Microsoft Press transitioning your mcsa mcse to windows server 2008 2009 phần 1 ppt

Contents at a GlanceChapter 1 Configuring Internet Protocol Addressing 1 Chapter 5 Configuring Active Directory Lightweight Directory Services and Read-Only Domain Controllers 225 Cha

PUBLISHED BY

Microsoft Press

A Division of Microsoft Corporation

One Microsoft Way

Redmond, Washington 98052-6399

Copyright © 2009 by Ian McLean and Microsoft Corporation

All rights reserved No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher

Library of Congress Control Number: 2009920788

Printed and bound in the United States of America

1 2 3 4 5 6 7 8 9 QWT 4 3 2 1 0 9

Distributed in Canada by H.B Fenn and Company Ltd

A CIP catalogue record for this book is available from the British Library

Microsoft Press books are available through booksellers and distributors worldwide For further information about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329 Visit our Web site at www.microsoft.com/mspress Send comments to tkinput@microsoft.com

Microsoft, Microsoft Press, Active Directory, ActiveX, BitLocker, Direct3D, ESP, Excel, Hyper-V, Internet Explorer, MS, MSDN, Outlook, SharePoint, SQL Server, Visio, Windows, Windows CardSpace, Windows Live, Windows Media, Windows

NT, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries Other product and company names mentioned herein may be the trademarks of their respective owners

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred

This book expresses the author’s views and opinions The information contained in this book is provided without any express, statutory, or implied warranties Neither the authors, Microsoft Corporation, nor its resellers, or distributors will

be held liable for any damages caused or alleged to be caused either directly or indirectly by this book

Acquisitions Editor: Ken Jones

Developmental Editor: Laura Sackerman

Project Editor: Rosemary Caperton

Editorial Production: nSight, Inc

Technical Reviewer: Rozanne Whalen

Cover: Tom Draper Design

This book is dedicated to my lovely, loving, and long-suffering wife, Anne I have dedicated books to her before, but not as many as she deserves.

—Ian McLean

For my good mates Michael Herold (Microworld, Denmark), Rocky Heckman, Jeff Alexander, Jamie Sharp, and Michael Kleef (Microsoft, Australia).

—OrIn ThOMas

Contents at a Glance

Chapter 1 Configuring Internet Protocol Addressing 1

Chapter 5 Configuring Active Directory Lightweight Directory

Services and Read-Only Domain Controllers 225 Chapter 6 Active Directory Federation Services and Active Directory

Rights Management Services Server Roles 281 Chapter 7 Active Directory Certificate Services 347 Chapter 8 Maintaining the Active Directory Environment 391 Chapter 9 Managing Software Updates and Monitoring

Chapter 13 Configuring a Web Services Infrastructure 633

What do you think of this book? We want to hear from you!

Microsoft is interested in hearing your feedback so we can continually improve our

books and learning resources for you To participate in a brief online survey, please visit:

www.microsoft.com/learning/booksurvey/

Contents

Practice Setup Instructions xxii

Preparing the Computer Running Windows Server

Preparing the Computer Running Windows Vista xxv Using the DVD xxvi

Microsoft Certified Professional Program xxviii

Technical Support xxix

Before You Begin 2

Lesson 1: Configuring IPv4 and IPv6 Addressing 3

Configuring Clients through DHCPv6 42

Installing the DHCP Server Role on Server Core 45

Take a Practice Test 57

Before You Begin 60 Lesson 1: Configuring Routing 61

Understanding the Changes to Windows Server 2008 RRAS 62

Lesson 2: Configuring IPsec 81

Using Windows Firewall with Advanced Security 85

Netsh Commands for IPsec 87

Take a Practice Test 117

Before You Begin 120

Lesson 1: Setting Up Remote Access 121

Lesson 2: Managing Network Authentication 145

Take a Practice Test 163

Chapter 4 Network access Security 165

Before You Begin 166 Lesson 1: Wireless Access 167

Configuring Network Policy and Access Services

Lesson 2: Windows Firewall with Advanced Security 183

Windows Firewall and Windows Firewall

Lesson 3: Network Access Protection 202

Take a Practice Test 224

Contents

Chapter 5 Configuring active Directory Lightweight Directory

Before You Begin 226

Lesson 1: Configuring Active Directory Lightweight

Directory Services 227

Understanding AD LDS and its Relationship with AD DS 228

Lesson 2: Configuring Read-Only Domain Controllers .257

Authentication and Domain Controller Placement

Administering Credentials Caching on an RODC 269

Take a Practice Test 279

Chapter 6 active Directory Federation Services and active

Directory rights Management Services

Before You Begin 282

Lesson 1: Installing, Configuring, and Using AD FS 283

Before You Begin 348 Lesson 1: Managing and Maintaining Certificate Servers 349

Lesson 2: Managing and Maintaining Certificates and Templates 367

Managing and Maintaining Certificate Revocation Lists 367

Managing and Maintaining Online Responders 371

Configure Certificate Templates, Enrollments,

Take a Practice Test 390

Chapter 8 Maintaining the active Directory environment 391

Before You Begin 392

Lesson 1: Configuring Backup and Recovery .394

Lesson 3: Monitoring Active Directory .443

Suggested Practices .468 Take a Practice Test 468

Chapter 9 Managing Software Updates and Monitoring

Lesson 2: Gathering Network Data 489

Take a Practice Test 503

Before You Begin 506

Contents

Lesson 2: Monitoring Event Logs 530

Take a Practice Test 560

Before You Begin 562

Lesson 1: Deploying and Activating Windows Server 2008 .563

Configure Microsoft Windows Activation 583 Take a Practice Test 584

Before You Begin 586 Lesson 1: Configuring Terminal Services Servers 587

Terminal Services Client Connection Settings 599

Lesson 2: Supporting Terminal Services 613

Configure Terminal Services Load Balancing 631

Configure and Monitor Terminal Services Resources 631

Configure Terminal Services Client Connections 631

Configure Terminal Services Server Options 631 Take a Practice Test 632

Before You Begin 634

Contents

Using the Default Web Site and Adding Web Sites 651

Lesson 2: Managing Web Sites 666

Migrating and Upgrading Web Sites and Applications 666

Using the World Wide Web Publishing Service 670

Lesson 3: Managing IIS 679

Monitoring and Logging Web Server Activity 680

Delegating Site and Application Management 687

Lesson 4: Configuring SSL Security .698

Chapter Review 726

Chapter Summary 726

Suggested Practices .727 Take a Practice Test 728

Before You Begin 730 Lesson 1: Configuring FTP 731

Installing and Configuring the FTP Publishing Service 731

Lesson 2: Configuring SMTP 758

Experiment with SMTP Virtual Server Settings 775 Take a Practice Test 776

Before You Begin 778

Take a Practice Test 805

Before You Begin 808

Lesson 1: Configuring High Availability .809

Managing Fabrics with Storage Explorer 833

Introduction

This training kit is designed for Windows Server 2003 MCSEs and MCSAs who want to

update their current certifi cation credentials to refl ect their experience with the Windows

Server 2008 operating system As an MCSE or an MCSA, you are a server administrator who

has at least three years of experience managing Windows servers and infrastructure in an

environment with between 250 and 5,000 or more users in three or more physical locations

You are likely responsible for supporting network services and resources such as messaging,

database servers, fi le and print servers, a proxy server, a fi rewall, Internet connectivity, an

intranet, remote access, and client computers You will also be responsible for implementing

connectivity requirements such as connecting branch offi ces and individual users in remote

locations to the corporate network and connecting corporate networks to the Internet

By using this training kit, you will learn how to do the following:

n Confi gure additional Active Directory server roles

n Maintain an Active Directory environment

n Confi gure Active Directory certifi cate services

n Confi gure IP addressing and services

n Confi gure network access

n Monitor and manage a network infrastructure

n Deploy servers

n Confi gure Terminal Services

n Confi gure a Web services infrastructure

MORE INFO FIND aDDItIONaL CONteNt ONLINe

As new or updated material that complements your book becomes available, it will be

posted on the Microsoft Press Online Windows Server and Client Web site The type of

material you might fi nd includes articles, links to companion content, errata, sample

chap-ters, updates to book content, and more This Web site is available at www.microsoft.com

/learning/books/online/serverclient and will be updated periodically

MORE INFO FIND aDDItIONaL CONteNt ONLINe

As new or updated material that complements your book becomes available, it will be

posted on the Microsoft Press Online Windows Server and Client Web site The type of

material you might fi nd includes articles, links to companion content, errata, sample

chap-ters, updates to book content, and more This Web site is available at www.microsoft.com

/learning/books/online/serverclient and will be updated periodically.

/learning/books/online/serverclient

practice Setup Instructions

The exercises in this training kit require a minimum of three computers or virtual machines:

n One Windows Server 2008 Enterprise server configured as a domain controller

n One Windows Server 2008 Enterprise server configured as a member server

n One computer running Windows Vista (Enterprise, Business, or Ultimate)

An evaluation version of both the x86 and x64 versions of Windows Server 2008 Enterprise are included with this textbook You can also download an evaluation version of Windows

Server 2008 from the Microsoft download center at http://www.microsoft.com/Downloads

/Search.aspx If you want to carry out the optional exercises in Chapter 16, you need two

additional Windows Server 2008 member servers These servers can be virtual machines The practices in Chapter 15 require you to install an x64 evaluation version of Windows Server

2008 on physical hardware because Hyper-V cannot be deployed within a virtual machine All computers must be physically connected to the same network We recommend that you use an isolated network that is not part of your production network to perform the practices in this book To minimize the time and expense of configuring physical computers,

we recommend that you use virtual machines To run computers as virtual machines within Windows, you can use Hyper-V, Virtual PC 2007, Virtual Server 2005 R2, or third-party virtual

machine software To download Virtual PC 2007, visit http://www.microsoft.com/windows

/downloads/virtualpc/default.mspx To download an evaluation version of Virtual Server 2005

R2, visit http://www.microsoft.com/technet/virtualserver/evaluation/default.mspx Some virtual

machine software does not support x64 editions of Windows Server 2008

Hardware Requirements

You can complete almost all practices in this book other than those in Chapter 16, using virtual machines rather than server hardware The minimum and recommended hardware requirements for Windows Server 2008 are listed in Table 1

tabLe 1 Windows Server 2008 Minimum Hardware Requirements

harDWare COMpONeNt MINIMUM reqUIreMeNtS reCOMMeNDeD

Introduction

If you intend to implement several virtual machines on the same computer

(recom-mended), a higher specifi cation will enhance your user experience In particular, a computer

with 4 GB RAM and 60 GB free disk space can host all the virtual machines specifi ed for all the

practices in this book

Preparing the Computer Running Windows Server 2008

Enterprise

To install the computer running Windows Server 2008 Enterprise that you use for the

prac-tices in this book, perform the following steps:

1. Boot the computer or virtual machine on which you will install the operating system

from the Windows Server 2008 Enterprise installation media

2. On the Install Windows page, select your language, time, currency format, and

key-board or input method and click Next

3. Click Install Now

4. On the Type Your Product Key For Activation page, enter the Windows Server 2008

Enterprise product key

NOTE aUtOMatIC aCtIVatION

Because the practice exercises in this book assume that the computer you are

install-ing is not connected either directly or indirectly to the Internet, clear the Automatic

Activation check box during installation and then perform activation at a convenient

time later

5. Click Next On the Select The Operating System You Want To Install page, click

Windows Server 2008 Enterprise (Full Installation) and then click Next

6. On the Please Read The License Terms page, review the license and then select the I

Accept The License Terms check box Click Next

7. On the Which Type of Installation Do You Want page, click Custom (Advanced)

8. On the Where Do You Want To Install Windows page, select the partition on which you

want to install Windows Server 2008 and then click Next

The installation process will commence This process can take up to 20 minutes,

depending on the speed of the hardware upon which you are installing the operating

system The computer will automatically reboot twice during this period

You will be asked to change the password prior to logging on for the fi rst time This is

where you set the password for the Administrator account

NOTE aUtOMatIC aCtIVatION

NOTE aUtOMatIC aCtIVatION

NOTE

Because the practice exercises in this book assume that the computer you are

install-ing is not connected either directly or indirectly to the Internet, clear the Automatic

Activation check box during installation and then perform activation at a convenient

time later.

9 Click OK and then enter p@ssw0rd twice in the dialog box shown Press Enter Click

OK when you are informed that your password has been changed and you will be logged on

10. On the Initial Configuration Tasks page, click Set Time Zone and configure the server to use your local time zone

11. Click Configure Networking Right-click Local Area Connection and click Properties

12. Click Internet Protocol Version 4 (TCP/IPv4) and then click Properties

13. Configure the Internet Protocol Version 4 (TCP/IPv4) properties so that the computer

has an IP address of 10.0.0.11 with a subnet mask of 255.255.255.0 and then click OK

Click Close to close the Local Area Connection Properties Close the Network tions window to return to the Initial Configuration Tasks page

14. On the Initial Configuration Tasks page, click Provide Computer Name And Domain This opens the System Properties dialog box

15. On the Computer Name tab, click Change

16. In the Computer Name/Domain Changes dialog box, set the computer name to

Glasgow and click OK Click OK when informed that it will be necessary to restart the

computer and click Close to close the System Properties dialog box Click Restart Now

to restart the computer

17. After the computer has rebooted, log on using the Administrator account and the password configured in step 9

18 Click Start and then click Run In the Run dialog box, type dcpromo and then click OK

19. On the Welcome To The Active Directory Domain Services Installation Wizard page, click Next

20. On the Choose A Deployment Configuration page, select Create A New Domain In A New Forest and then click Next

21 On the Name The Forest Root Domain page, enter contoso.internal and click Next

22. On the Set Forest Functional Level page, leave the default Forest Functional level in place and then click Next

23. On the Additional Domain Controller Options page, click Next

24. In the Static IP Assignment warning dialog box, click Yes, The Computer Will Use A Dynamically Assigned IP Address (Not Recommended)

25. When presented with the delegation warning, click Yes

26. On the Location For Database, Log Files, And SYSVOL page, accept the default settings and then click Next

Introduction

27 Click OK to dismiss the blank password warning dialog box and enter p@ssw0rd twice

for the Directory Services Restore Mode Administrator account Click Next

28. On the Summary page, review the selections and then click Next

Active Directory Domain Services (AD DS) will now be configured on the computer

29. When this process is complete, click Finish and then click Restart Now

30. When the computer reboots, open Active Directory Users And Computers from the

Administrative Tools menu and make a copy of the built-in Administrator account with

the name Kim_akers Set the password to p@ssw0rd

Instructions for installing and configuring the Windows Server 2008 Enterprise member

server are given in Chapter 2, “Configuring IP Services ” The required server roles are added in

the practices in subsequent chapters

Preparing the Computer Running Windows Vista

Perform the following actions to prepare the computer running Windows Vista for the

exer-cises in this training kit

n Check operating system version requirements In System Control Panel (found in

the System And Maintenance category), verify that the operating system version is

Windows Vista Enterprise, Windows Vista Business, or Windows Vista Ultimate If

necessary, choose the option to upgrade to one of these versions

n Name the computer In System Control Panel, specify the computer name as

Melbourne

n Configure networking To configure networking, carry out the following tasks:

• In Control Panel, click Set Up File Sharing In Network And Sharing Center, verify

that the network is configured as a private network and that File Sharing is enabled

• In Network And Sharing Center, click Manage Network Connections In Network

Connections, open the properties of the Local Area Connection Specify a static

IPv4 address that is on the same subnet as the domain controller For example, the

setup instructions for the domain controller specify an IPv4 address of 10 0 0 11

If you use this address, you can configure the client computer with an IP address

of 10.0.0.21 The subnet mask is 225.225.225.0, and the DNS address is the IPv4

address of the domain controller You do not require a default gateway You can

choose other network addresses if you want to, provided that the client and server

are on the same subnet

Using the DVD

The companion DVD included with this training kit contains the following:

n practice tests You can reinforce your understanding of how to confi gure Windows Vista by using electronic practice tests you customize to meet your needs from the pool of Lesson Review questions in this book, or you can practice for the 70-648/9 cer-tifi cation exam by using tests created from a pool of approximately 400 realistic exam questions, which give you many practice exams to ensure that you are prepared

n an ebook An electronic version (eBook) of this book is included for when you do not want to carry the printed book with you The eBook is in Portable Document Format (PDF), and you can view it by using Adobe Acrobat or Adobe Reader

n Sample chapters This DVD includes sample chapters from other Microsoft Press titles

on Windows Server 2008 These chapters are in PDF format

DIGITAL CONTENT FOR DIGITAL BOOK READERS

If you bought a digital-only edition of this book, you can enjoy select content from the

print edition’s companion DVD Visit http://go.microsoft.com/fwlink/?LinkId=142001 to get

your downloadable content This content is always up-to-date and available to all readers.

How to Install the Practice Tests

To install the practice test software from the companion DVD to your hard disk, perform the following steps:

1. Insert the companion DVD into your DVD drive and accept the license agreement A DVD menu appears

NOTE IF the DVD MeNU DOeS NOt appear

If the DVD menu or the license agreement does not appear, AutoRun might be disabled

on your computer Refer to the Readme.txt fi le on the DVD for alternate installation instructions

2. Click Practice Tests and follow the instructions on the screen

DIGITAL CONTENT FOR DIGITAL BOOK READERS

If you bought a digital-only edition of this book, you can enjoy select content from the

print edition’s companion DVD Visit http://go.microsoft.com/fwlink/?LinkId=142001 to get

your downloadable content This content is always up-to-date and available to all readers.

NOTE IF the DVD MeNU DOeS NOt appear NOTE IF the DVD MeNU DOeS NOt appear NOTE

If the DVD menu or the license agreement does not appear, AutoRun might be disabled

on your computer Refer to the Readme.txt fi le on the DVD for alternate installation instructions.

Introduction

How to Use the Practice Tests

To start the practice test software, follow these steps:

1. Click Start, click All Programs, and then select Microsoft Press Training Kit Exam Prep

A window appears that shows all the Microsoft Press training kit exam prep suites

installed on your computer

2. Double-click the lesson review or practice test you want to use

NOTE LeSSON reVIeWS VerSUS praCtICe teStS

Select (70-648 or 70-649) Windows Server 2008, Server Administration Lesson Review

to use the questions from the “Lesson Review” sections of this book Select (70-648 or

70-649) Windows Server 2008, Server Administration Practice Test to use a pool of 200

questions (per exam) similar to those that appear on the 70-648 and 70-649 certifi

ca-tion exams

Lesson Review Options

When you start a lesson review, the Custom Mode dialog box appears so that you can

con-fi gure your test You can click OK to accept the defaults, or you can customize the number of

questions you want, how the practice test software works, which exam objectives you want

the questions to relate to, and whether you want your lesson review to be timed If you are

retaking a test, you can select whether you want to see all the questions again or only the

questions you missed or did not answer

After you click OK, your lesson review starts

n To take the test, answer the questions and use the Next and Previous buttons to move

from question to question

n After you answer an individual question, if you want to see which answers are

correct—along with an explanation of each correct answer—click Explanation

n If you prefer to wait until the end of the test to see how you did, answer all the

ques-tions and then click Score Test You will see a summary of the exam objectives you

chose and the percentage of questions you got right overall and per objective You can

print a copy of your test, review your answers, or retake the test

Practice Test Options

When you start a practice test, you choose whether to take the test in Certifi cation Mode,

Study Mode, or Custom Mode:

NOTE LeSSON reVIeWS VerSUS praCtICe teStS

NOTE LeSSON reVIeWS VerSUS praCtICe teStS

NOTE

Select (70-648 or 70-649) Windows Server 2008, Server Administration Lesson Review

to use the questions from the “Lesson Review” sections of this book Select (70-648 or

70-649) Windows Server 2008, Server Administration Practice Test to use a pool of 200

questions (per exam) similar to those that appear on the 70-648 and 70-649 certifi

ca-tion exams.

n Certifi cation Mode Closely resembles the experience of taking a certifi cation exam The test has a set number of questions It is timed, and you cannot pause and restart the timer

n Study Mode Creates an untimed test during which you can review the correct answers and the explanations after you answer each question

n Custom Mode Gives you full control over the test options so that you can customize them as you like

In all modes, the user interface when you are taking the test is basically the same but with different options enabled or disabled depending on the mode The main options are dis-cussed in the previous section, “Lesson Review Options ”

When you review your answer to an individual practice test question, a “References” tion is provided that lists where in the training kit you can fi nd the information that relates to that question and provides links to other sources of information After you click Test Results

sec-to score your entire practice test, you can click the Learning Plan tab sec-to see a list of references for every objective

How to Uninstall the Practice Tests

To uninstall the practice test software for a training kit, use the Program And Features option

in Windows Control Panel

Microsoft Certifi ed professional program

The Microsoft certifi cations provide the best method to prove your command of rent Microsoft products and technologies The exams and corresponding certifi cations are developed to validate your mastery of critical competencies as you design and develop, or implement and support, solutions with Microsoft products and technologies Computer professionals who become Microsoft-certifi ed are recognized as experts and are sought after industry-wide Certifi cation brings a variety of benefi ts to the individual and to employers and organizations

MORE INFO aLL the MICrOSOFt CertIFICatIONS

For a full list of Microsoft certifi cations, go to www.microsoft.com/learning/mcp /default.asp

MORE INFO aLL the MICrOSOFt CertIFICatIONS For a full list of Microsoft certifi cations, go to www.microsoft.com/learning/mcp /default.asp.

Introduction

technical Support

Every effort has been made to ensure the accuracy of this book and the contents of the

com-panion DVD If you have comments, questions, or ideas regarding this book or the comcom-panion

DVD, please send them to Microsoft Press by using either of the following methods:

E-mail

• tkinput@microsoft com

Postal Mail:

• Microsoft Press

Attn: MCTS Self-Paced Training Kit (Exams 70-648 and 70-649): Transitioning your MCSA

/MCSE to Windows Server 2008 Technology Specialist, Editor

One Microsoft Way

Redmond, WA 98052–6399

For additional support information regarding this book and the DVD (including answers

to commonly asked questions about installation and use), visit the Microsoft Press Technical

Support Web site at www.microsoft.com/learning/support/books/ To connect directly to the

Microsoft Knowledge Base and enter a query, visit http://support.microsoft.com/search/ For

support information regarding Microsoft software, connect to http://support.microsoft.com

addressing You should know how to confi gure IPv4 settings manually and how to confi gure

a Dynamic Host Confi guration Protocol version 4 (DHCPv4) scope and DHCPv4 options to confi gure IPv4 settings for hosts on your network automatically In addition, you should know how automatic IP addressing (APIPA) is used to provide alternate confi guration when manual confi guration is not used and DHCP is not available

You almost certainly know about Class A, Class B, Class C, and Class D (multicast) IPv4 addresses and default subnet masks, and you probably studied classless interdomain

routing (CIDR) and variable length subnet masks (VLSMs) for your Windows Server 2003 examinations, but unless you regularly carry out subnetting and supernetting on your net-work, you might need some review of these topics

IPv6 was available for Windows Server 2003 but was not widely used and did not feature signifi cantly in the Windows Server 2003 examinations However, IPv6 is enabled by default

in Windows Server 2008 and is widely regarded as the IP of the future It is likely to be

tested in the Windows Server 2008 examinations

The Windows Server 2008 70-648 and 70-649 upgrade examinations are not for ners and neither is this training kit This chapter is not written to cover old ground, although some review of the more advanced topics is included It will indicate what you should

begin-already know and guide you to resources that enable you to review this knowledge You are also strongly advised to review the materials you used to study IPv4 and DHCPv4 confi gu-ration for the Windows Server 2003 examinations The chapter concentrates on topics you might not previously have studied—IPv6 addressing and DHCPv6 confi guration

NOTE DhCp

DHCPv4 is often simply referred to as DHCP, with DHCPv6 distinguished only by its

ver-sion number However, it is probably a good idea to get used to talking about DHCPv4

and DHCPv6

NOTE DhCp

NOTE DhCp

NOTE

DHCPv4 is often simply referred to as DHCP, with DHCPv6 distinguished only by its

ver-sion number However, it is probably a good idea to get used to talking about DHCPv4

and DHCPv6.

Exam objectives in this chapter

n Configure IPv4 and IPv6 addressing

n Configure Dynamic Host Configuration Protocol (DHCP)

Lessons in this chapter:

n Configuring IPv4 and IPv6 Addressing 3

n Configuring DHCP 35

before You begin

To complete the lessons in this chapter, you must have done the following:

n Installed a Windows Server 2008 Enterprise server configured as a domain

control-ler in the contoso.internal domain Active Directory–integrated Domain Name System

(DNS) is installed by default on the first domain controller in a domain The computer name is Glasgow You should configure a static IPv4 address of 10 0 0 11 with a subnet mask 255 255 255 0 The IPv4 address of the DNS server is 10 0 0 11 Other than IPv4 configuration and the computer name, accept all the default installation settings

n Joined a client computer running Windows Vista Business, Enterprise, or Ultimate to

the contoso.internal domain The computer name is Melbourne Initially, this computer

should have a static IPv4 address of 10 0 0 21 with a 255 255 255 0 subnet mask The IPv4 address of the DNS server is 10 0 0 11 You can obtain evaluation software that enables you to implement a Windows Vista Enterprise 30-day evaluation virtual

hard disk (VHD) at the following address: http://www.microsoft.com/downloads

/details.aspx?FamilyID=c2c27337-d4d1-4b9b-926d-86493c7da1aa&DisplayLang=en# Instructions

n Created a user account with the username Kim_Akers and password P@ssw0rd Add this account to the Domain Admins, Enterprise Admins, and Schema Admins groups

n It is recommended that you use an isolated network that is not part of your production network to do the practice exercises in this book Internet access is not required for the exercises, and you do not need to configure a default gateway To minimize the time and expense of configuring physical computers, it is recommended that you use virtual machines To run computers as virtual machines within Windows, you can use Virtual

PC 2007, Virtual Server 2005 R2, or third-party virtual machine software To download

Virtual PC 2007, visit http://www.microsoft.com/windows/downloads/virtualpc/default.

mspx To download an evaluation of Virtual Server 2005 R2, visit http://www.microsoft com/technet/virtualserver/evaluation/default.mspx

Lesson 1: Confi guring IPv4 and IPv6 Addressing CHAPTER 1 3

Lesson 1: Confi guring Ipv4 and Ipv6 addressing

As an experienced network professional, you should be familiar with IPv4 addresses

You should know that the private IP address ranges are 10 0 0 0/8, 172 16 0 0/12, and

192 168 0 0/16 and that the APIPA range is 169 254 0 0/16 You should be aware that network

address translation (NAT) typically allows you to use relatively few public IP addresses to

enable Internet access to many internal clients with private IP addresses You should be able

to identify Class A, B, and C networks, but be aware that modern network design uses CIDR

You should know that Class D addresses (224 0 0 0/4) are used for multicasting

NOTE CLaSS a, b, aND C aDDreSSeS

The concept of Class A, B, and C addresses is now considered obsolete and is unlikely to be

tested in the upgrade examinations Nevertheless, in the course of your profession, you will

come across administrators who will tell you their organization was allocated two Class C

networks ten years ago You need to know what they are talking about

You might be less familiar with the IPv6 infrastructure and the types of IPv6 addressing As

IPv6 usage increases, you need to be aware of IPv4-to-IPv6 transition strategy and IPv4 and

IPv6 interoperability, particularly the use of Teredo addresses IPv6 addressing is the main

topic in this lesson

After this lesson, you will be able to:

n Confi gure IPv4 settings

n Subnet and supernet IPv4 networks

n Identify the various types of IPv6 addresses and explain their uses

n Identify IPv6 addresses that can be routed on the IPv4 Internet

n Implement IPv4 and IPv6 interoperability

n Use IPv6 tools

Estimated lesson time: 45 minutes

NOTE CLaSS a, b, aND C aDDreSSeS

NOTE CLaSS a, b, aND C aDDreSSeS

NOTE

The concept of Class A, B, and C addresses is now considered obsolete and is unlikely to be

tested in the upgrade examinations Nevertheless, in the course of your profession, you will

come across administrators who will tell you their organization was allocated two Class C

networks ten years ago You need to know what they are talking about.

After this lesson, you will be able to:

n Confi gure IPv4 settings

n Subnet and supernet IPv4 networks

n Identify the various types of IPv6 addresses and explain their uses

n Identify IPv6 addresses that can be routed on the IPv4 Internet

n Implement IPv4 and IPv6 interoperability

n Use IPv6 tools

Estimated lesson time: 45 minutes

REAL WORLD

Ian McLean

I’m probably very fortunate I’m as comfortable in binary as I am in decimal

It started a long time ago, when I was about eleven (1011) years old A master took a particular interest in the brighter children (believe it or not, I was one of them) who took a real interest and joy in mathematics One of the things we played with was number systems Not merely binary and hexadecimal—we also had fun with duodecimal and nonary

school-When I fi rst met a computer at the same tender age, the beast spoke binary and so did I Computers have been part of my life ever since When I became an electronics engineer in 1966, binary was my friend and digital logic circuits my specialty

So when I came to subnet and supernet, I found it easy Yet all around me, some very clever people were scratching their heads and looking thoroughly confused

I knew almost by instinct that if I wrote 255.255.255.0 and 255.255.254.0, the next

in sequence was 255.255.252.0 (obvious, isn’t it?) and could immediately translate these numbers into /24, /23, and /22 I’ve made a fair bit of money from something that’s easy for me but diffi cult for some who are normally much brighter than I am IPv6 is the Internet protocol of the future, and you don’t supernet or subnet IPv6 networks However, you still need to know binary to understand hexadecimal fully,

and you need to know about the binary Exclusive OR function to work with Teredo

addresses I’ve been saying this for years, and I’ll still say it—learn binary

Confi guring IPv4 Addressing

You should already know that an IPv4 address is 32 bits in length and is split into four

You could also express it in decimal (or any other numbering system), but that would be uninformative So the usual representation of an IPv4 address is in dotted-decimal notation, for example, 192 168 56 1 A subnet mask is a 32-bit number that consists of a series of ones followed by a series of zeros, for example, 255 255 255 0 This can also be expressed by a slash followed by the number of ones in the mask, for example, /24

An IP address (IPv4 or IPv6) can be split into two sections, one of which identifi es a host and the other the network the host is on The subnet mask defi nes which bits in an IP

address identify the host and which the network For example, if you write 192 168 56 0 /24, the /24 represents the /24 subnet mask and indicates that the fi rst 24 of the 32 bits in the IPv4 address is the network identity (ID) The lower the number after the slash in the subnet mask,

REAL WORLD

Ian McLean

I’m probably very fortunate I’m as comfortable in binary as I am in decimal.

It started a long time ago, when I was about eleven (1011) years old A master took a particular interest in the brighter children (believe it or not, I was one of them) who took a real interest and joy in mathematics One of the things we played with was number systems Not merely binary and hexadecimal—we also had fun with duodecimal and nonary

school-When I fi rst met a computer at the same tender age, the beast spoke binary and so did I Computers have been part of my life ever since When I became an electronics engineer in 1966, binary was my friend and digital logic circuits my specialty.

So when I came to subnet and supernet, I found it easy Yet all around me, some very clever people were scratching their heads and looking thoroughly confused

I knew almost by instinct that if I wrote 255.255.255.0 and 255.255.254.0, the next

in sequence was 255.255.252.0 (obvious, isn’t it?) and could immediately translate these numbers into /24, /23, and /22 I’ve made a fair bit of money from something that’s easy for me but diffi cult for some who are normally much brighter than I am IPv6 is the Internet protocol of the future, and you don’t supernet or subnet IPv6 networks However, you still need to know binary to understand hexadecimal fully,

and you need to know about the binary Exclusive OR function to work with Teredo

addresses I’ve been saying this for years, and I’ll still say it—learn binary.

Lesson 1: Confi guring IPv4 and IPv6 Addressing CHAPTER 1 5

If a computer on a subnet sends an IPv4 datagram to a computer on another network, the

datagram fi rst goes to the default gateway on the subnet The default gateway address is the

address of a multihomed device (for example, a router or a layer-3 switch) that exists on the

subnet

ones in the network’s subnet mask This enables you to create multiple subnets or broadcast

domains within the original network address space For example, suppose your organization

has been allocated the IPv4 network 131 107 0 0 /22 (131 107 0 1 through 131 107 3 254) You

could then split this into four subnets: 131 107 0 0/24, 131 107 1 0/24, 131 107 2 0/24, and

131 107 3 0/24 This assumes that your routers or switches support the zero subnet, which all

modern layer-3 devices do

Supernetting logically combines a number of contiguous address spaces to form a single

network that can be advertised on the Internet For example, if you had been allocated the

networks 131 107 64 0/24, 131 107 65 0/24, 131 107 66 0/24, and 131 107 67 0/24, you could

combine them so your organization advertises the subnet 131 107 64 0/22 In practice, you

would use this network only for advertisements and subnet it internally A well-populated

subnet with 1,022 hosts would be impractical due to broadcast collisions, especially if the

subnet included clients and servers with earlier operating systems such as Windows XP and

Windows Server 2003 that generate a considerable amount of broadcast traffi c

MORE INFO hOW tO SUbNet

The Quick Check element in this section is unusual in that it contains answers that

can-not be found in the chapter text Its purpose is to check your existing knowledge of IPv4

addressing and subnetting If you have diffi culty answering any of the questions directly,

review the material you used to study IPv4 addressing for the Windows Server 2003

exami-nations or access http://www.learntosubnet.com Although this is not a Microsoft site, it is

one that I have recommended to my students for years, and it provides excellent coverage

of both binary arithmetic and IPv6 subnetting

quick Check

1 What is the slash notation for the subnet mask 255.252.0.0?

2 What is the maximum number of host addresses available on a subnet with a /23

subnet mask?

3 What is the APIPA address range? Express this as a network address and slash

notation subnet mask

4 Other than the APIPA address range, what networks are used for private IPv4

addresses?

MORE INFO hOW tO SUbNet

The Quick Check element in this section is unusual in that it contains answers that

can-not be found in the chapter text Its purpose is to check your existing knowledge of IPv4

addressing and subnetting If you have diffi culty answering any of the questions directly,

review the material you used to study IPv4 addressing for the Windows Server 2003

exami-nations or access http://www.learntosubnet.com Although this is not a Microsoft site, it is

one that I have recommended to my students for years, and it provides excellent coverage

of both binary arithmetic and IPv6 subnetting

quick Check

1 What is the slash notation for the subnet mask 255.252.0.0?

2 What is the maximum number of host addresses available on a subnet with a /23

subnet mask?

3 What is the APIPA address range? Express this as a network address and slash

notation subnet mask.

4 Other than the APIPA address range, what networks are used for private IPv4

5 What is the hexadecimal number AFFE6409 when converted to dotted decimal notation?

6 What is the binary number 10011101 00110111 10010110 01001001 when verted to dotted decimal notation?

con-7 Two computers in the tailspintoys.com domain have IPv4 addresses 10.0.0.23 and 10.0.1.126 All subnets in the domain have a /23 subnet mask Are the computers

on the same subnet?

8 What is the address range supported by the 172.16.10.128/25 subnet?

quick Check answers

Variable Length Subnet Masks

You can confi gure subnet masks so that one subnet mask is used externally and multiple

more effi ciently Typically, you subnet a network and then further subnet one or more of the subnets you created to provide more subnets, each with fewer hosts

Suppose, for example, you have been allocated the 131 107 100 0/24 network and you require fi ve networks with 30 hosts per network However, to implement a wide area network (WAN) connection, you also need a subnet with two hosts You could simply subnet your /24 network into eight /27 subnets, each with 30 host addresses, and use one of these for your WAN connection This would give you two spare /27 subnets

However, this is ineffi cient If you need more WAN links, you would need to use a spare /27 subnet for each one It is more effi cient to create eight /27 subnets and then further sub-net one of these subnets

If, for example, you subnetted 131 107 100 0/24 into the eight subnets:

5 What is the hexadecimal number AFFE6409 when converted to dotted decimal notation?

6 What is the binary number 10011101 00110111 10010110 01001001 when verted to dotted decimal notation?

con-7 Two computers in the tailspintoys.com domain have IPv4 addresses 10.0.0.23 and 10.0.1.126 All subnets in the domain have a /23 subnet mask Are the computers

on the same subnet?

8 What is the address range supported by the 172.16.10.128/25 subnet?

quick Check answers

8

1 2 3 4 5 6 7 8

Lesson 1: Confi guring IPv4 and IPv6 Addressing CHAPTER 1 7

131 107 100 0/27; 131 107 100 32/27; 131 107 100 64/27; 131 107 100 96/27;

131 107 100 128/27; 131 107 160 32/27; 131 107 100 192/27; 131 107 100 224/27

you could then take the fi nal subnet and further subnet it into up to sixteen subnets, each

with two host addresses, that is:

131 107 100 224/30; 131 107 100 228/30; and so on

You can be even more clever and subnet the 131 107 100 224/27 subnet into (for example)

four /29 subnets with six host addresses each and then subnet the fi nal /29 subnet into two

/30 subnets The possibilities are endless, but take care not to be too clever and make your

subnetting too complex to understand

MORE INFO VarIabLe LeNGth SUbNet MaSKS

For more information about VLSMs, visit http://technet2.microsoft.com/windowsserver/en

/library/c4a4bcaf-4c12-4c20-a346-34cef0113a801033.mspx?mfr=true This is a Windows

Server 2003 link but is also relevant to VLSMs on Windows Server 2008

The Longest Match Algorithm

In the VLSM example previously described, an IPv4 datagram sent, for example, to the IPv4

address 131 107 100 24 locates the relevant host on the 131 107 100 224/30 subnet, not on

the 131 107 100 224/27 subnet The layer-3 devices that control routing are confi gured to use

the longest match algorithm to route the datagram to the appropriate subnet

MORE INFO the LONGeSt MatCh aLGOrIthM

It is unlikely that the upgrade examinations will ask any detailed questions about the

lon-gest match algorithm However, if you want to learn more from a professional point

of view, see http://www.ietf.org/proceedings/03jul/I-D/draft-grow-bounded-longest

-match-00.txt

Alternate IPv4 Confi guration

You can confi gure IPv4 (and IPv6) by using netsh commands, described later in this lesson,

or through the TCP/IPv4 Properties graphical user interface (GUI) You access this dialog box

from the Network and Sharing Center in Control Panel by clicking Manage Network

Connections, right-clicking the appropriate interface, and selecting Properties, selecting

Internet Protocol Version 4 (TCP/IPv4), and clicking Properties This procedure is different

from that used in Windows Server 2003 to access the GUI tool for confi guring IPv4 settings,

and you should become familiar with it

On the General tab of the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box,

you can specify an IPv4 address, a subnet mask, and (optionally) a default gateway (static

confi guration), or you can confi gure the interface to obtain these settings automatically You

MORE INFO VarIabLe LeNGth SUbNet MaSKS

For more information about VLSMs, visit http://technet2.microsoft.com/windowsserver/en

/library/c4a4bcaf-4c12-4c20-a346-34cef0113a801033.mspx?mfr=true This is a Windows

Server 2003 link but is also relevant to VLSMs on Windows Server 2008.

MORE INFO the LONGeSt MatCh aLGOrIthM

It is unlikely that the upgrade examinations will ask any detailed questions about the

lon-gest match algorithm However, if you want to learn more from a professional point

of view, see http://www.ietf.org/proceedings/03jul/I-D/draft-grow-bounded-longest

-match-00.txt.

also have the choice of specifying a static IPv4 address for a DNS server or obtaining this automatically If you configure a static interface address, you also need to specify a static DNS server address Automatic configuration is typically through DHCP, but if no DHCP leases are available on the network, an alternate configuration is applied

You can specify the alternate configuration on the Alternate Configuration tab, shown

in Figure 1-1 By default, alternate configuration is through APIPA, but you can specify a static address that can be applied if a DHCP lease cannot be obtained The Alternate Configuration functionality is useful when you use the computer on more than one network, where one

of those networks does not have a DHCP server and you do not want to use an APIPA configuration

FIGUre 1-1 The Alternate Configuration tab

Typically, you can use the alternate configuration functionality if you use a mobile computer at your office and at your home When you are in the office, the computer uses a DHCP-allocated TCP/IP configuration When you are at home (where you do not have access

to a DHCP server), the computer automatically uses the alternate configuration It is less mon to set up an alternate configuration on a server, but you have the option of doing so if you want to

com-Configuring IPv6 Addressing

IPv4 and IPv6 addresses can be readily distinguished An IPv4 address uses 32 bits, resulting

in an address space of just over 4 billion An IPv6 address uses 128 bits, resulting in an address space of 2128, or 340,282,366,920,938,463,463,374,607,431,768,211,456—a number too large

to comprehend This represents 6 5*223 or 54,525,952 addresses for every square meter of

Lesson 1: Confi guring IPv4 and IPv6 Addressing CHAPTER 1 9

the earth’s surface In practice, the IPv6 address space allows for multiple levels of

subnet-ting and address allocation between the Internet backbone and individual subnets within an

organization The vastly increased address space available enables allocation of not one but

several unique IPv6 addresses to a network entity, with each address being used for a

differ-ent purpose

IPv6 provides addresses that are equivalent to IPv4 address types and others that are

unique to IPv6 A node can have several IPv6 addresses, each of which has its own unique

purpose This section describes the IPv6 address syntax and the various classes of IPv6

addressing

IPv6 Address Syntax

The IPv6 128-bit address is divided at 16-bit boundaries, and each 16-bit block is converted

to a four-digit hexadecimal number Colons are used as separators This representation is

called colon-hexadecimal

Global unicast IPv6 addresses are equivalent to IPv4 public unicast addresses To illustrate

IPv6 address syntax, consider the following IPv6 global unicast address:

21cd:0053:0000:0000:03ad:003f:af37:8d62

IPv6 representation can be simplifi ed by removing the leading zeros within each 16-bit

block However, each block must have at least a single digit With leading zero suppression,

the address representation becomes:

21cd:53:0:0:3ad:3f:af37:8d62

A contiguous sequence of 16-bit blocks set to 0 in the colon-hexadecimal format can be

compressed to :: Thus, the previous example address could be written:

21cd:53::3ad:3f:af37:8d62

Some types of addresses contain long sequences of zeros and thus provide good examples

of when to use this notation For example, the multicast address ff05:0:0:0:0:0:0:2 can be

compressed to ff05::2

IPv6 Address Prefi xes

The prefi x is the part of the address that indicates either the bits that have fi xed values or the

network identifi er bits IPv6 prefi xes are expressed in the same way as CIDR IPv4 (slash)

nota-tion For example, 21cd:53::/64 is the subnet on which the address 21cd:53::23ad:3f:af37:8d62

is located In this case, the fi rst 64 bits of the address are the network prefi x An IPv6 subnet

prefi x (or subnet ID) is assigned to a single link Multiple subnet IDs can be assigned to the

same link This technique is called multinetting

NOTE IpV6 DOeS NOt USe DOtteD DeCIMaL NOtatION IN SUbNet MaSKS

Only prefi x length notation is supported in IPv6 IPv4 dotted decimal subnet mask

repre-sentation (such as 255.255.255.0) has no direct equivalent

NOTE IpV6 DOeS NOt USe DOtteD DeCIMaL NOtatION IN SUbNet MaSKS

NOTE IpV6 DOeS NOt USe DOtteD DeCIMaL NOtatION IN SUbNet MaSKS

NOTE

Only prefi x length notation is supported in IPv6 IPv4 dotted decimal subnet mask

repre-sentation (such as 255.255.255.0) has no direct equivalent.

IPv6 Address Types

The three types of IPv6 addresses are unicast, multicast, and anycast

n Unicast Identifi es a single interface within the scope of the unicast address type Packets addressed to a unicast address are delivered to a single interface RFC 2373 allows multiple interfaces to use the same address, provided that these interfaces appear as a single interface to the IPv6 implementation on the host This accommo-dates load-balancing systems

n Multicast Identifi es multiple interfaces Packets addressed to a multicast address are delivered to all interfaces identifi ed by the address

n anycast Identifi es multiple interfaces Packets addressed to an anycast address are delivered to the nearest interface identifi ed by the address The nearest interface is the closest in terms of routing distance, or number of hops An anycast address is used for one-to-one-of-many communication, with delivery to a single interface

MORE INFO IpV6 aDDreSSING arChIteCtUre

For more information about IPv6 address structure and architecture, see http://www.ietf org/rfc/rfc2373.txt

NOTE INterFaCeS aND NODeS IPv6 addresses identify interfaces rather than nodes A node is identifi ed by any unicast address that is assigned to one of its interfaces

IPv6 Unicast Addresses

IPv6 supports the following types of unicast addresses:

is called the scope of the address )

MORE INFO IpV6 aDDreSSING arChIteCtUre

For more information about IPv6 address structure and architecture, see http://www.ietf org/rfc/rfc2373.txt.

NOTE INterFaCeS aND NODeS

NOTE INterFaCeS aND NODeS

NOTE

IPv6 addresses identify interfaces rather than nodes A node is identifi ed by any unicast address that is assigned to one of its interfaces.