Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Trainer demonstrations

Table of contents

  1. Learning Path 1: Secure Windows Server on-premises and hybrid infrastructures (Windows Server security)
  2. Learning Path 02: Secure Windows Server on-premises and Hybrid Infrastructures (Implementing Security Solutions in Hybrid Scenarios)
  3. Learning Path 03: Implementing Windows Server high Availability
  4. Learning Path 04:Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Disaster Recovery in Windows Server)
  5. Learning Path 05: Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Implementing Disaster Recovery Services in Hybrid Scenarios)
  6. Learning Path 06: Migrate Servers and Workloads in on-premises and Hybrid Environments (Upgrade and migrate in Windows Server)
  7. Learning Path 07: Migrate Servers and Workloads in on-premises and Hybrid Environments (Implementing migration in hybrid scenarios)
  8. Learning Path 08: Monitor and Troubleshoot Windows Server Environment (Server and performance monitoring in Windows Server)
  9. Learning Path 09: Monitor and troubleshoot Windows Server environment (Implementing operational monitoring in hybrid scenarios)




Learning Path 1: Secure Windows Server on-premises and hybrid infrastructures (Windows Server security)

  • Rearm Windows trial license + Add and set European Portuguese keyboard + Install the Server Core App Compatibility Feature

      #Rearm Windows trial license (can be rearmed 5 times).
      slmgr /rearm
    
      # European Portuguese keyboard.
      Set-WinSystemLocale en-US  
      Set-WinHomeLocation -GeoId 193
      Set-Culture -CultureInfo pt-PT
      Set-TimeZone -Name "GMT Standard Time" ; Get-TimeZone
      Set-WinUserLanguageList -LanguageList pt-PT, en-US -Force; 
      Get-WinUserLanguageList  
    
    
      # Server Core App Compatibility Feature for Windows Client.
      Set-Service wuauserv -StartupType Manual
      Start-Service wuauserv
      Add-WindowsCapability -Online -Name ServerCore.AppCompatibility~~~~0.0.1.0
    
  • Locate problematic accounts

      Import-Module activedirectory
    
      # Get users with passwords set to never expire
      Get-ADUser -Filter {Enabled -eq $true -and PasswordNeverExpires -eq $true}
    
      # Get last logon from enabled users
      Get-ADUser -Filter {Enabled -eq $true} -Properties LastLogon | Select Name, @{Name='LastLogon';Expression={[DateTime]::FromFileTime($_.LastLogon)}} 
    
      # Get users that have not signed in within the last 90 days
      Get-ADUser -Filter {enabled -eq $true} | Where-Object {$_.lastlogondate -lt (Get-Date).Adddays(-(90))} 
    
  • DNS server query resolution policies

      $s = New-PSSession ComputerName SEA-DC1.contoso.com
    
      Enter-PSSession $s
    
      # Create subnets
      Add-DnsServerClientSubnet -Name "LondonSubnet" -IPv4Subnet "172.16.18.0/24"
      Add-DnsServerClientSubnet -Name "SeattleSubnet" -IPv4Subnet "172.16.10.0/24"
    
      # Create the DNS server zone scopes
      Add-DnsServerZoneScope -ZoneName "Contoso.com" -Name "LondonZoneScope"
      Add-DnsServerZoneScope -ZoneName "Contoso.com" -Name "SeattleZoneScope"
    
      # Add host records
      Add-DnsServerResourceRecord -ZoneName "Contoso.com" -A -Name "www" -IPv4Address "172.16.10.41" -ZoneScope "SeattleZoneScope"
      Add-DnsServerResourceRecord -ZoneName "Contoso.com" -A -Name "www" -IPv4Address "172.16.18.17" -ZoneScope "LondonZoneScope"
    
      # Create the DNS server query resolution policies
      Add-DnsServerQueryResolutionPolicy -Name "LondonPolicy" `
          -Action ALLOW -ClientSubnet "eq,LondonSubnet" -ZoneScope "LondonZoneScope,1" -ZoneName "Contoso.com"
    
      Add-DnsServerQueryResolutionPolicy -Name "SeattlePolicy" `
          -Action ALLOW -ClientSubnet "eq,SeattleSubnet" -ZoneScope "SeattleZoneScope,1" -ZoneName "Contoso.com"
    




Learning Path 02: Secure Windows Server on-premises and Hybrid Infrastructures (Implementing Security Solutions in Hybrid Scenarios)




Learning Path 03: Implementing Windows Server high Availability

  • Installing the iSCSI Target Server feature
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Install-WindowsFeature -Name Failover-Clustering -IncludeAllSubFeature -IncludeManagementTools} 
    
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Add-WindowsCapability -Name Rsat.FileServices.Tools~~~~0.0.1.0 -Online} 
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2  -ScriptBlock{Install-WindowsFeature -Name "FS-DFS-Namespace", "FS-DFS-Namespace", "RSAT-DFS-Mgmt-Con" -IncludeManagementTools} 
    
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Install-WindowsFeature -Name "FS-iSCSITarget-Server" -IncludeManagementTools} 
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2  -ScriptBlock{Install-WindowsFeature -Name "iSCSITarget-VSS-VDS" -IncludeManagementTools} 
    
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Install-WindowsFeature "RSAT-DFS-Mgmt-Con"} 
    
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{shutdown /r /t 2} 
    
      # Wait for restart
    
      test-cluster SEA-SVR1, SEA-SVR2
    
      # Unable to connect to SEA-SRV2 or SEA-SVR1
    
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{netsh advfirewall firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135}
    
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{netsh advfirewall firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action = allow protocol=TCP localport=any}
    
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{Set-Service RemoteRegistry -StartupType Automatic} 
      Invoke-Command -ComputerName SEA-SVR1, SEA-SVR2 -ScriptBlock{shutdown /r /t 0} 
    
  • Create a Azure virtual machine scale set from PowerShell
      New-AzResourceGroup -ResourceGroupName "VMScaleSet-RG" -Location "EastUS"
    
      New-AzVmss `
      -ResourceGroupName "VMScaleSet-RG" `
      -Location "EastUS" `
      -VMScaleSetName "demoScaleSet" `
      -VirtualNetworkName "scaleSetVnet" `
      -SubnetName "scaleSetSubnet" `
      -PublicIpAddressName "scaleSetPIP" `
      -LoadBalancerName "scaleSetLoadBalancer" `
      -UpgradePolicyMode "Automatic"
    
      # RunPowerShellScript 
      Add-WindowsFeature Web-Server
      Set-Content -Path "C:\inetpub\wwwroot\Default.htm" -Value "Hello world from host $($env:computername) !"
    
      # Get Public IP Address
      Get-AzPublicIpAddress -ResourceGroupName "VMScaleSet-RG"  | Select IpAddress
     
      # End of demo: Delete VMScaleSet-RG
      Remove-AzResourceGroup -Name "VMScaleSet-RG" -Force -AsJob
    
  • Implement Storage Replica by using Windows PowerShell

      # Add the cluster Scale-Out File Server (SOF) role to the cluster SEA-CLU12.
      Get-Cluster -Name SEA-SLU12 | Add-ClusterScaleOutFileServerRole -Name SOFS01
    
      # Create SMB Share named VMStorage in SEA-SVR1
      Invoke-Command -ComputerName SEA-SVR1 -ScriptBlock{New-Item -ItemType Directory -Path "C:\ClusterStorage\Volume1\Shares\VMStorage"}
    
      Invoke-Command -ComputerName SEA-SVR1 -ScriptBlock{New-SMBShare -Name VMStorage -Path "C:\ClusterStorage\Volume1\Shares\VMStorage"}
    
    
      # Add additional cluster resource of an IP address to the Scale-Out File Server.
      Get-Cluster -Name SEA-SLU12 | Add-ClusterResource -Name 'SOFS01 IP address' -ResourceType 'IP address' -Group 'SOFS01'
    
      Get-Cluster -Name SEA-SLU12 | Get-ClusterResource -Name 'SOFS01 IP address' | Set-ClusterParameter `
          -Multiple @{"Address"="172.22.246.205";"SubnetMask"="255.255.240.0";"Network"="Cluster Network 1";"OverrideAddressMatch"=1;"EnableDhcp"=0}
    
    
      # Bring the IP address online 
      Get-Cluster -Name SEA-SLU12 | Get-ClusterResource -Name 'SOFS01 IP address' | Start-ClusterResource 
    




Learning Path 04:Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Disaster Recovery in Windows Server)




Learning Path 05: Implement Disaster Recovery in Windows Server on-premises and Hybrid Environments (Implementing Disaster Recovery Services in Hybrid Scenarios)




Learning Path 06: Migrate Servers and Workloads in on-premises and Hybrid Environments (Upgrade and migrate in Windows Server)

  • Lab: Upgrade and migrate in Windows Server (XtremeLabs: AZ-801T00-A-CEP)

    • Click the button below to deploy

      Deploy To Azure

      Deployment duration: 16 minutes

    • Click the button below to visualize the resources

      Visualize




Learning Path 07: Migrate Servers and Workloads in on-premises and Hybrid Environments (Implementing migration in hybrid scenarios)

  • Azure Migrate App Containerization

    • Click the button below to deploy

      Deploy to Azure




Learning Path 08: Monitor and Troubleshoot Windows Server Environment (Server and performance monitoring in Windows Server)




Learning Path 09: Monitor and troubleshoot Windows Server environment (Implementing operational monitoring in hybrid scenarios)

  • Create VM in Azure Cloud Shell Bash

      az group create --name monitor-rg --location westeurope
    
      az vm create \
          --resource-group monitor-rg\
          --name demoVM \
          --image Win2022AzureEditionCore \
          --size Standard_B2s \
          --public-ip-sku Basic \
          --admin-username microsoft \
          --admin-password Pa55w.rd1234
    
    
      az vm run-command invoke -g monitor-rg -n demoVM --command-id RunPowerShellScript --scripts "Install-WindowsFeature -name Web-Server -IncludeManagementTools"
    
      az vm open-port --port 80 -g monitor-rg --name demoVM