77 Helpful Technet Articles For Advanced Microsoft System Administrators

77 Helpful Technet Articles For Advanced Microsoft System Administrators

In this post, we’ll cover a whopping 77 Helpful Technet Articles For Advanced Microsoft System Administrators! We have neatly arranged articles into categories such as Active Directory, Configuring Network Services, File and Storage Solutions, Configuring High Availability, Identity and Access Solutions, as well as Continuity and Disaster Recovery.

Active Directory Articles

1. Running the Adprep.exe command

The Adprep command is a tool that ships with Windows Server to help you prepare an older version of an Active Directory network, for a newer version of Windows Server. If you add or upgrade a domain controller in an existing network to a newer version of Windows Server, you need to run Adprep first.

2. How To Install Windows Server 2012

This article provides many helpful tips and possible known issues when installing Windows Server 2012. It covers system requirements, processors, ram, disk space, and x64 based considerations such as disabling driver signature enforcement.

3. Read Only Domain Controller Administration

Read-Only Domain Controllers serve a fairly specific use case in a Windows Server-based network. They are typically used in a remote location, where physical security may not be as high as at a central location. This article covers typical administration tasks one might be presented with when responsible for an RODC, especially for issues of password cache and replication.

4. Why Install an Unsigned Driver for Development Testing

A useful post about using the bcdedit command to ensure Windows restarts in safe mode for times when you may need it.

5. Security Concepts for Trusts

Talks about potential threats of inter forest trusts, security settings, minimum administrative credentials required, trust security, and other topics. It also covers the topic of disabling SID Filtering, and how it can reduce security in your domain.

6. How Active Directory Replication Topology Works

A great article about how replication topologies work, in addition to the DEFAULTIPSITELINK and related site link concepts.

7. Upgrade Domain Controllers to Windows Server 2012

Covers some important facts to be aware of when upgrading a Windows Server network to Windows Server 2012. Notes that you can run Adprep on domain controllers that run 64-bit versions of Windows Server 2008 or Windows Server 2008 R2 to upgrade to Windows Server 2012.

8. How To Secure Domain and Forest Trusts

Covers details about communications over trust and security-related concepts of forest and domain trusts. Enabling and disabling SID Filtering can be used to deny or allow access to resources.

9. Moving a domain controller between sites

This article talks about moving a domain controller for purposes of site-specific user authentication. Recommends that you verify the IP address of the DC is included in the subnet range of the site before moving.

10. Check A Group Policy Infrastructure’s Status

Talks about the complex infrastructure that is Group Policy and advises on checking group policy health, reading a group policy status report, checking active directory for replication issues, as well as how to verify a group policy object was replicated to all domain controllers.

11. Understanding Default groups

Default groups are security groups that are created automatically when you create an Active Directory domain. The Domain Admins group is an example of a default group. An administrator can use these predefined groups to delegate specific domain-wide administrative roles and help control access to shared resources.

12. Understanding Default Local groups

Located in the Local Users and Groups Microsoft Management Console snap-in is the Groups folder. It displays the default local groups as well as any local groups an administrator creates. When you install the Windows operating system, default local groups are created automatically. A user that belongs to a local group gives that user the rights and abilities to perform various tasks on the local computer such as operating the Windows Server Backup tool.

13. The Set-ADReplicationSite Powershell cmdlet

This Powershell cmdlet can be used to set the replication properties for an Active Directory site. It an administrator wanted to set a specific time interval for Active Directory replication changes to domain controllers in a forest, this command could be used.

14. What are Trust Anchors

A Trust Anchor is another way to describe a Public Cryptographic Key for a signed zone. This article covers types of trust anchors, delegations and the chain of trust, working with trust anchors, and trust anchor status.

15. Easy Names with GlobalNames zone in a forest

A GlobalNames zone makes it possible to use shorter and easier to remember names than having to use a fully qualified domain name. This would allow DNS to query something like lenovothinkpad instead of lenovothinkpad.vegibit.com. Implemented by creating a GlobalNames zone that replicates to all domain controllers in the forest, and the creation of alias CNAME records.

16. The Set-ADDomain Powershell cmdlet

This Powershell command is very powerful in its ability to directly modify properties of an Active Directory domain. There are many possible parameters and switches an administrator can apply with this cmdlet, so it is important to know what you are trying to accomplish before trying anything in production.

17. Using the Netdom move command

Migrates an end-user computer or member server from one domain to another with no disruption to shared resources. If an account does not already exist on the domain during the move, one is created automatically.

18. Making use of Netdom trust

Can be used to reset, verify, or establish a trust between domains. One could use this command to fine-tune authentication requests across forest trusts.

19. The Set-ADUser Powershell cmdlet

Similar in usage to Set-ADDomain, the Set-ADUser cmdlet directly modifies an Active Directory user. It has even more options than Set-ADDomain, so again, be sure to consult this article before making use of it. Some example switches are UserPrincipalName, Identity, AccountExpirationDate, City, Division, and AuthType.

Network Services Articles

20. Getting Started with IP Address Management

IPAM stands for IP Address Management and involves the concepts of centralized management, monitoring, and bookkeeping of IP addresses and related infrastructure servers on an active directory network. This article provides step by step instructions now how to configure IPAM. These include: Choose an IPAM server, Specify the IPAM database, Choose a provisioning method, Configure the scope of discovery, Start server discovery, Configure settings on managed servers, Select manageability status on managed servers, Verify IPAM access, Retrieve data from managed servers, and Visualize Data.

21. How To Configure DC and NPS Access Settings

When working with IPAM or IP Address Management, an administrator has a few options for configuration. One approach is to manually configure the active directory domain controller and network policy server. Another is by enabling IPAM access using Windows Firewall and the Event Log Readers security group.

22. Enable Secure DNS updates for Name Protection on IPv4 scopes

This article can help administrators if they run into an issue where name protection has been enabled on an IPv4 scope, but secure DNS updates haven’t been enabled. If you want name protection to work correctly, secure updates must be enabled to prevent DNS name hijacking. In addition, you must also store the zone in Active Directory.

23. How To Configure a DHCP Scope

A scope can be thought of as a collection of IP addresses for computers on a subnet that uses DHCP. For each subnet, an administrator will typically configure an associated DHCP scope. You can also configure specific options for DHCP such as assigning DNS name servers to clients during IP address allocation.

24. The Set-DnsServerCache Powershell cmdlet

The Set-DnsServerCache cmdlet can be used to modify cache settings on a given DNS server on the network. One might make use of it to ensure faster DNS resolution after a network change.

25. Managing Dynamic Host Control Protocol Options

This is another article about configuring DHCP. When we think of DHCP, it is sometimes easy to just associated it with only handing out an IP address. The reality is that it is a little more complex than that. When considering DHCP options, there are default global options, class options, reserved client options, and scope options, which are applied to any clients that obtain a lease within that particular scope.

26. An Overview of IP Address Management

This article provides a high-level overview of the entire IPAM concept and covers some important deployment options to consider when choosing IPAM as an IP address solution. Some of those options are Distributed: An IPAM server deployed at every site in an enterprise, Centralized: One IPAM server in an enterprise, and Hybrid: A central IPAM server deployed with dedicated IPAM servers at each site. Keep in mind that one can not install the IPAM role service on an Active Directory Domain Controller server.

27. MAC address filtering considerations for DHCP

Talks about a specific scenario regarding if the allow list is enabled, MAC address filtering should be populated, since you can run into an instance where all end users are denied an IP address. The admin should either disable the allow filters or add some MAC addresses to the allow filter.

28. Dnscmd command use cases

Sometimes the command line can be more efficient than clicking away through the GUI. Dnscmd allows you to manage and script repetitive DNS administrative tasks right from the command line. It has a large number of associated commands such as clearcache, ageallrecords, config, createbuiltindirectorypartitions, createdirectorypartition, and many more.

29. Deploying a GlobalNames Zone

As we mentioned, a GlobalNames Zone makes for very short and simple name resolution in your network. The specific steps for deployment can vary just a bit, but this document will cover all use cases.

30. The Set-DnsServerGlobalNameZone Powershell cmdlet

During deployment of a GlobalNames Zone, you may need to run this command. It enables or disables single-label Domain Name System queries. It is also used to change configuration settings for a GlobalNames zone.

File and Storage Articles

31. The Start-OBRegistration Powershell cmdlet

The Start-OBRegistration command and the following command work together to register and configure a computer, or servers, for backup to a chosen destination.

32. The Set-OBMachineSetting Powershell cmdlet

The Set-OBMachineSetting command and the previous command work together to register and configure a computer, or servers, for backup to a chosen destination.

33. Planning for a Data Deduplication Deployment

Data Deduplication is kind of a funny name that just means a specialized form of compression. It allows one to eliminate duplicate copies of data in order to better make use of existing resources. This article outlines the steps needed to configure this in your Windows Server environment. There are a few disk requirements associated with data deduplication such as can’t be a system boot volume, must not rely on the ReFS file system, and must not rely on cluster shared volumes.

34. Volume Shadow Storage with Vssadmin

The Vssadmin command is used to display the current volume shadow copy backups and all installed shadow copy writers and providers. With it, an administrator can add shadow storage along with many other options for shadow storage management.

35. The Set-Volume Powershell cmdlet

Use this command to easily set or change the label of the file system for an existing volume.

36. The Set-SyncShare Powershell cmdlet

The Set-SyncShare cmdlet is a little more advanced than Set-Volume as it modifies the settings for a sync share.

37. iSCSI Target cmdlet reference

Use this reference to automate all management tasks by combining cmdlets for iSCSI target, iSCSI initiator, and iSCSI storage.

38. Deploy Access-Denied Assistance

Configure the ability to have users request assistance from a custom access denied message by configuration in the File Server Resource Manager options.

High Availability Articles

39. How To Deploy Hyper-V Replica

Learn how to set up a Hyper-V Replica. This article advises to Set up the Hyper-V server, Set up replication, Test the deployment, Run a planned failover, Respond to an unplanned failover, and Set up an extended replica. Learn how to use Failover Cluster Manager, Hyper-V Replica Broker role, and configure node based Hyper-V settings.

40. The Add-ClusterGenericApplicationRole Powershell cmdlet

If you have an application that was not originally designed to run in a failover cluster, or a developer builds a new application that is not cluster-aware, you can use this command to make it work.

41. Using Network Load Balancing

Network Load Balancing is a means of distributing incoming TCP, UDP, and HTTP requests across multiple member servers. NLB is defined in software that is present on each member of the cluster. Learn about things like Client Affinity, which is used to associate clients to a particular member, a particular IP address, or via the class C portion of their IP address. For example, Affinity-Single is useful for maintaining session state for users.

42. Hyper-V Migration Guide

Hyper-V allows administrators to configure a virtualized server environment without the need for additional software such as a VMWare solution. This migration guide outlines how to migrate the Hyper-V role, associated Virtual Machines, data, and OS settings from a source server to a destination server. Keep in mind the source and destination server should be using the same type of processor for migrations to work correctly.

43. Virtual Machine Storage Migration Overview

Amazingly, you can move the virtual machine storage without downtime or interruption to end-users with a process called Storage Migration. This guide shows you how to make that happen should you need to.

44. Configuring Preferred Owners in a Cluster

When working with a Cluster in Windows Server, you can configure the Preferred Owners in a failover situation. This article is by a Microsoft High Availability and Clustering software engineer who describes exactly how this works.

45. Network Load Balancing Technical Overview

This article gives a full overview of NLB and the concepts that make it work. Topics covered include Host Priorities, Port Rules, Managing Server Applications, Rolling Upgrades, Cluster traffic, and Remote Control.

46. Scale-Out File Server for Application Data Overview

Scale-Out File Server is a clustered file server technology that lets you store server application data, such as Hyper-V virtual machine files, on file shares, and obtain a similar level of reliability and high performance that you might expect from a storage area network. All file shares are online on all nodes simultaneously. File shares associated with this type of clustered file server are called scale-out file shares.

47. Understanding Quorum Configurations in a Failover Cluster

Quorum is another word for Majority, as in a vote of confidence. Quorum is in place to determine how many failures a Cluster can sustain. If the votes drop below a majority, nodes cease to operate as a cluster. When the problems clear, and votes increase above the majority, node may begin to function again as a cluster. Yes, it is tricky stuff – but this article will help! The configurations to be aware of are:

  • Node Majority: recommended for clusters with an odd number of nodes
  • Node and Disk Majority: recommended for clusters with an even number of nodes
  • Node and File Share Majority: for clusters with special configurations
  • No Majority: Disk Only: not recommended

48. Migration Between Two Multi-Node Clusters

This technet article provides a procedural approach to migrate clustered services and applications from one multi-node cluster to another.

49. What’s New in Failover Clustering in Windows Server

Covers new topics in Failover Clustering which offers high availability and scalability to application workloads such as Microsoft Exchange Server, Hyper-V, Microsoft SQL Server, and custom-built applications.

50. Configure Heartbeat and DNS Settings in a Multi-Site Failover Cluster

Multi-Site failover clusters may require some fine-tuning for optimum performance. The goal is to minimize any downtime experienced by clients, and this can be impacted by how fast DNS replication occurs and how quickly clients query DNS information for updates. This article shows how to adjust heartbeat and DNS settings for optimization.

51. Tuning Failover Cluster Network Thresholds

Failover Cluster monitoring settings may differ from business case to business case. This article takes a look at some best practices for configuring failover settings in a cluster network, and what the pros and cons are of each approach.

52. The Add-CauClusterRole Powershell cmdlet

When multiple nodes operate as a cluster, you still must take into account that these servers may need to be upgraded as patches and security fixes are made available. The Add-CauClusterRole will help administrators with this task.

53. The Compare-VM Powershell cmdlet

Before spinning up a Virtual Machine, it is probably a good idea to be sure the host can support the type of virtual machine you would like to run. The Compare-VM command will help with just that task as it compares a VM and a VM Host for compatibility.

54. Using Cluster Shared Volumes in a Failover Cluster

A Clustered Shared Volume is the concept of multiple nodes having simultaneous read and write access to the same Logical Unit Number provisioned as an NTFS volume. This article shows you how to put CSVs to work for your environment.

55. How to Configure BitLocker Encrypted Clustered Disks in Windows Server 2012

If you have a need of security on your disks in a Cluster Shared Volume, you can configure BitLocker to provide this service. One thing to be aware of, however, is that if you would like to make use of this feature, you would have to enable it on all nodes in the cluster.

Identity and Access Solutions Articles

56. Add a host (A) record to corporate DNS for a federation server

In order for clients to use Windows Integrated authentication to access a federation server, an administrator can take these 5 steps to add an (A) record to corporate domain name server federation server.

57. Manage Certificate Enrollment Policy by Using Group Policy

This article talks about how to configure all users in a domain to be issued a certificate that may be used for client authentication, encrypting file system, as well as email security.

58. What’s New in Kerberos Authentication

Covers all of the new features of Kerberos Authentication in Windows Server 2012 such as claims, compound authentication, and kerberos armoring.

59. Access Control and Authorization Overview

If you need an overview of what Dynamic Access Control, Central Access Rules, Central Access Policies, Claims, Expressions, and Proposed Permissions are, this document will help you better understand them.

60. Deploy a Central Access Policy

Covers the phases of deploying a central access policy such as identifying the need for a policy and required configuration, implementing the configuration of said policy, deploying the central access policy and policy maintenance including staging and changes.

61. Password Replication Policy Administration

Helps administrators understand how to manage password policies and read only domain controller scenarios such as pre populating a password for a user on a remote read only domain controller.

62. Configure a Certification Authority to Support OCSP Responders

OCSP stands for Online Certificate Status Protocol and this document talks about configuring an Online Responder to have a valid OCSP signing certificate. You can make use of the certutil command to assist with this task.

63. AD Rights Management Services and AD FS Considerations

In Active Directory Rights Management Services you can assign rights to users with a federated trust via Active Directory Federation Services. With this approach, a company can enable shared access to rights protected content by another company if desired – with no need for an additional AD trust or AD RMS infrastructure.

64. AD DS: Fine-Grained Password Policies

Fine grained passwords can be used to apply different restrictions for password and account lockout policies to different sets of users in a domain. Fine grained passwords can be used with PSO or Password Settings Objects within a domain. The PSO has attribute settings such as Enforce password history, Maximum password age, Minimum password age, Minimum password length, and more.

65. Working With Allowed to Authenticate Permission in Domains or Forests

If you have a need to provide a user the ability to read a data folder where they are currently prohibited by an authentication firewall, you could follow the steps in this article to accomplish that task.

66. Role Based Access Control

This article has information and procedures you can use to configure role based access control which consists of Roles, Access Scopes, and Access Policies.

67. Active Directory RMS and Server Design

Active Directory Rights Management Services has many topics to be aware of before one deploys a particular solution. This article covers such topics as Administrative Accounts, Cross-Boundary Collaboration Considerations, Trusted User Domains (TUD), Trusted Publishing Domains (TPD), Federated Identity using Active Directory Rights Management Services ADFS, Additional Components for Multi-forest Environments, AD RMS Service Discovery, and Publishing AD RMS to the Internet.

68. The Add-IscsiVirtualDiskTargetMapping Powershell cmdlet

With this command an administrator can assign a virtual disk to an iSCSI target.

Disaster Recovery Articles

69. Using Wbadmin start sysrecovery for bare metal recovery

If you find yourself in the unlucky situation of having to resort to a bare metal recovery, the Wbadmin start sysrecovery command will help you.

70. Where should I save my backup?

Administrators should consider the hardware available and what information they would like to preserve when determining where to save backup data.

71. Bootsect Command-Line Options

Bootsect.exe updates the master boot code for hard disk partitions to switch between BOOTMGR and NTLDR. You can use this tool to restore the boot sector on your computer. This tool replaces FixFAT and FixNTFS. Bootrec.exe on the other hand is used for “Bootmgr Is Missing” issues.

72. Use Bootrec.exe in the Windows RE to troubleshoot startup issues

Provides helpful tips on how to run the Bootrec.exe tool in Windows Recovery Options.

73. The Get-OBPolicy Powershell cmdlet

The Get-OBPolicy cmdlet gets the details about scheduling backups, files included in the backup, and retention policy, of the current backup policy. Often used with the Set-OBPolicy cmdlet to store updates to the policy.

74. Back up files and directories with Backup Operators

Provides a good overview of Backup Operator permissions such as Backup files and directories, Restore files and directories, and Shut down the system.

75. Back up a Windows server or client to Azure

Should you want to make use of cloud backup technologies in your disaster recovery implementation, this article will be helpful.

76. The Set-OBPolicy Powershell cmdlet

Use this command with Get-OBPolicy to configure the details of a scheduled backup service.

77. Cloud Backup and Recovery with Microsoft Azure

Offers more helpful tips for backup and recovery of production environments to the cloud.

77 Helpful Technet Articles For Advanced Microsoft System Administrators Summary

Well there you have it, 77 Helpful Technet Articles For Advanced Microsoft System Administrators. We hope you found this list helpful for your day to day system administration needs. Share with a friend!