RESTRICTED

A GUIDE TO PREPARATION
SERVER STORAGE AND DATA CENTER (SSD)

RESTRICTED
 RESTRICTED

Contents
A. Questions on Server Related Services ................................................................................ 2
B. Questions on Azure and Hyper-V .............................................................................................. 20
C. Questions on Storage System.................................................................................................... 22
D. Questions and Answers on Exchange Server ............................................................................ 25
E. Question & Answers on Datacenter .......................................................................................... 40
F. How to Backup Windows Active Directory Server................................................................. 44
G. How to update windows clients from WSUS Server ............................................................. 49
H. Create and Apply VM Checkpoints from Windows Hyper-V ................................................ 52
I. Creating Distribution Group in Exchange Server 2016 ........................................................... 55
J. Map a Shared Folder to Network Drive Using Group Policy in Windows .............................. 57

1
RESTRICTED
 RESTRICTED

A. Questions on Server Related Services

1. You have been assigned to deploy a new Windows Server that will be used as a
file server for a small organization. What steps would you take to ensure the
server is secure and can handle the expected load of files and users?
Answer:
a) Ensure that the server has the latest Windows Server updates installed and that it
meets the minimum hardware requirements for the expected workload.
b) configure the server with appropriate security settings, such as disabling
unnecessary services, configuring firewall rules, and enabling antivirus software.
c) Create shared folders for the different groups of users and set appropriate
permissions to control access.
d) Finally configure backups and disaster recovery procedures to ensure that the
organization’s data is protected in case of any unforeseen incidents.

2. Your company is experiencing network connectivity issues. What steps would

you take to diagnose and resolve the issue on a Windows Server environment?
Answer:
a) Check if the server’s network adapter is properly configured and connected to the
network.
b) Check the event logs for any errors related to network connectivity or services.
c) If the issue is not resolved, perform a network trace to identify any network issues
such as dropped packets, latency, or network congestion.
d) Check the DNS configuration, DHCP settings, and routing tables to ensure that
they are configured correctly.
e) If the issue persists, escalate it to the network team for further troubleshooting.

3. Your organization is planning to migrate to a new version of Windows Server.

What steps would you take to ensure a smooth migration process?
Answer:
a) Create a detailed migration plan that includes a timeline, a list of servers and
applications that need to be migrated, and a list of potential risks and issues.
b) Create a backup plan to ensure that data can be restored in case of any
unforeseen incidents.
c) Test the migration process in a non-production environment to identify any
potential issues or conflicts.
d) Once the migration plan has been finalized and tested perform the migration during
a maintenance window to minimize any disruption to the organization’s operations.
e) Verify that all servers and applications are functioning correctly after the migration.

2
RESTRICTED
 RESTRICTED

4. Your organization is planning to implement a new Active Directory domain. What

steps would you take to ensure a successful implementation?
Answer:
a) plan the domain structure and create a detailed plan for the deployment, including
domain controllers, replication, and group policies.
b) Install and configure the domain controllers and ensure that they are properly
synchronized with each other.
c) Create the necessary user and computer accounts and groups and set appropriate
permissions and access controls.
d) Configure group policies to enforce security policies and settings.
e) Finally test the domain to ensure that it is functioning correctly and that all users
and computers can authenticate and access resources.

5. You have been tasked with setting up a virtualized environment on a Windows

Server host. What steps would you take to ensure that the virtual machines are
secure and efficient?
Answer:
a) Ensure that the host server has sufficient hardware resources to support the virtual
machines.
b) Create a virtual switch and configure it to isolate the virtual machines from the host
network.
c) Install the necessary virtualization software, such as Hyper-V, and configure the
virtual machines with appropriate settings, such as processor and memory
allocation, disk space, and virtual network adapters.
d) Also configure backups and disaster recovery procedures to ensure that the virtual
machines’ data is protected.
e) Finally, ensure that the virtual machines are patched and updated regularly to
address any security vulnerabilities or performance issues.

6. Your organization is experiencing slow performance on a Windows Server. What

steps would you take to troubleshoot and resolve the issue?
Answer:
a) check the system resources, such as CPU, memory, and disk usage, to identify
any bottlenecks.
b) Check the event logs for any errors related to system performance or services.
c) If the issue is not resolved, perform a performance analysis using performance
monitoring tools to identify any specific processes or services that are causing the
issue.
d) Also check the network connectivity and bandwidth usage to ensure that there are
no network issues causing the slow performance.

3
RESTRICTED
 RESTRICTED

e) Once the root cause of the issue has been identified, implement appropriate
solutions, such as increasing system resources, optimizing services, or resolving
network issues.
7. Your organization is planning to implement a Remote Desktop Services (RDS)
environment. What steps would you take to ensure a successful
implementation?
Answer:
a) Plan the RDS environment, including the number of servers required, user groups,
and the applications that will be published.
b) Configure the RDS roles on the servers, including the Remote Desktop Gateway,
Remote Desktop Session Host, and Remote Desktop Web Access.
c) Also configure security settings, such as SSL certificates, group policies, and
firewall rules, to ensure that the RDS environment is secure.
d) Finally, test the RDS environment to ensure that it is functioning correctly and that
all users can access the published applications.

8. Your organization is experiencing slow network performance. What steps would

you take to diagnose and resolve the issue on a Windows Server environment?
Answer:
a) Check the server’s performance metrics, such as CPU, memory, and disk usage,
to identify any bottlenecks.
b) Check the event logs for any errors related to network connectivity or services.
c) If the issue is not resolved, perform a network trace to identify any network issues
such as dropped packets, latency, or network congestion.
d) Check the DNS configuration, DHCP settings, and routing tables to ensure that
they are configured correctly.
e) If the issue persists, escalate it to the network team for further troubleshooting.

9. Your organization is experiencing issues with domain controller replication.

What steps would you take to diagnose and resolve the issue?
Answer:
a) Use the built-in tools such as Active Directory Replication Monitor and Repadmin
to diagnose the replication issue.
b) Check the event logs for any errors related to replication, such as missing or
duplicate entries.
c) Also check the DNS configuration and ensure that the domain controllers are
properly configured to replicate with each other.
d) If the issue is not resolved, use the DCDiag tool to perform a comprehensive
diagnosis of the domain controllers’ health and integrity.
e) Finally, escalate the issue to the domain administrators or Microsoft support if
necessary.

4
RESTRICTED
 RESTRICTED

10. Your organization is planning to implement a new backup strategy for its
Windows Servers. What steps would you take to ensure that the backup strategy
is effective and efficient?
Answer:
a) Determine the organization’s data backup requirements, such as retention periods,
backup frequency, and recovery time objectives.
b) Select an appropriate backup solution, such as Windows Server Backup or a third-
party backup tool, based on the organization’s needs and budget.
c) Configure the backup jobs to ensure that they are scheduled and run regularly, and
that they back up all critical data and system files.
d) Test the backup and recovery process to ensure that it is reliable and efficient.
e) Finally, ensure that the backups are securely stored and that there are procedures in
place to handle any backup failures or data loss.

11. How do you configure and manage Remote Access in Windows Server?
Answer: To configure and manage remote access in Windows Server, you can follow
these steps:
a) Install the Remote Access role: Open Server Manager and select Add Roles and
Features. Follow the wizard to select the Remote Access role, and choose the
appropriate sub-roles such as DirectAccess, VPN, or Web Application Proxy.
b) Configure Remote Access policies: After installing the Remote Access role, you
can configure policies for remote access, such as authentication methods, network
access rules, and connection protocols. To configure policies, open the Remote
Access Management Console and select the appropriate policy type such as VPN
or DirectAccess.
c) Configure Remote Access clients: Once policies are configured, you can configure
clients to connect to the remote access server. Clients can be configured using
standard Windows VPN clients, DirectAccess clients, or web-based clients using
Web Application Proxy.
d) Monitor and troubleshoot Remote Access: To monitor and troubleshoot Remote
Access, you can use built-in tools such as the Remote Access Management
Console, the Routing and Remote Access console, or event logs. These tools can
help you track connection attempts, diagnose connection issues, and view
performance statistics.
e) Secure Remote Access: It’s important to secure remote access by using
appropriate authentication methods, such as multi-factor authentication or
certificate-based authentication, and by using encryption for data in transit. You
can also use features such as Network Access Protection (NAP) to enforce
security policies on remote access clients.
f) Manage Remote Access infrastructure: To manage Remote Access infrastructure,
you can use tools such as PowerShell, System Center Configuration Manager
(SCCM), or third-party management tools. These tools can help you automate

5
RESTRICTED
 RESTRICTED

configuration, monitor performance, and ensure compliance with organizational

policies.

12. What is a certificate authority (CA) and how do you set one up in Windows
Server?
Answer: A Certificate Authority (CA) is a trusted entity that issues digital certificates used
for secure communication over the Internet. Digital certificates are used to verify the
identity of an individual, organization, or server and ensure secure communication
between two parties. In Windows Server, you can set up a CA using the following steps:
a) Install the Certificate Services role: Open Server Manager and select Add Roles
and Features. Follow the wizard to select the Certificate Services role.
b) Configure the CA: After installing the Certificate Services role, you can configure
the CA by running the Certification Authority snap-in from the Start menu. Choose
the type of CA you want to set up, such as an enterprise CA or standalone CA,
and configure the CA settings, such as the certificate validity period, key length,
and certificate revocation settings.
c) Configure certificate templates: Certificate templates are used to define the types
of certificates that can be issued by the CA. You can create and configure
certificate templates by running the Certificate Templates snap-in from the Start
menu.
d) Issue certificates: Once the CA and certificate templates are configured, you can
issue certificates by running the Certificate Authority snap-in and selecting the
appropriate template. You can choose to issue certificates manually or
automatically, depending on your needs.
e) Manage the CA: To manage the CA, you can use tools such as the Certification
Authority snap-in, the Certificate Templates snap-in, or PowerShell cmdlets. These
tools can help you monitor certificate issuance, revoke certificates, and manage
certificate revocation lists (CRLs).
f)
13. What is the role of LDAP?
Answer: LDAP stands for Lightweight Directory Access Protocol which is a directory
service similar to the database that is used for storing computers, users, objects, etc.
Moreover, it helps in adding, removing, and updating computer objects in the directory.

14. What is Active Directory Federation Services (ADFS) and how does it work in
Windows Server?
Answer: Active Directory Federation Services (ADFS) is a Microsoft technology that
enables secure single sign-on (SSO) between different organizations, allowing users to
authenticate with their own organization’s identity provider (IDP) and access resources in
another organization without having to provide separate login credentials. ADFS uses
standards-based authentication protocols such as Security Assertion Markup Language

6
RESTRICTED
 RESTRICTED

(SAML) and OAuth to establish trust relationships between identity providers and service
providers.
In Windows Server, ADFS can be set up using the following steps:
Install ADFS: Open Server Manager and select Add Roles and Features. Follow the
wizard to select the ADFS role.
Configure ADFS: After installing the ADFS role, you can configure ADFS by running the
ADFS Management snap-in from the Start menu. Configure the ADFS settings, such as
the federation service name, certificate settings, and trust relationships.
Add identity providers and service providers: ADFS relies on trust relationships between
identity providers and service providers to enable SSO. You can add identity providers
and service providers to ADFS by using the ADFS Management snap-in and specifying
the appropriate SAML or OAuth endpoints.
Test SSO: Once the identity providers and service providers are configured, you can test
SSO by logging in to a service provider application and being redirected to the identity
provider for authentication. After successful authentication, you should be redirected back
to the service provider application and granted access.
Monitor and troubleshoot ADFS: To monitor and troubleshoot ADFS, you can use tools
such as the ADFS Management snap-in, the Event Viewer, or the ADFS diagnostics
cmdlets. These tools can help you diagnose authentication issues, view log files, and
monitor performance statistics.
15. What do you understand by WSUS and WDS?
WSUS stands for Windows Server Update Services (WSUS) which refers to a computer
program and network service developed by Microsoft. This helios the managing and
handling of the distribution of updates of products in the Windows environment.
WDS stands for Windows Deployment Services, and it’s used to remotely install Windows
operating systems (OS) over the network. This is a Microsoft server technology that
facilitates the installation of Windows operating systems via a network. Remote Installation
Services has been superseded by this.

16. Explain the term PowerShell.

Windows PowerShell refers to Command-Line Shell developed by Microsoft. This is used
for automating the administrative tasks that work both for local and remote Windows
machines. However, on .NET Framework, PowerShell is built.

17. What is the difference between a stand-alone server and a member server in
Windows Server?
In Windows Server, a stand-alone server is a server that operates independently and does
not belong to any domain or Active Directory forest. It has its own set of local user accounts

7
RESTRICTED
 RESTRICTED

and security policies and does not share resources or authentication information with other
servers.
On the other hand, a member server is a server that belongs to a domain or Active
Directory forest and can share resources and authentication information with other servers
in the same domain or forest. It relies on the domain or forest for user authentication and
security policies, and can be managed centrally using tools such as Group Policy.
The main difference between a stand-alone server and a member server is their
relationship with Active Directory. A stand-alone server does not participate in Active
Directory, while a member server is a participant in Active Directory and can leverage its
features and benefits, such as centralized management and authentication, resource
sharing, and group policy control.

18. How do you configure and manage server roles and features in Windows
Server?
In Windows Server, you can configure and manage server roles and features using Server
Manager, a graphical tool that provides a central location for managing servers, roles, and
features. Here are the steps to configure and manage server roles and features using
Server Manager:
a) Open Server Manager: Click on the Server Manager icon in the taskbar or search for
Server Manager in the Start menu.
b) Add a server: If the server you want to manage is not already listed in the Server
Manager dashboard, you can add it by clicking on the Add servers button and
specifying the server name or IP address.
c) Install a role or feature: To install a role or feature, click on the Add roles and features
button in the Dashboard or select the Manage menu and choose Add Roles and
Features. Follow the wizard to select the desired roles and features, customize the
installation settings, and complete the installation.
d) Configure a role or feature: Once a role or feature is installed, you can configure its
settings by selecting the appropriate role or feature from the Server Manager
dashboard and choosing the appropriate options.
e) Manage a role or feature: To manage a role or feature, you can use the Server
Manager tools and features, such as the Remote Desktop Services Manager or the
DHCP Manager. These tools allow you to monitor and manage the settings and activity
of the selected role or feature.
f) Remove a role or feature: If you no longer need a role or feature, you can remove it
by selecting the appropriate role or feature from the Server Manager dashboard and
choosing the Remove option.

19. What do you understand by the non-authoritative and authoritative restore of an

Active Directory (AD)?

8
RESTRICTED
 RESTRICTED

A non-authoritative restoration refers to a process in which the domain controller is

restored. And after that, the Active Directory (AD) objects are brought up to date by
replicating the latest version of those objects from other domain controllers in the domain.
On the other hand, an authoritative restore refers to an operation in which the data that
has been restored supersedes the data existing on other domain controllers in the domain.
However, while performing an authoritative restore, the current versions of objects in the
Active Directory are overwritten by the versions of the objects which were restored.
20. What is the process of installing an application if MSI is not available?
For adding the application using the Software Installer, the dot ZAP text file can be used
rather than the windows installer.

21. What is tattooing in terms of Registry?

Tattooing in the registry can be defined as suggesting to the users that they can change
and view the preference of the customers that are not stored in the Registry portions.
Moreover, even if the group policy is removed or changed, the user preference will still
remain in the registry.

22. What is the difference between a file share and a file system in Windows Server?
In Windows Server, a file system is the underlying structure used to organize and store
files and folders on a storage device, such as a hard drive, SSD, or network-attached
storage (NAS) device. Common file systems used in Windows Server include NTFS (New
Technology File System) and ReFS (Resilient File System).
A file share, on the other hand, is a resource that allows multiple users and computers to
access the files and folders stored on a file system over a network. When you share a
folder or drive on a server, you create a file share that can be accessed by other users
and computers on the network.
The main difference between a file system and a file share is their level of accessibility. A
file system is a low-level component that is managed by the operating system and is
responsible for organizing and managing files and folders on a storage device. A file share,
on the other hand, is a higher-level component that allows users and computers to access
and interact with the files and folders stored on a file system over a network.

23. Explain the following:

1. Computer Process
Computer process refers to a computer program case that is executed repeatedly by a
computer. This is capable of running numerous programs on a computer at the same time.
2. Thread

9
RESTRICTED
 RESTRICTED

A thread consists of many executable programs that combine as a solitary process. For
example, a thread can send a notification error to the customer. Therefore, an alternative
can contract with the signals of error even though the third thread may execute the primary
action.

24. Name the types of FSMO roles?

a) Firstly, Primary Domain Controller (PDC)
b) Secondly, Infrastructure master
c) Thirdly, Relative ID (RID) master
d) Then, Schema master
e) Lastly, Domain naming master

25. What do you understand by Group Policy?

Group Policy refers to a feature of Microsoft Windows NT which also belongs to the family
of OS. This helps in controlling the work setting of computer accounts and user accounts.
Further, it also provides the central configuration management of the operating systems,
user settings, and applications in an Active Directory setting.

26. Explain Group Policy Objects (GPO) and name its types.
GPO refers to the setting that manages the client records at the workplace, and also at
computer records. This helps in explaining the programming establishment, security
alternatives, upkeep choices and library-dependent arrangements, folder redirection
choices, and content choices. Further, there are two types of GPO:
Firstly, Local GPO. These are kept on close devices.
Secondly, Non-local GPO. These can be accessed from the Active Directory and are kept
on a domain controller.

27. Is it possible to associate a third-party directory service to an Active Directory?

Yes, it is possible to associate a third-party directory service to an Active Directory (AD).
This is commonly referred to as a directory integration or directory synchronization.
There are various third-party directory services available that can be integrated with AD,
such as Okta, OneLogin, and JumpCloud. These directory services provide identity
management and authentication services that can be used in conjunction with AD to
manage user identities and access permissions across multiple systems and applications.

10
RESTRICTED
 RESTRICTED

To integrate a third-party directory service with AD, you will typically need to use a
synchronization tool that can connect to both AD and the third-party directory service. This
tool will synchronize user identities and attributes between the two directories, ensuring
that user information is consistent across both systems.
Once the integration is set up, users can authenticate using their credentials from either
directory service, and access permissions can be managed across both environments.
This allows for a more flexible and scalable identity management solution, which can be
especially useful in complex and heterogeneous environments.

28. Name the commands for checking TCP/IP configurations.

There are two commands for checking the TCP/IP configurations:
1. Ipconfig
This is for checking the IP setup of the computer. Moreover, you can also use it for
reestablishing the IP address of the users if it is defined by a DHCP server.
2. Ping
This is for checking the link between the computer in use and the other computers.

29. What is the role of Windows Server in a hybrid cloud environment?

In a hybrid cloud environment, Windows Server plays a crucial role in providing a bridge
between on-premises infrastructure and cloud-based resources. Here are some of the key
roles that Windows Server can play in a hybrid cloud environment:
Identity and Access Management: Windows Server can provide a central identity and
access management solution for both on-premises and cloud-based resources. This
allows users to use a single set of credentials to access resources across both
environments.
Application Deployment: Windows Server can be used to deploy and manage applications
across on-premises and cloud-based environments. This allows for a consistent and
unified application deployment experience, regardless of where the applications are
running.
Data Management: Windows Server can be used to manage data across on-premises
and cloud-based environments. This includes storage, backup, and disaster recovery
services, which can be used to ensure data availability and resilience.
Networking: Windows Server can provide networking services, such as DNS, DHCP, and
VPN, to bridge on-premises and cloud-based environments. This allows for a consistent
and unified network experience, regardless of where the resources are located.
Hybrid Cloud Management: Windows Server can provide management tools that allow
you to manage both on-premises and cloud-based resources from a single console. This

11
RESTRICTED
 RESTRICTED

can simplify management and monitoring, and provide a unified view of your entire hybrid
cloud environment.
30. Explain the basic functionality of the domain controller?
The domain controller is responsible for verifying the customer’s too many networks.
Moreover, it also brings a set of objects that are involved in the Active Directory.

31. Explaining the role of local DNS servers.

A local DNS server provides the local mapping of complete skillful domains to IP
addresses. They provide record data to remote DNS servers for resolving requests
concerning the domains on the network.

32. Define the term INODE.

The inode refers to a data structure in a Unix-style file system that explains a file-system
object like a file or a directory. Every inode can store the attributes and disk block locations
of the object’s data. However, the file-system object attributes may include metadata
including owner and permission data.

33. What do you understand by RAID in Windows Server?

RAID stands for Redundant Array of Independent Disks which is used for storing the same
data at a different place. This method aids in fault tolerance and storage capacity
expansion. On distinct drives, however, it allows you to aggregate one or more volumes
for access via a single drive letter.

34. What is Windows Server Core and how is it different from the full GUI version of
Windows Server?
Windows Server Core is a minimalistic installation option of Windows Server that includes
only the essential components needed to run specific server roles. It does not include the
full graphical user interface (GUI) that is included in the full version of Windows Server.
Instead, it provides a command-line interface for managing the server, along with a limited
set of graphical tools.
The main difference between Windows Server Core and the full GUI version of Windows
Server is the amount of resources that each version requires to run. Since Windows Server
Core has fewer components and services installed, it requires less disk space, memory,
and CPU resources, making it a more lightweight and efficient option for running certain
server roles. This can be especially useful in scenarios where resources are limited, such
as in virtualized environments.
Another benefit of Windows Server Core is improved security. Since it includes fewer
components and services, there are fewer attack surfaces that can be exploited by

12
RESTRICTED
 RESTRICTED

malicious actors. Additionally, the lack of a GUI reduces the need for additional software,
reducing the overall attack surface of the server.
However, the lack of a GUI in Windows Server Core means that management tasks must
be performed using command-line tools or remote management tools. This can be more
difficult for administrators who are used to using the graphical tools in the full GUI version
of Windows Server.

35. Explain the following:

1. Domain local groups
These are used to assign access clearances to international domain groups for the
domain’s local resources.
2. Global groups
These provide access to other trusted domains’ resources.
3. Universal groups

This helps in providing access to all trusted domain resources.

37. Is it possible to restore Active Directory Partitions?

Yes, you can restore the objects from the domain and configuration partition.

36. Name the types of partitions in the active directory.

There are four types of partitions:
Firstly, the Configuration partition
Secondly, the Application partition
Thirdly, Schema partition
Lastly, Domain partition

37. Define Configuration Partition.

This is for storing all the data of Active Directory. The data here consists of site-link, Site,
subnet, etc. Further, the partition duplicates all domain controllers that are available in the
Forest.

13
RESTRICTED
 RESTRICTED

38. Explain the difference between application and scheme partition.

Application partition is for storing the information of applications in Active Directory. For
example, ForestDNSZones and DomainDNSZones.
Schema Partition is for storing all the information of the objects and their qualities. Further,
this duplicates to other domain controllers in the Forest.

39. What is PowerShell Desired State Configuration (DSC) and how does it work in
Windows Server?
PowerShell Desired State Configuration (DSC) is a configuration management tool that
allows administrators to define and manage the configuration of Windows servers using
PowerShell scripts. DSC enables administrators to automate the configuration of servers,
ensuring that they remain in a desired state and are always compliant with established
policies.
DSC works by defining a desired state for a server or group of servers, which is defined
in a PowerShell script. This script defines the configuration settings that need to be applied
to the server, including settings related to the operating system, applications, and security.
Once the desired state is defined, DSC continuously monitors the server to ensure that it
remains in the desired state.

If the configuration of the server changes, DSC will automatically apply the necessary
configuration changes to bring the server back into the desired state. This ensures that
servers remain compliant with established policies and reduces the risk of configuration
drift and other issues that can impact server performance and security.
DSC can be used to manage configuration across a wide range of Windows Server roles
and features, including Active Directory, Internet Information Services (IIS), Hyper-V, and
more. It can also be integrated with other Microsoft technologies, such as System Center
Configuration Manager (SCCM), to provide a comprehensive configuration management
solution for Windows Server environments.

40. Explaining the DHCP server configuring process for assigning the same IP
address to define devices whenever there is a change or removing of the
address?
For configuring the DHCP server, you can build a reservation for the device. However, for
creating a reservation, you must know the MAC hardware address of the device. Further,
for discovering the MAC address for a network device you can use the IP config command-
line utilities.

41. What do you understand by the SYSVOL folder?

14
RESTRICTED
 RESTRICTED

This refers to a set of files and folders placed on the local hard disk of each domain
controller in a domain. They are replicated by the File Replication Service with having files
containing group or user policy details.

42. What is Windows Server Manager and how is it used to manage multiple
servers?
Windows Server Manager is a management tool included in Windows Server that provides
a centralized interface for managing multiple servers in a Windows Server environment.
With Server Manager, administrators can manage multiple servers from a single console,
reducing the amount of time and effort required to manage server infrastructure.
Server Manager provides a dashboard-style interface that displays an overview of server
status, including system health, updates, and alerts. Administrators can use this interface
to view and manage server roles and features, monitor performance, configure security
settings, and more.
Server Manager also supports remote management of servers, which allows
administrators to manage servers from a central location without having to physically
access each server. This can be especially useful in large, distributed environments where
servers are located in different geographic locations.

In addition to managing individual servers, Server Manager also provides the ability to
create server groups, which allows administrators to manage multiple servers as a single
unit. This can be useful for managing servers that share common characteristics or roles,
such as web servers, file servers, or database servers.

43. Explain the various zones in the Windows DNS server.

Firstly, Primary Zone. In this, the record is provided as a text file with the typical extension
“.DNS”
Secondly, Secondary Zone. This is a support for the important server that goes about load
adjusting and provides for non-critical failure.
Lastly, Stub Zone. This consists of the name server and SOA records that help in reducing
the DNS seek orders.

44. Differentiate Windows and Windows Server.

Windows Server OS was released for server systems like Workstation, Rack, Tower, etc.
This is capable of multiple users who can log in and work continuously. Further, this has
the support of CPU(64), cores(320), and RAM(24TB).

15
RESTRICTED
 RESTRICTED

Windows OS was released for user systems like desktop, Laptop, Tablet, Mobile, X-box,
etc. In this, multiple user accounts can be created, but, only one user can log in at a time.
Further, this has the support of limited CPU(2), core(256), and RAM(2TB).

45. What is the Windows Server Storage Spaces feature and how does it work?
Windows Server Storage Spaces is a feature in Windows Server that allows administrators
to create virtual storage pools by combining multiple physical storage devices into a single,
logical storage unit. Storage Spaces provides a flexible and scalable storage solution for
Windows Server environments, allowing administrators to easily manage and expand
storage capacity as needed.
Storage Spaces works by abstracting physical storage devices, such as hard drives or
solid-state drives (SSDs), into virtual storage pools. These pools can then be partitioned
into virtual disks, which can be used to store data. Administrators can configure various
features of the virtual disks, including their size, resiliency, and performance
characteristics.
One of the key benefits of Storage Spaces is its ability to provide resiliency to storage. By
combining multiple physical storage devices into a virtual storage pool, Storage Spaces
can create redundant copies of data to protect against hardware failures. There are
several resiliency options available, including simple, mirror, parity, and dual parity.

In addition to providing resiliency, Storage Spaces can also improve performance by using
techniques such as striping and tiered storage. Striping involves dividing data across
multiple physical storage devices, which can improve read and write performance. Tiered
storage involves using multiple tiers of storage, such as SSDs and hard drives, to improve
performance for frequently accessed data while reducing costs for less frequently
accessed data.

46. What do you understand by a Proxy Server?

This refers to a computer that acts as a gateway between a local network and a larger-
scale system such as the Internet. Further, this also provides increased security and
performance as well as helps in monitoring the employees using outside resources.

47. Define WINS server?

The WINS servers, which map IP addresses to NetBIOS names, are known as Windows
Internet Name Service servers. Employers can now access resources using the
computer’s name rather than the IP address. This machine can also be set up as a WINS
server to keep track of the IP addresses and names of other computers on the network.

16
RESTRICTED
 RESTRICTED

48. What is the difference between Windows Server Backup and third-party backup
solutions?
Windows Server Backup is a backup and recovery solution included in Windows Server,
while third-party backup solutions are backup and recovery solutions developed by third-
party vendors. While both types of solutions are designed to provide data protection for
Windows Server environments, there are several differences between them.
One key difference is the level of functionality and features provided. Windows Server
Backup provides basic backup and recovery functionality, including support for system
state backups, full server backups, and selective file backups. However, it does not
provide advanced features such as backup scheduling, backup replication, or centralized
management of backups across multiple servers. Third-party backup solutions, on the
other hand, typically provide a broader range of features and functionality, including
support for cloud backups, backup replication, advanced scheduling, and more.
Another difference between Windows Server Backup and third-party backup solutions is
the level of support and customization available. While Windows Server Backup is a
Microsoft product and is fully supported by Microsoft, third-party backup solutions may
have different levels of support and may require additional configuration or customization
to integrate with Windows Server environments.
Finally, there may be differences in cost between Windows Server Backup and third-party
backup solutions. While Windows Server Backup is included with Windows Server at no
additional cost, third-party backup solutions may require a separate license or subscription
fee.

49. What is the major advantage of GPMC?

Group Policy Management Console (GPMC) provides easy management of all GPOs
diagonally the whole Active Directory Forest View of GPOs in one list. This allows to
perform GPOs backup and restore, Immigration of GPOs over many forest and domains.

50. Explaining the process to backup Group policy?

For backing up one single GPO, then click the GPO, and select Back Up.
Further, for backup of all GPOs in the domain, click Group Policy Objects and then, click
Back Up All.

51. What are some best practices for monitoring and optimizing the performance of
a Windows Server?
Here are some best practices for monitoring and optimizing the performance of a Windows
Server:

17
RESTRICTED
 RESTRICTED

Monitor key performance indicators: Use performance monitoring tools to track key
metrics such as CPU usage, memory usage, disk usage, network traffic, and application
performance. This can help you identify potential performance issues before they become
critical.
Analyze performance data: Analyze the performance data you collect to identify trends
and patterns that may indicate performance bottlenecks or other issues. Use this data to
optimize your server configuration and make informed decisions about capacity planning.
Optimize hardware resources: Ensure that your hardware resources (CPU, memory,
storage, and network) are properly configured and allocated to support the applications
and services running on your server. Make sure to periodically review and adjust resource
allocation as needed.
Use optimized software settings: Ensure that your server is configured with optimized
software settings to improve performance. This includes settings for the operating system,
applications, and services.
Use best practices for storage: Implement best practices for storage, including using RAID
arrays, optimizing disk performance, and using storage tiering to balance performance
and cost.
Use virtualization where appropriate: Consider using virtualization to optimize hardware
resources and improve performance. Virtualization can also make it easier to manage and
scale your server environment.
Implement caching: Implement caching solutions such as Content Delivery Networks
(CDNs) or server-side caching to improve performance for web-based applications and
services.
Regularly update and maintain the server: Regularly update and maintain the server with
the latest patches, firmware, and drivers to ensure optimal performance and security.
Monitor system logs: Monitor system logs to detect and diagnose potential issues before
they become critical. Use this information to improve performance and optimize server
configurations.
Use automation: Use automation tools to help streamline routine tasks such as backups,
updates, and maintenance. This can help reduce downtime and improve overall
performance.

52. Explain the types of Domain control?

Firstly, the primary domain controller. This emphasis on services of the domain for
avoiding the system possibility of a crash or slowing down because of the overtasking
from handling other security requests and functionality.
Secondly, a backup domain controller is promoted and becomes the primary domain
controller for preserving the server systems working appropriately.

18
RESTRICTED
 RESTRICTED

53. Define Trust Relationship.

The trust relationship is used for providing access between various domains or forests.

54. Define NTDS.DIT.

This refers to the Active Directory database which contains all the AD objects. However,
the default location is %system root%nrdsnrds.dit. Further, it depends on the Jet
database.

55. What is EDB.Log?

This file is used for tracking the transactions on the database. However, when EDB.Log
is full then, it gets renamed to EDB Num.log where num can be a number starting from 1
like EDB1.log

56. Define EDB.Che.

This file is for checking the data that is not yet written to a database. However, this file has
the starting point to the data that can be retrieved during failures.

57. What is Res in Res1.log and Res2.log.

Res here stands for reserved transaction file which is used for providing the transaction
log file enough time for shutting down if the disk runs out of space.

58. Explain the role of Flexible Single Master Operations?

The role of FSMOs is that it follows the Schema Master and Domain Naming Master.
These both are available only on each forest and also in the Infrastructure Master, RID
Master, and PDC.

59. What will you do if an HTTP monitor warns that a website is down, and you can
telnet to the port?
Firstly, I will figure the problem with the monitor if the web page is up. The other issues
can be flapping, or system overload.

60. Define Windows server backup.

The Windows Server Backup was released for Windows 2008 that works as a recycle bin
tool in the Active Directory. This offers you a large variety of solutions for backing up data

19
RESTRICTED
 RESTRICTED

on your system. Moreover, it provides access to a large amount of data backup and in
this, you can access the server backup using command lines and the management
console.

61. What is KCC?

KCC refers to a built-in process used for running on all domain controllers and creating
replication topology for the Active Directory forest. This builds separate replication
topologies based on whether replication is occurring within a site () or between sites.
Further, it has the capability for dynamically adjusting the topology to:

Firstly, accommodating the addition of a new domain controller

Secondly, the removal of existing domain controllers
Thirdly, the movement of domain controllers to and from sites
Then, changing costs and schedules
Lastly, domain controllers, which are temporarily unavailable or in an error state.

62. Define SID.

SID is a security identifier that refers to a unique value of variable length used for
identifying a security principle in Windows operating systems.

B. Questions on Azure and Hyper-V

63. What is Microsoft Azure and how does it integrate with Windows Server?
Microsoft Azure is a cloud computing platform and infrastructure offered by Microsoft. It
provides a wide range of cloud services, including virtual machines, storage, database
services, networking, and more. Azure is designed to enable businesses to build, deploy,
and manage applications and services in the cloud, using a flexible and scalable
infrastructure.

Windows Server can integrate with Azure in several ways:

a) Azure Virtual Machines: Windows Server can be deployed as a virtual machine
(VM) in Azure. This allows you to run Windows Server workloads in the cloud,
without having to maintain the physical infrastructure. You can also use Azure
Virtual Machines to extend your on-premises Windows Server environment into
the cloud.

20
RESTRICTED
 RESTRICTED

b) Azure Backup: Windows Server can be backed up to Azure using Azure Backup.
This provides a reliable and secure way to protect your data, without having to
maintain your own backup infrastructure. You can also use Azure Backup to
restore your Windows Server environment in case of a disaster.
c) Azure Active Directory: Windows Server can be integrated with Azure Active
Directory (AAD), which is Microsoft’s cloud-based identity and access
management service. This allows you to manage user identities and access
permissions across your Windows Server environment and Azure services from a
single console.
d) Azure Site Recovery: Windows Server can be protected with Azure Site Recovery,
which provides disaster recovery and business continuity services. This enables
you to replicate your Windows Server environment to Azure, and failover to Azure
in case of a disaster.

64. What is Hyper-V and how does it work in Windows Server?

Hyper-V is a virtualization technology developed by Microsoft that is included in Windows
Server. It enables administrators to create and manage virtual machines (VMs) on a
physical server.
Hyper-V works by creating a virtualized environment on a physical server that enables
multiple VMs to run on the same hardware. Each VM operates as a separate computer
with its own operating system, applications, and hardware resources, but all of the VMs
share the same physical resources.
Hyper-V uses a hypervisor, a thin layer of software that sits between the hardware and
the operating system, to manage the allocation of resources to each VM. The hypervisor
creates and manages the virtualized environment, and provides a layer of isolation
between the VMs and the host operating system.
Hyper-V supports a variety of virtual machine types, including Windows and Linux VMs,
and provides a range of features such as live migration, high availability, and virtual
networking. These features enable administrators to manage VMs efficiently, and provide
high levels of availability and scalability for critical applications.
Hyper-V is a key component of Microsoft’s virtualization strategy, and is widely used in
enterprise environments to reduce hardware costs, improve server utilization, and
increase flexibility and agility.

21
RESTRICTED
 RESTRICTED

C. Questions on Storage System

1. SAN Definition

A Storage Area Network (SAN) is a network of storage devices that can be accessed by
multiple servers or computers, providing a shared pool of storage space. Each computer on
the network can access storage on the SAN as though they were local disks connected directly
to the computer.

2. SAN vs. NAS

A SAN and network-attached storage (NAS) are two different types of shared networked
storage solutions. While a SAN is a local network composed of multiple devices, NAS is a
single storage device that connects to a local area network (LAN).

3. How do SANs differ from other data storage solutions like NAS or DAS?

The main difference between a SAN and other data storage solutions is that a SAN is designed
to be a high-performance storage network that is separate from the rest of the network. This
allows for much higher data transfer speeds and more flexibility in terms of how the storage is
used.

4. Different types of SAN architectures

There are three different types of SAN architectures: block, file, and object. Block SANs are
the most common and use a block-based storage protocol, such as Fibre Channel, to connect
storage devices to servers. File SANs use a file-based storage protocol, such as NFS or CIFS,
to connect storage devices to servers. Object SANs use an object-based storage protocol,
such as Amazon S3, to connect storage devices to servers.

22
RESTRICTED
 RESTRICTED

5. Fabric-based SAN

A Fabric-based SAN is a type of storage area network that uses a Fibre Channel fabric to
connect storage devices to servers. This type of SAN is typically used in enterprise
environments where high levels of performance and availability are required.

6. Difference between Fiber Channel and iSCSI? Which one would you recommend
for a certain use case?

Fiber Channel is a point-to-point connection that uses optical fiber, while iSCSI is a point-to-
point connection that uses copper wire. I would recommend Fiber Channel for use cases that
require high bandwidth and low latency, while iSCSI would be a better choice for use cases
that are more concerned with cost.

7. SAN switch

A SAN switch is hardware that connects servers to shared pools of storage devices. It is
dedicated to moving storage traffic in a SAN. SAN switch is responsible for connecting devices
in a SAN and providing a path for data to travel between them. In order for data to be read
from or written to a storage device, it must first pass through the Fibre Channel switch.

8. Software-defined storage (SDS)

A system of abstracting data storage so that the provisioning and management of storage are
separated from the underlying hardware. This allows separate pools of physical storage
resources to be managed together as a single logical device.

9. A logical unit number (LUN)

Is a unique identifier for designating an individual or collection of physical or virtual storage

devices that execute input/output (I/O) commands with a host computer, as defined by the
Small System Computer Interface (SCSI) standard. LUNs are used to identify subsets of data
in a disk so that the computing devices using them can execute operations.

23
RESTRICTED
 RESTRICTED

10. RAID
RAID is a technology that is used to increase the performance and/or reliability of data storage.
The abbreviation stands for either Redundant Array of Independent Drives or Redundant Array
of Inexpensive Disks, which is older and less used. A RAID system consists of two or more
drives working in parallel. These can be hard discs, but there is a trend to also use the
technology for SSD (Solid State Drives). There are different RAID levels, each optimized for a
specific situation. These are not standardized by an industry group or standardization
committee. This explains why companies sometimes come up with their own unique numbers
and implementations. This article covers the following RAID levels:

RAID 0 – striping
RAID 1 – mirroring
RAID 5 – striping with parity
RAID 6 – striping with double parity

RAID 10 – combining mirroring and striping

11. Advantages of using a SAN over other storage options like NAS, RAID, etc.
Some advantages of using a SAN over other storage options include the ability to scale
storage capacity and performance independently, the ability to connect multiple servers to the
same storage pool, and the ability to provide high availability and disaster recovery capabilities.

12. Difference between block level and file level access to a SAN
Block level access is when each individual block of data is addressed separately. This is the
most common type of access. File level access is when the data is accessed as a whole file.
This is less common, but can be useful in certain situations.
13. Difference between SCSI and IP protocols

SCSI is a bus-oriented protocol, meaning that it uses a shared bus to connect devices. IP is a
network-oriented protocol, meaning that it uses a network to connect devices.
14. Pros and cons of using a SAN as compared to other storage solutions like NAS

There are several key advantages to using a SAN over other storage solutions like NAS. First,
SANs offer much higher performance due to their ability to directly connect to servers. This
can be a big advantage in applications where speed is critical. Additionally, SANs tend to be
more scalable and offer more flexibility in terms of configuration.

There are a few potential drawbacks to using a SAN as well. First, they can be more expensive
to set up and maintain than other storage solutions. Additionally, SANs can be more complex
to manage, as they require specialized knowledge and skills.
15. How many devices can be connected to a single SAN
There is no limit to the number of devices that can be connected to a single SAN. The only
limit is the amount of storage that is available on the SAN.

24
RESTRICTED
 RESTRICTED

16. Zone in the context of a Storage Area Network

A zone is a logical grouping of devices within a Storage Area Network. Zones are used to
simplify management of the network by allowing administrators to group devices together
based on their function or purpose. For example, all of the devices that are used for a
particular application could be grouped together in a zone.
17. What happens when two hosts try to access the same LUN at the same time?
If two hosts try to access the same LUN at the same time, they will both be able to read and
write to the LUN, but there is a risk of data corruption. In order to avoid this, it is best to use a
SAN storage controller that can manage access to the LUN and ensure that only one host
has access to it at a time.

D. Questions and Answers on Exchange Server

1. What are the different versions of Exchange Server? tell some latest
version of Exchange server?
Answer:

Microsoft Exchange Server has evolved over time, and several versions have been
released. Here are the major versions of Exchange Server:

• Exchange Server 5.5: Released in 1997, it introduced enhanced messaging

capabilities and improved stability.
• Exchange 2000 Server: This version, released in 2000, introduced a new
architecture that improved reliability, scalability, and collaboration features.
• Exchange Server 2003: Released in 2003, it introduced features such as
improved email filtering, better mobile device support, and enhanced security.
• Exchange Server 2007: Introduced in 2007, this version brought significant
changes, including a new unified messaging system, improved scalability, and better
disaster recovery options.
• Exchange Server 2010: Released in 2009, it introduced features like database
availability groups, mailbox archiving, and improved management capabilities.
• Exchange Server 2013: Introduced in 2012, this version focused on
enhancements in scalability, mobility, and web-based administration.
• Exchange Server 2016: Released in 2015, it introduced improvements in
performance, reliability, and search functionality. It also emphasized integration with
cloud-based services.
• Exchange Server 2019: Released in 2018, this version focused on performance
improvements, enhanced security features, and better support for hybrid deployments
with Office 365.

2. What are the roles of Exchange server?

Answer:
Exchange Server roles serve the purpose of distributing specific functionalities and
responsibilities across different servers in an Exchange Server deployment. Each role

25
RESTRICTED
 RESTRICTED

is designed to perform specific tasks, ensuring efficient operation and scalability of the
Exchange environment. Here are the main Exchange Server roles:
a. Mailbox Server
b. Client Access Server
c. Hub Transport Server
d. Edge Transport Server
e. Unified Messaging Server

3. What is the purpose of Exchange Server roles?

Answer:
Each role is designed to perform specific tasks, ensuring efficient operation and
scalability of the Exchange environment.
Mailbox Role: The Mailbox role hosts and manages mailboxes, public folders, and
mailbox databases. It handles email storage, message routing, and data
synchronization.

Client Access Role: The Client Access role provides access to Exchange services
for clients, such as Microsoft Outlook, Outlook on the web (OWA), Exchange
ActiveSync, and Exchange Web Services (EWS). It handles client authentication,
connectivity, and proxying requests to the appropriate Mailbox server.

Hub Transport Role (deprecated in Exchange Server 2013 and later): The Hub
Transport role was responsible for routing messages within the organization, applying
transport rules, and performing message hygiene tasks like anti-spam and anti-
malware filtering. In newer versions of Exchange Server, its functionality has been
integrated into the Mailbox role.

Edge Transport Role: The Edge Transport role is deployed on the network perimeter
and provides an additional layer of security by filtering inbound and outbound email
traffic. It helps protect the Exchange organization from external threats, such as spam
and viruses, and provides enhanced message protection.

Unified Messaging Role: The Unified Messaging role enables voicemail, fax, and
speech recognition functionality within Exchange Server. It integrates telephony
services with Exchange, allowing users to access and manage their messages
through various devices and clients.

4. What is Hybrid Exchange? How does it work?

Answer:

A Hybrid Exchange configuration provides integration between an on-premises

Exchange organization and Exchange Online (Office 365), allowing the two
organizations to appear as one for end users and administrators.

Hybrid Exchange configurations can be used for two scenarios:

26
RESTRICTED
 RESTRICTED

• As a migration path between on-premises Exchange Server and Office 365

• As a permanent state for your on-premises Exchange and Office 365
organization

As part of planning and configuring your hybrid deployment, you need to decide
whether you want all messages from Internet senders to be routed through Exchange
Online or your on-premises organization. All messages from Internet senders will
initially be delivered to the organization you select and then routed according to where
the recipient's mailbox is located. Whether you choose to have messages routed
through Exchange Online or your on-premises organization depends on various
factors, including whether you want to apply compliance policies to all messages sent
to both organizations, how many mailboxes are in each organization, and so on.

The path messages sent to recipients in your on-premises and Exchange Online
organizations take depends on how you decide to configure your MX record in your
hybrid deployment. The preferred method is to configure your MX record to point to
Exchange Online Protection (EOP) in Microsoft 365 and Office 365 as this
configuration provides the most accurate spam filtering. The Hybrid Configuration
wizard doesn't configure the routing for inbound Internet messages for either the on-
premises or Exchange Online organizations. You must manually configure your MX
record if you want to change how your inbound Internet mail is delivered.

5. Describe unified messaging server role?

Answer: The Unified Messaging role enables voicemail, fax, and speech recognition
functionality within Exchange Server. It integrates telephony services with Exchange,
allowing users to access and manage their messages through various devices and
clients.

By distributing these roles across multiple servers, organizations can optimize

performance, scalability, and fault tolerance. Each role can be installed on a separate
server or combined on a single server, depending on the organization’s requirements
and infrastructure setup. This modular approach allows administrators to allocate
resources appropriately, streamline management, and ensure high availability and
resilience in their Exchange Server deployment.

6. What are exchange mailboxes? How many types of Exchange mailboxes

exist in Exchange Server?
Answer: In Microsoft Exchange Server, there are several types of Exchange
Mailboxes that can be created and managed. Here are the main types of mailboxes in
Microsoft Exchange Server:

User Mailbox: A user mailbox is associated with an individual user in the

organization. It stores the user’s email messages, calendar, contacts, tasks, and other
mailbox-related data.

Room Mailbox: A room mailbox represents a meeting location, such as a conference

room or auditorium. It is used for scheduling and managing room resources, including
booking availability, managing meeting invitations, and tracking room utilization.

27
RESTRICTED
 RESTRICTED

Equipment Mailbox: An equipment mailbox represents a physical resource, such as

a projector, company vehicle, or other shared equipment. It is used for managing and
scheduling the use of these resources.

Shared Mailbox: A shared mailbox is used for collaborative purposes. It allows

multiple users to access a common mailbox, view and respond to emails, and share
information. Shared mailboxes are often used for team collaboration, customer
support, or departmental email accounts.

7. What is Autodiscover? How does it work?

Answer: Autodiscover is a feature in Exchange Server that simplifies the configuration

of email clients, such as Microsoft Outlook, by automatically discovering and configuring
the required server settings. It allows users to set up their email accounts quickly and
easily without requiring manual configuration of server names, ports, and other settings.
Here’s how Autodiscover works in Microsoft Exchange Server:
DNS Lookup: When a user enters their email address and password in an email
client, the client sends a request to the Autodiscover service. The first step is a DNS
lookup for the Autodiscover service using the email domain (e.g.,
autodiscover.example.com).

Autodiscover Service URL: The DNS lookup returns the Autodiscover service URL,
which is typically a subdomain like autodiscover.example.com. The email client then
sends an Autodiscover request to this URL.

Autodiscover Request: The email client sends an HTTP or HTTPS request to the
Autodiscover service URL. The request includes the user’s email address and other
identification information.

Autodiscover Service Response: The Autodiscover service processes the request

and responds with an XML document containing the necessary server settings and
configuration information. This response is based on the user’s email address and the
organization’s Exchange configuration.

Configuration Settings: The Autodiscover response includes information such as

the Exchange server’s URL, authentication methods, SSL certificate details, and other
required settings. The email client uses this information to automatically configure the
connection to the Microsoft Exchange server.

Automatic Configuration: The email client uses the received server settings and
configuration information to establish a connection with the Exchange server. It
configures the appropriate protocols (e.g., Exchange ActiveSync, Outlook Anywhere)
and sets up the user’s mailbox in the client.

28
RESTRICTED
 RESTRICTED

8. What is Active Directory and how is it related to Microsoft Exchange Server?

Answer: Active Directory (AD) is a directory service developed by Microsoft that
stores and manages information about network resources such as users, groups,
computers, and other devices within a network. It provides a centralized database and
authentication mechanism for controlling access to network resources.

Active Directory database stores the information in three types of logical partitions.

Schema Partition, Configuration Partition, and Domain Partition.

Schema partition: defines all the types of objects that can be created and stored in
Active Directory and the properties that can be used for the objects that are stored in
Active Directory.
Configuration partition stores the information about the forest-wide configuration. It
includes the configuration of Active Directory sites, Exchange global settings, transport
settings, and mailbox policies.
Domain partition stores the information in default containers and in the organizational
units that are created by the Active Directory administrator. This information includes
Exchange system objects and the information about the computers, users, and groups in
that particular domain.
9. What does the Role that Active Directory Plays in Exchange Server?
Answer: Active Directory plays a crucial role in the integration and operation of Microsoft
Exchange Server, which is Microsoft’s email and collaboration platform. Here’s how they
are related:
User Authentication and Authorization: Active Directory handles the authentication
and authorization process for Microsoft Exchange Server. When a user logs in to their
computer or attempts to access their email, Active Directory verifies their credentials and
grants appropriate permissions based on their user account properties and group
memberships.

User and Mailbox Management: Active Directory is used to create and manage user
accounts, including their associated email mailboxes, in Microsoft Exchange Server.
User information, such as display names, email addresses, and mailbox settings, is
stored in Active Directory. Exchange Server leverages this information to provide email
services and manage mailboxes.

Global Address List (GAL): The Global Address List, which contains contact
information for all users and resources in an Exchange Server organization, is derived
from Active Directory. Exchange Server queries Active Directory to obtain user attributes
and builds the GAL accordingly. This allows users to easily search for and communicate
with other users within the organization.

29
RESTRICTED
 RESTRICTED

Exchange Server Organization and Administrative Roles: Active Directory is used to

define the organizational structure of an Exchange Server environment. Microsoft
Exchange Server organizations, administrative groups, and routing groups are
represented in Active Directory as objects and containers.

10. What is the difference between a transport rule and a mailbox rule?
Answer:
Transport Rule: A transport rule in Microsoft Exchange Server is a server-side rule that
is applied during the email transport process. It allows administrators to define and
enforce specific actions on email messages based on predetermined conditions.
Transport rules operate on messages as they pass through the Exchange Server, before
they reach the recipient’s mailbox. Key points about transport rules include:

1. Applied at the server level: Transport rules are implemented on the Exchange
Server itself and are enforced during the message routing process.
2. Broad scope: Transport rules can affect multiple users or groups and are often
used for organization-wide policies or compliance requirements.
3. Actions on messages: Transport rules can perform actions such as modifying
message content, adding headers, redirecting or forwarding messages, applying
disclaimers, or blocking or quarantining messages.
4. Conditions and exceptions: Transport rules can be based on various
conditions, including sender, recipient, subject, message content, attachments, or
message size. Exceptions can also be defined to exclude specific scenarios from the
rule’s application.

Mailbox Rule: A mailbox rule, also known as an inbox rule or client-side rule, is set
up by individual mailbox users to manage and organize their own email messages
within their mailbox. Mailbox rules are applied after the email message reaches the
user’s mailbox. Key points about mailbox rules include:

1. Applied at the mailbox level: Mailbox rules are created and executed within the
individual user’s mailbox. They are processed by the user’s email client or the
Exchange Server, depending on the client used.
2. User-specific scope: Mailbox rules apply only to the mailbox of the user who
creates them. They allow users to automate actions within their own mailbox without
affecting other users.
3. Actions on messages: Mailbox rules typically perform actions such as moving
messages to specific folders, forwarding messages, deleting messages, marking
messages as read, or categorizing messages based on certain criteria.
4. Conditions and exceptions: Mailbox rules can be configured based on sender,
recipient, subject, message content, attachments, or other message properties. Users
can also set exceptions to exclude specific scenarios from the rule’s application.

30
RESTRICTED
 RESTRICTED

In summary, transport rules are enforced at the server level and operate on
messages during the transport process, affecting multiple users, while mailbox rules
are user-specific and applied within individual mailboxes to manage and organize
incoming messages.

11. Can you describe the architecture of Exchange Server 2016?

Answer:
Let’s first understand what the basic functions of exchange server are.

Every email server has a database where mailboxes, calendars, and recipients are
stored.

Client Access service is used by the email applications. For example, Outlook, OWA,
and mobile clients. Users can use these applications to manage their emails and
calendars.

Mailbox Transport service is used to send and receive emails within the
organization or outside the organization.

So, these are the 3 basic functions of Microsoft exchange server or any other email
server.

In addition to this, to achieve a higher level of security, an exchange server provides

Edge Transport Service. Edge Transport Service is responsible to route inbound and
outbound external emails.

31
RESTRICTED
 RESTRICTED

Edge Transport Server is always installed on the perimeter network.

12. What are the basic prerequisites that need to be met before installing
Exchange Server?
Answer:
Before you can install Exchange Server, you need to first install Active Directory
Domain Services and create a domain controller. You will also need to create a user
account that has administrative privileges, as well as a mailbox for the Exchange
Server. Additionally, you will need to verify that your system meets the minimum
hardware and software requirements for Exchange Server.
13. What are the different types of recipients available in Exchange Server?
Answer:
The different types of recipients available in Exchange Server are mailbox-enabled
users, mail-enabled users, mail contacts, and distribution groups.
14. What is the difference between Edge Transport Servers and Hub Transport
Servers?
Answer:
Edge Transport Servers are designed to be placed in a perimeter network, separate
from the internal network, in order to provide additional security. Hub Transport
Servers are designed to be placed in the internal network and are responsible for
routing mail between servers and to the Edge Transport Servers.

15. What are some common problems associated with Exchange Server
installations and migrations?
Answer:

Some common problems that can occur during an Exchange Server installation or
migration include:

32
RESTRICTED
 RESTRICTED

-Incorrect DNS settings, which can prevent clients from connecting to the server
-Problems with Active Directory integration
-Incorrect mailbox permissions, which can prevent users from accessing their
mailboxes
-Problems with email routing, which can prevent messages from being delivered to
the intended recipients
-Incorrectly configured security settings, which can leave the server vulnerable to
attack

16. What is the purpose of a client access server?

Answer:
The client access server is responsible for handling all client connections to a
Microsoft Exchange server. This includes handling all requests for data, such as
email messages, as well as managing any updates that need to be made to the data
on the server. The client access server is the only server that clients should need to
connect to in order to access their Exchange data.
17. What are the limitations of Exchange Server backups?
Answer:
One of the biggest limitations of backing up Exchange Server is that you can only
restore data to the same server that it was backed up from. This can be a problem if
the original server is lost or damaged, as you will not be able to restore the data to a
new server. Additionally, Exchange Server backups can be quite large and can take
a long time to complete, which can be a problem if you need to restore data quickly.
18. What’s the role of mailbox databases?
Answer:
Mailbox databases store all of the data for the mailboxes on an Exchange server.
This data includes email messages, contacts, calendar items, and any other data
that is associated with a mailbox. The mailbox database is what allows users to
access their mailboxes and data from anywhere in the world.
19. What is the best way to backup and restore an Exchange Server?
Answer:
The best way to backup and restore an Exchange Server is to use a third-party
backup and recovery solution. This will ensure that all of your data is backed up and
can be easily restored in the event of a disaster.

20. What are some common problems associated with Exchange Server
installations and migrations?
Answer:

Some common problems that can occur during an Exchange Server installation or
migration include:

-Incorrect DNS settings, which can prevent clients from connecting to the server
-Problems with Active Directory integration

33
RESTRICTED
 RESTRICTED

-Incorrect mailbox permissions, which can prevent users from accessing their
mailboxes
-Problems with email routing, which can prevent messages from being delivered to
the intended recipients
-Incorrectly configured security settings, which can leave the server vulnerable to
attack

21. What is your view on Hosted vs On-premises exchange servers?

Answer:

There are pros and cons to both hosted and local exchange servers. With a hosted
server, you are relying on the hosting company to keep your server up and running,
which can be a risk if they are not reliable. However, hosted servers can be a good
option for small businesses that don’t have the resources to manage a local server.
Local exchange servers give you more control over your server, but they can be
more expensive and require more maintenance.
22. What is Outlook Web App (OWA) and Exchange ECP?
Answer:
Outlook Web Access is a full-featured, web-based email client with the look and feel of
the Outlook client. With OWA, users can access their mailboxes from any Internet
connection regardless of whether or not the computer is equipped with Outlook.

OWA provides most of the same functionality found in Outlook, easy-to-use interface,
and the essential tools needed to create a professional email (spell check, signatures,
HTML support and more).

In addition to email, OWA allows users to access their calendars, contacts, tasks and
folders through a secure connection, just like they would in the office. Users can also
search their old email, set up or edit out of office notifications, manage junk mail
settings, and more.

The Exchange admin center (EAC) is the web-based management console in

Exchange Server that's optimized for on-premises, online, and hybrid Exchange
deployments. The EAC was introduced in Exchange Server 2013 and replaces the
Exchange Management Console (EMC) and the Exchange Control Panel (ECP),
which were the two management interfaces in Exchange Server 2010.
23. Explain the process of configuring and managing Microsoft Exchange Server
certificates.
Answer:

1. Obtain a Certificate:
• Purchase a certificate from a trusted commercial certificate authority (CA) or
generate a certificate from an internal CA if available.
2. Generate a Certificate Signing Request (CSR):
• Open the Exchange Management Shell.
• Generate a CSR using the New-ExchangeCertificate cmdlet: New-
ExchangeCertificate -GenerateRequest -SubjectName

34
RESTRICTED
 RESTRICTED

"CN=mail.example.com,OU=IT,O=Example Corp,L=New York,S=NY,C=US" -

DomainName mail.example.com,autodiscover.example.com -
PrivateKeyExportable $true -KeySize 2048 -Path "C:\Certs\mail.csr"
• Customize the SubjectName, DomainName, and Path parameters as per your
environment.
3. Submit CSR to the CA:
• Submit the CSR to the CA either via their online interface or by providing the
CSR file directly.
4. Install the Certificate:
• Once you receive the certificate from the CA, save it as a .cer or .pfx file on the
Exchange Server.
• Import the certificate using the Import-ExchangeCertificate cmdlet: Import-
ExchangeCertificate -Path "C:\Certs\mail.cer" -FriendlyName "Exchange
Certificate" -PrivateKeyExportable $true
5. Assign Services to the Certificate:
• Use the Enable-ExchangeCertificate cmdlet to assign services to the certificate.
For example, to assign the SMTP and IIS services: Enable-ExchangeCertificate -
Thumbprint <Thumbprint> -Services SMTP, IIS
• Replace <Thumbprint> with the actual thumbprint of the installed certificate. You
can get the thumbprint by running the Get-ExchangeCertificate cmdlet.
6. Enable SSL/TLS for Services:
• Enable SSL/TLS for each service using the Set-
<Service>VirtualDirectory cmdlets. For example, to enable SSL/TLS for the
Exchange OWA (Outlook Web App) virtual directory: Set-OwaVirtualDirectory -
Identity "SERVER\owa (Default Web Site)" -ExternalUrl
https://mail.example.com/owa -InternalUrl https://mail.example.com/owa
• Repeat this step for other services like ECP (Exchange Control Panel), EWS
(Exchange Web Services), ActiveSync, etc.
7. Renewing and Replacing Certificates:
• To renew a certificate, generate a new CSR, submit it to the CA, and follow the
steps above to install and assign the renewed certificate.
• To replace an existing certificate, follow the steps above to install and assign the
new certificate, and then remove the old certificate using the Remove-
ExchangeCertificate cmdlet.

24. What are the best practices for disaster recovery in Microsoft Exchange
Server?
Implementing disaster recovery (DR) practices for Microsoft Exchange Server is crucial
to ensure business continuity and minimize downtime in the event of a disaster. Here are
some best practices for Exchange Server disaster recovery:

1. Regular Backups:
• Perform regular backups of Exchange Server databases, including mailbox
databases and public folder databases. Use a backup solution that supports
Exchange Server and enables granular recovery options.
2. Offsite Backup Storage:
• Store backup copies in an offsite location, preferably in a different geographical
location than the primary data center. This safeguards against physical disasters
such as fires, floods, or earthquakes.
3. Test Backup and Recovery:

35
RESTRICTED
 RESTRICTED

• Periodically test backup and recovery processes to ensure they are working
correctly and data can be restored successfully. Conduct test recoveries in a
non-production environment.
4. Database Availability Groups (DAG):
• Deploy Database Availability Groups (DAG) in Exchange Server. DAG provides
high availability and automatic database failover, ensuring that mailbox
databases are replicated across multiple servers.
5. Redundant Hardware:
• Use redundant hardware components such as power supplies, network adapters,
and disk arrays. Redundancy at the hardware level reduces the risk of a single
component failure causing a service outage.
6. Site Resilience and Data Centers:
• Design Exchange Server infrastructure with site resilience in mind. Consider
using multiple data centers or leveraging cloud-based services to ensure service
availability during site-level disasters.
7. Regular Testing and Maintenance:
• Conduct regular tests of your disaster recovery plan to validate its effectiveness
and identify any areas that require improvement. Perform routine maintenance
tasks such as patch management and server health checks.

25. What is the difference between IMAP and Microsoft Exchange Server?
Answer:
IMAP (Internet Message Access Protocol) and Microsoft Exchange Server are
both related to email communication, but they differ in terms of functionality and
capabilities. Here’s the difference between IMAP and Microsoft Exchange Server:

IMAP (Internet Message Access Protocol):

IMAP is an email retrieval protocol that allows email clients to access and manage
emails stored on a remote mail server.

IMAP enables users to view and organize their email messages without
downloading them to their local devices. It keeps emails stored on the server and
synchronizes changes between the client and server.

With IMAP, users can create folders, move messages between folders, search for
specific emails, and manage their mailbox hierarchy.

IMAP supports both online and offline modes, allowing users to access and
manage emails even when not connected to the internet.

IMAP is a standard protocol supported by various email clients and servers,

making it compatible across different platforms and devices.

Microsoft Exchange Server:

Microsoft Exchange Server is a comprehensive messaging and collaboration
platform that includes email, calendaring, contacts, tasks, and other collaboration
features.

36
RESTRICTED
 RESTRICTED

Microsoft Exchange Server provides a server-side solution for managing email

communication within an organization’s network infrastructure.
Exchange Server supports various email protocols, including IMAP, POP3 (Post
Office Protocol version 3), and MAPI (Messaging Application Programming
Interface).

Microsoft Exchange Server offers advanced features beyond basic email retrieval,
such as server-side rules, message tracking, mailbox management, shared
calendars and contacts, and integration with other Microsoft services and
products.

Microsoft Exchange Server provides additional functionalities like unified

messaging, mobile device synchronization, security features (e.g., anti-spam, anti-
malware), and administrative tools for managing and configuring the server.

26. What is the process of configuring and managing Microsoft Exchange Server
mobile devices?
Configuring and managing Microsoft Exchange Server mobile devices involves
setting up and managing the synchronization of email, contacts, calendars, and
other data between Exchange Server and mobile devices. This process typically
involves the following steps:

Configure Exchange ActiveSync:

a. Ensure that Exchange ActiveSync is enabled on the Exchange Server and

properly configured to allow mobile device connectivity. Verify that the necessary
services are running, such as the Microsoft Exchange ActiveSync service.

Configure Mobile Device Access Policy:

b. Define the mobile device access policy to control which devices can connect to
Exchange Server and the level of access they have. This policy helps enforce
security settings and restrictions on mobile devices.
c. In Exchange Admin Center (EAC), go to “Mobile > Mobile Device Access” and
configure the desired policy settings. You can set policies for device types, device
PIN requirements, encryption, and more.

Enable Mobile Device Mailbox Access:

d. Enable mobile device access for specific user mailboxes. This allows users to
connect their mobile devices to Exchange Server and access their email,
contacts, calendars, and other data.
e. In EAC, go to “Recipients > Mailboxes,” select the user mailbox, and click on
“Enable Exchange ActiveSync.” You can also use the Enable-
ActiveSyncMailboxPolicy cmdlet in Exchange Management Shell (EMS).

Configure Device Security Policies:

37
RESTRICTED
 RESTRICTED

f. Establish security policies to enforce specific requirements on mobile devices,

such as requiring device encryption, setting password complexity, enabling
remote wipe capabilities, and enforcing screen lock timeouts.
g. In EAC, go to “Mobile > Mobile Device Access” and click on “Device Access
Rules.” Create or modify device access rules to define the security policies for
mobile devices.

Manage Mobile Device Partnerships:

h. Manage the partnerships between mobile devices and user mailboxes. This
includes approving or blocking device partnerships, remotely wiping or blocking
devices, and managing device quarantines.
i. In EAC, go to “Mobile > Mobile Device Access” and click on “Mobile Device
Mailboxes.” Select the user mailbox and manage the device partnerships.

Monitor and Track Mobile Device Activity:

j. Monitor mobile device activity, such as the number of devices connected, device
types, and device compliance status. Track device-related events and logs to
identify any issues or security concerns.
k. Use tools like the Exchange Admin Center, Exchange Management Shell cmdlets,
or mobile device management (MDM) solutions to monitor and track mobile
device activity.

Remote Device Management:

l. Use remote device management capabilities to perform actions on mobile

devices, such as initiating a remote wipe, password reset, or device lock, in case
of lost or stolen devices or when security measures need to be enforced.
m. Access remote device management options through the Exchange Admin Center
or MDM solutions integrated with Exchange Server.

27. What is the purpose of a client access server?

Answer: The client access server is responsible for handling all client
connections to a Microsoft Exchange server. This includes handling all
requests for data, such as email messages, as well as managing any
updates that need to be made to the data on the server. The client access
server is the only server that clients should need to connect to in order to
access their Exchange data.
28. What are the limitations of Exchange Server backups?
Answer:
One of the biggest limitations of backing up Exchange Server is that you can only
restore data to the same server that it was backed up from. This can be a problem
if the original server is lost or damaged, as you will not be able to restore the data
to a new server. Additionally, Exchange Server backups can be quite large and can
take a long time to complete, which can be a problem if you need to restore data
quickly.

38
RESTRICTED
 RESTRICTED

29. How do you install and configure an Exchange server?

Answer:
The process for installing and configuring an Exchange server will vary depending
on your specific needs and environment. However, in general, you will need to first
install the Exchange server software and then run the Exchange setup wizard. After
that, you will need to create a new mailbox database and then create and configure
your Exchange mailboxes. Finally, you will need to set up your DNS records to allow
clients to connect to your Exchange server.
30. How do you configure and manage Microsoft Exchange Server retention
policies?
Answer:
Configuring and managing retention policies in Microsoft Exchange Server allows you
to control how long email messages are retained in user mailboxes or specific folders.
Retention policies help organizations comply with regulatory requirements, manage
mailbox sizes, and enforce data retention and deletion policies. Here’s a general
process for configuring and managing retention policies:

1. Access Exchange Admin Center or Exchange Management Shell:

• Log in to the Exchange Admin Center (EAC) or open the Exchange
Management Shell (EMS) with administrative privileges.
2. Create a New Retention Policy:
• In the EAC, navigate to the “Compliance Management” section and select
the “Retention Policies” tab. Click on “New (+)” to create a new policy.
• In EMS, use the New-RetentionPolicy cmdlet to create a new retention
policy. For example: New-RetentionPolicy -Name "Policy Name"
• Replace “Policy Name” with the desired name for the retention policy.
3. Add Retention Tags to the Policy:
• Retention tags define the retention settings for different types of email
messages. They specify the action to take, such as keeping messages for a specific
period or deleting them after a certain timeframe.
• In the EAC, select the newly created policy and click on “Add (+)” to add
retention tags. Configure the retention tag properties, such as name, retention action
(e.g., delete, move to archive), and retention period.
• In EMS, use the New-RetentionPolicyTag cmdlet to create retention tags
and associate them with the retention policy. For example: New-RetentionPolicyTag -
Name "Tag Name" -Type All -RetentionEnabled $true -RetentionAction
DeleteAndAllowRecovery -RetentionPeriod "365"
• Replace “Tag Name” with the desired name for the retention tag. Adjust
the parameters to specify the appropriate retention settings.
4. Assign the Retention Policy to Mailboxes:
• To apply the retention policy to specific mailboxes, you need to assign the
policy to those mailboxes.
• In the EAC, select the retention policy and click on “Assign (people icon).”
Choose the mailboxes or mailbox folders to which the policy should be applied.
• In EMS, use the Set-Mailbox cmdlet to assign the retention policy to
mailboxes. For example: Set-Mailbox -Identity "User1" -RetentionPolicy "Policy
Name"
• Replace “User1” with the mailbox identity and “Policy Name” with the
name of the retention policy.

39
RESTRICTED
 RESTRICTED

5. Modify or Remove Retention Policies and Tags:

• To modify an existing retention policy or tag, you can edit the policy or tag
properties in EAC or use the appropriate cmdlets in EMS (Set-
RetentionPolicy and Set-RetentionPolicyTag).
• To remove a retention policy or tag, select the policy or tag in EAC and
click on “Remove (trash bin)” or use the Remove-RetentionPolicy and Remove-
RetentionPolicyTag cmdlets in EMS.
6. Monitor and Review Retention Policies:
• Regularly review the effectiveness of retention policies and their impact
on mailbox sizes and compliance requirements.
• Monitor the retention policy application using tools such as message
tracking logs and compliance reports.

E. Question & Answers on Datacenter

1. Describe the key facilities and IT components within data center

Answers:
Data centers are critical facilities designed to house and manage a large number of
computing resources, IT equipment, and networking infrastructure required for various
tasks, such as data storage, processing, and distribution. They play a central role in
supporting the digital operations of organizations and services. Here are some key
facilities and IT components commonly found within data centers:
Physical Infrastructure:

Building: Data centers are typically large, secure buildings with controlled access and
environmental controls to ensure optimal operating conditions.
Power Systems: Data centers require significant amounts of power to operate servers
and cooling systems. They are equipped with redundant power sources, such as utility
power and backup generators, to ensure uninterrupted operation.
Cooling Systems: High-density computing generates heat, so data centers incorporate
sophisticated cooling systems, including air conditioning, liquid cooling, and hot/cold aisle
containment, to maintain appropriate temperature and humidity levels.
Fire Suppression: Data centers have advanced fire suppression systems that use
specialized gases or chemicals to extinguish fires without damaging equipment.
Physical Security: Access controls, surveillance cameras, biometric authentication, and
security personnel ensure the physical security of the data center.
IT Components:

40
RESTRICTED
 RESTRICTED

Servers: Data centers house a vast array of servers, which are powerful computers
designed to perform specific tasks, such as hosting websites, processing data, or running
applications.
Storage Systems: Data centers use storage solutions like hard drives, solid-state drives
(SSDs), and network-attached storage (NAS) devices to store and manage vast amounts
of data.
Networking Equipment: This includes routers, switches, and load balancers that manage
data traffic within and outside the data center, ensuring efficient communication between
servers and users.
Firewalls and Security Appliances: These devices protect the data center infrastructure
from cyber threats and unauthorized access, controlling network traffic based on
predefined security rules.
Backup and Disaster Recovery Systems: Data centers implement backup and disaster
recovery solutions to ensure data integrity and availability in case of hardware failures or
other emergencies.
Virtualization Software: Data centers often use virtualization technology to optimize
resource utilization by creating multiple virtual instances (virtual machines) on a single
physical server.
Monitoring and Management Software: Software tools provide administrators with real-
time insights into the performance, health, and utilization of data center resources.
Remote Management Systems: These systems enable administrators to remotely
control and manage servers and other IT equipment within the data center.
Connectivity:

Internet Connectivity: Data centers are connected to high-speed internet connections

through multiple providers to ensure redundancy and reliable network access.
Interconnects: Data centers may have direct connections to cloud service providers,
content delivery networks (CDNs), and other data centers for seamless data exchange.
Redundancy and High Availability:

Redundant Systems: Data centers often incorporate redundant components (such as

power sources, cooling systems, and network connections) to minimize downtime in case
of failures.
Load Balancing: Load balancers distribute network traffic across multiple servers to
prevent overloading and ensure optimal performance.
Overall, data centers are complex environments that house a combination of physical
infrastructure and advanced IT components, all working together to provide reliable, high-
performance computing services.

41
RESTRICTED
 RESTRICTED

2. Explain life cycle of a device or hardware of datacenter in details

Answers:
The life cycle of a device or hardware in a data center involves a series of stages from its
initial planning and acquisition to eventual decommissioning and disposal. Each stage is
crucial for effectively managing the hardware's performance, efficiency, and overall
contribution to the data center's operations. Here is a detailed explanation of each stage
in the life cycle of data center hardware:
Planning and Requirements Gathering:
a) Identify the specific needs and objectives of the data center, considering factors
like workload requirements, capacity, performance, and growth projections.
b) Define the technical specifications and features required for the hardware to meet
the data center's operational goals.
c) Align hardware choices with the data center's overall architecture, infrastructure,
and strategic plans.
Procurement and Acquisition:
a) Research potential hardware vendors, comparing options based on factors such
as cost, quality, support, and compatibility.
b) Prepare and submit purchase orders or contracts, outlining terms and conditions
for procurement.
c) Collaborate with procurement and finance teams to ensure timely acquisition and
delivery of the hardware.
Installation and Configuration:
a) Physically install the hardware within the data center facility, ensuring proper
placement, alignment, and connection to power and cooling infrastructure.
b) Configure the hardware settings, including network configurations, firmware
updates, and initial software installations.
c) Test the hardware thoroughly to verify functionality and compatibility with the data
center environment.
Operation and Monitoring:
a) Monitor the hardware's performance, health, and utilization using monitoring tools
and software.
b) Implement regular maintenance routines, including firmware updates, patch
management, and hardware inspections.
c) Respond promptly to hardware alerts, failures, or performance issues to minimize
downtime and service disruptions.
Optimization and Upgrades:
a) Continuously analyze hardware performance data to identify areas for optimization
and resource utilization improvement.

42
RESTRICTED
 RESTRICTED

b) Plan and execute hardware upgrades or expansions to accommodate changing

workloads and technological advancements.
c) Ensure that upgrades align with the data center's scalability and capacity planning
strategies.
Lifecycle Extension and Redeployment:
a) Evaluate the feasibility of extending the hardware's life cycle by repurposing or
redeploying it for different tasks or projects within the data center.
b) Consider repurposing older hardware for non-critical workloads or testing
environments to maximize its utility.
End-of-Life (EOL) Planning:
a) Determine the appropriate time to retire the hardware based on factors such as
performance degradation, compatibility issues, and overall business needs.
b) Plan for hardware replacement or decommissioning, considering data migration,
application dependencies, and potential impact on operations.
Decommissioning and Disposal:
a) Safely decommission the hardware by disconnecting it from power and network
infrastructure.
b) If applicable, migrate data and applications from the retiring hardware to its
replacement.
c) Wipe or securely erase any data stored on the hardware to prevent data breaches
or unauthorized access.
d) Dispose of the hardware in an environmentally responsible manner, adhering to
regulations and recycling best practices.
Documentation and Reporting:
a) Maintain comprehensive records of the hardware's life cycle, including
procurement details, maintenance activities, upgrades, and decommissioning.
b) Generate reports and documentation that provide insights into the hardware's
performance, costs, and contributions to the data center's efficiency and
operations.
c) Throughout each stage of the hardware's life cycle, effective management and
strategic decision-making are essential to optimize performance, minimize costs,
ensure data security, and contribute to the overall success of the data center's
operations.

43
RESTRICTED
 RESTRICTED

F. How to Backup Windows Active Directory Server

Step-1: Open Server Manager and select Add roles and features.

Step-2: On the Add Roles and Features Wizard select Next.

Step-3: On the Installation Type screen, leave the default Role-based or

feature-based installation and select Next.

Step-4: On the Server Selection screen, select Next.

Step-5: On the Server Roles screen, select Next.

Step-6: On the Features screen, select Windows Server Backup and select
Next

44
RESTRICTED
 RESTRICTED

Step-6: Select Install.

Step-7: Once the installation is complete, select Close.

Step-8: Open Server Manager, select Tools, and then select Windows Server
Backup.

Step-9: If you're prompted, in the User Account Control dialog box, provide
Backup Operator credentials, and then select OK.
45
RESTRICTED
 RESTRICTED

Step-10: Select Local Backup.

Step-11: On the Action menu, select Backup once.

Step-12: In the Backup Once Wizard, on the Backup options page, select
Different options, and then select Next.

Step-13: On the Select backup configuration page, select Full server

(recommended), and then select Next. Or when you select “Custom”, make

46
RESTRICTED
 RESTRICTED

sure to select “Bare metal recovery” and the items is selected automatically:

Step-14: On the Specify destination type page, select Local drives or Remote
shared folder, and then select Next.
Step-15: On the Select Backup Destination page, choose the backup location.
If you selected local drive choose a local drive or if you selected remote share
choose a network share.
Step-14: On the confirmation screen, select Backup.

47
RESTRICTED
 RESTRICTED

Step-15: Once this has completed select Close.

Step-16: Close Windows Server Backup.

48
RESTRICTED
 RESTRICTED

G. How to update windows clients from WSUS Server

Step-1: In the WSUS Administration Console, go to Update

Services\Server_Name\Updates. In the Action pane, click New Update View.

Step-2: In the Add Update View dialog box, select Updates are in a specific
classification and Updates are for a specific product.

Step-3: Edit the properties, click any classification. Clear all check boxes
except Upgrades, and then click OK.

Step-4: Edit the properties, click any product. Clear all check boxes except
Windows 10, and then click OK.

Windows 10 is under All Products\Microsoft\Windows.

Step-5: Specify a name box, type All Windows 10 Upgrades, and then click
OK.

49
RESTRICTED
 RESTRICTED

Step-6: Now that you have the All Windows 10 Upgrades view, complete the
following steps to manually approve an update for the Ring 4 Broad Business
Users deployment ring:

Step-7: In the WSUS Administration Console, go to Update

Services\Server_Name\Updates\All Windows 10 Upgrades.

Step-8: Right-click the feature update you want to deploy, and then click
Approve.

Step-9: In the Approve Updates dialog box, from the Ring 4 Broad Business
Users list, select Approved for Install.

50
RESTRICTED
 RESTRICTED

Step-10: In the Approve Updates dialog box, from the Ring 4 Broad Business
Users list, click Deadline, click One Week, and then click OK.

Step-11: If the Microsoft Software License Terms dialog box opens, click
Accept.

If the deployment is successful, you should receive a successful progress

report.

Step-12: In the Approval Progress dialog box, click Close.

51
RESTRICTED
 RESTRICTED

H. Create and Apply VM Checkpoints from Windows Hyper-V

Hyper-V checkpoints are differencing file that captures the state, data and
hardware configuration of a VM in operation. Checkpoints establish a known-
good or known-working VM snapshot at a given point in time.

Step-1: Open Hyper-V Manager.

Step-2: Select the VM for which the checkpoint will be created.

Step-3: Right-click the name of the VM, and then click the Checkpoint.

52
RESTRICTED
 RESTRICTED

Step-4: The checkpoint is created and can be accessed in the Checkpoints

section below.

Hyper-V checkpoints are primarily used to revert a VM to its previous state. Use
the steps below to apply the checkpoint for this purpose.

Step-1: Open Hyper-V Manager.

Step-2: Select the VM which you want to revert.

53
RESTRICTED
 RESTRICTED

Step-3: In the Checkpoints section, you will see the list of checkpoints created for
that VM. Right-click the checkpoint that you want to use and click Apply.

Step-4: After that, a dialog box including the following options will appear:

• Create Checkpoint and Apply: Before the chosen checkpoint is applied, a

new checkpoint of the VM is created. This way the VM is protected, even if
this operation fails.
• Apply: Only the chosen checkpoint is applied. Note that this action cannot
be undone.
• Cancel: The dialog box will be closed without applying any changes.

54
RESTRICTED
 RESTRICTED

I. Creating Distribution Group in Exchange Server 2016

When somebody sends email to a group email address the email will be sent to
all the members of the group.

Step-1: Log on to Exchange Admin Center (EAC). Click recipients in the

features pane. Select groups tab. Click —> Add and click distribution group.

Step-2: Type name and alias of the group name. Under Organization unit,
click browse to select the particular OU. Here, I have selected IT OU. The
distribution group will be created in the IT OU. If you don’t specify the OU, the
distribution group will be created in Users OU by default. Under Owners, you
can add users who can manage this group.

55
RESTRICTED
 RESTRICTED

Step-3: Under Members, you can specify if the group owners should be member
of the group by clicking the option, Add group owners as members. There are
various options for users to join or leave the group. There are three options for
users to join the group, Open, Closed and Owner as shown above. I have
selected Closed, which means members can be added only by group owners.
Similarly, there are two options for users leaving the group, Open or Closed.
Here, I have selected Open which allows any group member to leave the group
without group owners approval. Click save.

56
RESTRICTED
 RESTRICTED

J. Map a Shared Folder to Network Drive Using Group Policy in Windows

Step-1: Creating share folder

Right click and select ‘New -> Folder.’

b) Name the folder then right-click and select ‘Properties’

c) Click on the ‘Sharing’ tab

57
RESTRICTED
 RESTRICTED

d) Click on the ‘Share’ button

e) Press the ‘Share’ button

58
RESTRICTED
 RESTRICTED

f) Press ‘Done’

g) Write down your ‘Network Path’

You will need your Network Path for adding the folder to your MFP

59
RESTRICTED
 RESTRICTED

Step-2 Creating Group Policy in Windows Server

a) Open the Group Policy Management Console

b) In the Group Policy Management Console, Right Click and Select “Create a
GPO in this domain, and Link it here”

60
RESTRICTED
 RESTRICTED

c) Name the new GPO

You can name the new GPO whatever you like, I’ve named mine “Users –
Mapped Drives
I can later add additional drive mappings to this GPO.

The new GPO is now created and linked, now it’s time to configure the settings.
d) On the GPO right click and select edit

61
RESTRICTED
 RESTRICTED

e) Navigate to User Configuration -> Preferences -> Windows Settings -> Drive
Mappings

f) Right Click Drive Mappings, Select New – > Mapped Drive

g) Configure Drive Mapping Properties

1. General Tab Settings
In location put the network path to the share/folder created earlier
Select a drive letter
Choose Update for action
Label as: This is optional but may be beneficial for users.

62
RESTRICTED
 RESTRICTED

2. Common Tab Settings

Select “Run in logged on users’s security context
Select Item-level Targeting
Click the Targeting Button

Select New Item

Select Organization Unit then select the OU you want to target.

63
RESTRICTED
 RESTRICTED

Click OK, Click OK again to close the new drive properties

h) This completes the GPO settings
Note: For the GPO to run need to reboot the users PC or run gpupdate /force.
The next time a user from the HR department logs in they should see a mapped
drive.

64
RESTRICTED
 RESTRICTED

Step-4: As you can see above the distribution group has been created with
IT@Sifad.ae email address. By default, only users inside the organization can
send email to the distribution group. However, you can change this behavior and
allow senders from inside and outside to send emails to this group. Open the
properties of distribution group.

65
RESTRICTED
 RESTRICTED

Step-5: Select delivery management. Choose senders inside and outside my

organization. Click save.
REPORT THIS AD

66
RESTRICTED