- Windows Server 2012 R2. Полное Руководство. Том 1

Mastering Windows
Server' 2012 R2
Mark Minasi
Kevin Greene
Christian Booth
Robert Butler
John McCabe
Robert Panek
Michael Rice
Stefan Roth
A W iley Brand
Windows
Server 2012 R2

TOM 1
. , DNS, ACTIVE
DIRECTORY

-
2015
32.973.26-018.2.75
61
681.3.07

. ..
..
..
:
info@dialektika.com, http://www.dialektika.com
, , , , , , , , .
61 Windows Server 2012 R2. . 1:
, , DNS, Active Directory . :
. . . : .. , 2015. 960 . : . . . .
ISBN 978-5-8459-1935-9 (., 1)
ISBN 978-5-8459-1934-2 (., .)
32.973.26-018.2.75

.
,
, ,
Sybex.
Copyright 2015 by Dialektika Computer Publishing.
Original English edition Copyright 2014 by John Wiley & Sons, Inc.
All rights reserved including the right o f reproduction in whole or in part in any form. This translation is
published by arrangement with John Wiley & Sons, Inc.
Wiley and the Sybex logo are trademarks or registered trademarks o f John Wiley & Sons, Inc. and/or its affili
ates, in the United States and other countries, and may not be used without written permission. Windows Server is
a registered trademark o f Microsoft Corporation. All other trademarks are the property o f their respective owners.
-
, |, , , .
Windows Server 2012 R2. . 1:
, , DNS,
Active Directory
..
. .
15.12.2014. 70x100/16.
Times.
. . . 60,0. .-. . 65,75.
500 . 7071.

142300, , . , . , .1
. .
127055, . , . , . 43, . 1
ISBN 978-5-8459-1935-9 (., 1) - , 2015,

ISB N 978-5-8459-1934-2 (., .) , ,
ISBN 978-1-1182-8942-6 (.) by John Wiley & Sons, Inc., Indianapolis, Indiana, 2014

20
23
1. Windows Server 2012 R2 27
3. Server Core 133
5. IP Address Management DHCP Failover 205
6. DNS Windows Server 2012 R2 243
7. Active Directory Windows Server 2012 291
8. 421
9. :
Active Directory 507
10. Active Directory 579
11. 611
12. Windows 2012 R2: ,

SAN 643
13. , 703
14. 761
15. : 819
947

19
20
23
? 23
? 24
Mastering 26
26
26

Windows Server 2012 R2 28
Windows Server 28
Standard 28
Datacenter 28
Foundation 29
Essentials 29
29
Active Directory 30
Active Directory Domain Services 30
Active Directory Rights Management Services 34
Active Directory Certificate Services 34
35
Hyper-V 35
38
38
EAP-TTLS 38
DN S 38
IP Address Management 39
N IC Teaming 39
39
39
: W inRM W inRS 40
Remote Desktop Services 41
42
42
BranchCache 42
SM B 3.0 43
43
, 44
- IIS 44
FT P 46
7

? 48
49
64- 49
51
52
60
70
71
73
74
84
99
104
Active Directory: Windows Server 2012 R2 105
110
Windows Assessment and Deployment Kit 111
117
130
, 131
132
3. Server Core 133

Server Core 133
Server Core 134
Server Core 136
Server Core G U I 137
137
138
139
139
Z 140
Notepad 140
141
141
Server Core 141
142
144
146
Server Core 148
160
DN S 161
D H C P 162
164
8
168
K M S 170
Windows Server Backup 172
174

IPv6 175
IPv6 176
IPv6 177
PowerShell 179
179
Microsoft N IC Teaming 180
N IC Teaming Windows Server 2012 R2 181
N IC 181
N IC 184
189
Minimum Bandwidth 190
Data Center Bridging 190
Hyper-V QoS 192
QoS 193
, 802. IX 194
BranchCache 195
197
198
Server Performance Advisor 199
202
5. IP Address Management DHCP Failover 205

I 205
I 206
IPA M 209
210
IPA M 210
IPAM Server 211
I Client 212
I 213
215
216
217
219
IPA M 220
Overview Server Inventory 220
IP Address Space 221
Virtualized IP Address Space 224
Monitor and Manage 227
Event Catalog 229
IPA M 231
9
IPA M 234
Event Viewer 234
235
D H C P Failover 236
236
D H C P Failover? 237
241
6. DNS Windows Server 2012 R2 243

D N S Server 243
D N S 247
D N S- 247
D N S- 249
253
263
DNS 266
D N S Active Directory 272
DNS 273
SRV 275
D N S 278
DN S 279
281
D N S 282
D N S- DNS
PowerShell 282
NsLookup DcDiag 284
D N S 289
290
7. Active Directory Windows Server 2012 291

296
297
297
298
299
300
300
301
Active Directory D N S 301
302
304
SYSVOL 306
Directory Services Restore Mode 308
10
Active Directory Domain Services Configuration Wizard 309

Active Directory Domain Services Configuration
Wizard 315
316
DN S- 317
317
AD D SCW 317
, 320
321
321
ADAC 322
LD A P 324
PowerShell 325
PowerShell Active Directory 326
328
Active Directory Administrative Center 329
PowerShell 330
331
PowerShell (ADAC Windows PowerShell History) 333
PowerShell 334
335
335
335
337
AD D N S 338
340
Netdom 343
345
FSM O 346
348
348
351
SYSVOL: 352
: 352
FR S 353
FR S 354
FR S 355
FR S? 356
: 356
D FS-R 357
D FS-R 358
358
359
Prepared 360
362
11
362
Redirected 365
Eliminated 367
Windows Server 2012 371
374
/ 376
378
379
- 379
/ 380
- Windows Server 2012 380
DN S 380
380
- 381
, 381
382
383
383
384
A D M T Microsoft 387
387
390
A D M T 392

Administrators 392
393
393
A D M T P ES 394
395
A D M T 396
, VBScript 398
A D M T 399
405
406
406
A D M T 407
409
409
Windows Azure Active Directory 411
Workplace Join 417
12
Workplace Join 417

419
8. 421
422
422
427
433
440
453
453
, 472
472
473
475
ADAC 476
ADAC 479
PowerShell 486
Active Directory Windows PowerShell 489
490
492
493
495
497
497
503
504
9. :
508
509
510
510
510
511
G PO 511
G PO 511
511
LG 512
LG PO , 514
G 515
520
521
522
13
522
524
526
528
528

545
548
G PM C 554
G PO 555
G PO 556
558
Resultant Set of Policy 558

G PM C 559
G PM C 561
gpresult.exe 561
Event Viewer 562
: 562
563
566
567
567
MktPswAdm 568

Marketing MktPswAdm 569
: 570
, 575
576
10. Active Directory 579

AD FS 580
AD FS 580
AD FS 583
, AD FS 584
AD FS 584
AD FS
587
SSL IIS 591
AD FS Server Configuration Wizard 591
Windows PowerShell AD FS 595
597
AD FS 599

607
609
14
11. 611
611
612
iSC SI 613
- 613
SAS 614
R A ID 614
SM B 3.0 614
617
618
619
621
622
623
624
625
626
627
627
628
629
637
639
641
12. Windows 2012 R2: ,

SAN 643
Windows Server 2012 R2? 644
644
645
645
:
4 646
U E F I BIO S G PT 647
CHKDSK 647
648
648
648
648
Microsoft 650
SAN -
Microsoft 650
653
654
15
658
Disk Management 658
PowerShell 659
660
PowerShell 674
iSC SI 678
iSC SI 678
iSC SI 683
N FS 686
N FS 686
N FS 686
N FS 690
: 691
693
PowerShell 696
701
701
13. , 703
File and Storage Services 704
706
File and Storage Services 708
711
712

716
721
N T FS 722
722
N T FS 722
N T FS 725
N T FS 727
727
729
net use WAN 730
731
732
732
738
741
File Server Resource Manager 744
SM B 3.0 745
SM B 2.0 SM B 1.0 747
SM B 748
BitLocker 749
BitLocker 750
16
751
BitLocker 752
/ 755
Offline Files 755
BranchCache 757
Offline Files 758
759
14. 761
762
Windows 763

765
769
769
773
791
792
, D FS 795
D FS 795
D FS 798
D FS 802
D FS 804
D FS 806
D FS 807
810
817
15. : 819
820

827
827

829
829
DAC: , , 830
830
830
831
831
DAC 832
835
839
856
860
17
1: 860
2: 862
3: 862
4: 862
5:
863
6: Engineering 864
7: 864
865
865
867
867
872
876
DAC 877
883
886
887
888
Print and Document Services 891
Print and Document Services 892
894
Print Services Server Core 906
PowerShell 907
908
908
G PO 913
918
918
918
923
924
Sharing 925
Ports 925
Security 926
Advanced 933
939
941
943
943
944
945
945
947
19
-
(
m c s h e r a .com), ,
,
. Wiley:
, ,
,
.

,
! , , ,
, !
,

. ,
, ,
, R2!
Ergo,
,
, .
,
, .
.

. ,
, ,
. . !
!

. , .

, ,
, . ,
!
-
, ,
.
,
, !
, , , itnetx,
, .

20

,
, , IT -.
1973 .
.
-, . ( ,
1973 . , X X .)
-, ,
, .
,
.
, , ,
, ,
.
, CertCities
,
,
. , ,
TechTarget - ,
, -,
Yahoo.
,
.
Mastering Windows Server
Complete PC Upgrade and Maintenance Guide, 12
1 .
,
. , M R & D
(w w w . m i n a s i .com), ,
, .
.
, ,
Microsoft M VP
IT 1999 .
Ergo ().
,
Windows Server . 1-,
IT -, .
Microsoft Windows N T 4.0
, M C SE, M CSA, M CITP, M CTS.
Windows Server and System Center (W SSC)
h t t p :// k e v i n g r e e n e i t b l o g .b l o g s p o t .com,
Qkgreeneit.
21
Windows Server
, Mastering System Center 2012
Operations Manager (Sybex, 2012 .).
( , )
, . ,
.
,
, -, -
.
Microsoft M VP System Center:

Cloud and Datacenter Management ( :
), Microsoft
,
, Cloud and Datacenter Management MVP.
17 ,
.
Microsoft
, Windows Server .
,
,
Microsoft (Microsoft Official Curriculum
M O C).
h t t p : / / a b o u t ./chbooth.
17 IT -.
Affirma Consulting,
Microsoft .
Microsoft Certified Professional
16 ,
Microsoft, M C SE PC, M C SA 2012, M C IT P M CTS
SCC M 2012. ( )
, .
h t t p :/ / rbut l e r .me @
robert_butler.
- Microsoft .
,
, ,
, .
Microsoft M V P
.
, ,
. ,
-, ,
.
22
,
IT . 1995 ,
, A IG , L-3, Radianse IPOSyndicate, 2000
Best of the Web ( ),
Forbes Magazine, . -
IPOSyndicate,
.
19 IT ,
M CSA, M C SE, M C SD - M C D BA,
IT - Sybex
.
- .

- Intelligent
Software Solutions Inc.

, .
8 , IT -,
1, , M CTS, M CSA, M C SE, VCP 5 Net +,

.

, .

IT - .
itnetx gmbh,
, ,
Microsoft Partner of the Year Datacenter (
) 2011, 2012 2013 .
Microsoft,
.
IT 13 ,
,
.
Active Directory, System Center Operations Manager System
Center Orchestrator, Microsoft M C IT P:
Enterprise Administrator (M C IT P: ) M CSE: Private Cloud
(M C SE: ).
h t t p :/ /
. scomfaq. ch Qscomfaq.
23
, Windows Server 2012 R2.

,
Microsoft,
Windows Server. ,
Windows Server 2012 R2,
Windows Server 2012, 2012
. Sybex
,
, Microsoft
Windows Server 2012 R2 2013 12
Windows Server 2012. Windows Server 2012
R2 ,
,
Windows Server 2012!
, ,
, , Windows Server
,
.
Windows Server,
, ,
.
, ;
, .
?
Mastering Windows Server,
, , ,
, Windows Server.
, , ,
TC P/IP
Windows, , Microsoft
(Microsoft Management Console ).
-
. ,
,
, . ,
, , .

.

. , ,
. , ,
, .
Microsoft ,
24
,
. ,
, ,
.
?
.
116, 1732 .
1 Windows
Server 2012 R2, 2 ,
.
Windows , Windows Server 2012 R2
Windows, , Start ()
, , ,
. 3
Server Core,
. 4 Windows
Server 2012 R2, 5 IPA M
D H C P Failover. 6 DNS, :
DNS,
Active Directory?
7 Active Directory Windows
Server,
Active Directory, .
, AD,
,
. AD
, 8.
AD
, Group Policy (
). , Group Policy
,
; Group
Policy , 9
. , AD, 10
Active Directory (Active Directory Federation Services),
.
11 12 ,
IT -
,
SAN Windows Server 2012 R2, .
1315 , ,
Windows Server,

Windows .
(Dynamic Access Control),
25
.
, ,
16 , Windows Server 2012 R2.
17 ,
, ,
Remote Desktop. (
), , (
). 18
Windows,
, Windows Server 2012 R2. ? ?
, , .
19
Windows Microsoft Internet Information Services (IIS ),
-. , IIS, -
IIS, Windows Server 2012 R2.
20 Windows Server 2012 R2
IP. ,
, ,
IP Windows Server, 21,
, Windows Server 2012 R2
. 21
DirectAccess,
Windows Server 2012 R2.
Active Directory
, . 22
AD ,
AD.
,

(R O D C ); 23. 24
AD ,
. ,
AD ,
, , S ID
25.
Active Directory, 26
.
, , Hyper-V
27 28.
, ,

, , .
29 ,
Remote Desktop Services,

.
26

,
, 3032, ,
.

,
Windows Server 2012 R2. ,
.
, , .
.

. ,
, . ,
,
, .

, , .
, ,
.
, .
.
, -
. ,
, , ,
. ,
, .

. :
E-mail: info@dialektika.com
WWW: http://www.dialektika.com
:
: 127055, . , . , . 43, . 1
: 03150, , / 152

Windows Server 2012 R2
() Windows Server 2012 R2 300

, Microsoft,
.
(
), ,
. ,
Windows Server, .
Windows,
Windows Server
, .

Microsoft, Windows Server, , ,
, (, , )
.
:
;
Active Directory,
;
PowerShell;
, Hyper-V;
Windows,
;
;
I IS 8.0.
28 1

Built from the cloud up ( ) ,
? , ,
, .
Windows Server 20I2 R2 ,
.
, ,
,
, .
.
,
Windows Server 2012 R2 .
, , ,
, Windows Server 2012 R2 . ,
, , !
,
. ,
.
Windows Server
Windows Server 2012,
Standard Datacenter , Server Core G U I (
). Windows Server 2012 R2
: Foundation Essentials.
, .
.
s ta n d a r d
,
. ,
Standard, .
,
. Standard
.

.
D a ta c e n te r
Microsoft.
, ..
. : !
Datacenter Standard ,
, ; Datacenter
Standard.
W in d o w s S e r v e r 2 0 1 2 R 2 29
F o u n d a tio n
Foundation
, , .
Active Directory .
.
15.
Server Message Block (SM B ) 30.
Routing and Remote Access (R R A S)
50.
Internet Authentication Service (IA S)
.
Remote Desktop Services (R D S )
Gateway 50.
().

.
E s s e n tia ls
,
25 50 .
-. ( )
Essentials Windows Server 2012 R2.
.
.
.
.
BranchCache.

.
System Restore.

Windows Server 2012 Microsoft Start (),
. R2 Start
, .
- <Windows>,
. , :
<Alt>.
,
. :
Start, Explorer.
30 1

, ,
. (Server Manager)
,
,
.
, Windows
Server, G U I Server Core.
, Server Core.
Server Core.
G U I Server Core
.
,
2.
Active Directory
, Active Directory (A D )
Windows;
,
. A D Windows Server 20I2 R2
Active Directory (Active Directory Certificate
Services), Active Directory (Active Directory Rights
Management Services) Active Directory (Active Directory Domain
Services).
. , Active Directory
,
. ,

. 7.
A c tiv e D ir e c to r y D o m a in S e rv ic e s
Microsoft Active Directory Domain Services (AD DS)
.
, Active Directory Domain Services.

.
,
.
.

. ,
Active Directory.

W in d o w s S e r v e r 2 0 1 2 R2 31
Windows
PowerShell. Windows PowerShell
. Domain Name
Server (D N S), , IP - , .
7.

Active Directory
,
,
.
Windows Server 2008 , ,
,
. ,
, , , , .
, ,
. !
Windows Server 2008
. .
, , ,
.
Windows Server 2012 R2 ,

(password-settings object PSO),
Active Directory (Active Directory Administrative Center).
PSO. Windows
Server 2012 R2 PSO
ADS1 Edit ( Active Directory Schema Interface (
Active Directory)). 7.
Active Directory
, Active Directory (Active
Directory Recycle Bin) , ,
.
Wiley Books.
, 20 Active Directory. ,
, (Organizational
Unit O U ) .
Wiley
Microsoft Windows Backup. - Active Directory
. Microsoft Windows Backup
OU. ,
Active Directory,
, .. Active Directory
. Active
Directory. Active Directory, OU,
- .
32 1

Active
Directory, ,
Windows Server 2008. . 1.1 Active Directory .
Active Directory 7.
Active Directory Administrative Center l-l "
Deleted Objects (5 ) I Manage Help
Q | A ctive... < Deleted Objects (1) Tasks
1= | = F ilte r P 0 - 0 -
Ivanov Vas..
j Overview
A
Name When Deleted Last known parent Typ Restore
0! contoso (local)
Restore.
Deleted Objects r,; Ivanov Vasily 11/15/2012 12:47:23 AM O U = M a n a g j^ ^
i
Managers ft-
Restore To...
y P Global Search
Locate Parent
III
Iva n o v V asily (D isab led ) Properties

T Y C W
User logon: rvas Expiration: <Never> Delete

E-mail: Last log on: <Not Set>
Search...
Modified: 11/15/2012 12:47 AM
Properti...
Description: hacker
Summary
W IN D O W S POWERSHELL HISTORY
. 1.1. Active Directory
PowerShell Active Directory

Windows Microsoft
,
, ;
Windows .
, Windows
,
Unix/Linux,
, ,
.
Unix/Linux ,
Unix/Linux ,
Windows. (
,
. ,
.) , Microsoft
Windows , Unix Linux,
PowerShell.
.
PowerShell .
Windows Server 2012 R2 PowerShell,
Active Directory
Windows PowerShell.
W in d o w s S e r v e r 2 0 1 2 R 2 33
, PowerShell 3.0:
Windows PowerShell;
- Windows PowerShell;
(Integrated Scripting
Environment IS E ) Windows PowerShell;
Microsoft .N E T Framework 4.0;
Windows;
;
;
;
;
(Common Information Model
C IM );
;
(Task Scheduler);
Windows PowerShell;
;
;
;
<>;
;
;
;
,
(Group Policy);
;
;
A P I- ;
;
Run As ( ) ;
.
, Microsoft
PowerShell (. 1.2) ,

.
34 1
W indow s PowerShell L=JLe 1

Windows PowerShe
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
PS :\Users\AflUMHHCTpaTop>
I II
. 1.2. PowerShell
PowerShell ,
2, .
Active Directory Rights Management Services

. ,
.
,
.
Active Directory (Active Directory Rights Management Services AD
RMS). AD RMS
.
Windows Server 2012 R2 AD RM S
,
SQL Server. ,
AD RM S SQL Server
. AD RM S SQL Server
.
AD RM S
SQ L Server.
SQ L Server
SQ L Server.
, AD RM S SQL Server,
.
TCP- ( 1433) SQL Server U D P- (-
1434) SQL Server (SQL Server Browser Service).
AD RM S .
Windows Server ,
AD RMS. Windows Server 2012 R2
.
AD RM S , 7.
Active Directory Certificate services

, ,
Active Directory (Active Directory Certificate Services
AD CS).
, AD CS.
W in d o w s S e r v e r 2 0 1 2 R 2 35
, Windows Server 20I2 R2.
.
Windows PowerShell.
A D CS Server Core
Windows Server 20I2 R2.

, .

.
.
.
AD CS , 7.

.
, Exchange Server, D N S DHCP.
.
( ) (
). Windows Server 2012 R2
.
H y p e r -v

. (
Windows Server ) ,
Windows Server, Linux, Unix, Sun Solaris ..
, ,
, 10 20
,

. ,
,
: . ,
,
, (virtual ma
chine manager V M M ).
,

, AD, , -,
. ,
, - ,
, Windows Server
36 1
, - (
Internet Information Services,
Windows Server 20! 2 R2 -), Exchange Server.
, ,
, :
, 5%
, - ,
.
,
. ,
V M M
( ) , ,
, ,
.
, ,
. Hyper-V ,
.
Hyper-V Windows Hyper-V
.
Hyper-V Windows PowerShell I60 ,
Hyper-V.
Hyper-V Replica
, .

.

.

. Hyper-V
.
- (single-root I/O virtualization
SR-IOV) ,
.

.
S M B 3.0 ,

(storage area network SAN).
(Fibre Channel) -
,
, .

( ).
W in d o w s S e r v e r 2 0 1 2 R2 37
(Non-Uniform Memory
Architecture N U M A )
, ,
1 .
,
Hyper-V, .

(Smart Paging),
.
,
.

, .
,
, .
-
.
.
,
.
,
.
(Virtual Hard Disk Format V H D X )

. 64 .
.

.

.

, .
27.
W in d o w s S e r v e r 2 0 1 2 R2
VM Chimney, T C P Offload,
. W M [- r o o t A v i r t u a l i z a t i o n
r o o t \ v i r t u a l i z a t i o n \ v 2 , ,
Windows Server. (Authorization
Manager AzMan)
.
.
38 1

Windows Server 20I2 R2 Microsoft
(virtual desktop
infrastructure V D l), ,
.

.
.
VDI ,
,
. Windows Server 20I2 R2 VDI
.
V D I Windows
Server 2012 R2 Hyper-V
(Remote Desktop Services).
Microsoft : ,
.
VDI 27.

,
,
:
. (
? ... Ethernet! ) Windows Server 20I2 R2
, Windows
.
EAP-TTLS
Windows Server 20I2 R2 (Extensible
Authentication Protocol )
T T LS (Tunneled Transport Layer Security
).
802.IX.
.
802. IX ,
.
DNS
D NS , ,
, . Windows Server 2012 R2
D N S Server ( D N S), D N S Client ( DNS).
, Windows Server 20I2 R2.
PowerShell D N S.
, D N S Server
W in d o w s S e r v e r 2 0 1 2 R2 39
PowerShell. PowerShell
, .
- L L M N R 300 ,
, .
DNS Client, - 820 .
IP A d d re s s M a n a g e m e n t
IPA M ( IP Address Management IP -)
,
IP -. D H C P D N S IPA M
IP -
.
NIC T e a m in g
N IC Teaming ( ) Windows
Server 2012 R2 (N IC )
, .
, .
,
N IC
.

4 5.

.
,
, .
, Windows
Server 2012 R2
.

Windows Server 2008
.
Windows Server 2008
,
.
Windows Server 2012 R2 Microsoft
(. I.3).
( ,
) ,
Windows Server 2003.
40 1
.
(Add Roles
and Features Wizard) .
,
.
,
.
IL Server Manager |-|
Se rv e r M an a g er * Dashboard - I ., Tools View Help ^
WELCOME TO SERVER MANAGER

I Local Server
i All Servers
Configure this local server
2 File and Storage Services >
QUICKSTART
2 Add roles and features
3 Add other servers to manage

WHATS NEW
4 Create a server group
LEARNMORE
ROLES AND SERVER GROUPS
File and Storage ^

i Local Server 1
Services
Manageability Manageability
Events Events
BPA results Performance

BPA results
El
. 1.3.
, , DNS,
D N S .
,
,
, .
,
,
2.
, Event Viewer
( ) Performance Analyzer ( ),
!
2.
: W in R M W inRS
,
. Windows Server 2012 R2
,
, Windows (Windows Remote
Management W inRM ). , W inRM
, ,
, (Remote Procedure Call RPC).
W in d o w s S e r v e r 2 0 1 2 R 2 41
R PC , ,
. R P C ,
,
. , -
Outlook Exchange Server,
RPC: Outlook Exchange
? .
R PC , , DNS, DHCP
Computer Management ( ),
.
R PC
, : .
Microsoft RPC , ,
,
,
. ,
, Microsoft RPC
, Windows SP2.
, , ,
R PC ,
, RPC.
, Windows-
, Microsoft ,
, RPC , .
,
Linux Mac OS.
HTTPS.
.
.
Windows Server 2012 R2, W inRM ,
,
,
Windows Remote Shell, winrs.
, winrs.
W inRM 17.
R e m o te D e s k to p S e rv ic e s
Windows Server 2012 R2 Microsoft

. Microsoft
, .
,
( , RemoteApp ,
) .
Microsoft
42 1
. ,
,
(Remote Desktop Services) .
Remote Desktop Services 17.

? .
(Group Policy Management Console)
(Group Policy Object G P O ) . Windows
G P O .
G PO 90 , ,
G PO .

g p u p d a t e . GPO.
, G PO ,
(O U )
g p u p d a t e . e x e
. ,
I n v o k e - G P U p d a t e PowerShell.
, ,

.
, Windows RT,
.
, .
Internet Explorer 10.
9.

-
Windows, Windows Server :
.
, Microsoft,
, .
B ra n c h C a c h e
BranchCache

, . ,
, ,
.
. BranchCache
. BranchCache
W in d o w s S e r v e r 2 0 1 2 R2 43
(G PO ).
Windows
. ,
, .
BranchCache
, .
BranchCache Windows Server 2012 R2
,
.
.
G PO BranchCache, BranchCache
, .
BranchCache
, - DVD,
.
,
. BranchCache
(Extensible Storage Engine ESE).
, Microsoft Exchange Server.

.
,
(certificate authority ).
,
.
SMB 3 .0
Windows S M B ,
Server Message Block ( ). (
IB M , Microsoft,
IB M .) 25 S M B
.
100 / ( 2000 .),
,
( 2001 .).
Windows Server 2012 R2 SM B,
,
,
PowerShell.

, ,
, (File Server
Resource Manager).
, .
44 1
(File Classification Infra

structure), (Dynamic Access Control),
.

.
.
,
13.
,
, ,
, : .
Windows, Windows Server 20I2 R2
.
- IIS
Windows ,
- Windows.
, .
, - FastCGI,
, FastCGI ,
, ,
FastCGI IIS ? , ,
-
, . (
. ,
Halo.)
- ,
,
- ,
, . IIS 7.0
Windows Server 2008 l IS,
, W inRM . ( , RPC
I IS 7.)
IIS 7 .0
, I IS 7,
l IS 7.5, , Windows
Server 2008 R2. -
I IS 7.x.
, ,
Microsoft , -
. Windows Server 20I2 R2 -,
I IS 8.0 (. 1.4).
W in d o w s S erver 2 0 1 2 R2 45
Internet Information Services (IIS) Manager l- M * I
() Start Page 40
File V ie w Help
Connections M c ro s o ft
I \
Internet Information Services
Application Sen/er Manager
7 Start P ag e
a LA B S E R V E R (LABSERVER\A am
R e c e n t c o n n e c tio n s O n lin e r e s o u rc e s
i... Q A p p licatio n Pools
t> Sites C o n n e ct to localhost IIS N ew s and Inform ation
Nam e
C o n n e ct to a server... IIS D ow nload s
LA BSER V ER
C o n n e ct to a site... IIS Forum s
C o n n e ct to an application... T e ch N e t
M SD N
A S P .N E T N ew s
M icro so ft W e b Platform
ill
IIS N e w s Enable IIS News
IIS N ew s is disabled, click th e Enable IIS N ew s link to get th e m o st recent on lin e news.
ill
Ready
. 1.4. IIS
IIS 8.0 ,
-.
, IIS 8.0:
;
IP -;
SSL;
;
FTP;
(Server Name Indication SN l);
SSL ;
NUM A.
-,
- Windows, 19.
MICROSOFT 1.
Windows Server 2012 R2 Microsoft (Microsoft Mana
gement Console ) Internet Information Services (IIS) Manager 6.0
. Windows Server .
46 1
FTP
Microsoft - , - .
,
F T P (File Transfer Protocol
), Windows
15 . ,
.
,
( ). ,
, F T P - Windows,
F T P - .
, Windows Server 2008 Windows Server 2008 R2,
. , Microsoft
F T P- . Windows Server 2012 R2
,
FTP
. , F T P -, Windows,
19, FTP.
- 19.

Windows
Server 2012 R2
Windows Server
. ,
. ,
. , ,
, , .
Windows Server, ,
.
,
. ,
, ,
.

Windows Server.
Active Directory.
Windows Server, ,
.
( ) ,
Windows (Windows
System Image Manager).
, :
;
;
.
48 2
?
, Windows Server.
Windows 8 Windows Server 2008,
,
, .
. ,
, .
Windows Server 2012 R2. ? ,
.
, , .
Windows Server 201 2 R2
. . ,
, .
. ?
,
, . ,
, ,
. ,
. ,
.
, Windows (Windows Firewall)
. ,
. ,
/ .
,
? , Microsoft
.
,
(Group Policy) (Server Manager).
. ,
,
Windows (Windows Deployment Services)
. -,
,
PowerShell, .
S erver C ore?
Server Core Windows Server
3. ,
, Server Core .
W in d o w s S e r v e r 2 0 1 2 R2 49
Windows Server 2012 R2?

64- . Microsoft
64-. 32-
. 64-
.
, . Microsoft
. ,
,
Microsoft ( 64-), .
.

Windows Server
, , .. Enterprise Standard.
Windows Server 2012 R2 Enterprise ,
.

. ,
; ,
. , ,
.

, ,
. ,

,
.
, ,
, . . 2.1
Windows Server 2012 R2, Microsoft.

, ,
.
Microsoft Microsoft Assessment
and Planning Toolkit for Windows Server 2012 (h t t p : / / t i n y u r l . c o m / y c p u k 3 1 ).
,
.
.
6 4 -
Windows Server 2012 R2 64- .
: 86 32- Windows Server 2012 R2 .
50 2
2.1. W indow s S e rv er 2 0 1 2 R2

1,4 64 2 64-
512 2 32
Standard, 4
Datacenter
32 40

, 10
Server Core
DVD-ROM

; CD-ROM

Super-VGA (800x600)

,

64.
64 :
64 .

64- .
32-
64- Windows Server 2012 R2:
32- , Windows-
on-Windows (WOW32). ;

, Windows Server
2008 Windows Server 2012 R2.
86 64 :
86 Windows Server 2003 Windows Server 2008 Windows
Server 2012 R2. 86 64
.
64- Windows
: , ,
,
. ,
64 Windows Server 2012 R2.
Microsoft ,
. ,
, .
W in d o w s S e r v e r 2012 R2 51
, .
, .
, ?
, Windows Server 2008, ,
86 Microsoft .
, 64, .
SQL Server 2008 64.
Windows Server 2008
,
64- . , 86, ..

. , .
, ,
. .
.

Microsoft Hyper-V. Hyper-V
Windows Server 2012 R2;
64 86, Linux,
. , Hyper-V
BIO S (Data Execution
Prevention D EP). (
, ).
Hyper-V .

, , , .
, Windows,
.
: .
ImageX
Windows (Windows Automated Installation Kit).
Microsoft,
Windows (Windows Deployment Services W D S):
, ,
: ( ) Ghost
,
sysprep Microsoft.
52 2
.
, .
, .
1. , ,
.
2. Windows Server.
3. .
4. .
5. .
6. .
7. .
:
, ;
.

. ,
, , .

,
, .
,
. , ,
.
, ,
.
Windows Server 2012 R2 DVD.
. DVD-ROM
DVD. , ,
CD/DVD ISO - Windows Server DVD,
- Microsoft .
, DVD?
, DVD.
, .
Windows Server 2012 R2 USB.

Microsoft h t t p : / / t i n y u r l . c o m / k t z 5 f q .

DVD.
W in d o w s S e r v e r 2 0 1 2 R 2 53
DVD. DVD ,
. ,
, .
,
(Power-On Self Test POST). -

DVD. , B IO S
. ,

.
Boot Order ( ).
, D V D - IS O -,
, .
. 2.1 , .
, ,
. ,
, . ,
,
! ,
, .
, (<\>),
Windows.
Language to install ( )
, DVD.
,
. , , ,
, ,
.
W in do w s I |-^|
Windows Server 2012
: ()
( ):
, "".
. 2 .1 . Windows
54 2
Time and currency format ( )

, Windows
. ,
.
Keyboard or input method ( )
, .
, ,
. ;
(Remote Desktop). R D P
,
. , . 2.2, :
;

W indows Setup a s i
8 Windows Server 2012 R2
install now
Repair your computer
2013 Microsoft Corporation. rights reserved.
. 2 .2 . Windows Server 2012 R2

Install Now ( ).
GUI S erver C ore

, .
Windows Server 2008. G U I
Windows. Server Core
,
.
Server Core 3.

, ,
Windows Server 2012 R2. Windows Server 2012 R2 Standard
Evaluation (Server with a GUI) ( Windows Server 2012 R2 Standard
( G U I)), . 2.3.
W in d o w s Setup
Select the operating system you want to install
Operating system Architecture Date m odified

[W in dow s Server 2012 R2 Standard (Server Core Installation) x64 9/30/2013
W in d o w s Server 2012 R2 Standard (Server w ith a GUI) x64 9/30/2013
W in d o w s Server 2012 R2 Datacenter (Server Core Installation) x64 9/30/2013
W in d o w s Server 2012 R2 Datacenter (Server w ith a GUI) x64 9/30/2013
Next
. 2.3.

Microsoft (end user license agreement EU LA ),
. 2.4.
I accept the license terms ( )
Next (), .
4 W in d o w s Setu p
License terms
Your use of this software is subject to the terms and conditions of the license
agreement by which you acquired this software. If you are a volume license
customer, use of this software is subject to your volume license agreement. You
may not use this software if you have not validly acquired a license for the
software from Microsoft or its licensed distributors.
E U LAI D:W S B_R8_1 _E D_S RVSTD_V_e n-us
I accept the license terms
Next
. 2.4. EULA
56 2
, . 2.5,
, 86 64 .
Server Core
. ,
Custom (). Next.
W indow s Setup
5
Get important updates for Windows Setup
Go online to install updates now (recommended)

Get the latest updates, such as security updates and hardware drivers, to help successfully
install Windows. (Your computer will stay connected to the Internet while Windows installs.)
No thanks
Without these updates, Windows might not install properly and your computer might be more
vulnerable to security threats.
I want to help make the Windows installation better
Privacy statement
. 2.5.
. 2.6 . ,
Next, ,
. Next ,
,
.
Where do you want to install Windows?
Total ze Free space Type
6*066 60,0 GB
Drive optior (advanced)
Load driver
. 2.6. Windows
W in d o w s S e r v e r 2 0 1 2 R2 57
, ?
, , -
. Drive options (advanced)
( ()). , . 2.7.
W h ere d o y o u w a n t to install W ind ow s?
Name Total size' ___Free space Type
. 2.7.
,
. ,
(Disk 0) .
, New (),
Apply ().
, - ?

. , B IO S . , ,
, , .

, . ,
Load Driver ( ). ,
. 2.8.
,
-. , , ,
-, , Microsoft
.
-, C D , DVD - U SB,
. ,
.
Where do you want to install Windows? (
Windows?) , .
58 2
Select th e driver to install
MM
To install the device driverf oryour drive, insert the installati on mecfid containing the
driver files andthen dick OK,
Note: The installation media can be a CO, DVD, or USBflash drive.
I OK 1 | Cmcri
P Hide drivers that aren't compatible with this computer's hardware,
j Brgwse j escan
. 2 .8 .
. , . 2.9,
, .
,
.
Installing W in d o w s
Your computerwill restart several times. This might take a while.
jj ^ Cepying Windows files

Getting fSes ready for eTsraiLrtion (0%)
J
| Installing feature;
H Installing updates
Finishing up
. 2 .9 . Windows
. 2.10 , .
.
,
.
Settings
Type a password for th e b u ilt-in adm inistrato r account th a t yo u can use to sign in to this com puter.
User nam e
Password
Reenter password
& Finish
. 2.10.
.
. The Great Debates:
Pass Phrases vs. Passwords ( :
) http: / / t i n y u r l . c o m / 3 h r b g .
.
, , . . 2.11:
Start () .
. Start
(Server Manager),
.
, PowerShell.
jL Server Manager I-I I x ..
( ? ) Server Manager Dashboard I

Manage Tools View Help
WELCOME SERVER MANAGER

ISS D a s h b o a rd
| Local Server
C o n fig u re th is lo c a l s e rv e r
| All Servers
QUJCK START
i t File and Storage Services >
2 Add roies and features
3 Add other servers to rranage

W H A T S NEW
Hide
LEARN MORE

Roles: 1 | Server groups: 1 | Servers t o a t 1
-, File and Storage

1 I Local Server 1 || All Servers 1
Services
Manageability Manageaoility Manageability
Events Events Events
Performance Servces Sen.'ices
SPA resjits Performance Performance
BPA results BPA results
* F*
^ . <4 b3 11:49AM
11/1/2014
. 2.11.
60 2

! ,
.
Windows Server Windows Server 2012 R2.

, ,
.
Microsoft ,
, .
, ,
,
.
.
,
- .

.
, Windows
Server 2012 R2 .
, .
,
. . 2.2 .
, .
.
2.2. W indow s S erver 2 01 2 R2

Windows Server 2008 Standard SP2 Windows 2012 R2 Standard Windows
Windows Server 2008 Enterprise SP2 2012 R2 Datacenter
Windows Server 2008 Datacenter SP2 Windows Server 2012 R2 Datacenter
Windows Web Server 2008 Windows Server 2012 R2 Standard
Windows Server 2008 R2 Standard SP1 Windows Server 2012 R2 Standard

Windows Server 2008 R2 Enterprise SP1 Windows 2012 R2 Datacenter
Windows Server 2008 R2 Datacenter SP1 Windows Server 2012 R2 Datacenter
Windows Web Server 2008 R2 Windows Server 2012 R2 Standard
Windows Server 2012 Datacenter Windows Server 2012 R2 Datacenter
Windows Server 2012 Standard Windows Server 2012 R2 Standard

Windows Server 2012 R2 Datacenter
86, 64, Server Core ,

.
W in d o w s S e r v e r 2 0 1 2 R 2 61
, .
86 64 .
Windows Server 2003 .
Windows Server 2008
Windows Server 2003 Windows Server 2012 R2
Server Core .
, ,
Windows Server 2008 R2 Standard Windows Server 2012 R2 Datacenter,
Windows.
Software Assurance,
(client access license C A L)
.
.
86 64 .
.
,
. -
. ,
,
. .
1. , .. Windows Server 2008
86 .
2. X .
3. X Windows Server 2012 R2
.
4. X.
5. Windows Server 2012 R2
.
(3. .
7. Windows Server 2008.
- Windows 2000 Server.
? Windows Server 2012 R2
Windows Server 2003, Windows
Server 2008 R2. , .
Windows 2000 Server 64 Intel
A M D . Itanium, , 64.
, Windows 2000 Server Windows
Server 2012 R2 .
62 2
,
.
, ,
, Windows
Server 2012 R2. ,
.
, ,
.
, ,
. ,
,
Windows Server .
.
- . Microsoft
.
,
,
.
. .
, ,
.
.
,
. , , ..
,
.
,
- ,
(System Center Operations Manager),
, .

.
, Windows.
, .
, .

Microsoft (Microsoft
Network Monitor).

. ,
TechNet
. Windows
Server 2012 R2, :
W in d o w s S e r v e r 2 0 1 2 R2 63
Hyper-V Server 2012 Microsoft;

VMware Server,
Windows Server;
VMware Workstation 9.0;
Citrix XenServer ,
Hyper-V Microsoft.
, ,
64- .
H yper- V
Windows Server 2012 R2, Hyper-V.
27 28 ( 2),
, .
,
. ,
DVD USB. .
,
Windows Server DVD U SB.
ISO - Windows Server 2012 R2.
- Microsoft
, .
. 2.12 ,
Windows Server 2008 R2 64,
. 2.12. Windows 2008 R2

64 2

DVD R W D rive ( 0
w i n v e r . e x e .
(U twM-SS5-x6tfrRE-eN-US-DV5 C : \ P r o g r a m F i l e s ( 8 )
, 64--
Always do tf-as for sofr^ are and games:
.
IiK taflo rru n program from your media Windows Server 2003 86 Windows Server
2008 86.
,
General options ,
Open folder to view files
' p .. ustk ? Windows Explorer , . 2.13,
View more A u toPlay options in Control Panel
, D V D -

. 2.1 u
3 . - setup.exe
v (AutoPlay).
v 37
3 -
, s e t u p . e x e
,
. ,
, .
Go online to install updates now (
), (. 2.14).
;
, . 2.14, -
Microsoft, .
. 2.14.
, ,
, . Microsoft
.
.
, .
,
.
Windows, .

(Microsoft Windows Malicious Software Removal Tool),
.
,
. , ,
, ,
. . 2.15 , ,
- Microsoft
. ; ,
.
. .
! , . 2.16?
?
, . .
, . . 2.2
. 2.15.
66 2
, E U L A
, (. 2.17).
, Windows Server 2012 R2,
, Microsoft.
| g J
W indows Setup
Select the operating system you want to install
Operating system Architecture Date modified

jWindows Server 2012 R2 Standard (Server Core Installation) x64 9/30/2013 i
Windows Server 2012 R2 Standard (Server with a GUI) x64 9/30/2013
Windows Server 2012 R2 Datacenter (Server Core Installation) x64 9/30/2013
Windows Server 2012 R2 Datacenter (Server with a GUI) x64 9/30/2013
Next
. 2.16.
License terms
M ICROSOFT PRE-RELEASE SOFTW ARE LICENSE TERM S

M ICROSOFT W IN O O W S SERVER 2 0 1 2 R2 PREVIEW
These license terms are an agreement between Microsoft Corporation (or

based on where you live, one of its affiliates) and you. Please read them. They
apply to the pre-release software named above, which includes the media on
which you received it, if any. The terms also apply to any Microsoft
updates,
supplements.
Internet-based services, and
su D o o rt services
fi? jl accept the license terms
C o lle c tin g in fo rm a tio n Installing Window's
. 2.17. EULA
W in d o w s S e r v e r 2 0 1 2 R 2 67
, . 2.18,
, Windows
Server 2012 R2. ,
. Windows
Server 2012 R2 .

W n icn typ e o f installation d o y o u w an t?
U p grade: In stall W indows b/ k J beep files, se ttin gs, an d app lication s

The f&s* and r rw e d t o W u v fo a fS ^ h lh K option T h k offten onty
vnhen supported vtrjo?? ofWirJj> se aheecfef njruaivg ontbfccompute.
C u f to m ; I n s t a ll W tn c fo w c e n fy C id v a n c e < fi
Thefjfe, stitin^. andapplecafkmi aren't hcsvtdt Wawtev4*lSt this ,. >-ou*wni to
make chan to ; endcfewe sfesitihe oanpvito uvng *h_ws&B*tion disc We
ôartnend backing up y&ufftte b-fiere you .
Help r<ie decide
& ' irTic'matian
. 2 .1 8 .
Windows Server 2008

R2 Standard Windows Server 2012 R2 Standard
, Upgrade: Install Windows and
keep files, settings, and applications (: Windows
, ).

, .
, ,
Windows Server 2008 R2 (. 2.19).
.
,
. , ,

. Next
! Windows Server.
,
, .
.
, .
.
68 2
. 2 .1 9 .
Windows Server 2012
R2, , . ,
, .
; ,
Windows Server 2012 R2 (. 2.20).
, .
; , ,
, .
, .
VMKH\Administrator

& 8 Windows Server 2012 R2
. 2.20.
W in d o w s S e r v e r 2 0 1 2 R2 69
. 2.20
. ,
. ,
.
Initial Configuration Tasks (
) Server Manager ( ),
. 2.21. ;
.
. ,
, Windows
.
[-||
(<) r Server Manager * Dashboard (5) I Manage Tools View Help
WELCOME TO SERVER MANAGER
Local Server
ii All Servers
* i File and Storage Services i>
i us QUICK START
?*- NAP 2 Add roles and features
Remote Desktop Services t>
3 Add other servers to manage
WHAT'S NEW
Hide
LEARN MORE
p. File and Storaqe

4 c . 1 I MS 1
Services
(t) Manageability (t ) Manageability
Events Events
Performance Services
BPA results
. 2 .2 1 .
, .
. . .

. Windows Server 2012 R2 -.
, ,
. ,
PowerShell .
, .
Event Viewer ( ),
, , .
,
.
, .
70 2
, ,
.
,
.
. .
.

,
(. . 2.21).

.
, ,
. Local Server ( )
, . 2.22.
Server M anager
Server Manager * Local Server (5 ) | Manage Tools View Help
ISS Dashboard
Computer nan Last installed updates
Workgroup Windows Update
i All Servers Last checkedfor updates
DNS
Windows Firewall Public On Windows Error Reporting
i File and Storage Services > Remote management Enabled Customer Experience Improvement Pr
Remote Desktop Enabled IE Enhanced Security Configuration
i IIS NICTeaming Disabled
EthemetO IPv4 address assigned by DHCP. IPvfi enabled
NAP
Remote Desktop Sen/ices >

MicrosoftWindows Server2012R2 Datacenter Processors inteJCRJ Pentium).
VMware. inc. VMware Virtual Platform Installed memory(RAM)
Total diskspace
;; -
filter P ( ) a
Server Name ID Severity Source Log Date andTime
LA8SERVER 10149 Warning Microsoft-Windows-Windows Remote Management System 8/10/2015 11:18:54PM r

LABSERVER 1014 Warning Microsoft-Windows-DNS Client Events System 8/10/2015 11:13:40PM
i
LABSERVER 7023 Error Microsoft-Windows-Service Control Manager System 8/10/2015 11:18:12PM
LABSERVER 46 Error Yolmgr System 8/10/2015 11:17:14PM
LABSERVER 1014 Warning Microsoft-Windows-DNSClient Events System 8/10/2015 1-35:10PM
LABSERVER 489 Error ESENT Application 8/10/2015 125:22PM
LABSERVER 455 Error ESENT Application 8/10/2015 125:22 PM -
. 2 .2 2 .
,
.
Windows. Windows Server 2012 R2
, Microsoft.
, .
. Product ID (
) Time zone ( ),
.
.
W in d o w s S e r v e r 2 0 1 2 R 2 71
. Ethernet
.
.
Computer name ( ),
.
.
, .
, ,
Microsoft, .
.
, .
.
.
.
. ,
.
. ,
.
.
Windows. Windows
.
Active Directory .
,
, .

, .
,
.

Microsoft
.
Windows Server -
, .
, Do not display this again at logon
(He ),
, . ,

icrosoft. ,
Add/Remove Programs (
) ?
72 2
, , Windows Server 2012 R2

. Windows Server 2012
Initial Configuration Tasks (
).
(. . 2.21).
, . Windows Server 2012 R2
( ).
Administrative Tools (),
com pm gm tlauncher.exe Programs and Features
( ) .
Start
Windows Server 2012
<Windows>,
<Alt> . Windows Server 2012 R2 Start

. ,
Windows Server.
.
Start

Windows
Seiver Manager PowerShell
Q m
This PC Task Manager
m
Control Panel Internet Explorer
Desktop
,
,
.
PowerShell.
W in d o w s S e r v e r 2 0 1 2 R 2 73

,
. .
R E G _ D W O R D
D o N o t O p e n S e r v e r M a n a g e r A t L o g o n H K E Y _ L O C A L _ M A C H I N E \ S O F T W A R E \
M i c r o s o f t \ S e r v e r M a n a g e r . ,
.
1 .
Server Manager Properties ( )
Manage (),
. ,
Do not show me this console at logon (He ).

Windows Server 2008 Windows Server 2012
R2 .
, Initial Configuration Tasks
,
; .
Local Server ( ),
,
.
,
.
Metro ,
.

. .
,
.

, .
(Add Roles Wizard)
.
Installation ( ),
Server Selection ( ).
.
servermanagercmd.exe .
PowerShell.

,
.
, ,
, .
74 2

, .
.
Local Server
( ). Properties
() (. . 2.22).
, ,
.
.
Windows
O EM , ,
.
.
, , ,
DVD. (volume license)
Microsoft
- Microsoft,
, (large account reseller LAR).
,
Microsoft
.
, .
Microsoft.

h t t p :/ / t e c h n e t .m i c r o s o f t .c o m / r u - r u / l i b r a r y / h h 8 3 1 6 1 2 .a s p x .
Product ID ( )
, .
, Windows Activation ( Windows).
Product key (
) Activate (), . 2.23.

, ,
IPv4. IPv4
, .
,
, .
Ethernet.
(network interface card N IC ), .
. ,
(. 2.24).
.
/ .
,
.
W in d o w s S erver 2012 R2 75
:fb Server Manager - j I x i
Server Manager * Dashboard @ | Manage Tools
, System l- H x
- 1 1* . ...4Panel All Control Panel Items System - I Search Control Panel fi |

| Local Server
e
Enter a product key

Your product key should be on the box that the Windows DVD came in or in an email that shows you
bought Windows.
The product key looks similar to this:

PRODUCT KEY: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
Dashes will be added automatically
Windows is not activated. Read the MicrosoftSoftware LicenseTerm
Product ID: 00253-50000-00000-AA442 Activate Windows
Ia I sp II
. 2.23. Windows Activation
|la Server Manager I- I I x I
Server Manager Dashboard (S) | f^" Manage Toots View Help
Network Connections
I Local Server Network and Internet Network Connections
Search Network Connections
~z\
| i All Servers
i File and Storage
EthernetO
Network
Intel(R) 82574L Gigabit Network C...
p lb
. 2.24.
: n c p a . c p l
PowerShell, Network Connections (
).

Properties
(). , . 2.25.
76 2
rL, Server Manager 1-1*1 x 1
Server Manager * Dashboard * @ | Manage Tools View Help
Network Connections 1 1
I Local Server < Network and Internet Network Connections v C, | | Search Network Connections P |
li All Servers
Organize Disable this network device Diagnose this connection Rename this connection
File and Storage
EthernetO
Network
' Intel(R) 82574L Gigabit Network C...
[ S i l l s ^ |H | 1 Fc
. 2.25.
Internet Protocol Version 4 (TCP/IPv4) (

4 (TCP/IPv4)) Properties ().
, . 2.26.
IF* Server Manager - |S[ x 1
Server Manager Dashboard - (S ) | | Manage Tools View Help
Network Connections l- H - I
I Local Server < Network and Internet Network Connections
HI [ Search Network Connections
i All Servers
Disable this network device Diagnose this connection Rename this connection
i l File and Storage EthernetO Properties
in
Internet Protocol Version 4 (TCP/IPv4) Properties I x
Connect using: General |Alternate Configuration]

Intef(R) 82574LGigabit Network Connection You can get IP settings assigned automaticaBy if your networksupports
this capability. Otherwise, you need to ask your networkadministrator
| Config, for the appropriate IP settings.
This connection usesthe followingitems:
<g) Obtain an IP address automatically
0 eJJ.Clientfor Microsoft Networks
Use the followingIP address:
0 Fileand Printer Sharingfor Microsoft Networks
0 jjQoS Packet Scheduler IP address:
Microsoft Network Adapter Multiplexor Protocol
Subnet mask:
0 Link-Layer Topology Discover)' Mapper I/O Driver
0 -a- Link-Layer Topology Discovery Responder Default gateway: [
0 Internet Protocol Version 6 (TCP/IPv6)
0 -* Internet Protocol Version4 (TCP/IPv4) () Obtain DNS server address automatically
Proper Use the followingDNS server addresses:
Description Preferred DNS server: |
TransmissionControl Protocol/Internet Protocol. The def
wide area network protocol that provides communicatior
across diverse interconnected networks.
Alternate DNS server: : 1
Validate settings u[ | Advanced...
^ ~ 1

. 2.26. IPv4
W in d o w s S e r v e r 2 0 1 2 R2 77
IP -. TCP/IPv4 D H C P -
. ,
(. 2.27).
In te rn e t P r o t o c o l V e rs io n 4 (T C P / IP v 4 ) P r o p e rtie s I x
You can get IP settings assigned automatically if your network supports

this capability. Otherwise, you need to ask your network administrator
for the appropriate IP settings.
Obtain an IP address automatically

() Use the following IP address:
IP address: | 192 . 168 ,, 1 , 49 |
Subnet mask: | 255 . 255 ,. 255 . o 1

Default gateway: | 192 . 168 ., 1 .
1
. 1Obtain DNS server address automatically
() Use the following DNS server addresses:
Preferred DNS server: | 62 . 162 ., 4 .

* 1
Alternate DNS server: | 62 . 162 ,, 4 . ]
validate settings upon exit | Advanced... ]
OK ] | Cancel
. 2 .2 7 . IPv4

, . 2.27. ,
, .
netsh.
;
ipconfig.
C:\>netsh interface ip set address name="Local Area Connection"
static 192.168.1.49 255.255.255.0 192.168.1.1
n e t s h :
C:\>netsh interface ip set address = "< >"
static < 1-> < >
< >
.
D N S-. n e t s h D N S-:
C:\>netsh interface ip set dns "Local Area Connection" static 192.168.1.21
C:\>
:
netsh interface ip set dns "< >"
static <1- DNS-cepBepa>
D N S -
netsh, :
C:\>netsh interface ip add dns "Local Area Connection" 192.168.1.22
C:\>
78 2
IPv4 .
, i p c o n f ig:
:\>ipconfig
Windows IP Configuration
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . .:
Link-local IPv6 A d d r e s s .......... : f e 8 0 ::5819:d35b :l b 2 4 :de7f%10
IPv4 A d d r e s s ....................... : 192.168.1.49
Subnet Mask ....................... : 255.255.255.0
Default Gateway ................... : 192.168.1.1
Tunnel adapter Local Area Connection* 8:
Media State ....................... : Media disconnected
Co nnection-specific DKS Suffix . .:
Tunnel adapter Local Area Connection* 9:
Connection-specific DKS Suffix . . :
IPv6 A d d r e s s ....................... : 2001:0:4137 :9e50:1817 :3f21: 3fS7:fc97
Link-local IPv6 Address .......... : f e 8 0 ::1817:3 f 2 1 :3 f 5 7 :fc97%12
Default G a t e w a y ................... : : :
: \>
, L o c a l A r e a C o n n e c t i o n
IPv4. ,
i p c o n f ig /all .
.
ping,
:
C:\>ping 192.168.1.1
Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time=13ms TTL=128
Reply from 192.168.1.1: bytes=32 time<lms TTL=128
Reply from 192.166.1.1: bytes=32 timeclms TTL=128
Ping statistics for 192.168.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in m i l l i - s e c o n d s :
Mini mum = 0ms, Maximum = 13ms, Average = 3ms
C:\>

, IPv4.
. ,
. , , ,
, , , , .
,
, 1.
.

Windows ,
.
W in d o w s S e r v e r 2 0 1 2 R2 79
.
, ,
,
, .
Computer Name ( ),
(. 2.28),
.
, ,
. Change (), . 2.29.
rL Server Manager
(^ ) S e rv e r M a n a g e r " Local S e rv e r ( j^ ) | Manage Tools View Help
I " Dashboard
All Servers
i File and Storage Services t
WindowsRrev**1
| CPUG6
fi -r -
WIN-NB3CGBS22GJ 10 Warning Microsoft-Windoas-DNSClient Events

WIN-NS3CSBS22CJ 7023 Error MioosoS-Window-SviControl
W1N-NB3CSSS22CJ 46 Error volmgr System 8/10/2015
1V1N-NB3C6BS22GJ 3138 Error Mtoosoft-WindoM-Sec-jrity-SI Application 3/10/2015
WN-NB3CGSS22SJ 3198 Error MicrosofMndos-Security-SPP Application 3/10/201S
W1N-W3COBS22SJ 1014 Wamina rosort-WindO0NSCfent =vsn=
m | m v
. 2 .2 8 . Computer Name
. 2.29.
80 2
Windows Server. ,
.
.
,
, .
Computer name ( )
(. 2.30). , ,
.
WUKMjKUW Windows update
Last checked for updates
System Properties
dows Error Reporting
Computer Name |j-y . 1. nA i Cm ver Experience Impf
Computer Name/Domain Changes

Window:
on the n< You can change the name and the membership of this
computer. Changes might affect a ccess to network resources.
Computer descriptic
Computer name:
Full computer name

Workgroup
Full computer name:
WIN-NB3CGBS22GJ
To rename this con
workgroup, dick G
Member of
Domain:
ite and Time
10/2015 11:1
() Workgroup: 10/2015 11:1?
10/2015 11:1c
10/201511:17
10/2015 113C
Cancel
10/2015 1liBC
10/2015 112?
S E R V IC E S
All services 1137 total
. 2.30.

, (. 2.31).
. .
Computer Name/Domain Changes
You must restart your computer to apply

these changes
Before restarting, save any open files and close all

programs.
OK
. 2.31.

W in d o w s S e r v e r 2 0 1 2 R 2 81

netdom:
C:\>netdom /renamecomputer W IN-DC L9M RNL V0H / n e w n a m e :BIGFIRMAPPSVR1
This operation will rename the computer WI N-D CL9MRNLVOH
to B I G F I R M A P P S V R l .
Certain services, such as the Certificate Authority, rely on a fixed
ma chine name. If any services of this type are running on
WIN-DCL9MRNLV0H, then a computer name change would have an adverse impact.
Do you want to pr oce ed (Y or N) ?

The computer needs to be restarted in order to complete the operation.
The command completed successfully.
WIN-DCL9MRNLVOH
BIGFIRMAPPSVRl.
, ,
. WIN-DCL9MRNLVOH
,
.
(Y N) ?

.
.
: \>
netdom:
netdom /renamecomputer < >
/ n e w n a m e :< >
n e t d o m .
.
.

, ,

. Computer Name/Domain Changes ( -
/ ).
, D N S - B i g F i r m . c o m
(. 2.32). .
,
. b i g f i r m \ a d m i n i s t r a t o r b i g f i r m \ jbl oggs,
j b l o g g s Active Directory.
, ,
,
, Active Directory
, ..
82 2
yer Manager: - Local Server
PROPERTIES
I for LabSerêr
System Properties L ?J
ppuler Marne Hardware | Advanced [ Remote ;
ges
Computer Name/OorrainChanges &M
You can chang e the name and the menfc<ish$) erfthis
Windows uses the fofloxrtng irfotmation to identify you computer Changes irtgh? affect access to network resources
the network.
i>mputer description
Computer name,
For example "IIS Production Server"
''Acansting Server"
lill compiler name LabServer
Fu8 computer name:
jortttyoup: WORKGROUP LabServer
rename Hits computer or change Is domain or

brkgroup. cfeck Change.
Merrfcerof
Domabv
&gfifm.com|
Workgroup:
OK I ] Caned
. 2 .3 2 .

:
C:\>netdom join bigfirmappsvrl /Domain: big fir m . c o m /UserD:bigfirm\
administrator /PasswordD:*
Type the p ass wor d associa ted with the domain user:
, :
.
: \>
:
n e t d o m :
netdom join < , >
/ D o m a i n :< >
/UserD:<HMH >
/Pas swo rdD :*

. j o i n
. ,
/REBoot, . ,
, .
netdom join bigfirmappsvrl
/Domain: bigf irm .co m
/UserD:bigfirm\administrator
/PasswordD:* /REBoot
?
,
.
.
Windows Server 2012 R2 Server Core,
sconfig.
,
.
-
, , .

Windows
.
, - ?
(Remote Desktop).
Remote Desktop
- 3389, , R D P (Remote
Desktop Protocol ).

. RDP,
(Local Server) Remote Desktop
( ), Disabled
(). . 2.33 , R D P .
I - 1
Server Manager > Local Server Manage Tools View
Computer nar Last installed updates

l i All Servers Workgroup Windows Update
3 File and Storage Services t Last checked for updates
Windows Firewall Public: On Windows Error Reporting Off

Remote manageme Enabled Customer Experience Improvement Program Not part
Remote Desktop Disabled IE Enhanced Security Configuration On
NIC Teaming Disabled Time zone (UTC-0
EthemetO IPv4 address assigned by DHCP, IPv6 enabled Product ID Not activ
Operating systemversioi Microsoft Windows Server 2012 R2 Datacenter Processors Intel(R)

Hardware information VMware, Inc VMware Virtual Platform Installed memory (RAM) 1 GB
Total diskspace
Fitter p -
Server Name ID Severity Soura Log Date and Time
WIN-N83CGBS22GJ 10149 Warning Microsoft-Windows-Windows Remote Management System 8/10/201511:18:54PM L^,

WIN-NB3CGBS22GJ 1014 Warning Microsoft-Windows-DNS Client Events System 8/10/2015 11:18:40PM
WIN-NB3CGBS22GJ 7023 Emr Microsoft-Windows-Service Control Manager System 8/10/2015 11:18:12 PM
(J r_ HI0 A ID? 1 C'k

40
11:48AM
11/1/2014
. 2.33.
84 2
.
Allow Connections from Computers Running Any Version of Remote Desktop (Less
Secure) ( ,
Remote Desktop ( )).
Remote Desktop , 6.
8 , Microsoft
. , Remote Desktop
8 Windows Server 2012 R2. ,
Windows Windows Server 2003, ,
Windows Update - Microsoft.
Allow Connections Only from Computers Running Remote Desktop with Network
Level Authentication (More Secure) (
, Remote Desktop
( )). , Microsoft ,
RDP. ,

Remote Desktop 6.
R D P
(Administrators). .
,
, .
Select Users ( )
, ,
,
RDP.
,
, .
.

,
.
, ,
.
,
. .
. (role) , .
D N S - -.
,
, .
.
. (feature) ,
.
W in d o w s S e r v e r 2 0 1 2 R2 85
,
(Add Roles and Features Wizard). Windows Server 2008
R2 ,
. , Microsoft
.

Windows Server 2012 R2 -
. Microsoft .
.
,
Windows Server 2008. , Windows Server 2008 D N S-,
D N S-.
, Windows
Server 2012 R2.

,
. ,
.
, .
,
PowerShell. , .
Dashboard ( ), Local
Server ( ), All Servers ( ) File and Storage Services
( ). - .
Welcome Server Manager ( )
Add roles and features ( ),
. 2.34.
(Add Roles and Features Wizard).

.
,
.
,
(. 2.35). ,
Skip this page by default ( ).
(. 2.36)
Role-based or feature-based installation (
) Remote Desktop Services installation (
); Windows Server 2012 R2.
86 2
?L Server Manager 1 | S | X |
(? ) Server Manager * Dashboard (5) | Manage Tools View Help
WELCOME SERVERMANAGER
ISS Dashboard
I Local Server
(Q ) Configure this local server
l i All Servers
i File and Storage Services >
2 Add roies and features
Add other servers to manage
ROLES ANDSERVERGROUPS
Roles: 1 I Servergroups: 1 I Serverstoiat 1
jg File and Storage
i Local Server 1 ii All Servers 1
(?) Manageability Manageability Manageability

Events Events Events
Performance Service; Services
BPAresults Performance Performance
BPAresults BPAresults
. 2.34.
Add Roles and Features W izard l- l l
Before you begin
This wizard helps you install roles, role services, or features. You determine which roles, role services, or
features to install based on the computing needs of your organization, such as sharing documents, or
Installation Type hosting a website.
Server Selection
To remove roles, role services, or features:
Start the Remove Roles and Features Wizard
Before you continue, verify that the following tasks have been completed:
The Administrator account has a strong password

Network settings, such as static IP addresses, are configured
The most current security updates from Windows Update are installed
If you must verify that any of the preceding prerequisites have been completed, close the wizard,
complete the steps, and then run the wizard again.
To continue, click Next
I I Skip this page by default
| < Previous | | Next > | | Install | |
. 2.35. Before you begin ( )
Select installation type .

, (
) . Remote Desktop Services
installation
, Remote Desktop Services.
Remote Desktop Services installation (
) Remote Desktop Services .
.
W in d o w s S e r v e r 2 0 1 2 R 2 87
Add Roles and Features Wizard
DESTINATION SERVER
Select installation type WIN-N33CGBS22GJ
Select the installation type. You can install roles and features on a running physical computer or virtual
Before You Begin
machine, or on an offline virtual hard disk (VHD).
Role-based or feature-based installation

Configure a single server by adding roles, role services, and features.
Remote Desktop Services installation

Install required role services for Virtual Desktop Infrastructure (VDI) to create a virtual machine-based
or session-based desktop deployment.
| < Previous | | Next > | | Install [ | Cancel |
. 2 .3 6 . Select installation type ( )

Role-based or feature-based installation
Select destination server ( ), . 2.37.
Select a server from the server pool ( ).
.
Select a virtual hard disk ( ).
,
,
(virtual hard disk V H D ). .
VH D Windows Server 2012 R2.
V H D .
, VH D ,

, VHD:
Read () / Write () File Sharing
( );
Full Control ( ) Security (
) File or Folder Properties ( ).

VHD
. VHD,
Read Write Everyone (),
.
Select a server from the server pool.

Next.
88 2
Select destination server
Before You Begin a virtual hard disk on which to install roles and features.
installation Type () Select a server from the server pool

Select a virtual hard disk
Server Roles
Features
1 Computers) found
This page shows servers that are running Windows Server 2012, and that have been added by using the
Add Servers command in Server Manager. Offline servers and newly-added servers from which data
collection is still incomplete are not shown.
. 2 .3 7 .
,
(. 2.38).
. -,
Web Server (IIS) (- (IIS )). Web
Server (IIS) , ,
(.
2.39). Add Features ( ),
Next Select server roles ( ). ,
.
, .. ,
, .
Select server roles

Select e roles to install on the selected server.
Before You Begin
Installation Type Roles
Server Selection Web Server (IIS) provides a reliable,
I I Application Server manageable, and scalable Web
DHCP Server application infrastructure.
I I DNS Server
Fax Server
HD File and Storage Sen/ices (1 of 12 installed)
Hyper-V
Network Policy and Access Services
I I Print and Document Services
Remote Access
I I Remote Desktop Services
Volume Activation Services

I I Windows Deployment Services
I I Windows Server Essentials Experience
I I Windows Server Update Services
| < Previous | | Next > | | Install || Cancel
. 2.38.
W in d o w s S e r v e r 2 0 1 2 R2 89
fL A d d R oles a n d Features W iz a rd
Add features that are required for Web Server (IIS)?
The following tools are required to manage this feature, but do not
have to be installed on th e same server.
a W e b Server (IIS)
a Managem ent Tools
[Tools] IIS Managem ent Console
0 Include management tools (if applicable)
Add Features
. 2 .3 9 . - IIS
. 2.40 Select features ( )

, . ,
.
Next, .
A d d Roles and Features W izard I \-
Select features
Select one e features to install on the selected server.

Before You Begin
Installation Type Features Description
Server Selection .NET Framework 3.5 combines the

Server Roles power of the .NET Framework 2.0
.NET Framework 4.5 Features (2 of 7 installed) APIs with new technologies for
Background Intelligent Transfer Sen/ice (BITS) building applications that offer
Web Server Role (IIS) appealing user interfaces, protect
Bitlocker Drive Encryption
your customers' personal identity
Role Services BitLocker Network Unlock information, enable seamless and
Confirmation BranchCache secure communication, and provide
the ability to model a range of
Client for NFS
business processes.
Data Center Bridging
Direct Play
Enhanced Storage
Failover Clustering
Group Policy Management
IIS Hostable Web Core
Ink and Handwriting Services
| < Previous | | Next > | | Install | | Cancel |
. 2 .4 0 . IIS
Web Server Role (IIS) ( Web Server (IIS ) )

, , Web
Server (IIS), . 2.41.
90 2
Add Roles and Features Wizard l- l-l
Web Server Role (IIS)
Before You Begin Web servers are computers that let you share information over the Internet, or through intranets and
extranets. The Web Server role includes Internet Information Services (IIS) 8.5 with enhanced security,
Installation Type diagnostic and administration, a unified Web platform that integrates IIS 8.5, ASP.NET, and Windows
Communication Foundation.
Server Selection
Server Roles
Features
Using Windows System Resource Manager (WSRM) can help ensure equitable servicing of Web
Web Server Role (IIS) server traffic, especially when there are multiple roles on this computer.
Role Services The default installation for the Web Server (IIS) role includes the installation of role services that
enable you to serve static content, make minor customizations (such as default documents and HTTP
Confirmation
errors), monitor and log server activity, and configure static content compression.
More information about Web Server IIS
. 2 .4 1 . Web Server (IIS)

,
I IS. ,
.
.
, .
. . 2.42 , Web
Server . ,
, , .
Add Roles and Features Wizard L-l-l
Select role services

Select the role services to install for Web Server (IIS)
Before You Begin
Installation Type Role services Description
Server Selection Web Server provides support for
Server Roles HTML Web sites and optional
0 Common HTTP Features support for ASP.NET, ASP, and Web
Features 0 Default Document server extensions. You can use the
Web Server Role (IIS) Web Server to host an internal or
t^l Directory Browsing
external Web site or to provide an
0 HTTP Errors environment for developers to
0 Static Content create Web-based applications.
HTTP Redirection
WebDAV Publishing
0 Health and Diagnostics
0 HTTP Logging
Custom Logging
Logging Tools
ODBC Logging
Request Monitor
II
| < Previous"] | Next > | Cancel |
. 2.42.
W in d o w s S e r v e r 2 0 1 2 R2 91
Microsoft ,
. , .
. , ,
.
, ,
, .
,
, - (. 2.43).
Install (), .
.
,
.
, .

, .
Ad d Roles and Features W izard
Confirm installation selections
To install the following roles, role services, or features on selected server, click Install.
Before You Begin
Installation Type Restart the destination server automatically if required
Server Selection Optional features (such as administration tools) might be displayed on this page because they have
been selected automatically. If you do not want to install these optional features, click Previous to clear
Server Roles
their check boxes.
Features
Web Server Role (IIS) W eb Server (IIS)

Management Tools
Role Services
IIS Management Console
W eb Server
Common HTTP Features
Default Document
Directory Browsing
HTTP Errors
Static Content
Health and Diagnostics
Export configuration settings

Specify an alternate source path
. 2 .4 3 .

. ,
. ,
.

Web Server (IIS ), . 2.44.
, ,
.
PowerShell.
Windows . ! ,
.
92 2
fL Server Manager 1 |
(?) - Server Manager > Dashboard (5 ) | Manage Tools View Help
WELCOME SERVER MANAGER
I Local Server
li All Servers
File and Storage Services > 2 Add rotes and features
io us
3 Add other severs to manage
Create a server group

Roles:2 | Servei groups; 1 I Servers
jg File and Storage
Manageability Manageability Manageability Manageabiiitj
Performance
Performance
BPA results
. 2 .4 4 .
PowerShell
PowerShell.
Windows Server 2012 R2, PowerShell
Microsoft. , PowerShell,
. ,
.
PowerShell .
,
, . PowerShell
.
, Windows Server
.

,
.
PowerShell Start
()
PowerShell. . ,
PowerShell . PowerShell,
, .
, :
PS :\Users\Administrator> import-module Servermanager
G et-W in d o w sFe atu re,

, :
PS : \U sers\Administrator>Get-WindowsFea ture
W in d o w s S e r v e r 2 0 1 2 R 2 93
,
. . 2.45 .
0 W in d o w s P o w e rS h e ll
] S e r v i c e s f o r N e tw o rk F i l e S y s te m M a n .. R SAT-NFS-Adm in A v a ila b le
[ ] S h a r e an d S t o r a g e M anagem ent T o o l R S A T - C o r e F i1e-Mgmt A v a i 1a b l e
[ ] N e tw o r k P o l i c y and A c c e s s S e r v i c e s T o o ls RSAT-NPAS A v a i 1a b l e
[ ] P r i n t and Docum ent S e r v i c e s T o o ls R SA T - Pri n t - S e r v i ces A v a i 1a b le
[ ] R em ote A c c e s s M anagem ent T o o ls R SA T - R e m o te A c c e s s A v a i 1a b le
[ ] R em ote A c c e s s G U I an d C om m and-Line . . RSAT-Rem ot e A c c e s s-M gmt A v a i 1a b le
[ ] R em ote A c c e s s m o d u le f o r W ind ow s P o w .. R S A T - R e m o t e A c c e s s - P o .. . A v a i 1a b le
[ ] V o lu m e A c t i v a t i o n T o o ls RSAT-VA-T o o ls A v a i 1a b l e
[ ] W ind ow s D e p lo y m e n t S e r v i c e s T o o ls WDS-Admi n P a c k A v a i 1a b l e
I ] RPC o v e r HTTP P r o x y R P C - o v e r- H T T P - P r o x y A v a i 1a b le
] S im p le T C P / IP S e r v i c e s S im p le - T C P IP A v a i 1a b le
;x ] SMB 1 . 0 / C IF S F i l e S h a r in g S u p p o rt FS-SM B1 In s t a lle d
] SMB B a n d w id th L i m i t FS-SM BBW A v a i 1a b l e
; ] SMTP S e r v e r S N T P- Se rve r A v a i 1a b l e
] SNMP S e r v i c e S N M P - S e r v ic e A v a i 1a b l e
[ ] SNMP WMI P r o v i d e r S W - lP - W M I- P ro v id e r A v a i 1a b le
' ] T e ln e t C li e n t T e l n e t - C lie n t A v a i 1a b l e
] T e ln e t S e rv e r T e ln e t- S e r v e r A v a i 1a b le
; ] T FT P C l i e n t T F T P - C lie n t A v a i 1a b le
X] U s e r I n t e r f a c e s an d I n f r a s t r u c t u r e U s e r - In te r fa c e s - In fr a In s t a lle d
[ X ] G r a p h i c a l M anagem ent T o o ls an d I n f r a s t r u c t u r e S e r v e r - G u i- M g m t - In f r a In s t a lle d
[ ] D e s k to p E x p e r ie n c e D e s k to p - E x p e ri e nce A v a i 1a b le
[ X ] S e r v e r G r a p h ic a l S h e l l S e rv e r - G u i- S h e l1 In s t a lle d
' ] W ind ow s B i o m e t r i c Fram e w ork B i o m e t r i c- F ra m e w o rk A v a i 1a b le
1 ] W ind ow s F e e d b a c k F o r w a r d e r WFF A v a i 1a b l e
] W ind ow s I d e n t i t y F o u n d a t io n 3 .5 W i n d o w s - I d e n t it y - F o u . . . A v a i 1a b l e
| ] W ind ow s I n t e r n a l D a t a b a s e W i n d o w s - I n t e r n a l- D a t . . . A v a i 1a b l e
;x] W ind ow s P o w e r S h e ll P o w e r S h e llR o o t In s t a lle d
[ X ] W ind ow s P o w e r S h e ll 4 .0 P o w e r S h e ll In s t a lle d
' W ind ow s P o w e r S h e ll 2 .0 E n g in e P o w e r S h e ll- V 2 Removed
| W ind ow s P o w e r S h e ll D e s ir e d S t a t e C o n f i g u r a t i . . D S C - S e r v ic e A v a i 1a b le
X ] W ind ow s P o w e r S h e ll I S E P o w e rS h e ll- IS E In s t a lle d
W ind ow s P o w e r S h e ll Web A c c e s s W in d o w s P o w e r S h e llW e b .. . A v a i 1a b le
[ ] W ind ow s P r o c e s s A c t i v a t i o n S e r v i c e WAS A v a i 1a b l e
[ ] P r o c e s s M odel W A S - P ro c e s s - M o d e l A v a i 1a b l e
[ ] .N E T E n v ir o n m e n t 3 .5 W A S-N ET -E n v i ro n m e n t A v a i 1a b l e
[ ] C o n f ig u r a t io n A P Is W A S - C o n fi g - A P Is A v a i 1a b le
' ] W ind ow s S e a r c h S e r v i c e S e a r c h - S e r v ic e A v a i 1a b l e
' ] W ind ow s S e r v e r B ac k u p Wi n d o w s - S e rv e r - B a c k u p A v a i 1a b le
! ] W ind ow s S e r v e r M i g r a t i o n T o o ls M ig r a tio n A v a i 1a b l e
|3 W ind ow s S t a n d a r d s - B a s e d S t o r a g e M anagem ent W in d o w s S t o r a g e M a n a g e .. . A v a i 1a b l e
3 W ind ow s T I F F I F i l t e r Wi n d o w s - T I F F - I F i I t e r A v a i 1a b le
3 WinRM I I S E x t e n s io n W i n R M - IIS - E x t A v a i 1a b l e
;] W IN S S e r v e r W IN S A v a i 1a b le
3 W i r e l e s s LAN S e r v i c e Wi r e le s s - N e t w o r k i ng A v a i 1a b le
X3 WoW64 S u p p o r t W o W 6 4-Sup port In s t a lle d
;] X P S V ie w e r X P S - V i ew e r A v a i 1a b l e
3S :\Users\AAM H HH CTpaTop>
. 2 .4 5 . G e t - W i nd ows Fea tur e
, , ,
Web Server (IIS ). ,
.
F T P -, ,
. 2.45, (
A v a i l a b l e () ).
N a m e ( ), . F T P Server
W e b - F t p - S e r v e r , I n s t a l l - W i n d o w s F e a t u r e :
PS :\Users\Administrator> Install-WindowsFeature -Name Web-Ftp-Server -Restart
Success Rest art Nee ded Exit Code Feature Result
True No Success {Web-Ftp-Server, W e b - F t p - S e r v i c e }

PS :\Users\Administrator>
, ? ,

. , , , ,
, .
,
. ,
- r e s t a r t .
94 2
. PowerShell
Get-WindowsFeature; . 2.46:
PS : \Users\Administrator> Get -WindowsFeature
Windows PowerShell I I 13 l* 1]
[X ] R eq uest F i l t e r i n g W e b - F ilt e r in g In s t a lle d
[ ] B a s ic A u t h e n t ic a t io n W e b - B a s ic - A u th A v a i 1a b le
[ ] C e n t r a l iz e d S S L C e r t i f i c a t e S u p p o rt W e b - C e rtP ro v i d e r A v a i 1a b le
[ ] C l i e n t C e r t i f i c a t e M a p p in g A u t h e n t i c . . . W e b - C li e n t- A u th A v a i 1a b le
[ ] D ig e s t A u t h e n t i c a t i o n W eb-D i g e s t - A u t h A v a i 1a b le
[ ] I I S C l i e n t C e r t i f i c a t e M ap p in g A u t h e . . W e b - C e rt- A u th A v a i 1a b le
[ ] I P and Dom ain R e s t r i c t i o n s W e b - I P - S e c u r it y A v a i 1a b le
[ ] URL A u t h o r i z a t i o n W e b - U rl- A u th A v a i 1a b le
[ ] W ind ow s A u t h e n t i c a t i o n Web-Wi ndow s-Au th A v a i 1a b le
[ ] A p p l i c a t i o n D e v e lo p m e n t Web-App-Dev A v a i 1a b le
] .N E T E x t e n s i b i l i t y 3 .5 W e b - N e t- E x t A v a i 1a b le
' ] .N E T E x t e n s i b i l i t y 4 .5 W e b - N et- Ex t4 5 A v a i 1a b le
] A p p lic a t io n I n i t i a l i z a t i o n W e b - A p p ln it A v a i 1a b le
] A SP Web-ASP A v a i 1a b le
' ] A S P .N E T 3 .5 W eb-A sp-N et A v a i 1a b le
] A S P .N E T 4 .5 W eb-Asp-N et45 A v a i 1a b le
: ] cgi W eb-CG I A v a i 1a b le
] I S A P I E x t e n s io n s W e b - IS A P I- E x t A v a i 1a b le
; ] IS A P I F ilt e r s W e b - IS A P I- F iIte r A v a i 1a b le
] S e r v e r S id e In c lu d e s W e b - In c lu d e s A v a i 1a b le
' ] W ebSo cket P ro to c o l W e b - W e b So c k e ts A v a i 1a b le
[ ] FTP S e rv e r W e b - F tp - S e r v e r A v a i 1a b le
[ ] FTP S e r v ic e W e b - F tp - S e rv i ce A v a i 1a b le
[ ] FTP E x t e n s ib ilit y W e b - F tp - E x t A v a i 1a b le
[ X ] M anagem ent T o o ls W eb-M gm t-Tools In s t a lle d
[ X ] I I S M anagem ent C o n s o le W e b-M gm t-C onsole In s t a lle d
[ ] I I S 6 M anagem ent C o m p a t i b i l i t y Web-Mgmt-Compat A v a i 1a b le
I I S 6 M eta b a se C o m p a t ib ilit y W e b - M etab as e A v a i 1a b le
' I I S 6 M anagem ent C o n s o le W e b - Lg cy -M g m t-C o n so le A v a i 1a b le
| I I S 6 S c r i p t i n g T o o ls W e b - L g c y - S c r i p t i ng A v a i 1a b le
I I S 6 WMI C o m p a t i b i l i t y Web-WMI A v a i 1a b le
[ ] I I S M anagem ent S c r i p t s an d T o o ls W e b - S c r i p t i n g - T o o ls A v a i 1a b le
[ ] M anagem ent S e r v i c e W e b - M g m t- Se rvi c e A v a i 1a b le
[ ] W ind ow s D e p lo y m e n t S e r v i c e s WDS A v a i 1a b le
[ ] D e p lo y m e n t S e r v e r W D S-D ep loym en t A v a i 1a b le
[ ] T ra n s p o rt S e rv e r W D S- Tran spo rt A v a i 1a b le
[ ] W ind ow s S e r v e r E s s e n t i a l s E x p e r ie n c e S e rv e r E s s e n t i a ls R o le A v a i 1a b le
" ] W ind ow s S e r v e r U p d a te S e r v i c e s U p d a t e S e r v ic e s A v a i 1a b le
[ ] W ID D a t a b a s e U p d a t e S e r v i c e s - W i dDB A v a i 1a b le
[ 3 WSUS S e r v i c e s U p d a te S e rv i c e s - S e r v i ces A v a i 1a b le
[ 3 D a ta b a s e U p d a t e S e r v i c e s- D B A v a i 1a b le
] .N E T F ram e w o rk 3 .5 F e a t u r e s N E T - F r a m e w o r k - F e a tu r e s A v a i 1a b le
[ ] .N E T F ram e w o rk 3 .5 ( i n c l u d e s .N E T 2 . 0 an d 3 . 0 ) N E T - F ram ew o rk - C o re Removed
[ 3 HTTP A c t i v a t i o n N E T - H T T P - A c ti v a t i on A v a i 1a b le
[ 3 Non-HTTP A c t i v a t i o n N ET - N o n - H T T P - A c ti v A v a i 1a b le
[X ] .N E T F ram e w o rk 4 .5 F e a t u r e s N E T - F r a m e w o r k - 4 5 - F e a ... In s t a lle d
[ X ] .N E T F ra m e w o rk 4 .5 N ET - F ram ew o rk - 4 5 - C o re In s t a lle d
[ 3 A S P .N E T 4 .5 N ET -Fram ew ork -4 5 -A SPN ET A v a i 1a b le
[ X ] WCF S e r v i c e s N E T - W C F - S e rv i c e s4 5 In s t a lle d
[ ] HTTP A c t i v a t i o n N ET -W C F-H T TP- A cti v a t . . . A v a i 1a b le
. 2 .4 6 .
X, ,
. ,
F T P Server. , ,
,
.
, ,
.
,
;
:\ I n s t a l l e d F e a t u r e s .txt:
PS : \Users\Administrator> get-windowsfeature > C:\InstalledFeatures.txt
,
.
-w hat if:
Add-WindowsFeature Name -whatif
, F i l e - S e r v i c e s
FS-Resource-Manager, , ,
:
W in d o w s S e r v e r 2 0 1 2 R2 95
PS :\Us ers\Administrator> add-win dow sfs atu re File-Services,
FS-Sesource-Manager -whatif
What if: Checking if running in 'Whatif' Mode.
, : Whatif.
What if: Performing ope ration "Add-WindowsFeature"
on Tar get ''[File Services] File Server Resource Manager".
, : Add-WindcwsFeature
[File Services] File Server Resource Manager.
What if: Performing operation "Add-WindowsFeature"
on Target "[File Services] File Server".
, : Add-WindowsFeature
[File Services] File Server.
What if: This server ma y nee d to be restarted after the
installation completes.
, :
.
Success Restart Needed Exit Code Feature Result
True Maybe Success {}
- w h a t i f , .
, ? .
, .
,
.
PowerShell
, ,
.
. PowerShell,

,
Microsoft (Microsoft System Center Configuration Manager).
PowerShell.
.

, , .
PowerShell :
PS :\U sers\Administrator> get-executionpo.licy
Restricted

,
. PowerShell.
, ,
:
PS : \Users\Adjninistrator> set-execu tio npo lic y unrestricted
Execution Policy Change
96 2
The execution pol icy helps protect you from scripts that you do not
trust. Changing the execution po lic y mig ht expose you to the security
risks described in the a bout_Executi on_ Pol ici es hel p topic.
Do you want to change the execution policy?
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y") : Y

, .
,
about_Execution_Policies .
?
[] [N] [S] [?] ( ):
, ,
G e t - E x e c u t i o n P o l i c y :
PS :\Users\Administrator> get-ex ecu tio npo lic y
Unrestricted
He
. ,
,
R e s t r i c t e d ().
, PowerShell.
, ,
. .

X M L -.
, ,
(Remote Desktop Services),
( ).
Export configuration settings ( ),
(. 2.47).
Add Roles and Features W izard
DESTINATION SERVER
Confirm installation selections WIN-NB3CGBS22GJ
To install the following roles, role sen/ices, or features on selected server, click Install.
Before You Begin
Installation Type I I Restart the destination server automatically if required
Server Selection Optional features (such as administration tools) might be displayed on this page because they have
been selected automatically. If you do not want to install these optional features, click Previous to clear
Server Roles
their check boxes.
Remote Desktop Services Media Foundation

Network Policy and Access Services
Role Services
Network Policy Server
=
Network Policy and Acces...
Remote Desktop Services
Role Services
Remote Desktop Gateway
Remote Desktop Licensing
Remote Desktop Session Host
Remote Server Administration Tools

Role Administration Tools
Network Policy and Access Services Tools
Export configuration settings

Specify an alternate source path
Previous ] | Next > | | Install | ] Cancel |
. 2.47. XML-
W in d o w s S e r v e r 2 0 1 2 R 2 97
R e m o t e D e s k t o p C o n f i g .x m l
. ,
Internet Explorer. . 2.48 . ,
, . Install ()!
<?xml version="1.0?>
- <0bjs xmlns="h ttp ://sch e m as.m icro so ft.co m /p o w e rsh ell/2 0 0 4 /0 4 " Version= 1.1.0.1">
- <Obj Refld=0">
- <TN Refld="0">
< T> System .Collections.O b jectM odel.Collection' 1 [[Sy ste m .M an ag em en t.A u to m atio n .PS O b je ct, System .M an ag em ent.A u to m atio n,
Version= 3.0.0.0, Cultu re= neutral, PublicKeyToken=31bf3856ad364e35]]</T>
<T>System.Object</T>
< {T N >
- <LST>
- <0bj Refld= "l">
- <TN R efld= "l">
< T> M icroso ft.M an ag e m e n t.Infrastru cture .C im In stance # RO O T /M icrosoft/W ind ow s/Se rverM an ag e r/Se rve rC om pon en t_N PA S< /T >
< T > M icro so ft.M an ag e m e n t.In frastru ctu re .C im In stan ce # R O O T /M icro so ft/W in d o w s/Se rverM an ag e r/M SF T _ServerM an ag erSe rverC o m p o
< T> M icroso ft.M an ag em en t.Infrastru cture.C im In stance# ServerC om pon ent_N PA S< /T >
<T> M icrosoft. M anagem ent. In fra s tru c tu re . Cim In stance # M S FT _Se rverM an ag erSe rve rC om p on en tD escrip tor< /T >
<T>Microsoft. M an ag em ent. In fra s tru c tu re . Cim lnstance< /T >
<T >Sy s tem .0 bject</T >
</TN>
< ToString>ServerCom ponent_NPAS</ToString>
- <Props>
<S N= "PSCom pu terN am e"> W IN -N B3 CG BS2 2G J< /S>
</Props>
- <MS>
<132 N= "Numericld">14</132>
- <Obj Refld="2" N="__ C lassM etadata">
- <TN Refld="2 >
< T> System .Collections. ArrayList</T>
<T>System .Object</T >
</TN>
- <LST>
- <Obj Refld="3">
- <MS>
<S N= "ClassN am e"> M SFT_ServerM an ag erServerCom pon en tD escrip to r< /S>
<S N= "Nam espace"> R O O T /M icrosoft/W ind ow s/ServerM an ag er< /S>
<S N= "ServerN am e"> W IN -N B3C G BS22 G J< /S>
<132 N="Hash">-1405203752</I32>
<S N= "M iXm l"> < CLASS N A M E = " M S F T _ S e rv e rM a n a g e rS e rv e rC o m p o n e n tD e s c rip to r"x Q U A L IF IE R N A M E= "dyn am ic"
T Y P E= "b o o le a n "> < V A L U E > tru e < / V A L U E > < / Q U A LIF IE R > < Q U A L IF IE R N A M E = "lo c ale" T Y P E = "s in t3 2 "
T O SU B C LA S S = "fa ls e "> < V A LU E > 1 0 3 3 < / V A L U E > < / Q U A LIF IE R > < Q U A L IF IE R N A M E = "p ro vid e r"
T Y P E = "s trin g x V A L U E > d e p lo y m e n t p r o v id e r < / V A L U E x / Q U A L IF IE R x / C L A S S x / S >
</MS>
</Obj>
- <Obj Refld="4 >
. 2 .4 8 . XML-
, Remote Desktop Services

. PowerShell,
PowerShell ,
Run as Administrator ( ).
PowerShell :
function Invoke -Wi ndo wsF eat ure Bat chD epl oym en t (
pa r a m (
[ pa ram ete r(mandatory)]
[string[]] $ComputerNames,
[p ara meter(mandatory)]
[string] $Co nfi gurationFilePath
)
# .
$ jobs = 0 ()
f or eac h($ ComputerName in $ C o m p u t e r N a m e s ) {
$jobs + = Start-Job -Command (
Install-Windo wsF eat ure -Configuratio nFi leP ath
$ u s i n g :Confi gur ati onF ile Pat h - ComputerName $ u s i n g :ComputerName -Restart
}
}
Receive-Job -Job $jobs -Wait I Select-Object Success,
RestartNeeded, ExitCode, FeatureResult
98 2
,
Remote Desktop Services,
. , ,
:

SServerNames = 1T e s t S e r v e r _ 0 1 ', 1L a b S e r v e r _ 0 2 1
Invo ke- WindowsFeatureBatchDeployment -ComputerNames
$ServerNames -Configurat ion Fil ePa th C:\ RemoteDesktopConfig.xml
,
.
T e s t S e r v e r _ C l L a b Se rve r_0 2, .
, , :
$ServerNames = 'T e s t S e r v e r _ 0 1', 1 L a b S e r v e r _ 0 2 ', 1 L a b S e r v e r _ 0 3 ',
' LabServer_04'

X M L -:
-ConfigurationFilePath : \ Rem ote D e s k t o p C o n f i g .xml
<Enter> .
.
:
PS :\Users\Administrator> Ge t-W indowsFeature
,
X. N a m e ().
. ,
, :
PS : \Users\Administrator> get-windowsfeature RSAT-RDS-Tools
Display Name Name Install State
[X] Remote Desktop Services Tools RSAT-RDS-Tools Installed

, PowerShell
, . R e m o v e - W i n d o w s F e a t u r e
I n s t a l l - W i n d o w s F e a t u r e :
Remove-WindowsFeature <Role>, <F.oleService>, <Feature> -restart -whatif
, .
, , .
, .
- r e s t a r t
, .
- w h a t i f .
W in d o w s S e r v e r 2 0 1 2 R 2 99
F T P-
:
PS :\Users\Administrator> re mov e-w indowsfeature W eb- Ftp-Server -whatif
What if: Continue with removal?
, : ?
What if: Performing u ninstallation for "[Web Server (IIS)] FTP Server".
, : [Web Server (IIS) ] FTP Server.
What if: Performing uninstal lat ion for "[Web Server (IIS)] FTP Service".
, : [Meb Server (IIS) ] FTP Service.
What if: The target server m a y need to be restarted after the removal
completes .
, :
.
Success Restart Need ed Exit Code Feature Result
True Ma ybe Success <FTP Server, FTP Service)
, -whatif:
PS :\Users\Administrator> r emo ve- win dowsfeature W eb-Ftp-Server
Success Restart Needed Exit C o d e Feature Result
True Yes SuccessRest.. . (FTP Server, FTP Service)

WARNING: You must restart this server to finish the removal process.
:
.
.
, :
PS :\Users\Administrator> remove-windowsfeature Web-Ftp-Server -restart
. ,
. Select server roles (
), Next, .
,
, .

, IT,
.
.
. ,
.
.
. 2.49 , results (
(Best Practices Analyzer )) D N S .
.
DNS ,
, .
.
100 2
S e rv e rs ().
(. 2.50).
. (. 2.51),
.
, ,
. ,
- .
E vents (). ,
.
, .
, DNS.
.
(. 2.52).
S e rv ic e s (). ,
, . Local
Server ( ), ,
. ,
(. 2.53).
Best Practices Analyzer ( ).
:
Security ()
Performance ()
Configuration ()
Policy ()
Operation ()
Pre-Deployment ()
Post-Deployment ()
Prerequisites ( )
Server Manager I - 161 1 I
File and Storage

I US
Services
( t ) Manageability (*) Manageability
Performance Services
BPA results

. 2.49.
W in d o w s S e r v e r 2012 R2
SERVERS
|| All servers 11 total | TASKS |
Filter p
Server Name IPv4 Address Manageability Last Update Windows Activation
LABSERVER 192.168.146.128 Online - Performance counters not started 8/10/2015 1:24:40 PM Not activated
. 2.50. Servers
Server Manager i - 1< i x i
(? ) ,r Server Manager IIS * (5 ) | | jg Manage Tools View Help
S Dashboard
Local Server
Filter P (| )
i All Servers
S File and Storage Services Server Name IPv4 Address Manageability
Group by
LABSERVER 192.168.146.128 Online -Performancecounters
Sewer Name
' NAP
Manage As
) Remote Desktop Services t
IPv4 Address
IPv6 Address
FQDN
Manageability
Description
Operating System Vi
Type
EVENTS
Last Update
All events 10 total
Filter P () Memory (MB)

Cluster Name
Server Name ID Severity Source Log Date and Time Availability Type
Cluster Role
Windows Activation
SKU
Operating System Architecti
Manufacturer
Windows Error Reporting
. 2.51.
EVENTS _________
All events [ 2 total I TASKS I
Filter P () (h) @
Server Name ID Severity Source
LABSERVER 102 Warning Microsoft-Windows-TerminalServices-Gateway Microsoft-Windows-TerminalServices-Gateway/Operation-
LABSERVER 402 Warning Microsoft-Windows-TerminalServices-Gateway Microsoft-Windows-TerminalServices-Gateway/Operationa
The Remote Desktop Gateway service requires a valid Secure Sockets Layer (SSL) certificate to accept connections. Ensure that you have
obtained a valid SSL certificate, and then bind (map) the certificate by using RD Gateway Manager. For more information, see Obtain a
certificate for the RD Gateway server" in the RD Gateway Help. The following error occurred: 259
. 2.52. Events
102 2
SER V IC E S
All services 1147 total I TASKS
Fitter r>
Server Name Display Name Service Name Status Start Type
LABSERVER Multimedia Class Scheduler MMCSS Stopped Manual

LABSERVER Link-Layer Topology Discovery Mapper lltdsvc Stopped Manual
LABSERVER Remote Desktop Services UserMode Port Redirector UmRdpService Running Manual
LABSERVER Windows Remote Management (WS-Management) WinRM Running Automatic

LABSERVER Smart Card Removal Policy SCPolicySvc Stopped Manual
LABSERVER System Events Broker SystemEventsBroker Running Automatic (Triggered)
LABSERVER Extensible Authentication Protocol Eaphost Stopped Manual V
. 2.53. Services
. Tasks ()
Best Practices Analyzer , . 2.54.
BEST PRACTICES ANALYZER

Warnings or Errors | 0 of 0 total
Start BPA Scan

Filter P
Refresh
Filter applied. X Clear All
Server Name Severity Title Category
N o matches found.
. 2.54. Best Practices Analyzer

,
(. 2.55).
B E S T P R A C T IC E S A N A L Y Z E R
Warnings or Errors 110 of 50 total I TASKS VI
p - <S) -
Server Name Severity Title
LABSERVER Warning DNS: EthernetO should have static IPv4 settings
LABSERVER Error The license server must be activated before you can install RDS CALs onto the license server
LABSERVER Error The RD Gateway server must have at least one RD CAP enabled
LABSERVER Error The RD Gateway server must be configured to use a valid SSL certificate
~<
T --- 1~
Problem:
EthernetO has dynamically assigned Internet Protocol version 4 (IPv4) addresses.
Impact:
Dynamic IP addresses can change, preventing clients from locating server resources.
More information about this best practice and detailed resolution procedures
. 2.55.
W in d o w s S e r v e r 2012 R2 103
. Events,
(. 2.56).
BE S T P R A C T IC E S A N A L Y Z E R ____________
Warnings or Errors 110 of 50 total | TASKS \
Filter P (H ) t
Server Name Severity Title
LABSERVER Warning DNS: EthernetO should have static IPv4 settings I

LABSERVER Error The license server must be activated before you can install RDS CALs onto the license server 5
LABSERVER Error The RD Gateway server must have at least one RD CAP enabled
LABSERVER Error The RD Gateway server must be configured to use a valid SSL certificate
... I >|
Problem:
EthernetO has dynamically assigned Internet Protocol version 4 (IPv4) addresses.
=
Impact:
Dynamic IP addresses can change, preventing clients from locating server resources,
More information about this best practice and detailed resolution procedures
. 2.56. Best Practices Analyzer

.
.
Performance ().
(. 2.57).
.
.
Configure Performance Alerts (
)
, (. 2.58).
Roles And Features ( ).
, . . 2.59
Roles And Features Web Server (IIS),
, I IS.
PER FO R M AN CE ____________
All results 11 total | Last 24 hours | TASKS [
CPU Usage
2 pm 4 pm 6 pm 8 pm 10 pm 12 am 2 am 4 am 6 am 8 am 10 am 12 pm
Available Memory
Filter P (g) -
Server Name Counter Status CPU Alert Count Memory Alert Count First Occurrence Last Occurrence
LABSERVER Off
. 2.57. Performance
2
Local Server: Configure Performance Alerts I ~ I II x
Set Performance Alert Thresholds

After you change thresholds and click Save, updated data is displayed for this group or role.
CPU (% usage) 85
Memory (M B available) 2
Set Performance Graph Display Period

The performance graph area for this role or server group displays performance data for the number of days
specified in the Graph display period setting. Lower values show a shorter graph.
Graph display period (days) | |
[ Save | Cancel |
. 2.58. ,
ROLES A N D FEATURES
All roles and features | 57 total TASKS r
Filter p
Server Name Name Type Path
LABSERVER Web Server (IIS) Role Web Server (IIS)

LABSERVER Remote Desktop Services Role Remote Desktop Services
LABSERVER Remote Desktop Session Host Role Service Remote Desktop ServicesXRemote Desktop Session Host
LABSERVER Remote Desktop Licensing Role Service Remote Desktop ServicesXRemote Desktop Licensing
LABSERVER Remote Desktop Gateway Role Service Remote Desktop ServicesXRemote Desktop Gateway
LABSERVER RPC over HTTP Proxy Feature RPC over HTTP Proxy
LABSERVER Remote Server Administration Tools Feature Remote Server Administration Tools V
. 2.59. R o le s And F e a tu re s

, .

, servermanagercmd Microsoft,

PowerShell .
,
, Best Practices Analyzer.
, Active
Directory.
Active Directory
:
. 7,
, Active Directory (A D ) .
AD,
; A D 7.
W in d o w s S e r v e r 2 0 1 2 R 2 105
Active Directory:
, Windows Server
Active
Directory. , ..
.
,
.
Active Directory
Active Directory (Active Directory Domain Services A D DS)
, .
,
A D DS.
, .
Active Directory
Active Directory ?
.
Windows Server 2008 R2 Active Directory,
, ,
. Active
Directory (Active Directory Recycle Bin)
.
,
Active Directory ,
. , ..
.

,
Active Directory, :
? . Microsoft :
. ,
, .
,
,
.
, , ,
Microsoft,
(
) - ,
.

; ,
, .
106 2

.
Active Directory (Active Directory Administrative Center),
.

- .
A D D S? ,

AD DS.

. ,

A D DS. PowerShell,
,
, IP - D N S -. ,
.

AD DS
:
(Dynamic Access Control);
(DirectAccess Offline Domain
Join);
Active Directory (Active Directory Federation Services AD FS);
Windows PowerShell (Windows PowerShell
History Viewer);
Active Directory;
Active Directory (Active Directory Replication and
Topology);
Windows PowerShell;
Active Directory (Active Directory Based Activation AD BA);
(Group Managed Service Account
gMSA).
Windows PowerShell
,
PowerShell. PowerShell Windows
Server ,
PowerShell.
- , ,
,
W in d o w s S e r v e r 2 0 1 2 R 2 107
(
). DOS? , PowerShell
DOS.
PowerShell, .
Windows PowerShell PowerShell
.
, Active Directory Administration Center
. Windows
PowerShell Active Directory.
.
AD CS
,
Active Directory (Active Directory Certificate
Services A D CS). , ,
A D CS.
.
,
.
, .

A D CS
. ,
, A D CS
.
, .
.
Windows PowerShell
AD CS PowerShell,

PowerShell . ,
AD CS .
Ins t 11-AdcsCe t i f i cat ionAuthor i ty.
Certification Authority ( ).
Install-AdcsEnrollmentPolicyWebService.
Certificate Enrollment Policy Web Service (-
).
Install-AdcsEnrollmentWebService. Certificate
Enrollment Web Service (- ).
Install-AdcsNetworkDeviceEnrollmentService.
Network Device Enrollment ( ).
Install-AdcsOnlineResponder. Online Responder
( ).
108 2
Install-AdcsWebEnrollment. Certification
Authority Web Enrollment (- ).
Uninstall-AdcsCertificationAuthori.ty. Certification
Authority.
Uninstall-AdcsEnrollmentPolicyWebService.
Certificate Enrollment Policy Web Service.
Uninstall-AdcsEnrollmentWebService. Certificate
Enrollment Web Service.
Uninstall-AdcsNetworkDeviceEnrollmentService.
Network Device Enrollment.
Uninstall-AdcsOnlineResponder. Online Responder.
Ur.install-AdcsWebEnrollment. Certification Authority
Wfeb Enrollment.
Active Directory Rights Management Services

AD R M S (Active Directory Rights Management Services
Active Directory)
. A D R M S
, . , .
AD RMS, SQL Server

Windows Server AD R M S
SQ L Server, AD RM S,
. ,
SQ L Server
. SQL Server AD R M S .
, AD R M S,
the SQ L Server.
SQ L Server,
AD R M S S Q L Server.
AD RMS Windows PowerShell

AD R M S Windows Server
, AD R M S ,
. ,
A D RM S,
.
Windows PowerShell AD RMS

,
Windows PowerShell ,
AD RM S. ,
.
W in d o w s S e r v e r 2 0 1 2 R2 109
Add-WindowsFeature ADRMS -IncludeAllSubFeature -IncludeManagementTools.
A D R M S.
, AD RMS.
Add-WindowsFeature ADRMS-Server.
AD R M S Server. ,
AD RM S.
Add-WindowsFeature ADRMS-Identity.
AD RM S. ,
A D R M S A D FS.
Active Directory
Active Directory
. Active Directory 32- Windows
Server 2008 Active Directory Windows Server 20I2 R2 ,
Windows Server 2008 R2 Windows
Server 2012 R2, .. 64-.
Active Directory Windows
Server 2008.
.
1. .
2. .
.
4. .
64-.
1. .
2. .
3. 64- Windows Server 2012 R2.
, 32-
64- .
1. .
2. .
3. Windows Server 2012 R2.
.
Windows.
5. .
.
, ,
adprep. ,
Schema Admins ( ), Enterprise Admins (
110 2
) Domain Admins ( ) ,
F SM O (Flexible Single Master Operations
) Schema Master ( ).
,
Windows Server 2008. ,
.
.
,
(Group Policy Management console).
Active Directory Windows Server 2012 R2
. ,
.
Active Directory,
, , .
/, ,
Active Directory. ,
, .
.
Active Directory
, . ,
7.

, , .
, ? , .

Windows Server 20I2 R2,
.
. , Windows Deployment
Services, Windows Server, Service
Pack 2 Windows Server 2003,
Microsoft Deployment Toolkit 20I2. , -
.
, .
Windows
. ,
. ,
, .
.
Windows 8 Windows Server 2012 R2 ,
,
.. ,
, .
,
W in d o w s S e r v e r 2 0 1 2 R2 111
? -
.
,
. ,
Windows.
Setup Manager ( )
, Notepad.
Windows Vista . Windows Vista
Windows (Windows Automated Installation
Kit W A IK ), , Windows
Server 2008, Windows 7 Windows Server 2008 R2. Windows Server 2012 R2
Windows Assessment and Deployment Kit (
Windows), Windows A D K . A D K
,
D VD-. Windows ,
Windows, ,
. ,
Windows (Windows System Image Manager
W SIM ), Setup Manager
Windows 8 Windows Server 2012 R2.
,
. .
Setup Manager
.
Notepad. W S IM
X M L -. ! : X M L ! .
X M L ,
. WS1M , .
- Notepad
X M L -. ,
.
. , A D K , WS1M
.
, ( ),
, Windows 8.
Windows Assessment and Deployment Kit

, ,
. ,
Windows Server 2012 R2 Standard. .
,
Windows System Image Manager
Windows Server .
112 2
A D K ,
- Microsoft. U R L , ..
Microsoft
. w w w .microsof t ./downloads
Windows ADK.
AD K.
,
.
, A D K ,
.
, , .
,
.
ADK, W in d o w s 8
5,1
. ADK,
Windows 8 Microsoft ADK,
, .
, ,
,
. , ,
-
A D K W S IM , ,
.
,
. , .
, , , .
,
.
ISO, , ..
.
,
.
, Windows Vista
. .N ET
Framework 4.0 ( ).
Windows ,
ADK, adksetup.exe.
(. 2.60).

Next (), .

Microsoft (Microsoft Customer Experience
Improvement Program C E IP ), . 2.61.
W in d o w s S e r v e r 2012 R2 113
.
Accept (), ,
A D K Microsoft (. 2.62).
Assessment and Deployment Kit
J o in th e C u s to m e r E x p e rie n c e Im p r o v e m e n t P ro g ra m (C EIP)
The Customer Experience Improvement Program (CEIP) collects a n d sends anonymous usage data to Microsoft
about how our customers use Microsoft programs and about seme of the problems th ey encounter. Microsoft
uses this information to improve the products and features. Participation in th e program voluntary, and the
end results are software improvements to tetter meet the needs of our customers. N o code or software
produced by you wfl! be collected.
Tell me more about the program
Yes
) No
Privacy Statement
31
. 2.61. ADK
114 2
Licen se A g reem ent

You must accept the terms o f this agreement to continue. If you do not accept the Microsoft Software License
Terms, click Decline.
M ICROSOFT SOFTW ARE LICENSE TER M S
M ICRO SOFT W IN D O W S KITS
Below are separate sets o f L ice nse Term s. Only one se t a p p lie s to y ou. T o determ in e which
Lice n se Term s apply to you scroll to th e k it n am e y ou a re a ttem pting to d ow n lo ad . T h e
Liaense T e rm s are listed In the follow ing order
Microsoft Windows Assessment and Deployment Kit
Microsoft Windows Driver Kit
Microsoft Windows Hardware Certification Kit
Microsoft Windows Software Development Kit for Windows 8
T h e License T e rm s fo r each individual kit ap ply to y ou r u se o f th a t sp e c ific kit.
. 2.62. EULA ADK

, ,
ADK. ,
ADK,
: \Program Files (86) \Windows Kits\8.0\.
ADK, ,
.
.
A D K : \ .
.
, A D K
. . . 2.63
SQ L Server Express. , SQ L
Server . ,
SQL Server Express,
(Application Compatibility Toolkit ACT).
Application Compatibility Toolkit (ACT) (
(ACT)). ,
.
Deployment Tools ( ).
,
. -
W in d o w s S e r v e r 2 0 1 2 R2 115
A D K .
,
(Deployment Image Servicing and Management D1SM),
OEM (O E M Activation) Windows (Windows System
1mage Manager), .
Windows Preinstallation Environment (Windows PE) (
Windows (Windows P E)). ,
.
.
User State Migration Tool (USMT) (
(U S M T )). U S M T
.
, .
Volume Activation Management Tool (VAMT) (
(VAM T)). VAM T
.
Windows Performance Toolkit (
Windows). ,
,
. ,

Windows (Event Tracing for Windows ETW ).
SQ LServer Express ( SQ L Server Express). SQ L
Server Express S Q L Server,
ACT, ,
.
*1
Select the features you want to install

Cbck a feature nam # fo r m o rt information.
Apptcabo* CorrpafcWfy Tooflot (ACT) Application Compatibility Toolkit (ACT)

*>*< Toob Si:: 24.4 MB
p Wndovis PrenstaBaftx>n Environment (Wndows PC) Toob to evaluate and negate aooâoon compabbtty sues
before deploying a new verson of Window.
User State M^rettoo Tool (USMT)
ACT requires access to a database. The database must be SQL
volume Actwabon Management Tool (VAMT) Server 2COS (or Express E4t>on) or later. You can instal SQl
P Wvtdom Performance Tootbt Server or use an tustrvj nstaBa&w.
Microsoft SQt Server 20X2 Express
Estimated disk space required: 3.1 G8

Osk space available: 19.3 G8
Back 11 Install Cancel |
. 2.63. ADK
116 2
Install (), A D K .
(. 2.64).
.
, A D K (. 2.65).
Launch the Getting Started Guide ( ).
A D K .
.
: Assessm ent and d ep lo ym en t Kit
W elcom e to the A ssessm ent and D eploym ent Kit!
Before using the Assessment and Deployment Kit, check for updates.
Launch the Getting Started Guide

Learn more about Assessment and Deployment Kit and how it can help you design and deploy Windows, and
help you build high quality experiences.
c to s e J
. 2.65. ADK
W in d o w s S e r v e r 2 0 1 2 R2 117
, Start (),
. 2.66.
S t a r t Administrator
SQL Server SQL Server Windows Windows Standard Volume

Installation Installation Performa... Performa... User Activation
Center (6... Center (6... Analyzer Recorder Analyzer... Managem...
% [ffll m a "
SQL Server Import and Windows Windows

Configure... Export Data Assessment Assessment
Manager (64-bit) Console Services -...
m i h
SQL Server Deployme... Application Compatibi...
Error and and Compatibi... Administr...
Usage... Imaging... Manager (32-bit)
S
Windows GPUView Compatibi... Standard
System Administr... User
Image... (64-bit) Analyzer
cS b ca
. 2.6 6 . ADK S ta r t

, ,
.
? X M L -,
, . -
, , -
, , .
, .
,
.
Windows 8 Windows Server 2012 R2
,
. 2.3.
. .
.
Windows .

W S IM . W S IM ,
.
, , D VD -
Windows Server 2012 R2. \sources W IM -
install, wim. ,
, , .
118 2
2.3.

windousPE Windows ,

of flineServicing Windows, ,
Speciali ze , ,
,
Generalize , .
sysprep /generalize
auditSystem .

auditUser .

oobeSystem Windows, ..

, DVD- Windows Server 20L2 R2 Standard

Full, Datacenter Full, Standard Core Datacenter Core. ,
W IM - .
W S IM .
W SIM ,
Windows,
. : Windows 8,
Windows Server 2012 R2 Standard, Windows Server 2012 R2 Datacenter ..
W IM - ,
DVD-? W S IM
, , ,
, D V D - ,
.
D V D -
Windows Server 2012 R2. \ s o u r c e s \ i n s t a l l .wim : \W2012\
install .wim .
W S IM File^Select Windows
Image ( Windows).
(. 2.67), C:\W2012\
ins tall, wim, .
, W IM -.
Windows.
Windows, . . 2.68
Standard Windows Server 2012 R2.

, .. (. 2.69).
, . Yes (),
. ,
.
W in d o w s S e r v e r 2012 R2 119

(User Account Control UAC).
(. 2.70).
.
Untitled -Windows System image Manager

Fite ftfit Invert T oob Help
:as# %a > ip
Select a Oistnbtiton Share -fc? Untitled

Cynpone-ss
Select a Windows Image
Lookn: [~j , W2012
Name Date mcdif led T ype

t& jj* l_j instalt.wim 7/26/2912 225 AM WtM Re
Recent places
Jk
Computer
File name I'm ^ I ' op* ||

Fees type [Wridows mage o'catalog fSesCwim.' clg) *] I Open Foider j
XML (0) i (P)Tco*gurationl^W1
. 2.67. Windows WSIM
Select an Image
Select an mage in the Windows image file:

Windows Server 2012 SERVERSTANDARDCORE

Windows Server 2012 SERVERDATACENTERCORE
Windows Server 2012 SERVERDATACENTER
(You mustf be an odrranratrator of the local machne to aeaJe cat afogs)
. 2.68. Windows
Windows System Image Manager
The cAJogfSe ft* Windows image Windows Serve 2012 SERVERSTANDARD carrot be opened fortne foSowng reason:
Cannot find the calstog file associated wih the W W ow s image Wndowe Server 2012 SER V ER ST AND ARD
You must have a vafcd catalog to continue. Do you wart t c/eaie a catalogue7
{You must be an adrcxntstrôr of the local machne-)
4 II No I
. 2.69.
120 2
. 2.70.
, C:\W2012
. , Windows Image ( Windows) WS1M
Components () Packages (),
. 2.71. Distribution Share (
), Windows Image,
.
File Edit Insert Tools Help
* v@ ;* ip $
Select a Distribution Share
1windowsPE
2 oWlneSetvKang
3 genera*?e
i speoeize
5 audlSyalor.
6 audtUser
_ 7 oobe System
Packages
( fe W ndowe Sgvw 2012 SERVERSTANOABP

I

. 2.71. Windows
Components, (. 2.72).
,
.
- .
.
. ,

. , ,
.
, AD K .
Windows (Unattended Windows Setup Reference)
.
W SIM .
FileoNew Answer File (^ ).
, : \W2012.
W in d o w s S e r v e r 2 0 1 2 R2 121
. 2.72. Windows
Answer File ( ), . 2.73.

.
, Windows.

.
; LHitad
i -'\ Componerts
3122222
3 2 offlineServicing
g 4 soeoaize
5.15384 g 5axaSstem
s:-y_r 3 Saudi llsw
!00 1631
9200 18
37</^>
. Packages
S38<_n,
*_netfri
sutral jg
Jle_6 2i
_oeutra|
9200 No available properties
0 16384
4_neutrt
.6384_rf_
Henentc
eotral
1536
j 134_
L2.9200"
!34jTa
116334.
Jf
B84_ne
k j.2 .9 .'
200163
6384_
PE.62.S
52 9200
(4 neutr.
es,
. 2.73.
Components Windows Image

amd64_Microsoft-Windows-Internationa1-Core-W inPE (. 2.74).
122 2
File Edit" 'Insert Unfitted - Windows System
j
Toots Help
& g B 4 % _P_ W 0 #
SeiecJ a Datobubon Share

1
.- Components -^ *
-3 1w*A**PE & Tiua
2 oBneSerAcing tj eraeftl.lteoeoa V/
Setting
3 *spcoaize
5aujttSyXem LeyedDnva
amdM.Waowrt Wndoye-4Kk>AudoCom_6 2 9200 16384_._ 1 6 m * User SystemLocale
eno^_t*3^-WrKjo-Axfc-'Jokjm^TU^_G.2 3200 16384jj
_fe
aad64_Mam> Wndowr8l.frWSBO*-War 23200 I63M
nd64_t%cro9tA Vinton BwrefSivet_6 2.9200 16384_
3 7oobeS>ton
&** UlLanjpege
F-
lleertjKJ*!
amd64_MKrotoft WnJowa-Deplcymvit .6 2 9200 16334_neiiral j
eriKlM.Micfwoft Wndene UaeCpl_6 2.9200.165S4_neuual
amdMJAcrosiVl VVridaw-Duk-FaAn-Diagno*ic ModJe.6 2 920
*-nd^_McWlV.Tn<tov0US-aer_6 2.9200.16384_riejtrai
*nd64JAaoeoft Wndow ErtWTK-MSo.^ Mm_6i 9200 163$
4_1 WirxJowi&orfkioortnoCore.629200.16384j*j
ift4_fcteioMft-WmteraTa*-Service_6 2 9200 I6384ji/tnri
ar>dW_ WindowHeb.VidSupport_62 920016384jm tt
> WhdonE ESC_1tt0 9200 16384.near*

f^_^taowflWo*w-!E-Her<E*ptofer_m 0 9200 16384j
^64,Wcrooft-Wnao^lT>w^(twndCcre,6.2920016364_neu
amd64>CToec-Wlndora LUA SettlrKj_6 29200.lSi4_oeUrai

_62 9200 16384jm i
_*+_6192001S3S4jmAn*
amd64_Mcra*oft-Wndoi"-fielY)rt(BhdBe_6^ S200 l6384_neUia'
amd64_Mcroaoh-Wio(ti>w-Welwo(ktDodBaletcingCoie_ 2.9200
and?4_Mc(otoft-VVido*.x-&j|0(B<M&peo*rice_fi 2 3200 16384J
' ama.Wcn^-WnrtowPartlEiiM*aoer_6 2 9200 16384_neul
andS4_Mcrosc*t-Wrrytom-?nc>Oaloirareiore.Nor'iVnPE.6 2 320
er^>fcr^-Wr*toTOPr4)CôMietor,sWnPfc_6 2 9200 16! ! 1 VeManon (0i Set .
**4_/-Window* Pnp5*_6 2.9200.16384_n*ulral
Oejcnptxx-i Location
1
amdM.Htoi^-WlndcnwisywrejjiJ2 9200 163M_neutial
w)dW_Micn)ift-Wndow-Plng-Seooter-Core_6 2 9200.16384j
*_** WndoaSY_6 2 9200 16384.ne-.Ml
3 *Td4_ltcfooft-Wndow*-P*rce>BMtanca-&ce_62 3200 163
S rotf*. Ur^^TdSfinrtb-SP.P_K2_43l JS.'?aLnlJhal^
. 2.74.

Windows. ,
.
.
Add Setting to Passl windowsPE (
1 windowsPE).
, ,
Answer File 1 windowsPE (. 2.75). ,
.
. 2.75.
W in d o w s S e r v e r 2 0 1 2 R2 123
, ,
, ,
.
<F1>.
. :

1 amd64 Microsoft-Windows-International-Core\ InputLocale en-us
SetupUILanguage
UserLocale en-us
UILanguage en-us
SystemLocale en-us
UILanguage en-us
US English (. . 2.75).
<F1>
. , UILanguage
SetupUILanguage.
. (,
, .)

1 AMD64 Microsoft-Windows-Setup\ DiskID 0
DiskConfiguration\Disk
WillWipeDisk True
Disk, 1,
Disk. .
, Microsoft Disk 0 . ,
, .
Disk Answer File.
, CreatePartitions ModifyPartitions.
Insert
New ( ). Disk 0
:
-

1 AMD64_Microsoft-Windows-Setup\ Extend True
DiskConfiguration\Disk\CreatePartitions\
CreatePartition
Order 1
Type Primary
124 2
Windows Installer
, D i s k 0.
Order I ,
.
D i s k 0 ,
E x t e n d T r u e S i z e
1 , , 40 960 40 .
S i z e E x t e n d T r u e , ..
.

AMD64_Microsoft-Windows- Active True
Setup\DiskConfiguraCion\Disk\
CreatePartitions\ModifyPartiticn
Format NTFS
Label Windows
Letter
Order 1
PartitionsID 1
Order.
, .
1 P a r t i t i o n s I D . Microsoft 1
; 0 .
A c t i v e T r u e ,
. F o r m a t N T F S
N T FS, L a b e l W i n d o w s ,
L e t t e r .
. ,
, .
, ADK.

AMD64_Microsoft-Windows-Setup\ Ke y /IMAGE/NAME
InstallImage\OSImage\InstallFrom\
Metadata
Value Windows Server 2012
SERVERSTANDARD

,
Windows D V D -
. , , ; -
W in d o w s S e r v e r 2 0 1 2 R2 125
. A D K ,
. ,
. ,
install .wim.
, Deployment and Imaging Tools Environment
(command prompt) (
( )), A D K Start
. :
IMAGEX /info C:\W2012\IN STA LL. WIM
IMAGEX A D K , W IM -.
:
I M A G E X .EXE /info < - >
Windows Server
2012 R2 64 (. 2.76).
<Xlf1AGE>
<IMAGE IN D EX= "2 >
<DIRCOUNT>16SM6</DIRCOUNT >
<FILECOUNT >70?90</FILECOUNT >
<TOTALBYTES>12002145363</T0TALBYTES>
<IIfiKDLl NKDVTES>395S2Sl398</HflRDLI NKHYT ES>
<CREAT10NTIHE>
<HIGHPART>0x01CD6B0E</H1GHPflHT>
<L0WPART >0x37265FF0</LOWl>ART>
</CREATI OMT IME>
<LRl?Tf10DI F I COT IONTIHE>
<HlGHPART>0x01CDbB0E</HIGHPART>
<LOWPA RT >0x4D?C2B84<xLOWPnRT >
<xLASTMODI F I CAT I ON TI HI* >
<M1NDOMS >
<ARCH >9</"ARCH >
<PR0DJCTNAME>Hi*:ro8*fti' W indowsr O p e r a t in g Syster</TRODIICTNAHE>
<EDI T IOH I D>Sci*u4:i*Stanilat,lEval< /'ED I T I ONI D>
<IN STALLAT I O NTYPE>Seruet <Xl NSTALLATI 0HTYPE>
<SERUICIHGDATA>
<PKEYCONFI GUERSI0N>6 .2 .9 2 0 0 .1 6 3 8 4 ;2 0 1 2 ~ 0 ?- 2 5 T 2 0 :2 5 : 59Z</'PKEYCONFIGUERSIO
>
</SEKUICINGDATA>
< H A I> < * i:p i,J iiic < / H A L >
<IRODIICTTV J*E> Sr v e r NT </TRODUCTTY FE>
< PRO D UCTSUITE> Tt:rninnl Sm*ve*</'PRODUCTSUI TE>
<LANGUAGES>
<I.ANGUAGL>en-US</LANGIJAGE>
<DEFI1IILT >en-IJS</'DEFAULT >
</LANGUAGES >
<UERSI0H>
<HAJOR>6</MAJOR>
<HTNOR>2</HINOR>
<UU I LD>9200</1)U I LD>
<SPBUI I.D>lf*384</'SPBUILD>
<s p l e u e l >m </s p l e u i :l >
</'UERS I0N>
<SYSTEHROOT >VHNDOUS</SVSTEMROOT >
</llND0WS>
<NAME>Wiiuiows S e r v e r 2012 SERUERSTANDARD<xNAHE>
<DESCRlPTlON>UimUvs Si>uer 2012 SERUERSTANDARD</DESCRIPT!ON>
<FLAGS > SftrverStan1ardEual< /'FLAG S >
<DISPLAYNAHE>Winduws Si;**ver 2012 S ta n d a r d E v a l u a t i o n <Sei*uer w ith a GUI X / D I
. 2.76.
, . 2.76:
<NAME>Windows Server 2012 S ERV ERS TAN DARD</NAME>
<DESCRIPTION>Windows Server 2012 SERVERSTANDAR D</ DES CRI PTI ON>
Metadata
(Key) (Value). ,
NAME. /IMAGE/PATH. NAME
Windows,
.
IMAGE INDEX="2".
126 2
NAME Windows Server 2012 SERVERSTANDARD.

, Metadata
/IMAGE/NAME Windows Server 2012 SERVERSTANDARD.
. ! ,
.
,
-
, .. .

1 AMD64 Microsoft-Windows-Setup\ DiskID 0
ImageInstall\OSImage\InstallTo
PartitionID 1
user D a t a
Windows. Microsoft
AcceptEula True. FullName Organization
,
. Key ProductKey
, .

1 AMD64 Microsoft-Windows-Setup\ AcceptEula True
UserData
FullName Bigfirm
Organization Bigfirm
AMD64 Microsoft-Windows-Setup\ Key HFG7 6-34GFT-06ID5-

UserData\ProductKey MNBW4-IYUSD
4 s p e c i a l i z e .
ComputerName .
. * ,
. -
. TimeZone .
U SA Eastern Standard.
<F1> TimeZone.

4 AMD64_Microsoft-Windows-Shell-Setup ComputerName *
TimeZone Eastern
Standard Time
W in d o w s S e r v e r 2 0 1 2 R2 127

7 oobeSystem. Windows
N e t w o r k L o c a t i o n . W o r k
, ,
. P r o t e c t Y o u r P C
.

, .

7 AMD64 Microsoft-Windows-Shell-Setup\OOBE HideEULAPage True
NetworkLocation Work
ProtectYourPC 1

, M SD N TechNet.

.
, .

.
-

7 AMD64_Microsoft-Windows-Security- SkipAutoActivation False
Licensing-SPP-UX
, .
. Tools^Validate
Answer File (^ ).
.

Messages ().
, ,
(. 2.77).
. File^Save
Answer File As (^ ).
a u t o u n a t t e n d . xml , : \ A n s w e r \
a u t o u n a t t e n d .x m l (. 2.78).
, ,
X M L -. Notepad.
:
128 2
***$?4 :
UK3nc#--Vn3c=.t
Patf> bwget-tfaiO'Kt:
!_62500 1638_
________ . _____ 62S200I6M_*. ' **,
A>wrt-PnpOeoo*cH^WinPE,e 2
Mcn^Y>'necftwO<>larofcraWriPt_fii S2001f
ndW^Microttf!Wr.acwi PneSwcwJ2 S20& 'SiW.oecJml
.6i9MD 1638ne**
23200.16. #9
arrJ64_Miowft Wndcwi RSever.62 *200 164_rwiel
)64_ Wr&m fiwnolrAwiwve J. 2S200 1638
!^.. 'ttrem Sojtt SfP .2 1638_!
! W rd m Secgnty-SPP UX-5PPCC.62 S200 1C.
=
1
anxJM.tfcrac* WrdovSup_6 2 320016 .*

.92001 ; 3 ]*
-a **>
5 ^
-
i ffl CreaeParMnm j XMi (0)] ^Mton .^ 5<1
&>
4
/ Plo-*error#
lecatan 1
- OSknp
. *
. 2.77.
Organize New folder : i=

Date modified Type
Librdnes
1>i Documents No items match ycur search.
^ Music
I h Pictures
Video*
5 Computer
j i local Disk(C:)
; Answe*
inetpub
Jtf PerfLogs
We name: utoiîirtend
Save (ty p e Answer file* jrml) v
. 2.78.
<?xml v e r s i o n = " l .0" encoding="utf-8"?>

cunattend x m l n s = " u r n :sc hem as- m i c r o s o f t -: unattend">
<settings pas s=" windowsPE">
<component n ame="Microsoft-Windo ws- Int ern ati on a1 -Co re- Win PE"
p ro ces sorArchitecture="amd64" p ublicKeyToken= "31 bf3 856 ad3 64e 35"
language="neutral" v ers ionScope="nonSxS"
x m l n s :wc m = " h t t p :/ / s c h e m a s .m i c r o s o f t .c o m / W M I C o n f i g / 2 0 0 2 / S t a t e "
x m l n s :xsi= "htt p:/ / w w w . w 3 .o r g / 2 0 0 1 / X M L S c h e m a - i n s t a n c e ">
<InputLocale>en-us 
<Use rLo cal e>e n-us</UserLocale>
<UIL ang uag e>e n-us</UILanguage>
<S yst emL oca le> en-us</SystemLocale>
<UILanguageFallbac k>e n-u s</ UIL ang ua ge Fal lba ck>
</component>
W in d o w s S e r v e r 2 0 1 2 R 2 129
component n am e="Microsoft-Windows-Setup"
p ro ces sor Architecture="amd64" pub licKeyToken="31bf3856ad364e35"
language="neutral" versionScope="nonSxS"
xmlns:wcm=" h t t p :/ / s c h e m a s .m i c r o s o f t .c o m / W M I C o n f i g / 2002/S t a t e "
xmlns:xsi="h t t p : / / w w w .w 3.or g/2 00 1 / X M L S c h e m a - i n s t a n c e ">
<DiskConfiguration>
<Disk wc m:a cti on="add">
<CreatePartitions>
<CreatePartition wcm:action="add">
<Extend>true</Extend>
<Order>l</Order>
<Type>Primary</Type>
</CreatePartition>
</CreatePartitions>
<ModifyPartitions>
<ModifyPartition w cm : a c t i o n = " a d d " >
<Active>true</Active>
< Format>NTFS</Format>
<Label>Windows</Label>
<Letter>C</Letter>
<Order>l</Order>
<PartitionID>l</'PartitionID>
</ModifyPartition>
</ModifyPartitions>
<DiskID>0</DiskID>
<WillWipeDisk>t rue </W ill Wip eDi sk>
</Disk>
</DiskConfiguration>
<lmagelnstall>
<OSImage>
<InstallFrom>
<MetaData wcm :action="add">
<Key>/IMAGE/NAME</Key>
<Value>Windows Server 2012 SERVERSTANDARD</Value>
</MetaData>
</InstallFrom>
<InstallTo>
<DiskID>0</DiskID>
l</PartitionID>
</InstallTo>
</OSImage>
</ImageInstall>
<UserData>
<ProductKey>
<K ey> HFG 76- 34G FT- 06ID9-MNBW4-IYUSD< /Key>
</ProductKey>
<A cce ptE ula>true</AcceptEula>
<F ullMame>BigFirm</FullName>
<Org ani zat ion >BigFirm</Organization >
</UserData>
</component>
</settings>
<settings pass="specialize">
<component n a me="Microsoft-Windows-Shell-Setup "
processorArchitecture="amd64" p ubl icK eyToken="31bf3856ad364e35"
130 2
language="neutral" versionScope="nonSxS"
x m l n s :w cm = " h t t p :/ / s c h e m a s .m i c r o s o f t .c o m / W M I C o n f i g / 200 2/S tat e"
x m l n s :xsi ="h t t p :/ / w w w . w 3 .or g / 2 0 0 1 / X M L S c h e m a - i n s t a n c e ">
<ComputerName>*</ Com put erN ame >
<T imeZone>Eastern Standard Time</TimeZone>
</component>
</settings>
<settings p ass="oobeS yst em" >
<component n ame ="M icr oso ft-Windows-Shell-Setup"
pr o c e s s o r A r c h i t e c t u r e = " a m d 6 4 " p ubl icKeyToken="31bf3856ad364e35"
language="neutral" v ers ionScope="nonSxS"
x m l n s :w c m = " h t t p ://s c h e m a s .m i c r o s o f t .com/WMIConf ig/2002/State"
x m l n s :xsi=" h t t p : / / w w w .w 3 .or g / 2 0 0 1 / X M L S c h e m a - i n s t a n c e ">
<OOBE>
<HideEULAPag e>t rue </H ide EUL APa ge>
<NetworkLocat ion >Wo rk< /Ne two rkL oca t ion >
<ProtectYour PC> l</ Pro tec tYo urP C>
</OOBE>
</component>
</settings>
< c p i :offlineImage c p i :s o u r c e = " w i m : c : / w 2 0 1 2 / i n s t a l l .wim#Windows
Server 2012 SERVERSTANDARD" x m l n s :c p i = " u r n :schemas-microsoft-com:cpi" />
</unattend>
, , ,
Windows.
.

. au to u n a tte n d . xml
- .

, .
. , ..
.
DVD- Windows Server 2012 R2.

D V D -,
, .
.
C D - D V D - . :
DVD Windows Server 2012 R2
CD- D VD -.
- .
-?
.
- U S B . .
W in d o w s S e r v e r 2 0 1 2 R2 131
, , ,
.
, .
CD- DVD-
, D VD -
IS O - Windows. IS O -,
a u t o u n a t t e n d .xml. ?
, A D K .
Deployment and Imaging Tools Environment (command
prompt):
oscdimg -n C:\Answer C :\answer.iso
C: \ IS O - a n s w e r , i s o
: \A n s w e r . ,
a u t o u n a t t e n d . xml : \ IS O -
! .
:
oscdimg - < >
130->
. , . DVD- Windows Server 2012 R2 D VD -

.
DVD-,
, .
, , .
, .
, - :
, ;
;
.
W SIM .
, ,
, .
,

, ,
.
,
.
.
.
132 2
.
1

bf1.bigfirm.com
IPv4 192.168.1.51
255.255.255.0
192.168.1.1
DNS- <>
DNS- <>

bf2 .bigfirm.com
IPv4 192.168.1.52
255.255.255.0
192.168.1.1
DNS- <>
DNS- <>
. Microsoft
. Windows Server 2008 86.
PowerShell ,
.

.
, ?
. Windows Server
.
.
.
. Win
dows Server 2012 R2.
Windows Server 2012 R2. -
. .
?

Server Core
Microsoft
.
,
- . , Server Core,
Windows Server 2008 Windows Server 2012 R2,
Microsoft Windows
, .
, Server Core Windows Server 2012 R2,
, PowerShell.
:
Server Core;
Server Core;
Server Core ;
.
Server Core
.
(G U I)? Server Core
,
,
G U I. : Windows Server 2008 R2
Server Core , Windows Server 2012 R2
Server Core G U I.
Server Core,
G U I, PowerShell.
,
Server Core.
134 3
,
G U I ,
Server Core. , , Windows
Server Core. ,
G U I, .
2,
G U I. PowerShell 3.0
Server Core.
.
, .
Server Core
S e r v e r C o r e ?
Server Core Windows Server ,
.
, Windows,
internet Explorer .
,
, , Microsoft
(Microsoft Management Console).
PowerShell.
?
.
.
.
.
,
.
. Server Core
,
.
Server Core
Server Core ,
Server Core G U I,
, .
G U I, 2, Server Core.
Windows Server 2012 R2 Server Core ,
. DVD-
. .xml
, .
Windows Automated Installation Kit,
.
, . 3.1.
S e r v e r C ore 135
W in d o w s
M3J
W in d o w s Server 2012 R2 Standard ( ) 64
2
W in d o w s Server 2012 R2 Datacenter ( .. 64
W in d o w s Server 2012 R2 Datacenter ( .. . 64
< >
:
, . ,
,
.
. . .
W in d o w s Server".
( ]
. 3.1. Server Core Windows Server 2012 R2
1. Server Core Standard Datacenter

Next ().
2.
Next. .
3. , Custom
().
(. 3.2).
: 50
.
.
, ,
,
.
4. New () ,
50 .
Windows
350 , .
. ;
- .
5.
(A d m in is tra to r), .
6. , .
,
, . 3.3,
. , , .
.
136 3

C1 Install Windows
Where do you want to install Wind[^vs?
| Name Total Size Free Space Type
i Disk 0 Partition 1 200.0 MB 200.0 MB System
Disk 0 Partition 2 49.8 GB 49.7 GB Primary
' Disk 1 Unallocated Space 293 GB 293 GB
% Refresh Delete Format # -N s w
^ Load Driver |C~*Êxtend
A W indows cannot be installed to this disk. (Show details)
| Next ]
. 3.2.
|;A d m in is tra to r C:\W iiM iow s\svstein3 2 \cm d -exe

Microsoft Windows [Uersion 6.0.6001]
Copyright <c> 2006 Microsoft Corporation. All rights reserved.
C:\Users\fldministrator>
Id
. 3.3. Server Core

PowerShell, .
.
,
Properties (). Colors
() , . 3.4.
Server Core

.
,
. ,
, ,
G U I.
.
Adm inistrator C\Windows\system32\cmd.exe
"G\Windows\system32\cmd.exe" Properties
[ Fort J Layout ] Colon [
Screen Text Selected Color Values
(> Screen Background .

Popup Tead Green |fl j-y{
> Background a* s'

Selected Screen Colors
C:\WINDOWS> d i r
8YSIEH <DIR> 1 0 -0 1 - 9 9 5:01
SVSTEM32 <DIR> 1 0 -0 1 -9 9 5:01
Selected > Cok

!C : s W1MD0US> d i r
S V STEH < D IR > 1 0 -0 1 -9 9 5:01
S YSTEH 32 <D1R> 1 0 -0 1 -9 9 5 :01
Cancel | ;
. 3.4.
Server Core GUI

,
Server Core G U I
. ,
G U I, Server Core .
, :
h t t p ://gallery.technet.microsoft.com/scriptcenter/
Switch-between-Windows-9680265d/file/107247/l/SwitchGUIServerCORE.zip
,
. ,
; .
:
PS :\> Set -Ex ecutionPolicy A llS igned
, ,
PowerShell (. 3.5).
:
1 Server Core;
2 G U I;
3 G U I .
; .
,
.

Server Core
. (Task Manager).
138 3
P S :\ > . \S\yi tc h G U IS e f v e r C O R E . p s l
S e c u r i t y w a r n in g
Run o n l y s c r i p t s t h a t y o u t r u s t , h i s c r i p t s from t h e i n t e r n e t c a n b e u s e f u l t h is s c rip t can p o t e n t ia lly nar/n y o u r .
c o m p u te'. Do y o u a n t t o r u n : \ S v a t c b G O IS e r % e r C C R E . p s l ?
' 0 ] Do n o t r u n ,vR} R un o n c e >'Sj S u s p e n d j H e lp ( d e f a u l t i s " D " ) : R
S w i t c h b e tw e e n G U I an d s e r v e r C o r e
f l l S w it c h t o s e r v e r CORE
1 2 i S v v it c h t o G U I
T-JJ I n s t a l l G U I f r o " o n l i n e r e s o u r c e
E n t e r t h e num ber t o s e l e c t an o p t i o n ;
. 3.5. PowerShell
,
Windows. ,
.
<Ctrl+Alt+Del>.
Security (), <Ctrl+Alt+Del>.
,
.
<Ctrl+Shift+Esc>.
M S C E ,
<Ctrl+Shift+Esc>. , ,
. .

, ,
, ,
, ? ,
Server Core.
, ,
.
1. , .
2. FileoNew Task (Run) (1^ ()).
Create new task ( ), Run
(), Start ().
3. cmd , . 3.6.
4. PowerShell ,
PowerShell.
Create new task 1x 1
Type the name of a program, folder, document or Internet

resource, and Windows will open it for you.
Open: |cmd v |
Create this task with administrative privileges.
OK | | Cancel | Browse... |
. 3.6. Create new task

S er v er C ore 139

PowerShell
, ,
,
. Server Core ,
.
n et user:
PS :\ U s e r s\A dmi nis tra tor >ne t user administrator *
Type a p ass wor d for the user:
:
Retype the passwo rd to confirm:
:
.
.
ne t . , Windows NT
(NT new technology).
-
PowerShell S e t - A D A c c o u n t P a s s w o r d .
:
Set- ADA cco unt Pas swo rd [-Identity] < AD>
[-AuthType (Negotiate I Basic}] [-Credential < PowerShell>)
[-NewPassword >] [-Ol dPassword < >]
[-Partition <>] [-PassThru <>] [-Reset <>]
[-Server <>] [-Confirm] [-Whatlf] [< ?]

, Windows Server ,
.
Windows,
.
net view:
PS : \ Use rs\ Adm ini str ato r>n et view W b f l
Shared resources at W b f l
Share name Type Used as Comment
isos Disk
netlogon Disk
Public Disk
SYSVOL Disk
temp Disk
n e t use,
:
PS : \Users \Ad min ist rat or> net use Z: \\bfl\tamp
The command completed successfully
140 3
, ,
, Z :. M S-DOS .
:
PS : \Users\Adm ini str ato r>n et use Z: /del
Z: was d eleted successfully
PowerShell get-psdrive
New-PSDrive
.
New-PSDrive:
New-PSDrive [-Name] <?> [-P S P r o v i d e r ] <> [-Root] <>
[-Credential < PowerShell>] [-Description <>]
[-Persist] [-Scope <>] [-Confirm] [-Whatif] [-UseTransaction]
[< >]
Z
; ,
.
(http://
technet .microsoft.com/en-us/library/cc754340 .aspx),
Z. , , ,
.
PowerShell http: /./
technet.microsoft.com/en-us/library/hh801904.aspx.
.
Notepad

Notepad. Server Core.
.
, VI, , Windows NT.
, Core ,
,
.
. Notepad Server Core.
ipconfigCommand.txt.
:
: \Users\Administrator>notepad d o c u m e n t s \i pc o n f i g C o m m a n d .txt
Notepad .
, ipconfigCommand.txt, ,
, , !
. .
, Mark
() , .
, Notepad.
S er v er C ore 141

SCRegedit .wsf Server Core
, .
Server Core /cli.
, M S C E ,
. scregedit .wsf
Visual Basic (VB), ,
System32, :
:\Wi ndo ws\ System32>cscript s cre gedit.wsf /cli

PowerShell,
.
. :
PS :\> Restart-Computer
,
, (ServerOl Server02)
(localhost):
PS :\> Res tar t-Computer -ComputerName ServerOl, Server02, localhost
Server Core
, G U I
(. 3.7),
.
Server Manager
Server Manager Local Server - I "' Tls v
Lastinstalledupdates
Windows Update
i All Servers Lastcheckedfor updai
& DNS
Windows Firewaa Windows Error Repotting
i File and Storage Services > Remotemanagen Customer ExperienceImprovement Program
RemoteDesktop IE EnhancedSecurityConfiguration
i us NICTeaming
Ethernet) assigned byDHCP. IPv6enabled ProductID
NAP
Remote Desktop Services >

lntel(R) Pentium!
1G8
60GB
All evens 125total rw sis ^
1* P - a
ServerName ID Severity Source tog DateandTime

LABSERVER 10149 Warning Microsoft-Windows-WmdowsRemoteManagemen System 8/10/201511:18:54PM
LABSERVER 1014 Warning Microsoft-Windows-DNSClient Events System 8/10/201511:18:40PM *
LABSERVER 7023 Error Microsoft-Windows-ServiceControl Manager System 8/10/201511:18:12PM
LABSERVER 46 Error volmgr System 8/10/201511:17:14PM
LABSERVER 1014 Warning Microsoft-Windows-DNSClient Events System 8/10/20151:35:10PM
LABSERVER 489 Error ESENT Application 8/10/2015125:22PM
. LABSERVER____ 455 Error ESENT Aoclication a/maai5ias22PM_________[21
, 3.7. ,
Windows
142 3
, Server Core
G U I,
.

,
G U I Windows Server.
:
;
;
;
.

. ;
Windows Server 2012 R2 60 .
,
(reduced functionality mode R FM ).
,
Windows Update
.
slm gr.vbs
.
.
, rem ,
:
rem
cscript :\windows\system32\slmgr.vbs
-ipk q 7y 83-w 4fvq- 6mc 6c- 6qqtd-tpm 88
Microsoft (R) Windows Script Host Ve rsion 5.8
Copyright (C) Microsoft Corporation. All rights reserved.
Installed product key q 7y8 3-w 4fv q-6 mc6c-6qqtd-tpm88 successfully.
:
rem
cscript c:\windows\system32\slmgr.vbs -ato
Microsoft
.
(Key Management Service K M S),
- .
, K M S
K M S
.

Server Core
: Time and Date ( ),
:
control timedate.cpi

:
:\Us ers \Ad mi n i s t r a t o r > w 3 2 t m /tz
Time zone: C u r r e n t :TIME_ZON E_I D_D AYL IGH T Bias: 300min
(U TC=LocalTime+Bias)
[Standard N a m e :"Eastern Standard Time" Bias:0min Date:(M:10 D:5 DoW:0))
[Daylight N a m e :"Eastern Daylight Time" Bias:-60min Date:(M:4 D:1 DoW:0)]

, ,
IP -.

ipconf ig PowerShell:
PS :\ Use rs\ Adm inistrator> get- net ipc onf igu rat ion
InterfaceAlias : Ethernet
Interfacelndex : 12
InterfaceDescription : Intel(R) 82574L Gigabit Network Connection
N e t P r o f i l e .Name : Network
IPv4Address : 192.168.1.20
IPv6 DefaultGateway :
IPv4 DefaultGateway : 192.168.1.1
DNSServer : 192.168.1.1
.
PowerShell New-NetlPAddress.
:
New-NetlPAddress [-IPAddress] <> -InterfaceAlias <>
[-AddressFamily < >] [-AsJob] [-CimSession <
C i m S e s s i o n []>] [-DefaultGateway <>] [-PolicyStore <>]
[-PreferredLifetime < TimeSpan>] [- PrefixLength <>]
[-SkipAsSource < ] [-ThroztleLimit <3 Int32>]
[-Type <>] [-ValidLifetime < TimeSpan>] [-Confirm] [-Whatlf]
[< ]

PowerShell ?
Add-Computer:
PS :\Users\Administra tor >Ad d-C omp ute r
PowerShell
. ,
, .. ,
. (. 3.8).
144 3
C o p y rig h t ( ) 2013 M ic ro s o ft C o rp o r a tio n . A l l r i g h t s re s e rv e d .
PS C:\Users\AaMHHHCTpaTop> add-com puter
cm d le t Add-Com puter a t command p ip e lin e p o s it io n 1

S u p p ly v a lu e s f o r th e f o llo w in g p ara m e te rs:
C re d e n tia l
Windows PowerShell credential req.J ? I x J
Enter your aedentials.

I
User name: | | ~vj ....
Password:
. 3.8.
:
cmdlet Add-C omp ute r at c omm and pip eli ne position 1
Supply values for the following parameters:
Credential
DomainName: BigFir m.c om
Windows
, hostname:
PS :\ U s e r s \ A d min ist rat or> hos tna me
WI N-AG6PV07DM2A
,
B fs c l. ( ,
.) PowerShell :
PS :\Users\Administ rat or> Ren ame -Co mpu te r
PowerShell :
cmdlet Rename-Computer at command p ipeline position 1
Supply values for the following parameters:
NewName:bfscl

,
. .
1. .
2. .
S e r v er C ore 145

, SCONFIG. S C O N F IG .
. 5, Windows Update
Settings ( Windows), 5.
, Manual ().
Automatic (), . . 3.9
Server Configuration ( )
, .
Windows PowerShell
C:\Windows\System32\cscriptexe
> C o m p u te r N am e:
> Add L o c a l A d m i n i s t r a t o r
:> C o n f i g u r e R em o te M an ag em e n t
'.> W in d o w s U p d a t e S e t t i n g s :
> D o w n lo a d a n d I n s t a l l U p d a t e s
'> R em o te D e s k t o p : E n a b le d (m o r e secu re c lie n ts o n lt;>
> N e tw o rk S e t t in g s
> D a t e a n d T im e
0> H e lp im p r o v e t h e p r o d u c t w it h C E IP Not p a r t ic ip a t in g
1> W in d o w s A c t i v a t i o n
2> Log O ff U s e r
3> R e s ta rt S e rv e r
4> S h u t Down S e r v e r
5> E x i t t o Command L i n e
E n te r num ber to s e le c t an o p tio n : 5
Update Settings
n a b lin g A u t o m a t ic u p d a te :
W indows Update set to Automatic. System will check for and install
updates every day at 3:00 A M .
. 3.9. SCONFIG
. 3.9 ,
SCONFIG. ,
, PowerShell,
.

Automatic Updates
( ). Windows Update Web Site
(- Windows Update) .
Internet Explorer, Server Core
. . 3.9, , 6,
Download and Install Updates ( ).
SCONFIG ,
.
. , .
146 3

, , -,
, , .
Microsoft ,
, .
; ,
. ,
. ,
, .
Server Core, VB
, .

. .
1. .
2. .
3. Windows.

, Windows Server 2012,
.
.
/ ,
(Add Roles and Features Wizard) .
. Server Core
.
/ , .
.
(Active Directory Domain
Services), D N S, D H C P Print and Document Services.
File Server. ,
, Windows Server Backup (
Windows Server) .
PowerShell :
rem ( )
PS : \ Use rs\ adm ini str ator>Get-WindowsFea ture
, , ,
. D H C P Server.
N a m e ().
Display Name Name Install State
[ ]DHCP Server DHCP available
( ]Active Directory Domain Services AD- Domain-Services available
[ ]DNS Server DNS available
[ ]Print a n d Document Services Print-Services available
PS :\U ser s\a dmi nis trator>Add-WindowsFeature DHCP
S er v er C ore 147
.
PowerShell .
.
G e t - W i n d o w s F e a t u r e , ,
I n s t a l l e d (). :
PS :\Us ers \ad min ist rat or> Add -Wi ndo wsF ea tu re AD-Domain-Services
PS :\Users\admini str ato r>A dd- Win dow sFe a tur e DNS
PS : \Users\admin ist rat or> Add -Wi ndo wsF ea tu re Print-Services

S C O N F I G . . 3.9,
7, R e m o t e D e s k t o p ( ). 7
,
. E n a b l e (), .
, ,
Remote Desktop, , Remote Desktop Network
Level Authentication.
. ,
.

.

(Remote Administration).
, Microsoft (Microsoft
Management Console). ,
Remote Administration:
netsh advfirewall firewall set rule group ="R emo te Administration"
new enable=yes
,
. ,

, Event Viewer ( ), Disk Management
( ), File and Print Services ( ) Task
Scheduler ( ).
, Remote Desktop.
. Remote Desktop
, , ,
n e t s h a d v f i r e w a l l
f i r e w a l l set rule. . ( n e w
.)
netsh advfirewall firewall set rule g ro up= "Re mot e Desktop"
new enable=yes
,
:
netsh advfirewall set cur rentprofile settings remotemanagement enable
148 3
,
, .
:
netsh advfirewall set allprofiles state on
netsh advfirewall set allprofiles state off
,
:
netsh advfirewall reset
, ,
; .
1433 SQ L Server:
netsh advfirewall firewall add rule narne="Open SQL Server Port 1433"
dir=in action =al low protoc ol= TCP localport=1433
netsh advfirewall firewall delete rule name="Open SQL Server Port 1433"
protocol=tcp localport=1433
PowerShell,
.
, , :
Set-NetFirewallProfile -Profile Domain, Public,Private -Enabled True
:
Remove-NetFirewallRule -Action Block
Server Core
, ,
.
,
.
(Remote Desktop)
,
Server Core. Microsoft (Microsoft
Management Console) Server
Core, .
Windows (Windows Remote Shell),
.

(Terminal Services)
Windows 2000. , ..
.
.
Windows,
. Server Core.
Windows Server 2012 Server Core ,
-
S er v er C ore 149
, .. ,
.
Server Core RemoteApp,
. -
, , Notepad ,
Server Core. ,
, .
Server Core .

Microsoft (Microsoft Management
Console )
. R PC
Windows,
.
.
, :
cmdkey /add:bfscl / u s e r :A d m i nis tra tor / p a s s :P@sswOrd
/pass,
.
.
,
Windows, Windows Server
a d m i n p a k . m s i . Windows Server 20I2 a d m i n p a k . m s i
Remote Server Administration Tools (
). .
. 3.10 , Remote Server Administration Tools
.
Add Roles and Features Wizard - |
DESTINATION SERVER
Select features LabServer
Select one or more features to install on the selected server.

Before You Begin

Server Selection Remote Server Administration Tools includes
I I Peer Name Resolution Protocol
Server Roles snap-ins and command-line tools for remotely
Quality Windows Audio Video Experience
managing roles and features.
0 RAS Connection Manager Administration Kit ()
WDS 1 I Remote Assistance
Role Services Remote Differential Compression
WSUS I
t> 0 Feature Administration Tools
Role Services
Role Administration Tools (5 of 28 installed)
Content
> 0 AD DS and AD LDS Tools
E> Hyper-V Management Tools
t> 0 Remote Desktop Services Tools (Installed)
!* 0 Windows Server Update Services Tools
> Active Directory Certificate Services Tools
Active Directory Rights Management Services Tools
0 DHCP Server Tools
| < Previous | | Next > | | Install [ | Cancel |
. 3.10. Remote Server Administration Tools

150 3
,
.
.

Windows Server 2012 Server Core. ,
, D H C P
. D H C P
.
1. Remote Server Administration Tools
4 Run ().
2. File () Add/Remove Snap-in (
).
3. Add/Remove Snap-in (
) ,
.
4. D H C P Add ().
.
5. D H C P
Add Server ( ).
6. Add Server ( ),
D H C P (. 3.11).
Server Core.
7. , DHCP,
, . 3.12.
Consolel - {
file Action View Fevertes Window Hfp
4* 4*1*3
j
Console Root
OHCP
Mb ' Add Server
Select you wani to add to y w console.
** Tbis sever
! J 1
This jiwtNaaec DHCP.!***?*?.
. 3.11. DHCP
? DHCP I " I I 1
File Action View Help
| > 1 1 | 11
' 2 DHCP Contents of Scope Actions
I LABSERVER 43 Address Pool
Scope [192.168.146.0]... ^
& IPv4 "Âddress Leases
Scope [192.168.146.0] Scope More Actions
5 Reservations
Address Pool lJJ| Scope Options
L) Address Leases
_d i Policies
> j3 Reservations
Scope Options
Policies
Server Options
l3i Policies
a jjB Filters
Allow
Deny
0 l , IP v 6
< ! 111 1 > !
. 3.12. D HCP Server Core
: Windows Remote Shell

Windows Remote Shell ( Windows)
. Telnet,
.
, Telnet.
Windows Remote Shell ,
.
- ,
SOAP (Simple Object Access Protocol ).
SOAP ,
X M L ,
, HTTP. ,
, Notepad,
H T T P .
, Windows Remote Shell .
.
Microsoft Windows Remote Shell
winrm q u ic k c o n f ig . , , H T T P
T C P 5985. ,
. ,
.
IPsec,
. Windows Remote Shell
HTTPS (SSL),
.
.
152 3

:

. ,
Windows Server.
;
,
Active Directory. ,
.
, .
. ,
.
Windows Server 2012
Active Directory (Active Directory Certificate Services).
Certification Authority Wfeb Enrollment
(- ). ,
Internet Information Services (IIS). ,
Certificate Authority ( ).
.
, RPC -
Kerberos.
. , .
- , ,
, Active Directory.
Active Directory,
. , B f s c l
, . , .
Server Core. (
, ,
, .)
Server Core c e r t u t i l PowerShell dir:
rem certutil
PS :\Us ers \Ad m i n i s t r a t o r .B I G F I R M\D ocu men ts> cer tut il -viewstore

m y
. c e r t u t i l
(. 3.I3). Click here to view certificate
properties ( , )
.
.
PowerShell
. ,
PowerShell .
,
. .
.
S er v er C ore 153
.. p.
Jol.xl
C :\ U s e t s \ a d n i n i s t !* a t o r .B I G F I R M > c e r t u t i l - v ie w s t o r e ny
View Certificate Sto re

SeJectCerbfieatE
BFSCl.bigfirm .com
H s i r -. bigfiim-BFl-CA
Vald From: 7/23/2009 to 7/23/2010

OK I Cancel
. 3.13. , certutil
dir , PowerShell -
get-items.
M S-DOS .
,
certutil:
rem PowerShell
:\ U s e r s \ A d m i n i s t r a t o r .BIGFIRM >powershell
PS :\ U s e r s \ a d m i n i s t r a t o r .BIGFIRM> dir cert:\localmachine\my | FL
Subject C N = B F S C 1 .bigfirm.com
Issuer CN=bigfirm-BFl-CA, DC=bigfirm, DC=com
Thumbprint 03ADB670C63E8D1CDB7 64CD7AA589C51D854307C
FriendlyName
NotBefore 7/23/2009 6:55:41 PM
No tAfter 7/23/2010 6:55:41 PM
Extensions {Sys tem.Security.Cryptography.Oid, S y s t e m . S e c u r i t y .
Cryptography
.Oid, S y s t e m .S e c u r i t y .C r y p t o g r a p h y .Oid,
S y s t e m . S e c u r i t y . C r y p t o g r a p h y . O i d . ..}
| FL .
dir . ,
, .
( )
(Thumbprint).

Windows Remote Shell IP -
. H T T P
5985, HTTPS 5986. ,
. <cfg:HTTP> <cfg:HTTPS>
. ,
X M L , format:pretty.
. , , <cfg:Client>,
, .
, <cfg:Service>, ,
.
154 3
PS :\L'sers\aAninistrator.BIGFIRM>winnn get winrm/config -format:pretty

<cfg:Config xml:lang="en-US" xmlns:cfg=http://schemas.microsoft.com/wbem/wsman/
l/config">
<cfg:MaxEnvelopeSizekb>150</cfg:MaxEnvelopeSizekb>
<cfg:MaxTimeoutms>60000</cfg:MaxTimeoutms>
<cfg:MaxBatchItems>32000</cfg:MaxBatchItems>
<cfg:MaxProviderRequests>4294967295</cfg:MaxProviderRequests>
<cfg:Client>
<cfg:NetworkDelayms>5000</cfg:NetworkDelayms>
<cfg:URL?refix>wsman</cfg:URLPrefix>
<cfg:AllowUnencrypted>false</cfg:AllowLJnencrypted>
<cfg:Auth>
<cfg:Basic>true</cfg:Basic>
<cfg:Digest>true</cfg:Digest>
<cfg:Kerberos>true</cfg:Kerberos>
<cfg:Negotiate>true</cfg:Negotiate>
<cfg:Certificate>true</cfg:Certificate>
<cfg:CredSSP>false</cfg:CredSSP>
</cfg:Auth>
<cfg:DefaultPorts>
<cfg:HTTP>5905</cfg:HTTP>
<cfg:HTTPS>5 9 86</cfg:HTTPS>
</cfg:DefaultPorts>
<cg:TrustedHostsx/cfg :TrustedHosts>
</cfg:Client>
<cfg:Service>
<cfg:RootSDDL>0:NSG:BAD:P(A;;GA;;;BA)S:P (AU;FA;GA;;;WD)(AO;SA;GWGX;;;WD)
</cfg:RootSDDL>
<cfg:MaxConcurrentGperations>4294967295</cfg:MaxConcurrentOperations>
<cfg :MaxConcurrent0perationsPer(Jser>15</cfg :MaxConcurrentOperationsPerUser>
<cfg:EnumerationTimeoutms>60000</cfg:EnamerationTimeoutms>
<cfg:MaxConnections>25</cfg:MaxConnections>
<cfg:MaxPacketRetrievalTimeSeconds>120</cfg:MaxPacketRetrievalTimeSeconds>
<cfg:AllowUnencrypted>false</cfg:AllowUnencrypted>
<cfg:Auth>
<cfg:Basic>false</cfg:Basic>
<cfg:Kerberos>true</cfg:Kerberos>
<cfg:Negotiate>true</cfg:Negotiate>
<cfg:Certificate>false</cfg:Certificate>
<cfg:CredSSP>false</cfg:CredSSP>
<cfg:CbtHardeningLevel>Relaxed</cfg:CbtHardeningLevel>
</cfg:Auth>
<cfg:DefaultPorts>
<cfg:HTTP>5985</cfg:HTTP>
<cf g :HTTPS>5 986</cfg:HTTPS>
</cfg:DefaultPorts>
<cfg :IPv'JFilter>*</cfg:IPv4Filter>
<cfg:IPv6Filter>*</cfg:IPv6Filter>
<cfg:EnableCompatibilityHttpListener>false</cfg:EnableCompatibilityHttpListener>
<cfg:EnableCompatibilityHttpsListener>false
</cfg:EnableCompatibilityHttpsListener>
<cfg:Certif icateThumbprintx/cfg:CertificateThumbprint>
</cfg:Service>
S er v er C ore 155
<cfg:Winrs>
<cfg:AlIowRemoteShellAccess>true</cfg:AllowRemoteShellAccess>
<cfg:IdleTimeout>180000</cfg:IdleTimeout>
<cfg:MaxConcurrentOsers>5</cfg:MaxConcurrentUsers>
<cfg:MaxShellRunTime>214 74 83647</cfg:MaxSheilRunTime>
<cfg:MaxProcessesPerShell>15</cfg:MaxProcessesPerShell>
<cfg:MaxMemoryPerShellMB>150</cfg:MaxMemoryPerShellMB>
<cfg:MaxShellsPerUser>5</cfg:MaxShellsPerUser>
</cg:Winrs>
</cfg:Config>
I P -
. , ,
winrm /?,
, :
winrm create w i n r m/c onf ig/ Lis ten er? Add res s=* +Tr a nsp ort =HT TPS @
{H o s t n a m e = " b f s c l .b i g f i r m .c o m " ;
Certifi cat eTh umb pri nt= "03 ADB 670 C63 E 8Dl CDB 7 64CD7AA589C51D854 3 0 7 C " }
.
Address=* 1-.
Transport=HTTPS : H TTP HTTPS.

5985 5986.
Hostname= .
CertificateThumbprint= , certutil.

. HTTP
, / q u i c k c o n f ig,
H TTPS.
,
n e ts h a d v f i r e w a l l f i r e w a l l
. , ,
.
, .
,
. New Inbound
Rule Wizard ( ) ,
,
. ,
.
Server Core ,

. ,

Server Core,
Server Core .
156 3
Windows (Windows
Firewall with Advanced Security), Server Core,
.
(. 3.14) Port (
), .
New Inbound Rule Wizard
R u le
Select the type of firewall rule to create.
Steps:
4 Rule Type What type of rule would you like to create?
Program
# Action Program
Rule that controls connections for a program.
* Profile
Name Port
Rule that controls connections for a TCP or UDP port.
Predefined:
|BranchCache - Content Retrieval (Uses HTTP) 4

Rule that controls connections for a Windows experience.
Custom
Custom rule.
| <Back II N*1> II Cancel |
. 3.14.
Protocol and Ports ( ) TCP

5986 (. 3.15).
P ro to co l and Ports
Specify the protocols and ports to which this rule applies.
Steps:
Rule Type Does this rule apply to TCP or UDP?
Protocol and Ports TCP
Action UDP
Profile
Does this rule apply to all local ports or specific local ports?
All local ports

() Specific local ports:
Example: 80. 443. 5000-5010
. 3.15.
S er v er C ore 157
Action (), . 3.16, ,

.
Allow the connection ( ). ,
.
Allow the connection if it is secure ( ).
IPSec.
IPSec Network Access Protection
( ) .
Block the connection ( ).
.
A c tio n
Specify the action to be taken when a connection matches the conditions specified in the rule.
Steps:
S Rule Type What action should be taken when a connection matches the specified conditions?
+ Protocol and Ports

A llo w th e c o n n e c tion
* Action
This includes connections that are protected with IPsec as well as those are not.
s Profile
A llo w th e con n e c tio n if it is s e a i e
<# Name
This includes only connections that have been authenticated by using IPsec. Connections
will be secured using the settings in IPsec properties and rules in the Connection Security
Rule node.
B lo ck th e c o n n e ction
< Back || Next > || Cancel |
. 3.16.
Profile () ,
(. 3.17).
, ,
.
, .
Domain ().
Name ( )
(. 3.18).
, , ,
,
. ,
. ,
netsh.
3
& New Inbound Rule Wizard Lj l I

P r o file
Specify the profiles for which this rule applies.
Steps:
4 Rule Type When does this rule apply?
* Protocol and Ports

<# Action 0 Dom ain
Applies when a computer is connected to its corporate domain.
Profile
* Name 1 I P riva te
Applies when a computer is connected to a private network location, such as a home
or work place.
I I Public
Applies when a computer is connected to a public network location.
<Back 11 Next > || Cancel
. 3.17.
New Inbound Rule Wizard I x
N am e
Specify the name and description of this rule.
Steps:
4 Rule Type
4 Protocol and Ports

4 Action
Profile ______________________________________________________________________
Windows Remote Management HTTPS
Name 1------------------------------------------------------------------'
Description (optional):
Opens port 5986for remote management using WinRM
<Back 11 Finish | | Cancel
. 3.18.
S er v er C ore 159
:
netsh advfirewall f i r ewa ll> add rule ?
: add rule =<>
dir=inI out
ac tio n=allow|block|bypass
[p r =< >]
[se rvice=<K0p0TK0e > |any]
[d e s c r i p t i o n =<>]
[enable=yesI no ( = ) ]
[profile=publicI private Idomain Ia n y [, ...]]
[l o cal ip= any |< IPv4>| I < > I< > I<>]
[r emoteip=anyIlocalsubnetIdnsIdhcpI wins Idefaultga tew ay I
< IPv4>l<aflpec IP v 6>|< > |< > |<>]
[localport=0-65535I< > |RPC IRPC-EPMap|IPHTTPS|any
( = ) ]
lremoteport=0-65535 I<port range> [, . . .] Iany ( =.) ]
[p r o t o c o l = 0 - 2 5 5 I i c m p v 4 I i c m p v 6 | i c m p v 4 : , Iicm pv6 :, I
tcpIudpI any (no = ) ]
[interfacetype=wireless|lan|ras|any]
[rmtcomputergrp=<CTpoKa SDDL>]
[rm tusrgrp=<CTpoKa SDDL>]
[edge=yesIdeferappIdeferuserI no ( = ) ]
[s e c u r i t y =a uth ent ica te| aut hen c|a uth d yne ncI aut hno enc apI not req uir ed
(no yoa=notrequired)]
.
Server Core ,
, .
Notepad, .
,
:
PS :\ U s e r s \ a d m i n i s t r a t o r .BIGFIRM> netsh advfirewall firewall add rule
name="Windows Remote Mana gem ent HTTPS"
description="OTKpbiBaeT 5986
WinRM" protoc ol= TCP dir=in localport=5986
profile =do mai n ac tio n=allow
Ok

.
add r u l e . Inbound Rules
( )
New ().
= d e s c r i p t i o n s ,
(. . 3.18).
protocol= localport=. ,
. 3.15.
dir=, .
(New Inbound Rule
Wizard).
160 3
profile=. . 3.17.
: [prof i l e = p u b l i c Ip r i v a t e Id o m a i n |
a n y [, ...]].
action=. ,
. 3.16. :
act i o n = a l l o w | b l o c k Ibypass. b y p a s s
Allow the connection if it is secure.
. 3.15 ,
. , ,
, ,
.
WinRS
, Windows Remote Shell, winrs.exe.
Windows 7, Windows 8 Windows Server 2012.
winrs.exe:
rem winrs .
PS :\ U s e r s \ A d m i n i s t r a t o r .BIGFIRM>winrs -r:h t t p s : / / b f s c l . b i g f i r m .
com:5896 ipconfig
Ethernet adapter Internal:

Conn ect ion-specific DNS Suffix . . :
Link-local IPv6 Address .......... : f e 8 0 : :b5a l:1 5 7 f :7220:4f4c%3
IPv4 A d d r e s s ....................... : 192.168.1.11
Subnet Mask ....................... : 255.255.255.0
Default Gateway ................... : 192.168.1.254

. Server Core
.
, ,
, .

Active Directory Domain Services, DNS, D H C P Print and Document Services.
. ,

.
File Server
( ) Key Management Service (
). File Server
. Key Management Service
.
,
, Microsoft.
S er v er C ore 161
,
,
. Windows Server
Backup ( Windows Server),
, .
Server Core
.
DNS
Windows Server

DCPromo. Windows Server 2012 DCPromo
.

PowerShell. Active Directory Domain Services (A D D S)
, .
,
.
Test-ADDSDomainControllerlnstallation
,
. ,
. 3.19.
5 v u i e r s 'A s b r n f s t r a t o r > T fcrAD D SD oflta*nC ontro 1 1a t i e f t

:
c irid le t T e s t - A D D S D o e r - a in C c r t r o lle r ln E t a lT a t - io r at command p i p e l i n e p o s i t i o n 1

S u p p ly v a l u e s f o r t h e f r i t t b w i e g p a r a m e t e r s : . :
SoreaihNaspe: bigficn>..*
C o n f i -,r S a f e V o d e A d ^ ^ m o t r a t G r P a s s v i.u r H : .. .
'le s s ag e C o n te x t - k e b o o t R e q u ir e d S ta tu s
T e s t V w F y A d ^ - in .T r 'u i t e d f 'o r .... T e s t i f y A d m ... - Fabe : Success

eyt v e r f y A D P r e p P r e r e q u > . . , T e s t . V e r i f y A O P r e p P r e r e q i i i * . . P a lS e success
V e r if- i c a t i o n o f p r e r e q u S s i . . , T e s t .V e r i^ y D t P r o f w iC c r e ,O C P . . . F d lit
f e s t V c r i f y O u t b o u n d R e p H c a , . . T e s t . Vet* i f y O u t b o u n d & e p li c a . . . FaU e Success
. 3.19. T es t - A D D S D o m a i n C o n t r o l l e r l n s t a l l a t i o n
. I n s t a ll-ADDS
DomainController D NS.
, :
, :
:
D N S -:
: : \Windows\NTDS
: : \Windows\NTDS
SYSVOL: C:\Windows\SYSVOL
,
.
, :
162 3
Inst all -AD DSDomainController -DomainName <> [-ADPrepCredential

< PowerShell] [-Allo wDo mai nCo ntr oll erR ein sta ll]
[-ApplicationPartitionsToReplicate < ]
[-CreateDnsDelegation] [-Credential < PowerShell]
[-CriticalReplicationOnly] [-DatabasePath <>]
[-DnsDelegationCredential < PowerShell] [-Force]
[-InstallationMediaPath <] [-InstallDns] [-LogPath <>]
[-Mo veI nfrastructureOperationMasterRoleIfNecessary] [-NoDnsOnNetwork]
[-NoGlobalCatalog] [-NoRebootOnCompletion] [-ReplicationSourceDC
<>] [-SafeModeAdministratorPassword < ]
[-SiteName <] [- S k i p A u t o C o n f i g u r e D n s ] [-SkipPreChecks]
[-SystemKey < ] [-SysvolPath <>] [-Confirm]
[-Whatlf] [< ]
:
PS C:\Users\adm ini str ato r Ins tal l-A DDSDomainController
:
The target server will be c onfi gur ed as a domain controller and restarted
when this operation is complete.
Do you want to continue with this operation?
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help
(default is " Y " ) :Y

.
?
[] [] [N] [L] [S] [?]
( "") :
Ye s (. 3.20),
.
In s t a ll AOpSDomai nCon t r o l l er
Determining re p lic a tio n source
V a l i d a t i n g environment and user input
A ll test-; completed su cce ssfully

In s t a llin g new domain c o n tro lle r
Creating the WTDS S ettin gs abject fo r tfrts, Actjive D ire c to ry Domain C o n tro lle r on th e resote A l DC H o sti.B ig F irm .c o
. 3.2 0 .
DHCP
Windows Server 2003 Microsoft
Linux. ,
Linux
. netsh.
,
DHCP. n e t s h d h c p TechNet.

, .
D HCP,
, D N S -
D N S.
S er v er C ore 163
Active Directory add server.

:
netsh> dhcp
netsh dhc p>add server b f s c l . bi gfi rm. com 192.168.1.11
Adding server bfscl.bigfirm.com, 192.168.1.11
Command completed successfully.
netsh d h c p > s h o w ser ver
1 Servers were found in the direct ory service:
1 :
Server [bfscl.bigfirm.com] Address [192.168.1.11] Ds location:
n = b f s c l .bigfirm.com

n e t s h d h c p s e r v e r a d d scope.
,
, :
netsh dhcp>server
netsh d h c p se rver>add scope 192.168.1.0 2 55.255.255.0 "Branch Office 1"
"Sample DHCP scope"

netsh dhcp se rve r > s h o w scop e
Scope Ad dress - Subnet Mask - State - Scope Name - Comment
192.168.1.0 - 255.255.255.0 -Active -Branch Office 1 -Sample DHCP scope

Total No. of Scopes = 1
Co mmand completed successfully.
IP -,
D HCP, .

. D H C P
(D H C P Management Console). , ,
, IP -.
, :
1-: 192.168.1.50- 100
: 003, 192.168.1.254
D N S -: 006, 192.168.1.11
D N S: 015, b i g f i r m . c o m
netsh dhcp serv er> sco pe 1 9 2.1 68. 1.0
Changed the current scope context to 192.168.1.0 scope.
netsh dhcp server scope>add iprange 192.168.1.50 192.168.1.100
164 3

netsh dhcp server scope>set optionvalue 003 IPADDRESS 192.168.1.254
netsh dhcp server scope>set optionvalue 006 IPADDRESS 192.168.1.11
netsh dhcp server scope>set optionvalue 015 STRING b igfirm.com
netsh dhcp server s co pe> sho w o p t i o n v a l u e
Options for Scope 192.168.1.0:
DHCP Standard Options :
General Option Values:
Optionld : 51
Option Value:
Number of Option Elements = 1
Option Element Type = DWORD
Option Element Value = 691200
Optionld : 3
Option Value:
Option Element Type = IPADDRESS
Option Element Value = 192.168.1.254
Optionld : 6
Option V a l u e :
Option Element Type = IPADDRESS
Option Element Value = 192.168.1.11
Optionld : 15
Option V a l u e :
Option Element Type = S TRING
Option Element Value = b i gfi rm. com
Server Core

.

, File Server,
.
. ,

, Windows.

.

.
10 .
S er v er Core 165
D i s k P a r t .
(Disk Management Console)
.
. ,
. ,
. ,
D i s k ### li s t disk.
PS : \ W i n d o w s \ s y st em3 2>d i9k par t
Microsoft DiskPart version 6.1.7000
Copyright (C) 1999-2008 M ic ros oft Corporation.
On computer: BFSC1
DISKPART> list diak
Disk ### Status Size Free Dyn Gpt
Disk 0 Online 75 GB 55 GB
DISKPART> list volume
Volume ### Itr Label Fs Type Size Status Info
Volume 0 D GB 1SXFRE_EN UDF CD-ROM 2850 MB Healthy

Volume 1 NTFS Partition 200 M B Healthy System
Volume 2 NTFS Partition 19 GB Healthy Boot
DISKPART> select disk 0
Disk 0 is n ow the selected disk
.
. ,
10 = 10 000 .
, .
:
DISKPART> help create par ti t i o n primary
Example:
CREATE PARTITION PRIMARY SIZE=1000
rem size is in MB so 55 g b is 55000
DISKPAR7> create pa rti tio n p rim ary size=10000
DiskPart succeeded in creat ing the specified partition.
DISKPART> list partition
Partition ### Type Size Offset
Partition 1 Primary 200 3 1024 KB

Partition 2 Primary 19 GB 201 MB
* Partition 3 Primary 10 GB 20 GB
DISKPART> select partit ion 3
Partition 3 is now the selected partition.
DISKPART> assign letter=e
DiskPart s u cce ssfully a ssigned the drive letter or mo u n t point.
. -
N T FS:
166 3
DISKPART> li s t v o l u m e
Volume ### Ltr Label Fs Type Size Status Info
Volume 0 D GB1SXFRE_EN UDF CD-ROM 2850 MB Healthy

Volume 1 NTFS Partition 200 MB Healthy System
Volume 2 NTFS Partition 19 GB Healthy Boot
* Volume 3 E RAW Partition 10 GB Healthy
DISKPART> select volume 3
Volume 3 is the selected volume.
DISKPART> format fs=ntfs label="Data volume" quick
100 percent completed
DiskPart successfully formatted the volume.

sales.
PowerShell New-Item: NEW-ITEM E:\sales -type
directory.
sales Administrators ()
Full Control ( ).
Active Directory Users and Computers
( Active Directory) ,
Full Control.
,
Users () Read ().
Users sales .

%username%. ,
Active Directory Users and Computers
: W b f s c l .bigfirm. com\
users\%username%. .
,
.
%usrename% %usernam%.
? echo.
%username% ,
. echo
, :

C:\>echo %username%
Admi nis tra tor
rem
C:\>echo %uesername%
%uesername%
,
Active Directory
Users and Computers .
PowerShell,
sales. , Get-Acl,
. Format-List
. , Set-Acl,
.
sales
Get-Acl E:\sales | Format-List
Path : M i c r o s o f t . P o w e r S h e l l . C o r e X F i l e S y s t e m : ::\sales
Owner : BUILTINXAdmi nis tra tor s
Group : BFSClXNone
Access: NT A U T H ORI TY\ SYS TEM All ow FullControl
BUILTINX Adm ini str ato rs Allo w FullControl
BUILTINXUsers Allow ReadAndExecute, Synchronize
BU ILTINXUsers Allow A ppendData
BU ILTINXUsers A ll o w CreateFiles
C REATOR OWNER All o w 268435456
Audit :
Sddl : 0 : B A G : S - l - 5 - 2 1 - 4 2 0 4 4 7 1 0 8 3 - 1 189 308 523 -32 40350476-513D:
A I ( A ; O I C I I D ; F A ; ; ; S Y ) ( A ;OI CII D;F A;;;BA)(A;0ICIID;0xl200a9;
I ;B U ) (A; C U D ; L C ; ; ;BU) (A; C U D ; D C ; ; ;B U ) (A; O I C I I O I D ; G A ; ;;CO)
,
. sales
, Administrators Full Control:
$acl = Get-Acl "E:\Sales"
$Groupl = "Administrators"
$rulel = New-Obj ect S y s t e m .S e c u r i t y .A c c e s s C o n t r o l .FileSystemAccessRule
-ArgumentList @ ($Groupl,"FullControl","ContainerInherit,
Objectlnherit", "None","Allow")
$ a c l .S e t A c c e s s R u l e ( $ r u l e l )
$acl ISet-Acl
$ a c l .SetAccessRuleProtection($true, $false)
$acl ISet-Acl
sales.
, Full Control Administrators:
Path : M i c r o s o f t .P o w e r S h e l l .C o r e X F i l e S y s t e m : : :\sales
Owner : BUILTINXAdmini str ato rs
Group : BFSClXNone
Access : BUILTINX Admi nis tra tor s Allow FullControl
Audit :
Sddl : 0 : B A G :S - l - 5 -2 1- 4 2 0 4 4 7 1 0 8 3 - 1 1 8 9308523-3240350476-513D:
PA I ( A ; O I C I ; F A ; ; ;BU)

-
net share. , ,
LAN Manager. .
, .
/Unlimited ,
.
168 3
rem
E:\>net share S A L E S = e :\sales /grant:bigfirmXsales, FULL /Unlimited
Sales was shared successfully.
, .
U N C Run (); . 3.21 .

e-Print Print and Document
Services. , , .
Windows
, .
,
T C P . ,
, .

, .
Windows Server 2012
Print Management ( ),
. , .
, , Print
Management Print and Document Services (
), Print and Document Services Remote Server
Administration Tools ( )
.
Print Management
Server Core, . 3.22.
, .

Drivers () .

Windows.
, ,
. ,
. , TCP.
-, (. 3.23).
S er v er C ore 169
Print Management
Fite
Fife Action View Help
alBLfci
I Print Management Name
a S Custom Filters '#1 Drivers
t> All Printefs (7)
bfsc 1 (local)
.*- Forms
5 j] All Drivers (5j More Acbons
$ Ports
Printers N o t Ready Printers
93 Printers W ith Jobs
PrintServers
'~g b fs tl (local)
p. |^j Olivers
t> jgpi Forms
$ Ports
t> asg Printers
!i Deployed Printers
. 3.22. Print Management,

Print Management
*7 i B T i S l
| Print Management Port N... Poit Description Port Type
,;fe Custom Filters 4 ... l-ccal Port Write
t> 1* All P H ul
t> | All 0 Add Standard TCP/IP Printer Port Wizard
t> j j Prinl Available port types?
S> 3 3 Pnn( A dd port
LocalPoit For +*cb device doynu^rart to add port1
i PrintSe
A bfsc ThinPrint Print Port Monitor for VI
Enter the Printer N am e or IP address, and a port n sm e fo rth e desired device.
>
4
t* 919 Printer N a m e o rIP Address:
> Deploye
New Port Type
Poit Name:
< Baric f Ne>d? j |': Cancel } j
. 3.23. TCP
, , ,
, ,
(. 3.24).
, -
PowerShell Server Core.
- . vbs, , ,
Microsoft , PowerShell
.
170 3
A d d - P r i n t e r ,
, .
. H P 5150 (S a le s ):
PS :\> Add- Pri nte r -Name "Sales Printer" -DriverName "HP 5150"
:
PS :\> Add-P rin ter -ConnectionName \ \ b f s c l \ 1 9 2 .168.1.253
.

PowerShell:
PS :\> Add-Pr int erD riv er -Name "HP 5150"
,
. ,
, :
PS :\> Get-Pri ntC onf igu rat ion -PrinterName " HP 5150"
PrinterName ComputerName Collate Color DuplexingMode
HP 5150 True True Onesided
, C o l o r false:
PS :\> Set-Prin tCo nfi gur ati on -PrinterName "HP 5150" -Color $false
KMS
Microsoft Windows 8 Windows Server 2012
Volume Activation 3.0.
. ,
,
(Key Management Service K M S) ,
Microsoft .
Microsoft
.
Windows 8 Windows Server 2012

K M S,
. K M S,
, KM S.
.
K M S
.
TCP/IP. ,
W A N ; , -
.
, M S Microsoft ,
25 . ,
25 Windows 8. Windows Server 2012 5
Windows 8. , Windows Server 2012
Microsoft.

,
.
, 25 ,
T C P /IP ,
K M S. 25 , Microsoft
(Volume
License Multiple Activation Key ),
.
K M S
Server Core .
SRV DNS
S R V D N S .
5. MS
S R V DNS.
Windows Server 2012 Server Core BigFirm.com.
D N S B i g F i r m . c o m S R V _VLM CS.
T C P . B i g f i r m . c o m . :
: _ v l m c s ._
: SRV
:
:
: 1688
: B f s c l .bigfirm. c o m
, ,
DNS, KM S.
K M S ,
SR V DNS.
172 3
SR V ,
K M S , .
D N S , - .
K M S
. , SR V
D NS . dword
DisableDNSPublishing 1 HKEY_LOCAL_
MACHINE\SOFTWARS\Microsof t W i n d o w s NT\CurrentVersion\SL .

Windows
, Key Management Service.
:
netsh advfirewall firewall set rule group= "Ke y Management Service"
new enable=yes

, Server Core, K M S
slmgr.vbs /ipk /ato.
KMS
Volume Activation 3.0 (Windows 8 Windows Server 2012)
K M S SRV.
,
MS.
K M S :
cscript c :\w inc ows\system32\slmgr.vbs /skms b f s c l . b i g f i r m . c o m : 1688
Windows Server Backup

, Server Core.
.
,
.
. ,
,
.
, NTBackup Utility
.
Microsoft
Windows Server Backup ( Windows Server).
(Volume Shadow Copy
Service) ,
.
.
S er v er C ore 173
,
. , Microsoft
U N C
.
PowerShell,
Windows Server Backup. , Windows
Server Backup. ,
Get-WindowsFeature.
, Windows Server Backup,
get-command *wb* -commandtype cmdlet.
PS c : \Us ers \Ad min ist rat or> Ins tal l-W ind o wsF eat ure Wi ndo ws-Server-Backup
PowerShell
:
Success Restart Needed Exit Code Feature Result
True No Success {Windows Server Backup)
.

.
.
, ,
.
New-WBPolicy:
PS : \Us ers\Administrator> Ke w-W BPolicy
Schedule :
BackupTargets :
Volumes ToB ack up :
FilesSpecsToBackup :
FilesSpecsToExclude :
Co mpo nentsToBackup :
BMR : False
SystemState : False
O v e rw rit eOl dFo rma tVh d : False
VssBackupOptions : VssC opy Bac kup
New-WBPolicy,
.
Sales 9:00.
PS : \Users\Administrator> $policy = New- WBP oli cy
SfileSpec = New-WBF ile Spe c -FileSpec C:\Sales
A d d -W BFi leS pec -Policy $policy -FileSpec $filespec
Ad d-W BBa reM eta lRe cov ery $policy
$disks = Get-WBDisk
$backupLocation = New-WB Bac kup Tar get -Disk $disks[2]
Add- WBBackupTarget -Policy $policy -Target $backupLocation
Set-WBSchedule -Policy $policy 09:00
Set-WBPolicy -Policy $policy
174 3
, , PowerShell Windows
Server Backup. Windows Server
Backup http://technet.microsoft./en-us/library/
706683 .aspx.
Server Core. Windows Server 2012 Server

Core .

.
. Server Core , ,
.
. Windows Server 2012 Server Core
, ?
Server Core. Server Core
, ,
.
.
. Server Core
, .
?
?
Server Core .
Server
Core.
Active Directory Domain Services, D N S, DHCP, File Services Print and Document
Services .
.
. Active Directory Domain Services
D N S, Active Directory
Domain Services Installation Wizard (DCPromo),
?
.
Server Core. Remote Desktop,

, Server Core.

Windows. , Windows Remote Shell
.
. Windows Remote Shell
quickconfig.
?
?

Windows
Server 2012 R2
Microsoft Windows Server 2012,
, ,
.
, IFV6 Windows PowerShell
Windows Server 2012 R2, , Network Interface
Card (N IC ) Teaming ( )
(Quality of Service QoS).
BranchCache ,
802.IX , .

.
:
I Pv6;
PowerShell ;
N IC Teaming;
QoS;
.
IPv6
Windows Server 2012
6 (Internet Protocol version 6 IPv6),
,
176 4
(Transmission Control Protocol T C P)

, T C P
(Internet Protocol IPv4), TCP/IP,
.
TC P Microsoft 1990- .
Microsoft,
T C P /IP ( 4)
. Microsoft
,
, .
TCP/IP,
,
(Internet Engineering Task Force IE T F ) IPv6.
IPv6 1998 , Microsoft Windows
2000, T C P/IP
( IPv4/lPv6 IP)
Windows Vista. Microsoft
T C P
, , Windows Server 2012 .
IPv6
IPv6 ,
IPv4, .
. ,
, IPv4
IP -.
, IP -,
IPv6. IPv6 128 ,
IPv4, 32 . IPv6
,
, U L A (Unique Local Address
), .
U L A
.
. IPv6 Windows Server 2012
IPv4
IPv6 .
, ,
IP - ,
.
. IPv6 IPSec
; IPv4 .
,
IPv6
, .
W in d o w s S e r v e r 2 0 1 2 R 2 177
(Quality of Service QoS).

QoS ,
(N IC ).
Microsoft ,
1 -
. QoS
Windows Server 2012
20- Flow Label ( ) 8- Traffic Class
( ) IPv6 ,
.
IPv6
, IPv4 IPv6
, IPv6 ,
.
, : IPv4 IPv6
,

. ,
IPv6
,
IPv4.
IPv6 R F C (Request for
Comment ) 2893, Transition Mechanisms for IPv6 Hosts
and Routers ( IPv6 ).
R FC IPv4 IPv6 ,
. 4.1.
4.1. RFC 2893

IPv4 ( I Pv4) IPv6,
IPv4 , Windows
Server 2003 Windows
IPv6 ( IPv6) IPv4. -

IPv6 IPv6.
, IPv6,
IPv6
IPv6, IPv4
IPv6/IPv4 . Windows Server 2012, Windows Server 2008.
Windows 8 Windows 7
IPv4 , IPv4, IPv4 IPv6/IPv4
IPv6 , IPv6, Pv6 IPv6/IPv4
IPv6, -
IPv4.
178 4
RFC 2893 ,
I Pv6 I Pv4:
-;
- -;
-.
IPv6 Windows Server 2012

, .
IS A T A P (IS A T A P Tunnelling). -
(Intra-Site Automatic Tunnel Addressing
Protocol ISATAP) IPv6
IPv4 -,
- -,
ISATAP ISA T A P ISATAP.
D N S ISATAP,
ISATAP.
IPv6 IPv4,
.
6to4 (6to4 Tunnelling). 6to4

-, - -.
IPv6 IPv4 .
6to4, IPv6
-,
() IPv6 ,
IPv6.
Teredo (Teredo Tunneling). Teredo
-
N AT (network address translation
), .
IPv6.
Teredo
IPv6. IPv6, ISATAP
6to4 . ,
6to4 IPv4,
IPv6 , Teredo
, .
IPv6
IPv6:
h ttp : //'so cial. te ch n e t.m icro so ft. com /w iki/contents/articles/
1728.ipv6-survive1-guide. aspx
R FC 2893:
h ttp : //www.ie t f.o r g / r fc / r fc 2 893.tx t
W in d o w s S e r v e r 2 0 1 2 R 2 179

PowerShell
Windows PowerShell
Microsoft, Exchange Server, SQ L Server, SharePoint System Center,

PowerShell 4.0,
Windows PowerShell, ,
IPv6
.
, IPv6
N e t s h . e x e (Network Shell), N e t s h . e x e
IPv6 - ,
Windows PowerShell. , PowerShell,
.

PowerShell, Windows Server 2012 R2 2 500!
,
,
, IP -

(Quality of Service) . PowerShell
,
PowerShell ,
. - ,
. 4.2 PowerShell,
,
.
4.2.

BrancheCache BranchCache h t t p : / / t i n y u r l .c o m / b r a n c h e c a c h e
NetAdapter h t t p : / / t i n y u r l .c o m / w s 2 0 1 2 n e t a d a p t e r
NetConnection http://tinyurl.com/ws2012netconnectivity

Ne t L B F O h t t p : / / t i n y u r l .c o m / w s 2 0 1 2 n i c t e a m i n g

(NIC Teaming)
180 4
. 4.2

NetQos QoS h t t p : / / t i n y u r l .c o m / w s 2 0 1 2 q o s
NetSecurity h t t p : / / t i n y u r l .c o m / w s 2 0 1 2 n e t s e c u r i t y
NetSwitchTeam h t t p : / / t i n y u r l .c o m / w s 2 0 1 2 n e t s w i t c h t e a m

(Network Switch Team)
NetTCPIP TCP/IP h t t p :/ / t i n y u r l .c o m / w s 2 0 1 2 n e t t c p i p
NetworkTransition h t t p : / / t i n y u r l .c o m / w s 2 0 1 2 n e t t r a n s i t i o n
(Network Transition)
NetWNV h t t p :/ / t i n y u r l .c o m / w s 2 0 1 2 n e t w n v
Windows (Windows
Network Virtualization)
?
, , ,
Windows Server 2012 R2, T e s t - N e t C o n n e c t i o n .
,
ping. T e s t - N e t C o n n e c t i o n ,
Microsoft (i n t e r n e t b e a c o n .
m s e d g e . n e t ) , LP-, -
PingReplyDetails (Round Trip Time (RTT)
). ,
,
.
- C o m p u t e r N a m e
, :
Test-NetCo nne cti on - ComputerName Host2
:
PS : \Windows\system32> t es t-n etc onn ect ion -computername Host2
ComputerName : Host2
RemoteAddress : 192.168.0.200
InterfaceAlias : Ethernet
SourceAddress : 192.168.0.100
PingSucceeded : True
PingReplyDetails (RTT) : 0 ms
Microsoft NIC Teaming

N IC Teaming

.
, N IC ,
.
W in d o w s S e r v e r 2 0 1 2 R2 181
Windows Server N IC Teaming
, HP, Intel Dell,
.
, N IC Teaming,
Microsoft
,
N IC Teaming Microsoft. Windows
Server 2012 R2 N IC Teaming
, .
N IC Teaming Windows Server 2012 R2 ,
N IC .
NIC Team ing W indows Server 2012 R2

,

- . Windows Server 2012 R2
N IC
Teaming,
(load balancing and failover LB FO ).
- ( )
. N IC Teaming,
,
.
,
.
N IC Teaming
,
. ,
I /, N IC , ,
3 /.
N IC Teaming ,
,
, - , ,
, Microsoft.
NIC
N IC Teaming Windows Server 2012 R2
.
(Static).
, ,
N IC Teaming. N IC
, , N IC
,
(. 4.1).
182 4
, (Switch Independent).
, ,
. ,
,
,
.
,
, .. ,
N IC Teaming, Windows Server 2012.
, , . 4.2.
LA C P. , L A C P (Link Aggregation
Control Protocol )
LACP.

N IC ,
. ,
, .
. 4.1. ,
. 4.2. ,

, , ,
N IC . Windows Server 2012 R2
.
W in d o w s S e r v e r 2 0 1 2 R 2 183
(Address Hash).
, ,
, IP - -
. N 1C ,
.
Hyper-V (Hyper-V Port).
N IC Hyper-V (
).
, Hyper-V,
. ,
N IC ,
Hyper-V,
.
(Dynamic). ,
Windows Server 2012 R2. .

N IC (flow-
let),
.
, N IC
,
,
N IC . Windows Server 2012 R2
32 ,
. ,
, : N IC
V LA N ,
N IC .
N IC . N IC
Teaming ,
N IC .
Microsoft ,
N IC
.
N IC. N IC
Ethernet
Windows (Windows Hardware
Qualification Loop test). N IC
:
W LAN
Bluetooth
W W AN
Infiniband
184 4
NIC . N 1C
(
), ,
NIC
(, 1 /). N 1C
, , , I /, 100 /,
,
.
NIC Teaming
N I C Teaming Windows Server 2012

, M VP Hyper-V :
h t t p ://www.aidanfinn.com/?p=13984
Whats New in Windows Server 2012
R.2 Networking ( Windows Server 2012 R2 ),
TechEd North America 2013, Microsoft:
h t t p :/ /channel9 . m sdn.com/Events/TechEd/NorthAmeric a/2 013/MDC-B216
NIC
N IC Windows Server 2012 R2
.
,
PowerShell.
. N IC
.
1. Windows Server 2012 ,
, (Server
Manager).
2. Local Server ( )
, , N IC Teaming
(Disabled), . 4.3.
Se rv e r M a n a g e r
(^ ) Server M anager Local Server -
5 P R O P E R T IE S
ISS Dashboard For LabServer
j Local Se rver
Computer name LabServer Last inst
l i All Servers Workgroup WORKGROUP Window
Sft ADCS Last che
|1 ADDS
I I DHCP Windows Firewall Public: On Window
Remote management Enabled Customi
& DNS
_ Remote Desktop Enabled IE Enhar
E File and Storage Services >
NIC Teaming | Disabled | Time zoi
I IIS EthernetO IPv4 address assigned by DHCP, IPv6 enabled Product
NAP
A , Prin t Com irac
. 4.: 3. NIC Teaming

W in d o w s S e r v e r 2 0 1 2 R 2 185
3. Disabled () NIC Teaming,
NIC Teaming (. 4.4).
NIC Teaming l- l l
= _ SERVERS
I All Servers 11 total I TASKS "!
Server Type Operating System Version
LABSERVER Online Microsoft Windows Server 2012 R2 Datacenter 0
All Teams | 0 total | TASKS TASKS
Team Status Teaming M ode Load Balancing Adapters Network Adapters | Team Interfaces |
Adapter Speed State Reason
A v a ila b le t o b e a d d e d t o a te a m (1)
EthemetO 1 Gbps
. 4.4. NIC Teaming
4. Adapters and Interfaces ( )

NIC Teaming, ,
, <Ctrl>.
5.
Add to New Team ( ),
. 4.5.
AD A PT ER S A N D INTERFACES
I TASKS
Team Interfaces |
Adapter Speed State Reason
* A v ailab le to be a d d ed to a team (3)
Add to New Team
Add to Selected Team
Disable
Properties
. 4.5.
6. New Team ( ),
Team Name ( )
, , ,
Member Adapters (-).
. 4.6 , Additional Properties (
)
( Teaming mode Load balancing mode ).
186 4
NIC Teaming *
New team
T eam nam e:
T eam l
M e m b e r adapters:
--- ---
In T eam A d a p te r Speed Sta te R eason
0 EthernetO 1 Gbps
0 E th e rn e tl 1 Gbps
U E th ern et2 1 Gbps
v A d d itio n a l prop ertie s
_____O K ___ jI C a nce l |
. 4.6. New Team
7. ,
( ),
V LA N ( ).
8. , N IC .
,
Teams () NIC Teaming (. 4.7).
NIC Team ing 1- I x
= _ SER VERS
H i All Servers 11 total | TASKS
Name Status Server Type Operating System Version Teams
LABSERVER Online Physical Microsoft Windows Server 2012 R2 Datacenter 1
T EA M S AD A PTER S A N D INTERFACES
. 4 .7 . NIC
W in d o w s S e r v e r 2 0 1 2 R2 187
Network Connections ( )
, , N IC ,
, ,
. . 4.8 20 /, ..
.
NIC
N IC Teaming Hyper-V,
, , -, N IC
NIC, . N IC
Hyper-V. -,
N IC
-,
. , ,
Hyper-V Hyper-V,
, N IC Teaming,
. PowerShell,
:
Set-VMNetworkAdapter -VMName < > -AllowTeaming On
N IC
PowerShell, ( N IC
,
).
1. PowerShell ,
, (
):
New-NetLbfoTeam Teaml NIC3,NIC4
188 4
2. Y <Enter>,
.
. 4.9 , PowerShell
N IC .
Administrator: Windows PowerShell I~ I I x
Windows P o w e rS h e
C o p y rig h t (C ) 2013 M ic r o s o f t C o r p o r a t i o n . A ll r ig h ts re serve d .
* P S C :\W in d o w s \s y s tem 3 2 > N ew -N etLbfoTeam T ea m l E t h e r n e t l , E t h e r n e t 2
o n fir m
A re y o u s u r e y o u w a n t t o p e r fo r m t h i s a c t i o n ?
r e a t e s T e a m :'T e a m l w i t h Team Mem bers: { ' E t h e r n e t l ' , ' E t h e r n e t 2 , T e a m N icN a m e:'
and L o a d B a la n c i n g A lg o r i th m : ' Dynami ' .
[Y ] Yes [A ] Yes t o A l l [N ] No [ L ] No t o A l l [S ] S u sp en d [? ] H e lp (d e fa u lt is
ame T eam l
lem bers { E t h e r n e t l, E th e rn e t2 }
eamNi cs T eam l
eami ngMode S w itc h ln d e p e n d e n t
L o a d B a la n c in g A lg o r it h m : D ynam ic
. 4.9. NIC PowerShell

.

Windows Server 2012, .
, N IC
Teaming, Windows Server 2012,
. ,

. ,
N IC Teaming Windows Server 2012 ,
. NIC Teaming

, Microsoft N IC Teaming, NIC
. , ,
N IC Teaming, .

, .
, ,
N IC Teaming. Microsoft
Windows Server 2012 TechNet .

.
,
.
W in d o w s S e r v e r 2 0 1 2 R2 189

, ,
.
1. . ,
.
2. Windows PowerShell:
Get-NetLbfoTeam I R emove-NetLbfoTeam
3.
.
4. .
Microsoft
. -
, ,
.
,
Microsoft .
, TechNet,
N IC Teaming NIC Windows
Server 2012, .

(Quality o f Service QoS)
Microsoft ,
, ,
.
,
.
\bice over IP (\ )
(line-of-business LO B) ,
, .
, QoS Windows, (
, , ),
, QoS.
, QoS, ,
QoS, ,
, , .
QoS
QoS Windows Server 2012,
, .
QoS , ,
-
Hyper-V.
190 4
Minimum B andw idth

QoS
,
,
.
.
QoS
,
,
.
QoS Windows Server 2012
Minimum Bandwidth (
). ,
,
.
Microsoft QoS
Minimum Bandwidth,
: http://tinyurl.com/ws2012qosmb.
M in im u m B a n d w id t h
Microsoft , Minimum Bandwidth
Ethernet 1 /, 10 /.
QoS .
Data C enter Bridging

(Data Center Bridging D C B )

.
, SAN, \
(L A N )
. D C B
( ) QoS .
, D C B,
,
DCB.

. D CB

,
,
.
W in d o w s S e r v e r 2 0 1 2 R2 191
DCB
D C B W M I (Windows Management
Instrumentation Windows) PowerShell ,
Data Center Bridging Windows Server 2012.
D C B
.
1. Windows Server 2012,
, .
2. Configure This Local Server (
) Add Roles and Features (
) Next () Before You
Begin ( ) (Add
Roles and Features Wizard).
3. Role-Based or Feature-Based installation (
) Next.
4. Select Destination Server ( )
Select a Server from the Server Pool (
).
5. , Server Pool ( )
Next.
6. Select Server Roles ( )
Next, .
7. Select features ( )
Data Center Bridging ( ),
. 4.10, Next.
DESTINATION SERVER
Select one or more features to install on the selected server.

Before You Begin
Server Selection Data Center Bridging (DCB) is a suite

BitLocker Network Unlock of IEEE standards that are used to
Server Roles
[ I ] BranchCache enhance Ethernet local area
networks by providing hardware-
Client for NFS
based bandwidth guarantees and
transport reliability. Use DCB to help
Direct Play enforce bandwidth allocation on a
Converged Network Adapter for
Enhanced Storage
offloaded storage traffic such as
Failover Clustering Internet Small Computer System
1^1 Group Policy Management (Installed) Interface, RDMA over Converged
Ethernet, and Fibre Channel over
IIS Hostable Web Core
Ethernet
0 Internet Printing Client
1 I IP Address Management (IPAM) Server
iSNS Server service
LPR Port Monitor
in T>
| < Previous | P Next > I Install | Cancel |
. 4 .1 0 . Data Center Bridging

192 4
8. Confirm Installation Selections (

) Install (),
DCB,
, D C B , -
PowerShell, . 4.3.
4.3. PowerShell DCB

Get-NetQosFlowControl
(priority-based flow control PFC)
Set-NetQosFlowControl
Enable-NetQosFlowControl
IEEE 802.1
Disable-NetQosFlowControl
IEEE 802.1
Get-NetQosDcbxSetting
(data center bridging exchange DCBX)
Set-NetQosDcbxSetting DCBX
Get-NetQosTrafficClass
New-NetQosTrafficClass
Set-NetQosTrafficClass
Remove-NetQosTrafficClass
, D C B
PowerShell,
Windows PowerShell D C B ( D C B Windows PowerShell User Scripting Guide ):
htt p : // t i n y u r l .com/ws 2 0 1 2 d c b .
Minimum B a n d w id th DCB ?
Minimum Bandwidth DCB
,
, ,
. ,
Minimum Bandwidth DCB ,
,
.
H y p e r-v QoS
QoS Hyper-V
, ,
(service-level agreement
SLA) . Hyper-V QoS

.
W in d o w s S e r v e r 2 0 1 2 R 2 193
Microsoft Hyper-V QoS.

,
Hyper-V.

Hyper-V -
PowerShell, Windows Management Instrumentation.
Hyper-V
QoS .
Hyper-V QoS ,
DCB,
Hyper-V ( , )
S L A
, .
,
Ethernet 10 /.
QoS
(Group Policy) QoS
:
;
IP - ;
TCP, U D P;
Active Directory.
D SC P (Differentiated Services
Code Point ). T C P
0 63 TOS (Type of Service )
T C P IPv4. ,
Traffic Class ( ) IPv6.
D S C P , .
DSCP,
,
.
QoS
, Active
Directory, QoS ,
, .
QoS ,
, , ,
QoS. . 4.11
Policy-based QoS (Q oS ) Computer
Configuration ( ) Local Computer Policy (
).
194 4
. -
FHe Action view Hdp LO B,
, -
configuration , . ,
Software Settings - 3299, Active Directory
3 Windows Settinqs
> Name Resolution Policy
Scripts (startup/shutdown) .
> 55 Deployed Printers _ _ _ _ _
I>^ Security Settings , - 3299 -
> 4 jP o ! ic y ^ qos , -
> |7_] Administrative Templates *'
* jj, userconfiguration D S C P -
I w i^d o w 's^ m gl , 60.
> Administrative Templates - 3299, -
-
. 4.11. Policy- .
based QoS - IPv4 IPv6 -
_
, .
QoS .
Windows Server 2008 R2/R1, Windows 8, Windows 7 Windows Vista.
Active Directory,
Group Policy.
, ,
D S C P (. R FC 2474
h ttp ://tin y u rl.co m /n b 8 5 2 k ).
,
QoS. ,
, QoS, , QoS
! ,
.
, , ,
W AN . QoS
.
,
.
,
802.1 X
802.IX
(Institute of Electrical and Electronics
Engineers (IE E E ) Standards Association)
, (LA N )
(W LA N ) .
,
, .
W in d o w s S e r v e r 2 0 1 2 R 2 195
802.IX
Microsoft, Windows 2000, Windows Server 2012
, .

(Extensible Authentication Protocol ( ) Tunneled Transport Layer
Security (TT LS)), - EAP-TTLS.
EAP-TTLS ,
.

,
.
802.1 h t t p : / / t i n y u r l . /
8021w ire d h t t p : / / t i n y u r l . com /8 0 2 1w ireless.
BranchCache
Windows Server 2012 R2 BranchCache
W AN
, .
, BranchCache
() ,
, .

.
,
, WAN.
BranchCache .
(Distributed Cache). BranchCache
, -
. ,
,
, . ,

,
.
(Hosted Cache).
.
,
,
,
.
BranchCache Windows
Server, Windows Server 2012 .
Windows.
Windows Server 2012
196 4
, BranchCache
12.
.

BranchCache ,
.
.
BranchCache Hosted Cache,
,
BranchCache.
Active Directory.
, BranchCache,
Active
Directory (Active Directory Group Policy object (G PO )),
, .
. Active
Directory Group Policy
Distributed Cache
. ,
,
Hosted Cache,

. BranchCache , ,
,
,
.
.
.
,
.
PowerShell W M I.
BranchCache PowerShell
W M I.
BranchCache Hosted Cache Windows
Server 2012 R2,
.
.

. Windows Server 2012 ( )
Hosted Cache,
,
.
W in d o w s S e r v e r 2 0 1 2 R 2 197
. BranchCache
Extensible Storage Engine (E S E ),
,
. ,
Microsoft Exchange Server,
.

. ,
. 30 ( 2)
.
, ,
, , ,
. 4.4.
4.4.

, . ,

. ,
,
. ,
, .
,
/ . ,
,
,
.
,
(Receive Segment Coalescing RSC),
,
RSC. R SC

.
A P I -.
A P I - (Registered I/O R IO )
,
. R IO

,
198 4
. R IO
, , .
.
(Receive-Side Scaling RSS) -
,
, ,
TCP, .
(
10 /), .
RSS ,

. , RSS,
, RSS.

,
P e r f m o n . e x e ,
Windows Server 2012 R2, ,
, (. 4.5).
4.5. ,

IPv4, IPv6 Datagrams Received/sec ( /)
Datagrams Sent/sec ( /)
TCPv4, TCPv6 Segments Received/sec ( /)
Segments Sent/sec ( /)
Segments Retransmitted/sec (
/)
Network Interface Network Bytes Received/sec ( /)

Adapter ( Bytes Sent/sec ( /)
)
Packets Received/sec ( /)
Packets Sent/sec ( /)
Output Queue Length ( )
Processor Information % Processor Time (% )
( Interrupts/sec (/)
)
DPCs Queued/sec (
/)
Network Interface Network Packets Received Discarded (
Adapter ( )
) Packets Received Errors (
)
Packets Outbound Discarded (
)
Packets Outbound Errors (
)
W in d o w s S e r v e r 2 0 1 2 R 2 199
. 4.5

WFPv4, WFFV6 Packets Discarded/sec ( /)

UDPv4, UDFV6 Datagrams Received Errors (

)
TCFV4, TCPv6 Connections Failures ( )

Connections Reset ( )
Network QoS Policy Packets Dropped ( )

( QoS )
Per Processor Network Low Resource Received Indications/sec

Interface Card Activity ( /)
( Low Resource Received Packets/sec
( /)
)
Microsoft Winsock BSP Dropped Datagrams ( )

Dropped Datagrams/sec
( /)
Rejected Connections ( )
Rejected Connections/sec
( /)
Network Adapter ( RSC performance TCP Active RSC Connections (

) TCP RSC)
TCP RSC Average Packet Size (
TCP RSC)
TCP RSC Coalesced Packets/sec (
TCP RSC/c)
TCP RSC Exceptions/sec ( TCP RSC/c)
Server P erform ance Advisor

- , Perfm on. ,
,
Microsoft (Microsoft Server Performance Advisor SPA); 3.0
h ttp :/ / tin y u r l.c o m / w s 2 0 1 2 s p a ( Windows
Live ID ).
.
SPA
.
, ,
, , ,
W M I, Windows (Event Tracing
for Windows ETW).
SPA
.
200 4
SPA 3.0 Windows Server 2012

,
100 .

.
SPA 3.0
Server Performance Advisor 3.0
100 .
,

(System Center 2012 R2 Operations Manager).
SPA .
SPA 3.0, ,
:
.N E T Framework 4
S Q L Server 2008 R2 Express
,
, SPA 3.0
1. , S P A P l u s _ a m d 6 4 . cab
.
. c a b
W inRAR ( r a r l a b . c o m ) WinZip ( w i nzip.com). ,
Windows

SPA 3.0.
2. , ,
S p a C o n s o l e . e x e ,
Run as administrator ( ),
. 4.12.
Name Date modified
APs 8/10/20154:35 PM
ds Q AdvisorPackSchema.xsd 10/29/2013 9:05 A M
laces Q DataCollectorSchema.xsd 8/29/2013 10:50 A M
Q EventFilterSchema.xsd 8/29/2013 10:50 A M

Q eventman.xsd 8/29/2013 10:50 A M
Q powershell.exe.activation_config 8/29/2013 10:50 A M
RegisterSpaCmdlets 8/29/2013 10:50 A M
] SpaCmdlets.dll 11/12/2013 10:30...

8/29/2013 10:50 A M
jO S p a C o n s o le P en
L i SpaConsole.i Run as administrator
@ SpaCore.dll Troubleshoot compal
SPAPowerSh Pin to Start
. 4 .1 2 . SPA
W in d o w s S e r v e r 2 0 1 2 R 2 201
3. Server
Performance Advisor License Agreement (
SPA) Next ().
4. Server Performance Advisor (
) File () New Project ( ),
. 4.13.
Zj Server Performance Advisor 3.1 [Disconnected] (Administrator) I~ Ia x

File | View Configuration Help Search I
New Project- Analysis Result Current Status I
Open Project-
Close Prqject
Run Analysis...
Remove Recurrence
Open Report File...
Exit
. 4.13.
5. (New Project Wizard)

Next.
6. Create Project Database ( )
SQ L Server SQ L,
SPA. Next.
7. Add Servers ( ) ,
SPA.
8. ,
, Finish (),
(. 4.14).
. 4 .1 4 .
202 4
9. Server Performance Advisor

File () Run Analysis ( ),
.
10. , ,
, , Core OS, Hyper-V IIS,

11.
Report Viewer ( ), . 4.15.
Report Viewer
Find; , Match case
[ M ic r o s o ft C o r e O S A d v is o r P a c k
2
2/2013 10540 60iecomis
Notifications . Sye.n Overview j CPU j Memory j Disk VO j Net*orktfQ!
V W arning*
Virtualized Environment
i A
This OS is runrung in s virtualized environment,
RnnoiiTKwiitim :
Be av.aie that most o<the Generic OS Advisor Pack rules may not apply (or OS running in a virtualized environment
, ' O th er N o Jiflc a tio m
No issue found
Recommendation:
No Recommendation
Kis issue found.

Recommendation:
No Rtcom-nendeticn.
No issue found.
Recommendation:
No Recommenriabcn.
. 4.15.
IPv6. IPv4 IPv6

, IPv6 ,
.
, IPv4 IPv6
,
.
.
IPv6?
) ISATAP
) DirectAccess
) 6to4
) Teredo
PowerShell . Windows Server 2012 R2
2 500 PowerShell,
,
, .
W in d o w s S e r v e r 2 0 1 2 R 2 203
, IP -
Quality of
Service .
. , Windows Ser
ver 2012 R2,
ping?
NIC Teaming.
,
- .
N IC Teaming
- ( )
.
. N IC
PowerShell, ?
QoS. (Quality of Service
QoS) ,
,
.
\bice over IP (\ )
(line-of-business LO B) ,
, .
. QoS

, .
,
. QoS Windows
Server 2012 R2 , ?
.
.
.
( .)
) Ipconfig.exe
) P e r f m o n .
) D f s r m o n . e x e
) Server Performance Advisor
)Networkview.exe

IP Address Management
DHCP Failover

, IPv6, ,

I P -. Windows
Server 2012 IP Address Management
( I P -), IPA M , D H C P Failover ( D H C P).
D N S
DHCP, (, ,
), I -.
:
IPAM ;
IPA M ;
IPA M System Center 2012;
IPA M ;
D H C P Failover.
IPAM
IP Address Management ,
, I P -.
( ) Windows
Server 2012,
D N S DHCP.
206 5
Microsoft IPA M .
/ ,
, ,
I P - .
I IP -
.

,
? , ,
IP -, .
,
, ( ) 1-
.
IP -
DNS.
D H C P ,
.
,
, .
DHCP,
DHCP,
W IN S - .

DNS D H C P , ,
.
IPA M ,
IPv4 IPv6.
IP -, IPA M . ,
, ,
IP - .
IPA M ,
D N S, Domain Controller ( )
D H C P .
N PS (Network Policy Server )
, I ,
,
IPAM. . 5.1 IPA M ,
.
IPAM
,
,
, IPA M ,
.
IP A d d r e s s M a n a g e m e n t D H C P F a il o v e r 207
. 5.1. IPAM
Windows Server
IPA M Windows Server 2012,
, Windows
Server 2012 ( ) Standard Datacenter. IPA M
DHCP, D N S Domain Controller
(DC) Windows Server 2008 . ,
Windows Server 2003 Windows Server 2000,
.
Active Directory
IPA M Active Directory; IPA M ,
, . IPA M
Active Directory,
,
IPA M . , ,
; , Active Directory,
I .
IPAM DHCP?
, .
I , ,
Active Directory Services Domain Controller,
. IPAM
, ,
. , IPAM
DHCP, 1 DHCP
.
208 5
DHCP DNS
D H C P D N S, IPA M ,
.
D H C P D N S Active Directory.
1 150 D H C P
6 DHCP.
IPA M 500 D N S 150
DNS.

1
. ,
1.
, Microsoft ,
,
1 .
IP -, -
/ 100 000 .
, , Microsoft
. ,
IPA M , .
1 Windows Server 2012 ( R2)
Windows Internal Database ( Windows).
.
, 1 Windows Server 2012 R2
Windows Internal Database, SQ L 2008
R2/SQL 2012. SQ L ,
1, .

, IPAM
(1P v4/1Pv 6),
,
.
, Microsoft (
NetBIO S Name Service ( NetBIO S), D H C P
-).
W IN S Microsoft
NetBIOS, IPA M .
IP -
IPAM , IPv4,
IPv6 .
IPv6 ;
IPv4.
IP A d d ress M an ag e m e n t DHCP F a ilo v e r 209
I IP - ,
DHCP,
.
IPAM
IPA M ,

IP -. Multi-Server Management and
Monitoring ( ), Address Space Management
( ) Network Auditing ( ).
,
, IPA M , ,
.
Multi-Server Management and Monitoring

Multi-Server Management and Monitoring IPA M
D H C P DNS,
,
.
, - D H C P D N S .

D H C P DNS.
,
D H C P DNS.
Address Space Management

Address Space Management (A SM ) IPAM
IP - .
,
IPv4 .
A SM ,
(
) ( )
IP -.
ASM IPA M
IP - ,
- DHCP, D N S D H C P
I P - . . 5.2
I P - .
Network Auditing
Network Auditing IPA M Windows
D H C P
D HCP, .
IPA M , DHCP,
DC N PS, ,
IP -. ,
210 5
, ,
, .
Details View
192.168.1.0/24
C o n fig uration Details Uiifeation Trend Ev e n t Catalog
1D ID
1 6 1Y 2V 5Y Frorr> I Se le c t a d a te j j f j j T o | Se le c t a d a te Q s i j Apply
IP A d d res s R a n g e util iz ation tre n d grap h : 1 M o n th
100%-'-
20%-p
c0%-
40%-
23% - L
m -
. 5.2. ASM

1 IP -
,
. . 5.1.
5.1. IPAM

IPAM
I.
IPAM
IPAM

IPAM
I
IPAM
, , IPA M ,
.
, I P - (DC,
D N S, D H C P ..), , , ,
, ,
(
B i g f i r m . c o m ) , IPAM .
, IPAM .
1. IPA M Server
(Add Roles and Features Wizard).
2. IPA M ,
(Group Policy).
3. D H C P D N S ().
4. D H C P DNS.
5. .
6. D H C P DNS.
7. IPA M Client .
IPAM Server
IPAM .
1. Windows Server 2012 R2,
, ,
. (Server Manager)
Local Server ( ) Add roles and
features ( ).
2. Before you begin ( ) Next
().
3. Select Installation ( ) ,
Role-Based or Feature-Based installation (
), Next.
), , Server Pool
( ), Next.
5. Select Server Roles ( ) ,
Next, .
6. Select Features ( ),
Features (), IP Address
Management (IPAM) Server ( IP - (IP A M )),
(. 5.3).
, Group
Policy Management ( ) Windows Internal
Database ( Windows);
Add Features ( ).
Next.
) Install
(), IPAM .
8. Close ()
.
212 5
DESTINATION SERVER
e features to install on the selected server.

Before You Begin
Installation Type Description
Server Selection U ien t to r n i - IP Address Management (IPAM)

Server Roles Server provides a central framework
0 Data Center Bridging (Installed)
for managing your IP address space
Direct Play
and corresponding infrastructure
Enhanced Storage servers such as DHCP and DNS.
IPAM supports automated discovery
Failover Clustering
of infrastructure servers in an Active
0 Group Policy Management (Installed)
Directory forest IPAM allows you to
IIS Hostable Web Core manage your dynamic and static
IPv4 and IPv6 address space, tracks
IP address utilization trends, and
_ Internet Printing Client
supports monitoring and
0 management of DNS and DHCP
services on your network.
iSNS Server service
LPR Port Monitor
Management OData IIS Extension
0 Media Foundation (Installed)

t> Messaoe Oueuina
he:
| Install | | Cancel |
. 5.3. IPAM
P o w e rS h e ll
IP A M
IPAM PowerShell,
.
1. Windows PowerShell
,
Run As Administrator ( ).
.
2. <Enter>:
Install-WindowsFeature IPAM -IncludeManagementTools
IPAM Client
IPA M Client IPA M ,
IPA M Server,
IPA M . IPA M Client ,
IPA M ,
(Remote Server Administration Tools RSAT).
IPA M Client Windows Server 2012
.
1. Windows Server 2012, ,
, .
(Server Manager)
Local Server ( ) Add roles and features
( ).
2. Before you begin ( ) Next
().
IP A d d ress M anag e m e n t DHCP F a ilo v e r 213
3. Select Installation Type ( ) ,
), Next.
), , Server Pool
( ), Next.
5. Select Server Roles ( ) ,
Next, .
6. Select Features ( ),
Remote Server Administration Tools (
) Feature Administration Tools (
).
7. IP Address Management (IPAM) Client
( IP - (IP A M )) Next.
8.
, Group Policy Management
( ) Windows Internal Database (
Windows), Add Features (
). Next.
) Install
(), IPAM .
10. Close ()
.
IPAM
IPA M IP -
. ,
IPA M : Active Directory
(Active Directory Group Policy). ( )
,
. ,
, Active Directory.
Active Directory ,
, 7, .
1. , IPA M , .
IPAM ,
. 5.4.
IPAM
IPAM Overview ( 1),
IPAM . : Quick Start ( ).
Actions () Learn More ( ).
214 5
W E L C O M E T O S E R V ER M A N A G E R
ISS D a s h b o a rd
j Local Server
i All Servers
Con'
#8 AD CS
i|i A D D S QUICK START
t l DHCP 2 A(
S DNS
3 A<
* i File and Storage Services t>
WHAT'S NEW
I IIS 4 Cr
8 IPAM l>
. 5.4. IPAM
2. Quick Start, ,
IPA M ,
(. 5.5).
- 1
?) - Server Manager IPAM - OVERVIEW I Took View Help
IP AM SERVER TASKS
1 Connect to IPAM server 4 Start server discovery
2 Provision the IPAM server 5 Select or add servers to manage and \-
3 Configure server discovery 6 Retrieve data from managed servers
LEARN MORE
MAN AG ED NETWORK CONFIGURATION SUM MARY
IPAMServer Name; labseiver !> | IPAMCommunicationSettings
ManagedDomains:
V
. 5.5. IPAM
3. Provision the IPAM server ( IPA M )

Quick Start, IPA M (Provision
IPAM Wizard).
4. Before you begin ( )
Next ().
Configure Database ( ),
IPA M Windows
Internal Database, Microsoft SQ L Server.
Windows Internal Database Next.
5. Select provisioning method ( ),
. 5.6, Manual ()
Group Policy Based ( ).
.
Provision IPAM I~ l I x I
Select provisioning method
Managed servers must be configured with settings that allow IPAM to access remote management
Before you begin
functions and event information.
Configure database
Select a provisioning method for managed servers:
Select provisioning method]
Manual
Summary
The manual provisioning method requires that you configure the required network shares,
security groups, and firewall rules manually on each managed server.
(D Group Policy Based

The Group Policy based provisioning method requires Group Policy Objects (GPO) to be
created in each domain that you manage with this IPAM server. IPAM will automatically
configure settings on managed servers by adding the server to appropriate GPO. This can be
especially useful in a large network with many managed servers. GPOs that you create must
follow naming conventions used by IPAM, however you can customize the GPO name with a
prefix of your choice. The GPO name prefix you specify should be unique for each IPAM server
in the Active Directory forest.
' GPO name prefix: IPAMBF)
0 You can create GPOs in each IPAM managed domain using the Invoke-lpamGpoProvisiong IPAI
Windows PowerShell cmdlet
Learn more about access provisioning on managed servers
| < revious | | Next > | [ Apply | Cancel |
. 5.6.
G P O
Next.
6. Summary ()
G PO ,
DHCP, D N S N PS. ,
Apply ()! Apply
,
, IPAM .
, Apply.
7. IPA M
Close (), .

, IPAM Overview
,
DC, D N S h DHCP.
1. IPAM Overview Quick Start ( )
Configure Server Discovery (
).
Configure Server Discovery (
)
Select Domains to Discover ( ).
2. Add (),
DC, D N S D H C P (. 5.7).
3. ,
IPAM Overview.
216 5
Select the server roles to discover
Domain Domain controller DHCP serve DNS server

(root domain) Bigfifm.com I a l I a
(~ Remove. |
1 for Group Policy based provisioning, create the GPOs for each domain ir, the 1st using the
W indows PowerSbefl cmdiet "Invofce-lpemGpoProvisioning* on IPA M server.
team more abotrt group policy based provisioning,
Details of server discovery schedule ---------------------------------------- -----
Next scheduled run tim e 27/03/2013 2&59
I Discovery schedule can be changed by editing VMicrosoflVWindowsVJPAM

NServerDiscovery located in the Task Scheduler on the IPAM server with administrator
privileges.
|
:
. 5.7.

,
, IPA M .
, Start Server
Discovery ( ) Quick Start
IPAM Overview. IPA M ServerDiscovery.
,
Information () ; . 5.8
Task Details ( ).
Task Details and Notifications

Ail Tasks | I total
Fitter p * @ * V
Status Task Name Stage Message Action
IPAM Serverf> saw ery task Complete Discovered serve** are based on: 26/03/2013 23:39:50. New data cofecti 5is O. .
M
I<1 .... . :>i
Status Notification Time Stamp
. 5 .8 . ServerDiscovery

, IPA M .
Select or Add Servers to Manage and Verify IPAM Access (
IP A M )
Quick Start. , IPv4
, , IPAM Access
Status ( IPA M ) Blocked (),
Manageability Status ( ) Unspecified
( ), . 5.9.
IP v 4 , ~ ~ 3
tJV4 | .! TASKS -
R ite- P (i) (S )
Recommended Action Manageability Status IPAM Access Status Server f-iarrte DNS Suffix Dcmasn Name Server Status Se
I .Jjk Set Manageability Status Unspecified Blocked 8F2 Bigfirm.com bigfirm.cem , N o change Du
t, SetMarvagesbility Status Unspecified Blocked 8F1 Bigfirm.com bigfirm.com N o change DCj
. 5.9.
; ,
G P O invoke-
IpamGpoProvisioning PowerShell. .
1. , IPA M
.
2. Windows PowerShell
Run as Administrator ( ) ,
.
3. <Enter> (
):
I nv oke-IpamGpoProvisioning -Domain Bigfirm.com -GpoPrefixName IPAMBF
-DelegatedGpouser administrator -IpamServerFqdn BF-IPAMl.bigfirm.com
4. , Y (. 5.10).
Administrator: Windows PowerShell

G p o P r e f ix N a r o e 1 PftnbJ

I-
. 5.10. IPAM GPO
218 5
5. .
, G PO , Group Policy Management
( ) Tools ()
( IPAM).
IPA M G P O (. 5.11).
S ' :v Group Policy Management - -

^ File Action View Window Help
; $ j 1 0 is j
a Group Poficy Management B ig ftrm .c o m
5* Forest Bigfifm.com
Linked Group Policy Objects j Group Prtcy Inheritance [Delegation j
4 -,J4 Domains
S a -j^ Bsgfirmxom
Tbtseage showsthe status of Active Diredoiy and SYSVOL {DFSRjrepSc^cn for ibis
jgf Default Domain Policy damasi as It relaissto Ctoud Pobcy
IPAM8F.DC.NPS
g f IPAM9F_DHCP
IPAMBF.DNS Status Details
b Domain ContraOe/s BF1 the basefcne domar c a t e t e f orthottofrain Change
t>3? Goup Policy Objects
fto Hrastnjrfige StMis r i e s d s t a f o r tHsdoman

I> StarterGPOs
t>LR| Sites Ock the Detect Mow button below to Bather- a-feastructure aS of fba domain
Group Poiicy Modeling cortroflers in tHsdonSn
Group Poitcy Results
| Detect Now j
. 5.11. IPAM GPO
G PO , ,
IPA M , Active Direc
tory .
6. , IPAM Overview
Server Inventory ( )
.
,
. 5.9 , Unspecified.
7. ,
, Edit Server ( ).
8. Add or Edit Server (
) Manageability Status
( ) Managed (),
. 5.12; .
9. 6-8 , .
Managed,
, Active Directory
( 15 ),
gpupdate / fo rce PowerShell.
10. G P O ,
Server Inventory IPAM Overview 1.
IP A d d ress M anag em ent DHCP F a ilo v e r 219
AddorEditSetver
Provide server detaits and other custom field mapptr*3 details:
Basic configurations

! Field Value
* Server name (FQ D N ) BF1.8igfimi.com Verify
* IP address 192.168.1.51
* Server type 0 DC
0 D NS server
0 DHCPserver
N PS server
Unspecified
Manageability status
H
Owner Unspecified
Unmanaged
h Descrtp
' t'io n _______ __________________
Managed
V
Custom Configurations
OK . j | Cancel j
. 5.12.
11. Managed
Refresh Server Access Status (
).

IPA M
GPO .
12. , Refresh IPv4
( IPv4) ; IPA M
Unblocked (),
. 5.13.
IPAM > SH R V ER IN V K N T O R Y IPv4 (3) |

IPv4
IPv4 j 2 ;ota: _ ; tasks - I
P 3) $ ( '
) ADORISS SPACE
IP Address eiocfcs j Rccornmertded Adjan jotus IPAH AccessStatus Server Name 0!4S Suffbt Dt?mair;
iP Address (nvemoty
IP Address Range Croups
!^
IPAM Access Unblocked Managed Unblocked Bigfirmxom bigfimv
vmjUAUZED IP ADDRESS SPACE
MONITOR AND MANAGE
ONSand DHCP Servers
DHC P Scopes
ONS Zone Monitoring Details Viee
SFT_____ __
Sr*er Groups
; I
. 5.13.

.
,
220 5
Retrieve All Server Data

( ). IPA M
D H C P DNS.
IP A M
, IPAM
DHCP DNS , Refresh (),
Notifications () AM.
, IP AM ,
, ,
, .
IP A M ,
,
, Task Scheduler
(Local)OTask Scheduler Library^Microsoft^Windows1ÎPAM (
() ^ ^ ^ ^ ),
. 5.14.
Action View Hefp

Uj Data Integrity Sea A_ Name Status Triggers
13 Defrag
AddressExpiry Ready At 22:59 on 26/03/2013- After triggered, repeat e/ery 1.00:00:00 inc
Device Setup
AddressUtilization Ready At 2.2:59 on 26/03/2013 Aftertriggered, repeat every 02:00:00 inde
25 IME
Audit Ready At 2b 59 on 26/03/2013 -After triggered, repeat every 1,00:00:00m<
IPAM
f3/;ServerAvailability Ready At 22:53 on 26/03/2013 - After triggered, repeat every 15 minutes ir
j MemoryDiagnost
ServerConfiguratt on Ready At 22:59 on 26/03/2013 - After triggered, repeat every 0&0&00 inde
ServerDiscovery Ready At 22:59 on 26/03./2013 -After triggered, repeat every 1.00:00:00 inc
u3 NetCfg ' ServiceMonitoring Ready At22:59cn 26/03/2013 - Afte? triggered, repeat every 30 minutes ir
i23 NetTrace
Pi
NetworkAccessPr
22 pi
. ffl >
. 5.14. IPAM
IPAM
1, ,
1-.
IPA M ,
, ,
IP - . . 5.15.

, IPA M
.
O verview Server In ven to ry

IPA M
Overview () Server Inventory (
). .
IP A d d ress M anag em ent DHCP F a ilo v e r 221
Overview
Overview
IPA M , SERVER INVENTO...
Quick IP ADDRESS SPACE
Start ( ), Actions () Learn More IP Address Blocks
( ). IP Address Inve...
, IP Address Ran...
. VIRTUALIZED IP A...
M ONITOR AND...
IPA M Managed DNS and DHCP...
Network ( ) DHCP Scopes
Configuration Summary ( ) DNS Zone Moni...
Server Groups
IPA M . Overview EVENT CATALOG
Scheduled Tasks ( ), ACCESS CONTROL
. 5.15.
IPA M , IPAM
.
Server Inventory
IPv4 .
,
IPAM . IPv4
Tasks () ,
,
(. csv). Server Inventory Details
(), , (
, IP -, IPA M , D H C P D N S),
, - IPv4.
IP Address Space
IP Address Space ( I P -)
, IPA M IP -.
, .
IP Address Blocks
IPA M IP - ,
.
IP - IP -,
(, ,
), I P -.
I P - IPA M ,
IPv4, IPv6,
IPv4 ,
IPv6 .
222 5
IPv4,
. Public Ad
Add IP Address Block...
Private AC
At Add |p Address Subnet..
1. IP A M Unm appd Add IP Address Range...
,
IPv6
Add IP Address-
Global Ac Im port IP Address Blocks...
IP Address S p a ced IP Address Blocks Unmappe

Im port IP Address Subnets...
Im port IP Address Ranges...

( I P -1 ^ I P - Im port IP Addresses...
). Im port and Up date IP Address Ranges...
2. - . 5.16. IP-

IPv4 Add IP Address Block
( IP -), . 5.16.
3. Add or Edit IPv4 Address Block (
IPv4) Network ID (
) Prefix Length ( ) IPv4
( 192.168.1.0
24), .
,
IP - , IPA M
IP - .
4. I P -,
IP Address Blocks ( IP -) Current
View ( ).
5. I P - Configuration Details
( ) ,
.
Utilization Trend ( ) Event Catalog (
) , IP -
.
IP -
I P -,
.
1. IPA M
IP Address Space^ lP Address Blocks
( IP -^ IP -).
2.
IPv4 Add IP Address Block
( I P -), . 5.16.
3. Add or Edit IPv4 Address Block (
IPv4) Network ID (
) Prefix Length ( ) IPv4
( Sybex.com
208.215.179.132 30), .
IP A d d ress M anag e m e n t DHCP F a ilo v e r 223
4. IP -,
(Regional Internet Registry R IR ), I P - (
R IP E ), , ,
Received Date from RIR ( R IR ),
.
5. I P -,
IP Address Blocks ( IP -) Current
View ( )
Public Address Space ( )
IPv4.
6. , ,
Configuration Details (
), . 5.17.
< IPv4 Public Address Space - @ | Manage Tools Yiew

P u b lic A d d r e s s S p a c e
is! O V E R V IE W Pubik Address Space 11 total TASKS
_i
I Current view; J IP Address Blocks j |
S E R V E R IN V E N T O R Y
P (
l i IP A D D R E S S S P A C E P *
& > I (P A d d res s S t o d c
IP A d d re s s In ve ntory UtifeSSon NetWKjric Start IP Address End SP Address RIR Access Scope Last Assigned Date
(P A d d res s R a n g e Groups Under 208.215.179.132/30 208215.179.132 208.215.179.135 RIPE \Global 21/04/2013
V IR T U A L IZ E D IP A D D R E S S S P A C E
M O N IT O R A N D M A N A G E
D N S a n d D H C P Se jve rs
<| HI
i!
D H C P Scop es
O N S Z o n e M o n ito rin g Defcriis V ie w

(?.135/
S e iv e r G ro u p s
Configuration Details Utilization Trend [ Event Catalog
Description:
Sybex.com Pubitc
J IPv4 Network: 208-2i5.179.132/30 Utilization:
M U Public Addres, ip u c t Start IP Address: Total Addresses:
203.215.179.122
> Private Address Space End IP Address; 208.215.179.135 Assigned Addresses:
Unmapped Address Space IP Address Type Public Utilised Addresses
> IPv6 RIR: RiPt Received Date from RIR: |
. 5.17. IP-
IP - 1-,
IP -,
, Current View
.
, IPAM
IP - , IPAM
IP - IP - (
DHCP), IP -
IP - : IP -^ I- 1-.
224 5
IP Address Inventory
IP Address Inventory ( IP -)
IP -, IPA M ,
(, ).
,
IP - ,
, I P -
2012 (System Center 2012 Virtual Machine Manager).
D N S DHCP,
IP -
.
IP Address Range Groups

IP Address Range Groups ( IP -)
IP Address Space ( IP -)
, IP -.
Current View IP -,
I P - IP -. IP address ranges
( I P -),
, Custom Configurations
( ) ,
IP - , Active Directory,
(Country or Region), - (Business Unit),
(Device ) ..
,

( Reserved ()
IP Address State ( I P -)). ,
I P - ,

IP -. , ,

Excel!
Virtualized IP Address Space

IPA M Windows Server 2012
IP -,

2012 (System Center 2012 Virtual Machine Manager V M M ).
Microsoft
IPA M Windows Server 2012 R2.
Virtualized IP Address Space ( I P -)
IPA M
V M M .
I P -
IP -.
,
Windows Server 2012 R2 System Center 2012 R2 Virtual
Machine Manager. , V M M 2012 R2
, IPA M , .
1. ,
V M M 2012 R2 Fabric ()
.
2. Add Resources ( )
Network Service ( ), . 5.18.

Create ip ) ] 25 serv

jgCreale MAC *1 f f if
itf I ViFtl
Cm ate Logical Cress* Create Add Overview. Fabric
Network jgCreateVIP Template Logical Swnteh Resources * Resources i
_ _ _ : J p Hyper-V Hosts and Clusters
: MclBiodi Services (Oj j I !citr,x XenSeverHosts and Clusters

P VMware ESX Hosts and Clusters
1 - i . Netkwfeng
Library Seiver
ixjgicai Networks
! PXE Seiver
:*jj MAC Address Pools i "IT
: ^ Update Server
5 load Balancers
S J Infrastructure Server
V 1 P Templates
^ VMware v<enter Server
f??. logical Switches
13 load Balancer
Port Profiles
X Network Service
4s, Port Ciassifkabons
Network Service Storage Devices
. 5.16. VMM
3. Name ( ) (Add Network

Service Wizard) (IPAM, ) ,
Next ().
4. Manufacturer and Model ( )
Microsoft Model () Microsoft
Windows Server IP Address Management ( I P - Microsoft
Windows Server), . 5.19;
Next.
5. ,
;
V M M IPA M . Next.
6. Connection String ( )
(F Q D N ) 1 Next.
Provider (), . 5.20,
V M M IPAM .
7. Test (),
, . Next.
8. V M M (V M M Host Group),
IPA M . Next Finish (),
.
226 5
Arid Hetwork Service Wizard
! ||

Specify manufacturer and model of network service
M an ufactu re r an d M o d e l Manufacturer: j Microsoft
Credentials Model: ' Microsoft Windows Serve* IP Address Management
Connection String
i If you are adding a gateway, after you complete ths w ord, rigbt-diek the listing for the gateway,
Provider dick Properties and fHi in the connectivity properties for the gateway.
Host Group
Summary
. 5.19. IPAM
Name Validate the network service configuration provider

Manufacturer and Model
To run basic validabon of the provider that w$l be used few network seivice configuration, click the Test
Credentials button.
Connection String
Configuration provider: I Microsoft IP Address Management Provider
Provider
Test result*
KostGroup Test i Result

Connection API Implemented v|
Summary
Test open connection Passed
Capability discovery API Implemented A
Test capability discovery Passed j
Get certificate URL API Not implemented 4
Retrieve system info API Implemented
Test system info Passed
NAT manaqement API Not implemented
Meteiinq API Not implemented
Routinq Domain Confiqration API Not implemented
Customer Subnet Confiquration API Not implemented
. 5.20.
IP A d d re s s M a n a g e m e n t DHCP F a ilo v e r 227
V M M IPA M
IPA M Virtualized IP Address Space,
IP - (. 5.21).
@
* V IRT U A LIZ ED IP A D D R ESS SPA C E IPv4 > ( ) I f '
-
OVERVIEW >*4;S tote

S SERVES tNVWTORY Current view.
Si iP ADDffiKS SPACE P i. ^ 1H) ]

i% t- IP Ad<itesi {Buds
% 3 iP Addrpss H vne Typs 3? iP Access Scape
IP Addresi Rsxje Groups
Unde uf>-dconwunc3}'.orn_aodres5_space Provwtet i f Space VStotsS 00

MOWTQR AND MAMAGE Under picF.iAer iPAcf/VMsSpsc MSVrt^ CK
DNS anfl DHP Servers Under ' ? Prrvaia? Adares Sojo; \Gk*ia;
Under Fnjwster S5 Space
DHCP Scope:
DNS Zone Monitoring
j Under fr2WTi_actebre>s_spa<e Pn3der!Pfi<*sSp3C? '*o ta !
Server Groups "v i
Pia^der P Addrett Space i

I ' ; 1
Customer fP Adcbms Space >
IPv6
D etails View
. 5.21. IP- IPAM
M onito r and M anage

Monitor and Manage ( ) IPA M
D H C P D N S,
IPAM. ,
,
,
DHCP. .
DNS and DHCP Servers

DNS and DHCP Servers ( D N S D H C P )
D H C P D N S Server (
),
D H C P D N S. -
D H C P ,
DHCP, DHCP,
DHCP,
. . 5.22 .
D H C P D NS,
Launch
( ). Details ()
, Server Properties ( ), DHCP Options
( D H C P ) DNS Zones ( D N S).
DHCP Scopes
DHCP Scopes ( D H C P )
DHCP, IPAM .
228 5
" D N S and D H C P S e rv e rs * IP v 4 * ' ! Momaqe Tools View H
IPv4
OVERVfCW Sv4 J 4 iota! f TASKS
I Server Type ( DNS nd DHCP f * j View.! Srver-Properties j * |
IP ADDRESS SPACE R ltf P

-
CS > IF Address Blocks j *1
ip Address inventory i5 Sever Availability Cumvan in Current S-talz Server Name Server Rote Nam* IP Addr&i Accra c4
IP Address Range Groups

if
VIRTUALIZED IP ADDRESS SPACE Rumvng Edit DHCP Server Properties-
8f23 i E<M DHCPS#rvef *.

MONITOR AND MANAGE Runnng 6Z12:1i08
Running 6221:12307 8f1.9igfirin.eom! . Create DHCP Scope..
ConSgurepredeSoSd 0*_
DHCP Scapes ! ConfigureQKCP User C?bss_
DNS Zon Monitoring
. VendorCaS&.
ServerGroups Caafigure DMCP 9sgsy
Import D4CP Policy-
Add DHCP MAC Addiess filter-
!= e
Launch MMC
192.168,0.0/1* Dtacvv&te DHCP

IPv6 HepSrars 05*
1
' ... ' .............. ... . : SetAc-ct*sScOj}e_
1
________ RrtrtSver Data
. 5.22. DHCP IPAM

DHCP.
IPv4 IPv6,
, ,
.
,
D H C P
.
,
. :
Edit DHCP Scope ( D H C P ) (
)
Duplicate DHCP Scope ( D H C P ) (
)
Activate DHCP Scope ( D H C P ) (
)
Replicate DHCP Scope ( D H C P ) (
)
Deactivate DHCP Scope ( D H C P ) (
)
Delete () (
)
Create DHCP Reservation ( D H C P ) (
)
Configure DHCP Failover ( D H C P Failover)
Clear Config Sync Errors ( )
DNS Zone Monitoring

DNS Zone Monitoring ( D N S)
D N S, IPAM.
(
, ),
, , ,
. , ,
DHCP, Launch ( ), Reset Zone Status
( ) Retrieve Server Data ( ).
,
,
DNS.
DNS
IPAM System Center Operations M an ager?
, DNS
, Microsoft System Center Operations Manager (
Microsoft). Operations Manager ,
DNS IPAM . Operations
Manager
Microsoft, IT
.
, DNS,
, DNS IPAM.
Operations Manager 30 ( 2).
Operations Manager System Center 2012
, D NS IPAM

, .
Server Groups
I P -,
,
IPA M , .

, Region (), Country (), Building () Floor Number
( ). ,
Server Groups ( )
IPv4 Add Server Group (
).
,
I -.
Event Catalog
, IPA M
I P -
230 5
, IP A M DHCP.
Event Catalog ( ).
.
IPAM Configuration Events

IPAM Configuration Events ( IPA M )
,
IPA M . ,
IPA M
.
, ,
,
. Add
Criteria ( ) ,
.
DHCP Configuration Events

DHCP Configuration Events ( D H C P)
IPAM Configuration Events
, DHCP.
. 5.23, Tasks () :
Purge Event Catalog Data ( ), Retrieve Event Catalog
Data ( ) Export (),
. cs v .
- DHCP Configj ation Events r ({3 V j ^ Tools View i

i 3- ' Z " ." ~ ^ u -.
' . ; _ -
j
OHCP Confifuraikm Eeffots
lf*A D O fiSSSPA C ; OH tP GanSyjntfeon benh425 teta? _________________ !
Purge *era Catalog OsCa.
IP Address Stocks :c'. '
Sever n a t-s fi beach
Retrieve Even* Caisiog Osts ;
IP Aik x e- ifTvwtofy
i 1
IP Address Groups Event 5ve tiem e T-me the Esnsnt User team* Use* Dfi-
] VIRTUALIZED IP ADDRESS SPACE Scope!|132.-!&8.1^lgF9t

: T3 6F2.&gfirn"..co(n 25/2013 23:53:57 Administrator BlGFIRM
I
j
M OW TDR A N D MANAGE
DNS and OHCP Setvers 20240 Ef7%6r*TOrn 25/04.7013 23,63:57 Admimstoator
.hilinni I MAf r^3ti*nsh<p has t
| DHCP Scopes 76 25/2 235357 Sdmnvsl'ator Stops 192.168 liHSF OHC
i DNS Zcne Monitoring .5 7 Bl/^ <--7.1 1<gge3Mf '

Lili
SV3? Groops
Details View
i ACCESS eONTROL 2G2A3
----------------------------------------------------------------------[
Description
iPAM Coflfigutat'oo Events A im kw errelu tkrn sh ip has b een rst>--d bebv*-n svefcf5b>gfirrtwnand W2i^gSon.conj with the folfawing cor^
^ loatS . C fitead Time: )1^ Load Scenes percentage on Bus serj
seconds.
rP Addtess Tracking
. 5.23. DHCP Configuration Events
IP Address Tracking
IP Address Tracking ( IP -), ,
,
IP - .
:
By IP Address ( IP -)
By Client ID ( )
By Hostname ( )
By User Name ( )

, , ,
,
Network Policy.
DHCP Configuration Events, Tasks ()
, .
IPAM
IPA M
,
(Role-Based Access Control RBAC)
IPA M .
, ,
.
. 5.24 IPA M , ,
.
IPAM Administrators ( IPAM). ,
.

IPAM .
IPA M IP Audit Administrators ( IP- IPAM).
IPA M
IP -,
IP -, .
IPAM ASM Administrators ( IPAM ASM).
, ,
, IPA M Address Space Management
/ASM ).
/
IPAM MSM Administrators ( IPAM M SM ).
, ,
IPA M IPA M
Multi-Server Management and Monitoring.
IPAM Users ( IPAM). IPAM,
, ,
, ASM MSM.
, 1
DHCP, .
232 5
}$$IPAM ASM Administrators Members o f Address-Space-Management (ASM) Administrators gr<j

IPAM IP Audit Administrators Members of the IP Audit Administrators group have IPAM Users pm
J^ IP A M MSM Administrators Members of Mulfi-Server-Management (MSM) Administrators grout
JPlPAM Users Mambers of this group can view all information tn server inventoty, j
. 5.24. IPAM RBAC
IP A M Windows
Server 2012 R2 Access Control ( ),
. 5.25.
' IPAM >ACCESS CONTROL > Roles
Roles
: IP ADDRESS SP... Roles 18 total
i IP Address BL
Fitter P - -
ii IP Address In...
88 IP Address R... N.m. Built-in Role
VIRTUALIZED 1...
DNS Record Administrator Role Yes
ti MONITOR AN... IP Address Record Administrator Role Yes

DNS and DH... IPAM Administrator Role Yes
> DHCP Scopes IPAM ASM Administrator Role Yes
DNS Zone M... IPAM DHCP Administrator Role Yes
8 Server Groups IPAM DHCP Reservations Administrator Role Yes
tv EVENT CATAL... IPAM DHCP Scope Administrator Role Yes

IPAM MSM Administrator Role Yes
ACCESS CONT...
*
!= T=
Roles
Access Scopes
Details View
DNS Record Administrator Role
Name: DNS Record Administrator Role

Built-in Role: Yes
. 5.25. A c c e s s Control IPAM
Access Control ,
IPA M
IPAM .
,
IPA M
.
1. Access Control 1 ,
Roles ().
2. Tasks () Add User Role
( ). Add or Edit Role
( ), . 5.26.
3. .
4. Access Control,
Access Scopes ( )
Add Access Scope
( ).
Add or Edit Role
Specify the value to update or add a role:
Name: BigFirm DHCPOnlyRole
Description: I
Operations: 0 DHCP superscope operations

0 DHCP scope operations
0 Create DHCP scope
0 Delete DHCP scope

0 Edit DHCP scope
0 Configure DHCP scope policy
0 Set access scope on DHCP scope

0 Activate DHCP scope
0 Edit DHCP scope options
0 Edit DHCP scope policy

0 Delete DHCP scope policy
. 5.26.
5. Add Access Scope (

) New (),
Add ()
Global (), . 5.27.
6. , .
Add Access Scope I~ In *
Access S co p e Properties
Select the parent access scope:
a Global
BigFirm DHCP only
| N ew- |
OK J I Cancel |
. 5.27.
234 5
7.
Access Policies ( ) Access Control
, Add Access Policy (
).
8. User Settings ( )
, ,
Access Settings ( )
, (. 5.28).
9. IPA M ,
; DNS and DHCP Servers
( DNS D H C P).
10. D H C P (
) Set Access Scope
( ).
11. ,
, , .
IPAM
IPA M ,
Microsoft, ,
, .
Event V iew er
,
Microsoft,
Windows Event Viewer ( Windows),
IPAM . IPA M Windows
Event ViewerÂpplication and Services Logs=> Microsoft1
^Windows1
^ IPAM (Windows
Event Viewerl=>ypa orê^M icrosoft^W indow sÎPA M ).
.
Admin Channel ( ).
, -
.
Operational Channel ( ). ,
, ,
, 1
.
,
.
Configuration Change Channel ( ).
IPAM .
IPAM
, ( , - ).
Analytic Channel ( ).
.
Debug Channel ( ).
.

. 5.2 , ,
, IPA M ,
, .
5.2. , ip a m

, -
IPAM IPAM.
, IPAM Windows Internal Database,
, IPAM Windows Process Activation
( Windows).
, IPAM A c c e s s Status
( IPAM) Unblocked ()
D H C P R PC A cce ss Status ( DHCP RPC),
D H C P Audit S h a re A c c e s s Sta tu s (
DHCP), D N S R P C A c c e s s S ta tu s ( DNS RPC) Event
Log A c c e s s Status ( )
Not Applicable ().
, IPAM
, Blocked ().
,
IPAM , ,
.
236 5
. 5.2

DNS ,
DNS DHCP , DNS
DNS .
, , DNS Server.
DHCP , ,
DHCP ,
, DHCP Server.

, -
Not R eachable .
() , DNS Server
DHCP Server.

,
IPAM" .
DHCP Failover
(Dynamic Host Configuration
Protocol D H C P ) IP -
( ) , ,
.
, D H C P
IP -.
.
D H C P Windows Server
, (high availability )
,
.

Windows Server 2008 R2 -
D H C P Failover Clustering (
), D H C P
,
IP -. .
Failover Clustering
,
, D H C P
.
,
DHCP, I P -
70/30 50/50. ,
D H C P IP -,
.
DHCP Failover?
Windows Server 2012 - Failover
Clustering , Microsoft
D H C P D H C P Failover.
D H C P Failover D H C P
/ ,
(Hot standby), / ,
(Load balance). D H C P Failover ,
,
SA N (Storage Area Network ),
DHCP.
. , D H C P Failover
IP - ,
DHCP,
DHCP.
DHCP Failover IPv6

IPv6 , , D H C P
Failover Windows Server 2012 IPv4.
, , IPv6,
IP.
, D H C P D H C P Option (
DHCP) IPv6. ,
DHCP,
D H C P Option.
, ,
.
DHCP Failover
,
, D H C P Failover.
Windows Server
D H C P Failover
Windows Server 2012 . DHCP,
Windows Server 2008 R2, Windows Server 2008
Windows Server 2003, Windows Server 2012.
Microsoft
Windows Server (Windows Server Migration Tools),
h t t p : / / tin y u rl.c o m / w s 2 0 1 2 m ig to o ls . ,
D H C P Failover
, .

DHCP, D H C P Failover
, , -
238 5
. D H C P Failover
DHCP, Domain Controller
( ) Domain Member ( ).
DHCP Failover
,
D H C P Failover ,
D H C P Windows Server 2012 R2,
DHCP.
, ,
,
, , D H C P Failover
.

D HCP Failover
.
,
, ,
. , ,
Active Directory NTP (Network Time Protocol
).
1. Windows Server 2012 R2 (

B F l . B i g f i r m . c o m ) ,
, DHCP Manager
( D H C P ) DHCP
, IPA M , .
2. ,
D H C P Failover, Configure
Failover ( ), . 5.29.
File A ction V iew Help
* | | 0 & | [|
DH CP Contents of Scope
| LABSERVER ^ A d d r e s s Pool
a ^ IPv4 ^ A d d r e s s Leases
> | Scope7l92.168.146.01 Scope! - Reservations
_J Serv Display Statistics- Scope Options
HI Poii Advanced... Policies
> Filte
> iiPv6 ( Configure F a i l o v e r - ^ ^ ^
Delete
. 5 .2 9 . DHCP Failover
3. Introduction to the DHCP Failover ( D H C P Failover)
(Configure Failover Wizard) Available
Scopes ( )
Next ().
4. Specify The Partner Server To Use For Failover (
) Add
Server ( ) (
BF2.Bigfirm.com) DHCP.
, Next.
5. D H C P Failover, . 5.30,
Next. .
Relationship Name ( ).
D H C P Failover.
Maximum Client Lead Time ( ).
,
D H C P ,
. 1 ,
, ,
, DHCP.
Mode ().
Load Balance ( )
/ Hot Standby ( )
/ .
_ ............. ...... - --------- - -----
Configure Failover
C rea te a new fa ilo v e r relatio n sh ip
Create a new failover relationship with partner bf2.bigfirm .com
Relationship Name jbf 1.blgfifmcom-W2.btgfirTTi com
Maxmxn Gent Lead Time. | i-Jhoura | Q-tJ minutes
Mode.
. ,D. _
Ipcal Server.
I f4
Partner Server:
_ Sig(e Switchover Interval: j GC | mbytes
liable Message Aihentication
Shared Secret: j....." .....
[ <Qeck jj J > _j |__ Cancel ;
. 5 .3 0 . DHCP Failover
240 5
Load-balance Percentage ( ).
I P -,
.
50/50.
State Switchover Interval ( ).
, ..
D H C P Failover,
. , D H C P
,

.
Enable Message Authentication ( ).

.
Shared Secret ( ). Enable Message Authentication
, .
6. Finish
(), .
7.
.
Close (), .
8. DHCP.
IPv4 ,
(. 5.31).
3 DHCP
| BF1.Bigfirm.com
^ IPv4
Server Options
Scope [192.168.1.03 BF DHCP Scope 1
|| Address Pool
Address Leases
m Reservations
Scope Options
H i Policies
( Policies
t> } Filters
bf2.bigfirm.com
Scope [192.168.T0] BF DHCP Scope 1

ivljjl Address Pool
Address Leases
m Reservations
a Scope Options
a Policies
Server Options
3$ Policies
> Filters
t> jg) IPv6
. 5 .3 1 . DHCP
IP A d d ress M a n a g em en t DHCP F a il o v e r 241
DHCP F a ilo v e r P o w e r S h e ll
Windows Server 2012
PowerShell:
Add-DhcpServerv4Failover
Add-DhcpServerv4FailoverScope
Get-DhcpServerv4Failover
Set-DhcpServerv4Failover
Remove-DhcpServerv4Failover
Remove-DhcpServerv4FailoverScope
Invoke-DhcpServerv4FailoverReplication
,
D H C P Failover.

Microsoft D H C P : h t t p :/ / t i n y u r l ./
ws2012dhcpfailposh.
IPA M . IPA M
, , ,
IP -
. IPA M IP -
.
. IPA M
, ,
. Active Directory, -
?
IPA M . IPA M
,
IP -.
Multi-Server Management and Monitoring (
), Address Space Management (
) Network Auditing ( ).
. IPA M
D H C P D N S?
) Multi-Server Management and Monitoring
) Address Space Management
) Network Auditing
IP A M System Center 2012.
Microsoft
IPA M Windows Server 2012 R2. Virtualized
IP Address Space ( IP -) IPA M

V M M .
242 5
IP -
I P -.
. Windows Server V M M
, IPA M ?
IPA M . IPAM
,
(Role-
Based Access Control RBA C ) IPA M
. ,
,
.
. ,
IPA M RBAC.
?
) IPA M Administrators ( IPA M )
) IPAM IP Audit Administrators ( IP - IPA M )
) IPAM A SM Administrators ( IPA M A SM )
) IPAM Advanced Users ( IPA M )
) IPA M M SM Administrators ( IPAM M SM )
) IPA M Users ( IPA M )
D H C P Failover. D H C P Failover ,
, SAN
(Storage Area Network ), DHCP.
. ,
D H C P Failover IP -
,
DHCP, DHCP.
. D H C P Failover
.
?
) Failover clustering (active/active) ( (/
))
) Hot standby (active/passive) ( (/))
) Split-scope (active/passive) ( (/))
) Seeded (active/active) ( (/))
) Load balance (active/active) ( (/))

DNS
1-,
IPv4, IPv6. ,
IP - - .
. ,
I P -
. (Domain Name System D N S) ,
Windows Server 2012 R2. D N S
,
, Active Directory,
.
:
D N S;
D N S Active Directory;
D N S
.
DNS Server
D NS , Microsoft
D N S Windows N T 4.0.
D N S, ,
DNS.
Microsoft , Windows.
D N S Windows Server 2012 R2
I P -. D N S
D NS,
244 6
, ,
. D N S ,
, Active Directory
. D N S,
,
.
Windows Server 2012 R2 Windows Server
D N S Server (D N S -). Windows Server 2012 R2 D N S
D N S Windows Server 2003;
, , Windows Server 2008, IPv6
IPv4.
D N S,
.
(hostname). () .
D N S, 255 .
, , 01.
(namespace). ,
Active Directory.
, , .
;
. , Bigfirm.com
Bigf irm. com.
(Fu lly Qualified Domain Name FQ D N ). F Q D N
, ,
01.Bigfirm..
HOSTS. ,
I P -. HOSTS c:\windows\system32\
drivers\etc Windows Server 2012 R2
D N S -
. ,

HOSTS, !
(name server). D N S -,
F Q D N I P -.
.
, D N S .
(hierarchical naming structure).
,
, FQ D N .
,
. ,
. 6.1, EcOl.Ecoast.Bigf irm. com FQ D N
Ecoast.Bigfirm.com.
, ,
DNS W IN D O W S S E R V E R 2012 R2 245
Bigfirm.com.
Bigfirm.com
..
,
.,
Bigfirm.com.
Ecoast.
Bigfirm.com .. F Q D N

,
.
(recursion).

FQ D N .
FQ D N
. 6.1.
,
DNS
.
.
.
, ,
. com, .gov . edu.
,
. , Sybex.com
.. ,
(. 6.2).
DNS-
DNS- .
DNS- Sybex.com
www.Sybex.com
. 6.2. DNS
246 6
1. D NS D N S - , www.Sybex.com.
2. D N S -
. .
3. ..
4. D N S- . Sybex.
.
5. Sybex. .
6. D N S - F Q D N -
www.Sybex.com.
7. D N S - S yb e x .co m I P - - D N S -
.
8. D N S - IP - .
9. I P -, - www.
Sybex.com.
(delegation).
. ,
Bigfirm.com
Ecoast.Bigf irm. com .
(forwarding). .

. , ,
.
(iteration).
FQDN. ,
.
N etBIO S (N etB IO S naming system).
Microsoft N T 4.0.
, -
Windows, ,
, .
(service records). (SR V )
DNS,
. ! D N S Active
Directory.
D N S (dynamic DNS update).
D N S (Dynamic D N S D D N S ) ,
D N S
, DHCP.
.
D N S D N S Active
Directory.
DNS
D N S Windows Server 2012 R2
, .
D N S - , ,
- , ,
Active Directory. ,
D N S . ,
D N S , ,
. ,
D N S Active Directory,
.
DNS-
: ,
D N S, I P -,
DNS !
<Ctrl+R>, n c p a . c p l <Enter>, Network
Connections ( ).
Properties (),
. Internet
Protocol Version 4 (TCP/IPv4) ( 4 ((TCP/IPv4))),
Internet Protocol Version 4 (TCP/IPv4) Properties (
4 (TCP/IPv4)). I P -,
. 6.3.
IP - D N S -
, B i g f irm . com, Advanced TCP/IPv4 Settings
( TCP/IPv4), . 6.4.
Internet Protocol Version 4 (TCP/IPv4) Properties 1 x Advanced TCP/IP Settings L*J

General | IP Settings] DNS WINS
DNS server addresses, in order of use:

You can get IP settings assigned automatically if your network supports
this capability. Otherwise, you need to ask your network administrator
for the appropriate IP settings. s

() Use the following IP address:
The following three settings are applied to all connections with
IP address: | 192 . 168 . 0 . 1 | enabled. For resolution of unqualified names:
Subnet mask: | 255 . 255 . 255 . 0 | () Append primary and connection specific DNS suffixes
@ Append parent suffixes of the primary DNS suffix
Default gateway: | 192 168 . 0 254 |
Append these DNS suffixes On order):
Obtain DNS server address automatically

() Use the following DNS server addresses:
s
Preferred DNS server: | 192 . 168 . 0 . lj |
Alternate DNS server: | . . .

DNS suffix for this connection: BigFirm
@ Register this connection's addresses in DNS

Validate settings upon exit | Advanced. .T~|
Use this connection's DNS suffix in DNS registration
OK | | Cancel
. 6.3. IP- . 6.4. DNS-

248 6
D N S - .
, .
(
), D N S - , D N S -
D N S, D N S
.
I P - D N S - ,
,
DNS.
1. Dashboard (
) Add Roles and Features (
), . 6.5.
Server Manager
Server Manager * Dashboard
ISS Dashboard WELCOME T O SERVER MANAGER
I Local Server
i All Servers
Q U IC K START
2 Add roles and features
Add other servers to manage

W H A T S N EW
. 6.5. DNS
2. Before You Begin ( )

(Add Roles and Features Wizard) Next (),
.
3. Select Installation ( )
) Next.
) , ;
Next.
5. Select Server Roles ( )
DNS Server (D N S -) , D N S
Server , Add Features
( ), . 6.6.
6. Next,
Confirm Installation Selections (
). , ,
Install (), .
DESTINATION SERVER
Select server roles LabServer
Select roles to install on the selected server.

Before You Begin
Installation Type Roles Description

Server Selection Domain Name System (DNS) Server
t> @ Active Directory Certificate Sen/ices (1 of 6 installs
provides name resolution for TCP/IP
0 Active Directory Domain Services (Installed) networks. DNS Server is easier to
1 I Active Directory Federation Services manage when it is installed on the
DNS Server same server as Active Directory
Active Directory Lightweight Directory Services
Domain Services. If you select the
Active Directory Rights Management Services Active Directory Domain Services
I I Application Server role, you can install and configure
DNS Server and Active Directory
0 DHCP Server (Installed)
Domain Services to work together.
I I Fax Server
> [) File and Storage Services (2 of 12 installed)
Hyper-V
t> [] Network Policy and Access Services (1 of 3 installs
> [] Print and Document Services (1 of 4 installed)
Remote Access
| < Previous | | Next > | | Install | | Cancel |
. 6.6. DNS Server
7. D N S Server Close
() .

D N S, .

, .
D NS.
D N S -
, . D N S -

( ,
HOSTS ),
Windows Server 2012 R2 D N S Active
Directory.
DNS-
D N S Server ,
DNS, , ,
. D N S -.
, , .
D N S - , D N S -.
,
. ,
D N S -
D N S-.
, .
D N S- ,
D N S -, . Windows D N S
250 6
Root Hints ( )
D N S - (. 6.7).
DNS Management ( D N S),
Properties ().
Name servers ( ) Root Hints
D N S - .
LABSERVER Properties I ? I
Debug Logging_____ | Event Logging | Monitoring

Interfaces J Forwarders j Advanced J Root Hints
Root hints resolve queries for zones that do not exist on the local DNS
server. They are only used if forwarders are not configured or foil to
respond.
Name servers:
Server Fully Qualified Domain Name (FQDN) IP Address -

la .root-servers.net. [198.41.0.4]
b.root-servers.net. [192.228.79.201]
c.root-servers.net. [192.33.4.12] =
d.root-servers.net. [199.7.91.13]
e.root-servers.net. [192.203.230.10]!
f.root-servers.net. [192.5.5.241]
g.root-servers.net. [192.112.36.4]
h.root-servers.net. [128.63.2.53]
iQ"? 140 171
<| ill 1 M
| Add...
L Mi- | Remove | Copy from Server |
OK | | Cancel | | Apply j| Help
. 6.7. Root Hints
cache .dns,
c:\w indow s\system 32\dns, . 6.8.
; formerly NS.INTERMIC.NET
3600000 IN NS A .ROOT-SERVERS.NET.
A .ROOT-SERVERS.NET. 3600000 A 198.41.0.4
; formerly NS1.ISI.EDU
3600000 .ROOT-SERVERS.NET.
B .ROOT-SERVERS.NET. 3600000 192.228.79.201
; formerly .PSI.NET
3600000 C.ROOT-SERVERS.NET.
C .ROOT-SERVERS.NET. 3600000 192.33.4.12
; formerly TERP.DMD.EDU
3600000 D.ROOT-SERVERS.NET.
D.ROOT-SERVERS.NET. 3600000 199.7.91.13
; formerly NS.NASA.GOV
3600000 E .ROOT-SERVERS.NET.
E .ROOT-SERVERS.NET. 3600000 192.203.230.10
; formerly NS.ISC.ORG
3600000 F.ROOT-SERVERS.NET.
F.ROOT-SERVERS.NET. 3600000 192.5.5.241
; formerly NS.NIC.DDN.MIL
3600000 G .ROOT-SERVERS.NET.
G .ROOT-SERVERS.NET. 3600000 192.112.36.4
. 6.8. c a c h e . dns
DNS W IN D O W S SERVER 2 0 1 2 R2 251
Active Directory ,
. D N S -
, , Sybex.com,
. D N S
DNS
. D N S - -
.
,
D N S, ,
. D N S -,
. ,
Sybex.com. .
, . D N S -,
Sybex.com.
Windows
Active Directory. Active Directory Bigfirm.com
D N S Bigfirm.com.
Active Directory Ecoast.Bigfirm.com.
D N S D N S - Bigf irm. com,
D N S Ecoast.Bigf irm. com
D N S -.
. 6.9
DNS. D N S - DC01
Bigfirm.com. Ecoast,
,
1.Ecoast.Bigf irm. com I P -.
D N S -
. D N S,
D N S -, .
Ecoast Properties
Fife Action View Help
Name Servers | Security ;
To add name serversto the list, dick Add

, DNS
| DC01
;3 Forward Lookup Zones
;J _msdc5,Bigfirm.com
a Bigfirm.com
t> @3 _msdcs
t> 3 .sites
* Jcp
. .. _udp
> L3 DornainDnsZones
jg j Ecoast
> G3 ForestOnsZonee
a , j ReverseLookup Zones
G.1&8.192.in-addr.arpa
f> J j Trust Points
1> Conditiona! Forwarders
rSDreserts an iP address retrieved as the re s it of a D N S Query and may
t> (|j|] Global Logs not rap-esara actual recxsds stored on thss server
i ! Caned 1 tafr
. 6.9. Ecoast.Bigfirm.com
252 6
D N S
. , D N S - 1 .Ecoast .Bigf irm. com
Bigfirm.com ,
Forwarders ( )
(. 6.10).
D N S

LABSERVER Properties I ?
S
, DNS
I 5' Forwarders are DNS servers that this server can use to resolve DNS
I> Q ) G lobal Logs queries for records that this server cannot resolve.
* .J Forward Look up Zones
Ecoast.Bigfirm .com
t> _m dcs IP Address Server FQDN
Si 192.168.0.1 LabServer.BigFirm
P 3 _>
l> 3 _udp
t> Reverse Lookup Zones
C3 Con ditional Forwarders
@ Use root hints if no forwarders are available
Note: I f conditional forwarders are defined for a given domain, they will
be used instead of server-level forwarders. To create or view conditional
forwarders, navigate to the Conditional Forwarders node in the scope
tree.
. 6.10. Forwarders
. 6. Use root hints if no forwarders are

available ( ,
). ,
D N S -, . , ,
.

DNS Manager ( D N S).

. . 6.11 ,
Otherdomain.local.
D N S -
OSOl.Otherdomain.local.

Conditional Forwarder ( )
D N S New Conditional Forwarder (
). New Conditional Forwarder (
),

Active Directory.
,
, .
D N S W IN D O W S SER VER 2012 R2 253

OtfterdomairUocaf Properties m
\ isi -
, DNS
! i DC01 Type: Conditional Forwarder
1> j Forward Lookup Zones
t> C.3 Reverse Lookup Zones Pep&edcn: ffet an Active Directory integral
t> 3 Trust Points

Conditional Forwarders
Condrdonal forwarders are DNS servers that this server o n use to
v- Otherdomain.local resoive CMS queries for records in a spedfic domato. The domain is the
t> Global Logs name f the mndt tional fcrrna tier.
5 Address Server FQDN

152.168.1.1-4 OS01
Help
. 6.11.
,
- (Digital
Subscriber Line D SL). - D N S -
, . ,
D NS.
,
. D N S -
.
D N S -
DNS. D N S -
D N S -. , D N S - ,
, Windows
Server 2012 R2 .
.
, .

. D N S -
, Sybex.com .
IP - w w w .sybex.com , D N S -
( ). ,
DNS .
Windows D N S :
;
;
, Active Directory;
-.
254 6
| -
File Action View Help .
B c s i 1 .
3, t>NS
i DC01
J For
t> New Zone...
^ Vew . D N S -

> Refresh ,
|> Export List...
|> HOSTS. , Microsoft
Help

.
> .sites
>13 JCP ,
Ecoast
23 ForestDnsZones

> [3 _sites . ,
_tcp
Windows D NS .
Create a new zone.
.
Windows N T
. 6.12.
,
(primary domain controller PD C ),
.
(backup domain controller B D C ),
. D N S
, , .
D N S - ,
; .
(New Zone Wizard),
, Forward Lookup Zones
( ) D N S
New Zone ( ), . 6.12.
.
, Primaryzone.local.
, .dns.
D N S.
D N S .
,
c:\windows\system32\dns (. 6.13).
C N A M E .

, Active Directory.
,
. Windows D N S
,
Zone Transfers ( ),
. 6.14.
DNS W IN D O W S SERVER 2012 R2 255
, DN5 A zone transfer sends a copy of the to the serve's that request a
1 BF1 -
( | Global Logs fvj ASow zone transfers:
_ j Forward Lookup Zo n e To any server
PrimaiyZone.Iocal
<) Only to servers bsted on the Name Servers tab
a . J j Revase Lookup Zones
Only to the following servos
I> ^ 0.1&S,l92.in-addr.arpa
Trust Points IP Address Server FQDN
> Conditional Forwarder;
To specify secondary servers to be notified of zone i N0f,

updates, cfck Notify. I ^
Cancel I I Appty Heip

_
. 6.14. Zone Transfers
1 .Ecoast.Bigf irm. com,

Name servers ( ) Name Servers
( ), . 6.15.
New Zone Wizard
1. IP - --
, .
D N S - .
1 (. 6.16).
256 6
PrimaryZone.local Properties
Start o f Authority (SOA)
+ + '. a x s h a ll [ ___ j~ Zone Transft
To add name servers to the 1st, ck k Add.
i s Global Logs
a 3 Forward Lookup Zones
PttmaryZone.toca!
Server FuJy Queried Domaffi Name (FQON) IP Address
a ^3 Reverse Lookup Zones
bf l.bgfirm.eom. [192.168.0.200]
t> ^ P-168.l92.in-addr.aipa
ecl.ecoast.bgfirm,can. [192.168.0,20]
iVTl TrustPoints
> Conditional Forwarders
Represents an IP address retrieved as the r e s it o f a DNS query and

msy r t represent actual records stared on irts server.
. 6.15. Name Servers
ONS Manager
' j
f i le A c tio n View Help
i * & S B a a D i l i j
;j i o m Nam e Type Data Timestamp
:! - 1 EC1 (sam e as parent folder) Start of Authority (SOA) (5], bf1.bigfirm.com, host- static
J a Forward Lookup Zones (same as parent folder) N am e Seiver(N S) bfl.bigfirm.com. static
t> _msdcs.Bigfirm.com ^ ( s a m e a s parentfolder) Name Server (NS) e cl.e c0astJ3igfirm.com. static
t> -|p Ecoast.BigfKm.com @ 6Fl Host CAJ 192.168.0.200 static
apcc.com
Prim aiyZone.loca!
a Reverse Lookup Zones
> 0.168.192.in-addr.arp
3 > 1.16B.192.in-3ddr,arp
J t> TrustPoints
| a (3 Conditional Forwarders
[jjj Global Logs
1 <; in ' > <[ ffi >

II i ... H. .u cr
. 6.16.
.
,
.
, Start of Authority ( ).
, ,
.
. D N S
A X F R ( ), ,
.
. Windows D N S IX F R (
), .
, D N S ,
.
, Active Directory
, Active Directory,
Windows DNS. Active Directory .
-, D N S Active Directory,
.
-, Active
Directory , .
Active Directory
, D N S
, .
D N S Active Directory, D N S
.
22.
, , Active Directory,
New Zone Wizard. Zone ( )
(. 6.17) Store the zone in Active Directory (
Active Directory).
Sdci-t the type o f you w ant to create;
Primary zone
Creates a copy of can be updated 4-ectty on this server.
Secondary zone
Oeates a copy o f Satexfets on another server. This option he^s balance
the processing bad of pdrmtry severs and providfis f a it trierance.
Slu b
Cre ates a copy o f a zone contafriing only Name Se rv er &iS), Start o f A u 8 w lt y
(SO A ), and possfofy g be Host {A )re tn rd s, a server eontajrrng a stub fe not
author itative for that zone.
t^ Sto re the zone in Active CSredory (evaiable only if DNS sever is a w ritable domain
contf*8ef)
. 6.17. , Active Directory
Active Directory Zone Replication Scope (

Active Directory) (. 6.18) :
, , ( Windows 2000)

( ,
, ).

: ,
. , Windows 2000,
Active Directory,
.
258 6
Nev/Zone Wizard
Active Directory zone Replication Scope

can sdecthow you wantQNS data replicated fooughout yotr network.
Select how you want date reptcated:

Q l ' o d ONS servers on domain controfers in this fo re s t QgftTD.com
To ai OHS servers n m in g on domain con rotes in thisdomain: Big flrm.com
To aB domain controllers in this domain (for Windows 2000 compatibility): Bigfirm.com
(> To al domain confroSers specified in ths scope o f this cfc-ectory &:
I adintegratedzone.local
. 6.18. Active Directory Zone Replication Scope
,
. 6.18,
DNSCmd, Add-DNSServerDirectoryPartition
PowerShell. Windows Server 2012 R2
.
PowerShell ,
,
Active Directory.
; ,
:
C:\Users\administrator.BIGFI RM>Add-DNSServerDirectory Partition
-Name "adintegratedzone.local"
, , ,
Active Directory (. . 6.18).
PowerShell
. , 1,
Ecoast.Bigf irm. com,
Active Directory:
adintegratedzone.local,
;
192.168.0.0,
.
Name Servers
, . 6.15 .

1:
: \Users\administrator .BIGFIRM>Get-DNSServerDirectoryPartition
.
, ,
.
, ,
Windows 2000, B i g f irm. com.
E c o a s t .B i g f irm. com.
. 1
.
- DNS-
- ,
Windows Server 2003. Windows Server 2012 R2
- ,
D N S -. -
.
, ,
.
, -
D N S -.
.
New Zone Wizard - :
Stub (-);
Active Directory
;
, Apex.com;
D N S -, .
- (. 6.19).
Start of Authority , Name
Server ( ) Host () .
. 6.19. -

, Forward Lookup Zones
( ) DNS.
(F Q D N ), D N S - IP -
. :
IP -, D N S - FQ D N .
260 6
, ?
. ,
D N S - FQ D N ,
w w w ., . ,
IP - - ,
, , , ,
. -
IP -,
-.

S M T P Windows.
. SM T P
,
TCP/IP. ,
, .
N s L o o k u p .
, ,
(P T R ) . ,
UnKnown. D N S
.
:\Users\Administrator.BFl>Nslookup
Default Server: UnKnown
Address: 192.168.0.10
P T R ,
NsLookup . ,
:
:\Users\Administrator.BFl>Nslookup
Default Server: BFl.bigfirm.com
Address: 192.168.0.10

, . IPv4
x.y.w.z.
IPv6 , ,
. . D N S-,
, IP -.
, FQD N IP - x.y.w.z z.w.y.x,
. i n - a d d r . . D N S - F Q D N -
z .w. .. i n - a d d r . FQ D N .
. in-addr.,

.
, ,
.
192.168.0.0 (. 6.20).
New Zone Wizard .
& ' ; , , ' " : -. D N S M anager i ________i

I Action JTiew Help
1 | 1
f NS Name A Type Data
\ j | BF1 fj {same as parent folder) Start of Authority (SOA) [11 bf1.bigfirm.com hostmaster.bigfim;
g t> || Global Logs (same as parent folder) Name Server (NS) b flb i gfirm.com.
i > Forward Lookup Zones 192.168.0.1 Pointer (PTR) dc01.bigfirm.com
R<V4fselookup Zones @ 192.168.0.20 Pointer (PTR) ec1.Ecoast.Bigfirm.com
0.168.192.ii*-addr.3rpa 192.168.0.200 Pointer (PTR) BF1.PnmafyZone.locaI
3 Trust Points
t> Conditional Forwarders
t> ed.ecoast.bigfirm.com
__ _ ^
1 .J. | >
a ii i. _
_ .............
. 6.20.
, ,
,
. ,
1- 10.0.0.0,
10 .i n - a d d r ..
,
1 254, P T R
.
D N S -, ,
, . P T R
, .
. 6.21 , B F 1 10 .i n - a d d r ..
, 10.11.0.0 ,
11 . 1.
10.11.12.0 .
DNS (vfanager
# fiB-S S Bj 0 ; ill
. DNS Nam e Type Data
i | Si?
t> Global tog* (same as parent folder) Start of Authority (SOA) (JJ, ecl.ecoast.bigfirm.co..
1> Forward Lookup Zones Q (same as parent folder) Nam e Server (N S) ecl.ecoast.bigfnm.com.
a Reverse Lookup Zones
j @ I0.in-addr.afpa
11
Qa Trust Points
{> Conditional Forwarders
i ^ ec1. ecoest.bigfirm.com
t> >Jj|] Global Logs
(> ^ 2 Forward Lookup Zones
a 23 Reverse Lookup Zones
^ I1.10.in-addr.aipe
t>12
2 3 Trust Points
r~) Conditional Forwarders
. 6.21. 10.0.0.0
262 6

Advanced () D N S-
, :
Enable round robin ( )
Enable netmask ordering ( )
(round robin). (network
load balancing N LB) .
, IP -, D N S-
I P- ,
IP -.
,
.
(netmask ordering). ,

, IP-.
, .
.
, .
, , ,
.
- .
, .
Windows 7 Windows 8. TCP/IP IPv6 IPv4, ,
,
. , I - DNS-
, .
,
, :
Hkey_Local_Machine\System\CurrentControlSet
\Services\Tcpip\Parameters\OverrideDefaultAddressSelection
1
NLB.

. ,
, ,
.
FTP. D N S- IP -
f t p . B i g f i r m ..
. FTP
- , -
ftp.Bigfirm.com.( IP-
, .)
,
, IP-
FTP. D N S-, . ,
: ,
, . ,
, .

,
, . , Dynamic D NS
(D D N S ) , D N S -
, DHCP,
Windows . ,
- ,
, . D N S
25 .
Windows DNS.

() (P T R )
, .
IP -. PTR IP -
FQ D N .
, D D NS.

(C N A M E )
. C N A M E FQ D N ,
.
, .
-
.

(mail exchanger MX)
SMTP. M X
S M T P .
M X D N S. ,
. M X FQ D N
SM T P .
, MX ,
, . ,
. .
, S M T P - S M T P - -
(smart host), ,
. M X
. S M T P - ,
-, 20, . S M T P -
, -.

(S R V ) Windows
DNS. S R V
.
264 6
SR V .
. ,
, _ ladp.
F Q D N .
FQ D N . , .
. T C P UDP, .
, , TCP.
. , M X
.
. .
0, .
SRV Windows D NS,
Active Directory. ,
FQ D N .
F Q D N g c . t c p . b i g f irm . com. SR V . 6.22.
DC01 Type Data Tim estam p

! Foi\*ard LookupZones Servicetocation(5RV) [010032681 ecl.ecoest.bigf irm,.. 0^03/2013
S> |3 _m5dcs.B1gfi1m.tom Service Location (SRV) (3268] cfcOI.bigfifm.com. 1(V03/20I3
{> apts.com fdkerberos Seivk* Locetion (SRV) [0111003(88! dc01.bgfifm.com.
*&#|1- Hjjcpavswd ServiceLocation(SRV) [0)|100?{464) dc01.bigfirm.com.
'"j .msdcs
ServiceLocation (SRV) [0]|100][3W1 (fc01.bigfirm.com.
fr3.sites
J .tcp
*L-2-dp
> ill OomsinOrtsZonei
Eceast
Fc>rejfDf*sZones
adiotegnrtedicne-.local
i Reverse Lookup Zones
3 Trust Points
,-2 Conditional Forwarder;
Global Logs
| 3 Cached Lookups
. 6.22. SRV

(Start of Authority SOA)
. , D N S-
, , ,
. SOA ,
.
Start of Authority (SOA) ( (SOA)) (. 6.23).
, Start of Authority (SOA).
Serial Number ( ). .
, .. Active
Directory .
, ,
. , .
Primary Server ( ). ,
.
,
.
Responsible Person ( ).
, . ,
@ (.). - -
, .
Refresh Interval ( ). ,
,
.
SOA .
I5 .
.
Retry Interval ( ). ,
,
. 10
.
Expires After ( ). ,
,
. .
86 400.
Minimum (Default) TTL ( () T T L).
, ,
, (Time Live T T L).
, 3 600 .
File A c tio n V ie w Hdp

W IN S T Zone transfers j Security
Jt ' General j~ Start of Authotfy (SOA) Name Servers
, D NS Serial number
| DCC-1 |34| Jj kjcremerl |
2 forward L*olcup Zones
> .m sdcs.Bigfirm .com Primary server
^ apex.com JdcOI .bigfitm com. 1| 0rowsa... |

A .^7} Bigfirm .com
Responsible pereon.
l> _m sdcs
|hoetmaster bigfimi.com. | | Browse.. |
t> _s>tes
iS i J c p
Refresh interval |15 | j minutes
t> 1*2 _udp
Dom ainD nsZcnes Retry Wetval: 110 jjmmutes
H
t> [ Ecoast
C S ForwtD nsZones
Egwes after; jl Ij days 4
adinteg!atedzone.loca1
Minimum {default) TTL. |l jjh o u s
{> j Reverse Lookup Zones *
) Trust Points
i> 3 C on ditional Forwarders
Global Logs
TTLfortNsrecoid" jo (DDDDD H H.M M .SS)
(> . j C ached Lookups
Hdp
. 6.23. Start of Authority (SOA)

266 6

(N S) ,
. , ,
. SOA, N S Name Servers
( ) , . 6.15.
N S FQ D N .
Name Servers ,
, IP - .
DNS
, DNS.
D N S , Active Directory
.
- , www. Sybex. com.
Windows , DNS:
I P-
DNS.

Windows .
, .
, , NetBIO S, DNS.
( ,
D N S.) ,
(. 6.24).
DNS W IN D O W S SER V ER 2 0 1 2 R 2 267
N etBIO S .
1. , .
2. W IN S.
3. LMHOSTS. ,
HOSTS, : c:\windows\
system32\drivers\etc.
NetBIOS.
,
DHCP. W IN S .
W IN S , . LMH0STS
.
D N S .
1. HOSTS.
2. DNS.
D N S ,
DNS. ,
h o s t s , , .
D N S -
, HOSTS
. HOSTS ,
D N S .
,
IP -. , NetBIO S
DNS. .
Windows NetBIOS. ,
TCP/IP, .
Windows.
net view ping.
net view LA N Manager,
N etBIO S.
, , NetBIO S.
nbtstat -.
nbtstat -R.
rem NetBios
:\Users\Administrator.BFl>nbtstat -
Local Area Connection:
Node IpAddress: [192.168.0.10] Scope Id: []
No names in cache
bfscl
: XUsersNAdministranor.BFl>net view Wbfacl
Shared resources at W b f s c l
268 6
Share Type Used as Comment
NETLOGON Disk Logon server share

SALES Disk
SYSVOL Disk Logon server share
Users Disk
rem NetBios
:\Users\Administrator.BFl>nbtstat -
Local Area Connection:
Node IpAddress: [192.168.0.10] Scope Id: []
NetBIOS Remote Cache Name Table
Name Type Host Address Life [sec]
BFSC1 <00> UNIQUE 192.168.0.11 600
D N S, .. pin g
TCP/IP. ,
DNS, D N S ip c o n f ig
/displaydns. D N S ip c o n fig /flushdns.
rem DNS
: \Users\Administrator .BFl>ipconfig /flushdns
Successfully flushed the DNS Resolver Cache.
:\Users\Administrator.BFl>ping BFSC1
Pinging BFSCl.bigfirm.com [192.168,0.11] with 32 bytes of data:
Reply from 192.168.0.11: bytes=32 t i m e d m s TTL=128
Ping statistics for 192.168. 0.11:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = Ims, Average = 0ms
:\Users\Administrator .BFl>ipconfig /displaydns

BFSC1
Record Name . . B F SC1.bigfirm.com

Record Type . . 1
Time To Live 1185
Data Length . . 4
Section . . . . Answer
A (Host) Record 192.168. 0.11
,
DNS (
) NetBIOS. N etBIO S .
D N S
NetBIO S , , .

D N S N etBIO S IP
. N etBIO S WINS.
. 6.25 WINS .
Advanced TCP/IP Settings H I
IP Settings | DNS [ W IN S |__________________________________________________
E
W IN S addresses, in order o f use:
| Add... | | Ed it... | | Rem ove |

E
I f LMHOSTS lookup is enabled, it applies to all connections for which
is enabled.
@ Enable LMHOSTS lookup | Im port LM HO STS... |
NetBIO S setting
() Default:
Use NetBIO S setting from the DHCP server. I f static IP address
is used or the DHCP server does not provide N e tBIO S setting,
enable N e tB IO S over .
Enable NetBIO S over

Disable NetBIO S over
OK | | Cancel
. 6.25. WINS
LMHOSTS
N etBIO S DHCP. LMHOSTS .
,
.
N etBIO S DHCP.
D H C P NBT Node (046) ( N B T (046)).
N etBIO S .
:
: b- , I
W IN S : - , 2
, W IN S : m- , 4
W IN S , : h- , 8
- , NetBIOS, ..
, W IN S.
W IN S , , - ,
, . D H C P
, , . Windows
Server 2012 R2 h-, .. (hybrid) .
Active Directory NetBIOS,
. ,
270 6
,
. NetBIOS,
DNS.
D N S DNS ,
. 6.26. , 1- D N S -
. , ,
.
D N S -.
Advanced TCP/IP Settings
IP Settings [ DNS WINS
DNS server addresses, in order of use:

-
The following three settings are applied to all connections with TCP/IP
enabled. For resolution of unqualified names:
() Append primary and connection specific DNS suffixes
@ Append parent suffixes of the primary DNS suffix
s
Append these DNS suffixes (in order):
a
DNS suffix for this connection: BigFirm
@ Register this connection's addresses in DNS

l~1 Use this connection's DNS suffix in DNS registration
. 6.26. DNS
DNS .
, D N S ( BFSC1,
p in g ). D N S - F Q D N ,
D N S D N S, .. .
D N S System ()
, Computer Name ( ).
, ,
.
, .
D N S .
FQ D N .
F Q D N ,
, ,
. ? F Q D N
NetBIOS. NetBIOS
FQ D N D N S, FQDN.
DNS
D N S ,
D N S. DNS
, ..
.
Microsoft Windows NT
W IN S D N S,
Dynamic D N S (D D N S ). .
1. SOA
DNS. , D D NS.
, IP - .
2. D D N S .
Start of Authority . ,
Active Directory, , ,
SOA .
Active Directory, ,
- . ,
.
DNS D D N S
(. . 6.26),
DNS . .
, D N S DDNS.
DHCP. ,
D H C P .
, , .. IP -.
,, D D N S
SRV Active Directory.
, .. SRV. ,
.
, D D N S:
DHCP.
D N S D D N S New Zone
Wizard . . 6.27
D D N S , ,
. ,
D N S .
,
. , ,
.
D D N S .
D H C P D D N S.
Windows Server Windows,
D D N S. D H C P
. , D H C P
. . 6.28 DNS IPv4
DHCP.
272 6
New Zone Wizard
D ynam ic Update
You can specify that this DNS zone accepts secure, nonsecure, or no dynamic
updates.
Dynamic updates enable DNS dient computers to register and dynamically update their
resource records with a DNS server whenever changes occur.
Select the type o f dynamic updates you want to allow:
_ Allow only secure dynamic updates (recommended for Active Directory)

This option is available only for Active Directory-integrated zones.
Allow both nonsecure and secure dynamic updates

Dynamic updates of resource records are accepted from any dient.
This option is a significant security vulnerability because updates can be
accepted from untrusted sources.
() Do not allow dynamic updates

Dynamic updates of resource records are not accepted by this zone. You must update
these records manually.
| <Back || Next > | | Cancel |
. 6.2 7 . DNS
. 6.28. DDNS DHCP
, . ,
D H C P ,
. D H C P , .
, ,
Configure () Name Protection ( ),
D H C P DNS.
DNS Active Directory

Microsoft D N S Active Directory,
. Active Directory
Windows Server 2012 R2 Active Directory
D N S . IT
DNS.
, Active Directory
D N S .
Active Directory 7.
DNS
Windows Server 2012 R2 DNS:
D N S (
, ) Active Directory
Domain Services ( Active Directory).
Active Directory (Active
Directory Domain Services Installation Wizard),
Active Directory Domain Services,
D NS. 7 Active Directory
, , DNS.
,
Active Directory.

Active Directory D N S.
. , I P -
D N S - Active Directory,
D N S - D N S - ,
. ,
Active Directory.
Active Directory D N S, .
Active Directory Domain Services
. , ,
. D N S
.
.

Active
Directory, D N S
.
DomainDNSZones .doma in .
. ForestDNSZones .doma i n.
Active Directory.
. 6.9, , msdcs.
bigfirm. com Ecoast.
, DC01.Bigfirm. .
_msdcs .Bigfirm. ForestDNSZone.Bigfirm. com
.
.

.
274 6

,
Forwarders ( ) D N S -. IP -
D N S-, .
1-
, Active Directory Domain Services
Wizard, D N S -. D N S -
IP - ::1 ( IPv6) 127.0.0.1 ( IPv4).

,
. , E co a s t.Bigf irm. com
Bigfirm.com. Active Directory
Domain Services Wizard
.
Ecoast. Bigf irm.
.
. . 6.9.

D NS
.
1. TCP/lPv4 D N S - I P -
. , IP -
192.168.0.1, D N S-.
D N S NsLookup
(127.0.0.1) .
,
1-.
2. ForestDNSZones.domain.name
.

.
3. - D N S -
.
, D N S -.
D N S - ,
, D N S -
Active Directory DNS.
, Active Directory D N S

. ,
-, D N S -
Apex.com. . 6.19 -
FQ D N Apex.corn.
SRV
DNS ,
. ,
, . 6.22. , SRV
D N S Active Directory.
.
netlogon D D N S S R V
Active Directory DNS.
, .
Windows
DNS. . 6.22 :
_gc (global catalog ) LD A P
;
kerberos ;
kpassword ;
ldap LD AP .

. . 6.22 ,
DC01 .Bigf irm. com TCP.
, Windows -
, , LDAP, S R V _ldap._tcp.Bigf irm. com.
, IP -
.
Windows
, _sites.Bigfirm.com.
Active Directory Sites and Services
( Active Directory).
,
D N S , .
, , 16-20 SRV.
, , .
, DcDiag.
NsLookup DcDiag .

,
Windows Server 2012 R2 DNS.
D N S Windows Server 2012 R2,
, , , , .

,
DNS .
276 6
- (Wfeb Proxy Automatic Discovery Protocol

W PAD ). -
. ,
, ,
.
(Intra-Site
Automatic Tunneling Addressing Protocol 1SATAP). 4,
ISATAP IPv4 IPv6.
(global query block list) ,
D D N S . ,
W P A D ISATAP .

. Get-DNSServerGloba 1
QueryBlocklist. , wpad
isatap.
:\Users\Administrator.BFl>Get-DNSServerGlobalQueryBlocklist
Enable: True
List: (wpad, isatap}
www, -
Set-DNSServerGlobalQueryBlocklist.
.
-Enable $True $False.

, W IN S ,

NetBIOS. GlobalNames ( ) ,
NetBIO S (15 ).
D N S GlobalName,
D N S .
GlobalNames .
1. GlobalNames.
, Active Directory,
.
2. G lob a l N a m e s Set-
DNSServerGlobalNameZone:
:\Users\Administrator.BFl>Set-DNSServerGlobalNameZone -Enable $True
3. .
.
4. C N A M E .
www hostrecord. PrimaryZone. local
(. 6.29).
5. , ,
Active Directory.
Fite Action View Help
DNS Name Type Data Timestamp

1 DC01 CD (sam e as par Start of Authority (SOA) ( dc01.fcigfum.comv hostmast... static
/ j Cached Lookups Q (same as par Nam e Server (NS) dc01bigfirm.com. static
a 2 Forward Lookup- Zones WWW Alias (CN A M E) hostrecord.PrimaiyZone.local
1> q j _msdc5.Bigfirm.com
J> adintegratedzone-local
> |-gj apex.com
> Bigfirm.com
CtobalNamesI
5j2 Prim ary Zone.local
. ' j Reverse Lookup Zones
{> . J TrustPom is
> 2 Conditional Forwarders
t> |1 Global Logs
. 6.29. GlobalNames

NsLookup:
:\Users\Administrator.DCl>Nslookup
Default Server: DC01.bigfirm.com
Address: 192.168.0.1
> WWW
Server: DC01.bigfirm.com
Address: 192.168.0.1
Name: hostrecord.primaryzone.local
Address: 192.168.0.21
Aliases: w w w .bigfirm.com
, , Windows,
(N e tB IO S ) .

F Q D N DNS.

D N S,
D N S .
.
, D N S .
D N S ,
.
D N S -.
DNSSEC
HTTP, D N S -
. ,
D N S. ,
D N S S E C (D N S Security Extensions D N S),
D N S - .
278 6

D N SSEC . .

.
KEY, S IG NXT. K E Y
D N S -. S IG .
N X T .
Windows Server 2012 R2 D N S S E C
:
Active Directory D N S;
D N S S E C (N SEC 3 RSA/SHA-2);

D N SSEC ;
D N S S E C PowerShell.
D N S S E C ,
Microsoft, h t t p : / / t i n y u r l . /
dnsseclab.

(trust anchors) D N SSEC ,
DNS-cepoep .
.
D N S - .
:
Active Directory ;
;
.
Windows Server 2012 R2 D NS Manager,
Trust Points ( ).

DNS

.
.
- , , .
, .
-
, D NS. ,
D N S -.
D N S -
. D N S .
DNS
-
- D N S.
D N S -
-.
,
. -
, ,
C N A M E MX.
DNS. D NS , (
D N S -
),
D N S, I P - . ,
DNS-cepnep ,
.
D N S
.
, .
, -
D N S -.
,
.
, , ,
, -.
D N S Linux.
,
-.
D NS,
(split-brain), . ,
, . ,
B ig f ir r c . com
Active Directory .
.
D N S ,
. D N S -,
. I P -
, IP -
.
280 6
DNS
DNS
,
D NS .
, , ,
.
,
, , www.
Bigfirm .com . D N S- ,
.
IP -, IP-
. ,
IP -. 1-.

DNS.
, Windows Server 2012 R2 .

, ,
D N S, .
. Active Directory
, (D M Z ),
. .
,
IP -, IP -.
() D N S -
Microsoft D N S. .
1. D N S - Bigfirm.com.

-.
2. D N S.
Active Directory Domain Services Installation Wizard.
3. Bigfirm.com.
, D N S -
Bigfirm. com. www. Bigfirm. com,
. ,
.
, IP -.

.
4.
.
.

, D N S- .
D N S
. D N S -,
D N S . D N S -

.
D N S -, , . ,

D N S -, -,
.
.
.
, .
,
. ,
. . 6.10 Forwarders ( )
Use root hints if no forwarders are available (
, ). ,
, , ,
.
D N S
.
D N S -.
, .
D N S,
, .
Microsoft , ,
.
, Microsoft
D N S -, ,
. . 6.30 ,
DNS.

D N S - B i g f irm. .
, BF1 .Bigfirm.
.
D N S -, , Active
Directory. .
A p e x .c o m -
.
,
.
.
282 6
DN S-
Ecoast.Bigfirm.com
. 6.3 0 . DNS

DNS

D N S. D N S,
, ,
.
, D N S
PowerShell .
NsLookup, D c D i a g D N S L i n t
, DNS.
DNS-
DNS PowerShell
D N S -
: D N S, , PowerShell,
. ,
PowerShell ,
. , ,
D N S
.
D N S
,
, .
DNS W IN D O W S SERVER 2012 R2 283

. D N S -.
Event Logging ( ). D N S
,
(Event Viewer). D NS.
, Event Logging.
Debug Logging ( ).

, D N S -.
, D N S -;
Debug Logging . 6.31.
D N S -.
D N S IP,
, IP
. ,
, .
Monitoring ().
D N S -; . 6.32.
D N S
, , .
.
, . ,
D N S- , .
- D NS ,
, . D N S -

2012 R2 (Microsoft System Center 2012 R2 Operations Manager),
30 ( 2).
-S
-- .: _ 1A R S F R V F R P r o p e r t ie s 1 ? 1 x
R le Action View H
Interfaces | Forwarders | Advanced j Root Hints
4" * 0 ( 3 x ! Debug Logging | Event Logging | Monitoring
J , DNS To assist with debugging, you can record the packets sent and received
| 01 by the DNS server to a log file. Debug logging is disabled by default.
> Cached Lookup 0 Log packets for debugging
t 3 Forward Lookuf
Packet direction: Transport protocol:
[> 22 Reverse Lockup
0 Outgoing \ select at 0UDP > select at
Trust Points 0 Incoming / least one 0TCP / least one
t> ^3 Conditional For
Packet contents: Packet type:
> !|j GlobaJ Logs
0 Queries/Transfers 0 Request ) select at
0 updates J- fen a* @ Response /
) least one
L J Notifications
Other options:
0 Log unmatched incoming response packets
Details
1 1Filter packets by IP address
File path and name:
Maximum size (bytes): | 500000000 |
OK J | Cancel | | Apply | | Help
..............
. 6.31. Debug Logging

284 6
LABSERVER Properties
File Action View H
In terfaces | Forwarders [ A d van ced ___ I____ Root Hints ~
Debug Logging ] Even t Logging [ Monitoring
i DNS
To verify the configuration o f the server, you can perform manual or
fj, DC01 automatic testing.
t> [3 Cached Lookup
Select a test type:
t> [3 Forward Lookuf
t> 21 Reverse Lookup @ A simple query against this DNS server
G3 Trust Points @ A recursive query to other DNS servers

> 3 Conditional For
To perform the test immediately, dick Test Now.
> Global Logs |
I I Perform automatic testing a t the following interval:
Test interval: I 1 | [minutes
Date Time Simple Query R ecu rsive...

8/10/2015 5:33:44 PM Pass Pass
Apply Help
. 6.32. Monitoring
PowerShell ,
.
Get-DNSServer D N S -
.
Get-DnsServer | Export-Clixml -Path "c:\config\DnsServerConfig.xml"
.
Get-DNSServerDiagnostics
D N S .
Clear-DNSServerCache .
.
DNS.

. ,
, NsLookup, DcDiag DNSLint,
.
NsLookup DcDiag
D N S
NsLookup, DcDiag DNSLint. NsLookup
. DcDiag DNSLint
, Active Directory,
D D N S SRV.
,
D N S PowerShell.
DNS W IN D O W S S ER V ER 2012 R2 285
N sLoo kup
NsLookup ,
.
I P - D N S - DNS.
,
, .. .
. ping
net view, . ping
D N S, HOSTS.
HOSTS ,
ping NsLookup.
C o nfic ker
, DNS
, Conficker. 2008 , ,
, ,
.
Conficker
DNS, KaKMicrosoft.com, S y m a n t e c . c o m
N o r t o n .com.
.
Windows; .
Norton AntiVirus,
Symantec .
!
Conficker, N s L o o k u p ,
. M i c r o s o f t .com
Symantec.com ,
Internet Explorer Firefox .
. , .
, NsLookup IP - ,
. - Microsoft
U R L IP -. .

(Microsoft Windows Malicious Software Removal Tool MSRT).

. M SRT .
, Conficker
Windows.
, ,
,
NsLookup, .
,
T C P /IP
NsLookup.
286 6
, .
D N S -? ,
D N S -. -
. .
?
, NsLookup.
NsLookup .
F Q D N ?
.
DNS.
D N S? ,
, .
FQ D N ?
D N S -.
NsLooku p :
. ,
.

. (
):
:\Users\Administrator.BFl>Nelookup
Default Server: BFl.bigfirm.com
Address: 192.16.0.10
rem
> BFl.bigfirm.com
Server: BFl.bigfirm.com
Address: 192.168.0.10
Name: BFl.bigfirm.com
Address: 192.168.0.10
rem PTR
> set q=ptr
> 192.168.0.10
Address: 192.168.0.10
10.1.168.192.in-addr.arpa name = BFl.bigfirm.com
rem SOA
> set q=3oa
> bigfirm.com
Address: 192.168.0.10
bigfirm.com
primary name server = BFl.bigfirm.com
responsible mail addr = hostmaster.bigfirm.com

serial = 124
refresh = 900 (15 mins)
retry = 600 (10 mins)
expire = 86400 (1 day)
default TTL = 3600 (1 hour)
BFl.bigfirm.com internet address = 192.168.0.10
rem NS
> set =
> bigfirm.com
Address: 192.168.0.10
bigfirm.com nameserver = BFl.bigfirm.com

rem SRV
> sat q=3rv
> _ldap._tcp.bigfirm.com
Address: 192.168.0.10
_ldap._tcp.bigfirm.com SRV service location:

priority = 0
weight = 100
port = 389
svr hostname = BFl.bigfirm.com
DcDiag
Dc D i a g
( )
Windows Server, Windows
Server 2012 R2. ,
D N S. D c D i a g
,
DNS.
.
DcDiag, D NS.
, D D N S
S R Y
dcdiag /test:RegisterlnDNS /DnsDomain:bigfirm. com
/ f : documants\dcdiagRegisterInDNS.txt
H :
Starting test: RegisterlnDNS
DNS configuration is sufficient to allow this domain controller to
dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamically
register the A record corresponding to its DNS name.
.......................... BF1 passed test RegisterlnDNS
288 6
: RegisterInDNS
DNS ,
Locator
DNS.
DNS ,
,
DNS.
. ........ ................. BF1 RegisterlnDNS
DcDiag ,
, D N S.
RegisterlnDNS.
D N S - Active Directory.
, ,
DNS.
DcDiag.
, DNS.
NsLookup,
/DnsForwarders /DnsResolveExtName,
.
DNS
DNS
.
.
, .
/DnsBasic ( , )
/DnsForwarders ( )
/DnsDelegation ( )
/DnsDynamicUpdate ( )
/DnsRecordRegistrat ion ( )
/DnsResolveExtName ( )
/DnsAll includes all tests above)
/DnsInternetName: <-> ( /DnsResolveExtName)
( www.microsoft.com)
SRV,
, , ,
, , .
/registerinDNS /DnsDynamicUpdate
/DnsRecordRegistration, S R V
. /registerinDNS,
.
S R V . /v verbose (
). , SR Viu w
.
:\'Jsers\Administrator.BFl>dcdiag / :BF1 .bigfirm. com
/teat:dns /dnsrecordregistration /v
D D N S
. D N S .
E co a st.B ig firm .co m .
: \Users\Administrator .BFl>dcdiag / :ecl.Ecoast .Bigfinn. com
/test:dns /dnsdynamicupdate /v
DIG , NsLookup
DNS,
Unix Domain
Information Groper ( ), DIG.
D IG , NsLookup
DIG DNS, ,
, , !
, D IG
(http: //www. isc.org/software/bind) Windows Server 2012
R2, DNS.
D IG ,
, .
D IG Windows Server http: //
tinyurl .com/DIGinstall.
D IG , http: / / t i n y u r l .com/DIGusage.
DNS
,
.
-, D N S,
DNS.
w w w .In to D N S.co m . , -,

D N S. ,
D N S - , ,
Report ().
(), N S, SOA, M X W W W .
,

.
www.M3CToolbox.com. ,
.
M X
,
.
, M X, (Blacklist),
Whois SMTP. ,
.
290 6
www.DNSStuff.com. ,
D N S, Whois
IP -.
D NS,
,
, .
D N S. D N S
, .

, D N S -
. D N S - ,
D N S -,
.
.
DNS. SR V M X priority.
S R V jw j priority, 10
20, ?
D N S Active Directory.
Active Directory
DNS. Windows Server 2012 R2
D N S
. D N S Active Directory,
D NS .
S R V D D N S
D N S .
. DNS ,
Active Directory. Active
Directory ?
?
DNS
.
D N S -. DNS-

.
DNS ,
NsLookup, PowerShell DcDiag.
. SR V
netlogon. ,
.
, SR V ?

Active Directory
Windows Server 2012
, Active Directory, . Active
() , Directory (
) .
Active Directory : ,
,
Windows. Active Directory Windows 2000 Server
Windows Server 2003, Windows Server 2003 R2, Windows Server 2008
Windows Server 2008 R2. - Active Directory

.
Active Directory
, Microsoft
, Windows Server 2012 Active Directory ,
, .
, Active Directory
, , DCPROMO
Next (), Finish (). ,
, ,
Active Directory.
,
.
Active Directory,
Active Directory.
, , Active
Directory 2012; ,
Active Directory 2012.
292 7
:
;
(domain controller DC);
;
;
;
Windows Server 2012;
Windows Server 2012
Windows Server 2012 R2 Windows Server 2012. -
Windows Server 2012 R2, .
Active Directory
. Active
Directory , ,
.
(workgroup).
Windows,
. ,
. , 1
Joe, 2
Joe.
,
. , , ,
,
.
.
(domain). ,
. ,
Joe Active Directory
1 2 .
? ,

.
, .
Active Director} (Active Directory Domain Services).
Active Directory (Active Directory Domain Services AD DS)
Windows Server, .
Windows ,
, , AD DS,
Active Directory
, Active Directory.
Active Directory Windows
A c t iv e D ir e c t o r y W in d o w s S e r v e r 2 0 1 2 293
, .
, ..

Active Directory; AD DS
.
Active
Directory, .
- , , Active
Directory, Active Directory, ,
, . ,
,
.
(site). .
.
.
, ,
.
.
, .
(replication). , , ,
Active Directory. Active Directory
. , ,
, Joe ,
. ,
, .
15 ,
15 ( 180 ).
Active Directory
, .
(object). , , Active Directory,
. , Joe .
, Joe,
First Name (). ,
, , ,
, IP .. .
(schema). .
,
Joe. Active Directory ,
, , , .
. ,
Lync Exchange, . ?
, ,
() S IP (Session Initiation
Protocol ). S IP -
(Internet Protocol IP).
294 7
(Group Policy). ,
.
,

,
(Group Policy object G P O )
(organizational unit O U).
,
,
RDP.
.
OU,
, OU
. G PO
, .
, .
(Default Domain Policy)
(Default Domain Controllers Policy).
(organizational unit).
Active Directory,
.
, .
Active Directory.
G PO ,
OU .
, U S E R S
Joe. , Joe
. ,
G PO USERS.
Joe G PO
.
OU Windows,
,
OU Windows
.
. ,
Active Directory,
, Active Directory
O U, ,
O U GPO.
(Default Domain Policy).
.
,
. ,
. ,
.
.
,
Domain Controllers ( )
Active Directory. ,
, ,
. ,
, ,
Domain Controllers. ,
.
(forest). Active Directory.
,
. , ,
.
. ,
, .
(global catalog GC).

Active Directory. ,
,
Active Directory.
, . Exchange

.
, .
,
, (user
principal name U P N ) .
(trust).
,
. , ,

.

. ,
- .
(tree).
, /
, .
,
. , bi gf i r m . c o m
marketi ng .b ig fi rm . co m. Active Directory
,
.
296 7

,
Active Directory, . ,
Active Directory 10
. ,
;
. .
;

GPO ;
Active Directory .
,
.
, , ..
. ,
. Windows Server 2012 Active Directory
Windows Server 2008 R2 , --
. .
(W AN)
.

Active Directory.
, .
.

100 000 .
.
, ,
;
,
. , ,
. ,
, .
.
.
,
. , , , ,
IT . , ,
.

. Hyper-V
() ,
(System Center), . ,
Active Directory ,
, , .

.
.
. ,

, , ,
.
,
.
. ,
. ,
,

.
. Active Directory
.
, .
,
.
. Active Directory
, Windows Server 2008,
.

, Active Directory
. ,
.
, :
Windows Server 2012;
;
;
;
;
;
;
DNS;
;
D S R M (Directory Services Restore Mode
).
.
298 7
W in d o w s S erver 2 0 1 2
Microsoft
: Standard Datacenter. ,
.
, .

. ,
Windows Server 2012 Standard, ,
Windows Server 2012 Datacenter.
, Windows Server 2012 64- ;
32- .
. 32-
64- .

Windows Server 2012 Standard
I P - . :
Windows Server 2012 Standard,
Windows Server 2012 Datacenter. .

. ?
,
, .
, ,
, .
; .
.
DC01, DC02
..
Netdom.
IP-
DNS,
D N S,
I P -.

. IPv4,
IPv6.
, DCPromo. ,
, .
A c t iv e D ir e c t o r y W in d o w s S e r v e r 2012 299

Manage Tools View Help
,
Add Roles and Features
(Server Manager) Manage
Remove Roles and Features
() Add Roles and Features (
Add Servers
), . 7.1.
Create Server Group
,
Server Manager Properties
R2 7.1. -
. Active Directory
(Add Roles and Features Wizard)
,
Active Directory (Active Directory Domain Services Configuration
Wizard - AD DSC W).
,
(. 7.2).
(. 7.3).
DCPromo,
; ,
.
.

,
.
,
( )
.

.
I Post-deployment Configura...
Dashboard look JAew Jjelp

-- ' - . Configuration required for Active Directory Domain
Services at.DG01
WEtCOME TO SERVER MANAGER
Promote this server to a domain controller
i local Server
l i Ail Servers
i f j Configure this local server Feature installation
ijp ADDS
S Trie and Storage Services l>
2 Add rotes and features Conffguralton required. Installation succeeded on
DC01.
"3 Add other servers to Add Roies and features
4 Create server group
Task Details
. 7.3.
ROlS AND SERVER CROUPS
| Serwtgmu;: I ( " fe v M tjb ft !
. 7.2.
300 7

, Windows Server 2008
, Windows Server 2012, Allow
cryptography algorithms compatible with Windows NT 4.0 (
, Windows NT 4.0),
. , Windows NT 4.0,
.
Microsoft
, ,
Windows NT 4.0.
SAM BA Server Message Block (SM B),
Windows Server 2008 ,
SMB, .
,
http: / /support .microsoft.com/kb/942564/.

Windows Server 2012 ReFS (Resilient File System
).
, N TFS. ,
. -
ReFS
, , ,
, .
ReFS Windows Server 2012.
ReFS .
ReFS .
Active Directory, .
SYSVOL, Active Directory
Active Directory N TFS.
SYSVO L ,
ReFS.
Active Directory ,
ReFS.
, ReFS,
SYSVOL, Active Directory ,
, NTFS.

,
. , D NS .
DNS, G C .
(read
only domain controller RODC) , .
A c tiv e D ir e c to r y W in d o w s S erver 2012 301

, ,

. ,
. N etB IO S -
- ,
.
.
? ,
Active D irectory (fully
qualified dom ain nam e F Q D N ). :
, K a K b i g f i r m . c o m , m y d o m a i n .l o c a l forest.com.
. W indows Server 2003
bigfirm, m y d o m a i n
forest, M icrosoft. ,
Exchange Active D irectory D N S ,
.
Windows Server 2012, .
,
.com, .gov, .ch .net, , ,
, .local .domain.
Active
D irectory D N S - , bigfirm.com.
U R L - ,
.
.
SIP Lync ,
.

.
,
.
,
.
, .
- .
,
, .
Active Directory DNS

, Active D irectory D N S. D N S ,
Active Directory. ? Active D irectory (SRV)
D N S , ,
Active Directory. 80%
Active D irectory D N S.
302 7
,
, D N S.
, Active D irectory D N S;
D N S -, .
.

A ctive D irectory
.
, .
, , ,
.
Windows Server 2012 :
Windows Server 2003
Windows Server 2008
Windows Server 2012
,
W indows Server 2012 ,
W indows Server 2003. , ,
W indows Server 2003, . ,
W indows 2000 Server
.
,
W indows Server 2012. ,
, Windows Server 2012. ,
W indows Server 2012
Windows Server 2012 W indows Server 2008 R2.
.
,
.
.
.
W indows Server 2012 W indows Server 2008 R2.
()
.
, .
, , .
,
,
-
, Windows
Server 2012. - ,
.
.
.
Windows
Server 2012 - Windows Server 2008? !
Windows Server 2012
Windows Server 2008 R2? !
Windows Server 2012
Windows Server 2008 R2? . -,
.
A D D S C W
(. 7.4).
W indows Server , ,
Active Directory.
Windows Server 2003

Netdom.exe.
lastLogonTimestamp.
Users ( )
Computers ( ).
304 7
,
.

Kerberos.
Windows Server 2008

D F S -R SYSVOL.
AES 128 AES 256 Kerberos.

.
.

,
. Kerberos.
SPN
(M anaged Service A ccounts).
Windows Server 2012

K D C ,
K erberos : Always provide claim s (
) Fail u n arm o red authen tication re q u e sts (
).
,
, U RL:
h t t p : / / t e c h n e t . m i c r o s o f t . / e n - u s / l i b r a r y /
u n d e r s t a n d i n g - a c t i v e - d i r e c t o r y - f u n c t i o n a l - l e v e l s ( W S . 1 0 ) . asp x

.

, .

.
Active
Directory. :
Windows Server 2003
Windows Server 2008
Windows Server 2012
,
, DC.
,
. ,
A ctive D ire c to ry W in d o w s S e rv e r 2 0 1 2 305
,
(. 7.5).
. 7 .5 . ADDSCW

,
.
Windows Server 2003. W indows Server 2003
.
.
.

(R O D C ).
(K now ledge
C onsistency C hecker ).
(lin k e d -v a lu e
replication), .
D FS.
Windows Server 2008. W indows Server 2008
- .
Windows Server 2008 R2. Active D irectory (Active D irectory Recycle Bin)

A ctive D irectory (Active
D irecto ry R estore M ode). Active D irectory
Recycle Bin P o w erS h ell. A ctive
D irecto ry , W indows
Server 2012. ,
.
306 7
Windows Server 2012. W indow s Server 2012

- .
W in d o w s S e r v e r 2 0 1 2 R2
Windows
Server 2012 R2. Active Directory ,
.
Windows Server 2 0 12 R2 Windows Server 2003
.
:
h t t p ://t e c h n e t . m i c r o s o f t . /en-us/library/
u nderstandin g - a c t i v e - d i r e c t o r y - f u n c t i o n a l - l e v e l s .aspx
SYSVOL
Active D irectory D om ain Services C onfiguration W izard
Active D irectory SYSVOL.
SYSVOL
, ,
. SYSVOL, A ctive D irectory
, N T FS.
,
N T F S (. 7.6).
. 7 .6 .
A c tiv e D ir ecto r y W in d o w s S erver 2012 307
W indows Server 2 0 12 Resilient File System
(R eF S ),
. ,
- Active
Directory, , , .. R eFS
Active D irectory, Active D irectory,
SYSVOL.
Active D irectory ,
. ,
, ,

, .
Active D irectory
.
- ,
Active D irectory ,
. ,
, , ,
, .

DC .
Active D irectory
, :
:\ ;
D :\ Active D irectory SYSVOL;
:\ .
(
).
. ,
, ,
, SYSVOL
.
.
,
.

,
.
:
RA ID ;
;
(battery backed w rite-cach in g BBWC)
RAID.
308 7
, , -
?
, .
, SYSVOL
, , ,
. ,
(Logical U nit N u m b e r L U N ),
L U N . ,
.

L U N .
, .
,
,
. :
Avg. Disk Q ueue Length ( )
Avg. Disk Read Q ueue Length ( )
Avg. Disk Write Q ueue Length ( )
. 100 ,
:
.
, 50 ,
,
.
:.

Windows Server 2012 Active Directory Domain
Services (AD DS),

(Directory Services Restore Mode DSRM ).
,
NTDSUtil. - AD DS
DSRM ;
Windows AD DS .
Directory Services Restore Mode

- Active
Directory, D irectory Services Restore M ode.
D SR M <F8>, A dvanced O ptions
( ).
S afe M o d e ( ).
D irectory Services Restore M ode
. , Active D irectory , -
Active D irectory .
. Active D irectory D om ain Services
C onfiguration W izard , . 7.7.
Adive Direetoty Domain Services Configuration Wizard 35

TARGET SERVER
D om ain Controller O ptions 00)1
D eploym ent Configuration

S etecl fu n ctio n al le v el o f t h e n e w fo re s t a n d r o o t d o m a in
F o re st funcfconai ie v ti:
D N S O p tio n s
D o m a in fb n ctian a l levsfe j-W in d o w s S erver 2012
Additional O ptions
Paths S pecify d o m a in co n tro lle r cap ab ilities

Review optio n s
0 D o m a in N a m e S y s m {DNS} se rv e r
Prerequisites Check @ Global Catalog ((3Q
Q S eisd o n iy d o m a in co r. tro tter (RODC)
T ype t h e D irec to ry S e rv ic e s R e sto re M cxie {DSRM} pjK w ord
PaisywxA
C o n firm p a ssw o rd :
More about domain ccotroSer options
[~ | Cancel !
. 7 .7 . Directory Services
Restore Mode
.
,
. D SR M .
D SR M
, D om ain A dm ins ( ),
. D SR M
,
Active Directory. ,
, ,
D SR M .
Active Directory Domain

Services Configuration Wizard
, , ,
A ctive D irecto ry Active D irecto ry D om ain Services
Configuration W izard. W indow s Server 2012 Active D irectory
,
Active Directory.
Windows
Server 2012 - .
310 7
DSRM
100
DSRM. -
DSRM. , DSMGMT
NTDSUtil .
DSRM DSRM .
:
http://technet.microsoft.com/en-us/library/cc753343.aspx
DSRM
-
. ?
, , DSRMAccount.
.
:
NTDSUtil
Set dsrm password
SYNC FROM DOMAIN ACCOUNT DSRMAccount
Q
Q
Administrator: C:\Wi ndows\system32\cmde<e
' : s e i 's x B d n i n i s t > n t d & u t 11

tdsutil: set dsi;m password
eset DSRM Adr*inisti-ator Password: sync fro* domain accaunt dsrwaccount
assuod has been sj/nchi-onizert successfully.
teset DSRM ftdninistrator Passuot-d: q
tdsutil: q
':\Use*s4ftdninistrato**>_
DSRM
DSRMAccount Active Directory. ,
. ,
DSRMAccount, .
G PO
, ,
PowerShell .
:\Windows\System32\NTDSUtil.
:
"SET DSRM PASSWORD" "SYNC FROM DOMAIN ACCOUNT DSRMAccount" Q Q
TechNet :
http://blogs.technet.com/b/askds/archive/2009/03/11/
ds-restore-mode-password-maintenance.aspx
,
.
1. W indows Server 2012 ,
.
2. (S erver M an ager)
M a n a g e ^ A d d R oles and F e a tu re s ( ).
A ctive D ire c to ry W in d o w s Server 2 0 1 2 311
3. Before you begin ( ) .
4. R o le -B a se d or F e a tu re -B a se d installation (
) Next
().
5. (. 7.8).
a d d Roles and Features Wizard QM S!
Select destination server
S elect a se rv e r o r a virtual ha4i disk o n w hich t o install roles a n d features.
tg) S e te c ta s e n ^ r from th e server p ool

Setect a v irto a iria rd d tjk
1 C o m p u ter^ ) found
This p a g e show s serve.'s th a t a re running W indows Server 2012. a n d r h a t h a v e b e e n a d d e d by usin g th e
A dd Servers c o m m a n d in S e rv er M anager. Offline servers a n d new<y-added s cavers from which d a ta
a ile c tb n is still in co m p le te are n o t sho*vn
. 7 .6 .
6. Active Directory Domain S erv ices ( Active Directory)

, R em ote S erver Administration
Tools ( ).
7. F e a tu re s ( ) .
8. Active D irectory Domain Services.
9. , R esta rt
th e destination se rv e r autom atically if required (
).

.
10.
P rom ote this se rv e r to a dom ain controller (
).
Active D irectory D om ain Services C onfiguration
Wizard.
11. D eploym ent C onfiguration ( )
Add a new fo re st ( )
(. 7.9). ,
. Next.
312 7
If L y : Ac*j/et>ifecto^D<iain Services ConfiguratkmWizara = '
5 SERVER
D e p lo y m e n t C o n fig u ra tio n
Select th d f !oym eruoperjtk?n

Co r.a ir Controller Options
bfcdd a {o m a w com >oR artoanexn*ngdofna#n
Add'tiOâl O p tio n s frad a n*w dafoain to forest
ra^ S / ) Add a n ew latest
Op5of> Specify th e dom ain information for this operation
Frere- ^ - Cbecfe
B oot dom ain n a m e bigfirm.com
M ore ab o u t deploym ent \-*
Pr-ico: > j las1*.': I Cancel
- -
. 7 .9 .
12.
W indows Server 2012. , Domain N am e
S ystem (DNS) S erv er ( (D N S )) ,
D N S. Global C atalog (GC) (
(G C )) ,
.
D irectory Services Restore M ode (D S R M ). Next.
Active D irectory D N S -.
D N S - , ,
. .
13. Next.
14. N etB IO S . ,
, Next.
15. , SYSVOL.
,
Next.
16. Next.
View scrip t ( )
( . 7.10).
N otepad PowerShell
.
17. (. 7.11).
PowerShell Windows Serv
er 2012, Active D irectory D om ain Services,
. PowerShell
D SR M . ,
PowerShell.
A c tiv e D ir e c to r y W in d o w s S erver 20 12 313
Active
TARGET SERVER
I Review Options DC01
Dsotay reeni CoraguraSon Revjfivf y o u se Iectio ns.

C o n fig u re this server a s th e first Active D ireck v y d o m ain to n tr o f le ip. a new forest.
Oor-iatf1Ccnofe/ Cctscns
DNS The new d o m ain nam e is bigfirm.com ". This is also th e na m e o f th e new fo re st
AOdraoral qpoops
T he NetBIOS nam e o f th e dom ain: BIGFIRM
Farhs
F o rest Functional Level: W indow s Server 2012
P re re q u isites Checfc D o m a in Fixnetional Level- W indow s Server 2012
fidditionaJ O ptions:
G iobal c atalo g ; Yes
DNS Server: Yes
C reate DNS DetegafcOR: No
T h ese se ttin g s c a n b e e x in r t e d t o a W indow s Pow erShell sc rip t to autom ate

a d d ib o n ai installations
wscriptJ |
M ore a b o u t installation o p tio n s
tnsiaS j_ Cancel__
. 7 .1 0 . View scrip t
t m p 6 6 3 6 .tm p N o te p a d G Z Ih J H
. File Edit Form at View Help
j # Windows PowerShell s c rip t fo r AD DS Deployment

|#
JIa p o rt-M o d u le ADDSDeployaent
Install-A D D SForest
-CreateOnsDelegation:$false *
-D a ta b a s e P a th " C : \ W in d o w s \ N TD S "
I -BomainMode "Win2012"
-DomainName "bigfirm .com " '
-icainNetbiosNa:!Be 'BIGFIRM
i -ForestMode "Win2012"
=| -In s to llD n s :$ tru e *
-LogPath " C :\Windows\NTDS" *
I -NoRebootOnCompletion:$false
I -SysvolPath C :\Windows\SYSVOL" *
-SafeModeAdministratorPassword {ConvertfTo-SecureString P^ssvOrd* -A sP la in Te xt -F o rc e )'
I -F o rce :S tru e
. 7 .1 1 . PowerShell,
,
, ,
, :
-SafeModeAdministratorPassword (ConvertTo-SecureString "P@sswOrd"
-AsPlainText -Force)
18. P rereq u isite C h eck (

), ,
,
. ,
. Install
().
314 7
.
.
19. <Ctr+Alt+Del>, .

,
Active D irectory D om ain Services C onfiguration Wizard.
. .
.
. 7.12 17,
Windows Server 2012 PowerShell.
Administrator: W indows PowerSheii

S C:\UsersNAdministrator> II
S C:\UserssAdministrator> It Windows PowerShell script for AD DS Deployment
Install-ADDSForest
Ualidating environment and user input
Uerifying prerequisites for domain controller operation.
I
>> -DomainName "bigf ini.con"
-DomainNetbiosName 'BIGFIRM"
>> -ForestMode "Win2012"
>> -InstallDns:$true
>> -bogPath "C:\Windows\NTDS"
~NoRebootOnCompletior!$false
>> -SysvolPath "C:\Windows4SVSUOL *
-SafeModeAdministratorPassword <ConvertTo-Securc8tring "P(?ssw0rd" -AsPlainTex
-Force:$true
>>
WARNING: Windows Server 2012 domain controllers have a default for the security
setting named "Allow cryptography algorithms compatible with Windows NT 4.0"
that prevents weaker cryptography algorithms when establishing security channel:
sessions.
For more information about this setting, see Knowledge Base article 942564
<http://go.microsoft-com/fwlink/?LinkId=10475i> .
. 7 .1 2 . PowerShell
W in d o w s S e r v e r 2012
Windows , ;
Remote Server Administration Tools
(RSAT). RSAT .
RSAT Windows 8 Windows Server 2012,
Windows Server 2008 Windows Server 2003.
, Windows Server
:
http://support.microsoft.com/kb/2693643
RSAT Windows 8, :
http://www.microsoft.com/en-us/download/details.aspx?id=28972
RSAT Windows 8 .1 Windows Server 2012
R2 Windows Server 20!2.
Windows Server 2008 R2 Windows Server 2008. RSAT
Windows 8 .1, :
http://www.microsoft.com/en-us/download/details.aspx?id=39296
A ctive D ire c to ry W in d o w s S e rve r 2 0 1 2 315

, ,
.
, .. .

. Windows Server 2012 .
,
. -
, , ,
. ,
. , D C ,
DC. ,
DC, .
D C ,
Active Directory, .
, ,
? - ? .
Active D irectory D om ain Services Configuration
Wizard DC, DC.
D om ain
Admins. :
;
D N S;
.
Active Directory
Domain Services Configuration Wizard
Active D irectory D om ain Services
W indows Server 2012 A dd Roles and F eatures Wizard.
IP -, . 1-
D N S - DC, .
T C P /IP .
.
1. <W indows+R> Windows
Server 2012.
2. n c p a . c p l .
3. Local A rea C o n n ectio n (
) P ro p e r tie s
( ).
4. Internet P ro to col Version 4 (TCP/IPv4) (
4 (T C P /IP v 4 )) P ro p e rtie s ( ).
IP-, .
5. 1- D N S -, . 7.13.
D N S - 1- 192.168.0.45.
316 7
In te rn e t P ro to co l V e rsio n 4 (TCP/1FV4) P ro pe rtie s [
General I
You can get IP settings assigned automabcaBy if your network supports 1

tbs capability. Otherwise, you need to ask your network administrator a
for the appropriate IP settings.
I
IP address; | 192 . 16 8 . 0
1 * 2
S * n e tm * i; | 2SS . 2SS . 25S 0 |
gefodt gateway. | 192 . 168 . 0 Z D
i Ofetan DNS serv address eutcroat5ea*y
<'; Use the foflov\ctg OMfi server addresses: s
Preferred DNS server: j 192 . 168 . 0

45 1 1
Alternate DNS server: |
z n
Qv a $ d a te settings sa t
Advanced...- J
| j Cancel ;
1_____ < *
. 7 .1 3 .
6. .
,
.
D om ain C ontrollers
Active Directory.

,
. D C ,
Add a dom ain controller to an existing dom ain (
), . 7.14.
Active Directory Do m a in Services Configuration W izard
imXTSiRVlR
| D ep lo ym e n t Configuration DCQ2
Select the deployment operatic

Domain C c r iro te r O ptions
1 Add a gon-ein controXw to an easting domain
i Add s new domain lo an exiit-ng forest
C ' Add a new forest
Specif-, the domain information for this operation
bfimam-. bigfitm.com L . S J
$upp4yth* credentials to p e rfar(m this spnatJon
b'jfrfmXadmirwst/era 1 ;: : b * w _ !
More 4bout deployment configurations
. j /evious j J&r
. 7.14.

, . ,
Add a new dom ain to an existing fo re st (
).
DNS-
D N S - D C ? !
D C D N S - ( ),
D C D N S -.
D C , , Active
Directory. D N S -cepep DC,
. D N S -
.
, A ctive D irecto ry D N S . D N S -
D C , SRV
, Active D irectory . Active
D irectory D N S.
D N S -
.
D N S -.
D N S - ,
D N S -.

D N S -, D N S -.
IP -
D H C P D N S -
,
D N S - .
,
D NS . ,
D N S - 1-.
,
D N S - .

D C ? !
.
.
, ,
D C DC.
ADDSCW
,
. , .
318 7

GC .
223346, http: //support .microsof t .com/
kb/223346/ru.

, Active Directory,
. . ,
, ,
M em b ers ()
. . ,
.
,
. ,
FSMO,
FSM O .

, ,
, ,
.
.
.
, ,
,
, .
, .
1. ,
.
2. , Active D irectory D om ain Services,
M an ag eo A d d
Roles an d F e a tu re s ( ^ ).
,
.

PowerShell ;
, :
Add-WindowsFeature AD-Domain-Services,RSAT-AD-AdminCenter,
RSAT-ADDS-Tools,GPMC
3.
P ro m o te this s e rv e r to a dom ain controller
( ).
PowerShell
,
.
A ctive D ire c to ry W in d o w s S e rv e r 2012 319
4. D eploym ent C onfiguration ( )
Add a dom ain controller to an existing dom ain (
).
b i g f ir m . com.
, ,
D om ain A dm inistrators ( ),
. Next ().
AD? DNS!
, , -
,
DNS D N S-
. , D N S -
. . ,
bigfirm.com, ping bigfirm.com
. , , D N S-
( T C P /IP ), DNS
.
5. Domain C ontroller O ptions ( )

D om ain N am e S y ste m (DNS) s e rv e r (
(D N S )) Global C a ta lo g (GC) ( (G C )),
. 7.15. , D efault-First-Site-N am e.
D S R M .
D SR M D C ,
D C . Next.
6. D N S ,
Next.
A ctive D ire cto ry D c n w in Serv4.es C o n fig u ra tio n W i 2arrJ I-
TARGET SERVER
Domain Controller Options DC02
C c rfig jr s o c n i
cor. t/vj3*rcapaM its ) site iriform aben
Ife m a teC Q rS ro a sf Q p tio ris
DNS Option;
@C^rrvam!SystemfD&S)sever
0 fitebal C atalog (GQ
Additional Cpt-crs e ad o n ly dom ain conttoSler (RODCJ
Paths *=name; jOdautt^-Sfe-Kairo ..
ReviewCeaer-s Type the Directory Services Restore Mode (DSRM) password
Prerequ&ce'
Password:
Confirm passw ord:
More ab o u t d o m ain co raro ite' options
j < PrevtousH ; ext > Cancel ;
. 7.15. DNS- GC DC
320 7
7. Additional O ptions ( ) ,
Active D irectory .
Active D irec
tory NTDSUtil.
,
A D D S C W .
,
, .
, WAN
Active D irectory .
8. Any dom ain controller
( ). Next.
9. P a th s ( ) ,
SYSVOL, Next.
10. Review O ptions ( )
View S cript ( ),

. Next.
11. P re re q u isite s C h e c k ( )
, .
,
. Install ().
12. C lose ( )
.
13. , Active D irectory D om ain
Services C onfiguration W izard .
A c t i v e D ir e c t o r y
, NTDSUtil
Active Directory
.

.
AD DS, TechNet:
http://technet.mirosoft.com/en-us/library/cc77 0654.aspx
,
(O U ),
, , ..
: Active D irectory Users and
C om puters ( Active D irectory), A D U C , Active
D irectory A dm inistrative C e n te r ( A ctive D irecto ry ),
ADAC. M icrosoft
ADAC, .

. ,
, PowerShell. :
,
;
Server C ore,
A D U C ADAC.

Active Directory. ( , , ..)
O U , .
, OU:
(G roup Policy);
.

(G ro u p Policy object G P O )
, . ,
,
,
G P O .
,
G P O
(D efault D om ain Policy),
. ,
,
. G P O ,
, .
OU ( , Sales),

G P O Sales.
, G P O ,
OU
.
G P O
Active D irectory
,
.
Security Filtering ( ) G P O
Authenticated Users ( )
S ecu rity Filtering. 9,
, .
322 7
Active Directory
W indow s Server 2008 R2 Active D irectory
(Active D irectory A dm inistrative C enter) ,
, Active D irectory
Users and C om puters. W indows Server 2012
Active Directory.
PowerShell.
W indows PowerShell, ,
.
, Active D irectory Users an d C om puters -
W indows Server 2012, ,
W indows Server 2008 R2.
ADAC
Active D irecto ry
Adm inistrative C enter, .
1. W indow s Server 2012. Active D irectory
Adm inistrative C e n te r ( Active D irectory).
<W indows+R>,
Run ( ), dsac.exe .
2.
New=>Organizational Unit ( ^ ).
3. Sales N am e ( ) ,
P ro te c t from a c c id e n ta l d eletio n ( )
(. 7.16).
9.
| Create O rga nizational Unit: Sales 1 TASICS I j SECTIONS |
| O rg a n iz a tio n a l U nit
O rgan iza tio na l Unit j
M a n a g e d fiy
Name: !Saies 1 Cfeatenv. DC=bigftrm ,DC=com Chortge...
Address; Description:
Street
|
Cit)/ Stote/Praymte Zip/Postal code (VI Protect from accidental deiefaon
Country/Region: 1
.... . -....
M a n ag ed By (X ; ( ; 9
Managed by: |difc..| |Gear i Office:
Ptrane num bers

Main;
Street
Mobile:
Fax: City Stare/Province Zip/Postal code j
Country/Region: j I a
M ore Information
OK 1 Caned \f
. 7 .1 6 . S a le s
4. OK, .
5. O U .
Sales
N ew oO rg an izatio n al Unit.
6. U s e rs N am e . . 7.17
Active D irectory A dm inistrative C e n te r
Users,
Sales.
Active Directory AdrntrtitSJabvt Center
bigfirm (local) Sales [ M anage He?p
S a te s <1) Tasks
Filter p 0
-
U se rs a i.
> I f i Bigfirm
Nam e Type D e s crip tk j New
* Bu g lin
Delete
Q rtpriittppnai U n tt
> C o m p u te rs
M ove
> 1 D o m a in Contro fiers
> B fl Fore ign S e cu n tyP rin ci

t UIU1 ... >j
S e arch u n d e this n o d e

Properties
> IB L o stA n d F o u n d
j U se rs V
Sales /4
> l l M a n a g e d Service A c o j i .................
M a n a g e d b y: Ad d res s; New
> U N T D S Q u o ta s
L\ M o d ifird ; 5/10/2013 3 :2 3 PI
Defete
> | | P ro g ra m Data
M o v e ..
S earch u n d e r this n o d e
Property
S um m a ry j
WINDOWS PO W ER SHEU. HISTORY

sat : ,y- i.v-"-.
. 7 .1 7 . Active Directory Administrative Center

, P rotect
from accid en tal deletion,
- ( ). ADAC
, , .
, , .
ADAC ,
P ro p erties () P ro te c t from
accidental deletion.
Users Active Directory,

. Users OU Sales
, G P O . Users
( )
G P O . -
324 7
,
; , ,
.
LDAP
Active D irectory
(Lightweight D irectory Access Protocol LD AP). LDAP

(distinguished nam e D N ). ,
, DN.
D N .=,
. , bigf irm.
(bigf irm com), :
d c= b ig firm , dc=com
, Users
Computers cn (com m on nam e ).
Sales:
o u = S a le s ,d c = b ig firm ,d c = c o m
Users :
c n = U s e rs ,d c = b ig firm ,d c = c o m
A ctive D irectory, Active
Directory, .
Active D irectory
.
,
.
Sally. Smith,
Sales, D N :
c n = S a lly .S m ith ,o u = S a le s , d c = b ig firm ,d c = c o m
Joe .Johnson, Users,
DN:
c n = J o e . J o h n s o n ,c n = U s e rs ,d c = b ig firm ,d c = c o m

O U , DN O U .
, Sales O U
Users, Maria, D N
:
c n = M a ria ,o u = U se rs, o u = S a le s , d c = b ig firm ,d c = c o m
DN , ,
. ,
, :
c n ^ K a r ia , ou = U se rs, o u = S a le s , d c = b ig f irm , dc=com
A ctive D ire c to ry W in d o w s S e rv e r 201 2 325
DN :
"cn=Maria,ou=Users,ou=Sales, dc=bigfirm,dc=com"
D N LDAP .
D N :
cn=Maria,ou=Users,ou=Sales,dc=bigfirm,dc=com
CN=Maria,0CJ=Users,0U=Sales,DC=bigfirm, DC=com
PowerShell
Pow erShell ,
. W indows Server 2008 R2 PowerShell 2.0

. , Pow erShell
. M icrosoft PowerShell,
W indows
Server 2 0 12.
W indow s Server 2012 Pow erShell 3.0, W indows Server 2012
R2 Pow erShell 4.0, ,
.
.
, .
, ,
, DSAdd, W indows Script H ost (W SH) PowerShell, PowerShell
.

, Active
D irectory Pow erShell. , AD D S S n a p -In s and
C om m and-L ine Tools ( A D D S ).
, A dd R oles an d F eatu res W izard
Next ( ) , , .
, . 7.18.
Fe a tu re s
Peer N a m e R eso lution Pro to c o l (N o ? installed)
LJ Quality Windows Audio Video Experience (Not installed)

I j RA S C o n n e c tio n M a n a g e r A d m in istra tio n Ktt ( ) (N o t installed)
R e m o te Assistance (N o t installed)
R e m o te D iffe re n tia ' C o m p re s s io n (N e t installed)
\f CD Fe a tu re A d m in is tra tio n T o o is (N o t installed)
[* ) R o le A d m in istra tio n T o o ls
a A O D S a n d A D LDS T o o ts
@ A c tiv e D ire cto ry m o d u le fo r W in d o w s Pow e rSh e ll
a (D A C D S T o o ls
0 A c tiv e D ire cto ry A d m in istra tiv e C e n te r
I I Se rver fo r T o o ls [D E P R E C A T E D ] (N e t in';tailed)
I I A D - LD S S n a p -in s a n d C o m m a n d -lin e Too fe (N o t installed)
. 7.18. PowerShell
326 7
Windows Server 2012 PowerShell ;

PowerShell,
PS : \Users\administrator>. ,
PowerShell PS OU.
PowerShell Active Directory

PowerShell ,
.
PowerShell.
, Active Directory,
,
PowerShell.
, , ,
.
:
Import-Module ActiveDirectory
,
.
PS OU:
New-ADOrganizationalUnit -Name P S O U -Server DC02.bigfirm.com
-Path "DC=bigfirm,DC=com"
, DC02 .bigfirm. com
"DC=bigf irm, DC=com",
. , ,
. PowerShell
, .. ,
.
PowerShell 3.0
Import-Module ActiveDirectory, .
PowerShell 3.0 New-ADOrganizationalUnit
. ,
.
New-ADOrganizationalUnit
, ( - ) .
Pow erShell, -
. , (get) AD
(AD organizational unit), Get-ADOrganizationalUnit,
(remove) Remove-ADOrganizationalUnit.
New-ADOrganizationalUnit
, . -Name O U ;
-Name PS 0U.
-Server , O U , -Path
OU.
. , Get-Help New-ADOrganzationalUnit
help New-ADOrganzationalUnit.
, ,
. ,
.
, , 10
, , PS_OUl, PS 0U2 .., O U ?
.
W indow s Server 2012
PowerShell . Windows
PowerShell ISE (Integrated Scripting E nvironm ent
). ,
.
W indows Pow erShell ISE Intellisense,

.
; Windows
PowerShell ISE. .
1. W indows PowerShell 1SE,
PowerShell .
W indows PowerShell ISE.
PowerShell ; ,
W indows PowerShell ISE S ta rt ( ).
2. View () , Show S crip t (
) .
3. ( ) W indows PowerShell
ISE (. 7.19):
A d m in is tra to r W in d o w s P o w e rth e H ISE EE

Re dit View Tools D ebug Add-ons Help
: l, w i ** 2* J J to .J .
Untitfcdtpsl* X : i Commands X
1 In p o rt-H o d u le A c r iv e D ir e c t o r y *jfe
; 2 a F o rE a c h
3
in 1. .1 0 ) {
| N e w -A fiO rg a n iza tia n a lU n it -Kame "P S jO U S i" -S e r v e r DCOl. b ig f-irm
-i Modules Cw Cnw
1! 4
5 l>
-P a t h DC**ingfirm ,OC=co
*!
i; N arre.
| G ei-O m A ssodatedl*st3i4*
I ] Gei-Gm Oass
Param eters for 'N ew -C im lnst 1
C m C -assC om puterSet
in O m CiassSess.onSet
PS C :\ U s e rs \ A d m irn s tra to r> Im p ort-W od u le Act iv e D i re c t o ry CtassN ameSessionSet
ForEach (S i n J . . 1 0 ) { ResourcelirlCoirpct-ejSet
N e w -A O O rg a m za tio n a tU m t -Name "PS_OUSi" -S e r v e r OCOl.b-igf-irto.com
-P a th OC-bigFir(n,DC=Kon' acsottrceU riSessionS et
} CjBsNafneCompoterSet
PS C ;\ U 5 e rs \ A d n ri r u s t . r a t o r {.-
ClajsNeme.*
Q CitertO nty
Corrtfnor. Param eters
Run |insert) [ cop y|
| i n 8 Coi 28 100% .
. 7.1 9. PowerShell PowerShell ISE

328 7
Import-Module ActiveDirectory
ForEach ($i in 1..10) (
New-ADOrganizat.ionalUnit -Name "PS_0U5i" -Server DC01.bigfirm.com
-Path "DC=bigfirm,DC=com"
}
, ForEach
10 . $i . ,
$i 1, $i
2 ..
New-ADOrganizationalUnit.
,
( ') , .
4. F ile ^ S a v e As ( ^ )
Documents ( ) CreatelOOUs .psl.
PowerShell, , ,
, .
5. W indow s Pow erShell ISE. Get-Ex
<Tab>. ,
, Get-Ex*.
Intellisense. ,
Get-ExecutionPolicy.
6. , Get-ExecutionPolicy. <Enter>.

<F5>.
Restricted
( ) , ,
.
7. ,
(Execution Policy) <F5>:
Set-ExecutionPolicy RemoteSigned
8. Yes ().
.
9. F ile ^ O p e n ( ^ )
, CreatelOOUs.psl.
10. <F5>.
, A ctive D irectory A dm inistrative
C enter .
. ,
, .

.
.
P o w e rS h e ll 4 . 0 W in d o w s S e rv e r 2 0 1 2 R 2
PowerShell 4.0. , PowerShell 4.0
. , Windows
Server 20 12 PowerShell 3.0 Windows Server 2012 R2 PowerShell 4.0.
,
Active D irectory Users and C om puters, Active D irectory Administrative
C enter DSAdd, PowerShell.
.
,
. Computers
( ),
Redircmp, :
Redircmp DN
, ,
Sales,
:
Redircmp "OU=Sales,DC=bigfirm,DC=com"
, :
Redircmp "CN=Computers,DC=bigfirm,DC=com"
He (DC=xxx)
.

Active Directory Administrative Center
D ire c to ry A dm i
nistrative C enter, .
1. Active D irecto ry A dm inistrative C enter,
<W indow s+R > Run ( ),
d s a c . e x e .
2.
Sales New=>User ( ^
).
3. , .
4. , ,
U ser m u st c h a n g e p a ssw o rd a t n e x t log on (
).
, ,
, .
. 7.20.
330 7
ESH
Create User: Sally Smith
Account ? X *
A cc o u n t
O rga nization
First na m e : Sally A c c o u n t expires; $ N e ve r
M em ber O f M id d le initials: End of
Passw ord S ettings Last nam e: S m ith

Passw ord o p t io n s A
Full name: Sally S m ith
rofrie U s e r m u st c h a n g e passw ord at next tog on
User U P N lo g o n ; Sally .Smith @ |~bigfirm.cor ] r J
O t h e r p a ss w o rd o p tio n s
U s e r S a m A c c o u n t.., biqfirm \ \S ally.Sm ith
Sm-srt card is re q u ire d fo r interactive lo g o n
Passw ord n ever expires
Passw ord:
Q User c a n n o t cha n g e p a ss w o rd
Co n firm p a ssw o rd :
E n c iy p tio n o p tio n s : .
C re a te h r O U = U 5 e rs ,O U = S a ie s ,D C = b ig firm ,O C = c o m
Sto re passw o rd u sin g reve rsibie e ncryp tio n
Change
U se Kerbero s DES e n c ry p tio n types fo r this ac...
Q P rote ct fro m accid e n ta l deletion O t h e r e n c iy p tio n o ptio n s
T h is a c-ro u ni S u p p o rts Keffceros A E S 1Z3 b it -.

i 1T h is a c c o u n t s-wpp*rts Kerb e ro s AES 256 bet...
O t h e r o p tio n s:
A c c o u n t ?s sensitive a n d c a n not b e de le g a te d
I I D o n o t re q uire K e rb e ro s p re -a u the ntica tion
M o re In fo rm ation
. 7 .2 0 . A D A C

,
.
, , , ..
,
.

(, , ,
), U ser c a n n o t c h a n g e passw ord
( ).
( , )
P a ssw o rd n ev er e x p ire s (
),
. ,
- , , .
5. .
PowerShell
PowerShell Active
D irectory DSAdd.
, , -
.
.

PowerShell.
, PowerShell
, . ,
, DSAdd.
:
New-ADUser -Path "0U=Sales, DC=bigfirm,DC=com" -AccountPassword
(ConvertTo-SecureString P0ssword -AsPlainText -force)
-Name "Maria Smith" -Givenname Maria -Surname Smith
-DisplayName "Maria Smith" -SamAccountName "Maria.Smith"
-UserPrincipalName "Maria.Smith0bigfirm.com" -ChangePasswordAtLogon 1
-Enabled 1
PowerShell Maria
Smith. PowerShell , -
.
,
; SecureString
-AccountPassword.
-ChangePasswordAtLogon -Enabled
( ) 1 ( ).
.

.
.
,
.
, , .
: ,
. , -
, ,
.
,
.

G Sales,
G_Sales.
, G Sales,
.
, G_Sales,
, .
, ,
.
. ,
.
.
332 7
.
(global).
. ,
. ,
.
(domain local).
A G D LP, a c
coun ts ( ), G global groups ( ),
DL dom ain local gro u p s ( ), ^
perm issions ( ).
.
, .

.
AGDLP.
(universal).
. , , Europe
UnitedStates, G_Sales.
UG Sales,
G_Sales, .. UnitedStates\G_Sales Europe\G_Sales.
UG Sales .
G Sales
UG Sales.

. A G U D L P, U
universal group ( ).

A ctive D irecto ry Users and C o m p u ters Active
D irectory A dm inistrative C enter. ,
.
1. Active D irectory A dm inistrative C enter,
d s a c .e x e .
2. Sales
New=?Group ( ^ ).
3. G_sales G roup n a m e ( ).
. 7.21. .
4. Sales
N ew ^G ro u p . G_salesAdmins
Group nam e. .
G SalesAdmins , , ,
, .
A ctive D ire c to ry W in d o w s S e rv e r 2012 333
Create Group: G_Sales 1 TASKS
f ir o u p
G ro u p
Mana g edgy
Group ruwr.e JjT [G .S e le j___ _____
M e m b e rO f G fcup (SamAico ^ G_Sa!es Create ire OU=Usefs,GU=Sa!esjDC=bigfirm,DC-^co
Members G roup type; G roupscope: tn C hange..
Secunty Domain !cea! Descnption:
gassword Settings
Q Distribution Global
Universal
0 Protect f r w i accidental deletion
M a na g e d By
M em ber O f
M e m b e rs
I :j5j
v M ore Information
. 7 . 2 1 . Active Directory Administrative Center
PowerShell
(ADAC Windows PowerShell History)
PowerShell
. ,
. , ,
? Active
D irectory A dm inistrative C en ter ,
.
1. G SalesAdmins
Windows PowerShell History ( Windows PowerShell)
(. 7.22). ,
ADAC. New-ADGroup (. 7.22).
. 7.22. PowerShell
334 7
2. + ,
.
3. New-ADGroup,
PowerShell.
-Name -SamAccountName - , :
New-ADGroup -GroupCategory:"Security"
-GroupScope:"Global"
-Name:"G_SalesPowerUsers"
-Path:"OU=Sales, DC=bigfirm,DC=com"
-SamAccountName:"G_SalesPowerUsers"
-Server:"DC02.bigfirm.con"
4. , <Enter>.
, .
PowerShell
. 7.22, , Active Directory
Adm inistrative C enter, PowerShell
W indows Pow erShell History. ADAC PowerShell,
W indow s Pow erShell History
. W indow s Server 2012 A ctive D irecto ry 140
Pow erShell, .
, W indow s P ow erShell
History, .
W indows Pow erShell History
.
().
. ,
<Ctrl> .
S e a r c h (). S e a rc h
Pow erShell.
, .
S ta r t T ask ( ) End T ask ( ).
, ADAC
S ta rt Task ,
End Task.
.
C lear All ( ). C lear All
.
S h o w All ( ). Show All , ,
A DAC, W indow s Pow erShell History.
, ,
Active Directory. S h o w .

,
, ,
A D ,
. ,
,
Uptown ( ) Downtown ( ), Marketing (
), Engineering ( ) Management (
), . ,

.
.
, Active D irectory
.
, 9
Active Directory.

.
, ,
:
;
;
D N S , Active Directory;
;
Netdom;
;
FSM O .

. - .
1. .
2. Local S e rv e r (
).
3. Domain ( ) .
4. System P ro p e rtie s ( ).
C o m p u te r Nam e ( )
C h an g e ( ).
336 7
5. D om ain ( ) ,
.
. 7.23, ,
WORKGROUP, . 7.24 ,
. ,
, .
6. .
7. .
.
. .
8. C lo s e ( ),
S y stem P ro p erties.
9. ,
. R e s ta rt Now ( ).
, , , .. -
.

Windows 7 / Windows 8 Windows Server 2008 R2 / Windows Server 2012
, . ,
.
- .
TechNet
h t t p ://technet.microsoft.com/en-us/library/dd3922 6 7 .aspx,
C om puter Nam e/Dom ain Changes Com puter Nam e/Dom ain Changes
Y o u c a n cha ng e the name and the ' of this Y o u c a n cha ng e the name and the m e n h e ^ w p of the
c o m p ile Changes rrigft affed access to network nssourcea. : com puter Changes n ig H d f e d a cce ss to n ^ w o ik resources.
Qflnjxlername: Qomputername:
|ServerGl| i ServerOI
R jS c o m p ile r name: Full computer nam e;

ServefOI ServerOI
More...
Member of Mem ber of
fiomain: (3 Domain:
'.) W orkgroup: W orkgroup
jVTORiCRQUP-
Cancel
. 7 .2 3 . . 7 .2 4 .


, .
Active D irectory
-.
,
DC. D C
(O perations M aster), FSM O (Flexible Single
M aster O perations ),
.
, ,
, .

PowerShell Uninstall-ADDSDomainCor.troller.
Windows Server 2008 R2 DCPromo,
, W indows Server 2 0 12 DCPromo
. , ,
DCPromo W indows. ,
,
F M S O , ,
,
Domain Controllers ( ) Computers
( ) . D N S -
, D N S
Active D irectory (Active D irectory integrated A D I), .
, Uninstall-
ADDSDomainController,
, SRV D N S ,
, Active Directory.
W indows ,
NTDSUtil . ,
A ctive D irecto ry U sers an d C om puters, W indows
Server 2012,
Domain Controllers .
,
NTDSUtil , .
1. Active D irectory Users an d C om puters
Domain Controllers.
2. , .

D elete ().
3. , DC,
Yes () .
, DC
A D , Active D irectory Installation Wizard.
338 7
4. T h is D o m a in C o n tro lle r is p e rm a n e n tly o fflin e an d can no

lo n g er b e d e m o te d usin g th e A ctive D ire c to ry D o m ain S e rv ic e s Installation W izard
(D C P R O M O ) (
AD DS (D C P R O M O ))
D e le te (), . 7.25.
D C ,
, .
Deleting Domain Controller
Warning! You are attempting to delete a Domain Controller from A c t v e Dre ctD fy Domain
a Services w ithout using the Active Off Installation Vttzard (PCProm o). T o props-ly
_ * & ,
remove the Domain Controlef from the AD DS domain you shoi&i run DCfVomo o n the
Domam that you w a n t to delete,
Dom an Contro&er.
| DCO l
r^ 'T h is Domain Controler is perm anently offline and can no longer be demoted using the Active j
D ir e c t o ry Domain Services Installation W izard (D CPRO M O ).
Effete
. 7 .2 5 .
5. Yes ().
O peratio n s M aster,
( ) .
6. ,
().
,
Active D irecto ry Uninstall-ADDSDomainController.
. Uninstall-ADDSDomainController
Uninstall-ADDSDomainController -ForceRemoval.
-ForceRemoval A ctive D irecto ry D C
. ,
, Get-Help Uninstall-ADDSDomainController. ,
-Force ,
,
-DemoteOperationMasterRole Active Directory,
- O perations Master. ,
Active D irectory
.
AD DNS
, D N S , ,
SRV , .
netlogon,
. : SRV
,
.
A c tiv e D ir ec to r y W in d o w s S erver 2012 339
,
, - ,
, , . ,
, , ,
. PowerShell 3.0 -
, , - .
Test-ADDSDomainController
Uninstallation. , ,
.
, .
, Get-Help
Test-ADDSDomainControllerUninstallation,
.
PowerShell 3.0, -
Test-, , Test-ADDSDomainControllerlnstallation, Test-
ADDSDomainlnstallation, Test-ADDSReadOnlyDomainControllerAccountCreation
.. TechNet
http://technet.microsoft.com/en-us/library/hh974719.aspx.
,
, P D C ,
. D N S
SRV, , ,
. , .
. 7.26 DNS M an ag er ( D N S ),
, . ,
( m s d c s , s i t e s ,
_t c p _ u d p ). SRV.
1v ..... ' ' ' ; 1 - . . . : - ,

O N S M anager ijz } .
Fite A ctio n V ie w Hdp
; $ < ! a j f j g @ ' i i i ssj i i
5 , DNS Nam e Ty p e Data Tim e sta m p

i DC01 B -9 C Service Loca tion (SRV) (0][100J|3263] dd)2_b*gfirm.c o m . 2D.012D13 1&0ftOO
| g Global Logs Service Lo ca tion iSR V) (0}[100]{3268j d c O l.ix g fin n .c o m . 20.01.2013 1 &
B g<
Q2 Forward L o ok u p Zones @ _ k e r b e ro s Service Location (SRV) [100881 d c 0 2 b ig fir m x o m . 29.01.2013 l&OCcOO
_ m s d cs-b igfirm .co m [0 ][1 0 0 ][8 8 ] d c 0 1 .big firm .c c m . 20.01.2013 1 0 0
Q _ k e r b e ro s Service Loca tion (SRV)
a b igfifm .c o m
Q j c p a s s w d S ervice Location fSRV) |0][100464] dd > 2 .big* irm xo m . 2 0 0 1 2 01 3 1&
t> f _msdcs
_kpasswd Service Location (SRV) [G ][100)[464] d c O l.b ig firm .com . 2001.2013 1 6 :
Sal .sites
Jd a p Service Lo ca tion (S RV) [0)[1QD}[389) dc0 2 .b tg firm .com . 20-01.2013 IfeOftQO
Jcp
f ijd a p Service Lo cation (SRV) t&][100)l38S) d c 0 1 .b ig firm .com . 20.01.2013 14
> 2 _udp
0 j 'j D o m ainDnsZones
> 2 ForestOnsZones
'
5 !> Reverse Lo ok u p Zones
t> T ru s t Points
t> 3 Co n d itio n a l Forwarders
1

. 7.26. DNS (SRV)

340 7
, SRV
D N S , .
:
Net stop netlogon
Net start netlogon
netlogon .

Windows Server 2008
.
, .
W indow Server 2012 - ,
, .
1. , W indows
Server 2012.
3. W indows Server 2012.
, .
W indows Server 2008 R2,
W indow s Server 2012,
- , W indow s Server 2012 .
, .
( )
, . Windows
Server 2012
, PowerShell.
Windows Server 2008 R2:
Set-ADForestMode -Identity "bigfirm.com"
-ForestMode Windows2008R2Forest
Windows Server 2008 R2:
Set-ADDomainMode -Identity "bigfirm.com"
-DomainMode Windows2008R2Domain
,
, , Dynamic Access Control ( ).
,
:
A ctive D irecto ry U sers and C o m p u te rs ( Active
Directory) ;
Active D irectory D om ains and Trusts ( Active
D irectory) ;
A ctive D ire c to ry A d m in istra tiv e C e n te r ( A ctive
D irectory) ;
PowerShell 3.0 .
.
Active D irectory A dm inistrative C e n te r ,
, .
, .
d s a c .e x e .
2. Active D irectory A dm inistrative Center.
3.
Raise th e d o m ain functional level (
), . 7.27.
4. R aise D om ain F unctional Level (
).
,
.
W indows S e rv e r 2012.
5. .
, .
6. .
,
.
7. .
Q A c t iv e O u o r j x y A o m in is trd tivc C e n te r i * l g
..... .......... w w nniiiiHinrinim imniiin i iniii. w ii iii.i iii ih ib i H i i r m n i T . m i ..........................................................m u .
/ \
( 4 y b ig firm ( lo c a l) ' * (5 ) }
S i Active Direct... < b ig firm ( lo c a l) ( t ) T a s te j
. fii'ter s
| r _______ O -
A ccounts A
f f i Overview
N am e Type Description N ew j
| Acca O ^ n g e d o m ain contraflei D elete

O rtpnizatiehal Unit
ekjfii Ibe forest fa c tio n a l le l_
Organizational Unit
M Burtj Raise th e d o m am <unrtr*dtevel...
builtioDomain .v Search uo c er this node
1 n C o fn ' ifnabfcbiqttteeiT,,. ' - . '-yj > " J
Properties fijf
V
> H O onj 1 N" blgfiim (local)
searcn tn s none
Foret Address; Change dom ain controller
R a a s t he forest functional |...

M anaged Service Oescnption:
Raise th e dom ain Junctions, ~ J
NTDS Q u o tas
Enable Recycle Bin .
* 8 Program Data
N ew
I Summary j vl
1i c r * - - - - - - -
j W IN D O W S PO W E R SH E L L H ISTO RY
. 7.27. Active Directory Administrative Center

342 7
.
< W indow s+R > Run ( ),
d s a c . e x e .
3.
R aise th e f o r e s t functional level (
).
4. R aise F o re st F unctional Level (
).
,
.
W indow s S e rv e r 2012.
5. .
.
6. .
,
.
7. .

( Active
D irectory (Active D irectory Recycle Bin))
.
P o w e r S h ell

. ,
, , .
, PowerShell.
, PowerShell 3.0,
.
,
PowerShell :
Set-ADDomainMode -Identity "bigfirm.com"
-DomainMode toindows20l2Domain
Y.
bigf irm. com Windows Server 2012.
, PowerShell
:
Set-ADForestMode -Identity "bigfirm.com"
-ForestMode Windows2012Forest
Y. bigf irm.
N e td o m
Netdom (
). , .
Netdom
,
.
( )
netdom computername
- . W indows

-. , Netdom
,
D N S . ,
,
(.. Active D irectory (Active D irectory
C ertificate Services)). . ,
, , , ,
. ,
, .

. , bigf irm.
DC01, DC03,
DC03 :
Netdom computername DC01 /add:DC03.bigfirm.com
: .
:
Netdom computername DC01 /makeprimary:DC03.bigfirm.com
Netdom
.
, .
DC01
:
Netdom computername DC03 /remove:DC01.bigfirm.com
.

, Netdom.
:
Netdom join serverOl /d:bigfirm.com /reboot
serverOl bigf irm.
. ,
344 7
, Computers ( ).
, redircmp
- .
Netdom,
,
( DSMove). ,
Computers Sales,
NetDom join DSMove:
Dsmove "CN=Server01,CN=Computers,DC=bigfirm,DC=com"
-newparent "OU=Sales,DC=bigfirm,DC=com"
PowerShell
Netdom ,
Netdom.
PowerShell ,

.
W indows Server 2012 ServerOl bigfirm.com:
Add-Computer -ComputerName ServerOl
-LocalCredential Server01\Adininistrator
-DomainName "bigfirm.com"
-OUPath "0U=Sales, DC=bigfirm, DC=com"
-Credential bigfirmXadministrator -Restart -Force
Windows Server 2012
ServerOl .
;
( -LocalCredential),
,
( -Credential).
N etd om
Netdom ,
. Netdom
http://technet.microsoft.com/en-us/libra / 7 7 2 2 17.aspx.
, .
NetDom Reset. .
- .
.
NetDom Reset Pwd. .
, ,
. .
NetDom Remove. .
NetDom query fsmo. O perations M aster
.
,
O perations Master.
A ctive D ire c to ry W in d o w s Server 2 0 1 2 345

~ O p e fa tio n s M asters
K erberos, ! RID ] p DC ! Infrastructure j _ _ __________________ ____ __ *
A ctive D irectory, , I T he m aster ffln u late sJh e fa id io n g erf O o m a n & i

(PDC) fw pre-Windows 2 0 c fe ris Or*/ o n e server in ih e d o m a n performs
th*3 role
. - O perations m aster: Ip
[DC01higfinn.com

J o transfer th e operations m aster role to th e fotow ng , i
, g computer, d ic k Change.
, jPCQI bigfirm com
,
.

. I
.
, P D C O perations M aster
j _ Q oae J -.1
(
),
. 7 .2 8 . P D C
, ,
O p e ra tio n s M asters
.
, , .
1. Active D irectory U sers and C om puters.
2.
O p eratio n s M asters ( ).
3. O perations M asters ( )
PDC ( ), . 7.28.
, P D C ,
N T P (Network
Time P rotocol ). -
.
PDC.
-
, .
,
, ,
N T P
P D C O perations Master.
, ,
, .

(G roup Policy),

. System Tim e G roup Policy (
) C om puter/P olicies/W indow s S ettings/S ecurity S ettings/
Local P o licie s/U se r R ight A s s ig n m e n t ( / / W indows/
/ / ).
346 7

Windows (W indows Tim e Service; w32tm). w32tm
.

M icrosoft (time.windows .com)
, . ,
( +)
( - ) :
w32tm /stripchart /computer:time.windows.com /samples:5 /dataonly
P D C O perations M aster
, ,
. N TP
w32tm , U D P - 123 .

. ,
M icrosoft (time.windows.com)
N IS T (time.nist.gov):
W32tm /config "/manualpeerlist:time.nist.gov,time.windows.com"
/syncfromflags:manual /reliable:yes /update
syncf romf lags ,
manualpeerlist.
( ) ,
, .
,
:
Net stop w32time
Net start w32time
w32tm,
. ,
, w32tm
.
,

. , .
,
, .
,
.
FSMO
Active D ire c to ry F S M O (F lexible Single M a ster
O perations ),
.
. . 7.1 ,
.
7 .1 . FSM O

FSM0

Schema Master ( )
Domain Naming Master
( )
Infrastructure Master
( )
PDC Emulator
(
)

GPO

RID Master ( RID (relative
(RID)) identifier )
, ,
,
, .
Active Directory.

NTDSUtil,
FSM O , .
1. (cmd.exe), NTDSUtil
<Enter>.
2. roles <Enter>.
3. connections <Enter>.
4. ,
FSM O . connect to server [_]
<Enter>.
5. quit <Enter>.
6. P D C Em ulator. transfer pdc
<Enter>. , Yes ( ).
7. transfer rid master <Enter>
R ID M aster. ,
Yes ().
8. transfer infrastructure master
<Enter> Infrastructure Master.
, Yes ().
9. , F S M O , quit
<Enter>, quit <Enter>,
.
, .
348 7
FS M O , .
1. (cmd.exe), NTDSLJti 1
<Enter>.
2. roles <Enter>.
3. connections <Enter>.
4. ,
FSM O . connect to server [_]
<Enter>.
5. qui t <Enter>.
6. S ch em a M aster. transfer schema
master <Enter>. ,
Yes ().
7. transfer naming master <Enter>
D om ain N am in g M aster.
, Yes ().
8. , F S M O , quit
<Enter>, quit <Enter>,
.
F S M O ( )
, , .
, netdom query
fsmo role, ,
FSM O .

,
, .
W indows Server 2012.
W indow s
Server 2008.
(passw ord-settings object PSO )
Domain Admins ( ).

W indows Server 2012
. W indows
Server 2008 R2 ; .
, PSO
,
,
.
A c tiv e D ir ec to r y W in d o w s S erver 20 12 349
PSO G ITAdmins,
.
1. A ctive D irecto ry A dm inistrative C enter,
< W indow s+R > Run ( ),
d s a c .e x e .
A ctive D irectory A dm inistrative Center.
2. ,
S y s te m /P a s s w o r d S e ttin g s C o n ta in e r ( /
).
3. P a ssw o rd S e ttin g s C o n ta in er
N e w o P a ssw o rd S e ttin g s ( ^
), . 7.29.
A c t iv e O ire c to fy A d m in is tra tiv e C e n te r FT

Password Settings Container
Q ; A c t iv e D i r e c t o r y A d m i n i s t r a t i v e C ... < P a s sw o rd S e ttin g ; (0 )
*= I____________________________ _ Riter p - a
Passw ord S e ttin g s C ontain!
* I i MitrosoRDftiS
Nacne P re c e d e n t New
~j D elete
p l i Policies Passw ord Settings
S e a rc h u n d e r th is node
* I ip s p s
Search order th is n o d e Properties
* RAS e n d IAS Server
' Properties
* ti Rpc5ewc
Add 30 navigation n o d e
iB -W in sa rtS w v ice s
I B v/MiPolicy
li TPM Devices
M l Users
li D ynamic A ccess C ontrol

IB B igfinnU sefs
Biqfimi Securit\' G roups
| W I N D O W S P O W E R S H E L L H IS T O R Y
. 7 .2 9 . ADAC
4. N am e ( ) C re a te P assw o rd S e ttin g s
( ) P S O _ G _ lT A d m in s , P re c e d e n c e
( ) 10.
5. , E nforce minimum p assw o rd le n g th (
) , 15 .
6. , Enforce m inim um p assw o rd a g e (
) , 30
.
7. , E n fo rce a c c o u n t lockout policy (
) , N um ber of
failed logon a tte m p ts allow ed ( )
5.
8. D irectly A pplies ( )
Add ( ). G ITAdmins .
350 7
9. , .
, , 7.30.
10. , .
, Active D irectory
Adm inistrative C e n te r PSO PSO G ITAdmins.
- , PSO ,
.
Sally Smith. ,
IT - , ,
G_ITAdmins. Sally Smith
; ,
sally, smith. ,
PSO , .
2. Sales,
Sally Smith.
3. Sally Smith
View re su lta n t p assw o rd se ttin g s (
), . 7.31.
4. PSO_G_ITAdmins
PSO , Sally Smith.
5. , .
, PSO
.
(R esultant Set o f Policy RSOP),
PSO,
, .
PSO, , .
I C re a te P a ssw ord Settings: P S O _ G J T A d m in s

Password Settings Password Settings
Girectly Applies To
Name: PSO_G_ITAdmins Passw ord a g e .
Precedence; 10 V ] Enforce minimum passw ord age
U se rc a n n o tc h sn g e th e p a ssw o f^ t 30
1^1 Enforce minim um passw ord length
Minimum psssw c rd len g th (charac_ 15 Enforce maximum passw ord age
5 ) Enforce passw ord history User m ust eh sn g e the p a ssw o rd - 42
N umber of passw ords *>= -Y 24 7| b iforce tecfcout pobcy:
Password m eet complexity requirem ents N um ber o f failed logon attem p ts ... [5
Reset tailed logon attem pts c o u n t 30
0 Store passw ord using revers.We encryption
A ccount will b e tocked o u t
Fora duration offnoYis): 30
0 Pro ject frrxr, accidental deletio n Until a n adm inistrator manually unlocks tfv .
Description: las
Directly Applies To
. Wore Information
. 7.30.
A ctiv e D ir ec to r y W in d o w s S erver 2012 351
||?|: A tS ve D ire c to ry A d m in is t r a tiv e te n te * 1 1 f-* vl
| *' bigf irm (local) S a le s / U s e rs (5 ) I* * * r
; A c t iv e D i r e c t o r y A d m i n i s t r a t i v e . . . 1 9 LostAndfound Reset p a ssw o n i..
t o Managed Service Accounts
View resu ltan t passw ord si
t o N TD5 Quotas
A dd to g r o u p - __________
> B i P rogram D ata R e se t p a ssw o rd -
* MSaSes V te w res Ita n t p a ssw o rd settings...
S a lly Sm ith A dd to g r o u p -
> t&l System Disable
User logon: Sjrffy Smi
> t R TPM Devices
D elete
j E-maii:
to Users M o d ified 5/10/201 | Move..,
t o Dynarruc Access Contro* ! D escrip tio n | Properties
l i BtgfoTTi Users D elete
1 8 Bigfirm Security Groups
Move...
Sum m ary |
P Globa! Search
i W IN D O W S POW ER SH EU. HJSTORY
. 7 .3 1 .

,
(D efault
D om ain Policy) . , .
C re a te P assw o rd S e ttin g s (. . 7.30)
P re c e d e n c e ( ). , PSO
,
PSO.
G lTAdmins PSO ,
10, 5. PSO 5 ,

.
, PSO
. , PSO
G_ITAdmins, Sally Smith, PSO
Sally Smith?
G lTAdmins,
Sally Smith, PSO 10.
PSO 15
Sally Smith. PSO , Sally Smith ,
, .
PSO .
PSO, ,
PSO. PSO
, ,
PSO,
. PSO ,
.
352 7
SYSVOL:
Active D irectory,
2000 - , , Active D irectory
.
,
, (
) ( ) .
Active D irectory ,
,
. , , SYSVOL.
N E T L O G O N ( G P O
), ,
W indow s,
(File R eplication Service F R S ),
.
:
;
(D istributed File
System R eplication);
df srmig.
:
, - ,
.
, . ,
SYSVOL W indows Server 2008 R2 W indows Server 2012,
SYSVOL
.
F R S W in d o w s Server 2 0 1 2 ?
. FR S , Windows Server 2008 R2,
D FS-R.
(D is trib u te d F ile S ystem

R eplication D F S -R )
FR S, ,
. A ctive D irectory Windows
Server 2008 R2 W indows Server 2 0 12 . FR S
, ,
W indows Server 2 0 12.
FR S FR S D F S -R .
? Windows Server 2003
W indows Server 2 0 12 W indows Server 2008 (R2),
D F S -R ,
Windows Server 2 0 12. SYSVOL FRS
, (file system junction).
FRS ,
FRS. , FR S,
SYSVOL:
N E T L O G O N ;
;
Windows;
FRS;
.
SYSVOL.
N T F S 3.0,
Windows 2000 Server.
, SYSVOL.
SYSVOL
(single-instance store S IS), ,
, ,
.
(reparse p o in t).
, , -
- .

, SYSVOL SYSVOL\staging\domain
SYSVOL\enterprise SYSVOL\staging\enterprise.
,
.
/

. ,
. ,
.
N T F S .
N T FS
. ,
SYSVOL, .
, SYSVOL,
, .
FRS
FR S W indow s 2000 Server
(D istrib u ted File System D FS) SYSVOL.
, SYSVOL
D FS. F R S ,
,
. FR S
354 7
, .. , ,
,
,
- . FR S

. ,
- , .
FRS
, ..
,
WAN SYSVOL DFS. FRS, ,
SYSVOL
. SYSVOL,
,
. N E T L O G O N ,
SYSVOL
.
FRS
, SYSVOL,
FRS
. FRS.
R P C . F R S
K erberos (rem ote p ro ced u re call R PC )
, .
. FR S ,
N T F S .
, .
. FRS
,
.
, FRS ,
.
,
.
, FRS
, .
FRS ,
, .
.
. FRS
. FRS
, .
. FRS
.
A c tiv e D ir e c to r y W in d o w s S erver 20 12 355
.
, F R S . FR S
.
. FR S

. - ,
WAN.
, WAN .
. F R S
,
- . FRS
,
. , FR S
, , ,
- ,
. , W indow s Server 2008, FRS
D F S
SYSVOL. FR S
D F S . FRS
D FS , D F S
FR S. - D F S ,
.

, ,
Microsoft TechNet:
http://technet.microsoft.com/en-us/library/cc781582{v=WS.10).aspx
- .
FRS
SYSVOL FR S. FR S SYSVOL
,
(K now ledge C o nsistency C h e c k e r ),
Active D irectory, Active Directory.
Active Directory.

.
AD?
, FRS SYSVOL,
Active Directory.
, . Active
Directory, , ,
SYSVOL . FRS
SYSVOL, Active Directory.
356 7
FR S
.
Active Directory. FR S
Active Directory, FRS Active D irectory
.
D F S . F R S
,
D FS. ( SYSVOL
.)
D N S . F R S D N S. F R S
D NS .
Kerberos. F R S
Kerberos.
NTFS. FRS U S N (update sequence number
) N T F S ,
.
(RPC). FR S
IP R P C
.
FRS?
FRS . W indows Server 2012
SYSVOL FR S,
D F S -R ,
FRS. Active D irectory
W indow s Server 2012, D F S -R .
FR S W indows Server 2012 R2

(File Replication Service) Windows Server 2012 R2
, - .
D FS-R.
:
, FR S
Active D irectory Windows 2000 Server SYSVOL
Active Directory. W indows Server 2008 R2
SYSVOL , D istributed File System
R eplication ( ), D F S -R .
,
. D F S -R
R D C (R em ote D ifferential C om pression
). R D C ,
.
,
, . R D C
SYSVOL
.
DFS-R
(D istributed File
System D F S ). D F S
,
, .
D F S .
, - . D F S
W indows Server 2 0 12;
. , D F S (
SYSVOL), FRS.
Windows Server 2008 R2, M icrosoft
, D F S .
DFS D F S -R . D F S -R
FR S D F S, SYSVOL Active Directory,
R D C , , ,
, ,
( FRS)
, .
R D C .
D F S -R .
,
.
.
,
- .
,
.
, ,
. D F S -R
D F S
DFSRADMIN, DFSRDIAG, DFSUTIL, DFSCMD DFSDIAG.
D F S -R ,
W indows Server 2008, W indows Server 2008 R2 W indows
Server 2 0 12. W indow Server 2003
Windows 2000 Server, FRS ,

D FS-R .
358 7
D F S - R W in d o w s S e r v e r 2 0 1 2
D F S -R Windows Server 2012
.
;
. , , TechNet:
Windows Server 2012 http://technet.microsoft.com/en-us/library/
dn281957.aspx Windows Seiver 2012 R2 http: //technet .microsoft.com/
en-us/library/dn281957.aspx.
DFS-R
D F S -R ,
W indow s Server 2008 .
, W indows
Server 2003 W indows Server 2008 , .
. F R S D F S -R
, SYSVOL
F R S D F S -R .
.
FR S D F S -R .
FRS W indows Server 2012, , FR S
W indows Server.
.

W indows Server 2008 R2.
,
(P D C E m ulator), ,
.

.
dfsrm ig ,
. Active D irectory
.
. D F S -R D C Active Directory,
, D C .
,
D F S -R ,
.
. SYSVOL
( )
( ).
D C .
SYSVOL FR S D F S -R
, . Start ( ), Prepared ( ),
Redirected ( ) E lim inated ( ).
.
Start ( 0). SYSVOL, FR S
SYSVOL.
Prepared ( 1). FR S -
SYSVOL, , D F S -R
SYSVOL. SYSVOL
DC.
Redirected ( 2). D F S -R SYSVOL
D C. FR S
SYSVOL, D F S -R
SYSVOL, ,
R edirected.
Eliminated ( 3). D F S -R
SYSVOL. SYSVOL , FR S
SYSVOL.

, , - Microsoft
TechNet:
http://technet.microsoft.com/en-us/library/dd641052.aspx
- .
dfsrmig
.
.
1. SYSVOL. FRS
SYSVOL, c:\windows\SYSVOL.
D F S -R SYSVOL, c:\windows\
SYSVOL_dfsr.
2. SYSVOL FR S D F S -R .
SYSVOL, c:\windows\SYSVOL,
, FR S.
SYSVOL
: \windows\SYSVOL_dfsr, , Active Directory,
D F S -R .
3. SYSVOL.

,

360 7
. , 4 9.
, , :
( 4)
( 5)
( 6)
( 7)
( 8)
( 9)
. 7.32
, .
. 7 .3 2 . DFS-R
, , D F S -R
. , D F S -R D C Active D irectory
.
, D F S -R (
) .
D F S -R ,
Start.
dfsrmig
Start E lim inated.
, ,
, 3, .. . ,
D C Prepared -
Start. dfsrmig
Start. , 3,
. , SYSVOL
.
prepared
,
. , D F S -R
W indows Server 2008. ,
W indows Server 2008 R2 W indows Server 2012.
A c tiv e D ir e c to r y W in do w s S erver 2 0 1 2 361
Windows 2000 Server Windows Server 2003,
DFS-R. : Windows Server 2 0 12 FRS -
, ,
Windows Server.
Active Directory
Windows Server 2008
Active Directory
SYSVOL. Active Directory
, ,
.
.
AD. .
1. Microsoft n e t s h a r e ,
SYSVOL ,
SYSVOL,
FRS. n e t s h a r e
NETLOGON SYSVOL .
2.
,
SYSVOL.
3. U ltrasound FRS
.
h t t p : / / w w w . m i c r o s c f t . c o m / e n - u s / d o w n l o a d / d e t a i l s .
a s p x ? id = 3 6 6 0 .
4.
repadm in /r e p ls u m .
Active Directory.
. , ,
.
5. DCDIAG.
.
. , , .
DCDIAG , DCDIAG / s : D C 0 2 .
b ig f ir m .c o m . DCDIAG
D C 0 2 . b i g f i r m . .
6.
H K E Y _ L O C A L _ M A C H I N E \S y s t e m \C u r r e n t C o n t r o lS e t \S e r v ic e s \N e t lo g o n \
P a r a m e t e r s , SYSVOL
: I\ w i n d o w s _ f o l d e r \SYSVOL\SYSVOL,
SYSVOLReady 1.
7. ,
DFS Replication , Automatic
().
362 7

, Active Directory, FRS SYSVOL,
,
.
1. Active Directory Administrative Center.
2.
Raise Domain Functional Level (
).
3. Domain Functional Level ( )
4. .
5. .
6. .

.
.
Active Directory SYSVOL.
.
Prepared .
.
- ,
. ,
.
Prepared.

Start Prepared .
(. 7.33):
dfsrmig /setglobalstate 1
Aîmâtor:C:\W(rKiovvs\systefi^%Rêxe
icrosoft Windows tUersion 6.2.9200]
(c> 2012 Microsoft Corporation- All rights reserved.
'
..... . . .:
C:\Users\fldministr$tor>dfsrraig /setglobalstate 1 .; ' :
urrent DPSR global state: 'Start'
ew DPSR global state: 'Prepared'
Migration will proceed to 'Prepared' state. DFSR service will
opy the contents of SVSUOL to SVSUOLJDFSR
older.
If any domain controller is unable to start migration, try manual polling,
r run with option /CreateGlobalObjects.
igration can start anytime between 15 minutes to 1 hour,
ucceeded.
C:\Users\fldPiin is t r a t o r ^
: V'
. 7.33. DFS-R 1
A ctive D ir e c to r y W in d o w s S erver 2 0 1 2 363
,
.
:
dfsrm ig / g e t g l o b a l s t a t e
,
(. 7.34).
Administrator; C:\Windows\system32\crnd.exe
;:4Users4ftdministrator>dfsrmig /getglobalstate
urrent DFSR global state: 'Prepared'
ucceeded.
:\Users\ftdministrator>
. 7 .3 4 . DFS-R
, , ,
Prepared:
dfsrm ig / g e t m i g r a t i o n s t a t e
,
, Prepared,
(. 7.35). , ..
Active Directory , . ,
Prepared,
, .
,
Prepared.
Administrator:. C:\Windows\system32\cmd,exe - j ... x
:\.Users\ftdministrator>df srmig /getmigrationstate

111 domain controllers have migrated successfully to the Global state <Prepare
igration has reached a consistent state on all domain controllers,
ucceeded.
J:\Users\fidmin istrator>_
. 7.35. d fsrm ig / g e tm ig ra tio n s ta te

364 7
7.
n e t s h a r e , , SYSVOL
,
SYSVOL, FRS.
8. U ltrasound ,
FRS .
9. , S Y S V O L D F S R
c : \ w i n d o w s \ S Y S V O L _ d f s r ,
SYSVOL (. 7.36).
W fftd o w s r I
- , ~ ' - s f c T - ' r.TZtp~. ' J
Home SWi t Vttsy
- t | * Computer Local ( ) * Windows v 6 | | SewchWmdo
Name Date modified Type fee

' favorites
Desktop (iS Offline Web Pages RtefcSde*
f ife Downloads g Panttie! 20.3 1.233 lix Fdsfcfatec
1 RetentplarK : P la 26.87Ji2 & Fileildef
; Po!kyDefin'6ooe FfsfoWir
| Libraries j= Provisioning firefobSer
$ ^ Documents jb Registration 26.37.201210:05
^ Musk i - RemctePacfcages RiifcWer
! (h | Pictures rescache HlefcWet
3 Videos Rsoteces 26.07.2012 !tt04 Fiferoider
i SchCache FHefofder
Computer i:. scheme* RtefoWef
i. security 202013 FiVefelder
Network Service?refiles 36712:11 Fite folder
i. servicing FiteTofck*
j S Setup * Filefolder
r . SottviareDistrfbirtion file fettle
J i Speech 26^12104 Fiiefolsfer
,ju System 2S.S7.2C12 5&04 FilefofeJei

f. SystemJ2 1 .2 19:11 FWefetder
u SYSVOL . isros File fcWtr
. SYSVOL_OFSR , .2 0 , .3 4 9 ^ ^ fitefckter
' i SysWOWM 20,01.2013 19:03 File fcldtr
. 7 .3 6 . SYSVOL_DFSR
10. DFS .
D FS ,
,
M a n a g e o A d d Roles and Features (1^
) D F S
M anagem ent Tools ( DFS),
Rem ote S e rve r Adm inistration Tools (
) File Services Tools ( ).
DFS M anager ( DFS),
, Health report (
) Propagation report ( ).
(. 7.37).
, .
1. DFS.
2. Replication ()
Dom ain S yste m Volum e ( ).
3. M em bership ().
A ctiv e D ire c to ry W indo w s S e rve r 2 0 1 2 365
4. M em bership Status ( ).
5. , : \windc>ws\SYSV0L_dfsr\Baiii_flOMeH
Enabled ().
6. D om ain System Volume.
7. C reate Diagnostic R e p o rt ( ).
8. (Diagnostic Report
Wizard),
.
, Prepared,
Redirected. D F S -R
SYSVOL .
.
Redirected, .
Diagnostic Report Wizard
o f D ia gn ostic R eport or T e st
Setecf the type of sSagnostic report to or start a propagation test.
PathendNam* Hedth report

to fridude Generrfes a nspsrttfiâhowthejaScatlonheaSh and^fibOTGy
Option*
Revew
Report
widCreate _ Propagation te*
CafAmaUoo Tertsrepfe^k^fnt^gieMbycreaingatestSernarepScaedfotder.
Propagation report
Generate* a repot that tracksthe repetition progress of Serf
nevtoue : Next > ' j | Cancel ]
. 7.37. DFS
\
Redirected
Redirected,
.
1. d f s r m i g / s e t g l o b a l s t a t e 2.
. 7.38.
2. d f s r m i g / get glo b a l s t a t e .
. 7.39.
3. d f s r m i g / g e t m i g r a t i o n s t a t e , ,
Redirected (. 7.40).
366 7
S3 Adm inistrator C:\Windqws\system32\cmd.exe
C:\UsersSftdministrator>dfsrmig /'setglobalstate 2 :
Current DF S R global state: 'Prepared
Hew DFSR global state; 'Redirected'
Migration will proceed to 'Redirected' state. The SYSUOL share

will be changed to SYSUOL_DFSR folder,
which is replicated using DFSR.
Succeeded.
C:\Us6rsNfldministrator>..
I
. 7.38. d fsr m ig / s e t g l o b a l s t a t e 2
Administrator: C:\Windows\system32\cmd.exe
C:\Users\fidministratorMfsrmig /getglobalstate
Current DFSR global state: 'Redirected1

'
Succeeded.
C:\Users\ftdministrator>_
. 7.39. d fs r m ig / g e t g l o b a l s t a t e
Adm inistrator C:\Windows\sysfem32\cm4exs
C:SUsers\ftdministrator>dfsrmig /getmigrationstate
Ull domain controllers have migrated successfully to the Global state X *Redirect
ad' >.
Higration has reached a consistent state on all domain cont r o l l e r s .
Succeeded.
:SU se r s\fldm in is t r ator >*,
. 7.40. d fs rm ig / g e tm ig ra tio n s ta te
A ctiv e D ir e c to r y W in do w s S erver 2 0 1 2 367
,
Redirected; , Eliminated
,
Redirected. .
I . n e t sh a r e .
SY SV O LD FSR
(. 7.41).
Adm inistrator C:\Wifidows\system32\cmdexe
SUsersSAdministrator)net share
(hare name Resource
:\ Default share
PC$ Remote IPC
lDMIN$ C:\tfiridOws Remote Admin
IE!LOGON :\Uindows\SVSUOL_DFSR\s yswol\bigf i rm.comNSCRIPTS
Logon se**uer share
IVSUOL C:\Windows\SYSUOL_DFSR\sysvol Logon server share
'he command completed successfully.
:4Users\Admi.n istrator>.
. 7 .4 1 . SYSVOL
2. DFS
, Prepared.
3. Ultrasound
FRS SYSVOL.
, D FS-R
SYSVOL ; ,
FRS, Prepared.
Redirected,
Eliminated.
Eliminated
, .
FRS D FS-R .
Redirected. D F S -R
SYSVOL, FRS SYSVOL.
, ,
FRS. Elim inated,
. ,
. , Redirected,
, .
1. d f s r m i g / g e t m i g r a t i o n s t a t e ,
Redirected.
368 7
2. repadm in / r e p l s u m ,
Active Directory. .
3. Active Directory ,
.
Redirected, ,
Eliminated.
.
1. d f s r m i g / s e t g l o b a l s t a t e 3 (. 7.42).
Administrator: C:\Windows\system32\cmd.exe 1
:\Users4ftdministrator>dfsmig /setglobalstate 3
rre.nt DFSH global state: 'Redirected'
ew DFSR global state: -Eliminated
igration will proceed to Eliminated' state. It is not possible
revert this step.
If any read-only domain controller is stuck in the 'Eliminating' state for too 1
[mg
run witli option /DeleteRoNtfrsMember.
ucceeded.
:\Users\fldministrator>
. 7 .4 2 . d f sr m ig / s e t g l o b a l s t a t e 3
2. d f s r m i g / g e t g l o b a l s t a t e , ,
Eliminated (. 7.43).
Administrator. C:\Windows\system32\cmdexe
:\Users\fldministrator>dfsrmig /getglobalstate
urrent DFSR global state: 'Eliminated'
ucceeded.
:\Users\fidministrator>
. 7 .4 3 . d fsr m ig / g e t g l o b a l s t a t e
3. d f s r m i g / g e t m i g r a t i o n s t a t e ,
(. 7.44).
4. n e t
s h a r e , SYSVOL (. 7.45).
5. D F S Health report Propagation
report, Prepared Redirected.
A ctiv e D ir e c to r y W in d o w s S erver 2 0 1 2 369
6. Windows
: \windows\SYSVOL.
, ;
, , .
SYSVOL DFSR, . 7.46.
Administrator. C:\Wirtdows\system32\cmd.exe
2:sUceis\fldninisti*dto,>dfsrBi<( /getmigrat ions tat

ill domain controllers have migrated successfully to tlte Global state <Eliminat
d'>.
igration has reached a consistent state on all domain controllers,
ucceeded.
;:\Usera\fldministrator>
. 7.44. df srmig /getmig rat ion sta te
Adfnirastraton C ;\W ^ v ^ \s y s te m S ^ a n d . x e
'hare name Resource Remark
C: n Default share
PC$ Remote IPG
iDHIMS C:\Wibdows Remote Admin
IETLOGON C:\Winrtowt54SV8UOL_DFSR4sysool\bigf irm.comSSCRlPTS
Logon server share
IVSUOL C:4WindoWs48VSU0L._DFSRNsyswol Logon server share
lie command completed successfully.
:SUser5Sfldministrator>.
. 7 .4 5 . net share
J j g g g j *. |
- ?
J <! 1* ] i, Computer * local Did: (:) Windows V 6 j | Starch Aimtew
' Favorites Weme Date mctiifted See

SoftvvareDistribution 2MKS ISO? fnftfoMe.
S2 Desktop
i Downleads i. Speech Pile fesfer
I .. S)Stem \ v k u filtSa
\ fc. Recent pieces
j System32 3 0 19:11 Flic ft (<!b
,,-ij libraries ... SYSVOLDFSR " " T " m f 0!t <tndet
s [5 Documents , . s & X .O l& n !9 f i fclcte

i J* Music J t TAPI 22)2 lOrii FilefcHe-
$; Pictures j , Tasks ^ ritefcWw
Videos , Temp 21X01.2*151*99 Fifefolder

& TcastDats ,3 < .a 2 FiiefoWEr
Computer . tracing 26.07.2?/>2 ( FVefofott

V Jr fokii-
I; % Network , i Web .;2>12 TftOi Friefofca

S . WinS*S 2.01^S13 :&57 FSsfcWe*
S bfsve ^.5?.12 35 Ajpiicaicn ?*
; biotstct.dst . - a t ! 56K8
; Dtdnsteil < U S 9 Ted D*<umen
,5 explorer 26-Cj ^C1 AppfirtOois 2^ KB
ii_____ ____ __ _______
. 7.46. Eliminated, SYSVOL

370 7
W indows, , File
Replication Service D is ab led (),
. 7.47.
' File Action View Help
1 * 4 s. S
File RepScation Service

Description:
Synchronies folders with fife servers
v^FuncticoDiscovayPrBVKiei.. TheFDPHO Manual Locai Service
Function Discovery Resourc,. Publishes th,., Manual Local Service
that usefileReplicstion Service (FRS)
stead of the newerDFS Replication Group Client The service... Automatic (T. Local System
technology. & Healiii Key and Certificate Provides*.5. Manual LocalSystem
'.'X Human Interface Device Ac_ Enables gen Manual (Trig - local System
Hype-V Data Exchange Ser... Running MenualfTng Local System
Hyper-V Guest Shutdown S... Running MsnualfTrig... LocalSystem
'^H yp e r-V Heartbeat Service Monitois th... Running Manua|(Tiig,. local System
Hyper-V Re/note Desktop Vi... Provides* p.,. Runn)ng Manual (Trig. LocalSystem
Hyper- TweSynchrona2t_. Synchronize... Running Manuel (Trig,. Ltcdl Service
vfetlyper-V'Volume Shadow C... Coordinates... Running Manual(Trlg._ Local System
$6 IHEand AuthIP fPset Keymg.. The IKEBCT... MaroialfTrig... local SysiEm
Interactive Services Detection Enables use~ Manual Local System
Internet Connection Shann... Provides ne.. Diiebled Local System
, Extended Standard /
. 7 .4 7 . FRS
,
SYSVOL FRS D F S -R
. SYSVOL
FRS DFS SYSVOL_DFSR.
Active Directory
Active Directory Server 2012, ,
,
.
, ,
. . Active
Directory ,
Active Directory.
Windows Server Active Directory 2012.
,
.
?
W in d o w s NT !
Windows
NT 4.0 Windows Server 2012. Windows Server 2008
R2 NT 4.0 ,
Windows NT 4.0 Server Windows Server 2012 .
, Windows NT 4.0 Server Microsoft
. , Windows NT 4.0 Server , ,
.
A c tive D ire c to ry W indo w s S erver 2 0 1 2 371
Windows Server 2012

Windows Server
a d p r e p . e x e .
,
.
/
Windows Server,
/ r o d c p r e p
(Read-only Domain Controller RODC).
, W indows Server 2012
a d p r e p . e x e - \ s u p p o r t \ a d p r e p
Windows Server 2012. 32- a d p r e p . ,
64- , 64-
Windows Server 2008 . a d p r e p . e x e
;
Windows, -
. , a d p r e p . / ? .
64- Windows Server 2008,
:
adprep /forestprep /forest w 2k3 dom ain .co m /user administrator
/userdomain w 2 k 3 do mai n.c om /password P@sswOrd
,
:
adprep /domainprep / /domain w 2 k 3do mai n.c om /user administrator
/userdomain w 2 k 3 d oma in. com /password P@sswOrd
RODC :
adprep /rodcprep /domain w 2 k 3do mai n.c om /user administrator
/userdomain w 2 k 3 do mai n.c om /password P@sswOrd
, a d p r e p .
Active Directory (ADDSCW ),
.
Active Directory Domain Services.
, - Windows Server 2012
. a d p r e p . e x e ,
.
,
Install () ,
(. 7.48).
. 7.49 ADDSCW,
a d p r e p / f o r e s t p r e p . , a d p r e p . e x e
/ d o m a in p r e p (. 7.50).
Microsoft a d p r e p .
ADDSCW? , ,
, .
372 7
, ..
.
a d p r e p . e x e ,
.
,
,
ADDSCW.
. 7.49. ADDSCW
A ctive D ire c to ry W indo w s S e rve r 2 0 1 2 373
Active D ire cto ry D o m a in S e rvices C o n fig u ra tio n W iza rd l ~ ! a I ... * j
TARGET SERVER ;;
f Installation o cm j
Upgrading domain
View detailed operation results
! AV-dc-vrs S a ve - 3312 have aiieiauft f ^ the c u n ty teitio:} riazned

"w sKHp3iib!e*ia? WtndovsffT 4.-S" that prevents vacate.- it
ypKtgâpiry eK3b!i5hing fecunty channel ^-:.
For mere intennatioa attart this neiJino, see nassled-J* -d* 2 554 (hripj/
gp.ft' k3osofUcm/fwtoTk/?Unkid= W475t>.
insuSatioh
Wore about mstaifatbr- options
L
i
______________ : . - -
! < Previous } j irstgil I j Cancel j |
. 7.50. ADDSCW
W in d o w s S erver 2 0 1 2
Windows Server 2012 Active Directory ,
.
B U I L T I N ADAC ADUC:
Access Control Assistance Operators ( )
Hyper-V Administrators ( Hyper-V)
RDS Endpoint Servers ( RDS)
RDS Management Servers ( RDS)
RDS Remote Access Servers ( RDS)
Remote Management Users ( )
User s ADAC ADUC:
Cloneable Domain Controllers ( )
Windows Server 2012

, , ,
. ,
, , , , .
AD.
. ,
, ,
, , - ,
. , :
, .

.
374 7
W indows
Server 2012.
.
Windows Server 2012 64-
Windows.
. - Windows Server 2012
.
Active Directory .
.
Windows Server 2012 Active Directory. ,

Active Directory Migration Tool (ADMT),
3.2.
.

Windows Server 2012
.
Next () Finish ().
.
. , ,
, , .
,
, , ,
, .
- , ,
, ,
. , .
Microsoft , ,
.
, , ,
. , , , DNS
DHCP, Windows Server 2012.
,
, Windows Server
.
, 64- Windows
Server 2008 Windows Server 2008 R2, Windows
Server 2012 ( . 7.2).
Windows Server 2003 32- Windows Server
2008. ,
Windows Server 2012 Windows Server 2003.
, ,
Active Directory Windows Server 2012 375
7.2.

W indows Server 2008 S tandard SP2 W indows Server 2012 Standard

W indows Server 2008 Enterprise SP2 W indows Server 2012 Datacenter
W indows Server 2008 Datacenter SP2 W indows Server 2012 Datacenter
W indows Web Server 2008 W indows Server 2012 Standard
W indows Server 2008 R2 S tandard SP1 W indows Server 2012 Standard
W indows Server 2008 R2 Enterprise SP1 W indows Server 2012 Datacenter
W indows Server 2008 R2 D atacenter SP1 W indows Server 2012 Datacenter
W indows W eb Server 2008 W indows Server 2012 Standard
, 64-
.
Windows Server 2012 64-
, 32- .
Windows Server 2012: 64--
1,4 , 512 ,
32
800x600. .
,
- .
,
.
, , ,
Windows Server 2012, ,
.
,
. ,

.
.
W in d o w s S erver 2 0 1 2 R2
Windows Server 2008 SP2. ,
, , Windows Server 2008 R2 SPL
Windows Server 2012 Datacenter,
Windows Server 2012 R2 Datacenter.
Windows Server 2 0 12 Standard Windows
Server 2 0 12 R2 Standard Windows Server R2 Datacenter.
, Windows Server 2012.
376 7

:\ .
.
:\
, .
:\
Windows. ,
Microsoft
, .
,
. ,
.
, ,
r e p a d m i n , :
repadmin /re p lsu m / b y s r c / b y d e s t / s o r t : d e l t a
,
, .
- , .
AD R e p l ic a t io n S t a t u s T ool
2012 Microsoft
Active Directory (AD Replication Status Tool),
,
Windows.
.
CSV
XPS . h t t p : //
w w w . m i c r o s o f t .c o m / e n - u s / d o w n l o a d / d e t a i l s .a s p x ? i d = 3 0 0 0 5 .
DCDIAG
. Windows Server 2003 DCDIAG
. s u p t o o l s .msi
\ s u p p o r t \ t o o l s .
, Windows (Event
Viewer) ,
.
, AD Windows Server 2008.
1. , Windows Server 2012.
3. , .
/

FSM O. ,
A c tiv e D ir ec to r y W in d o w s S erver 2 0 1 2 377
, Windows Server 2008.

Windows Server 2008 PD C
.
. ,
FSMO. ,
, - FSMO,
, ,
Windows Server 2003 . ,
Windows Server 2003 Native .
Windows Server 2003/2008
Windows Server 2012, Windows
Server 2012. FSMO
. Windows Server 2 0 12 Setup DVD
, \ s u p p o r t \ a d p r e p
. , , DVD- D,
, D: <Enter>,
cd \ s u p p o r t \ a d p r e p <Enter> . a d p r e p . e x e
64- , 32-.
1. a d p r e p ,
adprep /forestprep
<Enter>.
,
2. , <Enter>.
3.
a dprep /d o m a in p r e p / <Enter>.
4. , a d p r e p / r o d c p r e p
.
I
,
. .
Exchange, Lync - ,
, I .
4 Windows Server 2012,
G PO Windows
Server 2012.
(Read-only Domain Controller).
a d p r e p / r o d c p r e p ,
. , , AD Windows
Server 2008 AD Windows Server 2012,
.
1. Service Pack 2
Windows Server 2008 Service Pack 1
Windows Server 2008 R2, .
378 7
2. , a d p r e p / f o r e s t p r e p
FSM O , ,
.
3. , a d p r e p /d o m a in p r e p
/ g p p r e p FSMO ,
.
4. r u n / r o d c p r e p ,
.

. DVD-
, My C om puter ( ),
, U pgrade ( ).
, .
, - . ,
.
,
.
, ,

,
.
.
(security identi
fier SID ), ,
( , ,
, ) -
.
.
.
Windows Server 2008 AD Windows Server 2012 A D
.
,
.
. Windows Server 2012 64-
. 32- ,
.
.
, A D . (
, .)
.
Active Directory.
A c tiv e D ir e c to r y W in d o w s S erver 2 0 1 2 379

Windows Server 2012
.
Active Directory. - Windows Server 2012
.
Active Directory Windows Server 2012.
,
. ,
,
. ,
, .. .
,
Windows Server 2012
, Windows
Server 2012.

; .
, .
.
, ,
. ,
DN S, DHCP, FSM O, ,
, ,
. ,
.
-
- Windows Server 2012
, ,
Windows 2000 Server,
.
.
1. .
2. - Active Directory Domain Services.
3. ADDSCW Schema Admin (
), Enterprise Admin ( ) Domain Admin (
). ADDSCW
adprep / f o r e s t p r e p adprep /domainprep.
4. , ,
FSMO, IP- .
5. .
380 7
/
,
Windows Server 2012 Active Directory.
F o r e s t P r e p , D o m a i n P r e p GPpr e p ,
.

ADDSCW. , a d p r e p . e x e
, . ,
, :
.

. ADDSCW
Active Directory Domain Services DNS.
DNS
DNS,

. - , DNS
.

, DNS. SRV
N s L o o k u p Dc Di a g , .

,
.
, . ,
, .
,
-
.
.
IP- (IPv4 IPv6).
Active Directory.
.
G P O (RSOP).
,
:
gpresult /scope computer > GPOResult.txt
FSMO. ,
.
.
, DHCP,
, (Internet Authentication
Services) VPN-.
,

-
A DD SCW .
Add a domain controller to an existing
domain ( ). ,
DNS Global Catalog.
,
DNS .
DNS, Active Directory,
, DNS .
1. DNS
:
dnscmd /enumzones
dnscmd /enumdirectorypartitions
2. DNS
.
3. , .
, dnscmd / e n l i s t d i r e c t o r y p a r t i t i o n s
D N S -
. ,
.
dnscmd /En lis tDirectoryPartition < FQDN >
4. D N S -
, .
,
. ,
, , D c D ia g N e t D i a g
, .
,

.
,
.
FSMO GC.
1-.
382 7
.
System (), s y s d m . c p l ,
netdom renam ecom puter.
DNS
.
...
Windows Server 2012

FSMO .

. ,
64-, 32- Windows
Server. , Windows Server 2012 64--
, .
,
Active Directory.
.
1. / .
2. - Windows Server 2012.
3. , DNS Active Directory.
4. .
5. -.
, , ,
, .
6. DCPromo, Active Directory
. - .
7. - Windows Server 2012.
IP -, ,
Active Directory.
8. - .
9. , ,
FSMO.
FSM O, -
.
10.
, Active D irectory Dom ain
Services PowerShell U n i n s t a l l -
ADDSDomainController.
,
.
.
Windows Server 2012
.
SID,
, ( ,
, ,
) - .
.

.

.
Active Directory.

, AD.

( ) AD.
, .
,
. -
.
SID.

.
, , .
Windows Server 2012 , .
, -
, .
, AD ,
.
,
,
. -
Active Directory , ,
.
.
384 7
,
.
, ,
, ,
.
, .
, .
, , .
,
.
. ,
, , ,
.
.
ADMT.
, ,
.
, .
.
.

. ,
, .
.
, ,
.
.
.
,
SID ,
.
,
.

, .
, ,
. ,

.
,
, , ,
.
,
?
;
. .
: ACL
SID. ACL access control list (
) Security
( ) , .
SID security identifier ( ),
,
.
Security , SID,
ACL, SI D
.

IT-.
Active Directory ,
Exchange .
,
.
,
.
, 1-
. ,
. ,
? , .
, .
, IT-
, , ,
. Active
Directory.
.
. V PN ,
, . (
.) ,

. .
ACL
( ):

J o e .
,
.
,

386 7
, .
,

!
SID
, SID.
N T 3.1. Windows 2000 Native
Windows Server 2003 Active Directory
SID.
AD, , , S1D.
SID
, , SID. ,
,
,
Active Directory.
, AD ,
SID SID
, .
SID. AD :
S ID ,
SID .
SID , AD ,
S1D , , , . ,
, : ... - ?
, SID ... , ... ,
Joe . ACL
, , . , J o e
SID, SID,
.
SID ACL, ..
.
SID ,
,
.
SID
SID.
, ,
S1D. Active Directory
(Active Directory Migration Tool A D M T ) M icrosoft,
. ,
. , Quest Software ,
.
A ctive D ire c to ry W indo w s S erver 2 0 1 2 387
SID

Windows Server 2003/2008/2012. (, Windows Server 2012
.)
,
. ,
, S1D ,
netdom
(New Trust Wizard) ADDT.
AD, ,
Windows Server 2012 ( ,
, ),
.
SID ,
SID ,
SID . ,
.
SID . ,
SID
. VBScript,
295758 Microsoft h t t p : / / s u p p o r t .
m i c r o s o f t . c o m /k b /2 9 5 7 5 8 .

ADMT Microsoft
,
,
. , Microsoft
, Active Directory Migration Tool
(ADMT). Microsoft N etlQ ,
ADM T v3.2
.

,
: Bigfirm O therD om ain.
OtherDomain Windows Server 2003 Active Directory. Bigfirm
Windows Server 2012 B i g f i r m , com
. Microsoft ADMT
Windows Server 2012; , Bigfirm
ADMT.
OtherDomain. Windows Server 2008 R2.
ADM T - Windows Server 2008 R2
ADMT01.
388 7
Windows
Server 2003 OtherDom ain.
( ),
DC2003.

,
.
:
,
.
.
,
. , -
.
,
,
.
,
.
,
, , .
, .

.
.
ADMT ,
.
AD. ,

.
- . ADMT,
,
1000 .
; $10 . ,
, .
Active Directory NetBIOS
FQDN, ,
(..
, ).
.
,
, ACL
..
A c tiv e D ir ec to r y W in d o w s S erver 2 0 1 2 389

A D M T 3.2.
Active Directory Migration Tool (A D M T ) 3.2 Windows Server 2012
: The Active Directory Migration Tool v3.l
must be installed on Windows Server 2008 ( Active Directory Migration Tool
v3.l Windows Server 2008 ). A D M T 3.2 PES 3 .1
. ,
: http: / / s u p p o r t .raicrosof t .c o m / k b / 2 7 5 3 5 6 0 / e n - u s .
? A D M T 3.2 Windows
Server 2008 R2 . ,
.
, Windows
Server 2 0 12? ,
Windows Server 2008 R2 PowerShell.
:
Se t-A dForestMode -id entity bigfi rm. com
-forestmode W i n d o w s 20 08R 2Fo res t

. :
Set-Ad Dom ain Mod e - id entity big fir m . c o m
-domainmode W i n dow s20 08R 2Do mai n

Dynamic Access Control (
), ,
.

.
SID
, ACL
.
A D M T ACL
.
.
A D M T --
AD.
, OtherDomain. l o c a l
B ig f ir m .c o m . O therDom ain. l o c a l .
DC O th e rD o m a in . l o c a l DC2003. DC2003
.
390 7
U s e r s Full Control (
), Everyone (). Active Directory Users and
Com puters N TFS
.
A d m i n i s t r a t i o n ().

.
, Z, U N C - \ \ D C 2 0 0 3 \
users\%username%.
A d m i n i s t r a t i o n Group ( )
.
A d m i n i s t r a t i o n Full Control
( ), A d m i n i s t r a t i o n Group.
Windows 7 Win7,
b i g f irm . com.
B i g f i r m .c o m .
Windows Server 2012 DC01.
ADMT. W2K8DC.
- Windows Server 2008 R2 ,
ADMT. ADMT01.
. 7.51.
OtherD om ain.local B igfirm .com
Wjn7 ADMT01
. 7.51.

.
Active Directory Domains and
Trusts (d o m a in .m sc ). New Trust Wizard .
1. .
.
2. .
.
3. .
.
4. , ,
.

DC2003?

-,

. . ,
B i g f i r m X A d m i n i s t r a t o r A d m i n i s t r a t o r s
OtherDomain Active Directory Users and Computers.
,
. ,
.
SID. , S1D
,
.
New Trust Wizard Next ()
, , . 7.52.
Active ' Services
improve the secunty of this e te rn a l trust, security identifier {S lD )fH te in g s

e n a bled. H o w e v e r, if ueers h a v e b e e n migrated to the trusted dom ain a n d thetr S ID
histories h a v e b e e n p reserved, y o u m a y c h o o s e to t u n off this feature.
For m o re information ^ jo u f S fD fStenng a nd h o w to turn it o ff.:

trusts
o not e ho w this iog bo x a ga ri
r i s i 'i
. 7 .5 2 . SID
? SID . SID
.
SID
. - , SID
, .
SID SID,
.

SID, .. SID .
Securing external tru sts ( ) ,
, n etd o m
SID , .
392 7
n etd o m Windows Server 2012 ,

(Support Tools). Microsoft
Support Tools Windows Server 2003 Service Pack 2,
- Microsoft.
SID .
/ q u a r a n t i n e : .
, .
Rem dc01.big fir m.c om
Netdom trust oth erdomain /domain:bigfirm /quarantine:No
/usero:administrator / p a s s w o r d o :P@ssw0rd
Rem DC2003.0therDomain.local:
Netdom trust b igfirm / d o m a i n :otherdomain /quarantine:No
/ u s e r o :administrator / p a s s w o r d o :P@sswOrd
ADMT
- AD M T
. ,

. ADM T ,
. , .

A d m i n i s t r a t o r s

A D M T ,
D o m a in A d m i n s B i g f i r m . c o m
A d m i n i s t r a t o r s
O t h e r D o m a in . l o c a l . ADM T
, ,
.

ADMT B i g f i r m . c o m D om ain A d n i n s .
,
A d m i n i s t r a t o r s O t h e r D o m a in . l o c a l
A d m i n i s t r a t o r s Win? . b i g f i r m . com.
O t h e r D o m a i n . l o c a l
(Password Encryption Service
PES).
, .
Dom ain A d m in s
O th e r D o m a in . l o c a l A d m i n i s t r a t o r s
B i g f i r m .c o m .
PES
C th e r D o m a in . l o c a l . B i g f i r m . com Active Directory
Users and Computers Built-in (),
A d m i n i s t r a t o r s . FES .
A c tive D ir e c to r y W in d o w s S erver 2012 393

A D M T , -
, ,
. , , ..
O th e r D o m a in . l o c a l
.
(W2K8DC.Bigfirm.com DC2003.OtherDomain.
l o c a l ) ,
(Default Domain Controllers
Policy). Windows Server 2003
Active Directory Users and Com puters.
Domain Controllers ( )
P roperties ( ).
Group Policy ( ),
Default Domain C ontrollers Policy (
), .
Windows Server 2008 R2 (Group Policy
Management Console) . ,
Group Policy O bjects ( ).
Default Domain Controllers Policy
Edit ().
, Com puter
Configuration ( ), Windows Settings ( Windows),
Security Settings ( ) Local Policies ( );
Local Policies Audit Policy ( ). Audit
Policy Audit A ccount M anagem ent (
) , Define These Policy Settings
( ) S u ccess and
Failure ( ). Close (),
; .

Windows
,
GPO. G P O
Allow cryptography algorithms com patible with Windows NT 4.0 (
, Windows NT 4.0).
C om puter Configuration Administrative
Tem plates ( ). S ystem ( ) Netlogon (
N etlogon). Allow cry p to g rap h y
algorithm s com patible with Windows NT 4.0 (
, Windows NT 4.0),
Edit (), Enabled
() .
394 7
ADMT
,
.
, ,
,
. , ,
? , !
.
, , - SID .
, ,
SID .
, , .
,
.
.
,
AGDLP (A G U D L P ). ,
, (
),
.
.
, ,
, ,
.
ADMT PES
A D M T - M icrosoft.
, ..
.
, SQL Express
SQL Server.
SQL Express.
ADMT
, A D M T
, (
), : h t t p : / / b l 0 g s . t e c h n e t . c 0 m / b / a s k d s /
archive/2010/07/09/admt-3-2-common-installation-issues.aspx.

,
. A D M T
(Password Encryption Service PES). ,
, A DM T
- ADMT01 DC2003,
.
A D M T .
:
admt key / o p t i o n : c r e a t e /so u r c e d o m a in : otherdomain
/ k e y f i l e : c : \te m p \p a ss w o r d .p e s /k e y p a ss w o r d : P@sswOrd
,
O ther Domain, l o c a l B i g f irm . .
( B i g f i r m . c o m ,
B i g f i r m . c o m . ) / k e y f i l e ,
: \ t e m p \ p a s s w o r d . p e s . -
, : \. ,
, -
O th erD om ain . l o c a l , .. DC2003.
, ADMT :
The password e x p o r t s e r v e r e n c r y p tio n key f o r domain 'otherdom ain' was
s u c c e s s f u l l y c r e a t e d and sa ved t o 'c : \t e m p \ p a s s w o r d .p e s '
otherdomain
:\temp\password.pes
ADM T01.Bigfirm.com.
DC2003.
PES
DC2003
PES ADMT01 . b i g f ir m . com ;
.
-, C D -R O M
PES DC2003.
DLL-

Password Encryption Service
ADMT. A D M T 3.1
.
PES MSI PWMIG.MSI;
, D L L -
A D M T (A D M T Password M igration DLL Installation Wizard).
, , PES
.
. , .
ADM T ,
PES.

,
. A D M T
.
,
396 7
.
. Windows , Windows Vista Windows 7
.
f i r e w a l l . c p l , Advanced (
) 1 Allow Incoming Echo
R equest ( -). .
Exception ( ) File an d Printer Sharing (
).
.
ADMT
A d m i n i s t r a t o r s , .
A d m i n i s t r a t o r .
,

.
ADMT

, .
1. , ..
2. .
.
,
, .
3. .
SID ,
BlG FIR M Y A dm inistration
, OtherDom ain.
l o c a l YAdmini s t r a t i o n . ,
OtherDom ain. l o c a l B igfirm .com O H H
A d m i n i s t r a t i o n B i g f i r m . c o m
.
4. .
,
.
, ,
, , ..
SID .
5. B i g f i r m . c o m .
O therD om ain. l o c a l B i g f irm . com.
6. .
A c tive D ire c to ry W indo w s S e rve r 2012 397
,
,
ADM T ACL.

SID . ,
,
.
.

. ,
.
7. .
,
,
.
ADMT.
8. .
9. - B i g f i r m . c o m

O th e r D o m a in . l o c a l B i g f i r m . c o m , O th e r D o m a in . l o c a l
,
O therD om ain. l o c a l SID
.
,
. ADMT. B i g f irm . com
ADMT, S tart () Administrative ToolsÂctive Directory
Migration Tool ( 1^ Active Directory).
. 7.53, -
, :
;
;
;
;
-.
, .
.
, , A D M T
, , ,
Exchange! , - Microsoft
(Migration Guide).
398 7
Pv m igrator - [Active Directory Migration Too l]
Fie i Actiwi Vfew Help

User AccdJht Miration Wizard
PHI GfIJp Account Migration Wfeard
S3 Computer MtgratmnWizard
^ R SufitvTrai\sirf(crSWiard
Peportkiq wizard
Service Accoutf R a t i o n Wizard
Managed 5evice Account Migration Wfcard
4ei.ry /isl.v.'ira'd
Password ffcyation wizard
Customer Feedback Options.,.
New Window from Here
Refresh
Export Ust. i.
. 7 .5 3 . ADMT
,
VBScript
A D M T .
.
.
Microsoft (Microsoft M anagement Console), ADM T
.
,
. ,
.
. AD M T
.
.
, .
.
.
admt
:
ADMT [ USER | GROUP I COM PUTER | SEC URITY I SERVICE |

REPORT I KEY | PASSWORD I CONFIG I TASK ]
VBScript. VBScript
ADMT.
.
,
.
.
,
.
,
- .
, , ,
.

.
ADMT
.
(User
Account Migration Wizard).
1. ADM T Action () User Account Migration
Wizard ( )
Next (); .
A D M T . 3.1
. ,
,
.
2. Next, , . 7.54.
,
, , .
, .. .
DC2003 , Domain
() Source () Target ()
B ig f ir m .c o m , .
3. Next (. 7.55)
, .
Read objects from an include file ( )
User Selection Option ( ), . 7.55,
.
4. S elect u sers from dom ain (
).
User S election ( ),
. 7.56, ,
. Add ()
, Active Directory
Users and Computers.
7
U s e r A c c o u n t M ig ra t io n W iza rd
D o m a in S e le c t io n
Between which domains do y o u w ant to migrate usets?
Typ e the narrs. of the source and target domain and domain contraltos of select them
from the fete
Domain. jotherdomain. local
D o n e n so rtio fe t. fv .d c2 0 03 OtherOomain local
------
Dam an: |bigfiirr
"3
Domain coniKdte
< Back | Noxt > | Cancel
. 7.54.
U s e r A c c o u n t M ig ra t io n W iz a r d
U ser S e le c tio n Option

Select the method which is ta be used to select the users.
How are the user* to be selected?
G iSefeoi o w * Itow.dotnw^
flead object s fro m en include He
< Ba ck | Next > } Cancel j He!*
. 7.55. User Selection Option
User accounts:
Name I SA M name j Description i

Stetar stefan. roth
| Qr'";-,r, |
<Back ||_ Cancel j Help
. 7.56. User Selection

5. Add
s t e f a n . r o t h ,
.
6. Next; O rganizational Unit S election
( ), . 7.57,
.
, AD,
A DM T ,
.
, LDAP.
[tise r A c cou n t M ig ra tio n W iza rd _________

O iganizational Unit S electio n
The (ja m zationaJ unit [O U ]y o u enter Is used as the tagel.
Ptaaseaitew the <fetirtguehed n*ne & *be taifl* 00.
OU:__________________ _
J l J ) A P 7 / b ^ m com /0U=Adm Û airon.DC=tM ^rri3c^c)rn Brgwse...
< Back |[ ' ' Caned j Help j
. 7.57. Organizational Unit Selection
7. Browse (), ADM T

AD.
8. Next, Passw ord O ptions (
), . 7.58, .
,
Passw ord Options User Account Migration Wizard.
A D M T
.
PES.
, .
,
A l l U s e r s (
). ,
.
9. Next.
, Account Transition O ptions (
), . 7.59.
.
,
402 7
- . A DM T .
Migrate u s e r SIDs to targ e t dom ain (
SID ).
SID .
A DM T : SID
B i g f irm . s t e f a n . r o t h .
10. Next,
-
SID , ADM T .
, ,
OtherDomain$$$ , .
, SID , A D M T
, O therD om ain. l o c a l , ,
.
, ADM T , SID
, ,
.
P assw ord Options

Migrating a password or selecting a complex password provide better network
security.
W hat type of password do you want to use?
P Senwat? complex passwords
P o not update password* for existing users
Password migration source DC:
j dc2003. OtherD omain. local
. 7.58. Passw ord Options
Account Transition Options

You can cfose accounts, set account expiration dates, and migrate security IDs
(SIDs).
To seted how you m i d like to handle rregrsting accoirfc, cfick the decied opfwnr
fcefow.
ErtBbK -ST02.2
F? Micpate user 5IDs to target domain
< gack I Next > | Cancel | Help j
. 7.59. Account Transition Options

A c tiv e D ire c to ry W indo w s S e rve r 2 0 1 2 403
11. Yes (), (. 7.60),
.
U se r A c co u n t M igration W izard
Use* Account
To add SID histoiy.you must a use a c c tx r t with the piope .
Type Jhe use* name.password. and domain ctana c m r i with edmr*stoabve * on

the s o tic e domain
U r n name;
Password:
:
. .
jbighrm com
<* | Next > | * Hdp j
. 7.60 . SID
12. Next, User Options (

), . 7.61.
Fix users'
group m em berships ( ).
SID
, .

SID. U pdate user rights (
) SID SID.
Translate roaming profiles ( )
SID.
U s e r A c c o u n t M ig r a t io n W i i u r d

U s e r O p tio n s r 1
Y o u ca n migrate user . profies, and se tn tiy Mings.
l
Ptea*e setect the (J o w in g opfcom to c ustonra y o u m iration tak. -
V jTianslate roaming ptofteS
Update user rigfc?
y aoc*ated user groups
p 7 Fix u s e s ' ^ 0145oem bei s h p i
i f f i

<Back j U e*> | Cancel j H * i
.. - . ^ ' :
. 7.61. User Options
404 7
O bject Property Exclusion ( ),

. 7.62,
. , Bigfirm ,
;
.
A d m i n i s t r a t i o n ,
?
Conflict M anagem ent ( ), . 7.63.
U se r A c co u n t M igration W izard
O b ject Prop erty E xclu sio n
Y o u c a n exclude certain properties from being migrated on a per object basis
V iExdude specific object properties from migration
Q b je d Type: jij's e r 33
included Properties: Excluded Propel ties;

accountExpnes
eccourtNameHotoy
aCSPofcjWame .>
edmrnCajnl
edminDesciiptron
adminQrsplayName
assistant
businessCategory

CO zi
< | ^ e xt > | Cancet j Help j
. 7.62. Object Property Exclusion
[U se r A c c o u n t M igration W izard E3
C on flict M a n agem en t
Migration conflicts occur w hen an object in the target domain conflicts with an
object being migrated from the source domain. For more information about
_____ migration conflicts see Help._________________________________________________________
Select from the following options to specify how conflicts should be managed during
migtation
** 1, no> n^gate >uTce object if a confSd: rs detected in the target domainj
P and merge c o n fid in g obiecte
" B aV e w /jijrg remov* p s riahti I sostrg *{!et ncttr.

S efpe rwrtê meVib^rs tbia^t groupaccounts
P fjj'ovcmergedobjee*s:tothe?pecfiedtarget -

< Back j Next > j Cancel | M et |
. 7.63. Conflict M anagem ent
13. ,
A d m i n i s t r a t i o n - .
14. Finish
(), .
A ctive D ir e c to r y W in d o w s S e rver 2 0 1 2 405
Migration P rogress ( )
(. 7.64).
,
View Log ( ). ,
c :\w in d o w s \a d m t.
/.
M ig ia tio n P r o g r e ss
[M i gration Progress ji
S ta tu s Completed
Operation'
Examined Copied Errors
Users 1 1 0
Groups 0 0 0
Computers 0 0 0
MSAs 0 0 0
V iew L og
. 7 .6 4 . Migration Progress

, A D M T .
,
.
A d m i n i s t r a t i o n :
rem
admt group /N "administration group" / s d :" o t h e r d o m a i n .local"
/td:"bigfirm.com" / t o :"administration" /mss:yes /fgm:yes
/ u g r :yes / m m s :no / :M erg e+R EMO VEU SERRIGHTS+REMOVEMEMBERS
,
.
/N. SAM (Security Account M anager
) .
.
/s d . .
/ t d . .
/ t o . .
/m ss. SID. Migrate user
SIDs to ta rg e t domain.
/fgm . .
/ u g r . .
406 7
/nuns. . y e s (),
, , .
/ . .
, ,
, .

A d m in is tr a tio n :
rem
admt user /N " s t e f a n . roth" "marcel.zehner " p h ilip p .w its c h i" " c h ris.greu ter"
/ s d : o t h e r d o m a i n .l o c a l / t d : b i g f i r m . l o c a l / t o : " a d m i n i s t r a t i o n "
/mss:yes /corignore /po:copy /ps:dc2003.otherdomain.local
/ d o t :disablesource+e nab let arg et /uur:yes /fgm:yes
.
/ . .
/ p s . PES.
/ d o t . ,
.
/u u r . .

A d m i n i s t r a t i o n B i g f i r m . c o m
SID, SID A d m i n i s t r a t i o n O therD om ain.
l o c a l , \ \ D C 2 0 0 3 \ A d m i n i s t r a t i o n ,
A d m i n i s t r a t i o n
\ \ D C 2 0 0 3 \ A d m i n i s t r a t i o n . .
1. B i g f i r m . c o m
A d m i n i s t r a t o r \ \ D c 2 0 0 3 \
A d m in istra tio n .
,
.
2. A d m i n i s t r a t o r
A d m i n i s t r a t i o n B ig f ir m .c o m .
3. .
, .
4. \ \ D C 2 0 0 3 \ A d m i n i s t r a t i o n .
, A d m i n i s t r a t i o n ! , SID
.

,
,
O t h e r D o m a i n . l o c a l . -
, .
Win7 , .
, , , ,
- !
,
(Security Transition Wizard) SID
Windows.
Security Translation Wizard
. .
, ,
. .
ADMT
Security Translation Wizard Action ()
ADM T (. . 7.53). ,
.
.
.
, .
.
Win 7,
.
Translate O bjects ( )
, (. 7.65).
ADMT.
User profiles ( ).
Security Translation Options ( ),
. 7.66,
SID Replace (), Add () Remove ().
(S e c u r it y T ran slation Wi?ard . 13!

T ran slate O bject
Tramlation is the process reapplying access control lists loi objects.
R ease specify what you wo u ld (ike to translate.
ia$ an d foldets
Local fl'oups
Printers
* Reflfstiy
Shares
P - ]Q W prcrffe&
U sw ngH s
<g a c k j Nest > J Cancel j

J * ... 1 :
I
. 7.65. Translate Objects

408 7
[s e c u r ity T ran slation W izard
S e c u r ity T ra n slation O p tion s

This window aitom you to customize your migration options.
Select the security translation option you want to use:
Replace secutty relwsnces to source objects.
dd
Add equivalent secu*ily references for t o e i obiects end leave s a u c e r d e e n c e s intact.
Remote
Rem ove secaily a nd acces? control b t refe*ences to soutce domain obiects.
< Sack | &ext > { Cancel | Help j
. 7.6 6. Security Translation Options
A D M T ,
.
Replace. Add
,
.
SID SID
, B i g f i r m \ S t e f a n . R o th
, .
Active Directory Migration Tool
Agent Dialog ( A D M T), . 7.67,
.
, : Run pre-check (
) Run pre-check and agent operation (
). (
ADMT, .) ,
, (File and Print Services),
, A D M T
\ \ W i n 7 \ a d m i n $ .
w i n 7 .
A gent S u m m ary ( ) .
, View
Migration Log ( ) Agent Detail ( ).
Agent Detail
.

, .
. ,
, -
. ,
.
A c t iv e D ir e c to r y W in d o w s S erver 2 0 1 2 409
[Active Directory Migration Tool A gent Dialog ______________ HBE3!
Tbisdialog sBowsyou to perform pre-checks, ageni epetd&onsand post-checfes{if &) on a*
uujctees. Ycw cancortf^rebothpre-and p c ^ c h e d tt to be automatical retried- <
details,
Agent Summary---------- .............. ----------------------------- * ----------
Fwrnof einfoirTialim about operations lhat completed i w a r n i n g s or ertt*s,use the View Log
option fiomlhe Agent De*ai! page.
Computer | Pie check 1 Agent Operation j Message
jJ
Yiew Migration Log ] I
-Agent Actions --------------------

" fire-check retry setting?
f* Run pre-check,
gimbet o' -i 13
Run pre-check and agent operation
|gr ^
dumber of rettier. j; -3
i'ail | ^[
3
[ bse I Help j
. 7 .6 7 . Active Directory Migration Tool Agent Dialog

. .

.
, .
, .
SID.
Security Translation Wizard
.

Security Translation Wizard Active D irectory M igration Tool
Agent (. 7.68).
Agent Sum m ary P ost-check ().
, .
.
,
. .

. .
.
, . ,
.
410 7
Active Directory f-Egralion Tool Agent Dia!g
T hfecWog etkiwsyou 10JJefWW jwechecks, agent opeseSons end post-dwcks&eppfcatda) on aS

machines, You can configure both pfa- arid port-eheckt to be automatical^ retted. Please see Help
fe details
j - Agent Summary-- --------------------------------------------- -------------- --------------
: Fo* mose mf armtkm about operations that ompteled w*h warnings or etfffls. use the View Log
optiwi fiom tbeAgert Detail .
fcutei j Pre-check 1 Agent Opeiation j Post-check j Message

WIN7.0thorDomaei local Not Started Not Stated Not Started
1
View Migration Log J ^genl.-Dtffiii
-Retry Settings Agent Actions------- ----------------........ ..........
" ie-check refty settings

& Run pre-check
fiqr/ifer o rpin'op: > jW~ 3 Run precheck and agent opeiation
Eet'V l'V.<-'v3i -
~3
f* P2 ti-cbeck retry settings
Nymber of retries:
Close Hdp
. 7.6 8. Active D irectory M igration Tool A gent Dialog

,
.
.
,
.
,
.
,
, .
Windows Server 2012

, ,
, .


. ,
,
.
Windows Server 2012
. Windows
Server 2012 ,
Windows Azure Active Directory

Active Directory, .
, Active Directory .
, Active Directory.

Windows.
Active Directory IT
. Active Directory
, ,
. Windows N T
,
. Active Directory
.
Windows Azure.
.
,
,
Windows Azure.
Windows Azure Active Directory. Active
Directory, , Active Directory, Active
Directory, Azure Windows Azure Active Directory (WAAD,
Windows Azure AD Azure Active Directory).
Windows Azure Active Directory ,
.
Microsoft Windows Azure AD.
Office 365;
Dynamics CRM Online Windows Intune.
WAAD (tenant),
,
.

? , . Windows Azure Active Directory
, ,
Windows Azure AD Active Directory .
Active Directory ,
Active Directory (. 7.69).
Active Directory ,

WAAD, DirSync,
.
412 7
W ind ow s Azure Active D irecto ry

D yn am ics C R M Online

A ctive D irectory
( )
. 7.69. Windows Azure Active Directory

(single sign-on SSO). ,
DirSync . SSO Active Directory,
,
Active Directory (Active Directory Federation Services AD FS).
Active Directory
.

AD Windows Azure Active Directory?
Office 365,
Windows Azure Active Directory.
, Office 365 Windows Azure Active Directory.
WAAD Windows Azure ( h t t p : / /
w w w . w i n d o w s a z u r e . c o m / ). ,
.
Windows Azure
(. 7.70).
Windows Azure M anagement ( Windows Azure), Windows
Azure AD, Office 365 A ccount ( Office 365), Windows
Intune Account ( Windows Intune) PowerShell Windows
Azure Windows Azure AD,
, . 7.71.
A c t iv e D ir e c to r y W in d o w s S erver 2012
default directory
USERS APSUCATIONS DOM/W
Your directory is ready to use.

H e re a re a few options to g e t started
Skip Quick Start the next time I visit
Explore
Intagrate applications
. 7.70. WAAD
PowerShell
W indows Azure
/
Cl O ffice 365
W indows Intune
W indows
Azure M anagem ent
~W W indows
[ Azure AD
W indows Azure A ctive D irectory
. 7.71. Windows Azure Active Directory

414 7

Active Directory, , ,
LDAP (Lightweight Directory Access Protocol
) , LDAP
, .
, LDAP WAAD,
LDAP .
,
.
WAAD Microsoft REST (Representational State
Transfer ). REST ,
H TTP , ,
(create, read, update, delete C R U D )
GET, POST, PATCH DELETE. Microsoft REST
A PI- Windows Azure Active Directory Graph.
.
. HTTP
-.
.
REST
; , #
Java.
. HTTP
HTTP, A PI- Windows Azure AD G raph
.
.
HTTP.
W in d o w s A zu r e A c t iv e D ir e c t o r y G r aph
, Graph A PI,
. Windows Azure Graph
Explorer ( Graph),
. h t t p : / / g r a p h e x p l o r e r . c l o u d a p p . n e t /
Microsoft,
U se Dem o C om p any ( )
. (G raphDirl) h t t p s ://
g r a p h . w i n d o w s . n e t / G r a p h D i r l . O n M i c r o s o f t . c o m , ,
.
,
, u s e r s URL: htt ps: //g raph.
w i n d o w s . n e t / G r a p h D i r l . O n M i c r o s o f t . c o m / u s e r s .
D a n i e l @ G r a p h D i r l . o n m i c r o s o f t . c o m ,
h t t p s :/ / g r a p h . w i n d o w s .n e t / G r a p h D i r l .O n M i c r o s o f t .c o m / u s e r s /
D a n i e l S G r a p h D i r l .o n m i c r o s o f t .com.
D ocu m entation (),
Windows Azure Active Directory Graph.
Windows Azure Active Directory . REST/
HTTP ,
WAAD. . 7.3
.
, .
7.3. Windows Azure Active Directory

REST/HTTP , ,

OAuth 2.0

S A M L2.0 -

W S-Federalion 1.3 -


,
WAAD, WAAD
Windows Azure Active Directory. WAAD
, WAAD Active Directory .
. 7.69 .

, Azure
, . ,
,
Windows Azure AD. Windows
Azure AD DirSync,
WAAD
. DirSync
WAAD .
DirSync
. DirSync ,
, - . ,
.

, ,
.
Active Directory

(, ) ,
DirSync.

, , .
416 7
D ir S y n c
DirSync . 64-
, SQL Server 2008 R2 Express Edition
SQL Server.
.
, Active Directory,
Active Directory
, ,
. :
Exchange Server ,
Active Directory .
h t t p : / / s u p p o r t . m i c r o s o f t . c o m / k b / 2 2 5 6 1 9 8 / e n - u s .

, TechNet:
h t t p : / / t e c h n e t .m i c r o s o f t . c o m /r u -r u /lib r a r y /h h 9 6 7 6 4 2 . aspx.
W indow s Azure A ctive D irectory

.

. , ,
.
(same
sign-on).

,
Active
D irectory (Active D irectory Federation Services
AD FS). AD FS

AD FS Windows Azure
Active Directory.

Windows Azure AD. . 7.72 ,
A ctive D irectory .
. 7.72. AD FS Active Directory,
,
.

,
Windows Azure.
.
(+) (-)
, . 7.4 .
A ctiv e D ir ec to r y W in d o w s S erver 2 0 1 2 417
7.4. Windows Azure Active Directory

Windows Windows Azure Windows Azure
Azure Active Directory Active Directory + DirSync Active Directory + DirSync + ADFS
+ + Active D irectory + Active Directory

+ +
+
- - - DirSync

- -
- AD FS
- DirSync
-


, .
, ,
WAAD.
workplace Join
,
. ,
IT -.
iPad.
, .
, ,
.
.

,
,
. :
Active Directory ( ),
. ,
, .
Workplace Join ( )
BYOD (bring-your-own-device ),

.
workplace Join
Workplace Join Windows Server 2012 2,
Windows 8.1;
418 7
, ,
. Workplace Join
, --
, . ,
,
Microsoft
Active Directory Federation Services Windows Server R2
.
.
URL, .
(user
principal name U PN ),
.
, ( ) Web Application
Proxy .
Web Application Proxy, Windows Server 2012,
Remote Access,
,
. Wfeb Application Proxy ,
. ,
Windows Server 2012 R2 AD FS DRS (Device Registration
Service )
Active Directory. Active Directory .

.
Workplace Join (. 7.73).
, ,
,
.
W eb Application AD FS

Active Directory
Proxy
(BYOD) Active Directory

. 7.73. Workplace Join

A c tiv e D ire c to ry W indo w s S e rve r 2 0 1 2 419
,
. ,
- , ,
.
W orkplace J o in
Wbrkplace Join Windows Server 2012 R2 Windows 8.1,
,
Wbrkplace Join. ,
.
Wbrkplace Join ,
( )
iOS Windows Wbrkplace Join:
h t t p :/ / t e c h n e t .m ic r o s o f t . c o m /en -u s/lib ra ry /d n 4 5 2 4 1 0 . aspx.

, .
.
. ?
.
. ,
. ,
.
.
. ?
, .
.
,
.
.
.
?
.
, ,
.
.
.
.
, .
420 7

.

.
.
.
?
Active
Directory. , Windows Server 2008 R2
Active Directory Recycle Bin ().
.
Windows Server 2012?
. Windows Server 2012.
.
?
8
, ,
, ,
Windows Server,
. ,
,
.
. ,
,
. ,
, , ,
,
, .

, .
,
, .
, PowerShell,
, . ,
PowerShell.
. ,
,
.
,
. ,
, / / ,
.
: Windows Server, Server Core
Active Directory.
422 8

Windows Server 2008 R2. Windows Server 2012
PowerShell,
Active Directory (Active Directory
Administrative Center) PowerShell.
Active Directory
PowerShell, .
. ,
.
:
;
Active Directory Administrative C enter Windows Server 2012;
PowerShell.
W in d o w s S erver 2 0 1 2 (R 2 )
, Wuidows Server 2012,
Windows Server 2012 R2; .

, ,
. ,

, PowerShell, ,
, ,
. Microsoft PowerShell.

DC01 . b i g f i r m . c o m - S e r v e r 0 1 . b i g f i r m . c o m .

.

.
Computer Management ( ),
, Tools ()
C om puter Management ( ).
,
Server01.bigfirm.com
, Com puter Management
\Local U s ers a n d G r o u p s \ U s e r s ( \
), . 8.1.
423
.
A d m i n i s t r a t o r (). -
. .
G u e s t (). ,
,
.
.
*
3 action
* + ? ! 5
Computer Management (Local) Name F.. Description
I System Tools ^ fidmtntarafur ButtC-miccouritforidmmjaetingihe con^juter/dcmam
j ! <2/ T* Scheduler J3uea Built-in account for guest access to ths computer/domain
| [- Event Viewer
| l> Shared folders
a Local Users end Groups
1 j Groups
0 Performance
DeviceMeneqei
P j Storage
t> Winder Serverftstkvj
frlf DHfcManagement
$ Services end Applications
. 8.1. Com puter Management
, G u e s t
, . ,
.
G u e s t
, .
A d m i n i s t r a t o r
Administrator
. Administrator
, A d m i n i s t r a t o r !
, .
A d m i n i s t r a t o r
.
(Event Viewer) : , ,
A d m i n i s t r a t o r ?

, .
A d m i n i s t r a t o r ,
.
IT ,
A dministrator .
, ,
.
424 8

Administrator. ,

. Ad m i n i s t r a t o r , .
.
. ,
,
. Administrator.
,
, . ,
, , 1-
, ,
.
A d m i n i s t r a t o r .
,
(security identifier (SID) , Windows
) ,
. , .
,
. , SA, root Administrator,
, .
, Administrator .
, .
Administrator,
, , ,
, .
, New User

jSRed
S t e v e Red.
FuS name: j Steve Red
\ L o c a l U s e r s a n d G r o u p s X U s e r s
QeeaÂorv j Manager of the server team

PmswokJ
New User ( ). Confirm password
New User ( 0 User su et change p a s e w d rued k>flun

). ! ] Uer carrntf change password
!_~] Password r v e r s

Accounted
(. 8.2).
U ser N am e ( ).
,

. . 6.2.

-
. SR e d
Steve Red. -
, , SRedlSRed, S R e dSRedOl SRedlOSRed.
.
.
425
( )
, , SMRedlO.
, .
Full Name ( ). Full Name ,
.
, .
Password (). Password .

(passphrase).
.
User Must Change Password at Next Logon (
).
.
User Must Change Password at
Next Logon ( ).
, ,
. ,
IT . ,
.
, User Must Change Password at
Next Logon. .
User Cannot Change Password ( ).

.
, .

, .
Password Never Expires ( ).
Password Never Expires
, -
, , .
,
. , SQL Server
.
Account Is Disabled ( ).
. ,
. , G u e st.

,
.
,
, ,
IT .
,
.
426 8
Create () S R e d
New User.
, .
Close (), New User.
. 8.3, ,
, .
- : -
Computer Management .
- Ki Action V** (
V - ! ; B is? ! '
? Computer Management (locafj I: Name Full No Description Actions
* f i SyJtemlools 1 Smtt-in>iccortforsdnnneieingShecon'pulef/doroen
1>TrtSdwdui 1G uest Suit!-msccountforguestaccent tht computt/domair
I> EventVtcwe I f'SRed SteveRed Manage the sewerteam
& Shcrtd
4 localLb&zandII
IiSSfeSS
@ Performance
a DaviceManag
* | Stoiage
* WindowsSaw Bacirf |r
QltlcManagement
p j S*fvtce>2f*}Applications ||
. 6.3. Computer Management
-.-
Microsoft . ,
, .
, .
, , .
,
.
,
. ,
30 ,
.
, 12-, .
. ,
,
? .
. -
Novemberl982-l ,
. , -
, ? ,
.
, ,
. : ,
.
! ,
, ,
. ,
,
, .
427
.
Server Core Windows Server 2012,

. SRed,
:
:\Users\administrator>net user SRedl Skyisblue2013 /ADD
.
:
net user < > > /ADD
.
. , ,
. 14 , ,
Windows,
.
, , :
net user SRED "My dOg is yellow" /ADD
, Computer Management,
:
net user SRed Skyisblue2013 /fullname: "Steve Red"
/comment: "Manager of the server team" /logonpasswordchg:yes /add
.
/fullname.
.
/comment. Description ()
.
/logonpasswordchg:

Язык

- Windows Server 2012 R2. Полное Руководство. Том 1

Загружено:

Сведения о документе

Описание:

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Описание:

Авторское право:

Доступные форматы

- Windows Server 2012 R2. Полное Руководство. Том 1

Оригинальное название:

Загружено:

Описание:

Авторское право:

Доступные форматы

Mastering Windows

ISBN 978-5-8459-1935-9 (., 1) - , 2015,

1. Windows Server 2012 R2 27

2. Windows Server 2012 R2 47

3. Server Core 133

4. Windows Server 2012 R2 175

5. IP Address Management DHCP Failover 205

6. DNS Windows Server 2012 R2 243

7. Active Directory Windows Server 2012 291

10. Active Directory 579

12. Windows 2012 R2: ,

16. Windows Server 2012 R2 885

1. Windows Server 2012 R2 27

2. Windows Server 2012 R2 47

3. Server Core 133

4. Windows Server 2012 R2 175

5. IP Address Management DHCP Failover 205

6. DNS Windows Server 2012 R2 243

7. Active Directory Windows Server 2012 291

Active Directory Domain Services Configuration Wizard 309

Workplace Join 417

10. Active Directory 579

12. Windows 2012 R2: ,

Microsoft M VP System Center:

, Windows Server 2012 R2.

() Windows Server 2012 R2 300

Windows Server 2012 R2

Q | A ctive... < Deleted Objects (1) Tasks

Iva n o v V asily (D isab led ) Properties

User logon: rvas Expiration: <Never> Delete

. 1.1. Active Directory

PowerShell Active Directory

W indow s PowerShell L=JLe 1

Active Directory Rights Management Services

Active Directory Certificate services

Se rv e r M an a g er * Dashboard - I ., Tools View Help ^

WELCOME TO SERVER MANAGER

3 Add other servers to manage

ROLES AND SERVER GROUPS

File and Storage ^

BPA results Performance

(File Classification Infra

IIS N e w s Enable IIS News

Windows Server 2012 R2?

Windows Server 2012

Time and currency format ( )

8 Windows Server 2012 R2

Repair your computer

2013 Microsoft Corporation. rights reserved.

. 2 .2 . Windows Server 2012 R2

Windows Server 2012 R2,

GUI S erver C ore

Select the operating system you want to install

Operating system Architecture Date m odified

E U LAI D:W S B_R8_1 _E D_S RVSTD_V_e n-us

I accept the license terms

Get important updates for Windows Setup

Go online to install updates now (recommended)