Trainer demonstrations

Learning Path 1: Secure Windows Server on-premises and hybrid infrastructures (Windows Server security)
Learning Path 02: Secure Windows Server on-premises and Hybrid Infrastructures (Implementing Security Solutions in Hybrid Scenarios)
Learning Path 03: Implementing Windows Server high Availability
Learning Path 04:Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Disaster Recovery in Windows Server)
Learning Path 05: Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Implementing Disaster Recovery Services in Hybrid Scenarios)
Learning Path 06: Migrate Servers and Workloads in on-premises and Hybrid Environments (Upgrade and migrate in Windows Server)
Learning Path 07: Migrate Servers and Workloads in on-premises and Hybrid Environments (Implementing migration in hybrid scenarios)
Learning Path 08: Monitor and Troubleshoot Windows Server Environment (Server and performance monitoring in Windows Server)
Learning Path 09: Monitor and troubleshoot Windows Server environment (Implementing operational monitoring in hybrid scenarios)

Learning Path 1: Secure Windows Server on-premises and hybrid infrastructures (Windows Server security)

Rearm Windows trial license + Add and set European Portuguese keyboard + Install the Server Core App Compatibility Feature

  #Rearm Windows trial license (can be rearmed 5 times).
  slmgr /rearm

  # European Portuguese keyboard.
  Set-WinSystemLocale en-US  
  Set-WinHomeLocation -GeoId 193
  Set-Culture -CultureInfo pt-PT
  Set-TimeZone -Name "GMT Standard Time" ; Get-TimeZone
  Set-WinUserLanguageList -LanguageList pt-PT, en-US -Force; 
  Get-WinUserLanguageList  


  # Server Core App Compatibility Feature for Windows Client.
  Set-Service wuauserv -StartupType Manual
  Start-Service wuauserv
  Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~0.0.1.0

Locate problematic accounts

  Import-Module activedirectory

  # Get users with passwords set to never expire
  Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $true}

  # Get last logon from enabled users
  Get-ADUser -Filter {Enabled -eq $true} -Properties LastLogon | Select Name, @{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}} 

  # Get users that have not signed in within the last 90 days
  Get-ADUser -Filter {enabled -eq $true} | Where-Object {$_.lastlogondate -lt (Get-Date).Adddays(-(90))} 

DNS server query resolution policies

  $s = New-PSSession –ComputerName SEA-DC1.contoso.com

  Enter-PSSession $s

  # Create subnets
  Add-DnsServerClientSubnet -Name "LondonSubnet" -IPv4Subnet "172.16.18.0/24"
  Add-DnsServerClientSubnet -Name "SeattleSubnet" -IPv4Subnet "172.16.10.0/24"

  # Create the DNS server zone scopes
  Add-DnsServerZoneScope -ZoneName "Contoso.com" -Name "LondonZoneScope"
  Add-DnsServerZoneScope -ZoneName "Contoso.com" -Name "SeattleZoneScope"

  # Add host records
  Add-DnsServerResourceRecord -ZoneName "Contoso.com" -A -Name "www" -IPv4Address "172.16.10.41" -ZoneScope "SeattleZoneScope"
  Add-DnsServerResourceRecord -ZoneName "Contoso.com" -A -Name "www" -IPv4Address "172.16.18.17" -ZoneScope "LondonZoneScope"

  # Create the DNS server query resolution policies
  Add-DnsServerQueryResolutionPolicy -Name "LondonPolicy" `
      -Action ALLOW -ClientSubnet "eq,LondonSubnet" -ZoneScope "LondonZoneScope,1" -ZoneName "Contoso.com"

  Add-DnsServerQueryResolutionPolicy -Name "SeattlePolicy" `
      -Action ALLOW -ClientSubnet "eq,SeattleSubnet" -ZoneScope "SeattleZoneScope,1" -ZoneName "Contoso.com"

Learning Path 02: Secure Windows Server on-premises and Hybrid Infrastructures (Implementing Security Solutions in Hybrid Scenarios)

Learning Path 03: Implementing Windows Server high Availability

Installing the iSCSI Target Server feature

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Install-WindowsFeature -Name Failover-Clustering -IncludeAllSubFeature -IncludeManagementTools} 

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Add-WindowsCapability -Name Rsat.FileServices.Tools~~~~0.0.1.0 -Online} 
  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2  -ScriptBlock{Install-WindowsFeature -Name "FS-DFS-Namespace", "FS-DFS-Namespace", "RSAT-DFS-Mgmt-Con" -IncludeManagementTools} 

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Install-WindowsFeature -Name "FS-iSCSITarget-Server" -IncludeManagementTools} 
  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2  -ScriptBlock{Install-WindowsFeature -Name "iSCSITarget-VSS-VDS" -IncludeManagementTools} 

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Install-WindowsFeature "RSAT-DFS-Mgmt-Con"} 

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{shutdown /r /t 2} 

  # Wait for restart

  test-cluster SEA-SVR1, SEA-SVR2

  # Unable to connect to SEA-SRV2 or SEA-SVR1

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135}

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any}

  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Set-Service RemoteRegistry -StartupType Automatic} 
  Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{shutdown /r /t 0}

Create a Azure virtual machine scale set from PowerShell

  New-AzResourceGroup -ResourceGroupName "VMScaleSet-RG" -Location "EastUS"

  New-AzVmss `
  -ResourceGroupName "VMScaleSet-RG" `
  -Location "EastUS" `
  -VMScaleSetName "demoScaleSet" `
  -VirtualNetworkName "scaleSetVnet" `
  -SubnetName "scaleSetSubnet" `
  -PublicIpAddressName "scaleSetPIP" `
  -LoadBalancerName "scaleSetLoadBalancer" `
  -UpgradePolicyMode "Automatic"

  # RunPowerShellScript 
  Add-WindowsFeature Web-Server
  Set-Content -Path "C:\inetpub\wwwroot\Default.htm" -Value "Hello world from host $($env:computername) !"

  # Get Public IP Address
  Get-AzPublicIpAddress -ResourceGroupName "VMScaleSet-RG"  | Select IpAddress
 
  # End of demo: Delete VMScaleSet-RG
  Remove-AzResourceGroup -Name "VMScaleSet-RG" -Force -AsJob

Implement Storage Replica by using Windows PowerShell

  # Add the cluster Scale-Out File Server (SOF) role to the cluster SEA-CLU12.
  Get-Cluster -Name SEA-SLU12 | Add-ClusterScaleOutFileServerRole -Name SOFS01

  # Create SMB Share named VMStorage in SEA-SVR1
  Invoke-Command -ComputerName SEA-SVR1 -ScriptBlock{New-Item -ItemType Directory -Path "C:\ClusterStorage\Volume1\Shares\VMStorage"}

  Invoke-Command -ComputerName SEA-SVR1 -ScriptBlock{New-SMBShare -Name VMStorage -Path "C:\ClusterStorage\Volume1\Shares\VMStorage"}


  # Add additional cluster resource of an IP address to the Scale-Out File Server.
  Get-Cluster -Name SEA-SLU12 | Add-ClusterResource -Name 'SOFS01 IP address' -ResourceType 'IP address' -Group 'SOFS01'

  Get-Cluster -Name SEA-SLU12 | Get-ClusterResource -Name 'SOFS01 IP address' | Set-ClusterParameter `
      -Multiple @{"Address"="172.22.246.205";"SubnetMask"="255.255.240.0";"Network"="Cluster Network 1";"OverrideAddressMatch"=1;"EnableDhcp"=0}


  # Bring the IP address online 
  Get-Cluster -Name SEA-SLU12 | Get-ClusterResource -Name 'SOFS01 IP address' | Start-ClusterResource 

Learning Path 04:Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Disaster Recovery in Windows Server)

Learning Path 05: Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Implementing Disaster Recovery Services in Hybrid Scenarios)

Learning Path 06: Migrate Servers and Workloads in on-premises and Hybrid Environments (Upgrade and migrate in Windows Server)

Lab: Upgrade and migrate in Windows Server (XtremeLabs: AZ-801T00-A-CEP)
- Click the button below to deploy
  
  Deployment duration: 16 minutes
- Click the button below to visualize the resources

Learning Path 07: Migrate Servers and Workloads in on-premises and Hybrid Environments (Implementing migration in hybrid scenarios)

Azure Migrate App Containerization
- Click the button below to deploy

Learning Path 08: Monitor and Troubleshoot Windows Server Environment (Server and performance monitoring in Windows Server)

Learning Path 09: Monitor and troubleshoot Windows Server environment (Implementing operational monitoring in hybrid scenarios)

Create VM in Azure Cloud Shell Bash

  az group create --name monitor-rg --location westeurope

  az vm create \
      --resource-group monitor-rg\
      --name demoVM \
      --image Win2022AzureEditionCore \
      --size Standard_B2s \
      --public-ip-sku Basic \
      --admin-username microsoft \
      --admin-password Pa55w.rd1234


  az vm run-command invoke -g monitor-rg -n demoVM --command-id RunPowerShellScript --scripts "Install-WindowsFeature -name Web-Server -IncludeManagementTools"

  az vm open-port --port 80 -g monitor-rg --name demoVM