Session Objective(s):
• Certification Overview
• Exam preparation per section
• Describe key 70-741 exam objectives
• Prepare more effectively using the available study material
• Relate practical Windows Server 2016 experience to the exam
Why to
Certify ?
MCSA Windows Server 2016 certification path
MCSA: Windows Server 2016
OR
Add-DnsServerResourceRecord
-ZoneName "contoso.com" -A -Name
"www.career" -IPv4Address "65.55.39.10"
Add-DnsServerResourceRecord
-ZoneName "contoso.com" -A -Name
"www.career" -IPv4Address "10.0.0.39”
-ZoneScope "internal“
Add-DnsServerQueryResolutionPolicy
-Name "SplitBrainZonePolicy" -Action
ALLOW -ServerInterface "eq,10.0.0.56"
-ZoneScope "internal,1" -ZoneName
contoso.com
Key Tips to Remember
A. Add a second Address (A) record for 10.10.5.254 and point it to www2.tailspintoys.com.
B. Add a second Address (AAAA) record for 10.10.5.254 and point it to www2.tailspintoys.com.
C. Add a PTR record for www2.tailspintoys.com and point it to 10.10.5.254.
D. Add a PTR record for 10.10.5.254 and point it to www2.tailspintoys.com.
02 | Implement DHCP
(15-20%)
• Install and configure DHCP
• Install and configure DHCP servers, authorize a DHCP server
• Create and configure scopes, create and configure superscopes and multicast
scopes
• Configure a DHCP reservation, configure DHCP options
• Configure DNS options from within DHCP
• Configure policies
• Configure client and server for PXE boot
• Configure DHCP Relay Agent, Implement IPv6 addressing using DHCPv6
• Perform export and import of a DHCP server
• Perform DHCP server migration
Install and Configure DHCP Service
• Understand the DHCP options available
Implement an advanced DHCP solution
Create and configure superscopes
• Handles multiple networks
• Add-DhcpServerv4Superscope
Create and configure multicast scopes
• Stream packets
DHCPv6
• Stateful and stateless configurations
• Add-DhcpServerv6Scope –Name”Name”-Prefix <Address>
Windows Server 2016 DHCP Server role no longer supports NAP !
• Manage and maintain DHCP
services
Windows Server 2016 IPAM
• IP addressing management of physical
• Tracking activity of
and virtual networks (SCVMM
IP address/user/mc
integration)
• IP utilization & Unified IP
address • Integrated IP addressing, DNS and
trend
Mgmt. DHCP management
• Audit config
AD FS AD DS
Web Application
Proxy LOB
Client devices applications
Firewall Firewall
Internet Microsoft
applications
Corporate network
Example question
You are configuring a web application proxy (WAP) to provide external access to corporate
applications. Users will typically be using untrusted internet connections outside the corporate
firewall.
You need to configure Active Directory Federation Services ( AD FS) to protect applications
from unauthorized access. The configuration must meet the following requirements:
User credentials cannot be sent as part of the authentication request.
All users will access the applications by using a private computer secured by the user's local
credentials.
The most secure authentication method should be chosen.
Which type of authentication should you use?
A. Windows
B. Username
C. Basic
D. Certificate
Example question
You are configuring a web application proxy (WAP) to provide external access to corporate
applications. Users will typically be using untrusted internet connections outside the corporate
firewall.
You need to configure Active Directory Federation Services ( AD FS) to protect applications
from unauthorized access. The configuration must meet the following requirements:
User credentials cannot be sent as part of the authentication request.
All users will access the applications by using a private computer secured by the user's local
credentials.
The most secure authentication method should be chosen.
Which type of authentication should you use?
A. Windows
B. Username
C. Basic
D. Certificate
How DirectAccess works for internal clients
Internal client Active
AD DS Directory
domain
Internet
Internet computers domain controller
controller
websites
websites DNS server
Connection
security rules
DirectAccess NRPT
server
Network
location
server
CRL distribution Internal network
point resources
How DirectAccess works for external clients
DirectAccess
DNS server server
Internet
websites
Active Directory
domain controller
DNS server
re
ctu
tru
ras
et
ran
Inf
Connection Int
security
rules
Internal network
NRPT resources
External
client
computers
DirectAccess
Implement server requirements
• No longer requires PKI (can use Kerberos proxy over HTTPS instead along with port 443)
• New simplified deployment but then won’t get force tunneling, Network Access Protection
(NAP) integration, or two-factor authentication
• Can use a single NIC card behind NAT (Windows Server 2012 required)
• Remote access servers and all client computers must be domain members
• IPv6 not required and IPv6 transition technologies are used (however, IPv6 = best
performance)
• If using internal CA or self-signed certificate, CRL distribution point must be available
externally
Implement client configuration
• Need to have security groups in place and then create GPOs
DirectAccess offline domain join
• Join a domain without physical or VPN connection
• Implement Network Policy Server (NPS)
Yes No Go to next
Are there Does connection policy
No policies to Yes attempt match
process? policy conditions?
Yes
Is the remote access
permission for the user
No account set to Deny Access?
Yes Reject
No connection
attempt
Is the remote Is the remote access
Reject
Yes access No permission on the
connection permission for policy set to Deny
attempt the user account remote access
set to Allow permission?
Access? Yes Accept
connection
No Does the attempt
connection attempt
match the user
object and profile
settings?
Configure NPS policies
Configure connection request policies
• Policies have conditions such as connection type, day/time, network, computer
• Useful to authenticate untrusted domain (proxy policy first in the policy order) while still
authenticating locally via NPS (to AD DS)
• If no local processing by NPS, then server is a proxy (can forward one place or multiple)
Configure network policies for VPN clients (multilink and bandwidth
allocation, IP filters, encryption, IP addressing)
• Watch for default installation questions
• Can use IP filters to enhance security, limit traffic type (IPv4 and IPv6)
Manage NPS templates
• Can use templates for shared secrets, RADIUS clients, RADIUS servers, IP filter, health policies,
and remediation server groups (minimize administrative overhead, speed up deployment)
• Can export templates to .XML file and import to another server
05 | Implement core and Distributed
Network Solutions
(10-15%)
• Implement IPv4 and IPv6 addressing
Tunneling
• Automatic or Manual Configuration
• 6to4
• ISATAP
• Teredo
• PortProxy
• Implement Distributed File System (DFS) and
Branch Office solutions
• Install and configure DFS namespaces
• Configure DFS replication targets
• Configure replication scheduling
• Configure Remote Differential Compression (RDC) settings
• Configure staging
• Configure fault tolerance
• Clone a Distributed File System Replication (DFSR) database
• Recover DFSR databases
• Optimize DFS Replication
• Install and configure BranchCache
• Implement distributed and hosted cache modes
• Implement BranchCache for web, file, and application servers
• Troubleshoot BranchCache
Planning for DFS
User in New York Server in New York
2
1
\\Contoso.com\Marketing
DFS
1 \\NYC-SRV-01\ProjectDocs Replication
Folder
Targets \\LON-SRV-01\ProjectDocs
Namespace
2
User in London Server in London
Head Office
Branch Office
(Hosted Cache Mode)
Branch Office
(Distributed Cache Mode)
Example question
You are a system administrator for Contoso, Ltd. You have a main office and a branch
office. The main office has a single file server. The branch office does not have a
secure facility to house servers and has a high latency connection to the main office.
You need to improve the performance when branch offices users access documents
from the file server.
• Implement NIC Teaming or the Switch Embedded Teaming (SET) solution, and
identify when to use each
• Enable and configure Receive Side Scaling (RSS)
• Enable and configure network Quality of Service (QoS) with Data Center Bridging
(DCB)
• Enable and configure SMB Direct on Remote Direct Memory Access (RDMA)
enabled network adapters; enable and configure SMB Multichannel
• Enable and configure virtual Receive Side Scaling (vRSS) on a Virtual Machine
Queue (VMQ) capable network adapter
• Enable and configure Virtual Machine Multi-Queue (VMMQ)
• enable and configure Single-Root I/O Virtualization (SR-IOV) on a supported
network adapter
Converged Networking
DCB policies
configured for
Mgmt, Storage, VM VM
Migration & vNIC vNIC
Clustering traffic.
Physical Physical
server network
Woodgrove Bank
SQL 10.1.1.1 SQL SQL WEB WEB
CA PA VSID
WEB 10.1.1.2
10.1.1.1 192.168.1.10 6001
10.1.1.2 192.168.1.12 10.1.1.1 10.1.1.1 10.1.1.2 10.1.1.2
CA spaces
Network Controller Overview
• Highly available and scalable server
role
• Southbound API for NC to communicate with the network Management Network aware
• Northbound API allows you to communicate with the NC applications applications
• Southbound API
• Network Controller can discover network devices, detect service Network
configurations, and gather all of the information you need about Controller
the network
• Provides pathway to send information to the network
infrastructure, such as configuration changes that you have made
Virtual network
• Northbound API (Rest interface) infrastructure
• Provides you with the ability to gather network information from
Network Controller and use it to monitor and configure the Physical network
network infrastructure
• Configure, monitor, troubleshoot, and deploy new devices on the
network by using Windows PowerShell, REST, SCVMM, SCOM etc. NIC
• Can manage:
• Hyper-V VMs & vSwitches, Physical Network Switches, Physical
Network Controller features
Fabric Network Firewall Management Network Service Chaining
Management Allow/Deny Rules Topology Rules for redirecting
IP subnets East/West & North/South Automatic discovery of traffic to one or more
VLANS, Firewall rules plumbed into vSwitch port of VMs network elements & virtual appliances
L2 and L3 switches Rules for incoming/outgoing traffic relationships
Host NICs Log traffic allowed/denied
M I C R O S O F T C O N F I D E N T I A L – I N T E R N A L O N LY
Course 20741 - outline
Module 1
Planning and implementing an IPv4 network
Module 2
Implementing DHCP
Module 3
Implementing IPv6
Module 4
Implementing DNS
Module 5
Implementing and managing IPAM
Course 20741 outline, continued
Module 6
Remote access in Windows Server 2016
Module 7
Implementing DirectAccess
Module 8
Implementing VPNs
Module 9
Implementing networking for branch offices
Module 10
Configuring advanced networking features
Module 11
Implementing software-defined networking
Born To Learn Site http://borntolearn.mslearn.net/
TechNet https://technet.microsoft.com/
TechNet Virtual Labs
https://technet.microsoft.com/en-
us/virtuallabs/default
https://mva.microsoft.com/en-
Microsoft Virtual Academy US/training-courses/whats-new-in-
windows-server-2016