Chapter

Module 1 1
Installing Windows servers
Lesson 1: Introducing Windows Server 2019
• Windows Server 2019
• Preparing and installing Server
• Selecting a suitable Windows Server 2019
edition.
• Hardware requirements
• installation options
Selecting a suitable Windows Server 2019
edition
• Windows Server 2019 Standard
• Windows Server 2019 Datacenter

•-Windows
WindowsServer 2016
Server Essentials
2019 Standard edition:
•isWindows
designedServer 2016 Standard
for physical server environments or
Windows ServerIt2016
•virtualization. Datacenter
provides many of the roles
Microsoft
•and Hyper-V
features Server
available for2016
the Windows Server
Windows
•2019 Storagesystem.
operating Server 2016
This Workgroup
edition supports
•up to 64 sockets
Windows Storageand up 2016
Server to 4 terabytes
Standard (TB) of
RAM.
Selecting a suitable Windows Server 2019
edition
WindowsServer
•Windows Server2019
2016 Essentialsedition:
Datacenter
•ItWindows
designedServer
for 2016
highlyStandard
virtualized infrastructures,
•including private2016cloud
Windows Server and hybrid cloud
Datacenter
environments. It provides all of the roles and features
Microsoftfor
•available Hyper-V Server 2016
the Windows Server 2019 operating
Windows
•system. Storage
This editionServer 2016
supports up Workgroup
to 64 sockets, up to
Windows
•640 Storage
processor Server
cores, and 2016
up to Standard
4 TB of RAM. It
includes unlimited Windows Server–based virtual
machine licenses for virtual machines that run on the
same hardware.
Selecting a suitable Windows Server 2019
edition

Microsoft
• Windows Hyper-V
Server 2016Server 2019 Acts as a
Essentials
stand-alone virtualization server for virtual
• Windows
Machines,Server 2016 Standard
including all the new features
• Windows Server 2016 Datacenter
around virtualization in Windows Server
• Microsoft
2019. Hyper-V Server 2016
It supports domain joining and
• Windows Storage Server 2016 Workgrouplimited service
features.
• Windows Storage Server 2016 Standard
Hardware requirements

• Windows Server 2019 has the following minimum

hardware requirements for Server installation:
You can choose among the following installation
Options when deploying Windows Server 2019:
• Windows Server 2019 (Desktop Experience)—full server
installation
• Windows Server 2019—Server Core installation
Server
• Use theManager
followingServer
options to remotely manage a
Manager is part of the Windows Server 2019 Desktop Server
computer
Manager is thethat is running
primary GUI toolWindows
to manage Server
computers2016:
running
• RemoteServer
Windows Server2019.
Administration Tools (RSAT)
The Server Manager console can manage
both• local
Serverand remote servers. You can also manage servers as
Manager
groups, allowing you to perform the same administrative tasks
• Management consoles for each role/feature
quickly across multiple servers.
• Windows PowerShell remoting and PowerShell Direct
• Remote shell
• Remote Desktop
• Group Policy (not supported on Nano Server)

• Firewall exceptions required for remote

management
 Chapter 2
Module 1
Installing and configuring Active
Directory
Module Overview

• Overview of Active directory Domain System

• Deploying a domain controller
Lesson 1: Overview of AD DS

• Overview of AD DS
• What is the AD DS schema?
• What is an AD DS forest?
• What is an AD DS domain?
• What are OUs?
• What is new in AD DS in Windows Server 2019?
• What is Azure AD?
• Overview of AD DS administration tools
Overview of AD DS
AD DS components
Components components
• Domain controllers • Data stores
• Forests • Sites
• trees • Ous
• Global catalog • RODCs

• Domain controllers: A domain controller is a type of server that processes requests for
authentication from users within a computer domain. Moreover, it stores information about
users, authentication credentials and security policies.

What are the main functions of a domain controller?

• Domain controllers control access to domain resources by authenticating user identity through login
credentials, and by preventing unauthorized access to those resources.
• Domain controllers apply security policies to requests for access to domain resources.
Active Directory Domain Service
What are the benefits of domain controller?
• Centralized management of domain controllers enables organizations to authenticate all directory
services requests using a centralized domain controller.
• Distributed and replicated domain controllers enforce security policies and prevent unauthorized
access across enterprise networks.
• Access to file servers and other network resources through domain controllers provides seamless
integration with directory services.
• Support for secured authentication and transport protocols in domain controllers improves
authentication process security.
Active Directory Domain Service
Authentication is the process of verifying who user is, while
Authorization is the process of verifying what specific applications, files,
and data a user has access to

Authentication Authorization

Determines whether users are who they claim Determines what users can and cannot access
to be

Challenges the user to validate credentials (for Verifies whether access is allowed through policies
example, through passwords, answers to and rules
security questions, or facial recognition)

Usually done before authorization Usually done after successful authentication

Generally, transmits info through an ID Token Generally, transmits info through an Access Token

Generally governed by the OpenID Connect Generally governed by the OAuth 2.0 framework
(OIDC) protocol

Example: Employees in a company are Example: After an employee successfully

required to authenticate through the network authenticates, the system determines what
before accessing their company email information the employees are allowed to access
Active Directory Domain Service
OIDC (Open ID Conncet Protocol): is one of the newest security protocols and was designed to protect
browser-based applications, APIs, and mobile native applications. It delegates user authentication.
Moreover, is an open authentication protocol that works on top of the OAuth 2.0 framework.
allows individuals to use single sign-on (SSO) to access relying party sites using OpenID Providers (OPs),
such as an email provider or social network, to authenticate their identities.

OAuth2 is an authorization standard defining a framework for sharing account information about a user
between parties without revealing their credentials. For example, if you want to share your contacts list
with a website so that it can send emails on your behalf and click on a “Sign In with Google” button, then
you’re using OAuth2.
Active Directory Domain Service
Active Directory Domain Service
Tree VS Forest
• The AD tree is a collection of one or more domains sharing a contiguous namespace
and is linked in a transitive trust hierarchy. A forest is a collection of trees that
share the same characteristics like a global catalog, directory schema, directory
configurations and logical structure.
Active Directory Domain Service
 Active Directory Domain Service

Forest root
domain
Replication
google.com

google.com

mail.google.com
Child domain
What is an AD DS domain?
• AD DS requires one or more domain controllers
• All domain controllers hold a copy of the domain
database, which is continually synchronized
• The domain is the context within which user accounts,
computer accounts, and groups are created
• The domain is an administrativecenter
for configuring and managing objects
• Any domain controller can
Users
authenticate any sign-in AD DS
anywhere in the domain
Computers Groups
• The domain provides authorization
What are OUs?

• Use containers to group objects within a domain:

• Containers are used for system objects and as
the default for new objects
• Create OUs to:
• Configure objects by assigning GPOs to them
• Delegate administrative permissions
What is new in AD DS in Windows Server 2019?

• Azure AD Join
What is Azure AD?

Exchange SharePoint
Online Online

Skype for
Office Business
365
Azure
AD

Azure App Service Internet

On-premises Internet-connected
AD DS apps
Overview of AD DS administration tools

You typically perform AD DS management by usingthe

following tools:
• Active Directory Administrative Center
• Active Directory Users and Computers
• Active Directory Sites and Services
• Active Directory Domains and Trusts
• Active Directory Module for Windows PowerShell
What is
What is aa global
global catalog?
catalog?

The global catalog:

Schema
• Hosts a partial attribute set for
Configuration other domains in the forest
Schema
Domain A • Supports queries for objects
Configuration throughout the forest
Domain A Schema

Configuration
Domain B
Domain B
Global catalog server Schema

Configuration

Domain B
AD DS
 Domain controller DNS records

• Clients find domain controllers through DNS lookup

• Domain controllers dynamically register their addresses
with DNS
• The results of DNS queries for domain controllers are
returned in this order:
1. A list of domain controllers in the same site as the
client
2. A list of domain controllers in the next closest site, if
none are available in the same site
3. A random list of domain controllers in other sites, if no
domain controller is available in the next closest site.
If you want to show the desktop icons➔
Press Ctrl+R ➔ type desk.cpl ,5
Before deploying the Active Directory, check the
following:
- Name of the server
- Network IP address
- Password of Administrator: should be complex
- Change Time +3 ➔ Baghdad
Installing a domain controller on a Server

The Deployment Configuration section of the Active

Directory Domain Services Configuration Wizard
- Start menu ➔ server manger
- Add roles and features: once you click add role the screen
bellow appears: you have to focus on the instructions
-

- Then click next ➔ choose the default setting

- Then ➔ check Active directory domain ➔ then ➔ Next and
follow the wizard.
- From the notification area you will find a message:
- Promote this server to a domain controller.
- Chose add new forest

- Test.com
 Assignment
• Using Server Manager:
1. Install the AD DS role
2. Run the Active Directory Domain Services Configuration
Wizard