INF214x Basic Networking – Practical Exercises

Overview
This course includes practical exercises where you can try out the
techniques demonstrated in the course for yourself. This guide lists the
steps for the individual practical exercises.

For the exercises that use PowerShell, a script is included at the end of
the exercise. You can paste the script into the lab environment
Powershell or PowerShell window by using the Actions drop-down.
Make sure your cursor is in place in the PowerShell window before
pasting!

Note: These practical exercises are designed to provide you experience as a

working System Administrator. The lab steps are not written to be prescriptive,
because as part of your day to day tasks you will need to troubleshoot and test
different configurations. No one set of steps will be applicable in all cases, you will
need to adjust for your situation. These steps were tested when the course was
released. You may find changes to the interface as well as changes in how
procedures are implemented.
 Module 1 - DHCP Basics

DHCP Server Role and Delegation

In this exercise, you will install and authorize the DHCP server role, and
configure DHCP Administrators and DHCP Users.

1. Log in to LON-SVR1 as Administrator with the password Pa55w.rd.

2. Open Server Manager and use the Add Roles and Features
Wizard to install the DHCP Server role.
3. Accept all the default settings and wait for the role to install.
4. On the last page of the Wizard click Complete DHCP configuration.
If you have closed the Wizard, click the Notification icon.
5. In the DHCP Post-Install configuration wizard read that the
Wizard will create the DHCP Administrator and DHCP Users groups.
The Wizard will also authorize the server, click Next.
6. On the Authorization page, click Commit, and then close the wizard.
7. From the Server Manager Tools menu, open the DHCP console.
8. Right-click the server, notice the Deactivate selection.
9. Ensure that IPv4 and IPv6 nodes have green check marks. You may
need to click the nodes.

Configure DHCP Administrators and DHCP Users

1. Sign in to LON-DC1 as Adatum\Administrator with the password
Pa55w.rd.
2. Go to Server Manager then Tools and select Active Directory
Users and Computers.
3. Expand Adatum.com and click on the Users container. Refresh the
console and verify that the DHCP Administrators and DHCP Users
groups are present.
4. In the properties of DHCP Administrators group add Adatum\Abbi
Skinner. DHCP Administrators have administrative privleges on DHCP
services.
 5. In the Properties of the DHCP Users group add Adatum\Dante
Dabney. DHCP Users have view-only access to DHCP services.
6. In the Server Manager dashboard, select DHCP, scroll down to
Services, right-click and Restart Services.

We are restarting the DHCP Service so we don’t have to wait for

the permissions to propagate.

Verify the administrative and user access permissions

1. Return to LON-SVR1 and sign in as Adatum\Abbi with password
Pa55w.rd.
2. Open Server Manager, on the Tools menu, open the DHCP
management console.
3. Right-click DHCP, select Add Server, This authorized server.
4. Add both LON-DC1 and LON-SVR1, and then apply your changes.
The servers should be added to the console navigation pane.
5. Right-click LON-SVR1.adatum.com, and select unauthorize, click
Yes to verify your choice.
6. Notice the Access Denied message. You must be a Enterprise
Administrator to authorize/unauthorize DHCP servers. Just because a
task is available does not mean a DHCP Administrator or DHCP user
will have the permissions to do that task.
7. Abbi, DHCP administrator, would be able to create and modify DHCP
setttings. Dante, DHCP User, would only be able to view the settings.
8. You can stay logged in as Abbi to test her permissions in the next
exercises, or you can sign out and sign in as the
Adatum\Administrator.

DHCP Relay Agent

In this exercise, you will install and configure a DHCP relay agent.
 1. Sign in to EU-RTR as Adatum\Administrator with the password
Pa55w.rd.
2. In Server Manager, Tools menu, open Routing and Remote Access.
3. Add the DHCP relay agent to the router on EU-RTR:
• In the navigation pane, expand EU-RTR (local), expand IPv4,
right click General, and then click New Routing Protocol. Notice
your other choices.
• In the Routing protocols list, DHCP Relay Agent, and then click
OK.
4. Configure the DHCP relay agent.
• In the navigation pane, right click DHCP Relay Agent, and then
New Interface.
• In the New Interface for DHCP Relay Agent dialog box, click
London_Network, and then click OK.
• Right-click DHCP Relay Agent, and then Properties.
• Server Address: 172.16.0.11, Add, OK. (This is the IP Address of
LON-SVR1. The server on which you just installed DHCP.)
5. You have now configured a DHCP relay agent on EU-RTR. Clients
needed a DHCP server can go through EU-RTR to LON-SVR1.
6. Close Routing and Remote Access.

DHCP Scopes (GUI)

In this exercise, you will create and configure a DHCP scope. This exercise
requires the DHCP server role to be installed on the server.

Create a new DHCP scope

1. Sign in to LON-SVR1 as Adatum\Administrator with the password
Pa55w.rd.
2. In Server Manager, from the Tools menu, select the DHCP console.
3. Right-click IPv4, and select New Scope. Create a new scope with
these values:
• Name: Branch Office
• Description: Redmond satellite office
• IP Address Range: 172.16.0.100 – 172.16.0.200
 • Length: 16
• Subnet Mask: 255.255.255.0
• Exclusions: 172.16.0.190 – 172.16.0.200 (don’t forget to click
Add)
• Continue through the pages, notice the default Lease Duration of 8
hours.
• Options: Router 172.16.0.1 (IP Address for EU-RTR virtual
machine). This means client will receive this information so they will
know about the DHCP relay agent.
• Accept the remaining default settings for DNS and WINS and
Activate the scope.
4. Expand your new scope and select Address Pool. Verify the address
range for distribution. Verify the IP addresses excluded from
distribution.
5. Select Address Leases and verify there are not leases.

Configure LON-CL1 to automatically receive IP addresses

1. Sign in to LON-CL1 as Adatum\Administrator with the password
Pa55w.rd.
2. Open the Network and Sharing Center, click Change Adapter
Settings, right-click London_Network, and select Properties.
3. Select Internet Protocol Version 4 (TCP/IPv4), and then click
Properties.
4. Make the following change
• Obtain an IP address automatically
• Obtain DNS Server address automatically
5. Open a command window and run the ipconfig /all command.
6. Notice the IP Address. Is it in the range 172.16.0.100 – 172.16.0.200?
7. Notice the Lease Obtained and Lease Expired dates. The default lease
was 8 days.
8. Notice the Default Gateway (Router), 172.16.0.1, was assigned by the
scope.
9. If your settings do not look correct, you may need to run ipconfig
/renew.
10. Take a minute to return to LON-SVR1 and verify in the DHCP
management console, that the Address Leases includes the new IP
address for LON-CL1.
 As an Administrator, you should have a plan for deciding which IP
addresses to exclude from dynamic assignment. For example, you
might always exclude the first 10 addresses or the last 20
addresses. This will depend on how many static IP addresses you
need to assign. By being consistent in how those addresses are
selected it will be easier to administer large number of clients.

DHCP Scopes (PowerShell)

In this exercise, you will add a DCHP IPv4 scope, provide an exclusion
range, set the default router, and activate the scope.

Note: If you need help with the PowerShell commands there is a suggested
script at the end of the exercise. You can copy the commands into the lab
environment using the instructions at the beginning of this document. But,
do try to construct the commands yourself.

Create a scope

1. Sign in to LON-SVR1 as Adatum\Administrator with the password

Pa55w.rd.
2. Open an elevated PowerShell prompt. If you like, use the Properties
on the window to increase the font size, and change the coloring.
3. Read about the Add-DhcpServerv4Scope cmdlet. If prompted, do
not update the Help files.
Get-Help Add-DhcpServerv4Scope –ShowWindow
4. Use the command to add a scope from 192.168.0.100 to
192.168.0.200. Name the scope BranchOffice2 and use the
255.255.0.0 subnet mask.
5. Use Get-DhcpServerv4Scope to verify your new scope. Make a note
of the ScopeID (192.168.0.0).
6. Read about the Add-DhcpServerv4ExclusionRange cmdlet.
Get-Help Add-DhcpServerv4ExclusionRange -showwindow
7. Use Add-DhcpServerv4ExclusionRange to add an exclusion
from 192.168.0.190 to 192.168.0.200.
8. Use Get-DhcpServerv4ExclusionRange to verify your new
exclusion.
9. Read about the Set-DhcpServerv4OptionValue cmdlet.
10. Use Set-DhcpServerv4OptionValue to specify a Router with
IP address 192.168.0.1. configure the router (default gateway) to be
applied at server level.
11. Use Get-DhcpServerv4OptionValue to verify your new
setting. Notice this is OptionID number 3.
12. Read about the Set-DhcpServerv4Scope cmdlet.
Get-Help Set-DhcpServerv4Scope -showwindow
13. Use Set-DhcpServerv4Scope to activate your scope.
14. Open the DHCP console (Server Manager\Tools\DHCP).
15. Verify your new scope with the exclusion range and router was
successfully created.

Answers (Script):
# Add a scope for BranchOffice2
Add-DHCPServerv4Scope –StartRange 192.168.0.100 –
EndRange 192.168.0.200 –Name BranchOffice2 –SubnetMask
255.255.255.0
# Verify the scope was added
Get-DHCPServerv4Scope -ScopeID 192.168.0.0 | Format-List
# Add an exclusion range for 192.168.0.190 – 192.168.0.200
Add-DHCPServerv4ExclusionRange –Scopeid 192.168.0.0 –
StartRange 192.168.0.190 –EndRange 192.168.0.200
# Verify the exclusion
Get-DHCPServerv4ExclusionRange –Scopeid 192.168.0.0 |
Format-List
# Configure a Server Option (3) for the router
Set-DhcpServerv4OptionValue –router 192.168.0.1
# Verify your Server Option
Get-DhcpServerv4OptionValue
# Activate your scope
Set-DHCPServerv4Scope –ScopeID 192.168.0.0 –State Active
# verify the state of your scope
Get-DHCPServerv4Scope -ScopeID 192.168.0.0.
 DHCP Options (GUI)
In this exercise, you will explore various DHCP options.

1. Sign in to LON-SVR1 as Adatum\Administrator with the password

Pa55w.rd.
2. In Server Manager, from the Tools menu, select the DHCP console.
3. Start by configuring a Server option.
4. Expand the IPv4 node and click Server Options. Notice there is
already a Router option.
5. Right-click Server Options and select Configure Options...
6. Scroll through the different options that you can create.
7. Select 004 Time Server, add LON-DC1.Adatum.com and ensure
that it resolves to the address 172.16.0.10 Click OK.
8. Ensure the entry was created successfully.
9. Now, create a Scope Level option.
10. Within the Scope [172.16.0.0] Branch Office, right-click
Scope Options, and then select Configure Options.
11. Notice that you have inherited the Server router option you have
just configured.
DHCP options can be applied to a Server, a Scope, a Class, or a
Reserved client. Plan your options carefully to avoid conflicting
information at the different levels. In the case of a conflict, the
more specific option will be applied.
 DHCP Reservations
In this exercise you will create a DHCP reservation.

Obtain LON-CL1’s MAC Address

1. Sign in to LON-CL1 as Adatum\Administrator with the password
Pa55w.rd.
2. Open Windows PowerShell.
3. Use ipconfig /all to get the MAC address. Make a note of it.

Use the MAC address to create a reservation

1. Sign in to LON-SVR1 as Adatum\Administrator with the password
Pa55w.rd.
2. In Server Manager, from the Tools menu, select the DHCP console.
3. Locate your scope, right-click Reservations and select New
Reservation.
4. Add a reservation with the following settings:
• Reservation Name: LON-CL1
• IP Address: 172.16.0.101
• MAC Address (you noted earlier): 00-15-5D-A3-97-EB
• Support Types: DHCP
5. Make sure the reservation is was added and is listed.

Test the DHCP reservation

1. Sign in to LON-CL1 as Adatum\Administrator with the password
Pa55w.rd.
2. Run ipconfig /release.
3. Run ipconfig /renew.
4. Verify the DHCP server has assigned LON-CL1 the reserved IP
address 172.16.0.101.
5. Return to LON-SVR1 and verify that 172.16.0.101 has been assigned
to LON-CL1 in the scope Address Leases node.
 Be sure you do not reserve an IP address that is already in use or
an IP address that is part of a DHCP exclusions list. If the address
is not assigned double check your MAC address.

Superscopes
In this exercise you will create a superscope.

Note: This exercise requires two DHCP scopes.

1. Sign in to LON-SVR1 as Adatum\Administrator with the password

Pa55w.rd.
4. Create a superscope. Right-click the IPv4 node and select New
Superscope.... Configure it as follows:
• Name: Superscope
• Scopes: Highlight the two scopes, Branch Office and Branch Office
2.
• Click Finish.
5. Notice the following:
• The two individual scopes are now bundled under the superscope
that you just created and can now be administered as single entity.
• Right-click the superscope and notice your choices: Deactivate, New
Scope, and Configure Failover.
• Select Display Statistics and review the information.

Multicast Scopes
In this exercise, you will create a Multicast scope.

1. Sign in to LON-SVR1 as Adatum\Administrator with the password

Pa55w.rd.
 2. Open the DHCP management console.
3. Right-click the IPv4 node and select New Multicast Scope... Using
New Multicast scope will ensure the IP address range is valid.
4. Configure it as follows:
• Name: Multicast Scope
• Address range: 224.0.0.100 to 224.0.0.200.
• For all other values, accept the defaults in the Wizard and activate
the scope.
4. In the DHCP server console, expand Multicast Scope and view the
Address Pool values and Address leases.
5. Right-click Multiscope Scope, select Properties, and then the
Lifetime tab.
6. Notice you now have the ability to designate a Multicast scope
lifetime value for the scope of infinite, or a set a specific expiry date.
For example, during the broadcast times.
7. Remember that a multicast scope is always in the 224 IP address
range.

DHCP Policies
In this exercise you will create, configure, and view two Server Level policies
and a Scope Level policy.

1. Sign in to LON-SVR1 as Adatum\Administrator with the password

Pa55w.rd.
2. Open the DHCP management console.
3. Go to the IPv4 node, right-click Policies node and then select New
Policy… Create a new server Level Policy based on the MAC Address
of LON-CL2. Configure the policy as follows:
• Policy Name: LON-CL1 MAC Address Policy
• Policy Conditions:
• Criteria (notice your other choices) = MAC Address
• Operator = Equals
• Value = 00155DA397EB
• Notice you could add/or another condition.
 • Policy Settings:
• Vendor Class = DHCP Standard options
• Option = 004 Time Servers
• Server Name = LON-DC1
4. Create a new Server Level Policy for Remote Access clients and
configure it as follows:
• Policy Name: Remote Access Policy
• Policy Conditions:
• Criteria = User Class
• Operator = Equals
• Value = Default Routing and remote Access Class
• Policy Settings:
• Vendor Class = DHCP Standard options
• Option = 006 DNS Servers
• Server Name = LON-DC1 (We add LON-DC1 as the DNS
Server because we have only one DNS server available in our
environment, but it’s also possible to set up a second DNS
server that is used by clients accessing your network
remotely.)
5. View the policies you have just created in the DHCP console, and move
one up over the other to change the order in which they are run.
6. Select a scope and then New Policy (under the scope). Create a new
Scope Level Policy based on the LON-CL1 MAC Address and configure
it as follows (this requires an active scope).
• Policy Name: LON-CL1 IP Scope Policy
• Policy Conditions:
• Criteria = MAC Address
• Operator = Equals
• Value = 00155DA397EB
• Policy Settings:
• Start Address = < your choice based on existing scope>
• End Address = < your choice based on existing scope>
• Vendor Class = DHCP Standard Options
• Available Options = 042 NTP Servers
• Server Name = LON-DC1
7. Review what you have done. Notice there are Server level, and Scope
level policies. Do you see the difference and why you would choose
one over the other?
You can also use Filters in the DHCP Console to Allow or Deny
DHCP services to specific clients based on their MAC Addresses.
This is also known as MAC Address Filtering. Additionally, you
can define specific hardware types to be allowed or defined DHCP
services such as Fiber Channel, IEEE 802 and many more. This can
be configured in the IPv4 Properties dialogue box by clicking the
Filter tab and clicking the Advanced button, and then selecting
the hardware type. Uncheck the checkbox to apply filtering to any
of the hardware types listed. You should try creating and enabling a
Filter yourself, using the virtual lab machines.
 Module 2 – DHCP Advanced

DHCP Split Scopes

In this exercise you will create a Split-Scope. You will need two DHCP
servers for this exercise.

1. Sign in to LON-SVR1 as Adatum\Administrator with the password

Pa55w.rd.
2. Create a new scope for the 172.0.2.100 to 172.0.2.200 range.
3. Right-click your new scope and select Advanced…,and then Split –
Scope.
4. In the DHCP Split-Scope Configuration Wizard add LON-
DC1.Adatum.com with IP Address 172.16.0.10 as the additional
server.
5. On the Percentage of Split screen, select an 80/20 split between the
Host DHCP Server (LON-SVR1) and the Added DHCP Server (LON-
DC1).
6. Specify a Delay in DHCP Offer for the Added DHCP Server of 5
milliseconds.
7. Still on LON-SVR1 verify that the Address Pool under this scope has
80% of addresses available to it and that there’s an exclusion listed
which accounts for 20% of the overall addresses.
8. Go to LON-DC1 and verify the scope that you configured on LON-
SVR1 is now present on LON-DC1 and that there is an address pool
which has 20% of addresses available to it with an exclusion list for
80% of the addresses.
9. Activate the new scope on LON-DC1.

DHCP Failover
In this exercise you will configure and verify DHCP Failover.

Create a new scope for high availability

1. Sign in to LON-SVR1 as Adatum\Administrator with the password
Pa55w.rd.
2. Create a new Scope on LON-DC1 and configure it as follows:
• Name: HA Scope
• Start IP Address: 172.16.1.210
• End IP Address: 172.16.1.225
• Subnet range: 255.255.255.0
• Accept the defaults for the remainder of the wizard and activate
the scope.

Configure DHCP failover

1. On LON-SVR1, right-click your new scope and select Configure
Failover...
2. Add LON-DC1 as the Partner Server. If prompted provide the
administrator credentials.
3. Complete the Create a new failover relationship page with the
following configuration:
• Relationship Name: take the default
• Max Client Lead Time: default
• Mode: Hot Standby
• Role of Partner Server: Standby
• Address reserved for standby server: 5%
• State Switchover Interval: default – disabled
• Enable Message Authentication: Enabled
• Shared Secret: Pa55w.rd
4. Click Next and complete the wizard.
5. If you return to LON-DC1 and refresh the DHCP console you will see
the new scope has been propagated to this server. Viewing the
Properties and selecting the Failover tab will verify the settings

View the configuration details

1. On LON-SVR1, open the DHCP console, right-click the server and
Stop the service.
2. Notice a red arrow now appears beside the IPv4 node.
3. On LON-DC1, open the DHCP console.
 4. Open the IPv4 Properties, select the Failover tab, and then select
Edit. Notice the State of this server reports lost contact with
partner.
5. Click the Change to partner down button. In the prompt, note the
current state (communicated interrupted), and change to partner
down. You can control how these states change, whether
automatically or manually, and when these states change through the
State Switchover Interval settings..
6. Sign in to LON-CL1 and open a command prompt.
7. Run the command ipconfig /release.
8. Run the command ipconfig /renew to obtain a new lease. This will
take longer than usual while LON-CL1 tries to find a DHCP server.
9. Run the command ipconfig /all to list network configuration details.
10. Notice LON-DC1, 172.16.0.10, is now the DHCP server.
11. Verify LON-DC1 issued a lease to LON-CL1. The lease doesn’t
have to be within the high availability scope.
12. Return to LON-SVR1 and start the DHCP service.
13. Check the IPv4 node properties, Failover tab and Edit button.
Notice it is in a Recover Wait state. In this state, the server will wait
for the MCLT in order to ensure that any processing that the server
might have done prior to losing its connectivity will not cause future
difficulties. A server in Recover Wait does not respond to DHCP client
requests.

DHCP Database Backup and Restore

In this exercise you will perform various tasks to administer and maintain
your DHCP database. Specifically, you will verify the DHCP database files,
create a backup, and restore a DHCP database.

Backup the DHCP database

1. Sign in to LON-SVR1 as Adatum\Administrator with the password
Pa55w.rd.
 2. Open File Explorer and go to the location
C:\Windows\System32\dhcp. Note the various database files
types.
3. Open the DHCP server console, right-click lon-svr1.adatum.com and
select Backup…
4. In the subsequent folder prompt, specify the location
C:\Windows\System32\dhcp\backup as the location and click
OK.
5. In File Explorer go to C:\Windows\System32\dhcp\backup and
verify the backup files that are present.

Restore the DHCP database

1. Return to the DHCP console, right-click lon-svr1.adatum.com and
select Restore…
2. Specify C:\Windows\System32\dhcp\backup as the location
where you can find the backup and click OK.
3. Accept the prompt to restart the DHCP Server service and click Yes.
4. Verify that you receive a prompt saying the database was restored
successfully and click OK.

Windows PowerShell commands

1. As you have time, experiment with Windows PowerShell backup and
restore commands.
2. To back up the DHCP data for all scopes, use the following command:
Backup-DhcpServer -ComputerName lon-svr1.adatum.com -
Path C:\Windows\system32\dhcp\backup
3. To restore the DHCP database, use the following command:
Restore-DhcpServer -ComputerName lon-svr1.adatum.com -
Path C:\Windows\system32\dhcp\backup

DHCP Database Export and Import

In this exercise, you will export and import a DHCP server configuration
using Windows PowerShell.
Export the DHCP database
1. Sign in to LON-SVR1 as Adatum\Administrator with the password
Pa55w.rd.
2. On LON-SVR1 and open the DHCP console.
3. Select a scope with a reservation and options.
4. In File Explorer, create a folder C:\ExportDHCP.
5. Open Windows PowerShell.
6. Export the DHCP server configuration.
Export-DHCPServer -file C:\exportdhcp\dhcp.xml
7. Open the file C:\ExportDHCP\dhcp.xml and view its contents.
8. What information does it contain?
DHCP configuration details such as class definitions, reservations, scopes,
filters, and leases.

Import the DHCP database

1. Change to LON-DC1.
2. In File Explorer, connect to the location \\LON-SVR1\C$ and copy
the folder C:\ExportDHCP to the local C: drive.
3. Open Windows PowerShell.
4. Import the DHCP server settings and lease details. You could just
import the leases.
Import-DHCPserver –File C:\exportdhcp\dhcp.xml –
BackupPath C:\Windows\System32\dhcp\backup
5. Click Yes when prompted to confirm you wish to import the settings.
6. Why was the –BackupPath parameter specified in the import
command?
It is a mandatory parameter and must be specified. This is because
the command will create a backup before doing an import to allow for
rollback if needed
7. Open the DHCP console.
8. Expand the IPv4 node and verify the information was imported.
9. Do you see when you would use export/import rather than
backup/restore?
 DHCP Audit Logs
In this exercise you will enable, configure and view audit logs for DHCP.

Review the DHCP audit log

1. Sign in to LON-SVR1 as Adatum\Administrator with the password
Pa55w.rd.
2. In Server Manager, open DHCP, right-click on the IPv4 node, and
select Properties. Notice where the DHCP database and backup are
being stored.
3. Open File Explorer and go to C:\Windows \System32\dhcp.
4. Locate and open the dhcpSrvLog-XYZ.log file.
5. Note the event codes at the top of the file.
6. Which Event ID flags a new IP Address being leased to a client?
Event ID 10
7. What are codes about 50+ used for?
Provides rogue server detection information.
8. Close the Audit log.

Configure audit logs using PowerShell (optional)

1. Open Windows PowerShell.
2. Identify a cmdlet that will allow you view the current settings for the
audit logs.
Get-DhcpServerAuditLog
3. Question: Find a Windows PowerShell command to disable audit
logging.
Set-DhcpServerAuditLog –enable $false
4. Restart the DHCP Server service.
5. Open the IPv4 properties dialogue and verify that auditing is now
disabled. You may need to refresh the DHCP console.
6. In File Explorer create a new folder called C:\DHCPAuditLogs.
7. Find a Windows PowerShell command to specify a new audit log
location of C:\DHCPAuditLogs and re-enable auditing.
Set-DhcpServerAuditLog –enable $true –Path
C:\DHCPAuditLogs
 8. Stop the DHCP Server service and then start the DHCP Server service.
A restart will not change the log path.
9. Open the DHCP console and verify auditing is now enabled again. Go
to the Advanced tab and verify the audit log path is now
C:\DHCPAuditLogs. You may need to refresh the console.
10. What type of data can you obtain from within the audit logs?
Answers will vary but items such as IP Addresses, MAC Addresses,
Relay Agent Information, and server authorized may be among the
answers.

DHCP Diagnostics
In this exercise you will configure and view DHCP statistics and then
examine Event Viewer entries.

Configure DHCP statistics

1. Sign in to LON-SVR1 as Adatum\Administrator with the password
Pa55w.rd.
2. In the DHCP console, right-click the IPv4 node and select
Properties.
3. In the General tab, check the Automatically update statistics
every: checkbox and enter zero hours and 5 minutes. Apply your
settings and close the properties dialog box.
4. Right-click the IPv4 node and select Display Statistics….
5. Notice the values that are present. If you haven’t already done so, you
should configure server scopes, and have clients receive IP addresses
to generate some data.
6. Close the Server Statistics dialogue box, right-click a scope, and
select Display Statistics….
7. Notice the Scope Statistics and data that is available in comparison
to what’s available at the server level.
8. Close the Scope Statistics dialog box.

View DHCP statistics and examine the Event Viewer

1. On LON-DC1 open Server Manager and from the Tools menu, select
Event Viewer.
2. In Event Viewer, go to Application and Services
Logs/Microsoft/Windows/DHCP-Server.
3. Click the Operations log and scroll through the events that appear. You
may see events such as:
• Scope Activation: Event ID 73
• Option Setting changes: Event ID 76
4. Close Event Viewer.
 Module 3 – DNS Basics

DNS Forwarders

In this exercise you will configure a DNS forwarder.

1. Login to EU-RTR as Adatum\Administrator with the password Pa55w.rd.

2. In Server Manager, go to Manage and select Add Roles and Features.
3. In the Add Roles and Features Wizard install DNS Server, accepting all the
defaults. Wait until the installation is successfully complete.
4. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.
5. In Server Manager, in the Tools menu, select DNS.
6. Right-click LON-DC1, and then click Properties.
7. Click the Forwarder tab and select Edit.
8. Add EU-RTR.adatum.com as the forwarding server, ensure it validates
successfully. You will see an error relating to no IPv6 address being available for
the host name in question. This is as expected. Delete this IPv6 error entry and
click OK.
9. Notice that Use root hints is no forwarders are available is checked.
10. Click the Root hints tab. Ensure that root hints servers display. Read the
description of a root hint. Notice that you can Add a root hint server.
11. Open a PowerShell prompt.
12. View cmdlets that pertain to forwarders.
Get-Command *forwarder*
13. View DNS forwarder information.
Get-DnsServerForwarder
14. Notice the UseRootHint property is set to True. If a forwarder is not available or
configured root hints will be used.
 15. The forwarder can typically be used for Internet addresses which are not
resolvable with internal name servers. Your ISP providers’ DNS server would be a
good choice for a forwarder.

DNS Conditional Forwarders

In this exercise you will view the options to configure conditional forwarders.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.

2. In Server Manager, in the Tools menu, select DNS.
3. Expand LON-DC1, right-click the Conditional Forwarders node, and select New
Conditional Forwarder…
4. Examine the following options:
• Specify a DNS domain.
• Enter the IP Addresses of the master servers.
• Store the conditional forwarder details in Active Directory and replicate the
details to all DNS servers in the domain or forest, or all Domain Controllers in
the domain.
• Number of seconds before forward queries timeout in seconds.
5. We will not configure a Conditional Forwarder now as we do not have a second
domain which can be validated successfully in our virtual machine environment.
6. You may close the New Conditional Forwarder dialogue.

DNS Monitoring

In this exercise you will review DNS Monitoring information.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.
2. In Server Manager, in the Tools menu, select DNS.
3. Right-click LON-DC1, select Properties, and switch to the Monitoring tab.
4. Select A simple query against this DNS server and A recursive query to other
DNS servers, and then click Test Now.
5. Test results should begin appearing.
• Notice that the Simple Query passes.
• Notice that the Recursive Query fails. This is normal given that there are no
forwarders configured for this DNS server.
• Notice that automatic testing is available at different test intervals. Use this
only while you are actively troubleshooting the DNS server.
6. Open a Windows PowerShell prompt.
7. Use Get-Service to view the status of the Windows DNS Server and DNS Client
services. Notice both services are Running.
Get-Service *dns*
8. Use Stop-Service to stop the DNS service. Verify your results.
Stop-Service DNS
9. Return to the DNS Manager and test the Simple Query. Notice the Simple Query
now fails.
10. Use Start-Service to start the DNS service.
Start-Service DNS
11. Verify the Simple Query test now passes.
12. Right-click LON-DC1, select Properties, and then click on the Debug Logging
tab.
13. Check the Log packets for debugging checkbox option and click OK.
14. Run some additional Monitoring tests.
15. Go to the folder %SystemRoot%\System32\Dns and open the dns.log. This is
where the output can be viewed and analyzed.
16. Note: You may need to refresh the console and wait a moment while the log file
is populated with information.
17. Review the dns.log file. At the top of the file is logging key for information about
the packets.
18. Be sure to turn off Monitoring and Debugging.
 DNS Event Logging

In this exercise you will use review Monitoring and Event Logging information.

1. In the LON-DC1 Properties window, select the Event Logging tab.

2. Read about how the DNS event log maintains a record of errors, warnings, and
other events encountered by the DNS server. Different logging levels are
available and you can use this information to analyze server performance.
3. In Server Manager, go to Tools, and then Event Viewer.
4. In Event Viewer go to Applications and Services Logs and select DNS Server.
5. There are Informational events. For example, Event ID 2 indicates the DNS server
has started.
6. There are Warning events. For example, Event ID 4013 indicates the DNS server
is waiting on Active Directory Domain Services to signal synchronization has
completed.
7. There are Error events. For example, Event ID 408 indicates the DNS server could
not open a socket.
8. All events provide a detailed Description and usually a Help and Support Center
link.
9. In the Server Manager dashboard, select DNS main page, scroll down to Events.
Under Tasks, enable Informational events. These are the same logs you viewed
in Event Viewer.
10. Notice the presence of the same log events as you saw in the DNS Global Logs
earlier, however there are more options available in Event Viewer to manage,
configure Alerts, and filter the logs.
 DNS Host Records

In this exercise you will configure DNS host resource records using the DNS console.

Create a host record using DNS Manager

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.
2. In Server Manager, in the Tools menu, select DNS.
3. In the DNS Manager console, expand LON-DC1, expand Forward Lookup
Zones, and select Adatum.com.
4. Notice a number of resource records have already been created. These are mainly
A records for the servers and client computers.
5. Right-click Adatum.com and notice the selection options to create a New Host
(A or AAAA), New Alias (CNAME), New Mail Exchanger (MX), and Other New
Records...
6. Select Other New Records... and view the large number of resource records that
are available. Select a record of interest and view the description that is provided.
7. Return and select New Host (A or AAAA). Add a new host record to ensure
www.adatum.com will be resolved to a specific IP address.
• Name: www
• IP address: 172.16.0.200
8. Verify your new A record was added to the Adatum.com Forward Lookup Zone.

Create a host record using Power Shell

1. Open a Windows PowerShell prompt.
2. View cmdlets that pertain to resource records.
Get-Command *resourcerecord*
3. View all the adatum.com resource records. Notice the zone name is required.
Get-DnsServerResourceRecord -ZoneName adatum.com
4. Use Add-DnsServerResourceRecordA to ensure ftp.adatum.com is resolved to
IP address 172.16.0.201. Specify a TimeToLive value of 120 seconds.
 Add-DnsServerResourceRecordA -Name ftp -IPv4Address 172.16.0.201 -
TimeToLive 00:02:00 -ZoneName adatum.com
5. Return to the DNS Manager tool, Refresh the page, and verify the new record
was created.
6. Login to LON-CL1 as Adatum\Administrator with the password Pa55w.rd.
7. Open a PowerShell prompt and test connectivity to ftp.adatum.com.
ping ftp.adatum.com
8. Note that ftp.adatum.com resolves to 172.16.0.201, however you receive a
message that the destination host is unreachable. This is because the IP address
does not exist in our virtual machine network.
9. Verify the ftp.adatum.com information is now available in the DNS client cache.
The cache is populated even though you were not able to successfully ping the
server.
Get-DNSClientCache
10. Note the TimeToLive value associated with the record. Once the TimeToLive value
(2 minutes, 120 seconds, as specified in the 00:02:00 value) has expired, the
record will be cleared from the cache. Wait for the 120 seconds, view the client
cache again and verify the record is no longer cached locally.

DNS Dynamic Updates

In this exercise you will verify the functionality of dynamic updates.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.

2. Open DNS Manager, expand the Forward Lookup Zone node, and select the
adatum.com zone.
3. Verify there is a record present for LON-CL1.adatum.com with an IP address of
172.16.0.50.
4. Login to LON-CL1 as Adatum\Administrator with the password Pa55w.rd.
5. Click the Start button and type services.msc to open the Services console.
 6. Locate the DNS Client service, in the service properties dialogue set the startup
type to Disabled, apply the setting and then Stop the service in the same
dialogue. Click OK to close the dialogue. Make sure the service is disabled.
7. Open the Network and Sharing Center, change adapter settings, right-click
London_Network, double-click Internet Protocol v4, change the IP address
assigned to 172.16.0.60.
8. Return to LON-DC1 and refresh the adatum.com zone.
9. Wait a minute and continue to refresh the adatum.com zone. Verify that the
record value does not change.
10. Return to the LON-CL1, open the services console, locate the DNS Client service
again and this time set the Startup type to Automatic. Apply your settings and
then Start the service.
11. Return to LON-DC1 and refresh the adatum.com zone.
12. Verify the LON-CL1 record has now been dynamically updated to the newly
assigned IP address 172.16.0.60.

Aging and Scavenging (DNS Manager)

In this exercise you will configure TTL, zone aging, and DNS server scavenging.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.

2. Open the DNS Manager, expand LON-DC1, expand Forward Lookup Zones,
right-click Adatum.com, and then click Properties.
3. Select the Start of Authority (SOA) tab.
4. In the Minimum (default) TTL box, type 2. Notice this setting is in hours, but
you can specify seconds, minutes, hours or days.
5. Apply your changes and return to the DNS Manager main page.
6. Right-click LON-DC1, and notice the Set Aging/Scavenging for All Zones and
Scavenge Stale Resource Records settings. These are DNS server level settings.
7. Select Set Aging/Scavenging for All Zones.
• Check the Scavenge stale resource records check box.
 • Read about the No Refresh and Refresh Internal settings. Notice the
defaults are 7 days. Change the value to 5 days for both.
• Click Okay to save your changes and click the checkbox to Apply these
settings to the existing Active Directory-integrated zones.
8. Refresh the DNS management console go to the Adatum.com zone right click
the SOA record and choose Properties.
9. In the General tab click the Aging button and notice the 5 day values present
now for No-refresh and Refresh interval values.

Active Directory Integrated Primary Zones

In this exercise you will create a primary zone that is stored in a local file.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.

2. In Server Manager, in the Tools menu, select DNS.
3. Expand LON-DC1, right-click Forward Lookup Zones, and then select New
Zone…
4. Create a zone with the following details.
• Zone Type: Primary Zone
• Check the box: Store in Active Directory
• Replication scope: To all DNS servers running on domain servers in the
domain
• Zone Name: ADZone.com
• Dynamic updates: Allow only secure dynamic updates
5. Open a Command Prompt and type ADSIedit to launch the LDAP editor. This is a
tool that can be used to manage and view records in the Active Directory
database.
6. In the console tree, right-click ADSI Edit, and then select Connect to...
7. In the Connection Point section click the Select or type a Distinguished Name
or Naming Context radio button.
8. Type the following text in the field.
DC=DomainDNSZones,DC=adatum,DC=com and click OK.
 9. Once successfully connected, in the console tree again, expand default naming
content [LON-DC1.Adatum.com] then
DC=DomainDNSZones,DC=adatum,DC=com the CN=MicrosoftDNS followed
by DC=Adatum.com.
10. Notice all the resource records are listed as objects, double click some records
and view their properties. These are the objects that get replicated between DNS
Servers which have Active Directory-Integrated zones.
11. Notice also that all the root hint servers are listed under the
DC=RootDNSServers section.
12. Do not make any changes in ADSI Edit.

DNS Reverse Lookup Zones

In this exercise you will create and configure a reverse lookup zone.

Create a reverse lookup zone

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.
2. In Server Manager, in the Tools menu, select DNS.
3. Expand LON-DC1, right-click Reverse Lookup Zones, and then select New
Zone.
4. Read about the different types of zones (Primary, Secondary, and Stub).
5. Create a Primary Zone and indicate you want to Store the zone in Active
Directory.
6. Select how you want the information replicated in Active Directory: To all DNS
servers running on domain controllers in this domain: adatum.com.
7. On the Reverse Lookup Zone Name page select IPv4 Reverse Lookup Zone.
8. Enter the Network ID, which is 172.16.0
9. On the Dynamic Update page choose to Allow only secure dynamic updates.
10. Finish the wizard and verify you have a new Reverse Lookup Zone, in the format
0.16.172.in-addr.arpa.
 11. Notice that by default, SOA and NS record types have been created.
12. In the DNS management console go to View then Advanced and return to the
Reverse Lookup Zone node.
13. Notice the presence of three additional Reverse Lookup Zones present i.e. 0.in-
addr.arpa, 127.in-addr.arpa and 255.in-addr.arpa. These are auto generated
by DNS for 0.0.0.0, loopback and broadcast functions. This means the DNS
server is authoritative for these reverse lookup zones.
14. Go to the Forward Lookup Zone, Adatum.com, and create an A record with the
following details.
• Name: LON-SVR3
• IP address: 172.16.0.88
• Check the box to Create associated pointer (PTR) record
15. Verify the A record has been successfully created in the adatum.com Forward
Lookup Zone.
16. Go to the Reverse Lookup Zone, then click on 0.16.172.in-addr.arpa and verify
the PTR record has also been created successfully. Be sure to refresh the
console.

View zones using PowerShell

1. Open a Windows PowerShell prompt.
2. View cmdlets that pertain to DNS server zones.
Get-Command *zone*
3. View the existing DNS server zones. Verify the reverse lookup zone you just
created exists.
Get-DnsServerZone
4. Notice that the presence of the auto generated reverse lookup zones as well as
the one you created earlier.
5. Which cmdlet could be used to create a Reverse Lookup Zone?
Add-DNSServerPrimaryZone

DNS Troubleshooting
In this exercise you will troubleshoot DNS client problems.

1. Login to LON-CL1 as Adatum\Administrator with the password Pa55w.rd.

2. Open a Windows PowerShell prompt.
3. View cmdlets that pertain to DNS clients.
Get-Command *dnsclient*
4. View information about the client’s DNS server address. Notice that Interface
Index 11 is using DNS server 172.16.0.10. with the InterfaceAlias name of
Ethernet.
Get-DnsClientServerAddress
5. Test the ability to resolve host names like LON-SVR1. Notice an A resource record
is returned for LON-SVR1 with an IP address of 172.16.0.11.
Resolve-DnsName LON-SVR1 -DnsOnly
6. View the client cache and confirm LON-SVR1 information is now available locally.
Get-DnsClientCache
7. Use Set-DnsClientServerAddress to configure the DNS server address
172.16.0.20 on Interface Index 11. This is not the DNS server. We are purposely
incorrectly configuring the DNS server information.
Set-DnsClientServerAddress -InterfaceIndex 11 -ServerAddresses
172.16.0.20
8. Try to resolve the LON-SVR1 host name. Notice that a timeout error occurs and
the host name is not resolved. The Resolve-DNSName cmdlet forces a DNS
name resolution query, as such we do not reference the cache and even though
there is a value it is not referenced using this command.
Resolve-DnsName LON-SVR1 -DnsOnly
9. Use Set-DnsClientServerAddress to correct your DNS server settings to DNS
server address 172.16.0.10 on Interface Index 11
Set-DnsClientServerAddress -ServerAddresses 172.16.0.10 -InterfaceIndex
11
10. Verify host name resolution is now working.
Resolve-DnsName LON-SVR1 -DnsOnly
 DNS Cache Locking

In this exercise, you will configure DNS Cache Locking.

Note: If you are running a lab instance from a previous lesson you should end the lab
session and start a new one to ensure you have a clean virtual machine environment to
work in. The lab steps are based on a new lab instance.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd

2. Open the DNS management console, right-click on LON-DC1, select Properties,
and then the Advanced tab.
3. In the server options: list locate the Secure cache against pollution option and
uncheck the box to disable it. Click OK to apply your setting change.
4. Open a Windows PowerShell console.
5. View commands that pertain to the server cache.
Get-Command *servercache*
6. Which PowerShell cmdlet would you use to view details about cache locking?
Get-DNSServerCache
7. Run the command and verify the EnablePollutionProtection value is False. This
indicates cache locking is not enabled.
8. Use Set-DNSServerCache to enable cache locking with a locking percent of 90.
Set-DNSServerCache -PollutionProtection $True -LockingPercent 90
9. Use Get-DNSServerCache to verify cache locking has been enabled with a
locking percent of 90.
10. Open the DNS management console, right-click on LON-DC1, select Properties
and open the Advanced tab.
11. Verify the Secure cache against pollution checkbox is now checked. You may
need to refresh the console to view the updated value.
 12. Note: It is also possible to configure the cache locking feature using the
command line tool dnscmd.

DNS Socket Pools

In this exercise you will use PowerShell and Dnscmd to configure DNS socket pools.

Configure the DNS socket pool using PowerShell

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.
2. Open a PowerShell prompt.
3. Pipe the output of Get-DNSServer to a file so it is easy to view and search the
DSN server settings.
Get-DNSServer > C:\ServerSettings.txt
4. Open the C:\ServerSettings.txt file and search for the term socket.
5. Within the ServerSettings section there are two settings of interest.
• SocketPoolSize defines how large the socket pool is and has a value of 2500.
• SocketPoolExclusionPortRanges defines the range of ports excluded from
the socket pool. There are no exclusions defined.
6. Export the current configuration to an XML file. This will make it easier to edit.
Get-DnsServer -ComputerName "LON-DC1.Adatum.com" | Export-Clixml -
Path "c:\DnsServerConfig.xml"
7. Change the SocketPoolSize setting in xml file to 5000.
8. Return to the PowerShell console and import the xml file into an object.
$x = Import-Clixml "c:\DnsServerConfig.xml"
9. Configure the DNS service to use the imported object.
Set-DnsServer -InputObject $x -ComputerName "LON-DC1.Adatum.com"
10. Note: If you receive an error on either of the previous two commands, run them
again in order, and ensure each command completes successfully.
11. Verify the SocketPoolSize value is now 5000.
Get-DNSServer
Configure the DNS socket pool using Dnscmd
1. A simpler way to configure to the DNS socket pool is to use the Dnscmd utility.
2. Open a command prompt and view the current DNS socket pool setting.
Dnscmd /Info /SocketPoolSize
3. Verify the socket pool size is 5000, as was set earlier.
4. Change the DNS socket pool size to 2500.
Dnscmd /Config /SocketPoolSize 2500
5. Verify the SocketPoolSize value is 2500.
Dnscmd /Info /SocketPoolSize

Module 4 – DNS Implementations

GlobalNames Zone

In this exercise you will create and configure a GlobalNames Zone.

1. Login to LON-DC1 as Adatum\Administrator with the password Pa55w.rd.

2. Use File Explorer to connect to \\FileServer\C$. The name will not resolve.
3. Open a Windows PowerShell prompt.
4. View cmdlets that pertain to the GlobalNames Zone.
Get-Command *globalname*
5. View information about the GlobalNames Zone. Notice this feature is not
enabled.
Get-DNSServerGlobalNameZone
6. Enable the GlobalNames Zone.
Set-DNSServerGlobalNameZone -Enable $true
7. In the DNS management console create a Forward Lookup Zone with the
following settings.
• Zone Type: Primary and Store the zone in Active Directory
 • AD Replication Scope: To All DNS Servers running on DCs in this Forest:
Adatum.com
• Zone Name: GlobalNames (this is not case sensitive)
• Dynamic Updates: Do not allow dynamic updates
8. Notice that SOA and NS record types have been automatically created for the
new zone.
9. Create a New Alias (CNAME)... record type.
• Alias name: FileServer
• FQDN for target host: LON-SVR1.adatum.com (Click Browse, double-click
LON-DC1, select Forward Lookup Zones, select Adatum.com. Continue to
drill-down until you can add LON-SVR1.adatum.com.
10. You have now configured the GlobalNames zone. A CNAME record is configured
so fileserver will resolve to LON-SVR1.adatum.com.
11. Use File Explorer to verify \\FileServer\C$ now resolves correctly.

Secondary Zones and Zone Transfers

In this exercise you will use DNS Manager to create and configure a secondary zone.

Create a Secondary Zone on EU-RTR

1. Login to EU-RTR as Adatum\Administrator with the password Pa55w.rd.
2. If the DNS Server role is not already installed on EU-RTR, use the Roles and
Feature Wizard in Server Manager.
3. After the role is installed, open the DNS Manager.
4. Right-click Forward Lookup Zones and create to a New Zone with the following
settings.
• Zone Type: Secondary zone
• Zone Name: Adatum.com
• Master DNS Server: LON-DC1.Adatum.com (Ensure the lon-dc1.adatum.com
validates successfully.)
5. You now have a secondary zone for adatum.com on EU-RTR.
Copy the Secondary Zone to EU-RTR
1. Right-click the new Adatum.com secondary zone and select Transfer from
Master. Notice the error and the red mark over the new zone, saying Zone not
loaded by DNS Server.
2. Go to LON-DC1, right click the Adatum.com zone and select Properties.
3. Click the Zone Transfers tab and check the Allow zone transfers: check box.
4. Check the To any server radio button. You could be more specific, but we will
keep it simple.
5. Continue and apply your changes.
6. Return to EU-RTR and refresh the DNS management console.
7. Right-click the adatum.com secondary zone and select Transfer new copy of
zone from Master.
8. Verify the zone gets populated on EU-RTR. You may need to refresh the console
or retry the transfer.