100% found this document useful (1 vote)

2K views288 pages

DAE 3rd Year Network Admin Guide

Uploaded by

hassan03239754925

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

2K views288 pages

DAE 3rd Year Network Admin Guide

Uploaded by

hassan03239754925

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 288

NETWORK ADMINISTRATION CIT-324

Page
1
NETWORK ADMINISTRATION CIT-324

NETWORK
ADMINISTRATION

CIT-324

FOR DAE 3rd YEAR

TECHNICAL EDUCATION & VOCATIONAL

TRAINING AUTHORITY PUNJAB
Page
2
NETWORK ADMINISTRATION CIT-324

PREFACE

The text book has been written to cover the syllabus of Network
Administration, 3rd year D.A.E (Computer Information Technology) according
to the new scheme of studies. The book has been written in order to cater the
needs of latest concepts and needs of the course i.e. Network Administration
and to be able to attempt D.A.E Examination of PBTE Lahore.

The aim of bringing out this book is to enable the students to have
sound knowledge of the subject. Every aspect has been discussed to present
the subject matter in the most concise, compact lucid & simple manner to help
the subject without any difficulty. Frequent use of illustrative figures has been
made for clarity. Short Questions and Self-tests have also been included at the
end of each chapter which will serve as a quick learning tool for students.

The author would like to thank the reviewers whose valuable

recommendations have made the book more readable and understandable.
Constructive criticisms and suggestions for the improvements in future are
welcome.

AUTHORS

Page
3
NETWORK ADMINISTRATION CIT-324

MANUAL DEVELOPMENT COMMITTEE

Miss Ayesha Junaid

Instructor CIT- Govt. College of Technology (W), Lytton Road
Lahore.
(CONVENER)

Miss Ayesha Iqbal

Dy. Director (R&D) TEVTA Secretariat Lahore
(MEMBER)

ENGR. HAFIZ TAIMOOR UL HASSAN

Instructor CIT- Govt. College of Technology, Bahawalpur.
(MEMBER)

Page
4
NETWORK ADMINISTRATION CIT-324

CIT -324 NETWORK ADMINISTRATION

Total Contact Hours T P C
Theory: 64 Hours 2 6 4
Practical: 96 Hours

Pre-requisites: Operating System Concepts

AIMS: This course has been designed to enable students to be familiar

with:

1. Describe the basic concepts, architecture, organization and operational

principles of Windows Server 2008.
2. Install and configure Windows Server 2008
3. Manage the resources network users using Windows Server 2008
4. Troubleshoot Windows Server 2008 faults and correct them
5. Run application programs in Windows Server 2008
6. Demonstrate motivation in managing users in a network
7. Describe the basic concepts, steps, configuration and application of
Microsoft Exchange 2013 to provided enterprise level email service.
8. Demonstrate and describe the basic concepts, steps, configuration and
application of Microsoft TMG server for controlled internet provision.

Page
5
NETWORK ADMINISTRATION CIT-324

Table of Contents

PREFACE ....................................................................................................................... 3
MANUAL DEVELOPMENT COMMITTEE ........................................................................ 4
CHAPTER 01 INTRODUCTION ..................................................................................... 10
1. INTRODUCTION ...................................................................................................... 10
1.1. WHAT IS NETWORK? ...................................................................................... 11
1.2. CONCEPT OF NETWORK ................................................................................. 15
1.3. TYPES OF NETWORKS ..................................................................................... 16
1.4. MAJOR FUNCTIONS OF A NETWORK .............................................................. 26
1.5. USES OF NETWORKS ....................................................................................... 28
Multiple Choice Questions ......................................................................................... 30
Short Questions .......................................................................................................... 33
Long Questions ........................................................................................................... 34
CHAPTER 02 MICROSOFT WINDOWS CLIENT-END..................................................... 35
2.1. INTRODUCTION TO MICROSOFT WINDOWS .................................................. 35
2.2. INTRODUCTION TO NETWORK ENVIORNMENT ............................................. 37
2.3. INSTALLATION/DEPLOYMENT OF WINDOWS CLIENT END: ........................... 41
2.4. CLIENT ENDS BASIC SETTINGS: ....................................................................... 45
2.5. BASIC COMPUTER NETWORK COMPONENTS: ............................................... 45
2.6. HOW TO JOIN A COMPUTER TO A DOMAIN. ................................................. 47
2.7. CLIENT END TROUBLESHOOTING AND MAINTENANCE ................................. 48
Multiple Choice Questions ......................................................................................... 52
Short Questions .......................................................................................................... 55
Long Questions ........................................................................................................... 56
CHAPTER 03 INSTALLATION AND CONFIGURATION................................................... 57
3.1. HARDWARE REQUIREMENTS ......................................................................... 58
3.2. INSTALLATION OF WINDOWS SERVER 2008 R2: ............................................ 60
3.3. INSTALLATION AND DE-INSTALLATION PROCESS OF ACTIVE DIRECTORY...... 63
3.4. NAT (NETWORK ADDRESS TRANSLATION) ..................................................... 66
Page
6
NETWORK ADMINISTRATION CIT-324

3.5. PRINT SERVER MANAGEMENT ....................................................................... 68

Multiple Choice Questions ......................................................................................... 71
Short Questions .......................................................................................................... 75
Long Questions ........................................................................................................... 75
CHAPTER 04 MICROSOFT WINDOWS SERVER 2008 ACTIVE DIRECTORY
INFRASTRUCTURE ....................................................................................................... 77
4.1. FUNCTIONS OF ACTIVE DIRECTORY ................................................................ 78
4.2. INSTALLATION OF ACTIVE DIRECTORY ........................................................... 82
4.3. CONFIGURATION OF ACTIVE DIRECTORY ....................................................... 86
4.4. ROLES OF ACTIVE DIRECTORY......................................................................... 97
4.5. USERS, COMPUTER GROUPS IN ACTIVE DIRECTORY .................................... 103
Multiple Choice Questions ....................................................................................... 113
Short Questions ........................................................................................................ 117
Long Questions ......................................................................................................... 117
CHAPTER 05 MICROSOFT WINDOWS SERVER 2008 NETWORK INFRASTRUCTURE . 118
5.1. SERVER’S NETWORK INFRASTRUCTURE ....................................................... 119
5.2. MAJOR FEATURES AND FUNCTIONS ............................................................ 119
5.3. UNDERSTANDING AND CONFIGURING IP .................................................... 121
5.4. CONFIGURING NAME RESOLUTION ............................................................. 126
5.5. CONFIGURING DNS SERVER TO CREATE A DNS ZONE .................................. 129
5.6. CREATING A DHCP INFRASTRUCTURE .......................................................... 131
5.7. CONNECTING TO NETWORKS ....................................................................... 132
5.8. MONITORING COMPUTERS .......................................................................... 133
5.9. MANAGING FILES.......................................................................................... 134
5.10. MANAGING PRINTERS .............................................................................. 134
Multiple Choice Questions ....................................................................................... 138
Short Questions ........................................................................................................ 141
Long Questions ......................................................................................................... 141
CHAPTER 06 MICROSOFT EXCHANGE SERVER 2013 ................................................ 143

Page
7
NETWORK ADMINISTRATION CIT-324

6.1. EXCHANGE SERVER 2013 PREREQUISITES, REQUIREMENTS AND

DEPLOYMENT ........................................................................................................... 143
6.2. OVERVIEW OF MAILBOX SERVER: ................................................................ 155
6.3. PLAN, DEPLOY AND CONFIGURE THE MAILBOX SERVER: ............................ 157
6.4. MANAGING EXCHANGE SERVER 2013 MAILBOXES AND OTHER EXCHANGE
RECIPIENTS ............................................................................................................... 161
6.5. PLANNING AND IMPLEMENTING PUBLIC FOLDER MAILBOXES, ADDRESS LISTS
AND POLICIES ........................................................................................................... 166
Multiple Choice Questions ....................................................................................... 167
Short Questions ........................................................................................................ 171
Long Questions ......................................................................................................... 171
CHAPTER 07 MANAGING EXCHANGE SERVER .......................................................... 173
7.1. THE EXCHANGE MANAGEMENT SHELL ........................................................ 174
7.2. ROLE-BASED ACCESS CONTROL .................................................................... 175
7.3. MAILBOX MANAGEMENT ............................................................................. 179
7.4. ADDRESSING EXCHANGE .............................................................................. 181
Multiple Choice Questions ....................................................................................... 182
Short Questions ........................................................................................................ 185
Long Questions ......................................................................................................... 185
CHAPTER 08 MICROSOFT THREAT MANAGEMENT GATEWAY SERVER (TMG) ........ 187
8.1. INSTALLATION OF TMG STANDARD EDITION AND ENTERPRISE EDITION .... 188
8.2. ENABLING ACCESS TO INTERNET RESOURCES ............................................. 217
8.3. CONFIGURING TMG 2010 FIREWALL WITH MULTIPLE NICS IN ENTERPRISE
NETWORK ................................................................................................................. 219
8.4. INTEGRATING TMG AND MICROSOFT EXCHANGE SERVER 2013 ................. 237
Multiple Choice Questions ....................................................................................... 245
Short Questions ........................................................................................................ 247
Long Questions ......................................................................................................... 247
CHAPTER 09 MANAGING AND IMPLEMENTING TMG SERVER ................................. 248
9.1 UNDERSTANDING ACCESS RULES ................................................................. 248

Page
8
NETWORK ADMINISTRATION CIT-324

9.2. CONFIGURING LOAD-BALANCING CAPABILITIES .......................................... 255

9.3. NETWORK INSPECTION SYSTEM................................................................... 258
9.4. INTEGRATING DOMAIN USERS WITH TMG SERVER ..................................... 261
Multiple Choice Questions ....................................................................................... 263
Short Questions ........................................................................................................ 265
Long Questions ......................................................................................................... 266
CHAPTER 10 TROUBLESHOOTING ............................................................................ 267
10.1. TROUBLESHOOTING OF AUDITING USER ACCESS OF FILES, FOLDERS AND
PRINTERS 268
10.2. EVENT VIEWER ......................................................................................... 275
10.3. HARDWARE TROUBLESHOOTING ............................................................. 278
10.4. TROUBLESHOOTING DISK MANAGEMENT ............................................... 279
10.5. CONNECTIVITY AND COMMUNICATION .................................................. 282
Multiple Choice Questions ....................................................................................... 284
Short Questions ........................................................................................................ 287
Long Questions ......................................................................................................... 288

TEXT/REFERENCE BOOKS

1. MSCE Study Guide, Alan R. Carter, Comdex Computer Publishing

2. Supporting Microsoft Windows Server 2008, Microsoft Press
3. Administering Microsoft Windows VISTA, Microsoft Press
4. TCP/IP Training, Microsoft Press
5. Networking Essentials, Microsoft Press
6. Microsoft Windows Exchange Server, Microsoft Press
7. Microsoft TMG Server, Microsoft Press

Page
9
NETWORK ADMINISTRATION CIT-324

CHAPTER 01 INTRODUCTION

Objectives
After completion of this chapter students will be able to:
1.1 What is a network
1.2 The concept of a network
1.3 Types of Networks
1.4 Major Functions of a Network
1.5 Uses of a Network

1. INTRODUCTION

A computer network is a set of computers sharing resources located on or

provided by network nodes. Computers use common communication
protocols over digital interconnections to communicate with each other.
These interconnections are made up of telecommunication network
technologies based on physically wired, optical, and wireless radio-frequency
methods that may be arranged in a variety of network topologies.

What Is a Networking?

A group of two or more computer system link together. Networking is very

useful in computer field. Concept of networking is not very old thing and its
concept came in to existence in late 19’s. It was developed for military special
purpose and now it is very common in business and commercial field. It
became very useful at organization level and in high security environment. The
following are some characteristics which make a network to be use in most
type of organizations and companies.

Page
10
NETWORK ADMINISTRATION CIT-324

High Security: Network is used for high security in different places e.g. banking
field, E-commerce and military purpose.

Fast communication: Through a network we can fast communication and

transfer data in very high speed. Mostly organization or institutes use network
for fast communication purpose.

High Speed: Network provides high speed and accuracy, transfer of data is
with very high speed.

Sharing Resources: Network provide sharing and security for an organization.

We can share computer resources, hardware, Application programs and
different types of programs.

Reliability: Before the use of network the data was basically store in paper
form. So, there was huge problems of human errors and misplacement of data.
Now with the use of network data is stored on remote storage and backup
devices.

1.1. WHAT IS NETWORK?

A network consists of two or more computers that are linked in order to share
resources (such as printers and CDs), exchange files, or allow electronic
communications.

A Network is a Collection of computer and devices connected via

communication devices and transmission media called Networking.

A computer network is a set of computers sharing resources located on or

Page
11
NETWORK ADMINISTRATION CIT-324

The nodes of a computer network can include personal computers, servers,

networking hardware, or other specialized or general-purpose hosts. They are
identified by network addresses and may have hostnames. Hostnames serve
as memorable labels for the nodes and are rarely changed after initial
assignment. Network addresses serve for locating and identifying the nodes
by communication protocols such as the Internet Protocol.

Computer networks may be classified by many criteria, including the

transmission medium used to carry signals, bandwidth, communications
protocols to organize network traffic, the network size, the topology, traffic
control mechanisms, and organizational intent [citation needed].

Computer networks support many applications and services, such as access to

the World Wide Web, digital video and audio, shared use of application and
storage servers, printers and fax machines, and use of email and instant
messaging applications.

Figure 1 Introduction to Computer Network

7. Switches, hubs, modems, and routers

8. Smartphones and tablets
9. Webcams

Network topologies
The term network topology describes the relationship of connected devices in
terms of a geometric graph. Devices are represented as vertices, and their
connections are represented as edges on the graph. It describes how many
connections each device has, in what order, and it what sort of hierarchy.

Typical network configurations include the bus topology, mesh topology, ring
topology, star topology, tree topology and hybrid topology.

Figure 2 Network Topologies

Most home networks are configured in a tree topology that is connected to

the Internet. Corporate networks often use tree topologies, but they typically
incorporate star topologies and an Intranet.

Used for everything from accessing the internet or printing a document to

downloading an attachment from an email, networks are the backbone of
business today. They can refer to a small handful of devices within a single
room to millions of devices spread across the entire globe, and can be defined

Page
13
NETWORK ADMINISTRATION CIT-324

based on purpose and/or size. We put together this handy reference guide to
explain the types of networks in use today, and what they’re used for.

What is Network administration?

Network administration involves a wide range of operational tasks that help a
network to run smoothly and efficiently. Without network administration, it
would be difficult for all to maintain network operations.

The main tasks associated with network administration include:

1. Design, installation and evaluation of the network

2. Execution and administration of regular backups
3. Creation of precise technical documentation, such as network
diagrams, network cabling
4. documents, etc.
5. Provision for precise authentication to access network resources
6. Provision for troubleshooting assistance
7. Administration of network security, including intrusion detection

Who is Network administrator

A person who manages a local area communications network (LAN) or wide
area network (WAN) for an organization.

Security:

Network provides very high security to company for database for company.
Nobody security of company and didn’t reach the company database.

Management:

Network provides another facility that manages your company through

network is very easy.

Accuracy:

Network provides accuracy to management and accuracy in documents file

database.

Control corruption:

Page
14
NETWORK ADMINISTRATION CIT-324

Network control corruption and misuse of database of company.

Online Meeting:

Network provides online meeting to company staff. Manager of company can

give instructions to staff online from anywhere in the world.

Business Promotion:

If Network is better network. So, company Promotion and share become high.

Company can advertise of company product on webpage through internet.

E-Business:

Network provides E-Business on internet for company. Company runs business

on internet through E-Business.

1.2. CONCEPT OF NETWORK

The generic term network refers to a group of entities (i.e., objects, people,
etc.) that are connected to one another. A network, therefore, allows material
or immaterial elements to be circulated among all of these entities, based on
well-defined rules. A network, as far as this article is concerned, is a group of
computers and peripheral devices connected to one another. Note that the
smallest possible network is two computers connected together. Networking
refers to the implementation of tools and tasks for linking computers so that
they can share resources over the network.

Page
15
NETWORK ADMINISTRATION CIT-324

Figure 3 Concept of Computer Network

The first working network, called ARPANET, was created in the late 1960s and
was funded by the U.S. Department of Defense. Government researchers used
to share information at a time when computers were large and difficult to
move. We have come a long way today from that basic kind of network.
Today’s world revolves around the internet, which is a network of networks
that connects billions of devices across the world. Organizations of all sizes use
networks to connect their employees’ devices and shared resources such as
printers. From a broader lens, a computer network is built with two basic
blocks: nodes or network devices and links. The links connect two or more
nodes with each other. The way these links carry the information is defined by
communication protocols. The communication endpoints, i.e., the origin and
destination devices, are often called ports.

1.3. TYPES OF NETWORKS

A computer network is a group of computers linked to each other that enables

the computer to communicate with another computer and share their
resources, data, and applications.

Page
16
NETWORK ADMINISTRATION CIT-324

A computer network can be categorized by their size. A computer network is

mainly of four types:

1. LAN (Local Area Network)

2. PAN (Personal Area Network)
3. MAN (Metropolitan Area Network)
4. WAN (Wide Area Network)

Figure 4 Types of Networks

LAN (Local Area Network)

LAN Stands for (Local Area Network). Network that limited geographical area
such as home or office building Metro is called LAN. Data transmission speed
of LAN is 1 to 100 Mb per second. LAN is the most common type of network.
It can cover a small area. Most LANs are used to connect computers in a single
building or group of building. Hundreds and thousands of computers may be
connected through LAN. The computer systems are linked with cables. In LAN
system computers on the same site could be linked.

• Local Area Network is a group of computers connected to each other

in a small area such as building, office.
• LAN is used for connecting two or more personal computers through a
communication medium such as twisted pair, coaxial cable, etc.
• It is less costly as it is built with inexpensive hardware such as hubs,
network adapters, and ethernet cables.
• The data is transferred at an extremely faster rate in Local Area
Network.

Page
17
NETWORK ADMINISTRATION CIT-324

• Local Area Network provides higher security.

Figure 5 Local Area Network

Advantages of LAN
• Speed

• Cost

• Security

• E-mail

• Resource Sharing

Disadvantages of LAN
• Expensive To Install

• Requires Administrative Time

• File Server May Fail

• Cables May Break

Page
18
NETWORK ADMINISTRATION CIT-324

(WLAN) Wireless Local Area Network

A wireless LAN is a wireless computer network that links two or more devices
using wireless communication to form a local area network within a limited
area such as a home, school, computer laboratory, campus, or office building.

PAN (Personal Area Network)

A Personal Area Network is a computer network used for communication
among computer devices, including telephones and personal digital assistants,
in proximity to an individual’s body. PAN’s can be wired or wireless. It can be
used for communicating between the devices themselves, or for connecting
to a larger network such as the internet.

• Personal Area Network is a network arranged within an individual

person, typically within a range of 10 meters.
• Personal Area Network is used for connecting the computer devices of
personal use is known as Personal Area Network.
• Thomas Zimmerman was the first research scientist to bring the idea
of the Personal Area Network.
• Personal Area Network covers an area of 30 feet.
• Personal computer devices that are used to develop the personal area
network are the laptop, mobile phones, media player and play stations.

Figure 6 Personal Area Network

Page
19
NETWORK ADMINISTRATION CIT-324

There are two types of Personal Area Network:

• Wired Personal Area Network

• Wireless Personal Area Network

Figure 7 Types of Personal Area Network

Wireless Personal Area Network: Wireless Personal Area Network is

developed by simply using wireless technologies such as WiFi, Bluetooth. It is
a low range network.

Wired Personal Area Network: Wired Personal Area Network is created by

using the USB.

MAN (Metropolitan Area Network)

A Metropolitan area Network is a communications network that covers a
geographical area of the size of a city. A MAN typically includes one or more
LANs but cover a small geographical are than WAN. A MAN typically covers an
area of between 5 and 50 km diameter.

• A metropolitan area network is a network that covers a larger

geographic area by interconnecting a different LAN to form a larger
network.
• Government agencies use MAN to connect to the citizens and private
industries.

Page
20
NETWORK ADMINISTRATION CIT-324

• In MAN, various LANs are connected to each other through a telephone

exchange line.
• The most widely used protocols in MAN are RS-232, Frame Relay, ATM,
ISDN, OC-3, ADSL, etc.
• It has a higher range than Local Area Network (LAN).

Figure 8 Metropolitan Area Network

Uses Of Metropolitan Area Network:

• MAN is used in communication between the banks in a city.
• It can be used in an Airline Reservation.
• It can be used in a college within a city.
• It can also be used for communication in the military.

WAN (Wide Area Network)

WAN stands for (Wide Area Network). Network that covers large geographical
area using many types of media is called WAN. Data transmission speed of
WAN is 56Kbps to 45Mbps. A Wide Area Network or WAN is a type of
networking where a number of resources are installed across a large area such
as multinational business. Through WAN offices in different countries can be

Page
21
NETWORK ADMINISTRATION CIT-324

interconnected. Computers in WAN are often connected through telephone

lines. The best example of a WAN could be the Internet that is the largest
network in the world. In WAN computer systems on different sites can be
linked.

• A Wide Area Network is a network that extends over a large

geographical area such as states or countries.
• A Wide Area Network is quite bigger network than the LAN.
• A Wide Area Network is not limited to a single location, but it spans
over a large geographical area through a telephone line, fibre optic
cable or satellite links.
• The internet is one of the biggest WAN in the world.
• A Wide Area Network is widely used in the field of Business,
government, and education.

Figure 9 Wide Area Network

Examples of Wide Area Network:

Mobile Broadband: A 4G network is widely used across a region or country.

Last mile: A telecom company is used to provide the internet services to the
customers in hundreds of cities by connecting their home with fiber.

Page
22
NETWORK ADMINISTRATION CIT-324

Private network: A bank provides a private network that connects the 44

offices. This network is made by using the telephone leased line provided by
the telecom company.

Advantages Of Wide Area Network:

Following are the advantages of the Wide Area Network:

Geographical area: A Wide Area Network provides a large geographical area.

Suppose if the branch of our office is in a different city then we can connect
with them through WAN. The internet provides a leased line through which
we can connect with another branch.

Centralized data: In case of WAN network, data is centralized. Therefore, we

do not need to buy the emails, files or back up servers.

Get updated files: Software companies work on the live server. Therefore, the
programmers get the updated files within seconds.

Exchange messages: In a WAN network, messages are transmitted fast. The

web application like Facebook, WhatsApp, Skype allows you to communicate
with friends.

Sharing of software and resources: In WAN network, we can share the

software and other resources like a hard drive, RAM.

Global business: We can do the business over the internet globally.

High bandwidth: If we use the leased lines for our company then this gives the
high bandwidth. The high bandwidth increases the data transfer rate which in
turn increases the productivity of our company.

Disadvantages of Wide Area Network:

The following are the disadvantages of the Wide Area Network:

Security issue: A WAN network has more security issues as compared to LAN
and MAN network as all the technologies are combined together that creates
the security problem.

Page
23
NETWORK ADMINISTRATION CIT-324

Needs Firewall & antivirus software: The data is transferred on the internet
which can be changed or hacked by the hackers, so the firewall needs to be
used. Some people can inject the virus in our system so antivirus is needed to
protect from such a virus.

High Setup cost: An installation cost of the WAN network is high as it involves
the purchasing of routers, switches.

Troubleshooting problems: It covers a large area so fixing the problem is

difficult.

Some other types of networks as under:

Campus Area Networks (CAN)

A campus area network is a group of interconnected local area
networks operating within a limited geographical area. Campus networks are
used in manufacturing, warehousing, universities, and also in corporate and
industrial settings.

Campus Area Networks (CAN) provide more control over network resources
and typically relies on a centralized hub to which other locations connect,
when compared to public networks. This network design is also sometimes
referred to as a corporate area network, but it functions just the same.

Difference between CAN vs. WAN vs. MAN.

The main difference between a CAN, a WAN (Wide Area Network), and
a MAN (Metropolitan Area Network) comes down to the geographical area
they serve. As coverage requirements expand, the type of infrastructure used
will also change. For example, some networks can use Wi-Fi access points for
certain use cases while some could use cellular access points to improve
predictability in wireless communication for other use cases.

Campus Area Network: Provides private coverage to areas such as colleges,

hospitals, and military bases through centralized management.

Page
24
NETWORK ADMINISTRATION CIT-324

Wide Area Network: Covers large geographic regions connecting users and
businesses across the country or world typically through VPNs over fiber
connections.

Metropolitan Area Network: Provides coverage across towns and cities with
each town potentially having its own interconnected LAN that can share data
with other towns on the MAN.

(SAN) Storage Area Network

As a dedicated high-speed network that connects shared pools of
storage devices to several servers, these types of networks don’t rely on a LAN
or WAN. Instead, they move storage resources away from the network and
place them into their own high-performance network. SANs can be accessed
in the same fashion as a drive attached to a server. Types of storage-area
networks include converged, virtual and unified SANs.

(POLAN) Passive Optical LAN

Passive Optical Local Area Network is a new way to structure a
telecommunications network, replacing traditional structured cabling, which
consisted of multiple levels of switch and router aggregation. In the traditional
model, data was transmitted and dispersed to the desktop through layers of
switches, cables and routers.

(EPN) Enterprise Private Network

An enterprise private network is a computer network that helps
enterprise companies with a number of disparate offices connect those offices
to each in a secure way over a network. An enterprise private network is
mainly set up to share computer resources.

(VPN) Virtual Private Network

A virtual private network is a mechanism for creating a secure
connection between a computing device and a computer network, or between
two networks, using an insecure communication medium such as the public
Internet.

Page
25
NETWORK ADMINISTRATION CIT-324

1.4. MAJOR FUNCTIONS OF A NETWORK

Computer networks share common devices, functions, and the

features of computer network like clients, server, transmission media, shared
data, shared printers and other hardware and software resources, Network
Interface Card (NIC), Local Operating System (LOS), and the network operating
system. There are two major functions are described as under.

Figure 10 Major Functions of Computer Network

Mandatory function: Some function is mandatory in computer network and

when mandatory function include in computer network, then perform
operation in computer network. Some mandatory functions are given below:

1. Error control: The computer network has some responsibility like

transmission of data from one device to another device and end to end
transfer of data from a transmitting application to a receiving
application involves many steps, each subject to error. By using the
error control process, we can be confident that the transmitted and
received data are identical. Data can be corrupted during transmission.
The error must be detected and corrected for reliable communication.
There are two Types of error.

• Single bit error: The terms single bit error means that only one
bit of the data unit was changed from 1 to 0 and 0 to 1.

• Burst Error: The term burst error means that two or more bits
in the data unit were changed. A burst error is also called

Page
26
NETWORK ADMINISTRATION CIT-324

packet-level error, where errors like packet loss, duplication,

reordering.

2. Flow control: When a packet (Layer-2 data) is sent from one host to
another over a single medium, it is required that the sender and
receiver should work at the same speed. That is, the sender sends at a
speed on which the receiver can process and accept the data. If the
sender is sending too fast the receiver may be overloaded, (swamped)
and data may be lost.

3. Access control: Network access control is a method of enhancing the

security of a private organizational network by restricting the
availability of network resources to endpoint devices that comply with
the organization’s security policy. The network access control scheme
comprises of two major components such as Restricted Access and
Network Boundary Protection.

4. Multiplexing and Demultiplexing: A multiplexing is a technique by

which different analog and digital streams of transmission can be
simultaneously processed over a shared link. Multiplexing divides the
high capacity medium into low-capacity logical medium which is then
shared by different streams. Demultiplexing: Working of
demultiplexing is just the reverse of the multiplexing process and
demultiplexing delivers the segment received from the receiver to the
correct process.

Optional function: Some function is optional in computer network and

optional function do not need always in computer network. Some optional
functions are given below:

1. Encryption and decryption: Decryption and Encryption is a security

method in which information is encoded in such a way that only
authorized user can read it. Some network uses encryption algorithm
to generate ciphertext that can only be read if decrypted. Types of
encryptions.

• Symmetric Key encryption

Page
27
NETWORK ADMINISTRATION CIT-324

• Public Key encryption

2. Checkpoint: A Checkpoint firewall is a device that allows multiple

networks to communicate with one another according to a defined
security policy.

1.5. USES OF NETWORKS

A computer network is an interconnection of computers, printers, scanners

and other hardware devices and software applications. Networks connect
users within a defined physical space (such as within an office building). The
Internet is a network that connects users from all parts of the world.
Educational institutions, government agencies, health care facilities, banking
and other financial institutions, and residential applications use computer
networking to send and receive data and share resources.

Communication and Access to Information

The primary purpose of computer networking is to facilitate communication.

A network allows a user to instantly connect with another user, or network,
and send and receive data. It allows remote users to connect with one other
via videoconferencing, virtual meetings and digital emails.

Computer networks provide access to online libraries, journals, electronic

newspapers, chat rooms, social networking websites, email clients and the
World Wide Web. Users can benefit from making online bookings for theaters,
restaurants, hotels, trains and airplanes. They can shop and carry out banking
transactions from the comfort of their homes.

Computer networks allow users to access interactive entertainment channels,

such as video on demand, interactive films, interactive and live television,
multi person real-time games and virtual-reality models.

Page
28
NETWORK ADMINISTRATION CIT-324

Resource Sharing

Computer networks allow users to share files and resources. They are
popularly used in organizations to cut costs and streamline resource sharing.
A single printer attached to a small local area network (LAN) can effectively
service the printing requests of all computer users on the same network. Users
can similarly share other network hardware devices, such as modems, fax
machines, hard drives and removable storage drives.

Networks allow users to share software applications, programs and files. They
can share documents (such as invoices, spreadsheets and memos), word
processing software, videos, photographs, audio files, project tracking
software and other similar programs. Users can also access, retrieve and save
data on the hard drive of the main network server.

Centralized Support and Administration

Computer networking centralizes support, administration and network

support tasks. Technical personnel manage all the nodes of the network,
provide assistance, and troubleshoot network hardware and software errors.
Network administrators ensure data integrity and devise systems to maintain
the reliability of information through the network. They are responsible for
providing high-end antivirus, anti-spyware and firewall software to the
network users. Unlike a stand-alone system, a networked computer is fully
managed and administered by a centralized server, which accepts all user
requests and services them as required.

Page
29
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is a network?

(a) A collection of computers that are connected together

(b) A collection of devices that are connected to each other to share

data, resources, and services

(c) A collection of servers that are connected together

(d) A collection of software that allows computers to communicate

with each other

Q.2: What is the role of a network administrator?

(a) To manage network resources and services

(b) To design and implement network infrastructure

(c) To troubleshoot network issues

(d) All of the above

Q.3: What is the unique thing is assigned to a website

(a) URL (b) DOMAIN NAME

(c) IP ADDRESS (d) BOTH B & C

Q.4: Refer to the process of obtaining a corresponding IP address from a

domain name.

(a) Domain Name (b) Domain Name Resolution

(c) URL (d) MAC Address

Q.5: What type of address is the following? 20: B9:F1: 63:2F: FB

(a) IP Address (b) MAC address

(c) TCP/IP (c) HTTP

Page
30
NETWORK ADMINISTRATION CIT-324

Q.6: Identify the type of topology from the following: "In this topology,
each node is connected with the help of a single coaxial cable."

(a) Star topology (b) Bus topology

(c) Tree topology (d) Ring topology

Q.7: The maximum amount of data that can be transmitted over a network
in a given period of time.

(a) The time it takes for data to travel from one point to another over
a network

(b) The process of converting plain text into a coded message to

protect its confidentiality

(c) The number of devices that can be connected to a network

(d) None

Q.8: What is the major function of a network?

(a) To share resources such as printers, files, and internet access

(b) To protect data from unauthorized access

(c) To perform complex computations

(d) To provide backup and disaster recovery services

Q.9: What is the role of a switch in a network?

(a) To provide a gateway to the internet

(b) To connect devices within a network

(c) To protect the network from unauthorized access

(d) To provide backup and disaster recovery services

Q.10: What is the role of a virtual private network (VPN) in a network?

(a) To connect devices within a network

Page
31
NETWORK ADMINISTRATION CIT-324

(b) To provide a gateway to the internet

(c) To encrypt network traffic over a public network

(d) To manage network resources

Q.11: What is a LAN?

(a) A network that covers a large geographic area

(b) . A network that covers a small geographic area

(c) A network that is not connected to the internet

(d) A network that uses satellite communication

Q.12: What is a WAN?

(a) A network that covers a large geographic area

(b) . A network that covers a small geographic area

(c) A network that is not connected to the internet

(d) A network that uses satellite communication

Q.13: A small network that is confined to a localized area i.e., building,

office, school, etc.?

(a) MAN (b) PAN

(c) LAN (d) WAN

Q.14: What is the purpose of network monitoring?

(a) To ensure that network resources are available to authorized users

(b) To prevent unauthorized access to the network and its resources

(c) To maximize network performance

(d) To identify and resolve network issues

Q.15: What is the purpose of network security?

Page
32
NETWORK ADMINISTRATION CIT-324

(a) To ensure that network resources are available to authorized users

(b) To prevent unauthorized access to the network and its resources

(c) To maximize network performance

(d) To manage network traffic.

ANSWER KEY

Q.1 (b) Q.2 (d) Q.3 (a) Q.4 (b) Q.5 (b)
Q.6 (b) Q.7 (a) Q.8 (a) Q.9 (b) Q.10 (c)
Q.11 (b) Q.12 (a) Q.13 (c) Q.14 (d) Q.15 (b)

Short Questions

1. What is Computer Network?

2. Describe the characteristics which is used to make a network in
organization?
3. What are networking devices?
4. What are network topologies?
5. Who is network administrator?
6. Describe Local Area Network (LAN)?
7. Describe Personal Area Network (PAN)?
8. Describe Metropolitan Area Network (MAN)?
9. Describe Wide Area Network (WAN)?
10. What are the main responsibilities of network administrator?
11. What is the Function of Error control in Computer Network?
12. Describe two types of errors in Computer Network?
13. What are the uses of Network
14. What is Multiplexing and Demultiplexing?
Page
33
NETWORK ADMINISTRATION CIT-324

15. What is checkpoint in Computer Network?

16. Deference between EPN and VPN?

Long Questions

1. Who is Network Administrator and also describe its main

responsibilities?
2. What is Computer Network and also describe types of networks?
3. Explain local area network and also describe its advantages and
disadvantages?
4. Difference between LAN and WAN?
5. Write down the major function of Computer Network?
6. Write a short note on LAN, MAN, PAN, WAN?

Bibliography
1. MSCE Study Guide, Alan R. Carter, Comdex Computer Publishing
2. Computer networks by Behrouz A. Forouzan.pdf
3. Supporting Microsoft Windows Server 2008, Microsoft Press
4. Administering Microsoft Windows VISTA, Microsoft Press
5. TCP/IP Training, Microsoft Press
6. Networking Essentials, Microsoft Press
7. Microsoft Windows Exchange Server, Microsoft Press
8. Microsoft TMG Server, Microsoft Press

Page
34
NETWORK ADMINISTRATION CIT-324

CHAPTER 02 MICROSOFT WINDOWS

CLIENT-END

Objectives
After completion of this chapter students will be able to:

2.1 Introduction to Microsoft Windows

2.2 Introduction to Client – Server Environment

2.3 Installation / Deployment of Windows Client end

2.4 Client End basic settings

2.5 Basic Components of a Network

2.6 Joining a domain

2.7 Client End troubleshooting and maintenance

2.1. INTRODUCTION TO MICROSOFT WINDOWS

A window is a separate viewing area on a computer display screen in a system

that allows multiple viewing areas as part of a graphical user interface ( GUI ).
Windows are managed by a windows manager as part of a windowing system .

A window can usually be resized by the user. For example, it can be stretched
on any side, minimized, maximized, and closed. On today's multitasking
operating systems, you can have a number of windows on your screen at the
same time, interacting with each whenever you choose.
Page
35
NETWORK ADMINISTRATION CIT-324

The window first came into general use as part of the Apple Macintosh. Later,
Microsoft made the idea the foundation of its Windows operating system
(which was actually a graphical user interface for the Disk Operating System
( DOS ) operating system on IBM-compatible PCs). The X Window System was
developed as an open cross-platform windowing system for use in networks.
It allows a client application in one computer to request windowing services
at a user's workstation computer.

The first version of Windows, released in 1985, was simply a GUI offered as an
extension of Microsoft’s existing disk operating system, or MS-DOS. Based in
part on licensed concepts that Apple Inc. had used for its Macintosh System
Software, Windows for the first time allowed DOS users to visually navigate a
virtual desktop, opening graphical “windows” displaying the contents of
electronic folders and files with the click of a mouse button, rather than typing
commands and directory paths at a text prompt.

Figure 1 Introduction to Microsoft Windows

History

Windows versions through the years

1985: Windows 1.0

1987: Windows 2.0 and 2.11

1990: Windows 3.0

Page
36
NETWORK ADMINISTRATION CIT-324

1993: Windows NT

1995: Windows 95

1998: Windows 98

2000: Windows ME

2001: Windows XP

2006: Windows Vista

2009: Windows 7

2012: Windows 8

2015: Windows 10

2.2. INTRODUCTION TO NETWORK ENVIORNMENT

A network environment is the set of hardware, software, and protocols that

make up a computer network. It is a collection of interconnected devices that
enable communication and data sharing among users, computers, and other
digital devices. Understanding the network environment is crucial for effective
network design, management, troubleshooting, and security. There are two
popular environments of networking

1. Peer-to-Peer Network

2. Client-server Network

What is Peer-to-Peer Network?

A peer-to-peer network is one in which two or more PCs share files and access to
devices such as printers without requiring a separate server computer or server
software. In its simplest form, a peer-to-peer (P2P) network is created when two or
more PCs are connected and share resources without going through a separate server
computer. A P2P network can be an ad hoc connection a couple of computers
connected via a Universal Serial Bus to transfer files. A P2P network also can be a
Page
37
NETWORK ADMINISTRATION CIT-324

permanent infrastructure that links a half-dozen computers in a small office over

copper wires. Or a P2P network can be a network on a much grander scale in which
special protocols and applications set up direct relationships among users over the
Internet. In this each and every node is itself client and server. In Peer-to-Peer
Network, Each and every node can do both request and respond for the
services.

Figure 2 Peer-to-Peer Network

What is Client server Network?

A client-server network is the medium through which clients access resources and
services from a central computer (Server), via either a local area network (LAN) or a
wide-area network (WAN), such as the Internet. A major advantage of the client-
server network is the central management of applications and data.

This model is broadly used network model. In Client-Server Network, Clients and
server are differentiated, Specific server and clients are present. In Client-Server
Network, Centralized server is used to store the data because its management is
centralized. In Client-Server Network, Server respond the services which is request by
Client.

Page
38
NETWORK ADMINISTRATION CIT-324

Figure 3 Client server Network

How the Client-Server Model works ?

In this article we are going to take a dive into the Client-Server model and have
a look at how the Internet works via, web browsers. This article will help us in
having a solid foundation of the WEB and help in working with WEB
technologies with ease.
• Client: When we talk the word Client, it mean to talk of a person or an
organization using a particular service. Similarly in the digital world
a Client is a computer (Host) i.e. capable of receiving information or
using a particular service from the service providers (Servers).
• Servers: Similarly, when we talk the word Servers, It mean a person or
medium that serves something. Similarly in this digital world a Server is
a remote computer which provides information (data) or access to
particular services.

Client/Server system operation

A client/server system operates as outlined in the following diagram:

Figure 4 Client/Server system operation

Page
39
NETWORK ADMINISTRATION CIT-324

• The client sends a request to the server using its IP address and
the port, which is reserved for a particular service running on the
server.
• The server receives the request and responds using the client IP
address and port

Advantages of Client-Server model:

• Centralized system with all data in a single place.
• Cost efficient requires less maintenance cost and Data recovery is possible.
• The capacity of the Client and Servers can be changed separately.

Disadvantages of Client-Server model:

• Clients are prone to viruses, Trojans and worms if present in the Server or
uploaded into the Server.
• Server are prone to Denial of Service (DOS) attacks.
• Data packets may be spoofed or modified during transmission.
• Phishing or capturing login credentials or other useful information of the user
are common and MITM (Man in the Middle) attacks are common.

Difference between Client-Server and Peer-to-Peer Network:

S.NO Client-Server Network Peer-to-Peer Network

In Client-Server Network, Clients

and server are differentiated, In Peer-to-Peer Network, Clients
1.
Specific server and clients are and server are not differentiated.
present.
Client-Server Network focuses on While Peer-to-Peer Network
2.
information sharing. focuses on connectivity.
In Client-Server Network,
While in Peer-to-Peer Network,
3. Centralized server is used to store
each peer has its own data.
the data.
While in Peer-to-Peer Network,
In Client-Server Network, Server
Each and every node can do both
4. respond the services which is
request and respond for the
request by Client.
services.

Page
40
NETWORK ADMINISTRATION CIT-324

2.3. INSTALLATION/DEPLOYMENT OF WINDOWS

CLIENT END:

Installation: Installation (or setup) of a computer program (including device drivers

and plugins), is the act of making the program ready for execution.

Deployment: Windows Deployment Services (WDS) is a feature in Windows Server

that enables you to deploy Windows operating systems over the network, which
means that you do not have to install each operating system directly from a CD or
DVD.

Steps for installation of Windows 7:

1. Insert the window 7 OS disk into your DVD drive and then restart your
computer.

2. You will see a prompt that says “press any key to continue” press enter.

Page
41
NETWORK ADMINISTRATION CIT-324

3. Starting windows with the window 7 logo will appear.

4. Language option, by default English will be set along will time and currency
format and keyboard or input method. Click Next.

5. Click “Install Now”.

Page
42
NETWORK ADMINISTRATION CIT-324

6. End user license agreement (E.U.L.A), check the box to accept and click
“Next”.

7. Which type of installation? Window will appear. Upgrade will be greyed

out the only option you should be able to choose is custom (advanced).

8. ‘’Where do you want to install window?’’

9. Delete the partition by clicking on drive option (advanced) on the bottom
right corner of the field. Make sure the partition is highlight and click on
delete or just format the drive.

Page
43
NETWORK ADMINISTRATION CIT-324

10. Click ‘Next’ and follow the instructions

11. Windows startup.

Page
44
NETWORK ADMINISTRATION CIT-324

2.4. CLIENT ENDS BASIC SETTINGS:

At Initial stage after the installation of Windows7 the following settings need to be
applied:

1. Set a unique name of the computer.

2. Set Administrator password enable of the computer that is initially disabled.

3. Set TCP/IP address for the computer.

4. “ping” it to other computers for connection in Peer-to-Peer network.

5. Change the work group name as desired for peer-to-peer network.

6. Enable file sharing.

These above settings will be enough to make this PC a part of a network for sharing
purpose only.

2.5. BASIC COMPUTER NETWORK COMPONENTS:

Computer networks share common devices, functions, and features including

servers, clients, transmission media, shared data, shared printers and other
hardware and software resources, network interface card (NIC), local
operating system (LOS), and the network operating system (NOS).

Servers: Servers are computers that hold shared files, programs, and the
network operating system. Servers provide access to network resources to all
the users of the network. There are many different kinds of servers, and one
server can provide several functions. For example, there are file servers, print
servers, mail servers, communication servers, database servers, fax servers
and web servers, to name a few.

Clients: Clients are computers that access and use the network and shared
network resources. Clients are basically the customers (users) of the network,
as they request and receive services from the servers.

Page
45
NETWORK ADMINISTRATION CIT-324

Transmission Media: Transmission media are the facilities used to

interconnect computers in a network, such as twisted-pair wire, coaxial cable,
and optical fiber cable. Transmission media are sometimes called channels,
links or lines.

Shared data: Shared data are data that file servers provide to clients such as
data files, printer access programs and e-mail.

Shared printers and other peripherals: Shared printers and peripherals are
hardware resources provided to the users of the network by servers.
Resources provided include data files, printers, software, or any other items
used by clients on the network.

Network Interface Card: Each computer in a network has a special expansion

card called a network interface card (NIC). The NIC prepares (formats) and
sends data, receives data, and controls data flow between the computer and
the network. On the transmit side, the NIC passes frames of data on to the
physical layer, which transmits the data to the physical link. On the receiver's
side, the NIC processes bits received from the physical layer and processes the
message based on its contents.

Local Operating System: A local operating system allows personal computers

to access files, print to a local printer, and have and use one or more disk and
CD drives that are located on the computer. Examples are MS-DOS, UNIX/
Linux, Windows 2000, Windows 98, Windows XP etc.

Network Operating System: The network operating system is a program that

runs on computers and servers, and allows the computers to communicate
over the network.

Hub: Hub is a device that splits a network connection into multiple computers.
It is like a distribution center. When a computer requests information from a
network or a specific computer, it sends the request to the hub through a
cable. The hub will receive the request and transmit it to the entire network.
Each computer in the network should then figure out whether the broadcast
data is for them or not.

Page
46
NETWORK ADMINISTRATION CIT-324

Switch: Switch is a telecommunication device grouped as one of computer

network components. Switch is like a Hub but built in with advanced features.
It uses physical device addresses in each incoming messages so that it can
deliver the message to the right destination or port.

Like a hub, switch doesn't broadcast the received message to entire network,
rather before sending it checks to which system or port should the message
be sent. In other words, switch connects the source and destination directly
which increases the speed of the network. Both switch and hub have common
features: Multiple RJ-45 ports, power supply and connection lights.

Router When we talk about computer network components, the other device
that used to connect a LAN with an internet connection is called Router. When
you have two distinct networks (LANs) or want to share a single internet
connection to multiple computers, we use a Router. In most cases, recent
routers also include a switch which in other words can be used as a switch. You
don’t need to buy both switch and router, particularly if you are installing small
business and home networks. There are two types of Router: wired and
wireless. The choice depends on your physical office/home setting, speed and
cost.

LAN Cable A local area Network cable is also known as data cable or Ethernet
cable which is a wired cable used to connect a device to the internet or to
other devices like other computer, printers, etc.

2.6. HOW TO JOIN A COMPUTER TO A DOMAIN.

There are some specific steps through those a user can make his computer a
part of a domain. A student

should be able to practice these steps in virtual environment joining a

domain using a virtual machine.

These steps are exercised on both server as well as on client machine.

Client-side Settings:
Page
47
NETWORK ADMINISTRATION CIT-324

1. Check the connectivity on Command Prompt --→ RUN -→ CMD

→Ping <servername>. If the connectivity shown ok and the result is
fine. Then go to the next step.
2. Right click on the computer → properties → Change Settings →
Computer Name → Change → in member of → write down name of
the domain you want to join then → Click OK.

This is the way to join a domain.

1. Right click on computer

2. Properties

3. Change setting

4. Change

5. Under Computer name, domain, and workgroup settings, click Change

settings.

6. On the Computer Name tab, click Change.

7. Under Member of, click Domain, type the name of the domain that this
computer will join, and then click OK.

8. Click OK, and then restart the computer.

2.7. CLIENT END TROUBLESHOOTING AND

MAINTENANCE

Maintenance troubleshooting is the process of identifying what is wrong with

these faulty components and systems when the problem is not immediately
obvious. Maintenance troubleshooting usually follows a systematic, four-step
approach identify the problem, plan a response, test the solution, and resolve
the problem. Steps one to three are often repeated multiple times before a
resolution is reached.

Page
48
NETWORK ADMINISTRATION CIT-324

Figure 5 Client End troubleshooting and maintenance

The following things need to be known by the students so that they can learn Client
Server environment in good manner.

1. IP address problem if 169.168.0.1 or starting with 169 will be difficult to join

the domain but manually. This problem may be solved by giving the IP
address manually.
2. In most of the cases joining procedure struck up in an error that states about
the unknown domain or unable to join the domain… this type of errors are all
about the DNS. The solution of this problem is to recheck your IP address…
“IPConfig” on both sides.
3. You may avoid such errors if go through the simple steps as mentioned in this
manual.

IMPORTANT TERMINOLOGIES:

File System:
In computing, file system or filesystem (often abbreviated to fs) is a method
and data structure that the operating system uses to control how data is
stored and retrieved.

What are types of file system?

Most operating systems allow you to format a partition based on a set of file
systems. For instance, if you are formatting a partition on Windows, you can
Page
49
NETWORK ADMINISTRATION CIT-324

choose between FAT32, NTFS, and exFAT file systems. Formatting involves the
creation of various data structures and metadata used to manage files within
a partition.

NTFS (New Technology File System) is a proprietary journaling file system

developed by Microsoft. Starting with Windows NT 3.1, it is the default file
system of the Windows NT family.

NTFS Permissions
In any Windows network, you can set sharing permissions for drives and
folders. On that network, each user can choose to share entire drives or
individual folders with the network.

Task Scheduling:
The Task Scheduler enables you to automatically perform routine tasks on a
chosen computer. Task Scheduler does this by monitoring whatever criteria
you choose (referred to as triggers) and then executing the tasks when those
criteria are met.

Compressed Data:
Digital data are compressed by finding repeatable patterns of binary 0s and 1s.
Text can typically be compressed to approximately 40% of its original size, and
graphics files from 20% to 90%. Some files compress very little. When you
compress data on the computer you make the files take less space on your
hard drive and less bandwidth for transmission. It depends entirely on the type
of file and compression algorithm used.

Uncompressed Data
Uncompressing (or decompressing) is the act of expanding a compression file
back into its original form. Software that you download from the Internet
often comes in a compressed package that can uncompressed itself when you
click on it. You can also uncompressed files using popular tools such as PKZIP
in the DOS operating system, WinZip in Windows, and MacZip in Macintosh.

Page
50
NETWORK ADMINISTRATION CIT-324

ADVANTAGES OF DATA COMPRESSION:

• Less disk spaces.

• Faster writing and reading
• Faster file transfer

DISADVANTAGES OF DATA COMPRESSION:

• Effect of errors in transmission

• Need to decompress all previous data

Encrypt Data:
The process of transforming information (referred to as plaintext) using an
algorithm to make it unreadable by unauthorized people.

Decrypt Data:
Reconversion of encrypted data back into its original form.

Page
51
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is Microsoft Windows?

(a) A computer hardware manufacturer

(b) An operating system developed by Microsoft Corporation

(c) A word processing software

(d) A programming language

Q.2: Which was the first version of Microsoft Windows?

(a) Windows 95 (b) Windows XP

(c) Windows 3.1 (d) Windows 10

Q.3: Which file extension is used for executable files in Microsoft Windows

(a) .exe (b) .docx

(c) .txt (c) .pdf

Q.4: What is a network environment?

(a) The physical and virtual components that make up a network

(b) The set of protocols and standards used to communicate between

devices on a network

(c) The type of network topology used in a network

(d) The software used to manage a network

Q.5: A system that is designed to prevent unauthorized access to or from a

private network is:

(a) Bridge (b) Proxy Server

(c) FTP (d) Fire wall

Page
52
NETWORK ADMINISTRATION CIT-324

Q.6: In a peer-to-peer network, which devices are responsible for managing

communication between devices?

(a) Clients (b) Servers

(c) Routers (d) Switches

Q.7: Which of the following is an advantage of a peer-to-peer network?

(a) High scalability (b) Centralized management

(c) High security (d) Low cost

Q.8: Which of the following is a common use case for a peer-to-peer

network?

(a) Large-scale enterprise networks

(b) Small-scale home or small business networks

(c) Public wireless networks

(d) High-performance computing networks

Q.9: In a client-server network, which devices are responsible for managing

communication between devices?

(a) Clients (b) Servers

(c) Routers (d) Switches

Q.10: Which of the following is an advantage of a client-server network?

(a) Low cost (b) Centralized management

(c) High security (d) High scalability

Q.11: Which of the following is a common use case for a client-server

network?

(a) Small-scale home or small business networks

Page
53
NETWORK ADMINISTRATION CIT-324

(b) Public wireless networks

(c) Public wireless networks

(d) Large-scale enterprise networks

Q.12: Which of the following is a characteristic of a client-server network?

(a) Decentralized management (b) High security

(c) Low scalability (d) Low cost

Q.13: What is a network interface card (NIC)?

(a) A device that connects two or more networks together

(b) A device that converts digital signals to analog signals and vice versa

(c) A device that connects a computer to a network

(d) A device that filters network traffic based on IP addresses

Q.14: What is a router?

(a) A device that connects two or more networks together

(b) A device that converts digital signals to analog signals and vice versa

(c) A device that filters network traffic based on IP addresses

(d) A device that provides wireless connectivity to a network

Q.15: What is a switch?

(a) A device that filters network traffic based on IP addresses

(b) A device that connects two or more networks together

(c) A device that provides wireless connectivity to a network

(d) A device that connects multiple devices to a network and manages

the traffic between them

Page
54
NETWORK ADMINISTRATION CIT-324

ANSWER KEY

Q.1 (b) Q.2 (c) Q.3 (a) Q.4 (a) Q.5 (d)
Q.6 (d) Q.7 (a) Q.8 (b) Q.9 (b) Q.10 (d)
Q.11 (d) Q.12 (b) Q.13 (c) Q.14 (a) Q.15 (d)

Short Questions

1. Define network environment?

2. What is peer to peer network?
3. What is client server network?
4. Which operation is used in client server network?
5. Difference between client server and peer to peer network?
6. Describe transmission media?
7. Define network interface card (NIC)?
8. Write a Steps how to join a computer to a domain?
9. What is troubleshooting and maintenance?
10. What is file system and enlist types of file system?
11. Define network permission?
12. Define task scheduling?
13. Describe the terms of compress and un-compress data?
14. What are offline files?
15. Describe the term of encrypt and decrypt data?

Page
55
NETWORK ADMINISTRATION CIT-324

Long Questions

1. Explain the basic network components and also describe each

component?
2. Write a short note on Hub, Switch, Router?
3. Write a client end basic settings?
4. What is client server network and also describe its advantages and
disadvantages?

Page
56
NETWORK ADMINISTRATION CIT-324

CHAPTER 03 INSTALLATION AND

CONFIGURATION

Objectives
After completion of this chapter students will be able to:

3.1 Hardware Requirements

3.2 Installation of a server and Configuration

3.3 Installation and De-Installation process of Active Directory

3.4 Network Address Translation (NAT) Services

3.5 Print Server Management

In computing, a server is a piece of computer hardware or software (computer

program) that provides functionality for other programs or devices, called
"clients." This architecture is called the client–server model. Servers can
provide various functionalities, often called "services," such as sharing data or
resources among multiple clients or performing computations for a client. A
single server can serve multiple clients, and a single client can use multiple
servers. A client process may run on the same device or may connect over a
network to a server on a different device. Typical servers are database servers,
file servers, mail servers, print servers, web servers, game servers, and
application servers.
Client–server systems are usually most frequently implemented by (and often
identified with) the request–response model: a client sends a request to the
server, which performs some action and sends a response back to the client,

Page
57
NETWORK ADMINISTRATION CIT-324

typically with a result or acknowledgment. Designating a computer as "server-

class hardware" implies that it is specialized for running servers on it. This
often implies that it is more powerful and reliable than standard personal
computers, but alternatively, large computing clusters may be composed of
many relatively simple, replaceable server components.

3.1. HARDWARE REQUIREMENTS

Computer hardware is the collection of physical parts of a computer system.

This includes the computer case, monitor, keyboard, and mouse. It also
includes all the parts inside the computer case, such as the hard disk
drive, motherboard, video card, and many others.
The most common set of requirements defined by any operating
system or software application is the physical computer resources, also
known as hardware, A hardware requirements list is often accompanied by
a hardware compatibility list (HCL), especially in case of operating systems. An
HCL lists tested, compatible, and sometimes incompatible hardware devices
for a particular operating system or application. The following sub-sections
discuss the various aspects of hardware requirements.

Architecture
All computer operating systems are designed for a particular computer
architecture. Most software applications are limited to particular operating
systems running on particular architectures. Although architecture-
independent operating systems and applications exist, most need to be
recompiled to run on a new architecture. See also a list of common operating
systems and their supporting architectures.

Processing power
The power of the central processing unit (CPU) is a fundamental system
requirement for any software. Most software running on x86
architecture define processing power as the model and the clock speed of the

Page
58
NETWORK ADMINISTRATION CIT-324

CPU. Many other features of a CPU that influence its speed and power, like bus
speed, cache, and MIPS are often ignored. This definition of power is often
erroneous, as AMD Athlon and Intel Pentium CPUs at similar clock speed
often have different throughput speeds. Intel Pentium CPUs have enjoyed a
considerable degree of popularity, and are often mentioned in this category.

Memory
All software, when run, resides in the random access memory (RAM) of a
computer. Memory requirements are defined after considering demands of
the application, operating system, supporting software and files, and other
running processes. Optimal performance of other unrelated software running
on a multi-tasking computer system is also considered when defining this
requirement.
Secondary storage
Hard-disk requirements vary, depending on the size of software installation,
temporary files created and maintained while installing or running the
software, and possible use of swap space (if RAM is insufficient).

Display adapter
Software requiring a better than average computer graphics display,
like graphics editors and high-end games, often define high-end display
adapters in the system requirements.

Peripherals
Some software applications need to make extensive and/or special use of
some peripherals, demanding the higher performance or functionality of such
peripherals. Such peripherals include CD-ROM drives, keyboards, pointing
devices, network devices, etc.

Page
59
NETWORK ADMINISTRATION CIT-324

Minimum Hardware requirement for server

Item Windows Server 2008 R2

1.4 GHz (for X64 processors), Recommended is 2 GHz or

CPU
higher
RAM 512MB 2 GB recommended
Free disk space For 64-bit edition 64GB

Hardware requirement of Active Directory

Type of
hardware Hardware requirements

Hardware An AMD64 or Intel EMT-64 processor

Disk Space The following minimum values for disk space:

• At least 7.5 GB of free disk storage for a typical
installation

3.2. INSTALLATION OF WINDOWS SERVER 2008

R2:

Windows Server 2008 R2, codenamed "Windows Server 7", is the fifth version
of the Windows Server operating system produced by Microsoft and released
as part of the Windows NT family of operating systems.

Page
60
NETWORK ADMINISTRATION CIT-324

Figure 1 INSTALLATION OF WINDOWS SERVER 2008

Follow this procedure to install Windows Server 2008:

1. Insert the appropriate Windows Server 2008 installation media into

your DVD drive.
2. Reboot the computer
3. When prompted for an installation language and other regional
options, make your selection and press Next.
4. Next, press Install Now to begin the installation process.
5. Product activation is now also identical with that found in Windows
Vista. Enter your Product ID in the next window, and if you want to
automatically activate Windows the moment the installation finishes,
click Next.

If you do not have the Product ID available right now, you can leave the box
empty, and click Next. You will need to provide the Product ID later, after the
server installation is over. Press No.

6. 6. Because you did not provide the correct ID, the installation process
cannot determine what kind of Windows Server 2008 license you own,
and therefore you will be prompted to select your correct version in
the next screen, assuming you are telling the truth and will provide the
correct ID to prove your selection later on.

Page
61
NETWORK ADMINISTRATION CIT-324

7. 7. If you did provide the right Product ID, select the Full version of the
right Windows version you’re prompted, and click Next.
8. 8. Read and accept the license terms by clicking to select the checkbox
and pressing Next.
9. 9. In the “Which type of installation do you want?” window, click the
only available option – Custom (Advanced).
10. 10. In the “Where do you want to install Windows?”, if you’re
installing the server on a regular IDE hard disk, click to select the first
disk, usually Disk 0, and click Next.

If you’re installing on a hard disk that’s connected to a SCSI controller, click

Load Driver and insert the media provided by the controller’s manufacturer.

If you’re installing in a Virtual Machine environment, make sure you read the
“Installing the Virtual SCSI Controller Driver for Virtual Server 2005 on
Windows Server 2008”

If you must, you can also click Drive Options and manually create a partition
on the destination hard disk.

11. The installation now begins, and you can go and have lunch. Copying
the setup files from the DVD to the hard drive only takes about one
minute. However, extracting and uncompressing the files takes a good
deal longer. After 20 minutes, the operating system is installed. The
exact time it takes to install server core depends upon your hardware
specifications. Faster disks will perform much faster installs… Windows
Server 2008 takes up approximately 10 GB of hard drive space.

The installation process will reboot your computer, so, if in step #10 you
inserted a floppy disk (either real or virtual), make sure you remove it before
going to lunch, as you’ll find the server hanged without the ability to boot
(you can bypass this by configuring the server to boot from a CD/DVD and
then from the hard disk in the booting order on the server’s BIOS)

12. Then the server reboots you’ll be prompted with the new Windows
Server 2008 type of login screen. Press CTRL+ALT+DEL to log in.

Page
62
NETWORK ADMINISTRATION CIT-324

13. Click on Other User.

14. The default Administrator is blank, so just type Administrator and
press Enter.
15. You will be prompted to change the user’s password. You have no
choice but to press Ok.
16. In the password changing dialog box, leave the default password blank
(read step #15…), and enter a new, complex, at-least-7-characters-long
new password twice. A password like “topsecret” is not valid (it’s not
complex), but one like “T0pSecreT!” sure is. Make sure you remember
it.
17. Someone thought it would be cool to nag you once more, so now you’ll
be prompted to accept the fact that the password had been changed.
Press Ok.
18. finally, the desktop appears and that’s it, you’re logged on and can
begin working. You will be greeted by an assistant for the initial server
configuration, and after performing some initial configuration tasks,
you will be able to start working.

3.3. INSTALLATION AND DE-INSTALLATION

PROCESS OF ACTIVE DIRECTORY

Active Directory:

Active Directory, introduced with Windows Server 2000. Active

Directory (AD) is a directory service developed by Microsoft for Windows
domain networks. It authenticates and authorizes all users and computers in
a Windows domain type network assigning and enforcing security policies
for all computers and installing or updating software.

Specify the preferred DNS server

Windows Server 2008 can properly install and configure DNS during the AD
DS installation if it knows that the DNS is local. To accomplish this, assign the

Page
63
NETWORK ADMINISTRATION CIT-324

private network adapter to the preferred DNS server address of the same
private network adapter, as follows:

1. From the Windows Start menu, open Administrative Tools > Server
Manager.
2. In the Server Summary section of the Server Manager window, click
View Network Connections.
3. In the Network Connections window, right-click the private adapter
and select Properties.
4. From the list of connected items, select Internet Protocol Version 4,
and then click Properties.
5. Copy the IP address that is displayed in the IP address box and paste it
in the Preferred DNS server box. Then, click OK.

Figure 2 Preferred DNS server

6. Click OK in the Properties dialog box, and close the Network

Connections window.

Add the Active Directory Domain Services role

Adding the Active Directory Domain Services role installs the framework for
Windows Server 2008 to become a DC and run Actine Directory Domain
Page
64
NETWORK ADMINISTRATION CIT-324

Services. It does not promote the server to a DC or install Actine Directory

Domain Services.

1. In the Server Manager window, select the Roles directory.

2. In the Roles Summary section, click Add Roles.
3. On the Before You Begin page of the Add Roles Wizard, click Next.
4. On the Select Server Roles page, select the Active Directory Domain
Services check box, and then click Next.
5. On the Confirmation page, click Next.
6. On the Installation Progress page, click Install.
7. On the Results page, after the role is successfully added, click Close.

If it is not already open, open the Server Manager window.

1. Select Roles > Active Directory Domain Services.

2. In the Summary section, click Run the Active Directory Domain Services
Installation Wizard (dcpromo.exe).
3. On the Welcome page of the Active Directory Domain Services
Installation Wizard, ensure that the Use advanced mode installation
check box is cleared, and then click Next.
4. On the Operating System Compatibility page, click Next.
5. On the Choose a Deployment Configuration page, select Create a new
domain in a new forest and then click Next.
6. On the Name the Forest Root Domain page, enter the domain name
that you choose during preparation steps. Then, click Next.
7. The installation program verifies the NetBIOS name.
8. On the Set Forest Functional Level page, select Windows Server 2008
R2 in the Forest function level list. Then, click Next.
9. The installation program examines and verifies your DNS setting.
10. On the Additional Domain Controller Options page, ensure that the
DNS server check box is selected, and then click Next.
11. In the message dialog box that appears, click Yes.
12. On the Location for Database, Log Files, and SYSVOL page, accept the
default values and then click Next.
Page
65
NETWORK ADMINISTRATION CIT-324

On the Directory Services Restore Mode Administrator Password page, enter

the domain administrator password that you chose during the preparation
steps. This is not your admin password that was emailed to you during the
creation of your server, although you can use that password if you want to.
Then, click Next.

13. On the Summary page, review your selections and then click Next. The
installation begins.

Note: If you want the server to restart automatically after the installation is
completed, select the Reboot on completion check box.

14. If you did not select the Reboot on completion, check box, click Finish
in the wizard. Then, restart the server.

Uninstallation process of Active directory:

1. Log on to the server using the Directory Services Restore Mode

Administrator account.
2. Click Start, click Run, type dcpromo and press ENTER.
3. On the Welcome to the Active Directory Domain Services Installation
Wizard page, click Next.
4. On the Force the Removal of Active Directory Domain Services page,
click Next.
5. On the Administrator Password page, type and confirm a password for
the local Administrator account; then click Next.
6. On the Summary page, click Next.
7. Restart the server after the removal is complete.

3.4. NAT (NETWORK ADDRESS TRANSLATION)

Network Address Translation (NAT) is a method of connecting multiple

computers to the Internet (or any other IP network) using one IP address. This
allows home users and small businesses to connect their network to the
Page
66
NETWORK ADMINISTRATION CIT-324

Internet cheaply and efficiently. Network Address Translation (NAT) is the

process where a network device, usually a firewall, assigns a public address to
a computer (or group of computers) inside a private network. The main use of
NAT is to limit the number of public IP addresses an organization or company
must use, for both economy and security purposes.

Figure 11 Network Address Translation

The basic purpose of NAT is to multiplex traffic from the internal network and
present it to the Internet as if it was coming from a single computer having
only one IP address. The TCP/IP protocols include a multiplexing facility so that
any computer can maintain multiple simultaneous connections with a remote
computer. It is this multiplexing facility that is the key to single address NAT.
To multiplex several connections to a single destination, client computers label
all packets with unique "port numbers". Each IP packet starts with a header
containing the source and destination addresses and port numbers.
Network Address Translation (NAT) is the process where a network device,
usually a firewall, assigns a public address to a computer (or group of
computers) inside a private network. The main use of NAT is to limit the
number of public IP addresses an organization or company must use, for both
economy and security purposes.
The most common form of network translation involves a large private
network using addresses in a private range (10.0.0.0 to 10.255.255.255,
172.16.0.0 to 172.31.255.255, or 192.168.0 0 to 192.168.255.255). The private
addressing scheme works well for computers that only have to access
resources inside the network, like workstations needing access to file servers
and printers. Routers inside the private network can route traffic between
private addresses with no trouble. However, to access resources outside the

Page
67
NETWORK ADMINISTRATION CIT-324

network, like the Internet, these computers have to have a public address in
order for responses to their requests to return to them. This is where NAT
comes into play.

3.5. PRINT SERVER MANAGEMENT

Definition
Print server management is the process of managing servers that were set up
to handle print jobs in a distributed network. It is used in a network that offers
remote printing options.
Print Server is a role service that installs the Print Management. Print
Management is used for managing multiple printers or print servers.

Print Server Management

One of the most common setups is where a print server handles the traffic
between a printer and workstations that may be distributed in other parts of
a room or building. The workstations send their requests for printing to the
server, which prioritizes tasks and sends information to the actual physical
printer.

Print server management is one category of overall print management, where

sophisticated software packages help human users to complete print jobs.
Print management software cues up work and can also provide access levels,
set pricing and help with layout through intuitive features and icons that help
people understand the software they are using. Some tech companies offer
print server management and print management options to help make print
solutions a part of a network setup.

Page
68
NETWORK ADMINISTRATION CIT-324

Figure 12 Print Server Management

Tools for managing a print server

There are two primary tools that you can use to administer a Windows print
server:

• Server Manager

• Print Management

On Windows Server 2008 R2, you can use Server Manager to install the Print
and Document Services server role. Server Manager also includes an instance
of the Print Management, which you can use to administer the local server.

Print Management provides current details about the status of printers and
print servers on the network. You can use Print Management to install printer
connections to a group of client computers simultaneously and to monitor
print queues remotely. Print Management can help you to find printers that
have an error condition by using filters. It can also send e-mail notifications or
run scripts when a printer or print server needs attention. On printers that
provide a Web-based management interface, Print Management can display
more data, such as toner and paper levels.

Group Policy

Group Policy is an infrastructure that allows you to implement specific

configurations for users and computers. Group Policy settings are contained
in Group Policy objects (GPOs), which are linked to the following Active
Page
69
NETWORK ADMINISTRATION CIT-324

Directory service containers: sites, domains, or organizational units (OUs). The

settings within GPOs are then evaluated by the affected targets, using the
hierarchical nature of Active Directory. Consequently, Group Policy is one of
the top reasons to deploy Active Directory because it allows you to manage
user and computer objects.

Off-line File Management:

Offline files are copies of network files that are stored on your computer so that you
can work with them when you're not connected to the network or when the network
folder that the files are stored in is not available.

Page
70
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is the minimum processor speed required for installing Windows
Server 2008 R2?

(a) 1.4 GHz (b) 2.0 GHz

(c) 2.4 GHz (d) 3.0 GHz

Q.2: What is the minimum amount of RAM required for installing Windows
Server 2008 R2?

(a) 512 MB (b) 1 GB

Q.3: What is the minimum amount of available hard disk space required for
installing Windows Server 2008 R2?

(a) 10 GB (b) 20 GB

Q.4: What is the minimum processor speed required for running Active
Directory on a server?

(a) 1.4 GHz (b) 2.0 GHz

(c) 2.4 GHz (d) 3.0 GHz

Q.5: What is the minimum amount of RAM required for running Active
Directory on a server?

(a) 512 MB (b) 1 GB

Q.6: What is the minimum amount of available hard disk space required for
running Active Directory on a server?

(a) 10 GB (b) 20 GB

Page
71
NETWORK ADMINISTRATION CIT-324

Q.7: Which of the following is NOT a valid installation option for Windows
Server 2008 R2?

(a) Full Installation (b) Server Core Installation

(c) Custom Installation (d) Web Server Installation

Q.8: Which of the following is a valid partition style for installing Windows
Server 2008 R2?

(a) MBR (b) GPT

(c) FAT32 (d) Above a & b

Q.9: What is the maximum partition size for an MBR partition when
installing Windows Server 2008 R2?

(a) 2 TB (b) 4 TB

Q.10: Which of the following is NOT a valid file system for installing Windows
Server 2008 R2?

(a) NTFS (b) exFAT

(c) ReFS (d) above b & c

Q.11: The main purpose of Active Directory is to ________?

(a) Provide authentication and authorization to users and computers

(b) Provide File and Print services

(d) Give administrators the ability to control access to restricted

hardware

Q.12: Active directory was first introduced in ______?

Page
72
NETWORK ADMINISTRATION CIT-324

(a) Linux OS (b) Windows 2000 Server OS

(c) Windows 2013 Server OS (d) Windows 2003 server OS

Q.13: Which of the following tools is used to install Active Directory on a

Windows Server?

(a) Server Manager (b) Control Panel

(c) Windows PowerShell

(d) Microsoft Management Console (MMC)

Q.14: Which of the following forest functional levels is required to install a

Windows Server 2016 domain controller in an existing Active Directory
Forest?

(a) Windows 2000 native (b) Windows Server 2003

(c) Windows Server 2008 (d) Windows Server 2008 R2

Q.15: Which of the following options should you select in Server Manager to
remove Active Directory from a Windows Server?

(a) Remove Roles and Features (b) Remove Role

(c) Remove Features (d) Remove Domain Services

Q.16: What is NAT used for in computer networking?

(a) To translate domain names to IP addresses

(b) To translate IP addresses to domain names

(c) To translate private IP addresses to public IP addresses

(d) To translate public IP addresses to private IP addresses

Q.17: What is the main benefit of using NAT in a network?

(a) It provides better security by hiding internal IP addresses

Page
73
NETWORK ADMINISTRATION CIT-324

(b) It enables faster communication between devices on the same

network

(c) It allows for easier configuration of routers and firewalls

(d) It reduces network latency by optimizing data traffic

Q.18: Which of the following types of NAT maps multiple private IP addresses
to a single public IP address?

(a) Static NAT (b) Dynamic NAT

(c) Port Address Translation (PAT)

(d) Network Address Port Translation (NAPT)

Q.19: Which of the following is a valid method for adding a printer to a print
server?

(a) Physically connecting the printer to the server via USB cable

(b) Installing the printer driver on the client computer and sharing it
with the network

(c) Using a web-based interface to connect to the printer's IP address

(d) Installing the printer driver on the server and creating a printer
share

Q.20: Which of the following is a valid method for managing print jobs on a
print server?

(a) Manually deleting print jobs from the printer's queue

(b) Changing the print job priority in the printer's properties

(d) All of the above

Page
74
NETWORK ADMINISTRATION CIT-324

ANSWER KEY

Q.1 (a) Q.2 (b) Q.3 (a) Q.4 (b) Q.5 (b)
Q.6 (a) Q.7 (d) Q.8 (d) Q.9 (a) Q.10 (d)
Q.11 (c) Q.12 (b) Q.13 (a) Q.14 (d) Q.15 (d)
Q.16 (c) Q.17(a) Q.18 (c) Q.19 (d) Q.20 (d)

Short Questions

1. Define server?
2. Describe hardware requirement for a Server?
3. What is an active directory?
4. Describe hardware requirement for an Active directory?
5. Describe active directory domain services roles?
6. Define network address translation (NAT)?
7. Describe virtual machine environment?
8. Define DNS server?
9. Describe print server management?
10. What is offline file management?

Long Questions

1. Write down the installation process of windows server 2008 R2??

2. Write down the installation steps of active directory?
3. Write down the de-installation steps of active directory?
4. Write a short note on Network address translation (NAT)?

Page
75
NETWORK ADMINISTRATION CIT-324

Page
76
NETWORK ADMINISTRATION CIT-324

CHAPTER 04 MICROSOFT WINDOWS SERVER

2008 ACTIVE DIRECTORY INFRASTRUCTURE

Objectives
After completion of this chapter students will be able to:

4.1 Function and features of an Active Directory

4.2 Installation of Active Directory

4.3 Configuration of Active Directory

4.4 Role of an Active Directory

4.5 Users, Groups and Computers in ADDS

What is Active Directory

Active Directory (AD) is a directory service that runs on Microsoft Windows
Server. The main function of Active Directory is to enable administrators to
manage permissions and control access to network resources. In Active
Directory, data is stored as objects, which include users, groups, applications,
and devices, and these objects are categorized according to their name and
attributes.

The database (or directory) contains critical information about your

environment, including what users and computers there are and who’s
allowed to do what. For example, the database might list 100 user accounts
with details like each person’s job title, phone number and password. It will
also record their permissions.
Page
77
NETWORK ADMINISTRATION CIT-324

Define Active Directory

A directory service for the efficient management of users, resources and
privileges that is based on standard protocols OR

Active Directory is a distributed directory service included with Microsoft

Windows Server operating systems. Active Directory enables centralized,
secure management of an entire network, which might span a building, a city,
or multiple locations throughout the world.

Figure 1 Active Directory

4.1. FUNCTIONS OF ACTIVE DIRECTORY

Active Directory stores data as objects. An object is a single element, such as a

user, group, application or device such as a printer. Objects are normally defined as
either resource, such as printers or computers, or security principals, such as users or
groups. Active Directory categorizes directory objects by name and attributes. For

Page
78
NETWORK ADMINISTRATION CIT-324

example, the name of a user might include the name string, along with information
associated with the user, such as passwords and Secure Shell keys.

The main service in Active Directory is Domain Services (AD DS), which stores
directory information and handles the interaction of the user with the domain. AD DS
verifies access when a user signs into a device or attempts to connect to a server over
a network. AD DS controls which users have access to each resource, as well as group
policies. For example, an administrator typically has a different level of access to data
than an end user.

The functions of AD DS in a domain, are as follows:

• Management of the Users

• Management of the Computers

• Management of the User Groups

The main function of Active Directory is to enable administrators to manage

permissions and control access to network resources. In Active Directory, data is
stored as objects, which include users, groups, applications, and devices, and these
objects are categorized according to their name and attributes.

The following are the new features in Windows Server 2008 R2.
• Read Only Domain Controller

• New Enhanced Tools and Wizards

• Fine-grained Security Policy

• Re-startable AD DS

• AD DS Data mining Tools

• Auditing Enhancement

Features of Active Directory

The following are features of active directory.

New domain model

Domains in Windows were flat, the assigning of privileges tended to be an all-

or-nothing matter at the domain level; there was no delegation or inheritance
Page
79
NETWORK ADMINISTRATION CIT-324

within the domain. For another, the resource limitation often meant that the
number of domains in an organization would grow into an unmanageable
network over time. Active Directory domains are hierarchical and virtually
without limitation. This means that administrators can delegate authority
within a smaller number of more manageable domains.

Transitive trusts

Under Windows NT4, managing trust relationships could easily become a

nightmare. All trusts were manual and unidirectional, and they had to be
individually specified. If domain A trusted domain B, it was still necessary to
separately specify that domain B trusted domain A, if that was your desire.
Moreover, if A trusted B and B trusted C, A did not trust C without a separate
specification. Active Directory domains include automatic bidirectional trusts
and transitive trusts to rationalize and simplify trust management.

Group policies

Using new group policies, you can specify roles complete with configuration
information within the domain hierarchy. This means that you can define
things so that, whenever you add a new user to a group, you can trigger
automatic configuration and software installation for that user.

Multi-master replication

Each domain controller automatically propagates all the objects defined on it

to every other participating domain controller. Because each controller
contains all the data for the domain, Active Directory access will continue
should one domain controller fail.

Standards compliance

Because Active Directory is based on the Lightweight Directory Access Protocol

(LDAP) and other standards, it is possible for you to integrate Active Directory

Page
80
NETWORK ADMINISTRATION CIT-324

with other directory services and for third-party vendors to integrate their
components with Active Directory.

Feature Description
Location Able to find user, group, networked service, or
transparency resource, data without the object address
Object data Able to store user, group, organization, and service
data in a hierarchical tree
Rich query Able to locate an object by querying for object
properties
High availability Able to locate a replica of the directory at a location
that is efficient for read/write operations

Active Directory services

Several different services comprise Active Directory. The main service is
Domain Services, but Active Directory also includes Lightweight Directory
Services (AD LDS), Lightweight Directory Access Protocol (LDAP), Certificate
Services, or AD CS, Federation Services (AD FS) and Rights Management
Services (AD RMS). Each of these other services expands the product's
directory management capabilities.

• Lightweight Directory Services has the same codebase as AD DS,

sharing similar functionalities, such as the application program
interface. AD LDS, however, can run in multiple instances on one server
and holds directory data in a data store using Lightweight Directory
Access Protocol.

• Lightweight Directory Access Protocol is an application protocol used

to access and maintain directory services over a network. LDAP stores
objects, such as usernames and passwords, in directory services, such
as Active Directory, and shares that object data across the network.

Page
81
NETWORK ADMINISTRATION CIT-324

• Certificate Services generates, manages and shares certificates. A

certificate uses encryption to enable a user to exchange information
over the internet securely with a public key.

• Active Directory Federation Services authenticates user access to

multiple applications -- even on different networks -- using single sign-
on (SSO). As the name indicates, SSO only requires the user to sign on
once, rather than use multiple dedicated authentication keys for each
service.

• Rights Management Services control information rights and

management. AD RMS encrypts content, such as email or Microsoft
Word documents, on a server to limit access.

4.2. INSTALLATION OF ACTIVE DIRECTORY

Active directory steps installation

install AD on server 2008. This will valid for windows 2008 R2 as well.

Requirement:

Minimum: Single processor with 1.4 GHz (x64 processor) or 1.3GHz (Dual Core)

Minimum: 512 MB RAM

Minimum: 32 GB or greater

Installation
Step 1 - Open Server Manager → Roles, this will bring up the Roles Summary
on the right hand side where you can click on the Add Roles link.

Page
82
NETWORK ADMINISTRATION CIT-324

Figure 2 Open Server Manager

Step 2 -Select Active Directory Domain Services from the list, you will be told
that you need to add some features, click on the Add Required Features button
and click next to move on.

Figure 3 Select Active Directory Services

Step 3 -A brief introduction about Active Directory, and links to additional

resources will be displayed. Click next, and then click Install to start installing
the binaries for Active Directory.

Page
83
NETWORK ADMINISTRATION CIT-324

Figure 4 Confirm installation Selection

Step 3 -When the installation is finished you will be shown a success

message. Just click Close.

Figure 5 Installation Results

After that you will need to do a reboot.

Page
84
NETWORK ADMINISTRATION CIT-324

After reboot, please open up the "server Manager" again. And then click on
"Roles" there you will see the "Active Directory Domain Services" is
successfully installed in there. click on it then you will get a window like below.

Figure 6 Domain Server Manager

In their please pay attention to the message.

So please click on that link and it will start the DCPROMO wizard.

• So next step to go through the DC promo wizard.

• To start the installation, click on "Next"

Page
85
NETWORK ADMINISTRATION CIT-324

4.3. CONFIGURATION OF ACTIVE DIRECTORY

Step 1 -Start → Run → Type dcpromo to run the ADDS wizard.

• Click on "Next"

Figure 7 Installation Wizard

Step 2 -The message that is shown now relates to older clients that do not
support the new cryptographic algorithms supported by Server 2008 R2. Click
Next to move on.

Figure 8 Operating System Compatibility

Page
86
NETWORK ADMINISTRATION CIT-324

Step 3 -If this is the first forest in your Active Directory environment, select
the option "Create a new domain in a new forest".

Figure 9 Chose a Development Configuration

Step 4 -Pick a name for your forest and root domain. In this window it will ask
to select forest function level. If you going to add server 2003 domain
controller to your forest later don't select the function level as server 2008. If
you going to use full features of 2008 Ad you must select forest function level
as server 2008. In my case I used server 2008. Click on "Next" after the select.

Page
87
NETWORK ADMINISTRATION CIT-324

Figure 10 Chose a Name Forest Root Domain

Step 5 -Since this is the first DC in our domain, we can change our forest
functional level to Server 2008 R2.

Figure 11 Set Forest Functional Level

Page
88
NETWORK ADMINISTRATION CIT-324

Step 6 -Include DNS in this installation as this will allow you to have an AD
Integrated DNS Zone. When you click Next, you will see a message asking you
to confirm your selections. Click yes to continue.

Figure 12 Domain Controller Option

Step 7 -Select the folder where your database, log files and SYSVOL will be
stored. It is recommended to stick to the default settings.

Page
89
NETWORK ADMINISTRATION CIT-324

Figure 13 Database Location

Step 8 - Enter a unique Active Directory Restore Mode password that will be
used during recovery.

Figure 14 Directory Restore Mode

Step 9 - Next window is giving you a brief of the installation. Click on "Next"
Page
90
NETWORK ADMINISTRATION CIT-324

Figure 15 (a) Summary

Then it will start the installation of the AD. It will take some time to complete.
After complete of the installation perform a server reboot.

Figure 15 (b) Summary

After the reboot now you can login to the domain. Please use the login as
following example

Page
91
NETWORK ADMINISTRATION CIT-324

User name: your domain\administrator

Password: XXXXXXXX

Now it’s done and you can view the active directory options on
administrative tools menu

Active Directory Advantages and Disadvantages

Advantages
• Enables users to sign in using usernames and passwords that are used
elsewhere.
• Creating and maintaining user accounts is no longer needed.
• Computer policies can be created to automatically update and secure
workstations.
• Sharing resources such as files and printers is easier all users have
access to set permissions.
• No longer need to provide a username and password for Outlook
emails.
• It is more secure than other directory services (Logon Authentication).
• It is easy to manage, administrate and control.
• Increased scalability.
• The speed of which it is able to provide domain names.
• Simple identity management as you can view all user information.
• Let’s you manage your network from one point.
Page
92
NETWORK ADMINISTRATION CIT-324

• It is also easy to set up and use.

Disadvantages
• It can be expensive as you will need Windows Server 2000 licences and
you may need to upgrade the hardware on the server so it can run
Windows Server 2000.
• Active directory is OS dependent meaning that it will only work with
Windows server software.
• High maintenance costs.
• If the Active Directory goes down so does your network.
• If it is set up wrong it can take time and money to remove it and set it
up again.
• It is prone to being hacked.
• Cost of the infrastructure can be high.
• You need to have good planning to set it u properly.
• It also has a complex infrastructure for the user.

Improvements
You could improve Active Directory by:
• Making it more secure from hackers.
• Making it compatible with other operating systems other than
Windows.
• Making the installation and setup process simpler.

De-Installation of Active Directory & How to remove Active

Directory in Windows Server 2008?
1. Run "dcpromo" in your Windows Active Directory environment.
2. This opens up the Active Directory Installation Wizard. This wizard is
used to promote a server to a DC, as well as remove Active Directory
from a server.
3. Delete the domain - If this is the last Domain controller in your
domain, then this domain will be deleted.

Page
93
NETWORK ADMINISTRATION CIT-324

Figure 16 Delete the Domain

1. Remove Application directory partitions - Remove all replicas of the

directory partitions stored in this domain controller. Confirm
complete removal of all directory partitions in this domain controller.

Figure 17 Remove Application Directory Partition

Page
94
NETWORK ADMINISTRATION CIT-324

Figure 18 Confirm Deletion

2. Remove DNS delegation - This domain controller contains Active

Directory integrated DNS zones that need to be removed along with
Active Directory Domain Services. This requires administrative
privileges.

Figure 19 Remove DNS

Page
95
NETWORK ADMINISTRATION CIT-324

Figure 20 Remove DNS Delegation

3. Review your selections- After completing all the steps, confirm all the
selections you have made and click Next. This wizard is configuring
Active Directory Domain Services. This process can take from a few
minutes to several hours, depending on your environment and the
options that you selected.

Figure 20 Summary
Page
96
NETWORK ADMINISTRATION CIT-324

4. The computer is rebooted to complete the removal of Active Directory from

your Windows 2008 Server.

Figure 21 Installation Wizard

4.4. ROLES OF ACTIVE DIRECTORY

An active directory administrator is a key player in the information

technology (IT) workforce. Their job duties include managing domains,
auditing user permissions across platforms, developing strategies for disaster
recovery, offering technical support to users, and ensuring compliance with
regulations and policies. The qualifications for a career as an active directory
administrator include a bachelor’s degree in IT or computer science, strong
troubleshooting and problem-solving skills, a teamwork mentality, and
experience with active directory domains.

Active Directory uses a multiple-master model, and usually, domain

controllers (DCs) are equal with each other in reading and writing directory
information. However, certain roles cannot be distributed across all the DCs,
meaning that changes can’t take place on more than one domain controller at
a time. Some domain controllers, therefore, do assume a single-master
operations role known as operations masters in Active Directory.

The five categories of operations master roles are:

Page
97
NETWORK ADMINISTRATION CIT-324

Schema master (one per forest): Maintains the master copy of the schema.

PDC emulator (one per domain): Emulates a primary domain controller for
backward compatibility with Windows NT.

Domain naming master (one per forest): Tracks object names throughout a
forest to ensure that they’re unique. Also tracks cross-references to objects in
other directories.

Infrastructure master (one per domain): Tracks object references among

domains and maintains a list of deleted child objects.

Relative identifier (RID) master (one per domain): Tracks the assignment of
SIDs (security identifiers) throughout the domain. Usually, the first domain
controller that you create in the first domain assumes the operations master
roles. You can assign these roles to other domain controllers in the domain or
forest, but only one domain controller at a time can hold each operation’s
master role.

Add Active Directory Domain Services Role

Note: These steps show a manual process to add the Active Directory Domain
Services Role to a Windows Server 2008 machine. These steps are included to
demonstrate ground-up installations...

1. Select Start > Administrative Tools > Server Manager.

Page
98
NETWORK ADMINISTRATION CIT-324

2. Server Manager appears. Select Roles on the left and click Add Roles.

3. The Add Roles Wizard appears. By default, the Before You

Begin information screen is shown. Click Next.

4. The Select Server Roles screen appears.

Page
99
NETWORK ADMINISTRATION CIT-324

5. Select Active Directory Domain Services and click Next. If .NET 3.5.1 is not
installed, the wizard prompts you to install it.

Note: Installing .NET 3.5.1 will require access to the Internet or access to a
copy of the .NET 3.5.1 installer executable. Click Add Required Features to
install .NET 3.5.1 from the wizard.

6. The Active Directory Domain Services informational screen appears. Read

it and click Next.

Page
100
NETWORK ADMINISTRATION CIT-324

7. The Confirm Installation Selections screen appears. Confirm your

selections and click Install.

Note: The wizard reminds you to run dcpromo.exe after installing Active
Directory Domain Services. Those steps are detailed in Run dcpromo.exe.

8. The installation runs and the Installation Progress screen appears.

Page
101
NETWORK ADMINISTRATION CIT-324

9. The installation completes and the Installation Results screen appears.

10. Click Close to complete the wizard. You return to Server Manager.

Page
102
NETWORK ADMINISTRATION CIT-324

Note: The Active Directory Domain Services role now appears

under Roles in Server Manager.

4.5. USERS, COMPUTER GROUPS IN ACTIVE

In this section of Active Direction Domain Service some administrative and

management level settings are made and setup the whole domain depends on
these settings.

Page
103
NETWORK ADMINISTRATION CIT-324

Users:

The following the settings regarding user are made here:

New users are created and configured.

Profile COM+

Member of General

Dial in Account

Environment Address

Session Telephones

Remote Control Organization

Terminal Services Profile

Groups:

New containers/ organizational units and groups of users are created,

the only purpose of these groups and containers is to set their own individual
group policies for their rights and restrictions. These groups and containers are
manageable entities as per the policies framed by an organization.

Computers:

The users and computers have somehow the same behavior with
different scope and potential. If one user has some policies applied on, he/ she
may be login anywhere within the domain will be facing same type of
privileges and at the same time if the same person logins on some computer
where some other policies have been implemented about domain computers
will be applied on that user. So the policies for a user are applied on a user and
policies on a computer applied both the computer and the user who logs in
that computer

DNS

The Domain Name System (DNS) Server is a server that is specifically

used for matching website hostnames (like example.com) to their

Page
104
NETWORK ADMINISTRATION CIT-324

corresponding Internet Protocol or IP addresses. The DNS server contains a

database of public IP addresses and their corresponding domain names .

DHCP Server

A DHCP Server is a network server that automatically provides and

assigns IP addresses, default gateways and other network parameters to client
devices. DHCP servers usually assign each client with a unique dynamic IP
address, which changes when the client's lease for that IP address has expired.

Creating an Organizational Unit

1. Start by opening up your Server Manager, then expand the Roles

section.

2. Next expand the Active Directory Domain Services section and click
on Active Directory Users and Computers.

Page
105
NETWORK ADMINISTRATION CIT-324

3. At this point you should be able to see your domain. In our example we
are using the domain. Go ahead and expand your domain.

Page
106
NETWORK ADMINISTRATION CIT-324

4. 4. Now we need to create an Organizational Unit for a group to live in.

In our example we are going to create an OU for our Ops Team.

To create a new Organization Unit, right-click on your domain name, point to

the new option and then select Organizational Unit.

5. 5. Type in the name of your OU and make sure that the box is checked
next to Protect container from accidental deletion. When done, click OK.

6. 6. We now have a new Organizational Unit in our Active Directory

called OpsOU.

Page
107
NETWORK ADMINISTRATION CIT-324

Creating a New Group

After you create an Organizational Unit in your Active Directory, you are
ready to create your first group. Go ahead and select your OU and then right-
click in the blank area.

Page
108
NETWORK ADMINISTRATION CIT-324

2. Next, point to New and then select Group.

3. The next step is to name your Group, select the scope and then select
the type.

In this example we are going to name our group OpsUSers. We are also going
to leave the default selections for group scope, which is Global, and group
type, which is Security. When you are ready, click OK.

Page
109
NETWORK ADMINISTRATION CIT-324

4. Our new group has been created!

Moving Accounts into a Group

1. In order to move pre-existing accounts into a group, you need to hold
down the Control key and click on all the User or Computer accounts
that you want to move into that group.

Page
110
NETWORK ADMINISTRATION CIT-324

2. Then you need to right-click on any one of those accounts and select Add
to a group.

3. Next, you need to type in the group name and let the machine find it.

In our example, I will type in OpsUsers and then click on the Check
names button. Once the name is verified and group name is found, the text
will become underlined and you can click the OK button. Since we know our
group exists, we are going to click OK without verification.

4. Now all of these accounts are part of our OpsUSers group.

Page
111
NETWORK ADMINISTRATION CIT-324

Note: Another way of accomplishing this would be to click on an account, hold

it, then drag and drop it into a particular group. Depending on how much you
like to use your mouse and how much time you have this may or may not be
your preferred way of accomplishing this task.

Page
112
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is Active Directory?

(a) A database for storing user and computer account information

(b) A web server application for hosting websites

(c) A file server for sharing documents and media files

(d) A network protocol for routing data packets

Q.2: What is the primary purpose of Active Directory?

(a) To enable easy deployment and management of network

applications and services

(b) To allow for secure authentication and authorization of network

users and devices

(c) To provide a centralized management platform for network

resources

(d) To optimize network performance and reliability through load

balancing and traffic management

Q.3: Which of the following is a valid method for creating a user account in
Active Directory?

(a) Using the "Add User" wizard in the Active Directory Administrative
Center

(b) Creating a new folder on the server and assigning user permissions

(d) Installing a third-party software application for managing user

accounts

Q.4: Active directory was introduced in _________?

Page
113
NETWORK ADMINISTRATION CIT-324

(a) 1996 (b) 1997

(c) 1998 (d) None of the Above

Q.5: Active Directory uses _______?

(a) DNS (b) Lightweight Directory Access Protocol

(c) Microsoft's version of Kerberos (d) All of the above

Q.6: Active Directory and a Windows-based file server are not required to
implement ________ on client Windows computers?

(a) Windows 2000 (b) Internet Explorer

(c) Windows Registry (d) Roaming user profile

Q.7: Active Directory is a technology created by ________?

(a) Microsoft (b) IBM

(c) Google (d) None of the Above

Q.8: What is the purpose of Group Policy in Active Directory?

(a) To manage network security and access permissions

(b) To provide a centralized platform for managing network resources

(c) To enable secure communication between network devices

(d) To enforce configuration settings and restrictions on network

clients

Q.9: Which of the following is a feature of Active Directory Certificate

Services (AD CS

(a) Smart card authentication (b) Network Access Protection

(c) Virtual Private Network (VPN) support

(d) Secure Sockets Layer (SSL) encryption

Page
114
NETWORK ADMINISTRATION CIT-324

Q.10: What is the purpose of Active Directory Sites and Services?

(a) To manage replication of directory data between domain

controllers in different locations

(b) To manage network traffic and load balancing across multiple

servers

(c) To provide a centralized platform for managing network resources

(d) To enable secure communication between network devices

Q.11: What is the purpose of the Global Catalog in Active Directory

(a) To store all the data in Active Directory

(b) To provide a list of all the available domain controllers

(d) To provide authentication services to users

Q.12: What is the function of the Active Directory Schema?

(a) To store information about the Active Directory Forest

(b) To define the structure of the Active Directory database

(c) To provide authentication services to users

(d) To manage user accounts and permissions

Q.13: What is the purpose of the Active Directory Sites and Services tool?

(a) To manage Active Directory domain controllers

(b) To manage Active Directory users and groups

(c) To manage DNS servers

(d) To manage DHCP servers

Page
115
NETWORK ADMINISTRATION CIT-324

Q.14: What is the purpose of an Organizational Unit (OU) in Active Directory?

(a) To provide a logical way to organize resources

(b) To provide authentication services to users

(c) To manage DNS servers

(d) To manage DHCP servers

Q.15: What is the purpose of a Group Policy Object (GPO) in Active Directory?

(a) To define settings for users and computers in a domain

(b) To manage DNS servers

(c) To provide authentication services to users

(d) To manage DHCP servers

ANSWER KEY

Q.1 (a) Q.2 (c) Q.3 (a) Q.4 (b) Q.5 (c)
Q.6 (a) Q.7 (a) Q.8 (d) Q.9 (a) Q.10 (a)
Q.11 (c) Q.12 (b) Q.13 (a) Q.14 (a) Q.15 (a)

Page
116
NETWORK ADMINISTRATION CIT-324

Short Questions

1. What is active directory?

2. Write two roles of active directory?
3. Describe the function of active directory domain services (ADDS) in a
domain?
4. What is the feature of active directory?
5. What are the services of active directory?
6. What is the role of active directory?
7. Define User?
8. Describe DHCP?
9. Define DNS?
10. Define Groups?

Long Questions

1. What is active directory and also describe its advantages and

disadvantages?
2. Write down the features in windows server 2008 R2?
3. Write down the installation steps of active directory?
4. Write down the configuration steps of active directory?
5. Write down the de-installation steps of active directory?

CHAPTER 05 MICROSOFT WINDOWS

SERVER 2008 NETWORK INFRASTRUCTURE

Objectives
After completion of this chapter students will be able to:

What does Network Infrastructure mean?

Network infrastructure is the hardware and software resources of an
entire network that enable network connectivity, communication, operations
and management of an enterprise network. It provides the communication
path and services between users, processes, applications, services and
external networks/the internet.

Page
118
NETWORK ADMINISTRATION CIT-324

5.1. SERVER’S NETWORK INFRASTRUCTURE

Network Infrastructure
Network infrastructure is typically part of the IT infrastructure found in
most enterprise IT environments. The entire network infrastructure is
interconnected, and can be used for internal communications, external
communications or both. A typical network infrastructure includes:

1. Networking Hardware:
• Routers
• Switches
• LAN cards
• Wireless routers
• Cables
2. Networking Software:
• Network operations and management
• Operating systems
• Firewall
• Network security applications
3. Network Services:
• T-1 Line
• DSL
• Satellite
• Wireless protocols
• IP addressing

5.2. MAJOR FEATURES AND FUNCTIONS

The function of a computer server is to store, retrieve and send

computer files and data to other computers on a network. Many businesses
use a local network to connect a number of computers. On a larger scale, the
worldwide computer network known as the Internet depends on a large

Page
119
NETWORK ADMINISTRATION CIT-324

number of servers located around the world. The files, data and functionality
of a given website is based on servers.

Figure 1 Server and Network Infrastructure

Servers have more processing power, memory and storage than their client
computers. The client is the computer that is not acting as the server and is
requesting information from the server. When computers are connected in
some physical or wireless way and sharing services or information, this is
referred to as a computer network. A computer network requires at least two
participants, with at least one of them acting as a client and at least one acting
as a server.

Numerous systems use this client-server networking model, including

websites and email services. An alternative model, peer-to-peer networking,
enables all computers to act as either a server or a client. Hardware
requirements for servers vary depending on the server applications and the
number of clients. Servers run for long periods without interruption, so
hardware reliability and durability are extremely important. Servers are noisy
and need a stable power supply, good Internet access and increased security,
so they are usually stored in a dedicated server room or center.

Major features and functions of Microsoft Windows Server 2008 R-2 as given
as.

Server Core: Windows Server 2008 includes a variation of installation called

Server Core. A Server Core installation can be configured for several basic
roles, including the domain controller (Active Directory Domain Services),
Active Directory Lightweight Directory Services (formerly known as Active
Directory Application Mode), DNS Server, DHCP server, file server, print server,

Page
120
NETWORK ADMINISTRATION CIT-324

Windows Media Server, Internet Information Services 7 web server and Hyper-
V virtual server roles. Server Core can also be used to create a cluster with high
availability using failover clustering or network load balancing.

Active Directory: The Active Directory domain functionality that was retained
from Windows Server 2003 was renamed to Active Directory Domain Services
(ADDS)

Failover Clustering: Windows Server 2008 offers high availability to services

and applications through Failover Clustering. Most server features and roles
can be kept running with little to no downtime.

Disk management and file storage: The ability to resize hard disk partitions
without stopping the server, even the system partition.

Hyper-V: Hyper-V is hypervisor-based virtualization software, forming a core

part of Microsoft's virtualization strategy.

Windows System Resource Manager: Windows System Resource Manager

(WSRM) is integrated into Windows Server 2008. It provides resource
management and can be used to control the number of resources a process or
a user can use based on business priorities.

Server Manager: Server Manager is a new roles-based management tool for

Windows Server 2008.It is a combination of Manage Your Server and Security
Configuration Wizard from Windows Server 2003

Windows Deployment Services (WDS) replacing Automated Deployment

Services Windows Server 2008 home entertainment and Remote Installation
Services. Windows Deployment Services supports an enhanced multicast
feature when deploying operating system images.

5.3. UNDERSTANDING AND CONFIGURING IP

An internal network is made up of devices connected to a LAN (local area

network) using Wi-Fi or Ethernet switches. Every device on a LAN must have a

Page
121
NETWORK ADMINISTRATION CIT-324

unique identifying number or IP address assigned to it to identify the device

and its location on the network. On a private internal network devices use IPV4
addresses which consist of 4 numbers separated by dots.

An example of IPV4 address - 192.168.1.1

The first part of the address is the devices network location and the last part
is known as its host address. Typically, the network location is the first 3 sets
of numbers and the host address is the last number.

Figure 2 Understanding IP Address

A network address is divided according to the subnet mask. The most common
subnet is 255.255.255.0 which divides the network address as show in the
image above. The host number can be anything from 001 to 255 and should
be unique for every device. This allows up to 255 devices to communicate
within the same part of the network. Although the number of devices can be
extended beyond 255 by using a different subnet this is more advanced and is
typically only found in very large commercial networks.

Understanding and configuring IP Address.

How to assign Static IP Address in Windows Server 2008?

1. Go to control Pannel

Click Start -----> Click ‘Control Pannel’

Page
122
NETWORK ADMINISTRATION CIT-324

2. Go to 'Network and Internet’

Click 'View Network status and tasks’

3. Go to 'Setting Adapter'

Click 'Change Adapter settings'

Page
123
NETWORK ADMINISTRATION CIT-324

4. Go to Adapter Properties settings

Right click on 'Local Area Connection' and click on 'Properties'

5. Go to TCP/IP settings

Click on 'Internet Protocol Version 4 (TCP/IPv4)' to highlight and select this

item and then click on 'Properties'.

Page
124
NETWORK ADMINISTRATION CIT-324

6. Enter correct IP information’s

Enter correct Ip information’s and click 'OK'

7. Done

Page
125
NETWORK ADMINISTRATION CIT-324

5.4. CONFIGURING NAME RESOLUTION

DNS is a host name to IP address translation service. DNS is a distributed

database implemented in a hierarchy of name servers. It is an application layer
protocol for message exchange between clients and servers. DNS is part of the
TCP/IP family of protocols and utilities. Microsoft and other companies offer
different versions of DNS that run on various OSs (most commonly the various
versions of UNIX). The domain part of DNS refers to Internet domains, not the
NT domain model.

The Internet is divided into domains, each of which serves a different group of
users. These domains include .com, .edu, .gov, and .mil. A top-level Internet
server, called a root name server (a name that makes sense if you think of the
Internet as an inverted tree structure), manages each of these domains.

The Domain Name System (DNS) is a hierarchical distributed naming system

for computers, services, or any resource connected to the Internet or a private
network. Most importantly, it translates domain names meaningful to humans
into the numerical identifiers associated with networking equipment for the
purpose of locating and addressing these devices worldwide. However, most
Windows administrators still rely on the Windows Internet Name Service
(WINS) for name resolution on local area networks and some have little or no
experience with DNS. We’ll explain how to install, configure, and troubleshoot
a Windows Server 2008 DNS server.

Requirement

Every host is identified by the IP address but remembering numbers is very

difficult for the people and also the IP addresses are not static therefore a
mapping is required to change the domain name to IP address. So, DNS is used
to convert the domain name of the websites to their numerical IP address.

Domain
There are various kinds of DOMAIN:
1. Generic domain: com(commercial) .edu (educational) .mil (military)
.org (non profit organization) .net (similar to commercial) all these are
generic domain.
Page
126
NETWORK ADMINISTRATION CIT-324

2. Country domain .pk (Pakistan) .us .uk

3. Inverse domain if we want to know what is the domain name of the
website. Ip to domain name mapping. So, DNS can provide both the
mapping for example to find the ip addresses of geeksforgeeks.org
then we have to type nslookup www.geeksforgeeks.org.

Figure 13 DNS Server

Install Windows DNS Server

1. Click on the Start Menu, Administrative Tools and Launch Server Manager.

Page
127
NETWORK ADMINISTRATION CIT-324

2. Select the Roles node and click the Add Roles link.

3. Select the DNS Server role check box and click Next.

4. Click Install to begin installation.

Whenever configuring your DNS server, you must be known about following
concepts:

• Forward lookup zone

Forward Lookup Zones allow the DNS Server to resolve queries where
the client sends a name to the DNS Server to request the IP address of
the requested host.

• Reverse lookup zone

Reverse Lookup Zones Reverse DNS zones perform the opposite task as
Forward Lookup Zones. They return the fully qualified domain name
(FQDN) of a given IP address.

For example, a client could send the IP address of 69.163.177.2 to a DNS

Server. If the server hosted a reverse zone that included that IP address, it
would return the FQDN for that address, such as www.syngress.com.

Page
128
NETWORK ADMINISTRATION CIT-324

• Zone types

Primary zone (stored in AD): These zones are stored in AD and

replicated via normal AD replication. This provides an optimized way to
replicate the zones within your corporate network. Primary zones stored in AD
follow the same multimaster rules as other AD services. This means that you
can perform updates on any AD Domain Controller and they will replicate to
the other Domain Controllers.

Primary zone (standard): Standard Primary zones are stored in a flat file on
the DNS Server. The Primary zone is considered the master copy of the zone
database file. All updates to the zone must be performed on the Primary zone
server.

Secondary zone: Secondary zones are read-only copies of the Primary zones.
Secondary zones replicate a copy of the zone from the Primary zone server to
provide redundancy. Any updates to the zone must be performed on the
Primary zone server.

Stub zone: Stub zones are similar to Secondary zones in that they are read-
only copies of the zone database file. Stub zones, however, contain only the
Name Server (NS), Start of Authority (SOA), and host (A) records for the Name
Servers.

5.5. CONFIGURING DNS SERVER TO CREATE A DNS

ZONE

System administrators can easily perform DNS configuration on Windows

2008 Server for the purpose of creating a DNS zone by using the appropriate
snap-in for the Microsoft Management Console. The snap-in can be found in
the Administrative Tools program folder. First, let's be sure we understand the
difference between a zone and a domain. A zone is merely a small part of a
domain.

Page
129
NETWORK ADMINISTRATION CIT-324

In short, we can say that the domain name server stores information about
part of the domain name space called a zone. The name server is authoritative
for a particular zone. A single name server can be authoritative for many
zones.

To create a new DNS zone:

1. Open the DNS management console from Administrative Tools in
Control Panel.
2. From the Action menu, select New Zone. This opens up the New Zone
Wizard that will guide you through the process.
3. Click Next.
4. The Zone Type dialog box allows you to select one of three types of
zones to create:
o Active Directoryn Integrated. This option stores all DNS
information in the Active Directory. If your entire domain
infrastructure is run on a Windows 2000 platform, this is a good
selection.
o Standard Primary. This option stores the information in a text
file, like most non-Windows 2000 DNS servers. It is useful if you
need to transfer information between different types of DNS
servers.
o Standard Secondary. This option creates a copy of an existing
zone. These are generally used to provide redundancy or load
balancing of DNS on a network. Note: Choosing the proper zone
is critical. If you have any doubts about what to select, choose
Standard Primary.
5. Now, click Next to open the Forward or Reverse Lookup Zone dialog
box.
6. Choose Forward Lookup Zone. A forward lookup zone resolves names
to IP addresses. A reverse lookup zone allows users to resolve an IP
address to a system name. However, reverse zones are rarely used.
7. In the Zone Name dialog box, enter the name of the new zone, for
example, editors.techtarget.com. Zone names can indicate a domain,
such as techtarget.com, or a subdomain, such as
editors.techtarget.com.
Page
130
NETWORK ADMINISTRATION CIT-324

8. Click Next to open the Zone file dialog box. This allows you to select the
name of the zone file, or to load an existing zone file. Zone files are
stored in %winroot%\system32\dns.
9. If this is a new server, select Create New File. If you have a zone file
already, select Use This Existing File.
10. Click Next to open the Completing the New Zone Wizard dialog box,
which will give you a summary of the information you have input.
11. Check the information you have input, as you can still go back and
change it.
12. Click Finish to complete the zone creation.

5.6. CREATING A DHCP INFRASTRUCTURE

DHCP: Dynamic Host Configuration Protocol (DHCP) is an extremely powerful

and popular mechanism by which IP addresses and other related network
information are dynamically assigned to network clients when they are
attached to a network. This provides significant reductions in terms of network
management overheads, particularly on large networks, by avoiding the
necessity to manually assign settings to each client.

DHCP Server infrastructure is a network server that automatically provides

and assigns IP addresses, default gateways and other network parameters to
client devices. It relies on the standard protocol known as Dynamic Host
Configuration Protocol or DHCP to respond to broadcast queries by clients.

A DHCP server automatically sends the required network parameters for

clients to properly communicate on the network. Without it, the network
administrator has to manually set up every client that joins the network, which
can be cumbersome, especially in large networks. DHCP servers usually assign
each client with a unique dynamic IP address, which changes when the client’s
lease for that IP address has expired.

Page
131
NETWORK ADMINISTRATION CIT-324

When to use a router/switch as your DHCP Server

There are many enterprise companies who are still using DHCP for IPv4 on
their routers/switches. This is typically done by the network administrator
who needs to get a DHCP capability up and running quickly but does not have
access to a DHCP server. Most routers/switches have the ability to provide the
following DHCP server support:

• A DHCP client and obtain an interface IPv4 address from an upstream

DHCP service

• A DHCP relay and forward UDP DHCP messages from clients on a LAN
to and from a DHCP server

• A DHCP server whereby the router/switch services DHCP requests

directly. However, there are limitations to using a router/switch as a
DHCP server

• Running a DHCP server on a router/switch consumes resources on the

network device. These DHCP packets are handled in software (not
hardware accelerated forwarding). The resources required make this
practice not suitable for a network with a large number (> 150) of DHCP
clients.

5.7. CONNECTING TO NETWORKS

Normally, we have two ways of connecting to a network, the first method is to

have a wired link for a network through a network switch, and the second way
of connection is wireless, for which a computer needs a wireless ethernet card
by that it could have a connection with a wireless network.

• Connection of a peer-to-peer network

• Connection of client/ server network, that is normally secured one, it needs

user ID and password. There are some specific steps through those a user can
make his computer a part of a domain.

Page
132
NETWORK ADMINISTRATION CIT-324

Step. 1. Client-side Settings: Check the connectivity on Command Prompt --

→ RUN -→ CMD →Ping. If the connectivity shown ok and the result is fine.
Then go to the next step.

step. 2. Right click on the computer → properties → Change Settings →

Computer Name → Change → in member of → write down name of the
domain you want to join then → Click OK. This is the way to join a domain.

5.8. MONITORING COMPUTERS

A responsible network administrator knows how employees or students use

the computers on the network. Whether in a classroom computer lab or on a
work network, the ability to monitor and control the computers on your
network is important.

This monitoring can be performed through Event Viewer by watching different

logs. A solid understanding of how to monitor computers in your organization
is vital for both quickly troubleshooting problems and responding to problems
before they become critical. For troubleshooting problems, monitoring allows
you to gather detailed information about a computer’s state, such as the
processor, memory, and disk utilization. Monitoring can also allow you to be
proactive and identify warning signs that indicate an impending problem
before the problem becomes serious.

Windows has always stored a great deal of important information in the event
logs. Unfortunately, with versions of Windows released prior to Windows
Vista, that information could be very hard to access. Event logs were always
stored on the local computer, and finding important events among the vast
quantity of informational events could be very difficult. With Windows Vista,
Windows Server 2008, and Windows Server 2003 R2, you can collect events
from remote computers (including computers running Windows XP) and
detect problems, such as low disk space, before they become more serious.
Additionally, Windows now includes many more event logs to make it easier
to troubleshoot problems with a specific Windows component or application.

Page
133
NETWORK ADMINISTRATION CIT-324

This lesson will describe how to manage events in Windows Server 2008 and
Windows Vista.

5.9. MANAGING FILES

Many types of documents, including financial spreadsheets, business plans,

and sales presentations, can be shared on your network while remaining
protected from unauthorized access. Windows Server 2008 offers a suite of
technologies to provide both availability and security for documents. To
control access, use NTFS file permissions and Encrypting File System (EFS). To
provide redundancy, create a Distributed File System (DFS) namespace and
use replication to copy files between multiple servers.

You can use quotas to ensure that no single user consumes more than his or
her share of disk space (which might prevent other users from saving files).
Shadow copies and backups allow you to quickly recover from data corruption
and hardware failures. This chapter describes how to use each of these
technologies and explains the new Windows Server 2008 File Services server
role. The following are the parts of file management.

■ Configure a file server.

■ Configure Distributed File System (DFS).

■ Configure shadow copy services.

■ Configure backup and restore.

■ Manage disk quotas.

5.10. MANAGING PRINTERS

Printers are one of an organization’s most complex management challenges.

Because printers must be located physically near users, they’re impossible to
Page
134
NETWORK ADMINISTRATION CIT-324

centralize. Printers require almost constant maintenance because ink must be

replaced, paper must be refilled, and hardware must be fixed. Although
printers will always be a challenge, Windows Server 2008 provides
sophisticated tools to improve manageability and to allow you to quickly
detect problems.

This chapter describes how to install, share, and manage printers. Installing
the Print Services Server Role Windows Server 2008 can share printers without
adding any server roles. However, adding the Print Services server role adds
the Print Management snap-in, which simplifies printer configuration. To
install the Print Services server role, follow these steps:

1. In Server Manager, right-click Roles, and then choose Add Roles. The
Add Roles Wizard appears.
2. On the Before You Begin page, click Next.
3. On the Server Roles page, select the Print Services check box. Click
Next.
4. On the Print Services page, click Next.
5. On the Select Role Services page, select the appropriate check boxes
for the following roles, and then click Next:
o Print Server Installs the Print Management snap-in, described
later in this lesson. This is sufficient for allowing Windows and
many non-Windows clients to print.
o LPD Service Allows clients to print using the Line Printer
Daemon (LPD) protocol, which is commonly used by UNIX
clients.
o Internet Printing Allows clients to print using Internet Printing
Protocol (IPP) and creates a Web site where users can manage
print jobs using their Web browser. This role service requires
Internet Information Services (IIS).
6. If you are prompted to install the Web Server (IIS) role service, click
Add Required Role Services, and then click Next.
7. If the Web Server (IIS) page appears because you selected the Internet
Printing role service, click Next. Then, on the Select Role Services page,
configure the required IIS role services and click Next again.
8. On the Confirm Installation Selections page, click Install.

Page
135
NETWORK ADMINISTRATION CIT-324

9. On the Installation Results page, click Close.

Before attempting to use the Print Services management tools, close and
reopen Server Manager. You can access the Print Services tools using the
Roles\Print Services node in Server Manager. Installing Printers To allow
printers to be physically accessible to users while keeping print servers
secured, most modern printers are connected to the network.

Although users can print directly to network printers, using a print server gives
you stronger management capabilities. The following sections describe how to
install printers using either the Control Panel or the Print Management snap-
in. Installing a Printer Using Control Panel After connecting a printer either to
the network or to a server, follow these steps to install it using Control Panel
(the exact steps vary depending on the type of printer you install):

1. Click Start, and then choose Control Panel.

2. In the Control Panel Home view of Control Panel, below Hardware and
Sound, click Printer.
3. Double-click Add Printer. The Add Printer wizard appears.
4. On the Choose A Local or Network Printer page, if the printer is
attached directly to the server, click Add A Local Printer. If the printer
is wireless or attached to the network, click Add A Network, Wireless,
Or Bluetooth Printer.
5. If the Choose A Printer Port page appears, select the physical port to
which the printer is attached, as shown.
6. If you are installing a network printer, select the printer or click the
printer that I want isn’t listed and specify the network location of the
printer. Click next.
7. If you are installing a network printer and you select ‘Add a printer
using a TCP/IP address or hostname’, you next see the Type A Printer
Hostname or IP Address page. In the Hostname or IP Address text box,
type the name or IP address of the printer. Click Next. The Network
Printer Installation Wizard, described in the following section,
“Installing a Printer Using the Print Management Snap-in,” does a
much better job of finding network printers.
8. If the Install the Printer Driver page appears, select a manufacturer and
printer to use a driver included with Windows Server 2008. To retrieve
Page
136
NETWORK ADMINISTRATION CIT-324

updated drivers from the Microsoft Web site, click Windows Update.
To use a driver included with the printer or downloaded from the
manufacturer’s web site, click Have Disk, select the driver, and then
click OK. Click Next.
9. On the Type a Printer Name page, type a name for the printer, and then
click Next.
10. On the Printer Sharing page, choose whether to share the printer. If
you do share the printer, type a location that will allow users to
physically find the printer. Click Next.
11. Click Finish. The printer is immediately available for use from the
server. If you chose to share the printer, it is also accessible to
authorized users.

Page
137
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is the purpose of a network switch?

(a) To connect computers to the internet

(b) To manage network security

(c) To allow devices on a network to communicate with each other

(d) To perform backups of network data

Q.2: What is the purpose of a router in a network?

(a) To connect devices on a network to the internet

(b) To manage network security

(c) To allow devices on a network to communicate with each other

(d) To perform backups of network data

Q.3: What is a subnet mask used for?

(a) To identify devices on a network

(b) To identify the network portion of an IP address

(c) To identify the host portion of an IP address

(d) To identify the broadcast address for a network

Q.4: What is the purpose of a firewall in a network?

(a) To connect devices on a network to the internet

(b) To manage network security

(c) To allow devices on a network to communicate with each other

(d) To perform backups of network data

Q.5: What is the purpose of a DNS server in a network?

Page
138
NETWORK ADMINISTRATION CIT-324

(a) To manage network security

(b) To connect devices on a network to the internet

(c) To translate domain names into IP addresses

(d) To perform backups of network data

Q.6: What is the purpose of a DHCP server in a network?

(a) To manage network security

(b) To connect devices on a network to the internet

(c) To translate domain names into IP addresses

(d) To assign IP addresses to devices on a network

Q.7: What is the purpose of a load balancer in a network?

(a) To manage network security

(b) To connect devices on a network to the internet

(c) To distribute network traffic across multiple servers

(d) To perform backups of network data

Q.8: A server protocol that automatically provides an Internet Protocol (IP)

host with its IP address is:

(a) DHCP (b) DNS

(c) NAT (d) VPN

Q.9: While installing windows where the operating system is handled?

(a) While configuring Computer Bios (b) While booting system

Page
139
NETWORK ADMINISTRATION CIT-324

Q.10: How computer resources are managed?

(a) Domain name system (b) Being Client

(c) Cloud computing (d) Using Server

Q.11: Translates requests for specified Domains into IP address:

(a) DNS (b) Active directory

(c) Network Address Translation (d) VPN

Q.12: There are ____ types of DNS?

(a) Five (b) Four

(c) Three (d) Two

Q.13: ____ DNS servers contain zone file copies that are read-only, meaning
they cannot be modified

(a) Primary server (b) Secondary Server

(c) Printer server (d) Cache Server

Q.14: IPv6 addresses have a size of?

(a) 64 bits (b) 128 bits

(c) 256 bits (d) 512 bits

Q.15: A computer system that act as relay between Client and server is
_________?

(a) Proxy server (b) File Server

(c) Utility Server (d) Printer Server

Page
140
NETWORK ADMINISTRATION CIT-324

ANSWER KEY

Q.1 (c) Q.2 (a) Q.3 (b) Q.4 (b) Q.5 (c)
Q.6 (d) Q.7 (c) Q.8 (a) Q.9 (a) Q.10 (d)
Q.11 (a) Q.12 (c) Q.13 (b) Q.14 (b) Q.15 (a)

Short Questions

1. How does network infrastructure means?

2. What is the major function of Network infrastructure?
3. What are the networking features?
4. Difference between network hardware and software services?
5. Shortly describe the function of computer server?
6. Define IP address?
7. Define Domain Name Server (DNS)?
8. Define DHCP Server infrastructure?
9. How to connect a networking?
10. Define Network monitoring?
11. What is file management?
12. What is Print management?

Long Questions

1. What is servers network infrastructure and also describe its features?

2. What is IP address and describe how to configure IP address?
3. What is DNS and also describe how to install DNS server?
4. Explain how to connecting to the network?
5. Write down the steps to manage a printer?

Page
141
NETWORK ADMINISTRATION CIT-324

Bibliography
1. MSCE Study Guide, Alan R. Carter, Comdex Computer Publishing.
2. Computer networks by Behrouz A. Forouzan.pdf.
3. Supporting Microsoft Windows Server 2008, Microsoft Press.
4. Administering Microsoft Windows VISTA, Microsoft Press.
5. TCP/IP Training, Microsoft Press.
6. Networking Essentials, Microsoft Press.
7. Microsoft Windows Exchange Server, Microsoft Press.
8. Microsoft TMG Server, Microsoft Press.

Page
142
NETWORK ADMINISTRATION CIT-324

CHAPTER 06 MICROSOFT EXCHANGE

SERVER 2013

Objectives
After completion of this chapter students will be able to:

6.1 Exchange Server 2013 Prerequisites, Requirements and Deployment

6.2 Overview of the Mailbox Server Role
6.3 Plan, Deploy and configure the Mailbox Server
6.4 Managing Exchange Server 2013 Mailboxes and Other Exchange Recipients
6.5 Planning and Implementing Public Folder Mailboxes, Address Lists and Policies

6.1. EXCHANGE SERVER 2013 PREREQUISITES,

REQUIREMENTS AND DEPLOYMENT

“Exchange” is the common name for the Microsoft Exchange messaging

server. A server is a “computer” that allows multiple computers connected to
it to have Internet, network, email and other services. A server manages
Internet traffic and requests for stored information. The Exchange email server
has the ability to distribute emails on an individual or group, by using Microsoft
Outlook specifically as its email client.

Microsoft Exchange Server is Microsoft's email, calendaring, contact,

scheduling and collaboration platform deployed on the Windows Server
operating system for use within a business or larger enterprise.

Page
143
NETWORK ADMINISTRATION CIT-324

Exchange Server 2013 Server Roles:

Exchange 2013 has three server roles that can be installed:

• Client Access server

• Mailbox server
• Edge Transport server

Exchange Server 2013 client Access Server:

The Client Access server role is the server that clients (eg Outlook, Outlook
Web App, ActiveSync) connect to for mailbox access. The Client Access server
authenticates, and redirects or proxies those requests to the appropriate
Mailbox server.

Exchange Server 2013 Mail Box Server:

Mailbox servers host the databases that contain mailbox and public folder data. As
with Exchange 2010 the Exchange 2013 Mailbox server role can be made highly
available by configuring a Database Availability Group.

Exchange Server 2013 Edge Transport Server:

The Edge Transport role can be used to satisfy the requirement that some
organizations have to not permit any direct communications from the internet
to internal networks.

Exchange Server 2013 Requirements:

• 64Bit CPU.
• 8GB RAM for MBX, 4GB for CAS, or 8GB for Multi-Role.
• Page File = RAM + 10MB.
• 30GB Free on install drive plus 500MB for each language pack.
• 200MB free on system drive.
• 500MB free on queue drive.
• Disks formatted as NTFS.

Page
144
NETWORK ADMINISTRATION CIT-324

Setup and install all Exchange Server 2013 prerequisites:

1. The minimum requirement for Active Directory at this point is the

forest functional level set at least to Windows Server 2003

My current domain controller is Windows Server 2008 R2 and the forest

functional level is Windows Server 2008.

Page
145
NETWORK ADMINISTRATION CIT-324

2. Join the server to the Domain. Exchange Server needs to be a domain

member.

Exchange Server 2013 will update Active Directory schema. Make sure the
user you are going to login with is a domain user that has the following
privileges: Domain Admin, Enterprise Admin and Schema Admin.

Page
146
NETWORK ADMINISTRATION CIT-324

3. Make sure server is fully updated before running Exchange Server

setup.

4. Install Windows Features using PowerShell

Run Windows PowerShell as Administrator and Paste the following:

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-

Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-
Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-
PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-
Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-
Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-
Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console,
Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45,
Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-
Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation,
RSAT-ADDS

Page
147
NETWORK ADMINISTRATION CIT-324

Installation will start

After installation is completed, a restart is required. So close everything and

reboot your server.

Page
148
NETWORK ADMINISTRATION CIT-324

5. Prepare Active Directory Domain by running the following command

inside an elevated command prompt:

Setup /PrepareAD /OrganizationName: OrganizationName/

IAcceptExchangeServerLicenseTerms

Where OrganizationName is your Exchange Server Organization name In

Windows Server 2013 Start Screen, type cmd and from the left side pane,
right click on Command prompt and choose Run as administrator.

Page
149
NETWORK ADMINISTRATION CIT-324

Browse to the Exchange Setup files, in my case, the DVD drive letter is E: , then type
the below command and hit Enter

Setup /PrepareAD /OrganizationName:ELMAJDAL/

IAcceptExchangeServerLicenseTerms

Note: My Organization Name is ELMAJDAL, so replace ELMAJDAL with your

organization name.

Organization preparation will be completed.

6. Download and Install Microsoft Unified Communications Managed API

4.0, Core Runtime 64-bit

Page
150
NETWORK ADMINISTRATION CIT-324

Run the installer and Click Next

Accept the license terms and then click Install

Page
151
NETWORK ADMINISTRATION CIT-324

When installation is completed, click Finish

7. Download and Install Microsoft Office 2010 Filter Packs 64 bit

Page
152
NETWORK ADMINISTRATION CIT-324

Once download is completed, run the Filter Pack setup, and then click Next
on the Welcome to the Microsoft Filter Pack 2.0 Setup Wizard page

Accept the license terms and click Next

Page
153
NETWORK ADMINISTRATION CIT-324

Filter Pack 2.0 will be installed successfully, click OK

8. Download and Install Microsoft Office 2010 Filter Packs SP1 64 bit.

Page
154
NETWORK ADMINISTRATION CIT-324

After we installed Microsoft Filter Packs 2.0 64bit, we need to update it to SP1. Run
the setup, accept the license terms and click Continue.

With the installation of Service Pack 1 for Microsoft Filter Pack 2010 64bit,
our Server is up and ready for Exchange Server 2013 installation.

6.2. OVERVIEW OF MAILBOX SERVER:

In Microsoft Exchange Server 2010, the Mailbox server role hosted both
mailbox and public folder databases and also provided email message storage.
Page
155
NETWORK ADMINISTRATION CIT-324

Now, in Exchange Server 2013, the Mailbox server role also includes the Client
Access protocols, Transport service, mailbox databases, and Unified
Messaging components.

In Exchange 2013, the Mailbox server role interacts directly with Active
Directory, the Client Access server, and Microsoft Outlook clients in the
following process:

• The Mailbox server uses LDAP to access recipient, server, and

organization configuration information from Active Directory.
• The Client Access server sends requests from clients to the Mailbox
server and returns data from the Mailbox server to the clients. The
Client Access server also accesses online address book (OAB) files on
the Mailbox server through NetBIOS file sharing. The Client Access
server sends messages, free/busy data, client profile settings, and
OAB data between the client and the Mailbox server.
• Outlook clients inside your firewall access the Client Access server to
send and retrieve messages. Outlook clients outside the firewall can
access the Client Access server by using Outlook Anywhere (which
uses the RPC over HTTP Proxy component).
• Public folder mailboxes are accessible via RPC over HTTP, regardless
of whether the client is outside or inside the firewall.
• The administrator-only computer retrieves Active Directory topology
information from the Microsoft Exchange Active Directory Topology
service. It also retrieves email address policy information and address
list information.
• The Client Access server uses LDAP or Name Service Provider
Interface (NSPI) to contact the Active Directory server and retrieve
users' Active Directory information.

Page
156
NETWORK ADMINISTRATION CIT-324

6.3. PLAN, DEPLOY AND CONFIGURE THE

MAILBOX SERVER:

Plan the Mailbox Server:

Deploying the mailbox role requires the careful planning of mailbox role
components. Despite advancements in storage technologies and improved I/O
characteristics, it’s detrimental to deploy mailbox storage without considering
storage characteristics, such as disk latency. Capacity planning is also just as
important. With 16 terabytes as the supported maximum database size, it
could be tempting to maximize database size with larger Serial ATA (SATA)
disks. When considering such extremes, it’s important to consider other
dependencies, such as time to reseed after a disk failure, time to restore from
backups when multiple copies of the database are neither deployed nor
available, the ability to meet recovery time objectives in case of an outage or
a disaster, and so on.

Configure User Mailbox in Exchange Server 2013:

While creating new mailbox for the existing active directory user, various mail
attributes are added to user’s object in Active Directory. The diagram below
shows components of Mailbox. If you delete a mailbox from Exchange server,
Page
157
NETWORK ADMINISTRATION CIT-324

the user associated with the mailbox is also deleted from active directory. To
delete only the mailbox and retain user account, just disable the particular
mailbox in Exchange server.

Image Source: Microsoft Enough with the information. Let’s create some
mailboxes now. Open the Exchange Admin center.

Select recipient in features pane. Click mailboxes tab. Click add and select
user mailbox option.

Page
158
NETWORK ADMINISTRATION CIT-324

Choose Existing user option and click browse. This means, mailbox will be
created for user account which is already in active directory. If you want to
create mailbox for user account that is not in active directory then, choose
new user and start filling all the boxes. This process will create user account in
active directory. So it’s the same thing either way.

Page
159
NETWORK ADMINISTRATION CIT-324

Select the user for whom you want to create mailbox. Click OK. As you can
see above, the organization unit is also shown where this user reside. It is
under Management OU> Users OU.

If you want different alias or different SMTP name for this mailbox, then you
can configure it here on alias section. If left blank, the SMTP name will be the
user logon name as explained in my earlier article. Click save to create the
mailbox.

You can now see the mailbox. The SMTP name is DShields@mustbegeek.com
which is also the user logon name. In this way you can create mailbox for active
Page
160
NETWORK ADMINISTRATION CIT-324

directory user. The user can log in to https://mail.mustbegeek.com/owa as I

have already created CNAME record for mail.mustbegeek.com in my internal
DNS server. Now configure external and internal URLs for various services to
be able to access emails properly. But to be able to send and receive emails
you have to configure send and receive connectors.

6.4. MANAGING EXCHANGE SERVER 2013

MAILBOXES AND OTHER EXCHANGE RECIPIENTS

The Team Mailboxes management role enables administrators to define one

or more site mailbox provisioning policies and manage site mailboxes in the
organization. ... This management role is one of several built-in roles in the
Role Based Access Control (RBAC) permissions model in Microsoft Exchange
Server 2013.

Mailboxes are the most common recipient type used by information workers
in an Exchange organization. Each mailbox is associated with an Active
Directory user account. The user can use the mailbox to send and receive
messages, and to store messages, appointments, tasks, notes, and documents.
Use the EAC or the Shell to create user mailboxes. You can also create user
mailboxes for existing users that have an Active Directory user account but
don’t have a corresponding mailbox.

The people and resources that send and receive messages are the core of any
messaging and collaboration system. In an Exchange organization, these
people and resources are referred to as recipients. A recipient is any mail-
enabled object in Active Directory to which Microsoft Exchange can deliver or
route messages.

Exchange recipient types

Exchange includes several explicit recipient types. Each recipient type is

identified in the Exchange Administration Center (EAC) and has a unique value
in the RecipientTypeDetails property in the Exchange Management Shell. The
use of explicit recipient types has the following benefits:
Page
161
NETWORK ADMINISTRATION CIT-324

• At a glance, you can differentiate between various recipient types.

• You can search and sort by each recipient type.
• You can more easily perform bulk management operations for
selected recipient types.
• You can more easily view recipient properties because the EAC uses
the recipient types to render different property pages. For example,
the resource capacity is displayed for a room mailbox, but isn't
present for a user mailbox.

The following table lists the available recipient types. All these recipient types
are discussed in more detail later in this topic.

Recipient type Description

Dynamic A distribution group that uses recipient filters and
distribution conditions to derive its membership at the time
group messages are sent.
A resource mailbox that's assigned to a resource that’s
not location-specific, such as a portable computer,
Equipment projector, microphone, or a company car. Equipment
mailbox mailboxes can be included as resources in meeting
requests, providing a simple and efficient way of using
resources for your users.
A mailbox that's assigned to an individual user in a
Linked mailbox
separate, trusted forest.
A mail-enabled Active Directory contact that contains
information about people or organizations that exist
Mail contact outside the Exchange organization. Each mail contact has
an external email address. All messages sent to the mail
contact are routed to this external email address.
A mail contact that represents a recipient object from
another forest. Mail forest contacts are typically created
Mail forest by Microsoft Identity Integration Server (MIIS)
contact synchronization.

Important Mail Forest contacts are read-only recipient

objects that are updated only through MIIS or similar

Page
162
NETWORK ADMINISTRATION CIT-324

custom synchronization. You can't use the EAC or the

Shell to remove or modify a mail forest contact.

A mail-enabled Active Directory global or local group

object. Mail-enabled non-universal groups were
Mail-enabled
discontinued in Exchange Server 2007 and can exist only
non-universal
if they were migrated from Exchange 2003 or earlier
group
versions of Exchange. You can't use Exchange Server
2013 to create non-universal distribution groups.
Mail-enabled An Exchange public folder that's configured to receive
public folder messages.
A distribution group is a mail-enabled Active Directory
Distribution
distribution group object that can be used only to
groups
distribute messages to a group of recipients.
A mail-enabled security group is an Active Directory
Mail-enabled universal security group object that can be used to assign
security group access permissions to resources in Active Directory and
can also be used to distribute messages.
A special recipient object that provides a unified and
Microsoft well-known message sender that differentiates system-
Exchange generated messages from other messages. It replaces
recipient the System Administrator sender used for system-
generated messages in earlier versions of Exchange.
A resource mailbox that's assigned to a meeting location,
such as a conference room, auditorium, or training room.
Room mailbox Room mailboxes can be included as resources in meeting
requests, providing a simple and efficient way of
organizing meetings for your users.
A mailbox that's not primarily associated with a single
Shared mailbox user and is generally configured to allow access for
multiple users.
A mailbox comprised of an Exchange mailbox to store
Site mailbox email messages and a SharePoint site to store
documents. Users can access both email messages and

Page
163
NETWORK ADMINISTRATION CIT-324

documents using the same client interface. For more

information, see Site mailboxes.
A mailbox that's assigned to an individual user in your
Exchange organization. It typically contains messages,
User mailbox
calendar items, contacts, tasks, documents, and other
important business data.
In hybrid deployments, an Office 365 mailbox consists of
Office 365 a mail user that exists in Active Directory on-premises
mailbox and an associated cloud mailbox that exists in Exchange
Online.
A linked user is a user whose mailbox resides in a
Linked user
different forest than the forest in which the user resides.

Mailboxes

Mailboxes are the most common recipient type used by information workers
in an Exchange organization. Each mailbox is associated with an Active
Directory user account. The user can use the mailbox to send and receive
messages, and to store messages, appointments, tasks, notes, and documents.
Mailboxes are the primary messaging and collaboration tool for the users in
your Exchange organization.

Mailbox components

Each mailbox consists of an Active Directory user and the mailbox data that's
stored in the Exchange mailbox database (as shown in the following figure). All
configuration data for the mailbox is stored in the Exchange attributes of the
Active Directory user object. The mailbox database contains the actual data
that's in the mailbox associated with the user account.

After installing and configuring Exchange 2013 you have to create recipients
to be able to send and receive emails. There are different types of recipients
in Exchange 2013. Different type of recipients is created and used for different
purpose. A recipient is any mail-enabled object in Active Directory. It is
important to understand different types of recipients before you configure
user mailbox in Exchange Server 2013. In this post, I will create user mailbox
of existing user account of active directory.
Page
164
NETWORK ADMINISTRATION CIT-324

Following are different types of recipients in Exchange 2013,

Mailbox: Mailbox recipient can be user mailbox or linked mailbox. User

mailbox is associated with active directory user account. In this post, we will
create a user mailbox. Linked mailbox is associated with user account residing
in separate trusted forest. The diagram below shows components of linked
mailbox.

Groups: Groups can be distribution group, security group and dynamic

distribution group.

Resources: Resources recipient can be equipment mailbox or room mailbox.

These are mostly used for scheduling purpose of the company assets like
meeting room, projectors, etc.

Contacts: Contact recipients can be mailing contact or mail user. Mail contact
is an active directory contact that is mail enabled. Mail user is an active
directory user that can log into active directory domain but has an external
email address.

Shared: With shared recipient, single mailbox can be used by multiple users.

Page
165
NETWORK ADMINISTRATION CIT-324

6.5. PLANNING AND IMPLEMENTING PUBLIC

FOLDER MAILBOXES, ADDRESS LISTS AND POLICIES

In Microsoft Outlook, a public folder is a folder created to share information

with others. The owner of a public folder can set privileges so that only a select
group of users have access to the folder, or the folder can be made available
to everyone on the network who uses the same mail client.

Public folder content can include email messages, posts, documents, and
eForms. The content is stored in the public folder mailbox but isn't replicated
across multiple public folders mailboxes. All users access the same public
folder mailbox for the same set of content.

An address list is a collection of mail-enabled recipient objects from Active

Directory. Address lists are based on recipient filters, and are basically
unchanged from Exchange 2010. You can filter by recipient type (for example,
mailboxes and mail contacts), recipient properties (for example, Company or
State or Province), or both. Address lists aren't static; they're updated
dynamically. When you create or modify recipients in your organization,
they're automatically added to the appropriate address lists. These are the
different types of address lists that are available:

• Global address lists (GALs): The built-in GAL that's automatically

created by Exchange includes every mail-enabled object in the Active
Directory Forest. You can create additional GALs to separate users by
organization or location, but a user can only see and use one GAL.
• Address lists: Address lists are subsets of recipients that are grouped
together in one list, which makes them easier to find by users.
Exchange comes with several built-in address lists, and you can create
more based on your organization's needs.

Page
166
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is the minimum required operating system for installing

Exchange Server 2013?

(a) Windows Server 2008 R2 (b) Windows Server 2012

(c) Windows Server 2012 R2 (d) Windows Server 2016

Q.2: Which version of the .NET Framework is required for Exchange Server
2013?

(a) .NET Framework 3.5 (b) .NET Framework 4.0

(c) .NET Framework 4.5 (d) .NET Framework 4.7

Q.3: What is the maximum number of databases per server supported in

Exchange Server 2013 Standard Edition?

(a) 1 (b) 2

Q.4: In Exchange server 2013, Client access server accessing OAB on

Mailbox server through?

(a) File sharing services (b) Distributed File System

(c) NetBIOS file sharing (d) Exchange Web services

Q.5: abc.com have two Exchange 2013 multirole servers, all users using
outlook 2013 as mail client. If a user, sending a mail to another user
within organization, which transport service, will come first for
inbound mails?

(a) Mailbox transport submission service

(b) Mailbox transport Delivery service

(c) Transport service (d) Front End transport service

Page
167
NETWORK ADMINISTRATION CIT-324

Q.6: What is the default value of Maximum number of recipients per

message for Client proxy receive connector on mailbox server in
Exchange server 2013.

(a) 500 (b) 200

(c) 5000 (c) 250

Q.7: Which Exchange Server 2013 role is responsible for routing email
within the organization?

(a) Mailbox server (b) Client Access server

(c) Edge Transport server (d) Hub Transport server

Q.8: Which Exchange Server 2013 role is responsible for hosting user
mailboxes?

(a) Mailbox server (b) Client Access server

(c) Edge Transport server (d) Hub Transport server

Q.9: Which of the following is not a supported client protocol in Exchange

Server 2013?

(a) POP3 (b) IMAP4

(c) SMTP (d) RPC over HTTP

Q.10: Which administration tool is used for managing Exchange Server 2013
from a remote computer?

(a) Exchange Management Console (b) Exchange Control Panel (ECP)

(c) Exchange Management Shell (d) Exchange Admin Center (EAC)

Q.11: Which role in Exchange Server 2013 is responsible for securing email
communication between the organization and external entities?

(a) Mailbox server (b) Client Access server

(c) Edge Transport server (d) Hub Transport server

Page
168
NETWORK ADMINISTRATION CIT-324

Q.12: What is the primary function of the Mailbox server role in Exchange
Server?

(a) Routing email within the organization

(b) Hosting user mailboxes

(c) Securing email communication with external entities

(d) Providing remote access to Exchange services

Q.13: Which component of Exchange Server stores user mailbox data? a.

Mailbox server b. Client Access server c. Edge Transport server d. Hub
Transport server

(a) Mailbox server (b) Client Access server

(c) Edge Transport server (d) Hub Transport server

Q.14: What is the maximum recommended number of mailboxes per

Mailbox server in Exchange Server? a. 5,000 b. 10,000 c. 20,000 d.
50,000

(a) 5000 (b) 10000

(c) 20000 (d) 50000

Q.15: Which database technology is commonly used by Exchange Server to

store mailbox data?

(a) SQL Server (b) MySQL

(c) Exchange Database Engine (ESE) (d) NoSQL

Q.16: Which protocol is commonly used for client access to Exchange Server
mailboxes?

(a) POP3 (b) IMAP4

(c) SMTP (d) MAPI

Page
169
NETWORK ADMINISTRATION CIT-324

Q.17: What is the purpose of the Exchange Information Store service on the
Mailbox server?

(a) Handling inbound and outbound mail flow

(b) Authenticating client connections

(c) Storing and retrieving mailbox data

(d) Managing email security and encryption

Q.18: Which version of Exchange Server introduced the concept of Database

Availability Groups (DAGs)?

(a) Exchange Server 2007 (b) Exchange Server 2010

(c) Exchange Server 2013 (d Exchange Server 2016

Q.19: What is the purpose of the Exchange Replication service on the

Mailbox server? a. Managing mailbox permissions b. Synchronizing
mailbox data between database copies c. Archiving mailbox data d.
Routing email between Mailbox servers

(a) Managing mailbox permissions

(b) Synchronizing mailbox data between database copies

(c) Archiving mailbox data (d) Routing email between Mailbox

servers

Q.20: This server role host both mailbox and public folder databases and also
provides email message storage?

(a) Client Server (b) Mailbox Server

(c) Both a & b (d) None of these

ANSWER KEY
Page
170
NETWORK ADMINISTRATION CIT-324

Q.1 (a) Q.2 (c) Q.3 (c) Q.4 (c) Q.5 (d)
Q.6 (b) Q.7 (d) Q.8 (a) Q.9 (c) Q.10 (d)
Q.11 (c) Q.12 (b) Q.13 (a) Q.14 (c) Q.15 (c)
Q.16 (d) Q.17(c) Q.18 (b) Q.19 (b) Q.20 (b)

Short Questions

1. What is Exchange Server?

2. What are the new features in MS Exchange 2013??
3. What are the roles in MS exchange 2013?
4. What is the role of Mailbox server?
5. How many types of delivery groups found in MS Exchange 2013?
6. How message is delivered to the mailbox database in Exchange 2013?
7. How the flow of the mail is tracked in MS Exchange 2013?
8. What is Exchange 2013 Architecture?
9. Why Exchange 2013 architecture has been changed with two server
roles?
10. What is the minimum RAM for Exchange 2013?
11. What are Exchange Server types?
12. What is the role of Exchange Server?
13. Where is located Exchange Server?
14. What are the benefits of Exchange Server?
15. Is Exchange Server is a database?

Long Questions

1. Explain the Exchange 2013 Architecture?

2. Explain the key features and functionality of Exchange Server 2013?
3. Explain the Mailbox Server Role?
4. Explain Mail server key functions, components, and capabilities?
Page
171
NETWORK ADMINISTRATION CIT-324

Page
172
NETWORK ADMINISTRATION CIT-324

CHAPTER 07 MANAGING EXCHANGE

SERVER

Objectives
After completion of this chapter students will be able to:

7.1 The Exchange Management Shell

7.2 Role-based access control
7.3 Mailbox management
7.4 Addressing Exchange

WHAT IS Microsoft Exchange Server (MXS):

In the 1990s, email evolved into a business-critical application, leading to the

development of user-friendly enterprise solutions with improved features and
connectivity. The most current version, Microsoft Exchange Server 2013,
allows a user to deliver email, contacts and calendar to a PC, mobile device or
browser.

MXS features include:

• Outlook Web App: Helps users access voicemail, email, SMS texts,
instant messaging (IM) and more via standard browsers
• Exchange ActiveSync: Allows mobile users to access a universal inbox
with voicemail, email, IM and smartphone messages
• Retention, Discovery and Email Archiving: Help reduce expenditures
and simplify the maintenance of business communication processes
• Backup and Disaster Recovery: Features a unified solution for disaster
recovery and backup by offering an automatic, quick, database-level
recovery from server, database and network failures.

Page
173
NETWORK ADMINISTRATION CIT-324

• Deployment Flexibility: Can be deployed in the cloud, on premise or

both
• Sensitive Content Monitoring: Can be used to track sensitive email
content and prevent illegal content distribution
• Voicemail: Provides users with single inbox access to email and
voicemail, both of which can be managed from a single platform
• Advanced Protection: Employs several integrated encryption and anti-
spam technologies and sophisticated anti-virus solutions.
• Always-On: Facilitates quicker failover times and multiple volume
support, as well as a monitoring system that enables automated failure
recovery
• Exchange Administration Center: Allows administrators to delegate
server permissions and access based on job function without granting
total access to the management interface.

7.1. THE EXCHANGE MANAGEMENT SHELL

Microsoft Exchange Management Shell (EMS) is a scripting platform with a

command line interface that enables administrators to manage Exchange
Server. EMS is built on top of Microsoft PowerShell, a command line shell that
allows administrators to perform administrative tasks with simple noun-verb
commands called cmdlets. EMS processes commands as instances of .NET
classes and objects.

Administrators can use EMS to perform any administrative task normally

performed in the Exchange Management Console (EMC) in Exchange 2007 and
Exchange 2010, as well as any task typically performed in the Exchange
Administration Center (EAC) in Exchange Server 2013. The EMS also allows
administrators to complete many tasks not made available through the EMC
or EAC. Microsoft strongly suggests that working knowledge of the EMS is
critical for Exchange administrators because it will be Microsoft's preferred
administrative tool moving forward.

Page
174
NETWORK ADMINISTRATION CIT-324

PowerShell has become the preferred tool for managing Microsoft server
products. Sysadmins can take full advantage of PowerShell to manage roles
and perform routine management tasks. By using the command line,
sysadmins are able to:

• Create a mailbox
• Configure a receive connector
• Generate a custom report
• Manage Distribution Group members, permissions, and group types
• Manage Exchange Services.

Exchange Management Shell

To configure your Exchange server using the Exchange Management Shell

console. What is it? EMS (Exchange Management Shell) is based on Microsoft
Windows PowerShell, which provides a powerful command-line interface for
executing and automating administrative tasks. With the Exchange
Management Shell, you can manage every aspect of Exchange Server 2016.

How to run the Exchange Management Shell?

Let’s take a look at a couple of ways that you can use the EMS in a scripting
environment. When you install an Exchange Server, you get the Exchange tools
installed along with it which give you the EMS.

7.2. ROLE-BASED ACCESS CONTROL

In computer systems security, role-based access control (RBAC) is an approach

to restricting system access to authorized users. RBAC is sometimes referred
to as role-based security. Role-based-access-control (RBAC) is a policy neutral
access control mechanism defined around roles and privileges.

Role-based access control (RBAC) is a method of access security that is based

on a person’s role within a business. Role-based access control is a way to
provide security because it only allows employees to access information, they
Page
175
NETWORK ADMINISTRATION CIT-324

need to do their jobs, while preventing them from accessing additional

information that is not relevant to them. An employee's role determines the
permissions he or she is granted and ensures that lower-level employees are
not able to access sensitive information or perform high-level tasks.

Explanation Role-Based Access Control (RBAC)

In RBAC, there are three rules:

• A person must be assigned a certain role in order to conduct a certain

action, called a transaction.
• A user needs a role authorization to be allowed to hold that role.
• Transaction authorization allows the user to perform certain
transactions. The transaction has to be allowed to occur through the
role membership. Users won’t be able to perform transactions other
than the ones they are authorized for.

All access is controlled through roles that people are given, which is a set of
permissions. An employee's role determines what permissions he or she is
granted. For example, a CEO will be given the role of CEO and have any
permissions associated with that role, while network administrators will be
given the role of network administrator and will have all the permissions
associated with that role.

Page
176
NETWORK ADMINISTRATION CIT-324

What if an end-user's job changes? You may need to manually assign their role
to another user, or you can also assign roles to a role group or use a role
assignment policy to add or remove members of a role group.

Some of the designations in an RBAC tool can include:

• Management role scope – it limits what objects the role group is

allowed to manage.
• Management role group – you can add and remove members.
• Management role – these are the types of tasks that can be performed
by a specific role group.
• Management role assignment – this links a role to a role group.

By adding a user to a role group, the user has access to all the roles in that
group. If they are removed, access becomes restricted. Users may also be
assigned to multiple groups in the event they need temporary access to certain
data or programs and then removed once the project is complete.

Other options for user access may include:

• Primary – the primary contact for a specific account or role.

• Billing – access for one end-user to the billing account.
• Technical – assigned to users that perform technical tasks.
• Administrative – access for users that perform administrative tasks.

Page
177
NETWORK ADMINISTRATION CIT-324

Benefits of RBAC

Managing and auditing network access is essential to information security.

Access can and should be granted on a need-to-know basis. With hundreds or
thousands of employees, security is more easily maintained by limiting
unnecessary access to sensitive information based on each user’s established
role within the organization. Other advantages include:

Reducing administrative work and IT support. With RBAC, you can reduce the
need for paperwork and password changes when an employee is hired or
changes their role. Instead, you can use RBAC to add and switch roles quickly
and implement them globally across operating systems, platforms and
applications. It also reduces the potential for error when assigning user
permissions. This reduction in time spent on administrative tasks is just one of
several economic benefits of RBAC. RBAC also helps to more easily integrate
third-party users into your network by giving them pre-defined roles.

Maximizing operational efficiency. RBAC offers a streamlined approach that is

logical in definition. Instead of trying to administer lower-level access control,
all the roles can be aligned with the organizational structure of the business
and users can do their jobs more efficiently and autonomously.

Improving compliance. All organizations are subject to federal, state and local
regulations. With an RBAC system in place, companies can more easily meet
statutory and regulatory requirements for privacy and confidentiality as IT
departments and executives have the ability to manage how data is being
accessed and used. This is especially significant for health care and financial
institutions, which manage lots of sensitive data such as PHI and PCI data.

Best Practices for Implementing RBAC

Implementing a RBAC into your organization shouldn’t happen without a great

deal of consideration. There are a series of broad steps to bring the team
onboard without causing unnecessary confusion and possible workplace
irritations. Here are a few things to map out first.

• Current Status: Create a list of every software, hardware and app that
has some sort of security. For most of these things, it will be a
Page
178
NETWORK ADMINISTRATION CIT-324

password. However, you may also want to list server rooms that are
under lock and key. Physical security can be a vital part of data
protection. Also, list the status of who has access to all of these
programs and areas. This will give you a snapshot of your current data
scenario.
• Current Roles: Even if you do not have a formal roster and list of roles,
determining what each individual team member does may only take a
little discussion. Try to organize the team in such a way that it doesn’t
stifle creativity and the current culture (if enjoyed).
• Write a Policy: Any changes made need to be written for all current and
future employees to see. Even with the use of a RBAC tool, a document
clearly articulating your new system will help avoid potential issues.
• Make Changes: Once the current security status and roles are
understood (not to mention a policy is written), it’s time to make the
changes.
• Continually Adapt: It’s likely that the first iteration of RBAC will require
some tweaking. Early on, you should evaluate your roles and security
status frequently. Assess first, how well the creative/production
process is working and secondly, how secure your process happens to
be.

A core business function of any organization is protecting data. An RBAC

system can ensure the company's information meets privacy and
confidentiality regulations. Furthermore, it can secure key business processes,
including access to IP, that affect the business from a competitive standpoint.

7.3. MAILBOX MANAGEMENT

A Microsoft Exchange 2013 site mailbox is an Exchange 2013 feature that helps
facilitate collaboration between SharePoint 2013 users. Introduced in the
Exchange Server 2013 release, site mailboxes give users access to both
Exchange email and SharePoint documents through Microsoft Outlook 2013.

Page
179
NETWORK ADMINISTRATION CIT-324

When you create a new user mailbox, you can’t use an apostrophe (') or a
quotation mark (") in the alias or the user logon name because these
characters aren’t supported. Although you might not receive an error if you
create a new mailbox using unsupported characters, these characters can
cause problems later. For example, users that have been assigned access
permissions to a mailbox that was created using an unsupported character
may experience problems or unexpected behavior.

Change user mailbox properties

Use the EAC to change user mailbox properties

1. In the EAC, navigate to Recipients > Mailboxes.

2. In the list of user mailboxes, click the mailbox that you want to change
the properties for, and then click Edit .
3. On the mailbox properties page, you can change any of the following
properties.

• General
• Mailbox Usage
• Contact Information
• Organization
• Email Address
• Mailbox Features
• Member Of
• MailTip
• Mailbox Delegation

Page
180
NETWORK ADMINISTRATION CIT-324

7.4. ADDRESSING EXCHANGE

Recipients (which include users, resources, contacts, and groups) are any mail-
enabled object in Active Directory to which Microsoft Exchange can deliver or
route messages. For a recipient to send or receive email messages, the
recipient must have an email address. Email address policies generate the
primary and secondary email addresses for your recipients so they can receive
and send email.

By default, Exchange contains an email address policy for every mail-enabled

user. This default policy specifies the recipient's alias as the local part of the
email address and uses the default accepted domain. The local part of an email
address is the name that appears before the at sign (@). However, you can
change how your recipients' email addresses will display. For example, you can
specify that the addresses display as firstname.lastname@contoso.com.

Furthermore, if you want to specify additional email addresses for all

recipients or just a subset, you can modify the default policy or create
additional policies. For example, the user mailbox for David Hamilton can
receive email messages addressed to hdavid@mail.contoso.com and
hamilton.david@mail.contoso.com.

Page
181
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is the recommended management tool for Exchange Server

administration?

(a) Exchange Admin Center (EAC)

(b) Exchange Management Console (EMC)

(c) Exchange Control Panel (ECP)

(d) Exchange Management Shell (EMS)

Q.2: Which tool is commonly used for managing Exchange Server through a
command-line interface?

(a) Exchange Admin Center (EAC)

(b) Exchange Management Console (EMC)

(c) Exchange Control Panel (ECP)

(d) Exchange Management Shell (EMS)

Q.3: Which management role group in Exchange Server grants full

administrative access to all Exchange features and configuration
settings?

(a) Organization Management (b) Recipient Management

(c) Help Desk (c) View-Only Organization Management

Q.4: Which management role group in Exchange Server allows users to

manage their own mailbox settings and distribution groups?

(a) Organization Management (b) Recipient Management

(c) Help Desk (c) View-Only Organization Management

Q.5: Which management interface provides a web-based graphical user

interface (GUI) for Exchange Server administration?
Page
182
NETWORK ADMINISTRATION CIT-324

(a) Exchange Admin Center (EAC)

(b) Exchange Management Console (EMC)

(c) Exchange Control Panel (ECP)

(d) Exchange Management Shell (EMS)

Q.6: Which PowerShell cmdlet is used to create a new mailbox in Exchange

Server?

(a) New-ExchangeServer (b) New-ExchangeMailbox

(c) New-MailboxDatabase (d) New-Mailbox

Q.7: Which PowerShell cmdlet is used to remove a mailbox from Exchange

Server?

(a) Remove-ExchangeServer (b) Remove-ExchangeMailbox

(c) Remove-MailboxDatabase (d) Remove-Mailbox

Q.8: Which PowerShell cmdlet is used to manage email transport rules in

Exchange Server?

(a Set-ExchangeServer (b) Set-ExchangeMailbox

(c) Set-TransportRule (d) Set-Mailbox

Q.9: Which PowerShell cmdlet is used to create a new mailbox in Exchange

Server?

(a) New-Mailbox (b) Set-Mailbox

(c) Enable-Mailbox (d) Add-Mailbox

Q.10: What is the default mailbox size limit for a user mailbox in Exchange
Server?

(a) 1 GB (b) 2 GB

Page
183
NETWORK ADMINISTRATION CIT-324

Q.11: Which management role group in Exchange Server grants permissions

to manage mailbox databases?

(a) Organization Management (b) Recipient Management

(c) Database Management (d) Help Desk

Q.12: Which PowerShell cmdlet is used to set mailbox storage quotas in

Exchange Server?

(a) Set-MailboxDatabase (b) Set-MailboxQuota

(c) Set-MailboxDatabaseQuota (d) Set-MailboxStorageQuota

Q.13: Which attribute is commonly used to uniquely identify a mailbox in

Exchange Server?

(a) Alias (b) Display Name

(c) User Principal Name (UPN) (d) SMTP Address

Q.14: Which PowerShell cmdlet is used to disable a mailbox in Exchange

Server?

(a) Disable-Mailbox (b) Remove-Mailbox

(c) Disable-UserMailbox (d) Remove-UserMailbox

Q.15: Which management role group in Exchange Server grants permissions

to manage mailbox permissions and distribution groups?

(a) Organization Management (b) Recipient Management

(c) Help Desk (c) View-Only Organization Management

ANSWER KEY

Q.1 (a) Q.2 (d) Q.3 (a) Q.4 (b) Q.5 (a)
Q.6 (d) Q.7 (d) Q.8 (c) Q.9 (c) Q.10 (c)

Page
184
NETWORK ADMINISTRATION CIT-324

Q.11 (c) Q.12 (b) Q.13 (a) Q.14 (a) Q.15 (b)

Short Questions

1. What is exchange management shell?

2. What is Exchange Management Console used for?
3. How do I connect to Exchange management Shell from PowerShell?
4. What is role-based network access control?
5. Write the examples of role-based access control?
6. Why is role Base access control being Important?
7. What are the three types of access control?
8. What is advantage and disadvantages of RBAC?
9. What is role-based access to application?
10.What is the limitation of role-based access control?
11.What is mailbox management in networking?
12.Why is mailbox management important?
13.What are the functions of mail management?
14.What are mailbox types?
15.How many exchanges server is there?

Long Questions

1. Explain the Exchange Management Shell?

2. Explain how to apply the Role-based access control?
3. Explain how the Mailbox management is applied?
4. Explain addressing technique in MS Exchange?

Page
185
NETWORK ADMINISTRATION CIT-324

Page
186
NETWORK ADMINISTRATION CIT-324

CHAPTER 08 MICROSOFT THREAT

MANAGEMENT GATEWAY SERVER (TMG)

Objectives
After completion of this chapter students will be able to:

8.1 Installation of TMG Standard Edition and Enterprise Edition

8.2 Enabling Access to Internet Resources
8.3 Configuring TMG as a Firewall, Advanced Application and Web Filtering
8.4 Integrating TMG and Microsoft Exchange Server 2013

Microsoft Threat Management Gateway Server (TMG):

Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly

known as Microsoft Internet Security and Acceleration Server (ISA Server), is
a network router, firewall, antivirus program, VPN server and web cache from
Microsoft Corporation.

Forefront TMG 2010 has been built on top of the core capabilities delivered in
Microsoft Internet Security and Acceleration (ISA) Server 2004/2006 in order
to deliver a comprehensive, enhanced and integrated network security
gateway. Forefront TMG provide additional protection capabilities to help
secure the corporate network from external/Internet-based threats. Forefront
TMG 2010 prevent abuse of networks from internal and external entity.
Forefront provide more management capabilities in terms security and
protection. Forefront TMG 2010 is available in Standard Edition and Enterprise
Edition. Standard version does not support Array/NLB/CARP support and
Enterprise Management. For E-mail Protection each version requires Exchange
license.
Page
187
NETWORK ADMINISTRATION CIT-324

Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly

known as Microsoft Internet Security and Acceleration Server (ISA Server), is a
network router, firewall, antivirus program, VPN server and web
cache from Microsoft Corporation. It runs on Windows Server and works by
inspecting all network traffic that passes through it.

Features Microsoft Forefront TMG

Microsoft Forefront TMG offers a set of features which include:

1. Routing and remote access features: Microsoft Forefront TMG can act
as a router, an Internet gateway, a virtual private network(VPN) server,
a network address translation (NAT) server and a proxy server.
2. Security features: Microsoft Forefront TMG is a firewall which can
inspect network traffic (including web contents, secure web
contents and emails) and filter out malware, attempts to exploit
security vulnerabilities and content that does not match a predefined
security policy. In technical sense, Microsoft Forefront TMG
offers application layer protection, stateful filtering, content
filtering and anti-malware protection.
3. Network performance features: Microsoft Forefront TMG can also
improve network performance: It can compress web traffic to improve
communication speed. It also offers web caching: It can cache
frequently-accessed web contents so that users can access them faster
from the local network cache. Microsoft Forefront TMG 2010 can also
cache data received through Background Intelligent Transfer Service, such
as updates of software published on Microsoft Update website.

8.1. INSTALLATION OF TMG STANDARD EDITION

AND ENTERPRISE EDITION

The TMG is one of the several pieces of software that comprise the Forefront
Stirling collection of products. You can download all of the them, or just the

Page
188
NETWORK ADMINISTRATION CIT-324

TMG. The TMG will work fine without Stirling, but Stirling is something that
you definitely want to get to know about in the future.
Double click the file you downloaded. You’ll see the Welcome to the Welcome
to the Install Shield Wizard for the Forefront Threat Management
Gateway page. Click Next.

Install the files to the default location, which is C:\Program Files (x86)\
Microsoft ISA Server. Click Next

Page
189
NETWORK ADMINISTRATION CIT-324

The files will be extracting in Figure 2. The files will be extracted to that
location.

Click Finish when the extraction finishes.

Page
190
NETWORK ADMINISTRATION CIT-324

Go to the C:\Program Files (x86)\Microsoft ISA Server folder and double click
the ISA Auto run .exe file.

This opens up the Microsoft Forefront TMG 270-Day Evaluation Setup dialog
box. Click the Install Forefront TMG link.

Page
191
NETWORK ADMINISTRATION CIT-324

This bring up the Welcome to the Installation Wizard for Microsoft Forefront
Threat Management Gateway page. Click Next.

Page
192
NETWORK ADMINISTRATION CIT-324

On the License Agreement page, select the I accept the terms in the license
agreement option and click next. Notice that license agreement still contains
the old code name of the product, which was Nitrogen.

On the Customer Information page, enter your User Name and Organization.
The Product Serial Number will be filled in for you. Click Next.

Page
193
NETWORK ADMINISTRATION CIT-324

Here we see a new setup option that wasn’t available in previous version of
the product. On the Setup Scenarios page, you have the option to install the
Forefront TMG or install only the TMG Management console. In this example
we’re installing the entire product, so we’ll select Install Forefront Threat
Management Gateway and click next.

On the Component Selection page, you have the options to install the TMG
firewall software, the TMG management console, and the CSS. Yes, you guess
it. There are no more Standard and Enterprise editions of the ISA firewall. The
TMG will be sold as a single edition and this single edition uses the CSS, even
if you have only a single member TMG array. However, you will be able to
create arrays using the TMG. However, that functionality is not available with
this version of the TMG and will be available in later betas.
In this example we’ll install all of these options in the default folder (we need
to install in the default folder for this version of the TMG). Click Next.

Page
194
NETWORK ADMINISTRATION CIT-324

It looks like I have a problem here. While the machine is a member of the
domain, I forgot to log on with a user account that is a domain member. In
order to install the TMG, you must be logged on as a domain user that has local
administrator privileges on the TMG machine.

Looks like I’m going to have to restart the installation. We’ll pick up where we
left off after I log off and log on again and restart the installation.

Page
195
NETWORK ADMINISTRATION CIT-324

Now that I’m logged on as a domain user with local admin privileges, we pick
up the installation process on the Internal Network page. If you’re installed
the ISA Firewall, you’ll recognize this page from previous version of the ISA
Firewall. This is where you define the default internal network. In almost all
cases you should select the Add Adapter option, since this will define your
default internal network based on the routing table configured on the ISA
Firewall. However, one thing I don’t know is if I change the configuration of
the routing table on the ISA Firewall if the definition of the default Internal
Network will automatically change. I’ll bet a quarter that it doesn’t, but it’s
something we’ll have to check into in the future.

Page
196
NETWORK ADMINISTRATION CIT-324

The Internal Network page now shows the definition of the default Internal
Network. Click Next.

Page
197
NETWORK ADMINISTRATION CIT-324

The Services Warning page informs you that the SNMP Service, the IIS Admin
Service, the World Wide Web Publishing Service and the Microsoft
Operations Manager Service will all be restarted during the installation. It’s
unlikely that you’ll have already installed the Web server role on this machine,
so you don’t need to worry about the IIS Admin Service or the World Wide
Web Publishing Service, but you should be aware of the SNMP and Microsoft
Operation Manager Service restart. Remember, TMG will install and configure
IIS 7 for you.

Page
198
NETWORK ADMINISTRATION CIT-324

Click Install on the Ready to Install the Program page.

The progress bar shows you the installation progress. Here you can see the CSS
being installed.

Page
199
NETWORK ADMINISTRATION CIT-324

It worked! The Installation Wizard Completed page shows the installation has
completed successfully. Put a checkmark in the Invoke Forefront TMG
Management when the wizard closes checkbox. Click Finish.

At this point you’ll see the Protect the Forefront TMG Server Web page. Here
you’re provided information on turning on Microsoft Update, running the ISA
BPA, and reading the Security and Protection Section in the Help file. One
thing I can tell you about the Help File so far is that they’ve done a fantastic
job at upgrading its content. There is much more information, and much more
real world deployment information included with the new and improved Help
File. I recommend that you spend some time reading the Help file. I guarantee
that even if you’re a seasoned ISA Firewall admin, the TMG Help File is going
to provide you some new insights.

Page
200
NETWORK ADMINISTRATION CIT-324

After the initial installation is complete, you’ll see the new Getting Started
Wizard. The Getting Started Wizard is new with the TMG and wasn’t available
in the previous versions of the ISA Firewall. There are three basic wizards
included in the Getting Started Wizard, and an optional fourth one that we’ll
see when we finish the first three.
The first wizard is the Configure network settings wizard. Click the Configure
network settings link on the Getting Started Wizard page.

Page
201
NETWORK ADMINISTRATION CIT-324

On the Welcome to the Network Setup Wizard, click Next.

On the Network Template Selection page, select the network template that
you want to apply to the TMG. These are the same network templates that
Page
202
NETWORK ADMINISTRATION CIT-324

were available with previous versions of the ISA Firewall. Click on each of the
options and read the information provided on the lower part of the page.
In this example, we’ll use the preferred template, which is the Edge
firewall template. Click Next.

On the Local Area Network (LAN) Settings page, you are given the opportunity
to configure IP addressing information on the LAN interface. First, you select
the NIC that you want to be the LAN interface on the ISA Firewall by clicking
the drop-down menu for Network adapter connect to the LAN. The IP
addressing information for this NIC will appear automatically. You can make
changes to the IP addressing information here. Also, you can create additional
static routes by clicking the Add button.
One thing I don’t know is what changes on this page will do to the definition
of the default Internal Network. Suppose I configured the default Internal
Network to be 10.0.0.0-10.0.0.255 but then decided to change the IP address
on the internal interface on this page so that the was on a different network
ID. Will the definition of the default Internal Network change? What if I add a
static route on the internal interface of the TMG? Will this change be reflected
in the definition of the default Internal Network? I don’t know, but it’s
something to investigate in the future.

Page
203
NETWORK ADMINISTRATION CIT-324

I won’t make any changes on this page as I had already set up the internal
interface with the IP addressing information I required. Click Next.

The Internet Settings page allows you to configure IP addressing information

on the external interface of the TMG firewall. Like the last page, you select the
NIC that you want to represent the external interface by clicking the Network
adapter connected to the Internet drop down list. Also like the last page, you
can change the IP addressing information. Since I already configured the
external interface with the IP addressing information, I wanted it to have, I’ll
make no changes here. Click Next.

Page
204
NETWORK ADMINISTRATION CIT-324

The Completing the Network Setup wizard page shows you the results of your
changes. Click Finish.

This takes you back to the Getting Started Wizard page. The next wizard is
the Configure system settings wizard. Click the Configure system
settings link.

Page
205
NETWORK ADMINISTRATION CIT-324

Click Next on the Welcome to the System Configuration Wizard page.

The Host Identification page asks you about the host name and domain
membership of the TMG firewall. In this example, it has automatically
detected the host name of the machine, which is TMG2009. The wizard has
also identified the domain membership of the machine. I suspect that this
wizard will allow you to join a domain if you haven’t yet done so, and to leave
the domain if you want to. Also, if the machine is a workgroup member, you
have the opportunity to enter a primary DNS suffix that the ISA Firewall can
use to register in your domain DNS, if you have DDNS enabled and you don’t
require secure DDNS updates.
Since I have already configured this machine as a domain member, I don’t
need to make any changes on this page. Click Next.

Page
206
NETWORK ADMINISTRATION CIT-324

That’s it for the System Configuration Wizard. Click Finish on the Completing
the System Configuration Wizard page.

One more wizard on the Getting Started Wizard page. Click the Define
deployment options link.

Page
207
NETWORK ADMINISTRATION CIT-324

Click Next on the Welcome to the Deployment Wizard page.

On the Microsoft Update Setup page, you have to the options Use the
Microsoft Update service to check for updates and I do not want to use
Microsoft Update Service. Note that not only does the TMG use the Microsoft
Update service to update the OS and the TMG firewall software, it also uses it
to check for malware definitions, which is does several times a day (by default,

Page
208
NETWORK ADMINISTRATION CIT-324

every 15 minutes). Since one of the major advantages of using an Microsoft

firewall over other firewalls is the excellent auto-update feature, we’ll go
ahead and using the Microsoft Update site. Click Next.

On the Definition Update Settings page, you select whether you want the
TMG firewall to check and install, check only or do nothing with malware
inspection updates. You can also set the polling frequency, which is set at
every 15 minutes by default. However, you can set the updates to be
downloaded once a day, and then configure the time of day when you want
those updates installed. Click Next.

Page
209
NETWORK ADMINISTRATION CIT-324

On the Customer Feedback page, choose whether or not you want to provide
anonymous information to Microsoft on your hardware configuration and how
the product is used. No information shared with Microsoft can be used to
identify you, and no private information is released to Microsoft. I figure I
share my name, birth date, social security number, drivers license number and
address with my bank, and I trust Microsoft a lot more than I trust my bank,
given the bank’s requirements to share information with the Federal
Government. So sharing this technical information with Microsoft is a no-
brainer, and it helps make the product more stable and secure. Select Yes, I
am willing to participate anonymously in the Customer Experience
Improvement Program (recommended) option.

Page
210
NETWORK ADMINISTRATION CIT-324

On the Microsoft Telemetry Service page, you can configure your level of
membership in the Microsoft Telemetry service. The Microsoft Telemetry
Service helps protect against malware and intrusion by reporting information
to Microsoft about potential attacks, which Microsoft uses to help identify
attack patterns and improve precision and efficiency of threat mitigations. In
some instances, personal information might be inadvertently sent to
Microsoft, but Microsoft will not use this information to identify or contact
you. It’s hard to determine what kind of personal information might be sent,
but since I’m in the habit of trusting Microsoft, I’ll select the Join with an
advanced membership option. Click Next.

Page
211
NETWORK ADMINISTRATION CIT-324

The Completing the Deployment Wizard page shows the choices you made.
Click Finish.

That’s it! You’re done with the Getting Started Wizard. But that doesn’t mean
that you’re done. If you put a checkmark in the Run the Web Access
wizard checkbox, the Web Access Wizard will start. Let’s put a checkmark
there and see what happens.

Page
212
NETWORK ADMINISTRATION CIT-324

This starts the Welcome to the Web Access Policy Wizard. Since this is a new
way of creating TMG firewall policies, I think we’ll wait until the next article to
get into the details of this wizard. It seems that the TMG will allow you to
configure Web Access Policy in a way that’s a bit different than how we did it
with previous versions of the ISA Firewall, so I want to make sure we have an
article dedicated to this feature.

Page
213
NETWORK ADMINISTRATION CIT-324

Now that installation is complete, we can see the new console. If you look at
the left pane of the console, you’ll see that there aren’t any nested nodes,
which makes navigation a bit easier. Also, we see a new node,
the Update Center node. This is where you can get information about updates
to the anti-malware feature of the TMG, and also find out when the malware
updates where installed.

Page
214
NETWORK ADMINISTRATION CIT-324

After installation completed, I found that there were some errors. But this
might be related to the fact that the TMG didn’t work at all after the
installation was complete. I was able to solve this problem by restarting the
computer. I’m not sure if there is related to running the TMG firewall on
VMware Virtual Server, or if this is a beta bug.

Taking a look at the Initial Configuration Tasks you can see that a number of
roles and services were installed on this computer as part of the TMG
installation. These include:
• Active Directory Lightweight Directory Services (ADAM)
• Network Policy and Access Services (required for RRAS and VPN)

Page
215
NETWORK ADMINISTRATION CIT-324

• Web Server (IIS) (required for SQL reporting services and TMG reporting)
• Network Load Balancing Services (required for NLB support)
• Remote Server Administration Tools (don’t know why these were installed)
• Windows Process Activation Service (most likely secondary to the Web
server role requirements)

Page
216
NETWORK ADMINISTRATION CIT-324

8.2. ENABLING ACCESS TO INTERNET RESOURCES

The challenges of improving Internet growth are multifaceted and

interrelated, particularly in developing countries. They include, for example,
access to technical skills and knowledge, the regulatory and policy
environment for information and telecommunications services, and broader
economic and market factors, language diversity, and the diffusion and
reliability of basic infrastructures and services.

Technical Capacity Building

For the Internet to grow and be sustainable, network operators need the
technical capacity necessary to build, maintain, and protect networks, as well
as make informed choices about new infrastructure implementations and
methodologies. With Internet technology changing rapidly, capacity building
needs to be an ongoing process and local information-sharing mechanisms
must be in place to sustain knowledge transfer beyond classroom trainings.
Internet Society’s technical capacity building programmed goals are to:

• Train network operators on basic and advanced internetworking skills

and techniques.

• Build regional and functional operator communities that can maximize

knowledge, experience, and skills transfer and problem solving.

• Foster technical leadership within communities that sustain and

advance local capacity and more fully participate in regional and global
Internet technical and governance forums.

Policy, Regulation, and the Access Environment

Regulatory impediments to internetworking, onerous licensing requirements

and other regulatory and policy factors can slow or prevent Internet growth.
Internet Society’s goals for the Policy, Regulation, and the Access Environment
programmed are to:

Page
217
NETWORK ADMINISTRATION CIT-324

• Encourage policymakers at the national and international levels to

adopt ICT policies and positions that promote the expansion and reach
of Internet infrastructure on a national and global basis.

• Facilitate the elimination or revision of national Internet and

telecommunications regulatory impediments to Internet growth.

• Educate policymakers on contemporary Internet issues in order to

promote sound decision making.

• Educate policymakers and regulators on the broader economic/market

and social factors that impact Internet development.

Enabling Access for Under-served Communities

Under-served communities – including people that use non-Latin language

scripts, people with disabilities, and geographically remote and dispersed
communities – face additional challenges in accessing the Internet. Internet
Society will work towards enabling access to the Internet by under-served
communities with goals to:

• Advance the development and distribution of technologies that support

the use non-Latin language scripts on the Internet (in a manner that
upholds the overall end-to-end connectivity of the network).

• Advance the development of technologies and the business case for

facilitating the use of the Internet by people with disabilities.

• Educate policymakers and industry on the challenges, needs,

technologies, and opportunities of increasing Internet access to these
communities.

Page
218
NETWORK ADMINISTRATION CIT-324

8.3. CONFIGURING TMG 2010 FIREWALL WITH

MULTIPLE NICS IN ENTERPRISE NETWORK

As we know that from ISA 2004, multi-networking is supported. Multi-

networking means that you can configure multiple networks on ISA Server,
and then configure network and access rules that inspect and filter all network
traffic among all networks. Here, we will configure multi-networking in TMG
2010 Firewall and it will remain same as in ISA Server 2004/2006.When we
enable multiple networks in TMG 2010 Firewall; we must configure network
rules that define how network packets will be passed between networks or
between computers. For this, we should familiar with Network Rules of TMG
2010.Network rules determine network relationships between two networks
where networking relationships can be NAT or ROUTE.

ROUTE Connection:
▪ A route relationship is bidirectional
▪ If a routed relationship is defined from Branch to Internal network,
a routed relationship also exits from Internal to Branch Network.
▪ In route relationship, client requests from the source network are
directly routed to the destination network. The Source IP address is
always preserved.

NAT Connections:

▪ A NAT relationship is directional.

▪ Addresses from the source network are always translated when
passing through TMG 2010 Server

Guru Mantra on when to use NAT or ROUTE relationship:

▪ When the source and destination Network use Private addresses, then
we can use a route relationship.
▪ When the source Network use Private address and destination
Network use public address, then we can use a NAT relationship.
Note: In the real scenario, sometimes we have to go beyond this Guru
Mantra. But most of the cases this Guru Mantra will work.

Page
219
NETWORK ADMINISTRATION CIT-324

Here, TMG 2010 Server has 5 NICs. They are named as Internal, Branch, LAN,
DMZ and External. Branch offices use Cisco routers and are connected with
head office using Cisco router with static routing and IPsec Site-to-Site VPN.
Here we will focus on configuring TMG Firewall so that Head Office and branch
offices can communicate with each other over Intranet and the Internet. In
this scenario, we have to add all branch office internal network addresses in
the TMG Server on the Branch Network (NIC Card). Then we have to add static
route (all branch offices Internal Network) in TMG 2010 to reach branch offices
network because TMG 2010 will not support dynamic routing.

When we install TMG 2010 Firewall, by default TMG 2010 will only detect two
networks, Internal and External. TMG 2010 will not detect more than two NICs
even if the Windows Server 2008 R2 recognizes more than two.

For this, we have to follow some steps:

1. First create new network for branch and give the name as your design. Here
we will name it as Branch.
2. Second, configure network rule; Branch Network TO Internal, LAN, DMZ as
Route relationship Branch Network TO External as NAT relationship.
3. At last, create Access rule to control traffic.

Page
220
NETWORK ADMINISTRATION CIT-324

Perform the following steps to Create New Network for Branch:

1. In the Forefront TMG console tree, Right Click on Networking >

New> Network…

2. On the Welcome to the New Network Wizard page, type Branch in the
Network Name box and click next.

Page
221
NETWORK ADMINISTRATION CIT-324

3. On the New Network Wizard page, select Internal Network and

click Next.

Page
222
NETWORK ADMINISTRATION CIT-324

4. On the Network Addresses page, click on Add Adapter,

select Branch on select Network Adapter page and then click OK.
Click Next.

Page
223
NETWORK ADMINISTRATION CIT-324

5. On the Completing the New Network Wizard page, click Finish.

Click Apply to save changes and update the configuration. Then again
click Apply and click OK to Saving Configuration Changes.

Page
224
NETWORK ADMINISTRATION CIT-324

Perform the following steps to create a Network Rule for Branch:

1. In the Forefront TMG console tree, Right Click on Networking>New>

Network Rule…

Page
225
NETWORK ADMINISTRATION CIT-324

2. On the Welcome to the New Network Rule Wizard page, type Branch
to Internal, LAN & DMZ in the Network Rule name box and click Next.

Page
226
NETWORK ADMINISTRATION CIT-324

3. On the Network Traffic Sources page, click Add, in the Network

entities, expand Networks and select Branch and click Add and then
click close.

Page
227
NETWORK ADMINISTRATION CIT-324

4. On the Network Traffic Source page, click Next.

5. On the Network Traffic Destination page, click Add, In the Network

entities, expand Networks and select Internal, LAN and DMZ,
click Add and then click close.

Page
228
NETWORK ADMINISTRATION CIT-324

6. On the Network Traffic Destinations page, click next.

7. On the Network Relationship page, select Route and click next.

Page
229
NETWORK ADMINISTRATION CIT-324

8. On the Completing the New Network Rule Wizard page, click Finish.
Click Apply to save changes and update the configuration. Then again
click Apply and click OK to Saving Configuration Changes.

Page
230
NETWORK ADMINISTRATION CIT-324

9. Apart from this, create a Network Rule for Branch to External as NAT
Network Relationship to access the Internet.

Page
231
NETWORK ADMINISTRATION CIT-324

After us Create Network and Network Rule for Branch Network, then we have
to Create Access Rule to control traffic. For this please look into my previous
article on Configuring Access Rules for Internet Access in TMG 2010.
According to our network diagram, we have to work on some more steps to
access branch offices to head office server zone, LAN and DMZ. And from Head
office to branch offices. In our scenario, TMG 2010 Firewall is configured with
5 NICs and only Branch NIC is connecting to the branch offices network. So we
must add all the branch offices internal network addresses in the branch
network in the TMG. Lastly, we must add static route in the TMG Firewall to
reach each branch offices from the TMG Firewall.

Perform the following steps to add branch offices internal networks in TMG
Firewall Branch Network:

1. In the Forefront TMG console ntree, Click on Networking, Click

Networks, right click on Branch, select Properties.

Page
232
NETWORK ADMINISTRATION CIT-324

2. In the Branch Properties dialog box, click Addresses, click Add Range…

3. In the IP Address Range Properties dialog box, type the branch offices
Internal Address ranges. Here address ranges are:
192.168.202.0, 192.168.202.255, 192.168.203.0, 192.168.203.255
192.168.204.0, 192.168.204.255

Page
233
NETWORK ADMINISTRATION CIT-324

Then click OK to close Branch Properties. Click Apply to save changes and
update the configuration. Then again click Apply and click OK to Saving
Configuration Changes.

Page
234
NETWORK ADMINISTRATION CIT-324

Perform the following steps to add static route in TMG 2010 Firewall:

1. Open the command prompt at the TMG 2010, type the following commands
to add static route to reach branch offices.

Page
235
NETWORK ADMINISTRATION CIT-324

C :\> route add 192.168.202.0 mask 255.255.255.0 192.168.100.2 -p

C :\> route add 192.168.203.0 mask 255.255.255.0 192.168.100.2 -p
C :\> route add 192.168.204.0 mask 255.255.255.0 192.168.100.2 –p
Note: -p for permanent route

C :\> route print (To check the static route)

=============================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
192.168.202.0 255.255.255.0 192.168.100.2 1
192.168.203.0 255.255.255.0 192.168.100.2 1
192.168.204.0 255.255.255.0 192.168.100.2 1
0.0.0.0 0.0.0.0 202.52.X.X 1

=============================================================

On the Head Office Router, add the following static route:

Ip route 0.0.0.0 0.0.0.0 192.168.100.1
Ip route 192.168.202.0 255.255.255.0 172.16.240.2
Ip route 192.168.203.0 255.255.255.0 172.16.240.3
Ip route 192.168.204.0 255.255.255.0 172.16.240.4

Page
236
NETWORK ADMINISTRATION CIT-324

On each Branch Office Router, add the default route to Head Office:
Ip route 0.0.0.0 0.0.0.0 172.16.240.1

8.4. INTEGRATING TMG AND MICROSOFT

EXCHANGE SERVER 2013

9. Configure Exchange 2013 for basic authentication

Run the following on the CAS server that will be published

1. Set-OwaVirtualDirectory -id <CasServer>\* -BasicAuthentication $true

-WindowsAuthentication $true -FormsAuthentication $false
2. set-WebServicesVirtualDirectory -id <CasServer>\* -
WindowsAuthentication $true -BasicAuthentication $true
3. set-EcpVirtualdirectory -id <CasServer>\* -BasicAuthentication $true -
WindowsAuthentication $true -FormsAuthentication $false
4. set-OabVirtualDirectory -id <CasServer>\* -WindowsAuthentication
$true -BasicAuthentication $true
5. set-ActiveSyncVirtualDirectory -id <CasServer>\* -BasicAuthentication
$true

Copy the 3rd party certificate to the TMG server.

1. Click Start –> Run –> Type MMC

2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer
account-> Next –> finish-> ok
3. Click Personal –> certificates
4. Right Click on 3rd party certificate and click all tasks –> export
5. Click Next –> Yes, Export Private Key –> Base-64 –> next –> Browse
for file location.
6. Next-> finish
7. Copy certificate file to the TMG server
8. Click Start –> Run –> Type MMC

Page
237
NETWORK ADMINISTRATION CIT-324

9. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer
account-> Next –> finish-> ok
10. Click Personal –> Right Click certificates –> all task –> import –> next –
> select file –> next –> next finish

Configure OWA Rule on TMG

1. Open Forefront TMG

2. Click on

3. In the Action Pane under Task click

4. Give the rule a Name ill name mine “2010 OWA”

5. Next –> Next

Page
238
NETWORK ADMINISTRATION CIT-324

6. Internal Site Name should be your CAS server FQDN (needs to be on

the cert)

Page
239
NETWORK ADMINISTRATION CIT-324

7. The external name is what you use to access OWA (Also needs to be on
the cert)

8. Click new to make a new Listener

9. Name it whatever you want, I named Mine FBA because I am going to

use it for Forms Based auth for OWA.
Page
240
NETWORK ADMINISTRATION CIT-324

10. Select one of the External IPs listed (not all IP addresses or you can’t do
multiple auth methods)

11. Select the certificate you imported earlier

Page
241
NETWORK ADMINISTRATION CIT-324

12. Use Form Authentication

13. You can configure SSO if you have other sites that will use this listener

Page
242
NETWORK ADMINISTRATION CIT-324

14. Click –> Next –> Finish –> Select the Listener.

Page
243
NETWORK ADMINISTRATION CIT-324

You CANNOT use “all users” here you need to have authenticated users or
another group that requires authentication or your will not get prompted for
auth. and get a 500.24 in browser

15. Finish
16. Now OWA is published!
17. Now on to EWS\Outlook Anywhere
Page
244
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: TMG stands for____?

(a) Trunk Media Gateway (b) Threat Management Gateway

(c) Transport Media Gateway (d) None of these

Q.2: TMG is also known as?

(a) Microsoft Internet Security (b) Acceleration Server

(c) Both a & b (d) None of these

Q.3: What is the purpose of TMG server's web proxy functionality?

(a) To enable secure remote access

(b) To provide web caching capabilities

(c) To manage network traffic routing

(d) To perform malware scanning

Q.4: Which deployment scenario would typically involve using TMG server?

(a) Data center virtualization

(b) Network load balancing

(c) Perimeter network protection

(d) Intrusion detection and prevention

Q.5: What is the recommended alternative to TMG server for network

security and protection?

(a) Microsoft Defender for Endpoint (b) Microsoft SQL Server

(c) Microsoft Exchange Server

(d) Microsoft Azure Active Directory

Page
245
NETWORK ADMINISTRATION CIT-324

Q.6: Which component of TMG server handles inbound and outbound

network traffic?

(a) Firewall service (b) Web proxy service

(c) VPN service (d) Web publishing service

Q.7: Which feature of TMG server allows secure access to internal web
applications for external users?

(a) Firewall protection (b) VPN connectivity

(c) Web proxy functionality (d) Web publishing

Q.8: Forefront TMG Management Hardware and Software requirement of

Disk space is. a) 20GB b) 40GB c) 60GB d) 80Gb

(a) 20GB (b) 40GB

(c) 60GB (d) 80Gb

Q.9: What is the primary function of Microsoft Threat Management

Gateway (TMG) server?

(a) Network traffic analysis (b) Web application development

(c) Network security and protection (d) Database management

Q.10: Which of the following is a feature of TMG server?

(a) Email server functionality (b) File server functionality

(c) Firewall protection (d) DNS server functionality

(c) inputs (d) Interrupts

ANSWER KEY

Q.1 (b) Q.2 (c) Q.3 (b) Q.4 (c) Q.5 (a)
Q.6 (a) Q.7 (d) Q.8 (b) Q.9 (c) Q.10 (c)

Page
246
NETWORK ADMINISTRATION CIT-324

Short Questions

1. What is TMG in networking?

2. What does TMG stand for firewall?
3. What is TMG proxy server?
4. What is TMG server used for?
5. What are the main features of TMG server?
6. What is the role of TMG server in a network infrastructure?
7. What was the primary use case for Microsoft TMG server?
8. What are some alternatives to TMG server?
9. What Is Forefront TMG?
10. Forefront TMG supports three types of Clients?
11. How to Creating a Custom Policy for Forefront TMG?

Long Questions

1. Explain TMG server?

2. Explain the key features, components, and deployment scenarios of
Microsoft Threat Management Gateway (TMG) server?
3. Explain how to configuring TMG server 2010?

Page
247
NETWORK ADMINISTRATION CIT-324

CHAPTER 09 MANAGING AND

IMPLEMENTING TMG SERVER

Objectives
After completion of this chapter students will be able to:

9.1 Understanding Access Rules

9.2 Configuring Load-Balancing Capabilities
9.3 Network Inspection System
9.4 Integrating Domain users with TMG server

9.1 UNDERSTANDING ACCESS RULES

Define whether traffic from the source network is allowed to pass to the
destination network. The TOE (Target of Evaluation) includes a list of
preconfigured, well-known protocol definitions, including the Internet
protocols which are most widely used. It is possible to add or modify additional
protocols. When a client requests an object using a specific protocol, the TOE
checks the access rules. A request is processed only if an access rule specifically
allows the client to communicate using the specific protocol and also allows
access to the requested object.

Managing and Implementing TMG Server

How to managing TMG Server?

The management console will connect to the remote TMG server, and now
you can start working on the console as if you were sitting in front of the TMG

Page
248
NETWORK ADMINISTRATION CIT-324

server itself. Once you are done with remotely managing a TMG server, click
on Disconnect from Forefront TMG Management located at the right pane
under the Tasks tab.

How implementing TMG Server?

As an integrated edge security gateway, Forefront TMG 2010 can be deployed

to provide Virtual Private Networking (VPN) services, enabling remote users to
connect securely to the corporate network when they are out of the office.
VPN protocols supported by TMG include the Layer Two Tunneling Protocol
(L2TP/IPsec), Secure Sockets Tunneling Protocol (SSTP), and the Point-to-Point
Protocol (PPTP). Based on my experience, PPTP is by far the most widely
deployed VPN protocol on TMG and its predecessor, ISA server. This is most
likely because configuring PPTP for VPN connectivity is simple and
straightforward, and PPTP is widely supported across clients. However

Security Concerns with PPTP

The security issue with PPTP isn’t with the protocol itself. Rather, the problem
lies with the MS-CHAPv2 authentication protocol, which is the default
authentication method used when PPTP VPN is enabled on the TMG firewall.
Earlier this year, security researches demonstrated a method to crack the MS-
CHAPv2 authentication protocol with a 100% success rate. With the public
availability of tools to automate the process of cracking MS-CHAPv2, PPTP
communication using MS-CHAPv2 should be considered unencrypted. If PPTP
is deployed for remote access VPN connectivity, security administrators
should take steps to better secure their environment.

Server Certificate Provisioning:

Before configuring authentication with PPTP on the TMG firewall, we first

need to obtain a machine certificate for the TMG firewall and a user certificate
for our remote access client. Configuring the PKI is outside the scope of this
article, but in my test lab I am using a Windows Server 2008 R2 Active
Directory-integrated enterprise certificate authority (CA).

In this scenario, before we can obtain a machine certificate from the

enterprise CA, we first need to configure the TMG firewall policy to allow this
Page
249
NETWORK ADMINISTRATION CIT-324

request to be completed. to the CA. Once you’ve completed the certificate

request successfully you can safely disable or delete the rule. This is done by
right-clicking the Firewall Policy node in the TMG management console and
choosing All Tasks, System Policy, Edit System Policy. Highlight Active
Directory under the Authentication Services folder and uncheck the box next
to Enforce strict RPC compliance.

On the TMG firewall, open a new Microsoft Management Console (MMC) by

clicking Start → Run and entering mmc.exe. From the drop-down menu
choose File → Add/Remove Snap-in. Highlight Certificates in the Available
snap-ins column and click Add. Select Computer account and click next,
choose Local computer (the computer this console is running on) and then
click Finish and Ok. Expand the Certificates node in the navigation tree and
highlight the personal folder. Right-click anywhere in the center pane and
choose All Tasks → Request New Certificate. Click next when the enrollment
wizard begins, then select Active Directory Enrollment Policy and click next.
Check the box next to Computer and then click Enroll to complete the
process.

Page
250
NETWORK ADMINISTRATION CIT-324

Configuring TMG PPTP VPN for EAP

In the TMG management console, highlight the Remote Access Policy

(VPN) node in the navigation tree, then in the Tasks pane click the link Select
Authentication Methods.

Un-check the box next to Microsoft encrypted authentication version 2 (MS-

CHAPv2) and check the box next to Extensible authentication protocol (EAP)
with smart card or another certificate.

Page
251
NETWORK ADMINISTRATION CIT-324

Note: If you have enabled NAP integration with TMG for VPN clients, EAP must
be configured on the Network Policy Server (NPS). Click the configuring
EAP link on the dialog box for more information. When you select the option
to enable EAP you are presented with an information dialog box indicating that
EAP authenticated users belong to the RADIUS namespace and are not part of
the Windows namespace. To apply user-based access rule to these users you
can either define a RADIUS user set for them or you can use user mapping to
map these users to the Windows namespace (this requires the TMG firewall
be joined to a domain). If user mapping is enabled, access rules applied to the
Windows users and groups will be applicable to EAP authenticated users.

Choose ok, then save and apply the configuration.

Page
252
NETWORK ADMINISTRATION CIT-324

Configuring VPN Client with EAP

On the client side, open the Network and Sharing Center and click Change
adapter settings. Right-click the existing PPTP VPN connection and
choose Properties. Click the Security tab, then select the option to Use
Extensible Authentication Protocol (EAP). From the drop-down box
choose Smart card or another certificate (encryption enabled).

Click the Properties button and, if you are using client certificates installed on
the local machine and not smart cards, select the option to Use a certificate
on this computer. Next, enter the internal hostname of the TMG firewall in
the Connect to these server’s text box. This name must match the name on
the computer certificate issued to the TMG firewall. For TMG enterprise
arrays, enter the name of each firewall in the array, separated by semicolons.
Lastly, select the Trusted Root Certification Authorities that issued the
certificate to the TMG firewall and click Ok. Once complete you should be able
to establish a secure VPN session using PPTP authenticated with the client
certificate or smart card issued to the user.

Page
253
NETWORK ADMINISTRATION CIT-324

Alternative Remote Access Protocols

If implementing EAP authentication with PPTP sounds like a lot of trouble,

there are alternative remote access protocols that can be used to provide
secure remote access that don’t suffer from the security concerns that PPTP
does. For example, TMG supports L2TP/IPsec which is considered very secure.
Ideally L2TP/IPsec should also use certificates for authentication, but it does
support the use of a shared secret that, if great care is taken, can provide a
high level of protection for remote access communication. If you choose to
use shared secrets instead of certificates, be sure to use a very long and
complex password and change this password frequently.

Another excellent alternative is to use SSTP. SSTP uses SSL/TLS to encrypt

communication between the client and remote access server, and it is simple
to configure on the TMG firewall. SSTP has the added benefit of being very
firewall friendly, as outbound access on TCP port 443 is ubiquitous. The only
drawback to SSTP is that it is supported only on Windows Vista SP1 and later
clients. If you still have to support Windows XP remote access clients, you’ll
need to continue to rely on PPTP or L2TP/IPsec. Of course, Direct Access is
another solution that mitigates the security concerns of PPTP VPN. Direct
Access uses certificates and IPsec to establish secure remote access for

Page
254
NETWORK ADMINISTRATION CIT-324

managed clients (domain-joined) running Windows 7 Enterprise or Ultimate,

or Windows 8 Enterprise. Direct Access can be implemented using Windows
Server 2008 R2 (and enhanced with Forefront UAG 2010) or with Windows
Server 2012.

9.2. CONFIGURING LOAD-BALANCING

CAPABILITIES

Network Load Balancing (NLB) configuration settings in Forefront TMG:

Forefront TMG can distribute Web traffic to identical configured web servers that are
normally a special function of a Hardware load balancer. Web server load balancing
distributes network traffic to different hosts in the internal network without using
classic NLB functions of the Windows operating system.

Network Load Balancing integration is one of the features that existed in the
previous version of Forefront Threat Management Gateway (TMG), Internet
Security and Acceleration (ISA) Server 2006. The concept of this functionality
is described in Network Load Balancing Integration Concepts for Microsoft
Internet Security and Acceleration (ISA) Server 2006. The main idea is that
instead of defining NLB settings on each cluster node, cluster settings can be
configured on the Forefront TMG Enterprise Manager Server (EMS) or on
the array manager, and the EMS or array manager distributes the settings to
all array members.

After that, the system enters an NLB integrated state, where Forefront TMG
detects and overrides any external changes made to the NLB configuration on
all array members. For example, if Forefront TMG is in an NLB integrated state
and someone changes a virtual IP on any array member, the Firewall Service
will change it back to the IP that is defined in the array configuration.

However, in ISA Server, after the NLB integration is disabled, the NLB cluster
remains configured with the ISA Server settings with corresponding virtual IPs
and NLB protocol bindings. This may interfere with future NLB clusters defined
not via ISA Server.
Page
255
NETWORK ADMINISTRATION CIT-324

NLB Clear

In order to allow the Forefront TMG administrator to have more control over
the NLB state, the "NLB Clear" functionality was introduced in Forefront TMG.
NLB Integration state machine in ISA Server:

NLB Integration state machine in Forefront TMG:

In Forefront TMG, when the administrator disables NLB integration, the

following dialog allows them to select what will be the next state:

Page
256
NETWORK ADMINISTRATION CIT-324

The default option is to discard NLB configuration settings, which includes

removing virtual IPs from appropriate NICs, unbinding them from the NLB
protocol, and removing all NLB-related settings from the registry. Note that
you cannot perform a selective clear of NLB configuration.

When disabling NLB integration via the API, the settings are not cleared by
default; this is done for backward compatibility with scripts written for ISA
Server. To have the settings removed, you should set the NLB Integration
Clear upon Disable member of the interface IFPCNLBConfiguration2 to TRUE,
prior to setting NLB Integration Enabled to FALSE.

Alert for NLB configuration removal

Each time an NLB Clear is successfully performed, the alert above appears in
the Alerts pane of the Monitoring node. There is a corresponding alert for a
failure to clear the settings. By the way, such an alert is purely informative
since the failure doesn't block any other Forefront TMG functionality, but may
indicate some NLB-related issues. Each time that NLB integration is enabled,
NLB Clear is automatically called by the Firewall Service and the alert appears.

Individual NLB configuration removal

If the administrator chooses not to remove NLB configuration settings when

disabling the integration, it can be done at a later stage. However, since
Forefront TMG won't control NLB configuration any longer, the settings will
have to be removed for each array member individually. This can be done in
two ways: by using a troubleshooting task or by running the NLBClear.exe
utility located in the installation directory.

Page
257
NETWORK ADMINISTRATION CIT-324

Troubleshooting task:

This task can be run regardless of whether NLB Integration is enabled or

disabled.

• If NLB Integration is enabled, the task clears the settings, which are
immediately overridden by Forefront TMG according to the stored
configuration. This can be used to refresh NLB settings that got
corrupted.

• If NLB Integration is disabled, the task just clears all NLB settings.

The task cannot run from a remote management console and operates only
on the local array member.

NLBClear.exe

This utility clears NLB settings on the local array member. Note that the
Firewall Service has to be stopped before the utility is run.

9.3. NETWORK INSPECTION SYSTEM

Network Inspection System - Application Layer Inspection. NIS is Microsoft's

response to the growing threat of network-based attacks. NIS was first
introduced with the Forefront Threat Management Gateway (TMG) firewall to
Page
258
NETWORK ADMINISTRATION CIT-324

enable sophisticated network-based IDS/IPS at the edge of the

corporate network.

Forefront TMG 2010 Network Inspection System and Custom Protocols:

An intrusion detection and prevention system (IDS/IPS) is an essential

component of a modern secure web gateway. The Network Inspection System
(NIS) in Forefront Threat Management Gateway (TMG) 2010 is a unique
implementation of IDS/IPS. NIS is focused specifically on detecting and
preventing attacks on Microsoft operating systems and applications. NIS uses
signatures that are developed by the Microsoft Malware Protection Center
(MMPC) and are distributed through Windows Update or WSUS.

NIS in Forefront TMG 2010 provides protection by performing low-level

network protocol inspection. Each packet is analyzed for protocol state,
message structure, and message content. When a packet is received, NIS will
inspect it only after the firewall policy has allowed it, and only after any
associated web or application filters have processed it.

There is one caveat, however. A custom protocol is not subject to NIS

inspection by the Forefront TMG firewall unless it is associated with
a standard protocol. Often a Forefront TMG firewall administrator will create
a custom protocol for a standard protocol that uses a non-standard port. One
of the most common protocols to be configured to use non-standard ports is
the HTTP protocol. For example, if an administrator defines a custom protocol
to support a web-based application that uses the non-standard TCP port
62112, by default NIS will not inspect this traffic even though the
communication is HTTP, a protocol which NIS normally inspects when it takes
place over the standard TCP port 80.
To apply Forefront TMG NIS inspection to a custom protocol it must first be
associated with a standard protocol. In our example we’re using HTTP over a
non-standard port, so we need to associate our custom protocol with the Web
Proxy Filter.

Page
259
NETWORK ADMINISTRATION CIT-324

Next, associate the custom protocol with a standard protocol definition, in this
case HTTP Proxy.

Once complete, Forefront TMG NIS inspection will be applied to the custom
protocol and policy will be enforced according to the current NIS
configuration.

Page
260
NETWORK ADMINISTRATION CIT-324

9.4. INTEGRATING DOMAIN USERS WITH TMG

SERVER

To integrate domain users with Microsoft Threat Management Gateway

(TMG) server, you can utilize Active Directory (AD) integration. Here's a
general process to follow:

1. Configure TMG Server for AD Integration:

• Ensure that the TMG server is joined to the Active Directory

domain.

• Open the TMG Management Console and navigate to the

"Authentication" section.

• Enable Windows (Active Directory) authentication.

2. Create Firewall Access Rules:

• Determine the access requirements for domain users (e.g., web

browsing, VPN access, etc.).

• Create firewall access rules that allow domain users to access

specific services or resources.

• Specify the appropriate user groups or Active Directory objects in

the access rules to define which users are allowed.

3. Define User Sets or User Groups:

• In TMG Management Console, create User Sets or User Groups that

include the domain users you want to manage access for.

• Add the appropriate domain users or groups to the User Sets or

User Groups you've created.

4. Configure Web Proxy Settings (if applicable):

• If you are using TMG server as a web proxy, configure web proxy
settings on client devices to point to the TMG server.

Page
261
NETWORK ADMINISTRATION CIT-324

• Ensure that domain users' browsers are configured to use the TMG
server as their web proxy.

5. Test and Monitor:

• Test the access for domain users by attempting to browse the web,
connect via VPN, or access other permitted services.

• Monitor TMG server logs and reports to verify that domain users'
access is logged correctly and matches the defined access rules.

By integrating TMG server with Active Directory and properly configuring

access rules and user groups, you can effectively manage domain user access
to resources protected by TMG server. It allows you to enforce security
policies, control access to specific services, and monitor user activity.

Page
262
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is the primary purpose of managing TMG server?

(a) Monitoring network traffic (b) Configuring web applications

(c) Implementing network security policies

(d) Managing virtual machines

Q.2: Which component of TMG server is responsible for controlling network

traffic?

(a) Web proxy service (b) VPN service

(c) Firewall service (d) Web publishing service

Q.3: How can you implement user authentication in TMG server?

(a) Utilize a third-party authentication server

(b) Integrate with Active Directory (AD)

(c) Configure local user accounts on the TMG server

(d) Use biometric authentication devices

Q.4: Which deployment scenario involves using TMG server to protect a

network's perimeter?

(a) Internal network segmentation

(b) Load balancing between servers

(c) Web application development

(d) Perimeter network protection

Q.5: Which feature of TMG server allows for secure remote access to the
internal network?

(a) Web proxy server (b) VPN connectivity

Page
263
NETWORK ADMINISTRATION CIT-324

(c) Intrusion detection and prevention

(d) Web application firewall

Q.6: How can TMG server enhance web security?

(a) By implementing SSL encryption for web traffic

(b) By scanning web content for malware

(c) By enforcing URL filtering policies (d) All of the above

Q.7: What is the recommended alternative to TMG server for network

security and protection?

(a) Microsoft Defender for Endpoint (b) Microsoft SQL Server

(c) Microsoft Exchange Server

(d) Microsoft Azure Active Directory

Q.8: What should be considered when managing TMG server for high
availability?

(a) Load balancing TMG server instances

(b) Implementing redundant TMG server deployments

(c) Ensuring fault-tolerant network infrastructure

(d) All of the above

Q.9: A method of restricting network access based on the roles of individual

user within an enterprise is called?

(a) Mailbox Management (b) Addressing Exchange

(c) Exchange Management (d) Role-based access control

Q.10: Which deployment scenario is TMG commonly used for? a. Load

balancing web servers b. Managing virtual machines c. Protecting the
network perimeter d. Analyzing network traffic

Page
264
NETWORK ADMINISTRATION CIT-324

(a) Load balancing web servers (b) Managing virtual machines

(c) Protecting the network perimeter

(d) Analyzing network traffic

ANSWER KEY

Q.1 (c) Q.2 (c) Q.3 (b) Q.4 (d) Q.5 (b)
Q.6 (d) Q.7 (a) Q.8 (d) Q.9 (d) Q.10 (c)

Short Questions

1. What is TMG server used for??

2. What is system policy in TMG server?
3. What is replaced Microsoft TMG?
4. How can TMG server enhance web security?
5. How can TMG server be integrated with Active Directory (AD)?
6. What is the difference between Microsoft TMG and UAG?
7. How do I create an authorization group in TMG?
8. How does Forefront TMG work?
9. Where are TMG Logs stored?
10. What is the working of PPTP?
11. PPTP protocol is in Which layer?
12. What is the advantage of PPTP?
13. What are the features of PPTP?

Page
265
NETWORK ADMINISTRATION CIT-324

Long Questions

1. Explain how to Managing and Implementing TMG Server?

2. Explain the term of load balancing?
3. Describe the key considerations and steps involved in managing and
implementing Microsoft Threat Management Gateway (TMG) server
for network security and protection?
4. Explain the integration domain user with TMG server?

Page
266
NETWORK ADMINISTRATION CIT-324

CHAPTER 10 TROUBLESHOOTING

Objectives
After completion of this chapter students will be able to:

10.1 Troubleshooting of Auditing User Access of Files, Folders and Printers

10.2 Event Viewer
10.3 Hardware Troubleshooting
10.4 Troubleshooting of Disk Management
10.5 Connectivity and Communication

Troubleshooting
Troubleshooting is a form of problem solving, often applied to repair failed
products or processes on a machine or a system. It is a logical, systematic
search for the source of a problem in order to solve it, and make the product
or process operational again. Troubleshooting is needed to identify the
symptoms. Determining the most likely cause is a process of elimination—
eliminating potential causes of a problem. Finally, troubleshooting requires
confirmation that the solution restores the product or process to its working
state.
In general, troubleshooting is the identification or diagnosis of "trouble" in the
management flow of a corporation or a system caused by a failure of some
kind. The problem is initially described as symptoms of malfunction, and
troubleshooting is the process of determining and remedying the causes of
these symptoms.
A system can be described in terms of its expected, desired or intended
behavior (usually, for artificial systems, its purpose). Events or inputs to the
system are expected to generate specific results or outputs. (For example,
Page
267
NETWORK ADMINISTRATION CIT-324

selecting the "print" option from various computer applications is intended to

result in a hardcopy emerging from some specific device). Any unexpected or
undesirable behavior is a symptom. Troubleshooting is the process of isolating
the specific cause or causes of the symptom. Frequently the symptom is a
failure of the product or process to produce any results. (Nothing was printed,
for example). Corrective action can then be taken to prevent further failures
of a similar kind.
The methods of forensic engineering are useful in tracing problems in
products or processes, and a wide range of analytical techniques are available
to determine the cause or causes of specific failures. Corrective action can
then be taken to prevent further failure of a similar kind. Preventative action
is possible using failure mode and effects (FMEA) and fault tree analysis
(FTA) before full-scale production, and these methods can also be used
for failure analysis.

10.1. TROUBLESHOOTING OF AUDITING USER

ACCESS OF FILES, FOLDERS AND PRINTERS

Windows Server 2012 has been one of the most widely deployed servers
around the globe for supporting collaborative work environments. Because of
the intrinsic nature of these kinds of environments, where multiple users have
access to the same resources, fixing responsibility for user actions becomes
very important.
Thus, it is important to audit all user actions concerning files and folders
access. In this article, the process of enabling files and folders auditing on
Windows Server 2012 has been explained. On Windows Server 2012, auditing
file and folder accesses consists of two parts:

1. Enable File and Folder auditing which can be done in two ways:
• Through Group Policy (for Domains, Sites and Organizational Units)
• Local Security policy (for single Servers)
2. Configure audit settings for File and Folders

Page
268
NETWORK ADMINISTRATION CIT-324

The process of enabling auditing for object access on a Windows Server 2012
through Group Policy. Enable Auditing through Group Policy. To enable
auditing through GPO, follow these steps:

1. Go to “Start” ➔ “Control Panel”. In this window, double-click

“Administrative Tools”, and then double-click “Group Policy
Management” console to open it.

2. Go to the concerned domain and expand it as shown in the following

figure. Go to concerned domain and expand the node

3. Right-click “Group Policy Objects, and click “New”. Figure 2: Select New
from the context menu. In “New GPO” dialog box, enter the name of
new GPO and click “OK”.

Page
269
NETWORK ADMINISTRATION CIT-324

4. In Figure 3: Enter new GPO’s name

5. Right-click the newly created GPO and click “Edit” to open “Group Policy
Management Editor” window. Figure 4: GPO management editor
6. In “Group Policy Management Editor”, go to “Computer Configuration”
➔ “Policies” ➔ “Windows Settings” ➔ “Local Policies”.
7. Select “Audit Policies” to view all of its policies in the right panel. Figure
5: Audit policies.
8. Double-click “Audit Object Access” to access its properties.

Page
270
NETWORK ADMINISTRATION CIT-324

9. Click “Define these Policy Settings” to check its box. Check both
“Success” and “Failure” boxes.

10. Click “Apply” and “OK”.

Page
271
NETWORK ADMINISTRATION CIT-324

11. Execute the following command at “Run” or “Command Prompt” to

apply this policy on the domain controller.

Gpupdate /force

After the policy has been applied, you can configure audit settings for File and
Folders. Enable Auditing of Specific Folder. To select specific folders and define
users, follow these steps.

1. Select the folder that you want to audit.

2. Right-click and click “Properties” to access its properties.

3. Go to “Security” tab, and click “Advanced”.

4. In “Advanced Security Settings” dialog box, select “Auditing” tab.Click the

Auditing tab

5. Click “Add”. “Auditing Entry for” window appears on the screen.

Auditing. Entry for Documents dialog box.

Page
272
NETWORK ADMINISTRATION CIT-324

6. Click “Select a principal” link. It shows “Select User…” dialog box.

7. Type the name of that user, of which access you want to monitor. Click
“Check Names” button to validate its entry. You can repeat this step to
provide the names of all users, whose access to the selected folder have
to monitored. Alternatively, you can type “Everyone” to monitor every
user’s accesses to this folder.

Page
273
NETWORK ADMINISTRATION CIT-324

8. Select User for auditing

9. Click “OK” once you have made your selection of users. It takes you back
to “Auditing Entry” window. Figure 11: Auditing Entry for Documents
settings

10. Select “Both” in “Type” drop-down menu to monitor both “Success”

and “Fail” accesses made to the folder.

11. In “Applies to” drop-down menu, select “This folder, subfolders, and
files”.

12. Select “Full Control” or the appropriate permissions for auditing. It is

advised to click “Show Advanced Permissions” and select all permissions.

Page
274
NETWORK ADMINISTRATION CIT-324

13. You can use “Add a condition” link at the bottom to limit the scope of
this auditing entry. You can add multiple conditions, if required. This
way the auditing will generate limited logs.

14. Click “OK” to save the settings and close “Auditing Entry for …”
window.

15. Click “Apply” and “OK” to close “Advanced Security Settings for”
window.

16. Click “OK” to close the folder properties.

View the Record in Event Viewer

After auditing has been enabled, the logged events can be viewed in Event
Viewer. The following image shows the logged event for a file access.

File access event in event viewer

10.2. EVENT VIEWER

Event Viewer is a component of Microsoft's Windows NT line of operating

systems that lets administrators and users view the event logs on a local or
remote machine. In Windows Vista, Microsoft overhauled the event system.
Page
275
NETWORK ADMINISTRATION CIT-324

Due to the Event Viewer's routine reporting of minor start-up and processing
errors (which do not in fact harm or damage the computer), the software is
frequently used by technical support scammers to convince users unfamiliar
with Event Viewer that their computer contains critical errors requiring
immediate technical support. An example is the "Administrative Events" field
under "Custom Views" which can have over a thousand errors or warnings
logged over a month's time.

Overview

Windows NT has featured event logs since its release in 1993. Applications and
operating-system components can use this centralized log service to report
events that have taken place, such as a failure to start a component or to
complete an action.

The Event Viewer uses event IDs to define the uniquely identifiable events that
a Windows computer can encounter. For example, when a
user's authentication fails, the system may generate Event ID 672.

Windows NT 4.0 added support for defining "event sources" (i.e. the
application which created the event) and performing backups of logs.

Windows 2000 added the capability for applications to create their own log
sources in addition to the three system-defined "System", "Application", and
"Security" log-files. Windows 2000 also replaced NT4's Event Viewer with
a Microsoft Management Console (MMC) snap-in.

Windows Server 2003 added the AuthzInstallSecurityEventSource () API calls

so that applications could register with the security-event logs, and write
security-audit entries.

Versions of Windows based on the Windows NT 6.0 kernel (Windows

Vista and Windows Server 2008) no longer have a 300-megabyte limit to their
total size. Prior to NT 6.0, the system opened on-disk files as memory-mapped
files in kernel memory space, which used the same memory pools as other
kernel components.

Event Viewer log-files with filename extension evtx typically appear in a

directory such as C:\Windows\System32\winevt\Logs\
Page
276
NETWORK ADMINISTRATION CIT-324

Command-line interface

Windows XP introduced set of three command-line interface tools, useful to

task automation:
• eventquery.vbs – Official script to query, filter and output results based on
the event logs. Discontinued after XP.
• eventcreate is a command (continued in Vista and 7) to put custom events
in the logs.
• eventtriggers is a command to create event driven tasks. Discontinued after
XP, replaced by the "Attach task to this event" feature.

Windows Vista

Event Viewer consists of a rewritten event tracing and logging architecture on

Windows Vista. It has been rewritten around a structured XML log-format and
a designated log type to allow applications to more precisely log events and to
help make it easier for support technicians and developers to interpret the
events. The XML representation of the event can be viewed on the Details tab
in an event's properties. It is also possible to view all potential events, their
structures, registered event publishers and their configuration using
the wevtutil utility, even before the events are fired.
There are a large number of different types of event logs including
Administrative, Operational, Analytic, and Debug log types. Selecting
the Application Logs node in the Scope pane reveals numerous new
subcategorized event logs, including many labeled as diagnostic logs. Analytic
and Debug events which are high frequency are directly saved into a trace file
while Admin and Operational events are infrequent enough to allow additional
processing without affecting system performance, so they are delivered to the
Event Log service. Events are published asynchronously to reduce the
performance impact on the event publishing application. Event attributes are
also much more detailed and show EventID, Level, Task, Opcode, and
Keywords properties.
Filtering using XPath 1.0 Open Windows Event Log

1. Expand out Windows Logs

Page
277
NETWORK ADMINISTRATION CIT-324

2. Select the log file that is of interest to you (In the example below, we use
the Security event log)
3. Right-click on the Event Log and select Filter Current Log...
4. Change the selected tab from Filter to XML
5. Check the box to Edit query manually'
6. Paste your query into the text box. You will find sample queries below.

Event subscribers

Major event subscribers include the Event Collector service and Task
Scheduler 2.0. The Event Collector service can automatically forward event
logs to other remote systems, running Windows Vista, Windows Server
2008 or Windows Server 2003 R2 on a configurable schedule. Event logs can
also be remotely viewed from other computers or multiple event logs can be
centrally logged and monitored agentless and managed from a single
computer. Events can also be directly associated with tasks, which run in the
redesigned Task Scheduler and trigger automated actions when particular
events take place.

10.3. HARDWARE TROUBLESHOOTING

Definition - What does Hardware Troubleshooting mean?

Hardware troubleshooting is the process of reviewing, diagnosing and

identifying operational or technical problems within a hardware device or
equipment. It aims to resolve physical and/or logical problems and issues
within a computing hardware. Hardware troubleshooting is done by hardware
or technical support technician.
Explanation Hardware Troubleshooting

Hardware troubleshooting processes primarily aim to resolve computer

hardware problems using a systematic approach. The process starts by first
identifying the problem and finding different issues that can cause such a
problem and eventually leading to implementing a solution or alternative.

Page
278
NETWORK ADMINISTRATION CIT-324

Hardware troubleshooting is generally done on hardware equipment installed

within a computer, server, laptop or related device. Some processes within
hardware troubleshooting include:

• Removing, repairing and replacing faulty RAM, hard disk or

video/graphic card.
• Cleaning dusts from RAM and Video carts slot/ports and from cooling
fan.
• Tightening cable and jumpers on motherboard and/or components.
• Software related hardware problems such as device driver update or
installation.

10.4. TROUBLESHOOTING DISK MANAGEMENT

A disk's status is Not Initialized or the disk is missing

Cause: If you have a disk that doesn't appear in File Explorer and is listed in
Disk Management as Not Initialized, it could be because the disk doesn't have
a valid disk signature. Basically, this means that the disk has never been
initialized and formatted, or the drive formatting has become corrupted
somehow. It's also possible that the disk is having hardware problems or issues
plugging in, but we'll get to that in a few paragraphs.
Page
279
NETWORK ADMINISTRATION CIT-324

Solution: If the drive is brand new and just needs to be initialized, erasing any
data on it, the solution is easy - see Initialize New Disks. However, there's a
good chance you've already tried this, and it didn't work. Or maybe you have
a disk full of important files, and you don't want to erase the disk by initializing
it. There are a bunch of reasons a disk might be missing or fail to initialize, with
a common reason being because the disk is failing. There's only so much you
can do to fix a failing disk, but here are some steps to try to see if we can get
it working again. If the disk works after one of these steps, don't bother with
the next steps, just kick back, celebrate, and maybe update your backups.

1. Look at the disk in Disk Management. If it appears Offline as shown

here, try right-clicking it and selecting Online.

2. If the disk appears in Disk Management as Online, and has a primary

partition that's listed as Healthy, as shown here, that's a good sign.

• If the partition has a file system, but no drive letter (for example,
E:), see Change a drive letter to add a drive letter manually.
• If it doesn't have a file system (NTFS, ReFS, FAT32, or exFAT) and
you know the disk is empty, right-click the partition and
select Format. Formatting a disk erases all data on it, so don't do
this if you're trying to recover files from the disk - instead, skip
ahead to the next step.

Page
280
NETWORK ADMINISTRATION CIT-324

3. If you have an external disk, unplug the disk, plug it back in, and then
select Action > Rescan Disks.
4. Shut down your PC, turn off your external hard disk (if it's an external
disk with a power cord), and then turn your PC and the disk back on.
To turn off your PC in Windows 10, select the Start button, select the
Power button, and then select Shut down.
5. Plug the disk into a different USB port that's directly on your PC (not on
a hub). Sometimes USB disks don't get enough power from some ports,
or have other issues with particular ports. This is especially common
with USB hubs, but sometimes there are differences between ports on
a PC, so try a few different ports if you have them.
6. Try a different cable. It might sound crazy, but cables fail a lot, so try
using a different cable to plug the disk in. If you have an internal disk
in a desktop PC, you'll probably need to shut your PC down before
switching cables - see your PC's manual for details.
7. Check Device Manager for issues. Press and hold (or right-click) the
Start button, then select Device Manager from the context menu. Look
for any devices with an exclamation point next to it or other issues,
double-click the device and then read its status.
Here's a list of Error codes in Device Manager, but one approach that
sometimes works is to right-click the problematic device,
select Uninstall device, and then Action > Scan for hardware changes.

8. Plug the disk into a different PC. If the disk doesn't work on another PC,
it's a good sign that there's something bad going on with the disk, and
not your PC. No fun, we know. There are some more steps you can try

Page
281
NETWORK ADMINISTRATION CIT-324

in External USB drive error "You must initialize the disk before Logical
Disk Manager can access it", but it might be time to search for and ask
for help at the Microsoft community site, or contact your disk
manufacturer.

10.5. CONNECTIVITY AND COMMUNICATION

Connectivity A generic term for connecting devices to each other in order to

transfer data back and forth. It often refers to network connections, which
embraces bridges, routers, switches and gateways as well as backbone
networks.
Definition - What does Network Connectivity mean?

Network connectivity describes the extensive process of connecting various

parts of a network to one another, for example, through the use of routers,
switches and gateways, and how that process works
Explains Network Connectivity
Network connectivity is also a kind of metric to discuss how well parts of the
network connect to one another. Related terms include network topology,
which refers to the structure and makeup of the network as a whole.

There are many different network topologies including hub, linear, tree and
star designs, each of which is set up in its own way to facilitate connectivity
between computers or devices. Each has its own pros and cons in terms of
network connectivity.

IT professionals, particularly network administrators and network analysts,

talk about connectivity as one piece of the network puzzle as they look at an
ever-greater variety of networks and the ways networking pieces go together.

Ad hoc networks and vehicular networks are just two examples of new kinds
of networks that work on different connectivity models. Along with network
connectivity, network administrators and maintenance workers also have to
focus on security as a major concern, where the reliability of networking
systems is closely related to protecting the data that is kept within them.
Page
282
NETWORK ADMINISTRATION CIT-324

Communications: The transmission of data from one computer to another, or

from one device to another. A communications device, therefore, is any
machine that assists data transmission. For example, modems, cables, and
ports are all communications devices.
Definition - What does Data Communications (DC) mean?

Data communications (DC) is the process of using computing and

communication technologies to transfer data from one place to another, and
vice versa. It enables the movement of electronic or digital data between two
or more nodes, regardless of geographical location, technological medium or
data contents.
Explains Data Communications (DC)

Data communications incorporates several techniques and technologies with

the primary objective of enabling any form of electronic communication.
These technologies include telecommunications, computer networking and
radio/satellite communication. Data communication usually requires
existence of a transportation or communication medium between the nodes
wanting to communicate with each other, such as copper wire, fiber optic
cables or wireless signals.

For example, a common example of data communications is a computer

connected to the Internet via a Wi-Fi connection, which uses a wireless
medium to send and receive data from one or more remote servers.

Some devices/technologies used in data communications are known as data

communication equipment (DCE) and data terminal equipment (DTE). DCE is
used at the sending node, and DTE is used at the receiving node.

Page
283
NETWORK ADMINISTRATION CIT-324

Multiple Choice Questions

Q.1: What is the purpose of auditing user access to files, folders, and
printers?

(a) To monitor network performance

(b) To track user activity and ensure compliance

(c) To optimize printer settings

(d) To troubleshoot hardware issues

Q.2: What is the first step in troubleshooting auditing for file and folder
access?

(a) Checking the printer settings

(b) Reviewing event logs for related events

(c) Reinstalling the printer drivers

(d) Testing network connectivity

Q.3: Which Windows feature is commonly used to enable auditing for file
and folder access?

(a) Group Policy (b) Task Manager

(c) Event Viewer (c) Disk Management

Q.4: What should you check if auditing is not working for file and folder
access?

(a) Printer driver compatibility (b) Network connectivity issues

(c) Group Policy settings (d) CPU and memory usage

Q.5: How can you troubleshoot auditing for printer access?

(a) Verify printer drivers are up to date

Page
284
NETWORK ADMINISTRATION CIT-324

(b) Check event logs for printer-related errors

(c) Ensure proper network connectivity to the printer

(d) All of the above

Q.6: What can you do if auditing is not functioning correctly for printer
access?

(a) Restart the print spooler service

(b) Update the printer firmware

(c) Reconfigure printer sharing settings

(d) Reset the network adapter settings

Q.7: What is the purpose of reviewing event logs when troubleshooting

auditing?

(a) To identify security breaches

(b) To diagnose hardware failures

(c) To monitor network traffic

(d) To track relevant audit events

Q.8: Which tool can help analyze event logs and filter audit-related events?

(a) Task Manager (b) Event Viewer

(c) Control Panel (d) Registry Editor

Q.9: What is the purpose of hardware troubleshooting?

(a) To diagnose software compatibility issues

(b) To optimize network performance

(c) To identify and resolve hardware failures

(d) To improve system security

Page
285
NETWORK ADMINISTRATION CIT-324

Q.10: Which of the following is a common step in hardware troubleshooting?

(a) Checking network connectivity (b) Updating device drivers

(c) Running antivirus scans (d) Rebooting the computer

Q.11: What should you check if a computer fails to power on?

(a) Network cable connections (b) Software updates

(c) Power supply connections (d) Printer settings

Q.12: How can you troubleshoot a malfunctioning printer?

(a) Reinstalling the operating system

(b) Replacing the printer cables

Q.13: What can cause a computer to overheat?

(a) Insufficient RAM (b) Malware infections

(c) Dust buildup in the system (d) Incorrect network settings

Q.14: How can you troubleshoot a network connectivity issue?

(a) Updating BIOS firmware

(b) Running a disk defragmentation utility

(c) Checking network cable connections

(d) Adjusting display settings

Q.15: How can you troubleshoot a slow-performing computer

(a) Increasing the CPU clock speed (b) Adding more RAM

(c) Changing the power plan settings

(d) Reinstalling the network adapter driver

Page
286
NETWORK ADMINISTRATION CIT-324

ANSWER KEY

Q.1 (b) Q.2 (b) Q.3 (a) Q.4 (c) Q.5 (d)
Q.6 (a) Q.7 (d) Q.8 (b) Q.9 (c) Q.10 (b)
Q.11 (c) Q.12 (d) Q.13 (c) Q.14 (c) Q.15 (b)

Short Questions

1. Define Troubleshooting.?
2. What are the 7 troubleshooting steps?
3. Define common access user issue in troubleshooting?
4. How to open disk management?
5. Enlist the types of Window events.?
6. Describe the types of Window events.?
7. What is Window event in Troubleshooting?
8. What is Window Event log?
9. What is windows event Viewer?
10. How to open event viewer?
11. Why a disk’s status is offline or missing?
12. Describe hardware Trouble Shooting.
13. What is the purpose of Hardware troubleshooting?
14. What is connectivity troubleshooting?
15. How would you troubleshoot network connectivity?
16. Describe how to troubleshooting of disk management?
17. What is computer communication and connectivity?
18. What is troubleshooting in communication?
19. What is the cause of network connection failure?
20. What is Print management

Page
287
NETWORK ADMINISTRATION CIT-324

Long Questions

1. Explain Troubleshooting of Auditing User Access of Files, Folders and

Printers?
2. Explain the feature of Event Viewer?
3. Explain hardware Troubleshooting?
4. Explain Disk Management Troubleshooting?
5. Explain the term of connectivity and also describe a network
connectivity?

Page
288

Cit 303-Book 1 2
No ratings yet
Cit 303-Book 1 2
41 pages
IT-403 Database Administration: Bsit 7
No ratings yet
IT-403 Database Administration: Bsit 7
18 pages
Types of Operating Systems Explained
No ratings yet
Types of Operating Systems Explained
7 pages
Bca-Vi Sem-Pc HW and Network-Syl
No ratings yet
Bca-Vi Sem-Pc HW and Network-Syl
6 pages
CS325 Operating Systems
No ratings yet
CS325 Operating Systems
15 pages
Fundamentals of Information Technology
No ratings yet
Fundamentals of Information Technology
1 page
Abbas College of Technology: 13-B Lake Road Lahore
100% (1)
Abbas College of Technology: 13-B Lake Road Lahore
1 page
Final SHORT QUESTONS of Networking
No ratings yet
Final SHORT QUESTONS of Networking
17 pages
It Support Notes
No ratings yet
It Support Notes
10 pages
NOTES COMP 111 Fundamentals of Computing COMPLETE
No ratings yet
NOTES COMP 111 Fundamentals of Computing COMPLETE
88 pages
DIGITAL LITERACY EXAM Dict 24j July
No ratings yet
DIGITAL LITERACY EXAM Dict 24j July
4 pages
Python ADT Implementation Guide
No ratings yet
Python ADT Implementation Guide
35 pages
Data Communication Notes 3
No ratings yet
Data Communication Notes 3
152 pages
Operating Systems Course Outline
No ratings yet
Operating Systems Course Outline
50 pages
Web Engineering
No ratings yet
Web Engineering
21 pages
PC Assembly Full Notes Ptu Bca 3
No ratings yet
PC Assembly Full Notes Ptu Bca 3
61 pages
Question Paper
No ratings yet
Question Paper
8 pages
Mcsa Notes
No ratings yet
Mcsa Notes
221 pages
Web-Question Bank
No ratings yet
Web-Question Bank
7 pages
(1to3) Linux Manual Ans (Code-312001)
No ratings yet
(1to3) Linux Manual Ans (Code-312001)
13 pages
Computer Network Lesson Plan
No ratings yet
Computer Network Lesson Plan
3 pages
COAL Lec01 Introduction
No ratings yet
COAL Lec01 Introduction
19 pages
BCA 529 Linux - (B)
No ratings yet
BCA 529 Linux - (B)
1 page
Information Security Lab
No ratings yet
Information Security Lab
1 page
CS2011 - Fundamentals OF Database Systems: National University OF Computer & Emerging Sciences, Fast-Nu
No ratings yet
CS2011 - Fundamentals OF Database Systems: National University OF Computer & Emerging Sciences, Fast-Nu
2 pages
Unit - 3 Programming The Basic Computer
No ratings yet
Unit - 3 Programming The Basic Computer
29 pages
Database Systems Lab
No ratings yet
Database Systems Lab
33 pages
Chapter 1. What Is A Dba?
No ratings yet
Chapter 1. What Is A Dba?
33 pages
IT DEPT Library Book Details
No ratings yet
IT DEPT Library Book Details
59 pages
Web Systems & Technologies Course
No ratings yet
Web Systems & Technologies Course
4 pages
Mid Term Computer Networks
No ratings yet
Mid Term Computer Networks
1 page
Tentative Outline CS-353 Computer Architecture CS Dept.
No ratings yet
Tentative Outline CS-353 Computer Architecture CS Dept.
3 pages
OSMicrosoft (Question Bank)
No ratings yet
OSMicrosoft (Question Bank)
32 pages
OS Complete
No ratings yet
OS Complete
68 pages
CN Lab Manual
No ratings yet
CN Lab Manual
55 pages
16 Week Plan Introduction To ICT-Final
No ratings yet
16 Week Plan Introduction To ICT-Final
10 pages
Practical No-1 1. A Install and Configure Antivirus Software in Your System
No ratings yet
Practical No-1 1. A Install and Configure Antivirus Software in Your System
2 pages
Peter Norton's Introduction To Computers: The Amazing Computer
No ratings yet
Peter Norton's Introduction To Computers: The Amazing Computer
18 pages
MRSPTU Curriculum For One-Year Certificate Programme in Computer Maintenanc
No ratings yet
MRSPTU Curriculum For One-Year Certificate Programme in Computer Maintenanc
50 pages
Institute - Uie Department-Academic Unit-2
No ratings yet
Institute - Uie Department-Academic Unit-2
27 pages
BCA Syllabus of Magadh University, Bihar (India)
No ratings yet
BCA Syllabus of Magadh University, Bihar (India)
22 pages
Computer Network Lab Manual
No ratings yet
Computer Network Lab Manual
167 pages
BCA Web Security Essentials
No ratings yet
BCA Web Security Essentials
10 pages
CN Material Darshan
No ratings yet
CN Material Darshan
118 pages
Dae Cit 3nd Year Outline Course Design by Fayaz Tareen
No ratings yet
Dae Cit 3nd Year Outline Course Design by Fayaz Tareen
50 pages
Operating Systems-Course Outline
No ratings yet
Operating Systems-Course Outline
5 pages
Types of Operating Systems With Images
No ratings yet
Types of Operating Systems With Images
10 pages
Dae Cit-1 Revised
No ratings yet
Dae Cit-1 Revised
57 pages
MCQs of Networking DAE
No ratings yet
MCQs of Networking DAE
7 pages
Cs2056 Distributed Systems
100% (1)
Cs2056 Distributed Systems
1 page
Windows OS Installation Guide
No ratings yet
Windows OS Installation Guide
64 pages
Operating Systems: IT Essentials: PC Hardware and Software v4.1
No ratings yet
Operating Systems: IT Essentials: PC Hardware and Software v4.1
69 pages
CSC336-WT Lec4 Slides
No ratings yet
CSC336-WT Lec4 Slides
24 pages
CCNA Exam Prep for IT Professionals
100% (1)
CCNA Exam Prep for IT Professionals
8 pages
Unit 5 I-O Management - Disk Scheduling-File Management
No ratings yet
Unit 5 I-O Management - Disk Scheduling-File Management
103 pages
CSC 101 Second Note
No ratings yet
CSC 101 Second Note
50 pages
ECDL Module 2 Notes
No ratings yet
ECDL Module 2 Notes
21 pages
M04 - Providing Network Systems Administration
No ratings yet
M04 - Providing Network Systems Administration
44 pages
Network Management Course Outline
No ratings yet
Network Management Course Outline
85 pages
BIT 3204 Network Management
No ratings yet
BIT 3204 Network Management
84 pages
VMware Workstation
No ratings yet
VMware Workstation
406 pages
Scenario Based Interview Questions
No ratings yet
Scenario Based Interview Questions
30 pages
Aws Week3
No ratings yet
Aws Week3
87 pages
Data Center Services Factsheet
No ratings yet
Data Center Services Factsheet
4 pages
Resume of Brian Chabot
No ratings yet
Resume of Brian Chabot
3 pages
Large SAN Design Best Practices Using MDS 9710
No ratings yet
Large SAN Design Best Practices Using MDS 9710
9 pages
Edu en Nsxticm3 Lab Ie
No ratings yet
Edu en Nsxticm3 Lab Ie
129 pages
Aia LLD
No ratings yet
Aia LLD
118 pages
Trouble Opening Shared Folder
No ratings yet
Trouble Opening Shared Folder
3 pages
ORPAK ForeFuel Brochure Website
No ratings yet
ORPAK ForeFuel Brochure Website
4 pages
R0 - NSDGA - Social Media Policy - 15november2020
No ratings yet
R0 - NSDGA - Social Media Policy - 15november2020
14 pages
Grid Computing
No ratings yet
Grid Computing
31 pages
Thesis Writing Help for Students
100% (3)
Thesis Writing Help for Students
4 pages
E78-868LN22S Usermanual EN v1.6
No ratings yet
E78-868LN22S Usermanual EN v1.6
30 pages
Mobile Enterprise Architecture Thesis
No ratings yet
Mobile Enterprise Architecture Thesis
166 pages
Neural Network Based Energy Efficient Clustering and Routing in Wireless Sensor Networks
No ratings yet
Neural Network Based Energy Efficient Clustering and Routing in Wireless Sensor Networks
6 pages
A Cogitate Study of IDS in MANET
No ratings yet
A Cogitate Study of IDS in MANET
8 pages
CS601 Final Term MCQs 2022
No ratings yet
CS601 Final Term MCQs 2022
56 pages
NGN Product Training Technical Cases
No ratings yet
NGN Product Training Technical Cases
44 pages
RiverBird SteelHead
No ratings yet
RiverBird SteelHead
88 pages
Distributed Data Processing: Business Data Communications, 5e
No ratings yet
Distributed Data Processing: Business Data Communications, 5e
14 pages
Unit 5 Security
No ratings yet
Unit 5 Security
36 pages
Spoorthy
No ratings yet
Spoorthy
42 pages
VAR-SOM-SOLO DUAL Datasheet
No ratings yet
VAR-SOM-SOLO DUAL Datasheet
43 pages
Communication Networks Lesson Plan
100% (2)
Communication Networks Lesson Plan
9 pages
Distributed Systems CH7-2022
No ratings yet
Distributed Systems CH7-2022
15 pages
Physical and Data Link Layer
No ratings yet
Physical and Data Link Layer
225 pages
CMS Troubleshooter
No ratings yet
CMS Troubleshooter
60 pages
Networking Basics & Cisco: Shoaib IT Engineer
No ratings yet
Networking Basics & Cisco: Shoaib IT Engineer
33 pages
Ultra-Low Latency Market Data
No ratings yet
Ultra-Low Latency Market Data
4 pages

DAE 3rd Year Network Admin Guide

Uploaded by

DAE 3rd Year Network Admin Guide

Uploaded by

NETWORK ADMINISTRATION CIT-324

FOR DAE 3rd YEAR

TECHNICAL EDUCATION & VOCATIONAL

The author would like to thank the reviewers whose valuable

MANUAL DEVELOPMENT COMMITTEE

Miss Ayesha Junaid

Miss Ayesha Iqbal

ENGR. HAFIZ TAIMOOR UL HASSAN

CIT -324 NETWORK ADMINISTRATION

Pre-requisites: Operating System Concepts

AIMS: This course has been designed to enable students to be familiar

1. Describe the basic concepts, architecture, organization and operational

3.5. PRINT SERVER MANAGEMENT ....................................................................... 68

6.1. EXCHANGE SERVER 2013 PREREQUISITES, REQUIREMENTS AND

9.2. CONFIGURING LOAD-BALANCING CAPABILITIES .......................................... 255

1. MSCE Study Guide, Alan R. Carter, Comdex Computer Publishing

A computer network is a set of computers sharing resources located on or

A group of two or more computer system link together. Networking is very

Fast communication: Through a network we can fast communication and

Sharing Resources: Network provide sharing and security for an organization.

1.1. WHAT IS NETWORK?

A Network is a Collection of computer and devices connected via

A computer network is a set of computers sharing resources located on or

The nodes of a computer network can include personal computers, servers,

Computer networks may be classified by many criteria, including the

Computer networks support many applications and services, such as access to

Figure 1 Introduction to Computer Network

Examples of network devices

7. Switches, hubs, modems, and routers

Figure 2 Network Topologies

Most home networks are configured in a tree topology that is connected to

Used for everything from accessing the internet or printing a document to

What is Network administration?

The main tasks associated with network administration include:

1. Design, installation and evaluation of the network

Who is Network administrator

Network provides another facility that manages your company through

Network provides accuracy to management and accuracy in documents file

Network control corruption and misuse of database of company.

Network provides online meeting to company staff. Manager of company can

Company can advertise of company product on webpage through internet.

Network provides E-Business on internet for company. Company runs business

1.2. CONCEPT OF NETWORK

Figure 3 Concept of Computer Network

1.3. TYPES OF NETWORKS

A computer network is a group of computers linked to each other that enables

A computer network can be categorized by their size. A computer network is

1. LAN (Local Area Network)

Figure 4 Types of Networks

LAN (Local Area Network)

• Local Area Network is a group of computers connected to each other

• Local Area Network provides higher security.

Figure 5 Local Area Network

• Requires Administrative Time

• File Server May Fail

• Cables May Break

(WLAN) Wireless Local Area Network

PAN (Personal Area Network)

• Personal Area Network is a network arranged within an individual

Figure 6 Personal Area Network

There are two types of Personal Area Network:

• Wired Personal Area Network

Figure 7 Types of Personal Area Network

Wireless Personal Area Network: Wireless Personal Area Network is

Wired Personal Area Network: Wired Personal Area Network is created by

MAN (Metropolitan Area Network)

• A metropolitan area network is a network that covers a larger

• In MAN, various LANs are connected to each other through a telephone

Figure 8 Metropolitan Area Network

Uses Of Metropolitan Area Network:

WAN (Wide Area Network)

interconnected. Computers in WAN are often connected through telephone

• A Wide Area Network is a network that extends over a large

Figure 9 Wide Area Network

Examples of Wide Area Network:

Private network: A bank provides a private network that connects the 44