A
access-denied assistance, 247
Active Directory Domains and Trusts, 6
Active Directory Federation Services, 74
Active Directory Recycle Bin, 12–13
Active Directory Sites and Services, 6
Active Directory Users and Computers, 5
Delegation of Control Wizard, 5
tasks, 5
View Advanced Features function, 5
Active Directory-integrated zones, 186–187
AD DS (Active Directory Domain Services), 1, 9. See also Azure AD; domain(s)
backup, 10
DNS integration, 186, 188, 192
Active Directory-integrated zones, 186–187
alias (CNAME) records, 191
conditional forwarders, 193
host records, 190
MX (mail exchanger) records, 191
pointer records, 191
resource records, 190, 194–195
scavenging, 192
secondary zones, 188
stub zones, 193
unknown records, 191
zone delegation, 190
authentication and, 18
functional levels, 19
trees and, 18
DSRM (Directory Services Restore Mode), 7–8
forests, 16
Group Policy, 83. See also AGPM (Advanced Group Policy Management); Group Policy
Administrative template, 92–93
caching, 91
implementing, 95
import and copy GPOs, 85
WMI filters, 90
groups, 47
integration with other AD instances, 71
metadata cleanup, 21
partitions, 41
password(s)
policy items, 75
settings permissions, 76
replication, 41
conflict resolution, 43
KCC (Knowledge Consistency Checker), 42
managing and monitoring, 44
multi-master, 42
store and forward, 42
triggering, 44
security, 45
link bridges, 40
subnets, 38
snapshots, 22
external, 32
name suffix routing, 35
netdom.exe and, 34
realm, 33
shortcut, 32
transitivity, 30
ADAC (Active Directory Administrative Center), 3
Powershell and, 3
Add-Clusternode cmdlet, 257
Add-Computer cmdlet, 52
Add-DhcpServer4Filter cmdlet, 209
Add-DHCPServer4Scope cmdlet, 205
Add-DHCPServer6Scope cmdlet, 205
Add-DhcpServerv4SuperScope cmdlet, 206
Add-DNSPrimaryZone cmdlet, 189
Add-DnsServerConditionalForwarderZone cmdlet, 193
Add-DNSServerDirectoryPartition cmdlet, 187
Add-DnsServerPrimaryZone cmdlet, 187
Add-DNSServerQueryResolutionPolicy cmdlet, 199
Add-DNSServerSecondaryZone cmdlet, 188
Add-DnsServerStubZone cmdlet, 193
Add-DnsServerZoneDelegation cmdlet, 190
ADDomainMode cmdlet, 19
Add-VMAssignableDevice cmdlet, 134
administration tools, Windows Server, 100
jump servers, 101
PAWs (Privileged Access Workstations), 100–101
remote access and, 100
WAC (Windows Admin Center), 102–105
AGPM (Advanced Group Policy Management), 88–89
alias (CNAME) records, 191
ARM (Azure Resource Manager), templates, 53
assessment, Windows update compliance, 119
authentication
intra-forest, 18
NPS and, 223
pass-through, 74
on-premises environments and, 73
Azure AD, 1, 2. See also domain controllers
Connect Health, 72
deleted items, restoring, 15
Active Directory Recycle Bin, 12–13
AD DS (Active Directory Domain Services), 10
non-authoritative restore, 15
integration with other AD instances, 71
using Active Directory Domains and Trusts, 6
using AD sites and Services, 6
using AD Users and Computers, 5
using ADAC (Active Directory Administrative Center), 3–4
Password Protection, 82
cloud sync, 67
SQL Server, 57
Azure AD DS
domain join, 70
integration with other AD instances, 71
managing, 68
Azure App Service Hybrid Connections, 230–231
Azure Arc, 114
connecting to Windows Server instances, 115–116
Azure Automation
Hybrid Runbook Worker, 123–124
runbooks, 123
State Configuration, 124
Azure Bastion, connecting to IaaS VMs, 178
Azure DNS, integrating with Windows Servers DNS, 193–194
Azure Extended Network, 219–220
Azure File Sync, 233
cloud endpoints, creating, 235
cloud tiering, 237
server endpoints, creating, 236
storage sync service, deploying, 234
sync groups, creating, 234–235
Azure Monitor, 120
agent, 121
data collection, 120
installing, 121
Log Analytics workspace, 120
Azure Network Adapter, 219
Azure Policy guest configuration, 116–117
Azure Serial Console, connecting to IaaS VMs, 179
Azure Virtual WAN, 229
B
Active Directory Recycle Bin, 12–13
AD DS (Active Directory Domain Services), 10
checkpoints and, 137
non-authoritative restore, 15
bandwidth management, Hyper-V, 155
basic disks, 252
C
cloning, virtual domain controllers, 16
cloud endpoints, creating, 235
Cloud Shell, 122
cloud sync, 67
cloud tiering, 237
cmdlets, 3
Add-Clusternode, 257
Add-Computer, 52
Add-DhcpServer4Filter, 209
Add-DHCPServer4Scope, 205
Add-DHCPServer6Scope, 205
Add-DhcpServerv4SuperScope, 206
Add-DNSPrimaryZone, 189
Add-DnsServerConditionalForwarderZone, 193
Add-DNSServerDirectoryPartition, 187
Add-DnsServerPrimaryZone, 187
Add-DNSServerQueryResolutionPolicy, 199
Add-DNSServerSecondaryZone, 188
Add-DnsServerStubZone, 193
Add-DnsServerZoneDelegation, 190
ADDomainMode, 19
Add-VMAssignableDevice, 134
DNSServerCache, 197
Enable-PSRemoting, 106–107, 129
Enter-PSSession, 107, 129, 130
Get-ADTrust, 34
Get-Command-Module <modulename>, 106
Get-NetAdapter, 131
Get-PSSessionConfigurationFile, 113
Get-SRPartnership, 260
Get-StoragePool, 254
getting help with, 106
GPO management, 84
Install-ADDSForest, 9
Install-ADServiceAccount, 49
Invoke-Command, 108
Move-ADDirectoryServer, 40
New-ADDCCloneConfig, 16
New-ADReplicationSiteLink, 40
New-ADReplicationSubnet, 38
New-AzADServicePrincipal, 115–116
New-NetNAT, 131
New-StorageQosPolicy, 262
New-VMSwitch, 131
Register-PSSessionConfiguration, 113
Set-ADComputer, 50
Set-ADForestMode, 20
Set-ADObject, 9
Set-DhcpServerv4DnsSetting, 207
Set-PhysicalDisk, 254
Set-SRPartnership, 260
Test-SRTopology, 259
Uninstall-ADDSDomainController, 21
commands
Docker, 160
docker load, 166
docker rmi, 166
docker save, 166
docker tag, 166
get-credential, 107
netdom trust, 34
compliance, Windows update, 119
computer accounts, 47
conditional forwarders, 193
conflict resolution, 43
connection request policies, 220
creating, 224
Realm and RADIUS attributes, 223
Active Directory Domains and Trusts, 6
Active Directory Sites and Services, 6
Active Directory Users and Computers, 5
Delegation of Control Wizard, 5
tasks, 5
View Advanced Features function, 5
ADAC (Active Directory Administrative Center), 3
Powershell and, 3
constrained delegation, 108
container(s), 158. See also Docker
host, 159
Hyper-V isolation, 160
image dependency, 159
managing, 166
modifying, 168
Layer 2 Bridge mode, 171
transparent mode, 170
process isolation, 160
sandbox, 159
Windows, service accounts, 164–165
continuous delivery, IaaS VMs and, 176
copying, VMs, 153
core scheduler, Hyper-V, 135–136
CPU groups, 135
creating
Azure File Sync endpoints, 236
cloud endpoints, 235
connection request policies, 224
container images
from a container, 171
shared folders, 240
CSVs (Cluster Shared Volumes), 143
D
DANE (DNS-based Authentication of Named Entities), 198
data disks, 174
DDA (Discrete Device Assignment), 133–134
defragmentation, Active Directory database, 20–21
delegation, 108
Delegation of Control Wizard, Active Directory Users and Computers, 5
deployment
virtualized, 9
IPAM, 200
DFS (Distributed File System), 248
replicated folders and targets, 250
schedules, 251
DHCP (Dynamic Host Configuration Protocol)
failover, 209
name protection, 207
policies, 208
multicast, 206
split, 207
super, 206
server role, deploying, 203–204
differencing disks, 149
DirectAccess, 216
NLS (Network Location Server), 218–219
Directory Services Restore Mode, authoritative restore, 14–15
disks. See also storage
basic, 252
dynamic, 252
partitions, 252
DNS (Domain Name System), 186, 188, 192. See also IPAM
cache locking, 197
conditional forwarders, 193
DANE (DNS-based Authentication of Named Entities), 198
netmask ordering, 197
policies, 199
records
alias (CNAME), 191
host, 190
MX (mail exchanger), 191
pointer, 191
unknown, 191
recursion, 197
response rate limiting, 198
scavenging, 192
socket pool, 196
spoofing, 196
Windows Server, event logs, 196
zone(s)
Active Directory-integrated, 186–187
delegation, 190
secondary, 188
stub, 193
DNSSEC (Domain Name System Security Extensions), 194–195
DNSServerCache cmdlet, 197
Docker, 160
commands, 160
docker load command, 166
docker rmi command, 166
docker save command, 166
docker tag command, 166
domain naming master, 27
infrastructure master, 28
PDC emulator, 28
RID master, 28
schema master, 27
seizing, 29
installing, from media, 8
KCC (Knowledge Consistency Checker), 42
moving, 40
physical security, 24
read-only, 24
local administrators, 26
USNs (update sequence numbers), 43
domain local groups, 48
computer accounts and, 47
functional levels, 19
joining, 70
trust(s), 30
external, 32
name suffix routing, 35
netdom.exe and, 34
realm, 33
shortcut, 32
transitivity, 29
DSC (Desired State Configuration), 124
dynamic
disks, 252
quorum, 142
Dynamic Virtual Machine Queue, 156
E
editing, GPOs, 87
Enable-PSRemoting cmdlet, 106–107, 129
encryption
IaaS VMs, 175
endpoints
Azure File Sync, creating, 236
cloud, 235
Enhanced Session Mode, 130
Enter-PSSession cmdlet, 107, 129, 130
ESAE (Enhanced Security Administrative Environment), forests, 20
event logs, DNS, 196
exporting, VMs, 153
extensions
Extended Network, 220
WAC (Windows Admin Center), 104
external switches, 157
external trusts, 32
F
failover
clustering, 140
Active Directory detached clusters, 143–144
cluster node weight, 142
cluster quorum, 141
Cluster Shared Volumes, 143
dynamic quorum, 142
Force Quorum Resiliency, 143
host cluster storage, 140
preferred owner and failover settings, 144
VM Network Health Detection, 144
DHCP, 209
fan-out administration, 107
FAT/FAT32, 265
file screen(s), 241
templates, 243
filesystems
FAT/FAT32, 265
fine-grained password policies, 76–77
domain naming master, 27
infrastructure master, 28
PDC emulator, 28
RID master, 28
seizing, 29
authentication and, 18
ESAE (Enhanced Security Administrative Environment), 20
FSRM (File Server Resource Manager)
access-denied assistance, 247
file management tasks, 246
G
gateway server, 103
Get-ADTrust cmdlet, 34
Get-Command-Module <modulename> cmdlet, 106
get-credential command, 107
Get-NetAdapter cmdlet, 131
Get-PSSessionConfigurationFile cmdlet, 113
Get-SRPartnership cmdlet, 260
Get-StoragePool cmdlet, 254
global groups, 48
GMSAs (group managed service accounts), 48, 49–50, 164–165
GPMC (Group Policy Management Console), 83–85
Group Policy, 83, 95, 247. See also AGPM (Advanced Group Policy Management)
Administrative template, 92–93
caching, 91
DNSSEC and, 195
GPOs
editing, 87
import and copy, 85
linking, 87
Modeling Wizard, 87
policy enforcement and blocking, 88–89
Results, 88
groups, 47
domain local, 48
global, 48
universal, 47
guest clusters, 145
shared virtual hard disk, 146
VHD Sets, 147
H
high availability
DHCP, 209
Hyper-V failover clusters, 140
Active Directory detached clusters, 143–144
cluster node weight, 142
cluster quorum, 141
Cluster Shared Volumes, 143
dynamic quorum, 142
Force Quorum Resiliency, 143
host cluster storage, 140
preferred owner and failover settings, 144
VM Network Health Detection, 144
Hyper-V guest clusters, 145
shared virtual hard disk, 146
VHD Sets, 147
Hyper-V live migration, 147–148
configuring replica servers, 138
configuring VM replicas, 138–139
host records, 190
HVC.exe, VM management, 130
hybrid workloads, Azure Automation and, 123–124
CPU groups, 135
Enhanced Session Mode, 130
failover clusters, 140
Active Directory detached clusters, 143–144
cluster node weight, 142
cluster quorum, 141
Cluster Shared Volumes, 143
dynamic quorum, 142
Force Quorum Resiliency, 143
host cluster storage, 140
preferred owner and failover settings, 144
VM Network Health Detection, 144
guest clusters, 145
shared virtual hard disk, 146
VHD Sets, 147
integration services, 133
isolation, 160
nested virtualization, 130–131
dynamic memory, 131
networking, 131
network adapter
network isolation, 155
NIC teaming, 156
optimizing network performance, 155
bandwidth management, 155
Dynamic Virtual Machine Queue, 156
configuring replica servers, 138
configuring VM replicas, 138–139
storage optimization
deduplication, 152
storage tiering, 152
virtual hard disks
differencing disks, 149
dynamically expanding disks, 149
fixed-size disks, 149
formats, 148
modifying, 150
Storage QoS, 151
Virtual Fibre Channel adapters, 151
virtual switches, 156
external, 157
internal, 157
private, 157
I
IaaS VMs, 173
configuring continuous delivery, 176
connecting
with Azure AD account, 176–177
JIT access, 178
with Remote PowerShell, 177–178
using Azure Bastion, 178
using Azure Serial Console, 179
using Windows Admin Center, 178
data disks, 174
encryption, 175
images, 174
NSGs and, 181
shared disks, 174
snapshots, 175
virtual networks, 179–180, 181
identities, hybrid, 54
importing, VMs, 153
inactive accounts, 82
infrastructure master, 28
Install-ADDSForest cmdlet, 9
Install-ADServiceAccount cmdlet, 49
installing
Azure Monitor, 121
BranchCache, 247
domain controllers, 8
WAC (Windows Admin Center), 103–104
integration services, 133
internal switches, 157
intra-forest authentication, 18
Invoke-Command cmdlet, 108
IP addressing
reservations, 208
troubleshooting, 204
IPAM, 200
deployment, 200
IP address
space management, 202
server discovery, 201
IPsec, 215
J
JEA (Just Enough Administration), 109
role-capability files, 110–111
session-configuration files, 111–112
JIT (Just-in-Time) VM access, 178
joining
domains, 70
Windows Server to an Active Directory instance, 52–53
jump servers, 101
K
KCC (Knowledge Consistency Checker), 42
Kerberos
SPNs (service principal names), 52
L
L2TP, 215
LAN routing, 215
Layer 2 Bridge networks, 171
linking GPOs, 87
Linux
integration services, 133
VMs (virtual machines), HVC.exe and, 130
local administrators, RODC, 26
Local Service (NT AUTHORITYLocalService) account, 48
Local System (NT AUTHORITYSYSTEM) account, 48
Log Analytics, integrating with Windows Servers, 120–121
M
managing. See also administration tools
using Active Directory Domains and Trusts, 6
using AD sites and Services, 6
using AD Users and Computers, 5
using ADAC (Active Directory Administrative Center), 3–4
container images, 166
GMSAs (group managed service accounts), 49
VMs
using HVC.exe, 130
using PowerShell Direct, 130
using PowerShell remoting, 129
Windows Server instances, 113–116
Windows updates, 119
memory
dynamic, 132
nested virtualization and, 131
Microsoft Defender for Cloud, integrating with Windows Servers, 121–122
Microsoft Exchange Server, 2
modifying
containers, 168
virtual hard disks, 150
modules, PowerShell, 106
monitoring
replication, 44
Move-ADDirectoryServer cmdlet, 40
moving, domain controllers, 40
multi-master replication, 42
MX (mail exchanger) records, 191
N
name suffix routing, 35
NAT (network address translation), 169–170, 216
nested resiliency, 256
nested virtualization, 130–131
dynamic memory, 131
networking, 131
netdom trust command, 34
netdom.exe, 34
network adapters, Hyper-V
network isolation, 155
NIC teaming, 156
Network Service (NT AUTHORITYNetworkService) account, 49
networking, containers, 168–169
Layer 2 Bridge mode, 171
transparent mode, 170
New-ADDCCloneConfig cmdlet, 16
New-ADReplicationSiteLink cmdlet, 40
New-ADReplicationSubnet cmdlet, 38
New-AzADServicePrincipal cmdlet, 115–116
New-NetNAT cmdlet, 131
New-StorageQosPolicy cmdlet, 262
New-VMSwitch cmdlet, 131
NIC teaming, 156
NLS (Network Location Server), 218–219
non-authoritative restore, 15
non-Azure machines, deploying Azure services on, 117–118
NPS (Network Policy Server), 211, 220, 221. See also RADIUS servers
authentication, 223
connection request forwarding, 222
connection request policies, 220
Realm and RADIUS attributes, 223
IP filters, 224
IP settings, 225
network policies, creating, 225–227
templates, 227
NSGs (network security groups), IaaS VMs and, 181
ntdsutil.exe, 21
metadata cleanup, 21
snapshots, 22
O-P
one-to-many remoting, 107
one-way trust, 6
pass-through
authentication, 74
password(s)
DSRM (Directory Services Restore Mode), 7–8
lockout settings, 79
protection, 82
settings permissions, 76
PAWs (Privileged Access Workstations), 100–101
PDC emulator, 28
password, 76
Windows update deployment, 119
physical security, domain controllers and, 24
pointer records, 191
policy(ies). See also Group Policy
connection request, 220
creating, 224
Realm and RADIUS attributes, 223
DHCP, 208
DNS, 199
PowerShell
cmdlets, 3
Add-Clusternode, 257
Add-Computer, 52
Add-DhcpServer4Filter, 209
Add-DHCPServer4Scope, 205
Add-DHCPServer6Scope, 205
Add-DhcpServerv4SuperScope, 206
Add-DNSPrimaryZone, 189
Add-DnsServerConditionalForwarderZone, 193
Add-DNSServerDirectoryPartition, 187
Add-DnsServerPrimaryZone, 187
Add-DNSServerQueryResolutionPolicy, 199
Add-DNSServerSecondaryZone, 188
Add-DnsServerStubZone, 193
Add-DnsServerZoneDelegation, 190
ADDomainMode, 19
Add-VMAssignableDevice, 134
DNSServerCache, 197
Enable-PSRemoting, 106–107, 129
Enter-PSSession, 107, 129, 130
Get-ADTrust, 34
Get-Command-Module <modulename>, 106
Get-NetAdapter, 131
Get-PSSessionConfigurationFile, 113
Get-SRPartnership, 260
Get-StoragePool, 254
getting help with, 106
GPO management, 84
Install-ADDSForest, 9
Install-ADServiceAccount, 49
Invoke-Command, 108
Move-ADDirectoryServer, 40
New-ADDCCloneConfig, 16
New-ADReplicationSiteLink, 40
New-ADReplicationSubnet, 38
New-AzADServicePrincipal, 115–116
New-NetNAT, 131
New-StorageQosPolicy, 262
New-VMSwitch, 131
Register-PSSessionConfiguration, 113
Set-ADComputer, 50
Set-ADForestMode, 20
Set-ADObject, 9
Set-DhcpServerv4DnsSetting, 207
Set-PhysicalDisk, 254
Set-SRPartnership, 260
Test-SRTopology, 259
Uninstall-ADDSDomainController, 21
Direct, VM management, 130
Gallery, 106
GMSA management, 49
JEA (Just Enough Administration), 109
role-capability files, 110–111
session-configuration files, 111–112
modules, 106
VM management, 129
WAC (Windows Admin Center) and, 104–105
PPTP (Point-to-Point Tunneling Protocol), 215
private switches, 157
Process Automation, 123
process isolation, 160
protocols, VPN, 214
L2TP/IPsec, 215
PPTP, 215
SSTP, 215
PSOs (Password Settings Object), 77–78
Q-R
quotas, FSRM (File Server Resource Manager), 243–244
RADIUS servers, 211
proxies, 211
RBAC (remote-based access control), 109, 173–174
realm trusts, 33
ReFS (Resilient File System), 264–265
Register-PSSessionConfiguration cmdlet, 113
registration, Azure File Sync server, 235–236
Remote Access role service, 210
Remote Desktop, 2, 101–102, 130
RemoteFX, 134
repadmin tool, 44
replication
AD DS, 41
KCC (Knowledge Consistency Checker), 42
multi-master, 42
conflict resolution, 43
DFS, 250
replicated folders and targets, 250
schedules, 251
managing and monitoring, 44
triggering, 44
reservations, 208
resiliency
nested, 256
storage space, 253
Storage Spaces Direct, 256–257
resource
restoring. See backup and restore
Resultant Set of Policy tool, 92
RID (Relative ID) master, 28
RODCs (read-only domain controllers), 24, 187
local administrators, 26
role-capability files, 110–111
RSO (replicate-single-object) operation, 43–44
runbooks, 123
S
sandbox, 159
scavenging, 192
schema master, 27
search functionality, ADAC (Active Directory Administrative Center), 3–4
secondary zones, 188
second-hop remoting, 108
security
DNS (Domain Name System), 196
cache locking, 197
DANE (DNS-based Authentication of Named Entities), 198
netmask ordering, 197
policies, 199
recursion, 197
response rate limiting, 198
socket pool, 196
DNSSEC (Domain Name System Security Extensions), 194–195
physical, domain controllers, 24
seizing FMSO roles, 29
session-configuration files, 111–112
Set-ADComputer cmdlet, 50
Set-ADForestMode cmdlet, 20
Set-ADObject cmdlet, 9
Set-DhcpServerv4DnsSetting cmdlet, 207
Set-PhysicalDisk cmdlet, 254
SetSPN utility, 52
Set-SRPartnership cmdlet, 260
shared disks, 174
shared folders, 239–241. See also BranchCache
shortcut trusts, 32
link bridges, 40
subnets, creating, 38
site-to-site VPN, 228
SMTP (Simple Mail Transfer Protocol), reverse lookup zones and, 189
SPNs (service principal names), 52
spoofing, 196
SR-IOV (Single-Root I/O Virtualization), 155–156
SSTP (Secure Socket Tunneling Protocol), 214–215
State Configuration, 124
storage
disks
basic, 252
dynamic, 252
partitions, 252
Hyper-V
deduplication, 152
tiering, 152
pools, 253
space, 253
resiliency, 253
tiering, 254
trim, 255
supported configurations, 258–259
Storage Spaces Direct, 255
cluster nodes, 257
deployment options, 256
nested resiliency, 256
store and forward replication, 42
stub zones, 193
subnets, 38
synchronization, password, 73–74
T
tasks, Active Directory Users and Computers, 5
templates
ARM (Azure Resource Manager), 53
file screen, 243
NPS, 227
quota, 244
Test-SRTopology cmdlet, 259
tombstone reanimation, 15
tools. See also PowerShell
deployment account requirements, 57–58
Health, 72
SQL Server requirements, 57
Cloud Shell, 122
repadmin, 44
Resultant Set of Policy, 92
SetSPN, 52
Validate-DCB, 143
Windows Server administration, 100
jump servers, 101
PAWs (Privileged Access Workstations), 100–101
remote access and, 100
WAC (Windows Admin Center), 102–105
topologies, DirectAccess, 216–217
transitivity, trust, 30
transparent networks, 170
triggering, replication, 44
trim, 255
troubleshooting
IP address issues, 204
Trust Anchor, 195
external, 32
name suffix routing, 35
netdom.exe and, 34
realm, 33
shortcut, 32
transitivity, 30
two-way trust, 6
U
UGMC (universal group membership caching), 10
Uninstall-ADDSDomainController cmdlet, 21
universal groups, 47
unknown records, 191
updates, Windows, 118
compliance, 119
managing permissions, 119
UPN (user principal name) suffixes, 63–65
user accounts, 45–46. See also password(s)
inactive, 82
locked-out, 81
lockout settings, 79
UPN (user principal name) suffixes, 63–65
USNs (update sequence numbers), 43
V
Validate-DCB tool, 143
VHD Sets, 147
virtual accounts, 50
virtual domain controllers, 9, 16, 23
virtual hard disks
differencing disks, 149
dynamically expanding disks, 149
fixed-size disks, 149
formats, 148
modifying, 150
Virtual Fibre Channel adapters, 151
virtual switches, 156
external, 157
internal, 157
private, 157
virtualization
Hyper-V, 127. See also Hyper-V
dynamic memory, 131
networking, 131
VLAN tagging, 155
VMs (virtual machines). See also Hyper-V
CPU groups, 135
DDA (Discrete Device Assignment), 133–134
dynamic memory, 132
Enhanced Session Mode, 130
exporting, 153
high availability, Hyper-V Replica, 137–140
IaaS, 173
configuring continuous delivery, 176
data disks, 174
encryption, 175
images, 174
NSGs and, 181
shared disks, 174
snapshots, 175
virtual networks, 179–180, 181
importing, 153
integration services, 133
managing
using HVC.exe, 130
using PowerShell Direct, 130
using PowerShell remoting, 129
nested virtualization, 130–131
dynamic memory, 131
networking, 131
optimizing network performance, 155
bandwidth management, 155
Dynamic Virtual Machine Queue, 156
VPN
Docker, 1
IaaS virtual networks and, 181
protocols, 214
L2TP/IPsec, 215
PPTP, 215
SSTP, 215
server configuration, 213
site-to-site, 228
W
WAC (Windows Admin Center), 102–103
configuring a target machine, 105
extensions, 104
managing Azure hybrid services, 105
showing PowerShell source code, 104–105
Web Application Proxy, 227
Windows Admin Center, 2, 3, 178
Windows Server, 124
administration tools, 100
jump servers, 101
PAWs (Privileged Access Workstations), 100–101
remote access and, 100
WAC (Windows Admin Center), 102–105
Backup, 10
checkpoints, 136
container(s)
DHCP (Dynamic Host Configuration Protocol) server role, deploying, 203–204
DNS, 196
cache locking, 197
DANE (DNS-based Authentication of Named Entities), 198
event logs, 196
netmask ordering, 197
policies, 199
recursion, 197
response rate limiting, 198
socket pool, 196
integration
with Azure DNS private zones, 193–194
with Microsoft Defender for Cloud, 121–122
joining to an Active Directory instance, 52–53
LAN routing, 215
authentication, 223
connection request forwarding, 222
connection request policies, 220, 223–224
IP settings, 225
network policies, creating, 225–227
templates, 227
RemoteFX, 134
updates, 118
compliance, 119
managing permissions, 119
X-Y-Z
zone(s)
Active Directory-integrated, 186–187
delegation, 190
secondary zones, 188
Trust Anchor, 195
13.58.119.195