Note CIT-324 (2018) Eng

Chapter No.
Introduction to Networks:
Networking:
A group of two or more computer system link together. Networking is very useful in computer
field. Concept of networking is not very old thing and its concept came in to existence in late
19’s.
It was developed for military special purpose and now it is very common in business and
commercial field. It became very useful at organization level and in high security environment.
The following are some characteristics which make a network to be use in most type of
organizations and companies.
High Security:
Network is used for high security in different places e.g. banking field, E-commerce and military
purpose.
Fast communication:
Through a network we can fast communication and transfer data in very high speed. Mostly
organization or institutes use network for fast communication purpose.
High Speed:
Network provides high speed and accuracy, transfer of data is with very high speed.
Sharing Resources:
Network provide sharing and security for an organization. We can share computer resources,
hardware, Application programs and different types of program.
Reliability:
1
Network Administration (CIT-324)
Before the use of network the data was basically store in paper form. So, there was huge
problems of human errors and misplacement of data. Now with the use of network data is stored
on remote storage and backup devices.
What is Network?
Collection of computer and devices connected via communication devices and transmission
media called Networking.
What is Network administration?
Network administration involves a wide range of operational tasks that help a network to run
smoothly and efficiently. Without network administration, it would be difficult for all to
maintain network operations.
The main tasks associated with network administration include:
 Design, installation and evaluation of the network
 Execution and administration of regular backups
 Creation of precise technical documentation, such as network diagrams, network cabling

documents, etc.
 Provision for precise authentication to access network resources
 Provision for troubleshooting assistance
 Administration of network security, including intrusion detection
Who is Network Administrator?
A person who manages a local area communications network (LAN) or wide area network
(WAN) for an organization.
Network for Companies:

2
Network Provides Comfort and Facilities to companies and organization in different ways that
are:
1. Security:
Network provides very high security to company for database for company. Nobody
security of company and didn’t reach the company database.
2. Management:
Network provides another facility that manages your company through network is very
easy.
3. Accuracy:
Network provides accuracy to management and accuracy in documents file database.
4. Control corruption:
Network control corruption and misuse of database of company.
5. Online Meeting:
Network provides online meeting to company staff. Manager of company can give
instructions to staff online from anywhere in the world.
6. Business Promotion:
If Network is better network. So company Promotion and share become high.
7. Advertisement:
Company can advertise of company product on webpage through internet.
8. E-Business:
Network provides E-Business on internet for company. Company runs business on
internet through E-Business.
What are the Types of Networks?
There are three types of Network:

1. Local Area Network(LAN)
2. Wide Area Network(WAN)
3. Metropolitan Area Network(MAN)
3
Definition of Local Area Network?
LAN Stands for (Local Area Network). Network that limited geographical area such as home or
office building Metro is called LAN. Data transmission speed of LAN is 1 to 100 Mb per
second.
LAN is the most common type of network. It can cover a small area. Most LANs are used to
connect computers in a single building or group of building. Hundreds and thousands of
computers may be connected through LAN. The computer systems are linked with cables. In
LAN system computers on the same site could be linked.
Advantages of LAN
• Speed
• Cost
• Security
• E-mail
• Resource Sharing
Disadvantages of LAN
• Expensive To Install
• Requires Administrative Time
• File Server May Fail
• Cables May Break
Definition of Wide Area Network?

WAN stands for (Wide Area Network). Network that covers large geographical area using many
types of media is called WAN. Data transmission speed of WAN is 56Kbps to 45Mbps.
A Wide Area Network or WAN is a type of networking where a number of resources are
installed across a large area such as multinational business. Through WAN offices in different
countries can be interconnected. Computers in WAN are often connected through telephone
lines. The best example of a WAN could be the Internet that is the largest network in the world.
In WAN computer systems on different sites can be linked.
Definition of Metropolitan Area Network?
4
A Metropolitan area Network is a communications network that covers a geographical area of
the size of a city. A MAN typically includes one or more LANs but cover a small geographical
are than WAN. A MAN typically covers an area of between 5 and 50 km diameter.
Definition of Personal Area Network?
A Personal Area Network is a computer network used for communication among computer
devices, including telephones and personal digital assistants, in proximity to an individual’s
body. PAN’s can be wired or wireless. It can be used for communicating between the devices
themselves, or for connecting to a larger network such as the internet.
Other types of Network:
1. Personal Area Network(PAN)

2. Wireless Local Area Network (WLAN)
3. Storage Area Network (SAN)
4. Campus/Controller/Cluster Area Network (CAN)
5. Desk Area Network (DAN)
Definition of Wireless Local Area Network?

A LAN based on wifi wireless network technology.
Definition of Storage Area Network?
A network connects a server to data storage devices through a technology like fiber channels
system area network.
Definition of Cluster Area Network?
Links high performance computer with high speed connections in cluster area network.
5
Chapter No.2
2.1. Introduction to Microsoft Windows:

Microsoft Windows, also called Windows and Windows OS, computer operating system (OS)
developed by Microsoft Corporation to run personal computers (PCs). Featuring the first
graphical user interface (GUI) for IBM-compatible PCs, the Windows OS soon dominated the
PC market. Approximately 90 percent of PCs run some version of Windows.
The first version of Windows, released in 1985, was simply a GUI offered as an extension of
Microsoft’s existing disk operating system, or MS-DOS. Based in part on licensed concepts that
Apple Inc. had used for its Macintosh System Software, Windows for the first time allowed DOS
users to visually navigate a virtual desktop, opening graphical “windows” displaying the contents
of electronic folders and files with the click of a mouse button, rather than typing commands and
directory paths at a text prompt.
2.2. Introduction to Client-Server Environment
There are two popular environments of networking
1. Peer-to-Peer Network
2. Client-server Network
What is Peer-to-Peer Network?
A peer-to-peer network is one in which two or more PCs share files and access to devices such as
printers without requiring a separate server computer or server software.
In its simplest form, a peer-to-peer (P2P) network is created when two or more PCs are
connected and share resources without going through a separate server computer. A P2P network
can be an ad hoc connection—a couple of computers connected via a Universal Serial Bus to
transfer files. A P2P network also can be a permanent infrastructure that links a half-dozen
computers in a small office over copper wires. Or a P2P network can be a network on a much
grander scale in which special protocols and applications set up direct relationships among users
over the Internet.
6
What is Client server Network?
A client-server network is the medium through which clients access resources and services from
a central computer (Server), via either a local area network (LAN) or a wide-area network
(WAN), such as the Internet. A major advantage of the client-server network is the central
management of applications and data.
Installation/Deployment of Windows Client end:

Installation: Installation (or setup) of a computer program (including device drivers and
plugins), is the act of making the program ready for execution.
Deployment: Windows Deployment Services (WDS) is a feature in Windows Server that

enables you to deploy Windows operating systems over the network, which means that you do
not have to install each operating system directly from a CD or DVD.
Steps for installation of Windows 7:
1. Insert the window 7 OS disk into your DVD drive and then restart your computer.
2. You will see a prompt that says “press any key to continue” press enter.
3. Starting windows with the window 7 logo will appear.
4. Language option, by default English will be set along will time and currency format and
keyboard or input method. Click Next.
7
5. Click “Install Now”.
6. End user license agreement (E.U.L.A), check the box to accept and click “Next”.
7. Which type of installation? Window will appear. Upgrade will be greyed out; the only
option you should be able to choose is custom (advanced).
8. ‘’Where do you want to install window?’’
9. Delete the partition by clicking on drive option (advanced) on the bottom right corner of
the field .Make sure the partition is highlight and click on delete or just format the drive.
10. Click ‘Next’ and follow the instructions.
Client end Basic Settings:
At Initial stage after the installation of Windows7 the following settings need to be applied:
1. Set a unique name of the computer.
2. Set Administrator password enable of the computer that is initially disabled.
3. Set TCP/IP address for the computer.
4. “ping” it to other computers for connection in Peer to Peer network.
5. Change the work group name as desired for peer to peer network.
6. Enable file sharing.
These above settings will be enough to make this PC a part of a network for sharing purpose
only.
Basic computer network components:

Computer networks share common devices, functions, and features including servers, clients,
transmission media, shared data, shared printers and other hardware and software resources, network
interface card (NIC), local operating system(LOS), and the network operating system (NOS).
Servers - Servers are computers that hold shared files, programs, and the network operating system.
Servers provide access to network resources to all the users of the network. There are many different
kinds of servers, and one server can provide several functions. For example, there are file servers, print
8
servers, mail servers, communication servers, database servers, fax servers and web servers, to name a
few.
Clients - Clients are computers that access and use the network and shared network resources. Clients are
basically the customers (users) of the network, as they request and receive services from the servers.
Transmission Media - Transmission media are the facilities used to interconnect computers in a network,
such as twisted-pair wire, coaxial cable, and optical fiber cable. Transmission media are sometimes called
channels, links or lines.
Shared data - Shared data are data that file servers provide to clients such as data files, printer access
programs and e-mail.
Shared printers and other peripherals - Shared printers and peripherals are hardware resources
provided to the users of the network by servers. Resources provided include data files, printers, software,
or any other items used by clients on the network.
Network Interface Card - Each computer in a network has a special expansion card called a network
interface card (NIC). The NIC prepares (formats) and sends data, receives data, and controls data flow
between the computer and the network. On the transmit side, the NIC passes frames of data on to the
physical layer, which transmits the data to the physical link. On the receiver's side, the NIC processes bits
received from the physical layer and processes the message based on its contents.
Local Operating System - A local operating system allows personal computers to access files, print to a
local printer, and have and use one or more disk and CD drives that are located on the computer.
Examples are MS-DOS, UNIX/ Linux, Windows 2000, Windows 98, Windows XP etc.
Network Operating System - The network operating system is a program that runs on computers and
servers, and allows the computers to communicate over the network.
Hub - Hub is a device that splits a network connection into multiple computers. It is like a distribution
center. When a computer requests information from a network or a specific computer, it sends the request
to the hub through a cable. The hub will receive the request and transmit it to the entire network. Each
computer in the network should then figure out whether the broadcast data is for them or not.
9
Switch - Switch is a telecommunication device grouped as one of computer network components. Switch
is like a Hub but built in with advanced features. It uses physical device addresses in each incoming
messages so that it can deliver the message to the right destination or port.
Like a hub, switch doesn't broadcast the received message to entire network, rather before sending it
checks to which system or port should the message be sent. In other words, switch connects the source
and destination directly which increases the speed of the network. Both switch and hub have common
features: Multiple RJ-45 ports, power supply and connection lights.
Router - When we talk about computer network components, the other device that used to connect a
LAN with an internet connection is called Router. When you have two distinct networks (LANs) or want
to share a single internet connection to multiple computers, we use a Router. In most cases, recent routers
also include a switch which in other words can be used as a switch. You don’t need to buy both switch
and router, particularly if you are installing small business and home networks. There are two types of
Router: wired and wireless. The choice depends on your physical office/home setting, speed and cost.
LAN Cable A local area Network cable is also known as data cable or Ethernet cable which is a wired
cable used to connect a device to the internet or to other devices like other computer, printers, etc.
How to join a computer to a domain:
1. Right click on computer

2. Properties
3. Change setting
4. Change
5. Under Computer name, domain, and workgroup settings, click Change settings.
6. On the Computer Name tab, click Change.
7. Under Member of, click Domain, type the name of the domain that this computer will join, and
then click OK.
8. Click OK, and then restart the computer.
10
IMPORTANT TERMINOLOGIES:
File System:
In computing, file system or filesystem (often abbreviated to fs) is a method and data structure
that the operating system uses to control how data is stored and retrieved.
What are types of file system?
Most operating systems allow you to format a partition based on a set of file systems. For
instance, if you are formatting a partition on Windows, you can choose between FAT32, NTFS,
and exFAT file systems. Formatting involves the creation of various data structures and metadata
used to manage files within a partition.
NTFS (New Technology File System) is a proprietary journaling file system developed by
Microsoft. Starting with Windows NT 3.1, it is the default file system of the Windows NT
family.
NTFS Permissions
In any Windows network, you can set sharing permissions for drives and folders. On that
network, each user can choose to share entire drives or individual folders with the network.
Task Scheduling:
The Task Scheduler enables you to automatically perform routine tasks on a chosen computer.
Task Scheduler does this by monitoring whatever criteria you choose (referred to as triggers) and
then executing the tasks when those criteria are met.
Compressed Data:
Digital data are compressed by finding repeatable patterns of binary 0s and 1s.Text can typically
be compressed to approximately 40% of its original size, and graphics files from 20% to 90%.
Some files compress very little. When you compress data on the computer you make the files
take less space on your hard drive and less bandwidth for transmission. It depends entirely on the
type of file and compression algorithm used.
Uncompressed Data
11
Uncompressing (or decompressing) is the act of expanding a compression file back into its
original form. Software that you download from the Internet often comes in a compressed
package that can uncompressed itself when you click on it. You can also uncompressed files
using popular tools such as PKZIP in the DOS operating system, WinZip in Windows, and
MacZip in Macintosh.
ADVANTAGES OF DATA COMPRESSION:
 Less disk space

 Faster writing and reading
 Faster file transfer
DISADVANTAGES OF DATA COMPRESSION:
 Effect of errors in transmission

 Need to decompress all previous data
Encrypt Data:
The process of transforming information (referred to as plaintext) using an algorithm to make it

unreadable by unauthorized people.
De- crypt Data:
Reconversion of encrypted data back into its original form.
12
Chapter No.3
Installation and Configuration of Windows Server 2008
Minimum Hardware requirement for server
Item Windows Server 2008 R2

CPU 1.4 GHz (for X64 processors), Recommended is 2 GHz or higher
RAM 512MB 2 GB recommended
Free disk space For 64 bit edition 64GB
Hardware requirement of Active Directory
Type of
hardware Hardware requirements
Hardware An AMD64 or Intel EMT-64 processor
Disk Space The following minimum values for disk space:
 At least 7.5 GB of free disk storage for a typical installation
Installation of windows server 2008 r2:
Follow this procedure to install Windows Server 2008:
1. Insert the appropriate Windows Server 2008 installation media into your DVD drive.
2. Reboot the computer
3. When prompted for an installation language and other regional options, make your selection
and press Next.
13
4. Next, press Install Now to begin the installation process.
5. Product activation is now also identical with that found in Windows Vista. Enter your
Product ID in the next window, and if you want to automatically activate Windows the moment
the installation finishes, click Next.
If you do not have the Product ID available right now, you can leave the box empty, and click
Next. You will need to provide the Product ID later, after the server installation is over. Press
No.
6. Because you did not provide the correct ID, the installation process cannot determine what
kind of Windows Server 2008 license you own, and therefore you will be prompted to select
your correct version in the next screen, assuming you are telling the truth and will provide the
correct ID to prove your selection later on.
7. If you did provide the right Product ID, select the Full version of the right Windows version
you’re prompted, and click Next.
8. Read and accept the license terms by clicking to select the checkbox and pressing Next.
9. In the “Which type of installation do you want?” window, click the only available option –
Custom (Advanced).
10. In the “Where do you want to install Windows?”, if you’re installing the server on a
regular IDE hard disk, click to select the first disk, usually Disk 0, and click Next.
If you’re installing on a hard disk that’s connected to a SCSI controller, click Load Driver and
insert the media provided by the controller’s manufacturer.
If you’re installing in a Virtual Machine environment, make sure you read the “Installing the
Virtual SCSI Controller Driver for Virtual Server 2005 on Windows Server 2008”
If you must, you can also click Drive Options and manually create a partition on the destination
hard disk.
14
11. The installation now begins, and you can go and have lunch. Copying the setup files from the
DVD to the hard drive only takes about one minute. However, extracting and uncompressing the
files takes a good deal longer. After 20 minutes, the operating system is installed. The exact time
it takes to install server core depends upon your hardware specifications. Faster disks will
perform much faster installs… Windows Server 2008 takes up approximately 10 GB of hard
drive space.
The installation process will reboot your computer, so, if in step #10 you inserted a floppy disk
(either real or virtual), make sure you remove it before going to lunch, as you’ll find the server
hanged without the ability to boot (you can bypass this by configuring the server to boot from a
CD/DVD and then from the hard disk in the booting order on the server’s BIOS)
12. Then the server reboots you’ll be prompted with the new Windows Server 2008 type of login
screen. Press CTRL+ALT+DEL to log in.
13. Click on Other User.
14. The default Administrator is blank, so just type Administrator and press Enter.
15. You will be prompted to change the user’s password. You have no choice but to press Ok.
16. In the password changing dialog box, leave the default password blank (read step #15…),
and enter a new, complex, at-least-7-characters-long new password twice. A password like
“topsecret” is not valid (it’s not complex), but one like “T0pSecreT!” sure is. Make sure you
remember it.
17. Someone thought it would be cool to nag you once more, so now you’ll be prompted to
accept the fact that the password had been changed. Press Ok.
18. finally, the desktop appears and that’s it, you’re logged on and can begin working. You will
be greeted by an assistant for the initial server configuration, and after performing some initial
configuration tasks, you will be able to start working.
15
Installation of Active directory:
What is Active Directory: Active Directory, introduced with Windows Server 2000. Active
Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It
authenticates and authorizes all users and computers in a Windows domain type network—
assigning and enforcing security policies for all computers and installing or updating software.
Specify the preferred DNS server
Windows Server 2008 can properly install and configure DNS during the AD DS installation if it
knows that the DNS is local. To accomplish this, assign the private network adapter to the
preferred DNS server address of the same private network adapter, as follows:
1. From the Windows Start menu, open Administrative Tools > Server Manager.
2. In the Server Summary section of the Server Manager window, click View Network
Connections.
3. In the Network Connections window, right-click the private adapter and select
Properties.
4. From the list of connected items, select Internet Protocol Version 4, and then click
Properties.
5. Copy the IP address that is displayed in the IP address box and paste it in the Preferred
DNS server box. Then, click OK.
16
6. Click OK in the Properties dialog box, and close the Network Connections window.
Add the Active Directory Domain Services role
Adding the Active Directory Domain Services role installs the framework for Windows Server
2008 to become a DC and run AD DS. It does not promote the server to a DC or install AD DS.
1. In the Server Manager window, select the Roles directory.

2. In the Roles Summary section, click Add Roles.
3. On the Before You Begin page of the Add Roles Wizard, click Next.
4. On the Select Server Roles page, select the Active Directory Domain Services check
box, and then click Next.
5. On the Confirmation page, click Next.
6. On the Installation Progress page, click Install.
17
7. On the Results page, after the role is successfully added, click Close.
 If it is not already open, open the Server Manager window.
 Select Roles > Active Directory Domain Services.
 In the Summary section, click Run the Active Directory Domain Services Installation
Wizard (dcpromo.exe).
 On the Welcome page of the Active Directory Domain Services Installation Wizard, ensure
that the Use advanced mode installation check box is cleared, and then click Next.
 On the Operating System Compatibility page, click Next.
 On the Choose a Deployment Configuration page, select Create a new domain in a new
forest and then click Next.
 On the Name the Forest Root Domain page, enter the domain name that you choose during
preparation steps. Then, click Next.
The installation program verifies the NetBIOS name.
 On the Set Forest Functional Level page, select Windows Server 2008 R2 in the Forest
function level list. Then, click Next.
The installation program examines and verifies your DNS setting.
 On the Additional Domain Controller Options page, ensure that the DNS server check box is
selected, and then click Next.
 In the message dialog box that appears, click Yes.
 On the Location for Database, Log Files, and SYSVOL page, accept the default values and
then click Next.
18
 On the Directory Services Restore Mode Administrator Password page, enter the domain
administrator password that you chose during the preparation steps. This is not your admin
password that was emailed to you during the creation of your server, although you can use that
password if you want to. Then, click Next.
 On the Summary page, review your selections and then click Next. The installation begins.
Note: If you want the server to restart automatically after the installation is completed, select the
Reboot on completion check box.
 If you did not select the Reboot on completion, check box, click Finish in the wizard. Then,
restart the server.
Uninstallation process of Active directory:
1. Log on to the server using the Directory Services Restore Mode Administrator account.
2. Click Start, click Run, type dcpromo and press ENTER.
3. On the Welcome to the Active Directory Domain Services Installation Wizard page, click
Next.
4. On the Force the Removal of Active Directory Domain Services page, click Next.
5. On the Administrator Password page, type and confirm a password for the local
Administrator account; then click Next.
6. On the Summary page, click Next.
7. Restart the server after the removal is complete.
NAT
Network Address Translation (NAT) is a method of connecting multiple computers to the

Internet (or any other IP network) using one IP address. This allows home users and small
businesses to connect their network to the Internet cheaply and efficiently.
The basic purpose of NAT is to multiplex traffic from the internal network and present it to the
Internet as if it was coming from a single computer having only one IP address.
19
The TCP/IP protocols include a multiplexing facility so that any computer can maintain multiple
simultaneous connections with a remote computer. It is this multiplexing facility that is the key
to single address NAT.
To multiplex several connections to a single destination, client computers label all packets with
unique "port numbers". Each IP packet starts with a header containing the source and destination
addresses and port numbers:
Conclusion
As the Internet continues to expand at an ever-increasing rate, Network Address Translation

offers a fast and effective way to expand secure Internet access into existing and new private
networks, without having to wait for a major new IP addressing structure. It offers greater
administrative flexibility and performance than the alternative application-level proxies, and is
becoming the de facto standard for shared access.
Print server management
Overview of Print Management
On computers running Windows Server® 2008 R2, you can share printers on a network and

centralize print server and network printer management tasks using the Print Management
Console. Print Management helps you to monitor print queues and receive notifications when
print queues stop processing print jobs. It also enables you to migrate print servers and deploy
printer connections using Group Policy.
Print Server
Print Server is a role service that installs the Print Management. Print Management is used for
managing multiple printers or print servers.
Tools for managing a print server
There are two primary tools that you can use to administer a Windows print server:
20
 Server Manager
 Print Management
On Windows Server 2008 R2, you can use Server Manager to install the Print and Document
Services server role. Server Manager also includes an instance of the Print Management, which
you can use to administer the local server.
Print Management provides current details about the status of printers and print servers on the
network. You can use Print Management to install printer connections to a group of client
computers simultaneously and to monitor print queues remotely. Print Management can help you
to find printers that have an error condition by using filters. It can also send e-mail notifications
or run scripts when a printer or print server needs attention. On printers that provide a Web-
based management interface, Print Management can display more data, such as toner and paper
levels.
21
Group Policy
Group Policy is an infrastructure that allows you to implement specific configurations for users and
computers.
Group Policy settings are contained in Group Policy objects (GPOs), which are linked to the following
Active Directory service containers: sites, domains, or organizational units (OUs). The settings within GPOs
are then evaluated by the affected targets, using the hierarchical nature of Active Directory. Consequently,
Group Policy is one of the top reasons to deploy Active Directory because it allows you to manage user and
computer objects.
Off-line File Management:
What Are Offline Files?

Offline files are copies of network files that are stored on your computer so that you can work with them
when you're not connected to the network or when the network folder that the files are stored in is not
available.
22
Chapter No.4
FUNCTION AND FEATURES OF ACTIVE DIRECTORY
Define Active Directory:
Active Directory is a distributed directory service included with Microsoft Windows Server
operating systems. Active Directory enables centralized, secure management of an entire
network. Active Directory is built on servers called domain controllers. These are servers that
hold a local domain database (Active Directory), where all the user and computer accounts
reside. This directory service also authenticates users and responds to queries every time
members in the domain perform a search. So when someone searches for a printer or another
user, or when one asks to connect to another server in the network, they are actually "talking" to
the domain controller and perform searches in the active directory database.
Basic Functions of Microsoft Active Directory
In order to have an effective domain, more than one domain controller must be used. This is
done for redundancy and load balancing. If one goes down, you need to make sure that someone
is authenticating the clients. In turn, when all of them are working, you need to use them all at
the same time equally. In terms of replication itself, what is replicated is all the domain
information that we have crated inside the Active Directory: user accounts, computer accounts,
group objects, policies and the structure of the Active Directory.
When you want to make a change to the Active Directory, you can connect to any domain
controller you like. All domain controllers can accept any kind of change, which is a big
improvement from the past. Replication is performed regularly, so changes made to one domain
controller are automatically replicated to the others.
Powershell Cmdlets: Windows Power shell is an interactive object oriented command

environment with scripting language features that utilizes small programs called cmdlets to
simplify configuration, administration and management of network. There are about 85 Active
Directory-related PowerShell cmdlets.
23
Active Directory Administrative Center:
The Active Directory Administrative Center is a new task-

oriented user interface for the Active Directory Services.
You can perform similar tasks as with the Active Directory
Users and Computers console (ADUC). It is based on the
new PowerShell cmdlets and displays the PowerShell
commands that correspond to the tasks performed with the
GUI.
Recycle Bin:
Accidently deleted Active Directory objects can be restored from the Recycle Bin. (Requires R2
functional level)
Offline Domain Join: Admins can automate the joining of a Windows 7 machine to a
domain during deployment with an XML file. The target computer can be offline during
the deployment process. The tool that is used to join the domain is djoin.exe.
Managed Service Accounts: If the password of an account that is used as identity for services is
changed by an admin, the managed service account feature will update all services automatically.
Authentication Assurance: Authentication Assurance provides an authentication

mechanism that allows administrators to map specific certificates to security groups using
certificate policies. Users logged on with a smart card, USB token, or some other type of
certificate logon method can be distinguished in this way.
Installation of Active directory:
Please see the previous chapter………………….
Specify the preferred DNS server:

Please see the previous chapter………………….
24
Configuration of Active Directory:
When the installation of AD DS is complete, there is blue link in the given message on the screen asking
for the installation wizard of DCPROMO.EXE. This wizard installs the software regarding domain
controller wherein, the DHCP and DNS are installed along with its initial requirements. During this
installation it asks for the FQDN (Fully Qualified Domain Name e.g. practice.com), and Administrator
password.
Role of an Active Directory:
Please see in the previous chapter………………….
Users, Computers and Groups in ADDS:
User in ADDS:
User accounts are created and stored as objects in Active Directory Domain Services. User
accounts can be used by human users or programs such as system services use to log on to a
computer. ... Each user or application that accesses resources in a Windows domain must have
an account in the Active Directory server.
Groups in ADDS:
Groups are containers that contain user and computer objects within them as members. ... In a
domain, Active Directory provides support for different types of groups and group scopes. The
only purpose of these groups and containers is to set their own individual group policies for their
rights and restrictions. These groups and containers are manageable entities as per the policies
framed by an organization.
Computers in ADDS:
Active Directory. Active Directory (AD) is a Microsoft technology used to manage computers
and other devices on a network. ... Active Directory allows network administrators to create and
manage domains, users, and objects within a network and also to add different computers as
client.
25
Chapter No.5
Server network infrastructure:
1- Microsoft Windows Server 2008 Network Infrastructure:

Network infrastructure is the hardware and software resources of an entire network that
enable network connectivity, communication, operations and management of an enterprise
network. It provides the communication path and services between users, processes,
applications, services and external networks/the internet.
Any network’s infrastructure consists of
- Network Hardware
- Network Software
- Network Services
Network Hardware: Networking Hardware consist of routers, switches, LAN card, Wireless
routers, cables etc.
Network Software: Software may be network operation, operating system, firewall,
network security applications etc.
2-MAJOR FEATURES AND FUNCTIONS OF MICROSOFT WINDOWS SERVER 2008

The function of a computer server is to store, retrieve and send computer files and data
to other computers on a network. ... Servers have more processing power, memory and storage
than their client computers.
Major features and functions of Microsoft Windows Server 2008 R-2 as given as,
2.1 Server Core : Windows Server 2008 includes a variation of installation called Server Core.
A Server Core installation can be configured for several basic roles, including the domain
controller (Active Directory Domain Services), Active Directory Lightweight Directory Services
(formerly known as Active Directory Application Mode), DNS Server, DHCP server, file server,
print server, Windows Media Server, Internet Information Services 7 web server and Hyper-V
virtual server roles. Server Core can also be used to create a cluster with high availability using
failover clustering or network load balancing.
2.2 Active Directory: The Active Directory domain functionality that was retained from
Windows Server 2003 was renamed to Active Directory Domain Services (ADDS)
26
2.3 Failover Clustering: Windows Server 2008 offers high availability to services and
applications through Failover Clustering. Most server features and roles can be kept running with
little to no downtime.
2.4 Disk management and file storage: The ability to resize hard disk partitions without
stopping the server, even the system partition.
2.5 Hyper-V: Hyper-V is hypervisor-based virtualization software, forming a core part of

Microsoft's virtualization strategy.
2.6 Windows System Resource Manager: Windows System Resource Manager (WSRM) is
integrated into Windows Server 2008. It provides resource management and can be used to
control the amount of resources a process or a user can use based on business priorities.
2.7 Server Manager: Server Manager is a new roles-based management tool for Windows
Server 2008.[26] It is a combination of Manage Your Server and Security Configuration Wizard
from Windows Server 2003
2.8Windows Deployment Services (WDS) replacing Automated Deployment Services Windows

Server 2008 home entertainment and Remote Installation Services. Windows Deployment
Services supports an enhanced multicast feature when deploying operating system images.
3-Understanding and configuring IP address:

How to assign Static IP Address in Windows Server 2008?
1- Go to control Pannel
Click Start -----> Click ‘Control Pannel’
27
2- Go to 'Network And Internet'
Click 'View Network status and tasks'
28
3- Go to 'Setting Adapter'
Click 'Change Adapter settings'
4. Go to Adapter Properties settings

Right click on 'Local Area Connection' and click on 'Properties'
29
5. Go to TCP/IP settings
Click on 'Internet Protocol Verion 4 (TCP/IPv4)' to highlight and select this item and then
click on 'Properties'.
30
6. Enter correct IP informations
Enter correct Ip informations and click 'OK'
7. Done
5.4 Configuring Name Resolution:

The Domain Name System (DNS) is a hierarchical distributed naming system for
computers, services, or any resource connected to the Internet or a private network. Most
importantly, it translates domain names meaningful to humans into the numerical
identifiers associated with networking equipment for the purpose of locating and
addressing these devices worldwide. However, most Windows administrators still rely on
the Windows Internet Name Service (WINS) for name resolution on local area networks
and some have little or no experience with DNS. We’ll explain how to install, configure,
and troubleshoot a Windows Server 2008 DNS server.
31
Install Windows DNS Server
1. Click on the Start Menu, Administrative Tools and Launch Server Manager.
2. Select the Roles node and click the Add Roles link.
3. Select the DNS Server role check box and click Next.
4. Click Install to begin installation.

32
Whenever configuring your DNS server, you must be know about following concepts:
 Forward lookup zone

 Reverse lookup zone
 Zone types
33
DHCP: Dynamic Host Configuration Protocol (DHCP) is an extremely powerful and popular
mechanism by which IP addresses and other related network information are dynamically
assigned to network clients when they are attached to a network. This provides significant
reductions in terms of network management overheads, particularly on large networks, by
avoiding the necessity to manually assign settings to each client.
Installing the DHCP Server Role
The first step in setting up a DHCP server on a Windows Server 2008 R2 system is to
install the DHCP Server feature on any servers which are required to provide the service. Before
performing even this initial task, it is highly recommended that any systems designated to act as
DHCP servers are assigned a static IP address. If the server is currently obtaining a dynamic IP
address from another DHCP server, begin the installation process by assigning the system a
static IP address. This can be achieved by launching the Server Manager and clicking View
Network Connections. Right click on the network adapter on which the DHCP service is to be
run and select Properties where either, or both the IPv4 or IPv6 address may be changed from
automatically obtaining an IP address to specifying a static address. Once configured, exit from
the properties dialog and network connections window leaving the Server Manager running.
34
Installation of the DHCP Server Role is performed by selecting Roles from the tree in the left
hand pane of the Server Manager tool. On the Roles page, click on the Add Role link to launch
the Add Roles Wizard. Dismiss the welcome screen if it is displayed, and in the Select Server
Roles screen select the check box next to DHCP Server before clicking the Next button, read the
information provided and click Next again to proceed to the Network Connection Binding screen.
It is within this screen that the DHCP server is associated with specific network adapters
installed in the system. Select the network adapters for which the DHCP service will be provided
and click Next.
DHCP can be used not just to provide clients with an IP address, but also additional information
such as the name of the parent domain (for example gctwsahiwal.com) and the IP addresses of
both preferred and alternate DNS servers. If the DHCP server is required to provide these details
for IPv4 clients, enter them into the Specify IPv4 DNS Server Settings page and click Next.
On the IPv4 WIN Server Settings page, enter addresses of the Preferred and Alternate WINS
servers if required. Otherwise, leave the WINS is not required for applications on this
network option selected and proceed to the next configuration page.
The next page allows initial DHCP scopes to be configured. A DHCP scope defines one or more
ranges of IP addresses from which an IP address may assigned to a client and the duration of the
IP address lease (6 days for wired clients and 8 hours for wireless clients). This may either be
configured now, or at a later point in the configuration process.
With the initial DHCP IPv4 configuration steps completed, the wizard subsequently moves on to
the IPv6 settings. This is where a little background information is useful. Windows Server 2008
supports two modes of IPv6 DHCP operation, known as stateless and stateful. In stateful mode,
clients obtain both an IP address and other information (such as DNS addresses) through the
DHCPv6 server. In stateless mode, the clients receive only the non-IP address information from
the DHCPv6 server. In this case, the IP address must be provided using some other mechanism,
either by configuring of static IP addresses or through the implementation of IPv6 auto-
configuration.
On the Configure DHCPv6 Stateless Mode screen, select either stateful or stateless mode in

accordance with your specific enterprise requirements. If stateless mode is selected the next
screen will prompt for the IPv6 DNS information to be provided to clients. Enter the information
35
and click on Next. If the DHCP is part of an Active Directory domain, the Authorize DHCP
Server page will appear. Enter the credentials (either your own as shown, or alternate
credentials via the Alternate Credentials button) necessary to authorize the new DHCP server.
Alternatively, the authorization may be performed later by skipping this step by clicking on Next.
Upon completion of the DHCP server configuration the summary screen will displayed similar to
the one illustrated below:
Assuming that the summarized configuration is correct, click on Install to complete the
installation process. The wizard will display the progress of the DHCP Server Role installation
before displaying a results screen confirming the successful installation. Once installation is
complete, the DHCP Server may be managed locally or remotely using the DHCP console (Start
-> All Programs -> Administrative Tools -> DHCP).
36
Connecting to networks:
Normally, we have two ways of connecting to a network, the first method is to have a wired link
for a network through a network switch, and the second way of connection is wireless, for which
a computer needs a wireless ethernet card by that it could have a connection with a wireless
network.
• Connection of a peer to peer network
• Connection of client/ server network, that is normally secured one, it needs user ID and
password. There are some specific steps through those a user can make his computer a part of a
domain.
Client-side Settings: 1. Check the connectivity on Command Prompt --→ RUN -→ CMD →Ping
. If the connectivity shown ok and the result is fine. Then go to the next step.
step. 2. Right click on the computer → properties → Change Settings → Computer Name →
Change → in member of → write down name of the domain you want to join then → Click OK.
This is the way to join a domain.
Monitoring Computers:
A responsible network administrator knows how employees or students use the computers on the
network. Whether in a classroom computer lab or on a work network, the ability to monitor and
control the computers on your network is important.
This monitoring can be performed through Event Viewer by watching different logs. A solid
understanding of how to monitor computers in your organization is vital for both quickly
troubleshooting problems and responding to problems before they become critical. For
troubleshooting problems, monitoring allows you to gather detailed information about a
computer’s state, such as the processor, memory, and disk utilization. Monitoring can also allow
you to be proactive and identify warning signs that indicate an impending problem before the
problem becomes serious. Windows has always stored a great deal of important information in
the event logs. Unfortunately, with versions of Windows released prior to Windows Vista, that
information could be very hard to access. Event logs were always stored on the local computer,
37
and finding important events among the vast quantity of informational events could be very
difficult. With Windows Vista, Windows Server 2008, and Windows Server 2003 R2, you can
collect events from remote computers (including computers running Windows XP) and detect
problems, such as low disk space, before they become more serious. Additionally, Windows now
includes many more event logs to make it easier to troubleshoot problems with a specific
Windows component or application. This lesson will describe how to manage events in Windows
Server 2008 and Windows Vista.
Managing Files:
Many types of documents, including financial spreadsheets, business plans, and sales
presentations, can be shared on your network while remaining protected from unauthorized
access. Windows Server 2008 offers a suite of technologies to provide both availability and
security for documents. To control access, use NTFS file permissions and Encrypting File
System (EFS). To provide redundancy, create a Distributed File System (DFS) namespace and
use replication to copy files between multiple servers. You can use quotas to ensure that no
single user consumes more than his or her share of disk space (which might prevent other users
from saving files). Shadow copies and backups allow you to quickly recover from data
corruption and hardware failures. This chapter describes how to use each of these technologies
and explains the new Windows Server 2008 File Services server role. The following are the parts
of file management.
■ Configure a file server.
■ Configure Distributed File System (DFS).
■ Configure shadow copy services.
■ Configure backup and restore.
■ Manage disk quotas..
Managing Printers:
Printers are one of an organization’s most complex management challenges. Because
printers must be located physically near users, they’re impossible to centralize. Printers
require almost constant maintenance because ink must be replaced, paper must be
refilled, and hardware must be fixed. Although printers will always be a challenge,
38
Windows Server 2008 provides sophisticated tools to improve manageability and to
allow you to quickly detect problems. This chapter describes how to install, share, and
manage printers. Installing the Print Services Server Role Windows Server 2008 can
share printers without adding any server roles. However, adding the Print Services server
role adds the Print Management snap-in, which simplifies printer configuration. To install
the Print Services server role, follow these steps:
1. In Server Manager, right-click Roles, and then choose Add Roles. The Add Roles
Wizard appears.
2. On the Before You Begin page, click Next.
3. On the Server Roles page, select the Print Services check box. Click Next.
4. On the Print Services page, click Next.
5. On the Select Role Services page, select the appropriate check boxes for the following
roles, and then click Next:
❑ Print Server Installs the Print Management snap-in, described later in this lesson. This
is sufficient for allowing Windows and many non-Windows clients to print.
❑ LPD Service Allows clients to print using the Line Printer Daemon (LPD) protocol,
which is commonly used by UNIX clients.
❑ Internet Printing Allows clients to print using Internet Printing Protocol (IPP) and
creates a Web site where users can manage print jobs using their Web browser. This role
service requires Internet Information Services (IIS).
6. If you are prompted to install the Web Server (IIS) role service, click Add Required
Role Services, and then click Next.
7. If the Web Server (IIS) page appears because you selected the Internet Printing role
service, click Next. Then, on the Select Role Services page, configure the required IIS
role services and click Next again.
8. On the Confirm Installation Selections page, click Install.
9. On the Installation Results page, click Close.
Before attempting to use the Print Services management tools, close and reopen Server
Manager. You can access the Print Services tools using the Roles\Print Services node in
Server Manager. Installing Printers To allow printers to be physically accessible to users
while keeping print servers secured, most modern printers are connected to the network.
39
Although users can print directly to network printers, using a print server gives you
stronger management capabilities. The following sections describe how to install printers
using either the Control Panel or the Print Management snap-in. Installing a Printer Using
Control Panel After connecting a printer either to the network or to a server, follow these
steps to install it using Control Panel (the exact steps vary depending on the type of
printer you install):
1. Click Start, and then choose Control Panel.
2. In the Control Panel Home view of Control Panel, below Hardware and Sound, click
Printer.
3. Double-click Add Printer. The Add Printer wizard appears.
4. On the Choose A Local or Network Printer page, if the printer is attached directly to
the server, click Add A Local Printer. If the printer is wireless or attached to the network,
click Add A Network, Wireless, Or Bluetooth Printer.
5. If the Choose A Printer Port page appears, select the physical port to which the printer
is attached, as shown.
6. If you are installing a network printer, select the printer or click the printer that I want
isn’t listed and specify the network location of the printer. Click next.
7. If you are installing a network printer and you select ‘Add a Printer using a TCP/IP
address or hostname’, you next see the Type A Printer Hostname or IP Address page. In
the Hostname or IP Address text box, type the name or IP address of the printer. Click
Next. The Network Printer Installation Wizard, described in the following section,
“Installing a Printer Using the Print Management Snap-in,” does a much better job of
finding network printers.
8. If the Install the Printer Driver page appears, select a manufacturer and printer to use a
driver included with Windows Server 2008. To retrieve updated drivers from the
Microsoft Web site, click Windows Update. To use a driver included with the printer or
downloaded from the manufacturer’s web site, click Have Disk, select the driver, and
then click OK. Click Next.
9. On the Type a Printer Name page, type a name for the printer, and then click Next.
10. On the Printer Sharing page, choose whether to share the printer. If you do share the
printer, type a location that will allow users to physically find the printer. Click Next.
40
11. Click Finish. The printer is immediately available for use from the server. If you
chose to share the printer, it is also accessible to authorized users.
Chapter No.6
Microsoft Exchange Server
 “Exchange” is the common name for the Microsoft Exchange messaging server. A server
is a “computer” that allows multiple computers connected to it to have Internet, network,
email and other services. A server manages Internet traffic and requests for stored
information. The Exchange email server has the ability to distribute emails on an
individual or group, by using Microsoft Outlook specifically as its email client.
Exchange 2013 prerequisites:
What do you need to know before you begin?
 Active Directory preparation
 Windows Server 2008 R2 SP1 prerequisites
 Mailbox or Client Access server roles

 Edge Transport server role
Proxy server
A proxy server lessens network traffic by rejecting unwanted requests, forwarding

requests to balance and optimize server workload, and fulfilling requests by serving data
from cache rather than unnecessarily contacting the true destination server. HTTP
Server has proxy server capabilities built in.
Post Office Protocol (POP)

41
The Post Office Protocol (POP) is an application-layer Internet standard protocol used by e-mail
clients to retrieve e-mail from a mail server.[1] POP version 3 (POP3) is the version in common
use.
Internet Message Access Protocol (IMAP)
The Internet Message Access Protocol (IMAP) is an Internet standard protocol used by email

clients to retrieve email messages from a mail server over a TCP/IP connection. With IMAP, the
message does not remain on the local device, such as a computer, it remains on the server.
Simple Mail Transfer Protocol (SMTP)
The Simple Mail Transfer Protocol (SMTP) is an internet standard communication

protocol for electronic mail transmission. Mail servers and other message transfer agents use SMTP
to send and receive mail messages.
The Lightweight Directory Access Protocol (LDAP /ˈɛldæp/) is an open, vendor-neutral, industry

standard application protocol for accessing and maintaining distributed directory information
services over an Internet Protocol (IP) network.[1] Directory services play an important role in
developing intranet and Internet applications by allowing the sharing of information about users,
systems, networks, services, and applications throughout the network
Exchange server 2013 requirement:
Hardware requirements for Exchange 2013
Component Requirement
 x64 architecture-based
Processor
 AMD processor
 Intel Itanium IA64 processors not supported
Memory
 Mailbox 8GB minimum
42
Component Requirement
Paging file The page file size minimum and maximum must be set to physical RAM plus 10
size MB
 At least 30 GB on the drive on which you install Exchange
 An additional 500 MB of available disk space for each Unified Messaging
(UM) language pack that you plan to install
Disk space
 200 MB of available disk space on the system drive

 A hard disk that stores the message queue database on with at least 500 MB
of free space.
Drive DVD-ROM drive, local or network accessible

1024 x 768 pixels or higher
Screen
resolution
Disk partitions formatted as NTFS file systems, which applies to the following
partitions:
File format
Operating system
The following table lists the supported operating systems for Exchange 2013.
Important
 Windows Server 2008 R2 select the Full Installation option.

 Windows Server 2012 R2 full installation
43
.NET Framework
Exchange .NET Framework .NET Framework .NET Framework .NET Framework
version 4.7.1 4.6.2 4.6.1 4.5.2
Supported clients
Exchange 2013 supports the following versions of Outlook and Entourage for Mac:
 Outlook 2016
 Outlook 2013
 Outlook 2010
 Outlook 2007
-------------- ---------
Mailbox Server Role:

The followings are the mailbox server roles,
 Mailbox servers contain mailbox databases that process, render, and store data.
 Mailbox servers contain the Client Access services that accept client connections for all
protocols. These frontend services are responsible for routing or proxying connections to
the corresponding backend services on a Mailbox server. Clients don't connect directly to
the backend services
 In Exchange 2016, Mailbox servers contain the Unified Messaging (UM) services that
provide voice mail and other telephony features to mailboxes.
 You manage Mailbox servers by using the Exchange admin center (EAC) and the
Exchange Management Shell.
Plan, Deploy and configure the Mailbox Server
44
In Exchange 2013, the Mailbox server role interacts directly with Active Directory, the Client
Access server, and Microsoft Outlook clients in the following process:
 The Mailbox server uses LDAP to access recipient, server, and organization
configuration information from Active Directory.
 The Client Access server sends requests from clients to the Mailbox server and returns
data from the Mailbox server to the clients. The Client Access server also accesses online
address book (OAB) files on the Mailbox server through NetBIOS file sharing. The
Client Access server sends messages, free/buy data, client profile settings, and OAB data
between the client and the Mailbox server.
 Outlook clients inside your firewall access the Client Access server to send and retrieve
messages. Outlook clients outside the firewall can access the Client Access server by
using Outlook Anywhere (which uses the RPC over HTTP Proxy component).
 Public folder mailboxes are accessible via RPC over HTTP, regardless of whether the
client is outside or inside the firewall.
 The administrator-only computer retrieves Active Directory topology information from
the Microsoft Exchange Active Directory Topology service. It also retrieves email
address policy information and address list information.
 The Client Access server uses LDAP or Name Service Provider Interface (NSPI) to
contact the Active Directory server and retrieve users' Active Directory information.
---- - - - - -
The mailbox server role in Exchange 2013 hosts mailbox databases and other items, such as
Client Access protocols, Transport service and Unified Messaging. All processing of a specific
mailbox takes place on the Mailbox server hosting an active copy of the mailbox.
--- -----
After you've installed Exchange Server 2013 in your organization, you need to configure
Exchange for mail flow and client access. Without these additional steps, you won't be able to
send mail to the internet and external clients (for example, Microsoft Outlook, and Exchange
ActiveSync devices) won't be able to connect to your Exchange organization.
45
---------------------- ------------------------------------------ ----------------
Managing Exchange Server 2013 Mailboxes and Other Exchange Recipients
The Team Mailboxes management role enables administrators to define one or more site
mailbox provisioning policies and manage site mailboxes in the organization. ... This
management role is one of several built-in roles in the Role Based Access Control (RBAC)
permissions model in Microsoft Exchange Server 2013.
Mailboxes are the most common recipient type used by information workers in an Exchange
organization. Each mailbox is associated with an Active Directory user account. The user can use
the mailbox to send and receive messages, and to store messages, appointments, tasks, notes, and
documents. Use the EAC or the Shell to create user mailboxes.
You can also create user mailboxes for existing users that have an Active Directory user account
but don’t have a corresponding mailbox.
---------- ---------
The people and resources that send and receive messages are the core of any messaging and
collaboration system. In an Exchange organization, these people and resources are referred to as
recipients. A recipient is any mail-enabled object in Active Directory to which Microsoft
Exchange can deliver or route messages.
Exchange recipient types
Exchange includes several explicit recipient types. Each recipient type is identified in the
Exchange Administration Center (EAC) and has a unique value in the RecipientTypeDetails
property in the Exchange Management Shell. The use of explicit recipient types has the
following benefits:
46
 At a glance, you can differentiate between various recipient types.
 You can search and sort by each recipient type.
 You can more easily perform bulk management operations for selected recipient types.
 You can more easily view recipient properties because the EAC uses the recipient types
to render different property pages. For example, the resource capacity is displayed for a
room mailbox, but isn't present for a user mailbox.
The following table lists the available recipient types. All these recipient types are discussed in
more detail later in this topic.
Recipient type Description
Dynamic
A distribution group that uses recipient filters and conditions to derive its
distribution
membership at the time messages are sent.
group
A resource mailbox that's assigned to a resource that’s not location-specific,
Equipment such as a portable computer, projector, microphone, or a company car.
mailbox Equipment mailboxes can be included as resources in meeting requests,
providing a simple and efficient way of using resources for your users.
Linked mailbox A mailbox that's assigned to an individual user in a separate, trusted forest.
A mail-enabled Active Directory contact that contains information about people
or organizations that exist outside the Exchange organization. Each mail contact
Mail contact
has an external email address. All messages sent to the mail contact are routed
to this external email address.
Mail forest A mail contact that represents a recipient object from another forest. Mail forest
contact contacts are typically created by Microsoft Identity Integration Server (MIIS)
synchronization.
Important
Mail forest contacts are read-only recipient objects that are updated only
through MIIS or similar custom synchronization. You can't use the EAC or the
47
Shell to remove or modify a mail forest contact.

A mail-enabled Active Directory user that represents a user outside the
Exchange organization. Each mail user has an external email address. All
messages sent to the mail user are routed to this external email address.
Mail user
A mail user is similar to a mail contact, except that a mail user has Active
Directory logon credentials and can access resources.
A mail-enabled Active Directory global or local group object. Mail-enabled
Mail-enabled
non-universal groups were discontinued in Exchange Server 2007 and can exist
non-universal
only if they were migrated from Exchange 2003 or earlier versions of Exchange.
group
You can't use Exchange Server 2013 to create non-universal distribution groups.
Mail-enabled
An Exchange public folder that's configured to receive messages.
public folder
Distribution A distribution group is a mail-enabled Active Directory distribution group
groups object that can be used only to distribute messages to a group of recipients.
A mail-enabled security group is an Active Directory universal security group
Mail-enabled
object that can be used to assign access permissions to resources in Active
security group
Directory and can also be used to distribute messages.
A special recipient object that provides a unified and well-known message
Microsoft
sender that differentiates system-generated messages from other messages. It
Exchange
replaces the System Administrator sender used for system-generated messages
recipient
in earlier versions of Exchange.
A resource mailbox that's assigned to a meeting location, such as a conference
room, auditorium, or training room. Room mailboxes can be included as
Room mailbox
resources in meeting requests, providing a simple and efficient way of
organizing meetings for your users.
A mailbox that's not primarily associated with a single user and is generally
Shared mailbox
configured to allow access for multiple users.
Site mailbox A mailbox comprised of an Exchange mailbox to store email messages and a
48
SharePoint site to store documents. Users can access both email messages and
documents using the same client interface. For more information, see Site
mailboxes.
A mailbox that's assigned to an individual user in your Exchange organization.
User mailbox It typically contains messages, calendar items, contacts, tasks, documents, and
other important business data.
In hybrid deployments, an Office 365 mailbox consists of a mail user that exists
Office 365
in Active Directory on-premises and an associated cloud mailbox that exists in
mailbox
Exchange Online.
A linked user is a user whose mailbox resides in a different forest than the forest
Linked user
in which the user resides.
Mailboxes
documents. Mailboxes are the primary messaging and collaboration tool for the users in your
Exchange organization.
Mailbox components
Each mailbox consists of an Active Directory user and the mailbox data that's stored in the
Exchange mailbox database (as shown in the following figure). All configuration data for the
mailbox is stored in the Exchange attributes of the Active Directory user object. The mailbox
database contains the actual data that's in the mailbox associated with the user account.
------------------- --------------------------
After installing and configuring Exchange 2013 you have to create recipients to be able to send
and receive emails. There are different types of recipients in Exchange 2013. Different type of
recipients are created and used for different purpose. A recipient is any mail-enabled object in
49
Active Directory. It is important to understand different types of recipient before you configure
user mailbox in Exchange Server 2013. In this post, I will create user mailbox of existing user
account of active directory.
Following are different types of recipient in Exchange 2013,
1. Mailbox: Mailbox recipient can be user mailbox or linked mailbox. User mailbox is
associated with active directory user account. In this post, we will create a user mailbox.
Linked mailbox is associated with user account residing in separate trusted forest. The
diagram below shows components of linked mailbox.

Image Source: Microsoft
2. Groups: Groups can be distribution group, security group and dynamic distribution
group.
3. Resources: Resources recipient can be equipment mailbox or room mailbox. These are
mostly used for scheduling purpose of the company assets like meeting room, projectors,
etc.
4. Contacts: Contact recipients can be mail contact or mail user. Mail contact is a active
directory contact that is mail enabled. Mail user is an active directory user that can log
into active directory domain but has an external email address.
5. Shared: With shared recipient, single mailbox can be used by multiple users. This type
of recipient can be very handy for accounts like, info@mustbegeek.com,
contact@mustbegeek.com, and so on.
50
----------------- - ------------------------------
Planning and Implementing Public Folder Mailboxes, Address Lists and Policies
In Microsoft Outlook, a public folder is a folder created to share information with others. The
owner of a public folder can set privileges so that only a select group of users have access to the
folder, or the folder can be made available to everyone on the network who uses the same mail
client.
Public folder content can include email messages, posts, documents, and eForms. The content is
stored in the public folder mailbox but isn't replicated across multiple public folders mailboxes.
All users access the same public folder mailbox for the same set of content.
An address list is a collection of mail-enabled recipient objects from Active Directory. Address
lists are based on recipient filters, and are basically unchanged from Exchange 2010. You can
filter by recipient type (for example, mailboxes and mail contacts), recipient properties (for
example, Company or State or Province), or both. Address lists aren't static; they're updated
dynamically. When you create or modify recipients in your organization, they're automatically
added to the appropriate address lists. These are the different types of address lists that are
available:
 Global address lists (GALs): The built-in GAL that's automatically created by Exchange
includes every mail-enabled object in the Active Directory forest. You can create
additional GALs to separate users by organization or location, but a user can only see and
use one GAL.
51
 Address lists: Address lists are subsets of recipients that are grouped together in one list,
which makes them easier to find by users. Exchange comes with several built-in address
lists, and you can create more based on you organization's needs.
Chapter No.7
The Exchange Management Shell
Microsoft Exchange Management Shell (EMS) is a scripting platform with a command line
interface that enables administrators to manage Exchange Server.
52
EMS is built on top of Microsoft PowerShell, a command line shell that allows administrators to
perform administrative tasks with simple noun-verb commands called cmdlets. EMS processes
commands as instances of .NET classes and objects.
Administrators can use EMS to perform any administrative task normally performed in the
Exchange Management Console (EMC) in Exchange 2007 and Exchange 2010, as well as any
task typically performed in the Exchange Administration Center (EAC) in Exchange Server
2013. The EMS also allows administrators to complete many tasks not made available through
the EMC or EAC.
Microsoft strongly suggests that working knowledge of the EMS is critical for Exchange
administrators because it will be Microsoft's preferred administrative tool moving forward.
Role-based access control
In computer systems security, role-based access control (RBAC) is an approach to restricting

system access to authorized users. ... RBAC is sometimes referred to as role-based security.
Role-based-access-control (RBAC) is a policy neutral access control mechanism defined
around roles and privileges.
Role-Based Access Control (RBAC)
Role-based access control (RBAC) restricts network access based on a person's role within an
organization and has become one of the main methods for advanced access control. The roles in
RBAC refer to the levels of access that employees have to the network.
Employees are only allowed to access the information necessary to effectively perform their job
duties. Access can be based on several factors, such as authority, responsibility, and job
competency. In addition, access to computer resources can be limited to specific tasks such as
the ability to view, create, or modify a file.
As a result, lower-level employees usually do not have access to sensitive data if they do not
need it to fulfill their responsibilities. This is especially helpful if you have many employees and
53
use third-parties and contractors that make it difficult to closely monitor network access. Using
RBAC will help in securing your company’s sensitive data and important applications.
Examples of Role-Based Access Control
Through RBAC, you can control what end-users can do at both broad and granular levels. You
can designate whether the user is an administrator, a specialist user, or an end-user, and align
roles and access permissions with your employees’ positions in the organization. Permissions are
allocated only with enough access as needed for employees to do their jobs.
What if an end-user's job changes? You may need to manually assign their role to another user,
or you can also assign roles to a role group or use a role assignment policy to add or remove
members of a role group.
Some of the designations in an RBAC tool can include:
 Management role scope – it limits what objects the role group is allowed to manage.
 Management role group – you can add and remove members.
 Management role – these are the types of tasks that can be performed by a specific role
group.
 Management role assignment – this links a role to a role group.
By adding a user to a role group, the user has access to all the roles in that group. If they are
removed, access becomes restricted. Users may also be assigned to multiple groups in the event
they need temporary access to certain data or programs and then removed once the project is
complete.
Other options for user access may include:
 Primary – the primary contact for a specific account or role.

 Billing – access for one end-user to the billing account.
 Technical – assigned to users that perform technical tasks.
 Administrative – access for users that perform administrative tasks.
54
Benefits of RBAC
Managing and auditing network access is essential to information security. Access can and
should be granted on a need-to-know basis. With hundreds or thousands of employees, security
is more easily maintained by limiting unnecessary access to sensitive information based on each
user’s established role within the organization. Other advantages include:
1. Reducing administrative work and IT support. With RBAC, you can reduce the need
for paperwork and password changes when an employee is hired or changes their role.
Instead, you can use RBAC to add and switch roles quickly and implement them globally
across operating systems, platforms and applications. It also reduces the potential for
error when assigning user permissions. This reduction in time spent on administrative
tasks is just one of several economic benefits of RBAC. RBAC also helps to more easily
integrate third-party users into your network by giving them pre-defined roles.
2. Maximizing operational efficiency. RBAC offers a streamlined approach that is logical
in definition. Instead of trying to administer lower-level access control, all the roles can
be aligned with the organizational structure of the business and users can do their jobs
more efficiently and autonomously.
3. Improving compliance. All organizations are subject to federal, state and local
regulations. With an RBAC system in place, companies can more easily meet statutory
and regulatory requirements for privacy and confidentiality as IT departments and
executives have the ability to manage how data is being accessed and used. This is
especially significant for health care and financial institutions, which manage lots of
sensitive data such as PHI and PCI data.
Best Practices for Implementing RBAC
Implementing a RBAC into your organization shouldn’t happen without a great deal of
consideration. There are a series of broad steps to bring the team onboard without causing
unnecessary confusion and possible workplace irritations. Here are a few things to map out first.
 Current Status: Create a list of every software, hardware and app that has some sort of
security. For most of these things, it will be a password. However, you may also want to
55
list server rooms that are under lock and key. Physical security can be a vital part of data
protection. Also, list the status of who has access to all of these programs and areas. This
will give you a snapshot of your current data scenario.
 Current Roles: Even if you do not have a formal roster and list of roles, determining
what each individual team member does may only take a little discussion. Try to organize
the team in such a way that it doesn’t stifle creativity and the current culture (if enjoyed).
 Write a Policy: Any changes made need to be written for all current and future
employees to see. Even with the use of a RBAC tool, a document clearly articulating
your new system will help avoid potential issues.
 Make Changes: Once the current security status and roles are understood (not to
mention a policy is written), it’s time to make the changes.
 Continually Adapt: It’s likely that the first iteration of RBAC will require some
tweaking. Early on, you should evaluate your roles and security status frequently. Assess
first, how well the creative/production process is working and secondly, how secure your
process happens to be.
A core business function of any organization is protecting data. An RBAC system can ensure the
company's information meets privacy and confidentiality regulations. Furthermore, it can secure
key business processes, including access to IP, that affect the business from a competitive
standpoint.
Mailbox management:
A Microsoft Exchange 2013 site mailbox is an Exchange 2013 feature that helps facilitate
collaboration between SharePoint 2013 users. Introduced in the Exchange Server 2013 release,
site mailboxes give users access to both Exchange email and SharePoint documents through
Microsoft Outlook 2013.
documents. Use the EAC or the Shell to create user mailboxes.
56
You can also create user mailboxes for existing users that have an Active Directory user account
but don’t have a corresponding mailbox. This is known as mailbox-enabling existing users.
When you create a new user mailbox, you can’t use an apostrophe (') or a quotation mark (") in
the alias or the user logon name because these characters aren’t supported. Although you might
not receive an error if you create a new mailbox using unsupported characters, these characters
can cause problems later. For example, users that have been assigned access permissions to a
mailbox that was created using an unsupported character may experience problems or
unexpected behavior.
Change user mailbox properties
Use the EAC to change user mailbox properties
1. In the EAC, navigate to Recipients > Mailboxes.

2. In the list of user mailboxes, click the mailbox that you want to change the properties for,
and then click Edit .
3. On the mailbox properties page, you can change any of the following properties.
 General
 Mailbox Usage
 Contact Information
 Organization
 Email Address
 Mailbox Features
 Member Of
 MailTip
 Mailbox Delegation
General
Use the General section to view or change basic information about the user.
 First name, Initials, Last name
57
 * Name: This is the name that's listed in Active Directory. If you change this name, it
can't exceed 64 characters.
 * Display name: This name appears in your organization's address book, on the To: and
From: lines in email, and in the Mailbox list. This name can't contain empty spaces
before or after the display name.
 * Alias: This specifies the email alias for the user. The user's alias is the portion of the
email address on the left side of the at (@) symbol. It must be unique in the forest.
 * User logon name: This is the name that the user uses to sign in to their mailbox and to
log on to the domain. Typically the user logon name consists of the user's alias on the left
side of the @ symbol, and the domain name in which the user account resides on the right
side of the @ symbol.
Note
This box is labeled User ID in Exchange Online.
 Require password change on next logon: Select this check box if you want the user to
reset their password the next time they sign in to their mailbox.
Note
This check box isn't available in Exchange Online.
 Hide from address lists: Select this check box to prevent the recipient from appearing in
the address book and other address lists that are defined in your Exchange organization.
After you select this check box, users can still send messages to the recipient by using the
email address.
Click More options to view or change these additional properties:
 Organizational unit: This read-only box displays the organizational unit (OU) that
contains the user account. You have to use Active Directory Users and Computers to
move the user account to a different OU.
58
Note
This box isn't available in Exchange Online.
 Mailbox database: This read-only box displays the name of the mailbox database that
hosts the mailbox. To move the mailbox to a different database, select it in the mailbox
list, and then click Move mailbox to another database in the Details pane.
Note
This option isn't available in Exchange Online.
 Custom attributes: This section displays the custom attributes defined for the user
mailbox. To specify custom attribute values, click Edit. You can specify up to 15 custom
attributes for the recipient.
Mailbox Usage
Use the Mailbox Usage section to view or change the mailbox storage quota and deleted item
retention settings for the mailbox. These settings are configured by default when the mailbox is
created. They use the values that are configured for the mailbox database and apply to all
mailboxes in that database. You can customize these settings for each mailbox instead of using
the mailbox database defaults.
 Last logon: This read-only box displays the last time that the user signed in to their
mailbox.
 Mailbox usage: This area shows the total size of the mailbox and the percentage of the
total mailbox quota that has been used.
Note
To obtain the information that's displayed in the previous two boxes, the EAC queries the
mailbox database that hosts the mailbox. If the EAC is unable to communicate with the
Exchange store that contains the mailbox database, these boxes will be blank. A warning
message is displayed if the user hasn't signed in to the mailbox for the first time.
59
Click More options to view or change the mailbox storage quota and the deleted item retention
settings for the mailbox.
Note
These settings aren't available in the EAC in Exchange Online.
 Storage quota settings: To customize these settings for the mailbox and not use the
mailbox database defaults, click Customize the settings for this mailbox, type a new
value, and then click Save.
The value range for any of the storage quota settings is from 0 through 2047 gigabytes
(GB).
o Issue a warning at (GB): This box displays the maximum storage limit before a
warning is issued to the user. If the mailbox size reaches or exceeds the value
specified, Exchange sends a warning message to the user.
o Prohibit send at (GB): This box displays the prohibit send limit for the mailbox.
If the mailbox size reaches or exceeds the specified limit, Exchange prevents the
user from sending new messages and displays a descriptive error message.
o Prohibit send and receive at (GB): This box displays the prohibit send and
receive limit for the mailbox. If the mailbox size reaches or exceeds the specified
limit, Exchange prevents the mailbox user from sending new messages and won't
deliver any new messages to the mailbox. Any messages sent to the mailbox are
returned to the sender with a descriptive error message.
 Deleted item retention settings: To customize these settings for the mailbox and not use
the mailbox database defaults, click Customize the settings for this mailbox, type a new
value, and then click Save.
o Keep deleted items for (days): This box displays the length of time that deleted
items are retained before they are permanently deleted and can't be recovered by
the user. When the mailbox is created, this value is based on the deleted item
retention settings configured for the mailbox database. By default, a mailbox
60
database is configured to retain deleted items for 14 days. The value range for this
property is from 0 through 24855 days.
o Don't permanently delete items until the database is backed up: Select this
check box to prevent mailboxes and email messages from being deleted until after
the mailbox database on which the mailbox is located has been backed up.
Contact Information
Use the Contact Information section to view or change the user's contact information. The
information on this page is displayed in the address book. Click More options to display
additional boxes.
Tip
You can use the State/Province box to create recipient conditions for dynamic distribution
groups, email address policies, or address lists.
Mailbox users can use Outlook or Outlook Web App to view and change their own contact
information. But they can't change the information in the Notes and Web page boxes.
Organization
Use the Organization section to record detailed information about the user's role in the
organization. This information is displayed in the address book. Also, you can create a virtual
organization chart that is accessible from email clients such as Outlook.
 Title: Use this box to view or change the recipient's title.

 Department: Use this box to view or change the department in which the user works.
You can use this box to create recipient conditions for dynamic distribution groups, email
address policies, or address lists.
 Company: Use this box to view or change the company for which the user works. You
can use this box to create recipient conditions for dynamic distribution groups, email
address policies, or address lists.
61
 Manager: To add a manager, click Browse. In Select Manager, select a person, and then
click OK.
 Direct reports: You can't modify this box. A direct report is a user who reports to a
specific manager. If you've specified a manager for the user, that user appears as a direct
report in the details of the manager's mailbox. For example, Kari manages Chris and
Kate, so Kari's mailbox is specified in the Manager box of Chris's mailbox and Kate's
mailbox, and Chris and Kate appear in the Direct reports box in the properties of Kari's
mailbox.
Email Address
Use the Email Address section to view or change the email addresses associated with the user
mailbox. This includes the user's primary SMTP address and any associated proxy addresses.
The primary SMTP address (also known as the default reply address) is displayed in bold text in
the address list, with the uppercase SMTP value in the Type column.
 Add: Click Add to add a new email address for this mailbox. Select one of following
address types:
o SMTP: This is the default address type. Click this button and then type the new
SMTP address in the * Email address box.
o EUM: An EUM (Exchange Unified Messaging) address is used by the Microsoft
Exchange Unified Messaging service to locate UM-enabled users within an
Exchange organization. EUM addresses consist of the extension number and the
UM dial plan for the UM-enabled user. Click this button and type the extension
number in the Address/Extension box. Then click Browse and select a dial plan
for the user.
o Custom address type: Click this button and type one of the supported non-SMTP
email address types in the * Email address box.
Note
62
With the exception of X.400 addresses, Exchange doesn't validate custom
addresses for proper formatting. You must make sure that the custom address you
specify complies with the format requirements for that address type.
o Make this the reply address: In Exchange Online, you can select this check box
to make the new email address the primary SMTP address for the mailbox. This
check box isn't available in the EAC in Exchange Server.
 Automatically update email addresses based on the email address policy applied to
this recipient: Select this check box to have the recipient's email addresses automatically
updated based on changes made to email address policies in your organization. This box
is selected by default.
Note
This check box isn't available in Exchange Online.
 Make this the reply address
Mailbox Features
Use the Mailbox Features section to view or change the following mailbox features and
settings:
 Sharing policy: This box shows the sharing policy applied to the mailbox. A sharing
policy controls how users in your organization can share calendar and contact
information with users outside your Exchange organization. The Default Sharing Policy
is assigned to mailboxes when they are created. To change the sharing policy that's
assigned to the user, select a different one from the drop-down list.
 Role assignment policy: This box shows the role assignment policy assigned to the
mailbox. The role assignment policy specifies the role-based access control (RBAC) roles
that are assigned to the user and control what specific mailbox and distribution group
configuration settings users can modify. To change the role assignment policy that's
assigned to the user, select a different one from the drop-down list.
63
 Retention policy: This box shows the retention policy assigned to the mailbox. A
retention policy is a group of retention tags that are applied to the user's mailbox. They
allow you to control how long to keep items in users' mailboxes and define what action to
take on items that have reached a certain age. A retention policy isn't assigned to
mailboxes when they are created. To assign a retention policy to the user, select one from
the drop-down list.
 Address book policy: This box shows the address book policy applied to the mailbox.
An address book policy allows you to segment users into specific groups to provide
customized views of the address book. To apply or change the address book policy
applied to the mailbox, select one from the drop-down list.
 Unified Messaging: This feature is disabled by default. When you enable Unified
Messaging (UM), the user will be able to use your organization's UM features and a
default set of UM properties are applied to the user. Click Enable to enable UM for the
mailbox. For information about how to enable UM, see Enable a user for voice mail.
Note
A UM dial plan and a UM mailbox policy must exist before you can enable UM.
 Mobile Devices: Use this section to view and change the settings for Exchange
ActiveSync, which is enabled by default. Exchange ActiveSync enables access to an
Exchange mailbox from a mobile device. Click Disable Exchange ActiveSync to disable
this feature for the mailbox.
 Outlook Web App: This feature is enabled by default. Outlook Web App enables access
to an Exchange mailbox from a web browser. Click Disable to disable Outlook Web App
for the mailbox. Click Edit details to add or change an Outlook Web App mailbox policy
for the mailbox.
 IMAP: This feature is enabled by default. Click Disable to disable IMAP for the
mailbox.
 POP3: This feature is enabled by default. Click Disable to disable POP3 for the mailbox.
 MAPI: This feature is enabled by default. MAPI enables access to an Exchange mailbox
from a MAPI client such as Outlook. Click Disable to disable MAPI for the mailbox.
64
 Litigation hold: This feature is disabled by default. Litigation hold preserves deleted
mailbox items and records changes made to mailbox items. Deleted items and all
instances of changed items are returned in a discovery search. Click Enable to put the
mailbox on litigation hold. If the mailbox is on litigation hold, click Disable to remove
the litigation hold. Mailboxes on litigation hold are inactive mailboxes and can't be
deleted. To delete the mailbox, remove the litigation hold. If the mailbox is on litigation
hold, click Edit details to view and change the following litigation hold settings:
o Hold date: This read-only box indicates the date and time when the mailbox was
put on litigation hold.
o Put on hold by: This read-only box indicates the user who put the mailbox on
litigation hold.
o Note: Use this box to notify the user about the litigation hold, explain why the
mailbox is on litigation hold, or provide additional guidance to the user, such as
informing them that the litigation hold won't affect their day-to-day use of email.
o URL: Use this box to provide a URL to a website that provides information or
guidance about the litigation hold on the mailbox.
Note
The text from these boxes appears in the user's mailbox only if they are using
Outlook 2010 or later versions. It doesn't appear in Outlook Web App or other
email clients. To view the text from the Note and URL boxes in Outlook, click the
File tab, and on the Info page, under Account Settings, you'll see the litigation
hold comment.
 Archiving: If an archive mailbox doesn't exist for the user, this feature is disabled. To
enable an archive mailbox, click Enable. If the user has an archive mailbox, the size of
the archive mailbox and usage statistics are displayed. Click Edit details to view and
change the following archive mailbox settings:
o Status: This read-only box indicates whether an archive mailbox exists.
o Database: This read-only box shows the name of the mailbox database that hosts
the archive mailbox. This box isn't available in Exchange Online.
65
o Name: Type the name of the archive mailbox in this box. This name is displayed
under the folder list in Outlook or Outlook Web App.
o Archive quota (GB): This box shows the total size of the archive mailbox. To
change the size, type a new value in the box or select a value from the drop-down
list.
o Issue warning at (GB): This box shows the maximum storage limit for the
archive mailbox before a warning is issued to the user. If the archive mailbox size
reaches or exceeds the value specified, Exchange sends a warning message to the
user. To change this limit, type a new value in the box or select a value from the
drop-down list.
Note
The archive quota and the issue warning quota for the archive mailbox can't be
changed in Exchange Online.
 Delivery Options: Use to forward email messages sent to the user to another recipient
and to set the maximum number of recipients that the user can send a message to. Click
View details to view and change these settings.
o Forwarding address: Select the Enable forwarding check box and then click
Browse to display the Select Mail User and Mailbox page. Use this page to
select a recipient to whom you want to forward all email messages that are sent to
this mailbox.
o Deliver message to both forwarding address and mailbox: Select this check
box so that messages will be delivered to both the forwarding address and the
user's mailbox.
o Recipient limit: This setting controls the maximum number of recipients the user
can send a message to. Select the Maximum recipients check box to limit the
number of recipients allowed in the To:, Cc:, and Bcc: boxes of an email message
and then specify the maximum number of recipients.
Note
66
For on-premises Exchange organizations, the recipient limit is unlimited. For
Exchange Online organizations, the limit is 500 recipients.
 Message Size Restrictions: These settings control the size of messages that the user can
send and receive. Click View details to view and change maximum size for sent and
received messages.
Note
These settings can't be changed in Exchange Online.
o Sent messages: To specify a maximum size for messages sent by this user, select
the Maximum message size (KB) check box and type a value in the box. The
message size must be between 0 and 2,097,151 KB. If the user sends a message
larger than the specified size, the message will be returned to the user with a
descriptive error message.
o Received messages: To specify a maximum size for messages received by this
user, select the Maximum message size (KB) check box and type a value in the
box. The message size must be between 0 and 2,097,151 KB. If the user receives
a message larger than the specified size, the message will be returned to the
sender with a descriptive error message.
 Message Delivery Restrictions: These settings control who can send email messages to
this user. Click View details to view and change these restrictions.
o Accept messages from: Use this section to specify who can send messages to this
user.
o All senders: Select this option to specify that the user can accept messages from
all senders. This includes both senders in your Exchange organization and
external senders. This option is selected by default. This option includes external
users only if you clear the Require that all senders are authenticated check
box. If you select this check box, messages from external users will be rejected.
o Only senders in the following list: Select this option to specify that the user can
accept messages only from a specified set of senders in your Exchange
organization. Click Add to display the Select Recipients page, which displays a
67
list of all recipients in your Exchange organization. Select the recipients you want,
add them to the list, and then click OK. You can also search for a specific
recipient by typing the recipient's name in the search box and then clicking
Search .
o Require that all senders are authenticated: Select this option to prevent
anonymous users from sending messages to the user.
o Reject messages from: Use this section to block people from sending messages
to this user.
o No senders: Select this option to specify that the mailbox won't reject messages
from any senders in the Exchange organization. This option is selected by default.
o Senders in the following list: Select this option to specify that the mailbox will
reject messages from a specified set of senders in your Exchange organization.
Click Add to display the Select Recipients page, which displays a list of all
recipients in your Exchange organization. Select the recipients you want, add
them to the list, and then click OK. You can also search for a specific recipient by
typing the recipient's name in the search box and then clicking Search .
Member Of
Use the Member Of section to view a list of the distribution groups or security groups to which
this user belongs. You can't change membership information on this page. Note that the user may
match the criteria for one or more dynamic distribution groups in your organization. However,
dynamic distribution groups aren't displayed on this page because their membership is calculated
each time they are used.
MailTip
Use the MailTip section to add a MailTip to alert users of potential issues if they send a message
to this recipient. A MailTip is text that is displayed in the InfoBar when this recipient is added to
the To, Cc, or Bcc boxes of a new email message.
Note
68
MailTips can include HTML tags, but scripts aren't allowed. The length of a custom MailTip
can't exceed 175 displayed characters. HTML tags aren't counted in the limit.
Mailbox Delegation
Use the Mailbox Delegation section to assign permissions to other users (also called delegates)
to allow them to sign in to the user's mailbox or send messages on behalf of the user. You can
assign the following permissions:
 Send As: This permission allows users other than the mailbox owner to use the mailbox
to send messages. After this permission is assigned to a delegate, any message that a
delegate sends from this mailbox will appear as if it was sent by the mailbox owner.
However, this permission doesn't allow a delegate to sign in to the user's mailbox.
 Send on Behalf Of: This permission also allows a delegate to use this mailbox to send
messages. However, after this permission is assigned to a delegate, the From: address in
any message sent by the delegate indicates that the message was sent by the delegate on
behalf of the mailbox owner.
 Full Access: This permission allows a delegate to sign in to the user's mailbox and view
the contents of the mailbox. However, after this permission is assigned to a delegate, the
delegate can't send messages from the mailbox. To allow a delegate to send email from
the user's mailbox, you still have to assign the delegate the Send As or the Send on
Behalf Of permission.
To assign permissions to delegates, click Add under the appropriate permission to display a
page that displays a list of all recipients in your Exchange organization that can be assigned the
permission. Select the recipients you want, add them to the list, and then click OK. You can also
search for a specific recipient by typing the recipient's name in the search box and then clicking
Search .
Use Exchange Online PowerShell to change user mailbox properties
Use the Get-Mailbox and Set-Mailbox cmdlets to view and change properties for user
mailboxes. One advantage of using Exchange Online PowerShell is the ability to change the
69
properties for multiple mailboxes. For information about what parameters correspond to mailbox
properties, see the following topics:
 Get-Mailbox
 Set-Mailbox
Here are some examples of using Exchange Online PowerShell to change user mailbox
properties.
This example shows how to forward Pat Coleman's email messages to Sunil Koduri's
(sunilk@contoso.com) mailbox.
Set-Mailbox -Identity patc -DeliverToMailboxAndForward $true -ForwardingAddress

sunilk@contoso.com
This example uses the Get-Mailbox command to find all user mailboxes in the organization, and
then uses the Set-Mailbox command to set the recipient limit to 500 recipients allowed in the
To:, Cc:, and Bcc: boxes of an email message.
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Set-

Mailbox -RecipientLimits 500
This example uses the Get-Mailbox command to find all the mailboxes in the Marketing
organizational unit, and then uses the Set-Mailbox command to configure these mailboxes. The
custom warning, prohibit send, and prohibit send and receive limits are set to 200 megabytes
(MB), 250 MB, and 280 MB respectively, and the mailbox database's default limits are ignored.
This command can be used to configure a specific set of mailboxes to have larger or smaller
limits than other mailboxes in the organization.
Get-Mailbox -OrganizationalUnit "Marketing" | Set-Mailbox -IssueWarningQuota 209715200 -

ProhibitSendQuota 262144000 -ProhibitSendReceiveQuota 293601280 -
UseDatabaseQuotaDefaults $false
70
This example uses the Get-Mailbox cmdlet to find all users in the Customer Service department,
and then uses the Set-Mailbox cmdlet to change the maximum message size for sending
messages to 2 MB.
Get-Mailbox -Filter "Department -eq 'Customer Service'" | Set-Mailbox -MaxSendSize 2097152
This example sets the MailTip translation in French and Chinese.
Set-Mailbox john@contoso.com -MailTipTranslations ("FR: C'est la langue française", "CHT:

這是漢語語言")
How do you know this worked?
To verify that you've successfully changed properties for a user mailbox, do the following:
 In the EAC, select the mailbox and then click Edit to view the property or feature that
you changed. Depending on the property that you changed, it might be displayed in the
Details pane for the selected mailbox.
 In Exchange Online PowerShell, use the Get-Mailbox cmdlet to verify the changes. One
advantage of using Exchange Online PowerShell is that you can view multiple properties
for multiple mailboxes. In the example above where the recipient limit was changed, run
the following command to verify the new value.
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Format-

List Name,RecipientLimits
For the example above where the message limits were changed, run this command.
 Get-Mailbox -OrganizationalUnit "Marketing" | Format-List

Name,IssueWarningQuota,ProhibitSendQuota,ProhibitSendReceiveQuota,UseDatabaseQ
uotaDefaults

71
Bulk edit user mailboxes
You can use the EAC to change the properties for multiple user mailboxes. When you select two
or more user mailboxes from the mailbox list in the EAC, the properties that can be bulk edited
are displayed in the Details pane. When you change one of these properties, the change is applied
to all selected mailboxes.
Here's a list of the user mailbox properties and features that can be bulk edited. Note that not all
properties in each area are available to be changed.
 Contact Information: Change shared properties such as street, postal code, and city
name.
 Organization: Change shared properties such as department name, company name, and
the manager that the selected users report to.
 Custom attributes: Change or add values for custom attributes 1 - 15.
 Mailbox quota: Change the mailbox quota values and the retention period for deleted
items. This isn't available in Exchange Online.
 Email connectivity: Enable or disable Outlook Web App, POP3, IMAP, MAPI, and
Exchange ActiveSync.
 Archive: Enable or disable the archive mailbox.
 Retention policy, role assignment policy, and sharing policy: Update the settings for
each of these mailbox features.
 Move mailboxes to another database: Move the selected mailboxes to a different
database.
 Delegate permissions: Assign permissions to users or groups that allow them to open or
send messages from other mailboxes. You can assign Full, Send As and Send on Behalf
permissions to users or groups. Check out Manage permissions for recipients for more
details.
Note
The estimated time to complete this task is 2 minutes, but may take longer if you change multiple
properties or features.
72
Use the EAC to bulk edit user mailboxes
1. In the EAC, navigate to Recipients > Mailboxes.

2. In the list of mailboxes, select two or more mailboxes.
Tip
You can select multiple adjacent mailboxes by holding down the Shift key and clicking
the first mailbox, and then clicking the last mailbox you want to edit. You can also select
multiple non-adjacent mailboxes by holding down the Ctrl key and clicking each mailbox
that you want to edit.
3. In the Details pane, under Bulk Edit, select the mailbox properties or feature that you
want to edit.
4. Make the changes on the properties page and then save your changes.
How do you know this worked?
To verify that you've successfully bulk edited user mailboxes, do one of the following:
 In the EAC, select each of the mailboxes that you bulk edited and then click Edit to
view the property or feature that you changed.
 In Exchange Online PowerShell, use the Get-Mailbox cmdlet to verify the changes. One
advantage of using Exchange Online PowerShell is that you can view multiple properties
for multiple mailboxes. For example, say you used the bulk edit feature in the EAC to
enable the archive mailbox and assign a retention policy to all users in your organization.
To verify these changes, you could run the following command:
Get-Mailbox -ResultSize unlimited -Filter {(RecipientTypeDetails -eq 'UserMailbox')} | Format-

List Name,ArchiveDatabase,RetentionPolicy
For more information about the available parameters for the Get-Mailbox cmdlet, see Get-
73
-------- -------
Addressing Exchange:
Recipients (which include users, resources, contacts, and groups) are any mail-enabled object in
Active Directory to which Microsoft Exchange can deliver or route messages. For a recipient to
send or receive email messages, the recipient must have an email address. Email address policies
generate the primary and secondary email addresses for your recipients so they can receive and
send email.
By default, Exchange contains an email address policy for every mail-enabled user. This default
policy specifies the recipient's alias as the local part of the email address and uses the default
accepted domain. The local part of an email address is the name that appears before the at sign
(@). However, you can change how your recipients' email addresses will display. For example,
you can specify that the addresses display as firstname.lastname@contoso.com.
Furthermore, if you want to specify additional email addresses for all recipients or just a subset,
you can modify the default policy or create additional policies. For example, the user mailbox for
David Hamilton can receive email messages addressed to hdavid@mail.contoso.com and
hamilton.david@mail.contoso.com.
74
Chapter No.8
Microsoft Forefront Threat Management Gateway (Forefront TMG), formerly known as
Microsoft Internet Security and Acceleration Server (ISA Server), is a network router,
firewall, antivirus program, VPN server and web cache from Microsoft Corporation.
Forefront TMG 2010 has been built on top of the core capabilities delivered in Microsoft
Internet Security and Acceleration (ISA) Server 2004/2006 in order to deliver a
comprehensive, enhanced and integrated network security gateway. Forefront TMG
provide additional protection capabilities to help secure the corporate network from
external/Internet-based threats. Forefront TMG 2010 prevent abuse of networks from
internal and external entity. Forefront provide more management capabilities in terms
security and protection. Forefront TMG 2010 is available in Standard Edition and
Enterprise Edition. Standard version does not support Array/NLB/CARP support and
Enterprise Management. For E-mail Protection both version requires Exchange license.
1.1 Configure a server authentication certificate in IIS

a) Log on to TMG-SRV as a domain administrator.
b) From the Start menu, select All Programs, point to Administrative Tools, and then click
Internet Information Services (IIS)
Manager.
c) In the console tree, click the root node that contains the name of the computer, click Default
Web Site.
d) In the Actions pane, click Bindings.
e) In the Site Bindings dialog box, click Add.
f) In the Add Site Binding dialog box, select https in the Type drop-down list, select the
certificate that you have generated using
Luna CSP in the SSL certificate drop-down list, click OK, and then click Close.
g) Close the Internet Information Services (IIS) Manager console.
75
1.2 Creating a Web Listener for TMG Server
a) Log on to TMG-SRV as a domain administrator.

b) On the Forefront TMG server, click Start, point to All Programs, click Microsoft Forefront
TMG, and then click Forefront TMG
Management.
c) In the Forefront TMG console tree, expand Forefront TMG (TMG-SRV), and then click
Firewall Policy.
d) Click the Toolbox tab, under Network Objects click New, and then click Web Listener.
e) On the Welcome to the New Web Listener Wizard page, in the Web listener name box, type
SSL Listener (or any name you
want), and then click Next.
f) On the Client Connection Security page, verify Require SSL secured connections with clients
is selected, and then click Next.
g) On the Web Listener IP Addresses page, under Listen for incoming Web request on these
networks, click Internal, and then click
Select IP Addresses.
h) On the Internal Network Listener IP Selection page, click Specified IP addresses on the
Forefront TMG computer in the selected
network, under Available IP Addresses, click listed IP Address, click Add, and then click OK.
i) On the Web Listener IP Addresses page, click Next.
j) On the Listener SSL Certificates page, click Select Certificate.
k) In the Select Certificate window, click Select.
l) On the Listener SSL Certificates page, click Next.
m) On the Authentication Settings page, in the Select how clients will provide credentials to
Forefront TMG drop-down list, click No
Authentication, and then click Next.
n) On the Single Sign On Settings page, click Next.
o) On the Completing the New Web Listener Wizard page, confirm that the correct settings are
specified, and then click Finish.
p) In the Forefront TMG console, click Apply to save changes and update the configuration.
76
q) In the Configuration Change Description window, for the Change description, type Create
Web Listener for SSL Communication,
and then click Apply.
r) In the Save Configuration Changes window, the update progress will be noted.
s) In the Save Configuration Changes window, verify that the configuration updates were saved,
and then click OK.
1.3 Creating a Web Publishing Rule for TMG Server
a) On the Forefront TMG console tree, expand Forefront TMG (TMG-SRV), and then click
Firewall Policy.
b) Click the Tasks tab, and then under Firewall Policy Tasks, click Publish Web Sites.
c) On the Welcome to the New Web Publishing Rule Wizard page, in the Web publishing rule
name box, type Secure Web Site
Access (or any name you want), and then click Next.
d) On the Select Rule Action page, select Allow, and then click Next.
e) On the Publishing Type page, verify that Publish a single Web site or load balancer is
selected, and then click Next.
f) On the Server Connection Security page, click Use SSL to connect to the published Web
server or server farm, and then click
Next.
g) On the Internal Publishing Details page, in the Internal site name box, type TMG-
SRV.lunatmg.com, select Use a computer name
or IP address to connect to the published server, and in the Computer name or IP address box,
type TMG-SRV.lunatmg.com,
and then click Next.
h) On the Internal Publishing Details page, in the Path (optional) box, type /*, and then click
Next
i) On the Public Name Details page, in the Accept requests for drop-down list, select This
domain name (type below), and in the
Public name box, type TMG-SRV.lunatmg.com, and then click Next.
j) On the Select Web Listener page, in the Web listener drop-down list, select SSL Listener (or
whichever you have configured),
77
and then click Next.
k) On the Authentication Delegation page, in the Select the method used by Forefront TMG to
authenticate to the published Web
server drop-down list, select No delegation, but client may authenticate directly, and then click
Next.
l) On the User Sets page, click Next.
m) On the Completing the New Web Publishing Rule Wizard page, verify the configuration, and
then click Finish.
n) In the Forefront TMG console, click Apply to save changes and update the configuration.
o) In the Configuration Change Description window, for the Change description text box, type
Create Web publishing rule for TMG
Server, and then click Apply.
p) In the Save Configuration Changes window, the update progress will be noted.
q) In the Save Configuration Changes window, verify that the configuration updates were saved,
and then click OK.
r) Restart the TMG-SRV to make sure that changes take effect.
------- --------
Firewall and its types.
Firewall is a system that is designed to prevent unauthorized access to from a private

network . Firewall can be implemented in both hardware and software, or combination of
both. Firewalls are frequently used to prevent unauthorized internet users from accessing a
private networks connected to the internet, especially intranets. All messages entering or
leaving the intranet pass to the firewall, which examines each message and blocks those that
do not meet the specified security criteria. Firewall is used after 1980 when the internet is
globally used and connectivity is a new thing.
78
Packet Filters
The most basic type of firewall is a packet filter. It receives packets and evaluates them
according to a set of rules that are usually in the form of access control lists. These packets
may be forwarded to their destinations, dropped, or dropped with a return message to the
originator describing what happened. The types of filtering rules vary from one vendor's
product to another.
Application-Gateway Firewalls
Application level firewall considered as 3rd generation. It is very famous from 1995 till 1998.
This type of firewall is very useful because it can understand specific applications and
protocols(HTTP,DNS,FTTP etc). In that way it detect the unwanted and harmful protocol to
bypass from firewall.
Circuit-Gateways Firewalls
It is also known as state full firewall and second generation firewall. It

works on forth
layer of OSI model (Transport layer) as compared to simple packet filtering this type of firewall
can keep save the tracks of connection. In it the carried packet can be start from new connection
or may part of pre available connection. If the packet is not a part of both connection then it is
useless and should be drop.
---------------- --------------------
Advanced Application:
Web Filtering:
Microsoft Forefront TMG Categories for Web URL Filtering/Blocking. ... URL Filtering
allows you to control end-user access to Web sites, protecting the organization by denying
access to known malicious sites and to sites displaying inappropriate or pornographic materials,
based on predefined URL categories
-------------------- -------------------------
79
Integrating TMG and Microsoft Exchange Server 2013
1. Configure Exchange 2013 for basic authentication

1. Run the following on the CAS server that will be published
 Set-OwaVirtualDirectory -id <CasServer>\* -BasicAuthentication $true -
WindowsAuthentication $true -FormsAuthentication $false
 set-WebServicesVirtualDirectory -id <CasServer>\* -
WindowsAuthentication $true -BasicAuthentication $true
 set-EcpVirtualdirectory -id <CasServer>\* -BasicAuthentication $true -
WindowsAuthentication $true -FormsAuthentication $false
 set-OabVirtualDirectory -id <CasServer>\* -WindowsAuthentication
$true -BasicAuthentication $true
 set-ActiveSyncVirtualDirectory -id <CasServer>\* -BasicAuthentication
$true
2. Copy the 3rd party certificate to the TMG server.
1. Click Start –> Run –> Type MMC
2. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-
> Next –> finish-> ok
3. Click Personal –> certificates
4. Right Click on 3rd party certificate and click all tasks –> export
5. Click Next –> Yes, Export Private Key –> Base-64 –> next –> Browse for file
location.
6. Next-> finish
7. Copy certificate file to the TMG server
8. Click Start –> Run –> Type MMC
9. Click File –> add remove Snap-in –> Certificates –> ADD –> Computer account-
> Next –> finish-> ok
80
10. Click Personal –> Right Click certificates –> all task –> import –> next –> select
file –> next –> next finish
3. Configure OWA Rule on TMG
1. Open Forefront TMG
2. Click on
3. In the Action Pane under Task click

4. Give the rule a Name ill name mine “2010 OWA”
5.
6. Next –> Next
81
7.
8. Internal Site Name should be your CAS server FQDN (needs to be on the cert)
9.
10. The external name is what you use to access OWA (Also needs to be on the cert)
82
11.
12. Click new to make a new Listener
13.
14. Name it whatever you want, I named Mine FBA because I am going to use it for
Forms Based auth for OWA.
83
15.
16. Select one of the External IPs listed (not all IP addresses or you cant do multiple
auth methods)
17.
18. Select the certificate you imported earlier
84
19.
20. Use Form Authentication
21.
22. You can configure SSO if you have other sites that will use this listener
85
23.
24. Click –> Next –> Finish –> Select the Listener.
25.
86
26.
27.
You CANNOT use “all users” here you need to have authenticated users or
another group that requires authentication or your will not get prompted for auth.
and get a 500.24 in browser
28. Finish
29. Now OWA is published!
87
4. Now on to EWS\Outlook Anywhere
Publish Exchange 2010 with TMG (Forefront Threat Management Gateway) Series:
1. OWA
2. EWS\Outlook anywhere
3. Active sync
4. SMTP
Chapter No.9
Ch no 9 is not complete.
88
Access rules
Define whether traffic from the source network is allowed to pass to the destination network.
The TOE (Target of Evaluation) includes a list of preconfigured, well-known protocol
definitions, including the Internet
protocols which are most widely used. It is possible to add or modify additional protocols. When
a client requests an object using a specific protocol, the TOE checks the access rules.
request is processed only if an access rule specifically allows the client to communicate using
the specific protocol and also allows access to the requested object.
Configuring Load-Balancing Capabilities:
Forefront TMG can distribute Web traffic to identical configured web servers that are normally
a special function of a Hardware load balancer. Web server load balancing distributes network
traffic to different hosts in the internal network without using classic NLB functions of the
Windows operating system.
Network Inspection System:
The Network Inspection System is a network level IDS/IPS system that uses the GAPA
language to enable fast development of NIS signatures. ... NIS depends on the Windows Filtering
Platform, which means it's available for Windows Server 2008 and above and Windows Vista
and above.
89
Chapter No.10
Auditing object access
Auditing object access is a two-step process: Step one is enabling “Audit object access” and step
two is selecting the objects to be audited. When enabling Audit object access, you need to decide
if both failure and success events will be logged. The two options are as follows:
 Audit object access failure enables you to see if users are attempting to access objects to
which they have no rights. This shows unauthorized attempts.
 Audit object access success enables you to see usage patterns. This shows misuse of
privilege.
Auditing User Access of Files, Folders, and Printers

The audit log appears in the Security log in Event Viewer. To enable this feature:
1. Click Start, click Control Panel, click Performance and Maintenance, and then click
Administrative Tools.
2. Double-click Local Security Policy.
3. In the left pane, double-click Local Policies to expand it.
4. In the left pane, click Audit Policy to display the individual policy settings in the right
pane.
5. Double-click Audit object access.
6. To audit successful access of specified files, folders and printers, select the Success
check box.
7. To audit unsuccessful access to these objects, select the Failure check box.
8. To enable auditing of both, select both check boxes.
9. Click OK.
90
Specifying Files, Folders, and Printers to Audit
After you enable auditing, you can specify the files, folders, and printers that you want audited.
To do so:
1. In Windows Explorer, locate the file or folder you want to audit. To audit a printer, locate
it by clicking Start, and then clicking Printers and Faxes.
2. Right-click the file, folder, or printer that you want to audit, and then click Properties.
3. Click the Security tab, and then click Advanced.
4. Click the Auditing tab, and then click Add.
5. In the Enter the object name to select box, type the name of the user or group whose
access you want to audit. You can browse the computer for names by clicking Advanced,
and then clicking Find Now in the Select User or Group dialog box.
6. Click OK.
7. Select the Successful or Failed check boxes for the actions you want to audit, and then
click OK.
8. Click OK, and then click OK.
Event Viewer
Event Viewer allows you to monitor events in your system. It maintains logs about program,
security, and system events on your computer. You can use Event Viewer to view and manage
the event logs, gather information about hardware and software problems, and monitor
Windows servefr security events. The Event Log service starts automatically when you start
Windows server. All users can view application and system logs.
To access Device Manager, on the Start menu, click Programs , point to Administrative
Tools , and then click Event Viewer .
Event Viewer displays events from each log separately. Each line shows information about a
single event, including date, time, source, event type, category, Event ID, user account, and
computer name.
91
Event Logs
You can use Event Viewer to view and manage the System, Application, and Security event logs.
System Log. The System log records events logged by the Windows server system
components. For example, the failure of a driver or other system component to load during
startup is recorded in the System log
Application Log. The Application log records events logged by programs. For example, a
database program might record a file error in the Application log
Security Log. The Security log records security events, such as valid and invalid logon
attempts, and events related to resource use, such as creating, opening, or deleting files or other
objects.
Hardware Troubleshooting
General Hardware Troubleshooting Tips
Regardless of the problem there are a few steps that must be taken whenever troubleshooting a
hardware problem. These may seem rather insulting to most people, but one must never forget to
do them; if they are not done you might very well waste allot of time and possibly create a new
problem from fiddling around in your computer chasing down a phantom. Here are some quick
steps:
1. Power Cords - Make sure that all of the power cords are firmly in place on all of the
devices that could possibly be causing or attributing to the symptoms you are
experiencing (i.e. If nothing shows up on the monitor make sure that the cords are
attached to both the monitor and the computer itself). Then trace the cords back to the
wall and make sure that the other end of the cord is attached to a power outlet or surge
protector.
2. Outlet Power - It is not uncommon to blow a fuse; if the outlet in question is not
receiving power than you should not expect any of the devices connected to the computer
to receive power. You can test this simply by looking at the device and seeing if any
92
LEDs (Light Emitting Diodes) are lit. If there are no LEDs lit, try pluggin in a device that
you know works into the outlet, such as a clock or radio.
3. Power Button - This step goes hand-in-hand with the last step. Many people don't think
to check for this because many computer devices stay on all of the time (i.e. monitors,
printers, power supplies), and as such do not check the power button. Also, some devices
have two power switches on them, and both must be in the "on" position in order for the
device to work (i.e. there is a power button both on the front, and on the back of most
computers).
4. Communication Connections - Once you've settled that the power to your devices is
fine, the next step is to make sure that the device has all of the connections needed for it
to communicate. This step consists of making sure that these cables are firmly connected
at each end, and that they are connected at the correct port/interface. Do not forget to
check internal connections; if your computer has been bumped it is possible for some
connections inside to pop loose.
5. Device Configuration - This steps provides both hardware and software configuration.
There may be jumpers or switches on the hardware that need to be configured. If these
accidentally got moved or switched the device would fail to work properly. Also, most
hardware ships with configuration software (i.e. Wireless cards); make sure that the
software configurations are compatible with what you are trying to accomplish.
6. Follow Instructions - Computers are not evasive when they report errors; all too often
we just do not understand them, or are confused by the amount of information that is
given. Many times there are suggestions on how to fix a problem accompanied with an
error message. Simply follow the steps the message suggests; even if the suggestion
seems to be ridiculous follow it so that you can discard it as a possibility.
7. Windows Recognition - If you go into the Control Panel, open the System dialog, click
on the Hardware tab, and then open the Device Manager, you will see a tree-like structure
of all of the hardware that is attached to your computer. Look under the appropriate
category (Monitors, Graphic Adapters, etc.) and click on the item/items that you are
having problems with then click on properties. The dialog that opens will inform you if
the operating system is having any know troubles with the device.
93
8. Update Drivers - If possible, try connecting to the internet and going to the
manufacture's web site to download the latest drivers for your hardware (this requires that
you now the model specifications of your hardware). Often conflicts can arise when you
install new hardware and software; although these are unanticipated, once found the
developer will fix the problem and post updated drivers.
9. Refresh Device Manager/Reinstall Device - This step falls into the "I don't care what
the problem is, I just want it fixed" category. Open the device manager again and delete
the devices that are not working properly. You will probably be prompted to restart your
computer, if not restart it manually. When the computer restarts the hardware you deleted
will be detected again and be reinstalled with the default configurations. If you cannot
find the device in the device manager try to uninstall all software that came with it and
reinstall using the disks that were provided.
Troubleshooting of disk management:
Disk Management is an extension of the Microsoft Management Console that allows full
management of the disk-based hardware recognized by Windows. Disk Management is used to
manage the drives installed in a computer—like hard disk drives (internal and external), optical
disk drives, and flash drives.
Connectivity and Communication:
connectivity -. A generic term for connecting devices to each other in order to transfer data back
and forth. It often refers to network connections, which embraces bridges, routers, switches and
gateways as well as backbone networks.
communications : The transmission of data from one computer to another, or from one device
to another. A communications device, therefore, is any machine that assists data transmission.
For example, modems, cables, and ports are all communications devices.
94

Note CIT-324 (2018) Eng

Uploaded by

Copyright:

Available Formats

You might also like

Note CIT-324 (2018) Eng

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Note CIT-324 (2018) Eng

Uploaded by

Copyright:

Available Formats

Chapter No.

What is Network administration?

The main tasks associated with network administration include:

 Design, installation and evaluation of the network

 Execution and administration of regular backups

 Creation of precise technical documentation, such as network diagrams, network cabling

 Provision for precise authentication to access network resources

 Provision for troubleshooting assistance

 Administration of network security, including intrusion detection

Who is Network Administrator?

Network for Companies:

What are the Types of Networks?

There are three types of Network:

Definition of Wide Area Network?

1. Personal Area Network(PAN)

Definition of Wireless Local Area Network?

2.1. Introduction to Microsoft Windows:

2.2. Introduction to Client-Server Environment

There are two popular environments of networking

What is Peer-to-Peer Network?

Installation/Deployment of Windows Client end:

Deployment: Windows Deployment Services (WDS) is a feature in Windows Server that

Steps for installation of Windows 7:

Client end Basic Settings:

1. Set a unique name of the computer.

2. Set Administrator password enable of the computer that is initially disabled.

3. Set TCP/IP address for the computer.

4. “ping” it to other computers for connection in Peer to Peer network.

6. Enable file sharing.

Basic computer network components:

How to join a computer to a domain:

1. Right click on computer

What are types of file system?

ADVANTAGES OF DATA COMPRESSION:

 Less disk space

DISADVANTAGES OF DATA COMPRESSION:

 Effect of errors in transmission

The process of transforming information (referred to as plaintext) using an algorithm to make it

Reconversion of encrypted data back into its original form.

Minimum Hardware requirement for server

Item Windows Server 2008 R2

Hardware requirement of Active Directory

Hardware An AMD64 or Intel EMT-64 processor

Disk Space The following minimum values for disk space:

 At least 7.5 GB of free disk storage for a typical installation

Installation of windows server 2008 r2:

Follow this procedure to install Windows Server 2008:

13. Click on Other User.

Specify the preferred DNS server

Add the Active Directory Domain Services role

1. In the Server Manager window, select the Roles directory.

 If it is not already open, open the Server Manager window.

 Select Roles > Active Directory Domain Services.

 On the Operating System Compatibility page, click Next.

The installation program verifies the NetBIOS name.

The installation program examines and verifies your DNS setting.

 In the message dialog box that appears, click Yes.

Uninstallation process of Active directory: