Cover
Acknowledgments
About the Authors
About the Contributing Author
Introduction
1. Major Changes in Windows Server 2016
2. The Mastering Series
3. How to Use This Book
4. How This Book Is Organized
5. Getting More Information
6. Errata
Chapter 1: Windows Server 2016 Installation and Management
1. Windows Server 2016 Editions and Licensing
2. Installing Windows Server 2016
3. Automating the Installation of Windows Server 2016
4. Common Management Tools
5. Monitoring and Troubleshooting Tools
6. The Bottom Line
Chapter 2: PowerShell
1. What Is PowerShell?
2. Running and Customizing PowerShell
3. Setting Up PowerShell ISE Profiles
4. Setting Up Execution Policies
5. Using Aliases and Getting Help
6. Understanding Cmdlet Syntax
7. Understanding Shortened Command Syntax
8. Exploring PowerShell Command Concepts
9. Using File Input and Output Operations
10. Processing Pipeline Data
11. Using Variables
12. Using Functions
13. Formatting Output
14. Using Loops
15. Managing Remote Systems via PowerShell
16. The Bottom Line
Chapter 3: Compute
1. Overview of Hyper-V
2. What's New in Windows Server 2016 Hyper-V
3. Installing Hyper-V
4. Nested Virtualization
5. Storage Options in Hyper-V
6. Configuring Hyper-V
7. Virtual Machine Migration
8. Hyper-V Replica
9. High Availability with Failover Clustering in Windows Server 2016
10. Failover Clustering with Hyper-V
11. The Bottom Line
Chapter 4: Storage
1. Overview of Storage in Windows Server 2016
2. File Systems
3. Data Deduplication
4. Storage Spaces
5. Storage Replica
6. Storage Quality of Service
7. The Bottom Line
Chapter 5: Networking
1. Windows Server 2016 Network Configuration
2. DNS
3. DHCP
4. Remote Access
5. Network Load Balancing
6. Software Defined Networking
7. The Bottom Line
Chapter 6: File Services
1. File Services Overview
2. File Server
3. BranchCache for Network Files
4. DFS Namespaces and DFS Replication
5. File Server Resource Manager
6. Work Folders
7. The Bottom Line
Chapter 7: Windows Server Containers
1. Containers Overview
2. Creating and Maintaining Containers
3. Configuring Containers
4. Application Development and Deployment
5. The Bottom Line
Chapter 8: Security Mechanisms
1. Security Overview
2. Where to Begin?
3. What Are the Risks?
4. Protecting Accounts
5. Protecting Data at Rest
6. Protecting Data in Transit
7. Protecting Administrative Access
8. Protecting Active Directory Infrastructure
9. Malware Protection
10. Hardening Operating Systems Security with Additional Microsoft Products
11. Evidence of the Attack
12. The Bottom Line
Chapter 9: Active Directory Domain Services
1. Overview of Features
2. Revisiting Privileged Access Management
3. Design Considerations
4. Computer, User, and Group Management
5. Group Policy
6. The Bottom Line
Chapter 10: Active Directory Certificate Services
1. What's New in AD CS Windows Server 2016
2. Introduction to a Public Key Infrastructure and AD CS
3. Planning and Design Considerations
4. Implementing a Two-Tier Hierarchy
5. Working with Certificate Templates
6. Auto-Enrollment
7. The Bottom Line
Chapter 11: Active Directory Federation Services
1. Overview of AD FS
2. Planning and Design Considerations
3. Deploying an AD FS Environment
4. The Bottom Line
Chapter 12: Management with System Center
1. Overview of System Center 2016
2. Using System Center Virtual Machine Manager
3. Managing Windows Server 2016 with System Center Operations Manager
4. Managing Windows Server 2016 with System Center Configuration Manager
5. The Bottom Line
Chapter 13: Management with OMS
1. What Is Operations Management Suite?
2. OMS Pricing
3. System Requirements
4. Log Analytics
5. The Bottom Line
Index
End User License Agreement

List of Tables

Chapter 1
1. TABLE 1.1: Windows Server 2016 Edition Differences
2. TABLE 1.2: Activation Methods for Using KMS Keys
3. TABLE 1.3: Configuration Passes
4. TABLE 1.4: WDS Image Types
Chapter 2
1. TABLE 2.1: Get-Service Objects
2. TABLE 2.2: Output Formats
Chapter 3
1. TABLE 3.1: What's New in Windows Server 2016 Hyper-V
2. TABLE 3.2: Hyper-V's New Features for Virtual Machines
3. TABLE 3.3: Hyper-V Virtual Machine Configurations
4. TABLE 3.4: Failover-Clustering Terminology
5. TABLE 3.5: Failover-Clustering Components
6. TABLE 3.6: Failover-Clustering Scenarios
7. TABLE 3.7: Clustered Roles
Chapter 4
1. TABLE 4.1: Comparison of File-System Features
2. TABLE 4.2: Comparison of Space-Saving Technologies
3. TABLE 4.3: Comparison of Replication Options
Chapter 5
1. TABLE 5.1: Windows PowerShell Cmdlets for Network Configuration
2. TABLE 5.2: NIC Teaming Load-Balancing Modes
3. TABLE 5.3: DNS Record Types
4. TABLE 5.4: Scavenging Time Periods
5. TABLE 5.5: VPN Protocols
6. TABLE 5.6: SLB Terminology
Chapter 6
1. TABLE 6.1: DFS Network Port List
Chapter 7
1. TABLE 7.1: Benefits of Using Containers over Virtual Machines
2. TABLE 7.2: Container Terms
3. TABLE 7.3: Container Memory Utilization
4. TABLE 7.4: Additional Docker Commands
5. TABLE 7.5: Dockerfile Commands
6. TABLE 7.6: Docker Run Options for Network Configuration
7. TABLE 7.7: Resource Constraint Options
Chapter 8
1. TABLE 8.1: User Account Rights in Group Policy Editor
2. TABLE 8.2: Windows PowerShell Cmdlets
3. TABLE 8.3: Role Capabilities
4. TABLE 8.4: Session Configuration Files Components
5. TABLE 8.5: Windows Defender Scan Options
6. TABLE 8.6: Audit Policy Settings
7. TABLE 8.7: Windows PowerShell Cmdlets for Managing Auditing Logs
Chapter 9
1. TABLE 9.1: Domain Controller Memory Sizing Example
2. TABLE 9.2: Domain Controller Storage Layout
3. TABLE 9.3: Event Log Settings
4. TABLE 9.4: Automatically Populated Attributes
5. TABLE 9.5: Group Scopes
6. TABLE 9.6: Group Policy Cmdlets
Chapter 10
1. TABLE 10.1: Windows Server 2016 Certification Authority Compatibility Settings
2. TABLE 10.2: Windows Server 2016 Certificate Request Compatibility Settings
Chapter 11
1. TABLE 11.1: AD FS Terms and Definitions
Chapter 12
1. TABLE 12.1: Supported Upgrade Paths
2. TABLE 12.2: Hardware Recommendations
3. TABLE 12.3: SQL Memory per SQL Instance
4. TABLE 12.4: Site System Roles
5. TABLE 12.5: Supportability Limits
6. TABLE 12.6: Hardware Recommendations
7. TABLE 12.7: Disk Space Recommendations
8. TABLE 12.8: Collection Use
Chapter 13
1. TABLE 13.1: OMS Services and Description
2. TABLE 13.2: Service Level Agreements for Operations Management Suite
3. TABLE 13.3: Connected Sources and Data Sources
4. TABLE 13.4: URL Access Needed for OMS

List of Illustrations

Chapter 1
1. FIGURE 1.1 Select localization settings
2. FIGURE 1.2 Select an operating system.
3. FIGURE 1.3 Select an installation type.
4. FIGURE 1.4 Select the installation location.
5. FIGURE 1.5 Server Manager
6. FIGURE 1.6 Sconfig.cmd
7. FIGURE 1.7 Sysprep graphical interface
8. FIGURE 1.8 Windows SIM
9. FIGURE 1.9 PXE Server Initial Settings page
10. FIGURE 1.10 Install images.
11. FIGURE 1.11 Server roles
12. FIGURE 1.12 Features
13. FIGURE 1.13 Dashboard view
14. FIGURE 1.14 Computer Management
15. FIGURE 1.15 Device Manager
16. FIGURE 1.16 Task Scheduler
17. FIGURE 1.17 Task action
18. FIGURE 1.18 Event Viewer
19. FIGURE 1.19 Task Manager
20. FIGURE 1.20 Resource Monitor
21. FIGURE 1.21 Performance Monitor
Chapter 2
1. FIGURE 2.1 The Windows PowerShell console on Windows Server 2016
2. FIGURE 2.2 The 32-bit and 64-bit versions of PowerShell
3. FIGURE 2.3 PowerShell’s Run As Administrator
4. FIGURE 2.4 PowerShell ISE on Windows Server 2016
5. FIGURE 2.5 Command pane with Hyper-V module selected
6. FIGURE 2.6 ISE Colors and Fonts tab
7. FIGURE 2.7 ISE General Settings
8. FIGURE 2.8 Dir /S in PowerShell
9. FIGURE 2.9 –ShowWindow parameter
10. FIGURE 2.10 Show-Command Get-EventLog
11. FIGURE 2.11 -Confirm parameter in ISE
12. FIGURE 2.12 ConvertTo-Html output in the default table format
13. FIGURE 2.13 ConvertTo-Htm with –As List
14. FIGURE 2.14 Get-Credential dialog box
15. FIGURE 2.15 Get-Credential MessageSet dialog box
16. FIGURE 2.16 You forgot the mandatory parameter.
Chapter 3
1. FIGURE 3.1 Hyper-V architecture
2. FIGURE 3.2 Installing Hyper-V
3. FIGURE 3.3 Nested virtualization architecture
4. FIGURE 3.4 Shielded virtual machine architecture
5. FIGURE 3.5 Virtual machine migration
6. FIGURE 3.6 Hyper-V Replica architecture
7. FIGURE 3.7 Windows Network Load Balancing architecture
8. FIGURE 3.8 Clustering architecture
9. FIGURE 3.9 Managing cluster nodes
10. FIGURE 3.10 Stretch-cluster architecture
Chapter 4
1. FIGURE 4.1 How data is optimized
2. FIGURE 4.2 How optimized data is read
3. FIGURE 4.3 Storage Spaces overview
4. FIGURE 4.4 Storage Spaces Direct overview
5. FIGURE 4.5 Storage Spaces Direct converged
6. FIGURE 4.6 Storage Spaces stretch cluster
7. FIGURE 4.7 Storage Replica synchronous replication
8. FIGURE 4.8 Storage Replica asynchronous replication
Chapter 5
1. FIGURE 5.1 IPv4 configuration
2. FIGURE 5.2 Creating a new team
3. FIGURE 5.3 NIC Teaming window
4. FIGURE 5.4 Windows Firewall
5. FIGURE 5.5 Inbound rules
6. FIGURE 5.6 SRV records for a domain controller
7. FIGURE 5.7 Zone Type selection
8. FIGURE 5.8 Active Directory Zone Replication Scope selection
9. FIGURE 5.9 Root hints
10. FIGURE 5.10 DNS forwarders
11. FIGURE 5.11 New conditional forwarder
12. FIGURE 5.12 Advanced DNS settings
13. FIGURE 5.13 ZSK options
14. FIGURE 5.14 DNS Debug Logging
15. FIGURE 5.15 Nslookup
16. FIGURE 5.16 New Scope Wizard - IP Address Range
17. FIGURE 5.17 Scope Options dialog box
18. FIGURE 5.18 Creating a new failover relationship
19. FIGURE 5.19 DHCP database configuration
20. FIGURE 5.20 Selecting the Internet adapter
21. FIGURE 5.21 Routing and Remote Access dialog box
22. FIGURE 5.22 Network Access Permission
23. FIGURE 5.23 Network policy authentication methods
24. FIGURE 5.24 Configuring a VPN server to use RADIUS
25. FIGURE 5.25 WAP server placement
26. FIGURE 5.26 Load-balancing methods
Chapter 6
1. FIGURE 6.1 The File and iSCSI services subcomponents in Server Manager
2. FIGURE 6.2 Shares item in Server Manager
3. FIGURE 6.3 Selecting the profile for a share
4. FIGURE 6.4 BranchCache modes of operation
5. FIGURE 6.5 Installing BranchCache for Network Files in Server Manager
6. FIGURE 6.6 Installing the BranchCache feature in Server Manager
7. FIGURE 6.7 The Group Policy Object setting to enable Hash Publication for BranchCache
8. FIGURE 6.8 Group Policy Object setting to configure BranchCache settings on a client computer
9. FIGURE 6.9 DFS architecture
10. FIGURE 6.10 The process of accessing shared folders in DFS
11. FIGURE 6.11 Installing DFS Namespaces in Server Manager
12. FIGURE 6.12 DFS management console
13. FIGURE 6.13 Creating a folder name and the path to the folder target
14. FIGURE 6.14 Installing DFS Replication in Server Manager
15. FIGURE 6.15 Configuring DFS Replication
16. FIGURE 6.16 Installing File Server Resource Manager in Server Manager
17. FIGURE 6.17 File Server Resource Manager console
18. FIGURE 6.18 File Server Resource Manager Options
19. FIGURE 6.19 Installing Work Folders in Server Manager
20. FIGURE 6.20 Creating a New Sync Share by using a New Sync Share Wizard in Server Manager
21. FIGURE 6.21 Configuring a GPO for Work Folders user settings
Chapter 7
1. FIGURE 7.1 Virtual machine and container architecture
2. FIGURE 7.2 Hyper-V container and Windows container architecture
3. FIGURE 7.3 Pulling an image from Docker Hub
4. FIGURE 7.4 Pulling a second image
5. FIGURE 7.5 Listing images
6. FIGURE 7.6 Reviewing the default container configuration
7. FIGURE 7.7 History for an image
8. FIGURE 7.8 Dockerfile example
9. FIGURE 7.9 Building an image
10. FIGURE 7.10 Listing networks
Chapter 8
1. FIGURE 8.1 Configuring User Account settings in Active Directory Users and Computers
2. FIGURE 8.2 Configuring Credential Guard in the Group Policy Management Editor
3. FIGURE 8.3 Configuring EFS on a folder editor
4. FIGURE 8.4 The process of encryption and decryption in EFS
5. FIGURE 8.5 The architecture of BitLocker drive encryption
6. FIGURE 8.6 The process of drive encryption configured in the Group Policy Management Editor
7. FIGURE 8.7 Windows Firewall with Advanced Security properties window
8. FIGURE 8.8 Configuring rules in Windows Firewall with Advanced Security
9. FIGURE 8.9 Configuring connection security rules in Windows Firewall with Advanced Security
10. FIGURE 8.10 Transport and tunnel mode in IPsec
11. FIGURE 8.11 Privileged Access Management (PAM) architecture
12. FIGURE 8.12 Configuring Software Restriction Policies in the Group Policy Management Editor
13. FIGURE 8.13 Configuring AppLocker in the Group Policy Management Editor
14. FIGURE 8.14 Audit Policy settings in the Group Policy Management Editor
15. FIGURE 8.15 Auditing the security settings on a folder
16. FIGURE 8.16 Advanced Audit Policies settings in the Group Policy Management Editor
17. FIGURE 8.17 Configuring subscriptions in the Event Viewer
18. FIGURE 8.18 Windows PowerShell logging settings in the Group Policy Management Editor
Chapter 9
1. FIGURE 9.1 Privileged Access Management
2. FIGURE 9.2 Forests and domains
3. FIGURE 9.3 Trusts
4. FIGURE 9.4 Site design
5. FIGURE 9.5 Site link design
6. FIGURE 9.6 Sample OU layout
7. FIGURE 9.7 Basic auditing settings
8. FIGURE 9.8 Advanced audit policy settings
9. FIGURE 9.9 Mandatory attributes
10. FIGURE 9.10 Group Policy template files
11. FIGURE 9.11 Group Policy inheritance
12. FIGURE 9.12 Group Policy template files
13. FIGURE 9.13 Group Policy Operational log
Chapter 10
1. FIGURE 10.1 AD CS primary components
2. FIGURE 10.2 AD CS role services
3. FIGURE 10.3 PKI tiers
4. FIGURE 10.4 AD CS configuration
5. FIGURE 10.5 CDP extensions
6. FIGURE 10.6 AIA extensions
7. FIGURE 10.7 AD CS configuration
8. FIGURE 10.8 AD CS configuration results
9. FIGURE 10.9 Extensions tab
10. FIGURE 10.10 Built-in templates
11. FIGURE 10.11 Compatibility tab
12. FIGURE 10.12 General tab
13. FIGURE 10.13 Request Handling tab
14. FIGURE 10.14 Cryptography tab
15. FIGURE 10.15 Extensions tab
16. FIGURE 10.16 Security tab
17. FIGURE 10.17 Server tab
18. FIGURE 10.18 Issuance Requirements tab
19. FIGURE 10.19 New GPO window
20. FIGURE 10.20 Setting the configuration model
Chapter 11
1. FIGURE 11.1 Decision tree for a hotel visit
2. FIGURE 11.2 Decision tree for a claims-based web app
3. FIGURE 11.3 AD FS infrastructure diagram
4. FIGURE 11.4 Adding the AD FS role
5. FIGURE 11.5 AD FS Configuration Wizard
6. FIGURE 11.6 Importing the certificate
7. FIGURE 11.7 File Explorer
8. FIGURE 11.8 AD FS federation service name
9. FIGURE 11.9 AD FS service account
10. FIGURE 11.10 AD FS Review Options page
11. FIGURE 11.11 AD FS Pre-requisite Checks page
12. FIGURE 11.12 Adding a New Zone in DNS Manager
13. FIGURE 11.13 DNS Manager creating a new host
14. FIGURE 11.14 IIS Manager Application Pools settings
15. FIGURE 11.15 IIS Manager Application Pool Identity page
16. FIGURE 11.16 IIS Manager Add Site Binding dialog box
17. FIGURE 11.17 Internet Explorer Local intranet zone
18. FIGURE 11.18 Sample app web page
19. FIGURE 11.19 Add Roles and Features Wizard
20. FIGURE 11.20 WAP Configuration Wizard
21. FIGURE 11.21 Federation Server page
22. FIGURE 11.22 Selecting a certificate
23. FIGURE 11.23 Remote Access Management
24. FIGURE 11.24 Relying Party page
25. FIGURE 11.25 Publishing Settings page
26. FIGURE 11.26 Sample app authentication page
27. FIGURE 11.27 Sample app page
Chapter 12
1. FIGURE 12.1 SQL Server Installation Center
2. FIGURE 12.2 Installing a SQL Server failover cluster: Instance Configuration
3. FIGURE 12.3 Installing a SQL Server failover cluster: Cluster Disk Selection
4. FIGURE 12.4 Installing a SQL Server failover cluster: Database Engine Configuration, Data Directories
5. FIGURE 12.5 Installing a SQL Server failover cluster: Database Engine Configuration, TempDB
6. FIGURE 12.6 Installing a SQL Server failover cluster: Cluster Node Configuration
7. FIGURE 12.7 The Getting Started screen in the VMM Setup Wizard
8. FIGURE 12.8 VMM Setup Wizard: Database Configuration
9. FIGURE 12.9 VMM Setup Wizard: VMM Service Account
10. FIGURE 12.10 VMM Setup Wizard: Port Configuration
11. FIGURE 12.11 VMM Setup Wizard: Library Configuration
12. FIGURE 12.12 VMM Console: Library Servers
13. FIGURE 12.13 Folder Explorer: MSSCVMMLibrary
14. FIGURE 12.14 VMM Console: Library Server, Physical Library Objects
15. FIGURE 12.15 VMM Console: Fabric Resources: Create Logical Network
16. FIGURE 12.16 Create Logical Network Wizard: Specify Logical Network Settings
17. FIGURE 12.17 Create Logical Network Wizard: Network Sites
18. FIGURE 12.18 VMM Console: VMs: Create VM Network
19. FIGURE 12.19 The Create VM Network Wizard
20. FIGURE 12.20 Create VM Network Wizard: Specify VM subnets
21. FIGURE 12.21 Add Storage Devices Wizard: Select Storage Provider Type
22. FIGURE 12.22 Add Storage Devices Wizard: Gather Information
23. FIGURE 12.23 Create Virtual Machine Wizard: Create Virtual Machine
24. FIGURE 12.24 Create Virtual Machine Wizard: Create The New Virtual Machine With A Blank Virtual Hard Disk
25. FIGURE 12.25 Create Virtual Machine Wizard: Specify Virtual Machine Identity
26. FIGURE 12.26 Create Virtual Machine Wizard: Configure Hardware
27. FIGURE 12.27 Create Virtual Machine Wizard: Select Destination
28. FIGURE 12.28 Installing the web console prerequisites via PowerShell
29. FIGURE 12.29 The initial Installation screen
30. FIGURE 12.30 Selecting the SCOM features to be installed
31. FIGURE 12.31 Selecting a folder location for Operations Manager
32. FIGURE 12.32 Verifying that the prerequisites have passed the check
33. FIGURE 12.33 Specifying a management group name
34. FIGURE 12.34 Microsoft Software License Terms
35. FIGURE 12.35 Configuring the operational database
36. FIGURE 12.36 Configuring the data warehouse database
37. FIGURE 12.37 Configuring the Reporting Services instance
38. FIGURE 12.38 Specifying the website for the web console
39. FIGURE 12.39 Selecting an authentication mode for the web console
40. FIGURE 12.40 Configuring the service accounts
41. FIGURE 12.41 This warning might appear if you set up accounts with domain administrator rights.
42. FIGURE 12.42 A Diagnostic and Usage Data for System Center Operations Manager disclaimer
43. FIGURE 12.43 Installation Summary page
44. FIGURE 12.44 Installation Results window with installation details
45. FIGURE 12.45 Selecting the Operations Manager shell to activate System Center Operations Manager
46. FIGURE 12.46 Activating System Center Operations Manager
47. FIGURE 12.47 Verifying that System Center Operations Manager is activated
48. FIGURE 12.48 Initiating the wizard to import management packs
49. FIGURE 12.49 Selecting a source for management packs
50. FIGURE 12.50 Finding management packs in the catalog
51. FIGURE 12.51 Selecting the management packs to install
52. FIGURE 12.52 Summary page with a list of management packs to install
53. FIGURE 12.53 Viewing the status of the current Management Pack installation procedure
54. FIGURE 12.54 Windows Explorer: Extracted Folder ConfigMgrPrerequisitesTool
55. FIGURE 12.55 ConfigMgr Prerequisites Tool: Site Configuration
56. FIGURE 12.56 ConfigMgr Prerequisites Tool: Site Configuration: Progress
57. FIGURE 12.57 ConfigMgr Prerequisites Tool: Active Directory Schema Extension
58. FIGURE 12.58 ConfigMgr Prerequisites Tool: WSUS tab
59. FIGURE 12.59 ADK Window 10 1703 download
60. FIGURE 12.60 ADK Windows 10 1703: Select the Features You Want to Install
61. FIGURE 12.61 System Center Configuration Manager Setup Wizard: Getting Started: Available Setup Options
62. FIGURE 12.62 System Center Configuration Manager Setup Wizard: Server Language Selection
63. FIGURE 12.63 System Center Configuration Manager Setup Wizard: Client Language Selection
64. FIGURE 12.64 System Center Configuration Manager Setup Wizard: Site and Installation Settings
65. FIGURE 12.65 System Center Configuration Manager Setup Wizard: Primary Site Installation
66. FIGURE 12.66 System Center Configuration Manager Setup Wizard: Primary Site Installation: Database Information
67. FIGURE 12.67 System Center Configuration Manager Setup Wizard: Database Information
68. FIGURE 12.68 System Center Configuration Manager Setup Wizard: Client Computer Communication Settings
69. FIGURE 12.69 System Center Configuration Manager Setup Wizard: Site System Roles
70. FIGURE 12.70 System Center Configuration Manager Setup Wizard: Install: Overall Progress
71. FIGURE 12.71 System Center Configuration Manager Console: Hierarchy Configuration: Discovery Methods
72. FIGURE 12.72 Active Directory Forest Discovery
73. FIGURE 12.73 Boundaries
74. FIGURE 12.74 Active Directory Group Discovery Properties
75. FIGURE 12.75 Active Directory Location
76. FIGURE 12.76 User Collections
77. FIGURE 12.77 Active Directory System Discovery
78. FIGURE 12.78 Device Collections: All Systems
79. FIGURE 12.79 Active Directory User Discovery
80. FIGURE 12.80 Create Boundary screen
81. FIGURE 12.81 Create the boundary group.
82. FIGURE 12.82 Create Boundary Group: References
83. FIGURE 12.83 Create Custom Client Device Settings: Software Updates
84. FIGURE 12.84 Create Custom Client Device Settings: State Messaging
85. FIGURE 12.85 Asset and Compliance Workspace: Device Collections
Chapter 13
1. FIGURE 13.1 Types of solutions
2. FIGURE 13.2 The Azure portal
3. FIGURE 13.3 The Log Analytics box in Azure
4. FIGURE 13.4 Create a workspace.
5. FIGURE 13.5 Deployment succeeded
6. FIGURE 13.6 Microsoft Azure Log Analytics
7. FIGURE 13.7 The OMS portal with Azure Log Analytics
8. FIGURE 13.8 Azure Log Analytics is now enhanced.
9. FIGURE 13.9 The workspace upgrade is completed successfully.
10. FIGURE 13.10 The OMS Portal link
11. FIGURE 13.11 The Data Based on Last 1 Day box
12. FIGURE 13.12 Data Overview
13. FIGURE 13.13 OMS Portal Solutions Gallery
14. FIGURE 13.14 Security and Audit Solution
15. FIGURE 13.15 Solutions Gallery Add - Security and Audit
16. FIGURE 13.16 Azure Log Analytics processorutilization query
17. FIGURE 13.17 Azure Log Analytics disklatency query
18. FIGURE 13.18 Azure Log Analytics performance query
19. FIGURE 13.19 Azure Log Analytics totalperformance query
20. FIGURE 13.20 Azure Log Analytics securityevents query
21. FIGURE 13.21 Azure Log Analytics query for a specific reboot

Pages

C1
iii
iv
v
vi
vii
viii
ix
xxiii
xxiv
xxvi
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
E1

Senior Acquisitions Editor: Kenyon Brown
Development Editor: Kim Wimpsett
Technical Editor: Rodney R. Fournier
Production Editor: Barath Kumar Rajasekaran
Copy Editor: Kathy Carlyle
Editorial Manager: Pete Gaughan
Production Manager: Kathleen Wisor
Proofreader: Nancy Bell
Indexer: Johnna VanHoose Dinse
Project Coordinator, Cover: Brent Savage
Cover Designer: Wiley
Cover Image: © Thomas Northcut/Getty Images, Inc.

ISBN: 978-1-119-40497-2

ISBN: 978-1-119-40507-8 (ebk.)

ISBN: 978-1-119-40506-1 (ebk.)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2018935413

TRADEMARKS: Wiley, the Wiley logo, and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. Windows Server is a registered trademark of Microsoft Corporation. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

About the Authors

Brian Svidergol designs and builds infrastructure, cloud, and hybrid solutions. He holds many industry certifications including the Microsoft Certified Trainer (MCT) and Microsoft Certified Solutions Expert (MCSE) – Cloud Platform and Infrastructure. Brian is the author of several books covering everything from on-premises infrastructure technologies to hybrid cloud environments. He has worked with startup organizations and large Fortune 500 companies on design, implementation, and migration projects.

Vladimir Meloski is a Microsoft Most Valuable Professional on Office Server and Services, Microsoft Certified Trainer and consultant, providing unified communications and infrastructure solutions based on Microsoft Exchange Server, Skype for Business, Office 365, and Windows Server. With a bachelor's degree in computer sciences, Vladimir has devoted more than 20 years of professional experience in information technology. Vladimir has been involved in Microsoft conferences in Europe and in the United States as a speaker, moderator, proctor for hands-on labs, and technical expert. He has been also involved as an author and technical reviewer for Microsoft official courses, including Exchange Server 2016, 2013, 2010, 2007, Office 365, and Windows Server 2016, 2012; and he is one of the book authors of Mastering Microsoft Exchange Server 2016. As a skilled IT professional and trainer, Vladimir shares his best practices, real-world experiences, and knowledge with his students and colleagues, and he is devoted to IT community development by collaborating with IT Pro and developer user groups worldwide. He enjoys his spare time in country with his son and wife.

Byron Wright is the owner of BTW Technology Solutions where he designs and implements solutions using Microsoft technologies. He has been a consultant, author, and instructor for 20 years, specializing in Windows Server, Active Directory, Office 365, and Exchange Server. Byron was a Microsoft MVP for Exchange Server/Office 365 from 2012–2015.

Santos Martinez was born in Caguas, Puerto Rico, in 1982, and grew up in Caguas. Santos has more than 18 years of experience in the IT industry. He has worked on major implementations and in support of Configuration Manager and Enteprise Mobility + Security for many customers in the United States and Puerto Rico. Santos was a Configuration Manager engineer for a Fortune 500 financial institution and an IT consultant before joining Microsoft. For the Fortune 500 companies, he helped with the implementation and support of more than 200+ Configuration Manager Site Server and support of more than 300,000 Configuration Manager and Intune clients worldwide.

Santos was a SQL Server MVP from 2006 to 2009 and then a ConfigMgr MVP from 2009 to 2011. He is well known in the Microsoft communities as a mentor for other MVPs, Microsoft FTEs, and for helping other IT community members. He has also participated in Microsoft TechEd, MMS, and Ignite as a technical expert for Configuration Manager, Database, and Microsoft Intune. Santos is also a former Puerto Rican martial arts champion and currently holds a Six Degree black belt in TaiFu-Shoi Karate-Do where he earned the title of Shihan Sensei.

Santos and Karla, a pastry chef, have been married for 16 years and have two kids, Bryan Emir and Naomy Arwen. Santos currently is a senior program manager for Microsoft in the Enterprise Management and Mobility Product Group. You can follow him on Twitter (@ConfigNinja) or at his blog (http://aka.ms/ConfigNinja).

Doug Bassett has been involved in the computer industry since the early 1980s when he taught a high school computer science class, while still a high school student. Doug has many certifications from Microsoft, Cisco, CompTIA, and others, and has been MCSE certified since the old Windows NT days. Doug has also been a Microsoft Certified Trainer (MCT) for over 20 years. He was one of the first 100 people in the world to certify on Windows 2008. Doug has lectured at both Apple and Microsoft corporate headquarters and was invited by Microsoft to present at the Microsoft world conference in Barcelona, Spain, on virtual classroom and online learning. Doug is currently teaching live classes over the Internet and enjoys not having to shovel snow while living in Arizona.

Introduction

Welcome to Mastering Windows Server 2016. This book covers Windows Server 2016 and the core technologies built into the operating system. It has a mix of content ranging from networking, identity and access, storage, and much more. We don't cover every single feature or option but focus on providing a deep understanding of the key topics that we cover throughout the chapters. This book is best read from front to back and can later used as a reference.

Major Changes in Windows Server 2016

Most of the major components of Windows Server 2016 have new features, enhancements, and changes for Windows Server 2016. With that said, most of the changes involve improvements to existing services and the introduction of new features. Throughout the chapters, we will look at some of these new features in detail. The following major changes represent the changes that we feel stand out from the rest:

Nested Virtualization With nested virtualization, a brand new feature for Windows Server 2016, you can deploy a Hyper-V host inside of a VM. This simplifies the process for testing failover clustering and for testing a variety of virtualization-related features and configurations. Note that nested virtualization is best suited for nonproduction environments, such as a lab environment. See Chapter 3 for more information.
Shielded Virtual Machines This new feature enhances the security of Hyper-V hosts and VMs. It protects against scenarios such as malicious administrators trying to view the console or trying to view the data on the virtual hard disks. See Chapter 3 for more information.
Device Guard and Credential Guard These new features protect Generation 2 VMs against exploits. See Chapter 8 for more information.
Privileged Access Management (PAM) PAM enhances the security of Active Directory Domain Services environments by completely changing the way many administrators manage their environments. See Chapter 9 for more information.
Storage Spaces Direct This new feature provides a highly available and highly scalable storage solution using local server storage. See Chapter 4 for more information.
Software Defined Networking (SDN) There are many new enhancements to networking in Windows Server 2016. SDN enables you to configure your on-premises environment like Azure and manage it using System Center Virtual Machine Manager. See Chapter 5 for more information.
Containers Containers are a feature that offers a way for app teams to have a prepackaged way to deploy app environments quickly (for example, IIS with ASP.NET). The container contains everything an app team needs—and the container is portable; it can run on-premises or in the public cloud. See Chapter 7 for more details.
Nano Server When Microsoft introduced the Server Core installation of Windows Server, it was lauded for the small size, small requirements, high performance, and enhanced security. Nano Server went a step further (albeit with more limitations). Initially, it was just a smaller footprint deployment, without a GUI, that could run some core roles such as Hyper-V and Scale-Out File Server. However, recently Microsoft announced some big changes for Windows Server 2016 (release 1709). With 1709, Nano Server will no longer support the core roles such as Hyper-V. Instead, it will be dedicated for containers and be geared for the cloud. Nano Server is introduced in Chapter 1.

The Mastering Series

The Mastering series from Sybex provides outstanding instruction for readers with intermediate and advanced skills in the form of top-notch training and development for those already working in their field, and clear, serious education for those aspiring to become pros. Every Mastering book includes the following:

Skill-based instruction with chapters organized around real tasks rather than abstract concepts or subjects
End of chapter “Master It” scenarios to test your knowledge of the information in the chapter

How to Use This Book

How you use this book will depend on your goals and your level of experience across the Windows Server technologies. For example, if you have limited experience with Windows Server, then reading the book from front to back might provide the best experience. If you are an experienced server administrator but want to learn more about the networking components of Windows Server 2016, then you might want to go straight to the networking-related chapters. If you are studying for a certification exam, you might want to read specific topics from various chapters to strengthen your knowledge in very specific areas. While the book is ordered so that it is easiest to read it front to back, take the path that best suits your experience and goals.

In several parts of the book, we will perform step-by-step installations and configurations. We highly recommend that you perform those same steps in your lab or nonproduction environment (whether at home or at work). Reading about a technology is good for learning. Deploying, troubleshooting, and maintaining a technology is good for learning. Doing both is great for learning!

Windows Server is a huge product. There is a plethora of technologies in it—and the technologies are complex, much more so than in previous versions (especially older and legacy versions) of Windows Server. Therefore, as authors, we must pick and choose exactly what we cover while still trying to keep the book manageable in size. In general, for this book, we have opted to cover the most used parts of Windows Server, and we try to go into detail in specific parts of every chapter. Lastly, we avoid the introductory information unless it is imperative to the topic. Our readers have historically been experienced administrators who are looking to enhance their knowledge of the newest version of Windows Server. Therefore, we try to avoid material that is “too basic” for our typical reader.

How This Book Is Organized

Each Mastering Windows Server 2016 chapter represents a milestone in your progress toward becoming an expert Windows Server 2016 user. We start off by walking you through the installation, Server Manager, and PowerShell. It is a good way to start and enables you to have a Windows Server 2016 computer to reference while working through the step-by-step sections of chapters. It is also good to know the tools that we are going to reference throughout the book (especially PowerShell) before we dive into them!

Chapter 1, “Windows Server 2016 Installation and Management,” shows you how to install Windows Server 2016 and how to work with Server Manager for server administration.
Chapter 2, “PowerShell,” details how to work with PowerShell. It covers a huge amount of information in a single chapter and will be especially beneficial to readers who aren't well-versed in PowerShell yet.

After you have an installation and know your way around the management of Windows Server, you are ready to dive deeper into the foundational technologies.

Chapter 3, “Compute,” is all about the compute portions of Windows Server, such as Hyper-V and failover clustering.
Chapter 4, “Storage,” details file systems, data deduplication, Storage Spaces, Storage Replica, and Storage Quality of Service.
Chapter 5, “Networking,” dives into remote access, DNS, DHCP, and a host of new networking technologies in Windows Server 2016.

At this point, you'll have a pretty good grasp of the basics of Windows Server 2016 and understand some of the new technologies. The next chapters are designed to help you branch out into smaller (but still important) technologies in Windows Server.

Chapter 6, “File Services,” tells you how to implement and manage file services—not just shared folders but the advanced aspects of managing file services.
Chapter 7, “Windows Server Containers,” explains what containers are, how they work, and how to create and manage them. This technology is new and rapidly evolving.
Chapter 8, “Security Mechanisms,” is where you'll learn about Just Enough Administration (JEA), Just In Time (JIT) administration, Credential Guard, and other new security features in Windows Server 2016.

Several Active Directory technologies are built into Windows Server 2016. In this book, we cover the three most deployed. We exclude AD LDS and AD RMS.

Chapter 9, “Active Directory Domain Services,” covers AD DS, including information about design and architecture, deployment, and day-to-day administration.
Chapter 10, “Active Directory Certificate Services,” covers AD CS and public key infrastructure technologies. It also walks through a step-by-step two-tier hierarchy.
Chapter 11, “Active Directory Federation Services,” takes you through AD FS and design considerations. Then, it walks you through a step-by-step implementation of AD FS and Web Application Proxy.

Earlier in the book, we cover managing servers one at a time with Server Manager and PowerShell. In this part of the book, we look at managing servers at the enterprise level where automation and self-service are keys to successful management.

Chapter 12, “Management with System Center,” introduces you to the entire suite of Microsoft System Center. It walks through deployment and configuration, as well as introduces the concepts around enterprise management.
Chapter 13, “Management with OMS,” shows you how to use Microsoft Operations Management Suite OMS), an Azure service, to manage your on-premises and cloud-based Windows servers.

Getting More Information

In each chapter, you will see links to external sources for additional information. Whenever you have an interest in a particular topic and we link to an external resource, you should opt to spend a few minutes exploring that content. We specifically tried to link to value-adding material that complements and sometimes expands upon the information in the book.

Errata

We hope that Mastering Windows Server 2016 will be of benefit to you and that, after you've read the book, you'll continue to use the book as a reference. Please note that while we have made every effort toward accuracy, sometimes software updates will cause a screenshot to look slightly different than the interface you see on your screen. You should still be able to follow along with the instructions given. However, if you find errors, please let our publisher know by emailing to errata@wiley.com.

Thanks for choosing Mastering Windows Server 2016!