulk operations
Offline domain joins
Create and manage Active Directory groups and organizational units (OUs)
Know your security, distributions, universal, domain local and domain global groups!
Create, copy, configure groups and OUs
ANS: B
Source: Measure Up
I think GP is fantastic and I use them all the time. There are just so many settings so I like to play around and see what they can do – obviously not a production environment!
Create Group Policy objects (GPOs)
Know the looback processing, block inheritance and enforce settings options and their impact GPO behaviour
Importing and exporting GPOs (both via the GUI and PowerShell)
Configure security policies
Understand Security Templates and be aware of the tools that you use to create and apply them
Configure application restriction policies
AppLocker and Software Restriction Policies
Configure Windows Firewall
Exactly what it says on the tin > allow or deny applications based on ports, users, applications and how to import and export these settings
A LOT of Crossover with 410
Similar topics but now there is more depth to each topic area.
Deploy and manage server images.
WDS images and their uses – boot, install, discover
DISM commands and the switches that you need to update and service images
Implement patch management.
WSUS – what you would use it for within a network, manage the storage of update files, and configuring the related Group Policies
Monitor servers.
Create and configure Data Collector Sets including configuring alerts, events and subscriptions.
Know how to collect events form multiple servers
Configure Distributed File System (DFS).
Understand how to configure replication scheduling and limiting the amount of bandwidth being used
Configure File Server Resource Manager (FSRM).
How to configure quotas
How to use File Screens
Configure file and disk encryption.
The requirements to deploy and configure the Network Unlock feature
Backing up the BitLocker recovery information
Configure advanced audit policies.
How to configure auditing and implementing using Group Policy
Auditing access to removable devices
ANS: B
Source: MeasureUp
Configure DNS zones.
Creating and configuring primary and secondary zones
Configure zone transfer settings
Configure DNS records.
Creating and configuring DNS Resource Records (A, AAAA, PTR, NS, SRV, CNAME, MX)
Configure record options including Time to Live (TTL)
Configure VPN and routing.
Installing and configure Remote Access role – be aware of the requirements
Configure VPN settings
Dial in settings for users
Configure DirectAccess.
Implementing server requirements and client configuration
ANS: C
Source: MeasureUp
Configure Network Policy Server (NPS).
Configure RADIUS clients and Servers
If you are using certificate based authentication, you need to know where to store it.
Configure NPS policies.
Configure policies - including Connection Request Policy e.g. which servers perform the authentication and authorisation of connection requests
Configure Network Access Protection (NAP).
NAP – how to configure health policies (including any conditions), enforcing NAP using DHCP and VPN, what happens to a client when it is non-compliant i.e. you need to isolate it and make it compliant (remediation)
ANS: C
Configure service authentication
You need to know how to create and manage service accounts - Be aware of Service Principal Names (SPN)
Configure Domain Controllers
Pay attention to how to create Read Only Domain Controllers
Maintain Active Directory
How do you recover deleted objects such as user accounts (especially in environments where you have mixed domain controllers)
Configure account policies
Understand fine-grained password policies (Password Setting Objects) and how they can be created and maintained in Active Directory Administrative Center
In 410, it was more of a case of what does it do. In this exam, is more of an application of the theory e.g. the path of where would you configure a certain group policy setting. Like 410 you need to know how to do it in the GUI as well as PowerShell
Configure Group Policy processing.
How to change the precedence order of the GPOs, block inheritance
Configure Group Policy settings.
Software installations, windows updates, folder redirection, network settings
Manage Group Policy objects (GPOs).
How to delegate Group Policy management to other users
Configure Group Policy preferences.
Settings such as printers, drive mappings, power options, Control Panel settings, Internet Explorer settings
ANS: C
Source MeasureUp
This is a tough exam. A lot of very experienced people have trouble with this and part of it is due to the numerous question types that are used e.g. Best Answer, Select All that apply, build and order (without any indication of the number required).
Configure Network Load Balancing (NLB).
Know the pre-requisites for installing and configuring NLB
Configure affinity – usually no affinity means that multiple requests from the same client can access any member this is for clusters that do not store session state information on individual members
Configure failover clustering.
Configure Quorum settings so you can define what happens when the majority of nodes fail in a cluster
How to configure heartbeat settings
Configure cluster storage – configure a witness disk (disk in the cluster storage that is designated to hold a copy of the cluster configuration database)
Manage failover clustering roles.
Configure continuous available shares
Enable replication of virtual machines
Monitor virtual machines and even look at how you would ensure that replica virtual machines are functional.
Manage Virtual Machine (VM) movement.
Know the difference and requirements for live migration, quick migration, storage migration and importing and exporting virtual machines
Configure advanced file services.
Configure BranchCache – Distributed mode and Hosted mode
Configure data dedupliction
Implement Dynamic Access Control (DAC). – control access to files using central access policies. You can tag data across the organisation with such a tag as “secret” which would then only allow certain groups to access it.
How to set it up including the required Group Policy. Also, there is a danger when you set up DAC that users who previously had accessed to files no longer have it, so you may want to test it beforehand.
Configure and optimize storage.
Know how to configure iSCSI Target and Initiator
Be aware of the use of iSNS (Internet Storage Name Service) allows the automated discovery, management and configuration of iSCSI devices
ANS: A, C
Configure and manage backups.
Carry out server backups including using the Microsoft Online Backup Service
Recover servers.
Know your recovery options using Windows RE, safe mode, System Restore and Last Known good configuration
Configure site-level fault tolerance
Site A goes down > site B can be used by using hyper-v replicas
Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution.
Create and configure superscopes and multicast scopes
High availability for DHCP – how can you make sure that your DHCP service is continuously available
Implement an advanced DNS solution.
Know how to configure DNS logging
Configure security using DNSSEC
How to configure a GlobalNames Zone (for single label names)
Deploy and manage IPAM – discovering, monitoring, auditing and managing IPM address space used on a corporate network.
Requirements – IPAM cannot be installed on an AD domain controller
How to configure it- including with Group Policy
How to delegate administration
Now into the physical structure of Active Directory.
Configure a forest or a domain.
Planning your forests, domain, sites
Interoperability with previous versions of Active Directory
Upgrading existing domains and forests
Being aware of the functional level of the forest and domain
Configure trusts.
Configuring the different types of trust and when they are used e.g. external, forest, shortcut and realm trusts
Implication of a one way trust and a two way trust
Configure sites.
Configuring the sites and subnets
Create and configure site links
Manage Active Directory and SYSVOL replication.
Configure replication to Read Only Domain Controllers (RODCs)
Configure password replication policy for RODCs
Previously we have looked at Active Directory Domain Services. Now we’re looking at different components of AD:
Implement Active Directory Federation Services 2.1 (AD FSv2.1).
Install and configure Active Directory Certificate Services (AD CS).
Install an Enterprise Certification Authority
Certification Revocation Lists distribution points
Manage certificates.
Managing certificate templates, deployment, validation, revocation and renewal
Install and configure Active Directory Rights Management Services (AD RMS).
Know the steps of installing AD RMS
How to manage the AD RMS Service Connection Point