Windows Server Assignment

Course Code: IT$1$C $($WinSrvr$)$

Course Name: Windows Server and Active Directory Administration

Assignment: Windows Server Project

Textbook: Eckert, Jason. $(2020).$ Hands$-$On Windows Server $2019(3$e$).$ Cengage.

Software: Windows $10$ or $11($Pro$/$Enterprise$/$Education$),$ Windows Server $2019$

Materials and Resources

Assignment Description

In this project, you will create the following setup:

Assignment Steps

Perform the following tasks:

$1.$ Install a new VM called server$1$ that is connected to the External virtual switch. Add a second NIC to server$1$ that is connected to the Private virtual switch and assign it a static IP of $192\mathrm{.}168\mathrm{.}255\mathrm{.}1.$ Configure an Active Directory domain on server$1$ that hosts a new domain in a new forest called yourname.local Ensure that server$1$ is a global catalog and that your domain and forest use the highest functional levels. $(4$ marks$)$

$2.$ Configure server$1$ as a DHCP server that provides addresses to clients on the $192\mathrm{.}168\mathrm{.}255\mathrm{.}0$ network $(192\mathrm{.}168\mathrm{.}255\mathrm{.}100-200)$ and the DNS server $192\mathrm{.}168\mathrm{.}255\mathrm{.}1.$ Next, configure server$1$ as a WDS server that hosts the install.wim from the Windows Server $2019$ DVD$.$ The WDS server should not join computers to the domain after installation. $(4$ marks$)$

$3.$ Install server$2$ from your WDS server and set its static IP address and name afterwards. Next, join it to your domain. $(2$ marks$)$

$4.$ Configure the DHCP service on server$1$: $(10$ marks, one for each task$)$

a$.$ Modify the $192\mathrm{.}168\mathrm{.}255\mathrm{.}0$ scope you created earlier so that it is called $$Sales LAN$$ and uses a lease period of $4$ days. Ensure that the scope sets the default gateway and DNS server on the client to $192\mathrm{.}168\mathrm{.}255\mathrm{.}1.$

b$.$ Add an exclusion to the scope for $192\mathrm{.}168\mathrm{.}255\mathrm{.}188($used by a UNIX server that has a static IP address$)$ as well as the static IPs used by server$1$ and server$2.$

c$.$ Add a reservation called $$Ricoh$8320$Printer$$ that assigns $192\mathrm{.}168\mathrm{.}255\mathrm{.}191$ to the MAC address $00-01-03-$E$1-0$F$-$B$7.$

d$.$ Convert your exclusion for server$2$ to a reservation.

e$.$ Create a scope called $$Mfg LAN$$ that assigned addresses from the range $172\mathrm{.}16\mathrm{.}5\mathrm{.}1-172\mathrm{.}16\mathrm{.}5\mathrm{.}254$ for a lease period of unlimited. Ensure that the scope sets the default gateway and DNS server on the client to $172\mathrm{.}16\mathrm{.}0\mathrm{.}200.$ Since your DHCP server does not have a network interface on the $172\mathrm{.}16\mathrm{.}0\mathrm{.}0$ network, we will assume that a DHCP relay agent will be configured on a router to forward requests for this network to your DHCP server.

f$.$ Ensure that your classroom VoIP phone model will receive a default gateway of $192\mathrm{.}168\mathrm{.}255\mathrm{.}222$ on that Sales LAN.

g$.$ Ensure that your DHCP server always updates A and PTR records for all clients.

h$.$ Configure server$2$ as a DHCP server in a failover relationship with server$1.$

$5.$ Configure the DNS service on server$1$: $(7$ marks, one for each task$)$

a$.$ Create a standard forward lookup zone called yourname.net that accepts secure and unsecure dynamic updates.

b$.$ Add the following A records to your zone:

webserver.yourname.net $=192\mathrm{.}168\mathrm{.}255\mathrm{.}222$

webserver.yourname.net $=192\mathrm{.}168\mathrm{.}255\mathrm{.}223$

webserver.yourname.net $=192\mathrm{.}168\mathrm{.}255\mathrm{.}224$

fileserver.yourname.net $=192\mathrm{.}168\mathrm{.}255\mathrm{.}225$

mailserver.yourname.net $=192\mathrm{.}168\mathrm{.}255\mathrm{.}226$

c$.$ Add a CNAME record that maps www$.$yourname.net to webserver.yourname.net.

d$.$ Add an MX record $($priority $=20)$ for mailserver.yourname.net for the yourname.net zone.

e$.$ Ensure that your DNS server can also use the WINS servers you created earlier for name resolution if FQDN name resolution fails.

f$.$ Ensure that any FQDN name resolution requests for the acme.com domain are forwarded to $192\mathrm{.}168\mathrm{.}255\mathrm{.}226.$

g$.$ Add a standard primary reverse lookup zone for the $192\mathrm{.}168\mathrm{.}255\mathrm{.}0$ network that does not allow dynamic updates and create the appropriate PTR records for webserver.yourname.net.

$6.$ Configure the DNS service on server$2$ to host a secondary copy of the yourname.net forward lookup zone and $192\mathrm{.}168\mathrm{.}255\mathrm{.}0$ reverse lookup zone from the previous steps. Ensure that the secondary zones query the primary zones every $5$ minutes for new records. Test that both servers can be queried for the records and that round robin functionality is working. $(2$ marks$)$

$7.$ Convert the yourname.net and $192\mathrm{.}168\mathrm{.}255\mathrm{.}0$ zones on server$1$ to be Active Directory integrated and accept secure dynamic updates only. $(2$ marks$)$

$8.$ Configure server$1$ as a VPN server. The VPN network should use IP addresses on the $172\mathrm{.}16\mathrm{.}0\mathrm{.}0$ network. Moreover, the VPN server should use a RADIUS server configured on server$1$ for authentication and logging$,$ as well as use an NPS policy that disconnects idle sessions after $2$ minutes. Test your configuration from server$2$ using split tunneling. $(6$ marks$)$

$9.$ Configure a domain$-$based DFS namespace for your domain called warehouse and add three shared folders $($called share$1$ through share$3)$ to this namespace that meet the following criteria. $(4$ marks$)$

a$.$ Share$1$ and share$2$ reside on server$1.$

b$.$ Share$3$ resides on both server$1$ and server$2,$ with the contents synchronized using DFS replication.

$10.$ Create the following OU structure underneath your domain: $(6$ mar