Home > Sample chapters

Installing and Configuring Windows Server 2012 Training Guide: Network Administration

Practice exercises

The goal of this section is to provide you with hands-on practice with the following:

  • Implementing DHCP failover using Windows PowerShell
  • Configuring a caching-only DNS server using Windows PowerShell

To perform the following exercises, you need at least two installations of Windows Server 2012 that were deployed using the Server With A GUI installation option. The first server should be the first domain controller in the forest root domain corp.contoso.com and should have the DNS Server role installed and configured in the default manner using Active Directory–integrated zones. The second server should be a member server in the contoso.com domain and have no server roles installed. Both servers should have static IP addresses assigned and have Internet connectivity. You should be logged on interactively to each server using a user account that is a member of the Domain Admins group.

You also need one workstation running Windows Vista, Windows 7, or Windows 8. The workstation should be a standalone computer that belongs to a workgroup. The workstation should have its IP address assigned dynamically using DHCP or Automatic Private IP Addressing (APIPA). You should be logged on interactively to the workstation using a user account that is a member of local Administrators group on the computer. The workstation should initially be turned off until you are instructed to turn it on.

For the purposes of these exercises, the name of the first server is assumed to be SERVER1, the second server is SERVER2, and the workstation is CLIENT1. In addition, the IP addresses of SERVER1 and SERVER 2 are assumed to be 10.10.0.1 and 10.10.0.2, respectively. If your computers or domains are named differently, or if you have different IP addresses assigned to your servers, you should modify the steps in these exercises accordingly.

Exercise 1: Implementing DHCP failover using Windows PowerShell

In this exercise, you ensure DHCP availability for clients in the corp.contoso.com domain by using Windows PowerShell to install the DHCP Server role on both servers, create a scope on SERVER1, and configure and verify DHCP failover.

  1. Log on to SERVER1, open Server Manager, select the All Servers page, and make sure that both servers are displayed in the Servers tile. If SERVER2 is not displayed, add it to the server pool.

  2. Open a Windows PowerShell prompt, and run the following command to install the DHCP Server role on both servers:

    Invoke-Command -ComputerName SERVER1,SERVER2 -ScriptBlock `
    {Install-WindowsFeature -Name DHCP -IncludeManagementTools -Restart}

    Note that although you specified the –Restart parameter, the servers did not restart after role installation because a restart was determined as being unnecessary.

  3. Authorize both DHCP servers in Active Directory by executing the following commands:

    Add-DhcpServerInDC -DnsName SERVER1
    Add-DhcpServerInDC -DnsName SERVER2
  4. Use the Get-DhcpServerInDC cmdlet to verify that the servers have been authorized in Active Directory.

  5. Create a new scope on SERVER1, and activate the scope by running the following command:

    Add-DhcpServerv4Scope -ComputerName SERVER1 -StartRange 10.10.0.50 `
    -EndRange 10.10.0.100 -Name "corp clients" -SubnetMask 255.255.0.0 -State Active
  6. Use the Get-DhcpServerv4Scope cmdlet to verify that the new scope has been created on SERVER1 and is active.

  7. Use Get-DhcpServerv4Scope –ComputerName SERVER2 to verify that SERVER 2 currently has no scopes on it.

  8. Run the following command to create a DHCP failover relationship in load-balance mode between the two servers with SERVER 2 as the partner server and failover implemented for the newly created scope:

    Add-DhcpServerv4Failover -Name "SERVER1 to SERVER2" -ScopeId 10.10.0.0 `
    -PartnerServer SERVER2 -ComputerName SERVER1 -LoadBalancePercent 50 `
    -AutoStateTransition $true
  9. Use the Get-DhcpServerv4Failover cmdlet to view the properties of the new failover relationship.

  10. Use Get-DhcpServerv4Scope –ComputerName SERVER2 to verify that the scope has been replicated from SERVER1 to SERVER2.

  11. Turn on CLIENT1, and log on to the client computer.

  12. Open a command prompt and use the ipconfig command to view the current IP address of the computer. If the client computer is currently using an address in the APIPA range (169.254.x.y), use ipconfig /renew to acquire an address from a DHCP server on your network. Verify that the address acquired comes from the scope you created earlier.

  13. Verify that the client computer’s address is recorded as leased in the DHCP database of SERVER1 by executing the following command:

    Get-DhcpServerv4Lease -ComputerName SERVER1 -ScopeId 10.10.0.0
  14. Verify that the client computer’s address is recorded as leased in the DHCP database of SERVER2 by executing the following command:

    Get-DhcpServerv4Lease -ComputerName SERVER2 -ScopeId 10.10.0.0

Exercise 2: Configuring a caching-only DNS server using Windows PowerShell

In this exercise, you configure a caching-only DNS server using Windows PowerShell. You then configure a forwarder on your caching-only DNS server to improve its name-resolution performance.

  1. Log on to SERVER1, open Server Manager, select the All Servers page, and make sure that both servers are displayed in the Servers tile. If SERVER2 is not displayed, add it to the server pool.

  2. Open a Windows PowerShell prompt, and run the following command to install the DNS Server role on SERVER2:

    Install-WindowsFeature -Name DNS -ComputerName SERVER2 `
    -IncludeManagementTools -Restart

    Note that although you specified the –Restart parameter, the servers did not restart after role installation because a restart was determined as being unnecessary.

  3. SERVER2 is now configured as a caching-only DNS server, and it is not authoritative for any domains and can only perform queries, cache the answers, and return the results. Caching-only DNS servers can be useful at locations such as branch-office sites and use root hints to identify the authoritative DNS servers for the root zone of your organization’s DNS namespace.

  4. SERVER2 is currently using root hints for recursively performing name resolution. To view the root hints configured on SERVER2, run the following command:

    Get-DnsServerRootHint -ComputerName SERVER2
  5. Display the contents of the DNS server cache on SERVER2 by running the following command:

    Show-DnsServerCache -ComputerName SERVER2
  6. Use the nslookup command-line utility to attempt to use SERVER2 for resolving the IP address for the fully-qualified domain name (FQDN) www.bing.com as follows:

    nslookup www.bing.com SERVER2
  7. Note that one or more DNS server timeouts might occur when you perform this name query. This is because name resolution is being performed recursively, beginning with the root name servers on the Internet, which can take several seconds to complete. If no response is received to your query, repeat running the preceding command until a nonauthoritative response is received.

  8. Use the command Show-DnsServerCache –ComputerName SERVER2, and note that the DNS server cache now contains numerous entries relating to the name query you performed using nslookup.

  9. Clear the DNS server cache on SERVER2 by running the following command:

    Clear-DnsServerCache -ComputerName SERVER2
  10. Display the contents of the DNS server cache on SERVER2 again by running this command:

    Show-DnsServerCache -ComputerName SERVER2
  11. Note that the cache entries relating to the name query you performed using nslookup have now been deleted. The only entries that remain in the cache are those for the root hints configured on the server.

  12. To speed up name resolution on your caching-only name server, configure SERVER1 as a forwarder on SERVER2. After you do this, any name query sent to SERVER2 will be forwarded to SERVER1, which will then use its external forwarders at your Internet Service Provider (ISP) for resolving the query.

  13. Configure SERVER1 as a forwarder on SERVER2 by running the following command:

    Add-DnsServerForwarder -IPAddress 10.10.0.1 -ComputerName SERVER2
  14. Verify the result by displaying the forwarders configured on SERVER2 as follows:

    Get-DnsServerForwarder -ComputerName SERVER2
  15. Use nslookup to perform another name query against SERVER2 for the FQDN www.bing.com. The response should be received almost immediately, with no DNS server timeouts occurring. This is because the query was forwarded to SERVER1, which then forwarded it to your ISP’s DNS servers for resolution. This approach is generally much faster than using the Internet root name servers to recursively resolve the requested FQDN.

  16. Display the contents of the DNS server cache on SERVER2 again. Note the cache entries relating to your name query, and note also that there are considerably fewer cache entries than when root hints alone were used for performing recursive name resolution.