Interesting few days here at the….whatever camp this is (stevie bs chicken a la king a la carte?). Had the opportunity to install a massive number of laptops for testing purposes. I walked into a room with 3 pallets of netbooks and thought I had arrived at an all
you can eat buffet of technology setting up. It was awesome. Also got to take a field trip to a bar that specializes in comic books. Very amazing, they have a good selection and seem knowledgeable about beer and comics. That’s a rare find. I like good beer but it sure
does sit heavy on the stomach and ABV. I could seriously see that being an amazing establishment for a dude that’s reached the depths of nerdom that I have to go and buy this week’s issues or a trade and sit and drink beer while being totally oblivious to any social activities that might be going on. Yeah if I was a working man I would probably do that often. I guess I can do that at home and drink coffee as I recently discovered my local library has a large amount of x-men trades that will probably take me years to read though. I would like to read through them all though because im just that nerdy and they are just that free.

So we have a lot of 4 questions today and then I go through the prep exam until im hitting the 90s then consider testing again or trying to get a passing score on the 70-411 test. I’ve decided that im not going to study the math portion at this point because it feels like a black hole where I know what’s on the test and I have no idea where to find the resources to study for it. Which leads me to the realization that I possibly just wont do well on that portion and hopefully I can skate by on my core server skills sets.

The first question displays an error that would show up if you created a security group as a distro group. Distro groups have very limited use and to be honest outside of exchange im not sure what they are used for. Or how their creation and existence works within office 365.  Actually im unsure of a whole lot of things when it comes to the actual implementation of office 365, hopefully Ill get to see it use in an office one day. Or a homeless shelter.

This is the first time I have heard of a DACL. I guess this is kind of a one off issue as its using powershell. Surely there is a way to convert in the GUI. Might not be a bad thing to look up. Of course we come across a real gem of a video, how did this guy program
himself into server like that one video from MTV!!!?!

Jokes aside this idea of mail enabled groups, is this possible with security groups? Man this makes me feel like such a n00b. This video isn’t exactly helpful for this question but it is amusing.

On a more serious note this is possibly the best video or general source of information about groups that I have seen so far and it does explain the ideas mentioned above although it doesn’t explain how to convert in the GUI.

Although this is fairly helpful in that regard even though its a little old its a great article with screenshots.

From what I understand which is limited, since everything is theoretical and nothing in practice, a server should pretty much never be assigned an IP using DHCP. Im not completely sure why as network resources on computers using DHCP are still available but I think that’s just how it works for some reason. I understand thinks like DNS servers have to have static ips as the address is given when DHCP occurs but other than that Im not exactly clear on why. Even that though, shouldn’t a DHCP server be smart enough to recognize a DNS server and realize the address that its giving out then update itself? I suppose this could cause some errors in non renewed machines leading to a big headache in case of a restart. Anyway lets get on the actual question.

After looking at these two pieces of information I’m still only certain of a few things, register DNS has nothing to do with the problem, it appears to have an enabled NIC and judging by the answer this leaves something to do with DHCP that I have no idea how to actually deduce from the question.

So im going to argue not with the answer but the explanation, you should configure it with a static ip because its a server then refresh. It doesn’t make sense to say choose two right answers, that’s absurd. configure with a static ip and be done with it. Assuming that you
still have to run a renew after configuring a static ip otherwise the whole scenario just seems bunk. Im sure there is someone out there that could make this scenario make sense to me and I would like to meet that person as I have so many questions about servers
and DHCP.

This is one is really straightforward, if you need to reduce CPU clock cycles enable SR-IOV. Kind of the end of the story.

I took a little stay-cation break and have been preparing for a temp job this weekend. I have no idea what to do with money but Ill probably get some Wolverine TPB comics that
ive been trying to read for a while. I feel like my skill set as really improved as a result of this process. On twitter I shared that I got ~60% of the questions I got wrong on the last practice test right which hopefully I’ve committed a few more to memory which
would lead to a higher score going through all of the questions leading to my currently feared actual passing of the test. Its kind of weird I suppose to study for such a long period of time and become distracted in the waning days of study. However I may need to go
through the 411 to actually get a solid passing score on the actual 410 test. Im kind of hoping to go through the 411 and 412 pretest questions in this format as im sure they will be helpful in the future as I plan to continue on to server 16. The only way to ensure
success is constant study though a small break would be nice. However in my own personal worry I struggle with the idea that I may not pick back up with quite as much momentum so perhaps the best way is just not to take a break. Any way I feel that Network + should come in the breaks on server study as im kind of lacking in core network troubleshooting skills as its something that I have little to no hands on experience with. Obligatory personal paragraph out of the way lets get into it.

The most interesting note here is about the OU vs the domain group. Im not even exactly sure what they mean by “domain group” as it could be slightly more specific in the explanation. If you google “active directory domain group” no specific info comes up so I guess im unclear on exactly what they are talking about if its different from OU at this point in time.

After reading the answer it seems clear that deleting the DNS cache file on a server is a bad idea. Im curious about this though doesthis delete the whole zone or what exactly would that do?

Google isnt exactly clear on this point either. More research for a later date but it is an interesting topic. These are such helpful study resources and I feel like an experienced admin would know these things but someone studying to be an admin is clueless. I think
the point they are trying to make with this can be found in TechNet

I really like this question however I really wish that It was more specific in exactly where this configuration was taking place. So I configure the address of DNS in the DHCP server. Understood, no idea where though.

I did find a youtube video and if you pay real close attention around 2 minutes you can see a DNS tab, assuming that’s what’s going on.

This question comes up a whole lot so im glad they did a version of this question that was so plain.

The longer string converts to server core, the shorter one still leaves a few gui tools and desktop experience is not installed by default.

I realize Im one question shy of 5 but I’ve got 4 more set to blog from this round of questioning so im going to split them in half as opposed to doing a longer 8 question post.

Getting low on questions to go through and personal stuff to ramble about but job prospects are looking up. So I guess that’s a good thing. Keeping my hopes up! Let’s get into some server, mostly easier questions that require less explanation in this lot. On this first one it doesn’t seem like you could go from enterprise to standard but apparently that is a possible “upgrade” path.

For the most part I understand traffic aggregation as a concept and it seems rather obvious that if you adapters are connecting to two different switches that you have to use two different switches.

We talked about hashing mode before but its worth going over the difference between it and dynamic again as im still not 100% on the concepts. Honestly the text in the answer is
fairly helpful in this regard. So it basically ensures the packets travel the same nic when you enable load balancing algorithms.

The only thing important to know is that remove has been essentially replaced by uninstall. Also, with these its important to pay attention to how much GUI surface is described as being needed to be removed when considering the answers as the wording can get tricky in these cases.

This question is somewhat complicated and requires a degree of attention to be paid to what OS each machine is running. As you are going through a large stack of these and having to read massive amounts of information on each question it can get really easy to overlook key details. That said I still recommend marathon study sessions to get your stamina up so that few questions you have to answer while testing seems to be much easier.

I think that the answer in measureup part is good enough in this case as it kind lays everything out. However if you would like more information that is available in a TechNet article as well. Not sure why I didnt crop the explanation but hopefully you can still read what it says.

If you need to set the VM subnet you use the Set-VMnetworkadapter not much to discuss.

Kind of a short lot today but I’ve got about one more post to go through then I’m just going to start blogging questions that I get wrong on the pretest regardless of if I covered the material before as a method for studying. Hopefully I can get in the high 90s doing this
then take the test again and possibly pass.

Kind of a hectic few days at here at the chicken a la king domain HQ. I got a new phone in the process which is kind of amazing as I haven’t had a working smartphone in around 3 years. Back to work this morning. Feel like im getting close to understanding a good portion of the technologies involved in server. If I could just get undistracted from looking at Wolverine weapon x series comic books on ebay I would probably be doing a whole lot better as far as studying goes. Trying to read the 12 issues where logan gets infused with adamantium not sure exactly when he got his regenerative powers but possibly from this program? Or was that covered in the more recent Origins stories?
I have remember this stuff haha

Moving on we have a couple questions about protecting units from accidental deletion which has nothing to do with Wolverine’s regenerative powers (which seem to be part of the mutant powers he was born with) but there are several ways to protect AD object from accidental deletion which is what we are getting into with the first two questions. The first one of the two is about OUs which is basically like a GP folder and hopefully i’m not too far off on that explanation of the term.

and as you can see we are referencing some obscure long line of PS code and clearly NTDSutil is the wrong answer. Just not too much to say about this other than wondering what the rest of the PS code is to enable this feature.

The next question, as previously mentioned, is also dealing with accidental deletion but this time its just a confusing wording. These can get really confusing because sometimes you honestly have no idea what they are talking about and you have to mentally go through diagramming sentences to start to understand these things. So i’m assuming this OU has already been created and you need to then add protection to it? Honestly
not sure.

After reading the answer it seems like accidental deletion in this case is an idea that doesn’t directly correlate with anything that says “prevent from deletion” but you have to go through a process to enable some thing that correlates to the idea in a more or less accurate fashion.

I’m not exactly clear on what user account properties are, I’m assuming things like address but this is exactly clarifying it for me. However if I knew what it was perhaps I could be more pointed in understanding it so that I could answer this better:

google image search is seeming to indicate that its basically any thing associated with the account other than the name so this actually makes sense as to using directory service changes.

Easy print requirements, pretty straight forward. The only article I find on the subject seems woefully inadequate when discussing requirements so im not sure where to double check this. I guess Ill just have to trust this one but I haven’t seen anything like this on an actual test.

SRP hash verses publisher rules are fairly simple. If they say signed or unsigned, if it’s signed you know its a publisher rule. However, in this case it doesn’t indicate those things.

This one seems to mostly make sense as SRP and applocker rules are slightly different in form and if not overlapping in function.

This is honestly kind of straightforward as server 2 seems like an option but as you can see from the example its running 2008, attention to detail, very important.

Had a little trouble getting into gear with blogging the past couple days but I have been going through the 59 questions I missed the last time around on the measureup questions. I feeling like my knowledge of server outside of IP configurations is getting really good and thankful for the time Im getting to spend with it. Who knows what will happen or if I will get another chance to study it again after server 2016 comes out as I never imagined I would get this opportunity. Being poor isnt overly exciting but I suppose living an unpredictable existence is worth something. I also took some new screenshots of questions and mixed them in with edited and uploaded screenshots running the risk of duplicated questions but this is mostly for my own study purposes so if I cover an idea more than once I guess that just means im hopefully that much more familiar with it.

The first set today is about auditing permissions used to access a share, the idea is not just the username but the actual permissions that AD account has that allow it to access and object, if Im understanding the wording right. There really isn’t much complicated here other than correctly understanding the basic premise

One thing that I haven’t done related to this is find any material about auditpol settings and it seems like there is a fair amount of this so perhaps youtube has something for us? This first video is a perfect example of how not actually having a copy of server is
not necessarily a bad thing in that actual studies can be found. Its silent but its still fairly thorough though not specific to what this question is discussing.

This might be a little better as he is actually talking and explaining every step and hes using 2012 r2 however Im still not seeing audit detailed file share assuming its under the file folder then security? I guess we are just going to take measureups word on this for now and figure it out later. This is the part where having a running copy of server would be useful. However in practice it seems kind of like paying for the amount of up time that Hyper-V could provide and im a small company so at this point in time its out of my budget and I really doubt that it would provide a means for any actual income.

This one is really clear and I feel like I’ve gone over this before and I should know this by now, a DHCP relay agent requires remote access.

This next question is about a print server upgrade and the only thing thats actually of substance is the to me is the somewhat confusing wording as best practice seems to be to install another machine and migrate if you cant afford to have printers down at 3-4 in the morning. So maybe im confused about the intention. Perhaps they really did simply mean that they need the resources available after the upgrade? Is that just kind of a given?

For some reason I didn’t think that the exhibit in this was particularly exciting but the idea of a server using DHCP seems a bit off.  Normally I would assume that I would need to update DHCP if the servers IP had changed however that’s not the case, as you can see. Which actually it makes more sense to update the ip after the configuration changes take place. The explanation gets a little uha wonky when talking about the DHCP aspect when talking about the ipconfig /renew.

Again, I feel like ive covered this before but if you use hyper-v migration features disks have to be in VHD or VHDX format for a complete list of requirements check here.

Thats all for now, hopefully Ill have some more later today and then soon be in the 90s on the pretest which could possibly lead to actually passing the 70-410 which I suppose would be ok.

Feeling like im getting a late start today, not sure of the reason for the delay other than milling around the internet this morning applying for jobs and checking to make sure my suit still fits as I haven’t been the best at keeping up with my diet as of late. Thankfully
it fits exactly the same as when I bought it, slightly snug. Was hoping to lose a few pounds but haven’t tried too hard in that endeavor.  Anyway lets get on to winning at studying and existing for the time being and get into some questions. The last lot was rather short in terms of the amount of explanation required for the questions. Mostly just helpful ideas rather than overly confusing ideas that lead down rabbit holes of a thought process. The first question is kind of on the same level:

This video is kind of long but it actually covers some good stuff. If you just want to see net-share that comes in around 9 min 40 seconds.

According to the TechNet article this line of cmd should still work in server or any os running a current version of PS. Ive run into a few instances where that actually is a problem.

The next thing I would like to take a look at is how to do this same action in file and storage services, I also have no idea what level you set permissions at when you set them in the previously noted PS command (being NTFS or basic share) im going to assume its share but nothing is specified in the technet article. Anyway there are a lot of videos about file and storage services but this one gets to the point and I think its abundantly clear that its much easier to do this in the GUI

This one im not even sure why exactly I thought it was hard enough to blog but I feel like there’s some interesting things about DHCP that go beyond the borders of this from a conceptual standpoint that are both very complicated and very testable. It seems obvious
to use a fail over sever to avoid conflict on your network but if you do have several scopes within one network how do you set that up and quickly recognize this on a new network that you are approaching. So like if I dont have a diagram of subnets how can I can I
quickly and reliably figure out what machines are on what subnet? Anyway here is the basic question:

As you can see creating a failover server on the same subnet is the way to go but what exactly does this mean? Can I create this any where within my network and give it assign it the same scope or does that server have to be configured with an IP in the same range?
So many questions to chase down here which lead this to being a much more complicated question than Im able to reliably answer. All of these questions lead me to this long video which is still is probably not reliably enough information to answer all the questions
that this example could lead to asking. But it does confirm that they have to be on the same subnet for this to work which we sort of knew but im not exactly sure what that means in an enterprise setting other than I need two servers on the same subnet but configuring an enterprise DCHP scope is still well beyond my understanding of DHCP currently however that is some thing an MCSA certified tech should be able to implement. One interesting note is that IPv6 cannot be protected by DHCP failover implementations at this point in time. Which is worth remembering.

This shorter video from CBT nuggets is also sort of helpful if you want a shorter version. However the IP configuration bit is the hardest part and its not really even discussed. This topic is an absolute youtube click hole but the understanding of the actual addressing
in terms of effective subnetting is hardly touched & ive found that to be the hardest bit to actually comprehend. However this one is basically a condensed version of the previous 45 min video. Im not even sure where to start researching actual subnetting.

Enabling SR-IOV should be easy right? Just need to make a new switch that has the feature enabled.

This dude is rocking some cool tunes

The last one you have to create a switch for, this one needs an adapter as the same scenario with the ACL but is still conceptually straight forward You just cant measure traffic if your using SR-IOV. It might also be interesting to know if port mirroring is
supported with SR-IOV as if that was the case then we could still measure traffic, I cant find anything to support this line of thought one way or the other.

Last question for this round and its actually somewhat confusing to me at this point in my server 2012 studies. Not as bad as DHCP but still its kind of a doozy. Its an interesting note that under some circumstance up to 32 adapters are supported for nic teaming however in Hyper-V 2 appears to be our limit.

The only thing that’s confusing here are the other options. This TCP chimney option comes up a lot but I have yet to see it being in use for an actual answer on an actual test or in MeasureUp

Trying to have a productive evening while waiting to find out what happens with the call center job situation. Not sure what will happen but im excited to find out. I think my aunt will take me and if she does I agreed to let her just be in charge of any money that I make because I haven’t exactly been known to make the wisest of financial decisions over the past few years. The only things I personally would like to accomplish is ordering parts for building a PC and a server but Im not in a huge rush to get that done. Both are mostly for
study purposes and possibly checking out the new WoW expan but that’s kind of up for debate. Regardless I still feel this sense of waiting around for the next absurd adventure to happen. Perhaps that me subscribing to murphy’s law a little too much. Personal considerations involving safety and financial health aside I guess I can get into some questions. This first one Is just a mater of having a working knowledge of VMs strong enough to know what you need to do to increase start up ram and as you can see we need to actually shut down the VM

This is kind of the same thing but gets into more details about what you can increase while the VM is running.

This is actually a pretty good question as this doesn’t exactly explain these things in detail.

This one is a little confusing from the standpoint of what happens after I run this wizard and why haven’t I heard of it any where else. It makes sense but I need to do some more research on this little number.

The answer really is straight forward, I just hadn’t read about this any where else. This guys videos are really good, he’s helpful and not condensing. As a bonus I think he actually enjoys teaching. Around 9 minutes in he starts discussing this tool. Its also interesting that he recommends publisher rules which Im understanding why as most applications in an enterprise environment should be signed.

lots of detail about applocker rules and TechNet is also helpful in this regard.

I found the complete answer to this one in one place (surprisingly) its just a straight forward setup and TechNet has the answer.

Sorry the second answer of using print management isn’t showing but if you read the linked article it lays it out pretty clearly so its not entirely needed.

Just some good old fashioned remembering of where to do things here, nothing complicated. Just all the tools start to sound the same after a while so it can get confusing.

So sconfig, which seems to do most things on core and netsh. I think I can remember this one but I still have no clue where to go in sconfig. Maybe youtube can be of assistance? And it delivers! Im not sure how I havent watched this one before but cases like this are exactly why I started studying like this.

Only hes not using sconfig, still helpful though.

Maybe this next guy will show us.

and he does around 1:55

Im starting to realize that some of these questions are extraordinarily hard for experienced admins and then server newcomers such as myself simply think these are common practice I suppose. However as Ive noted some of this information isnt exactly relevant
or topical for day to day use. This such as obscure lines of code from PS when there is a really simple gui method or something as simple as a click through on creating a DNS record might be better suited to someone at my level of understanding. With no base
line understanding of server technology these obscure seemingly overly complicated methods of learning or doing things might leave a person in a strange position in the work force. Like I can do all this weird obscure stuff and have sort of a conceptual understanding
of various technologies but in practical day to day things im an utter noob. How often is a person just learning server for the first time going to have to build and understand and entire DHCP infrastructure? I guess its important to know if you’ve been around a while
so maybe I was steered into water that was slightly over my head?

Maybe we just need to stop evil pirate lord Bloth who looks just like this Morgrim Tidewalker from World of Warcraft. I guess if you think of studying on those terms it makes it much more fun. Wait is that the basis for most religion or is that too atheistic thinking. Hummm, probably too much philosophy for a server student blog.

So I guess we could get on to doing some questions, maybe? The first question I’ve got today is not overly difficult or logically complicated but I do think its important, as is understanding the replication effects of a global group vs a universal group that I still dont fully understand. Regardless understanding a central store seems to be a common theme. I still need to figure out exactly what the benefits of using .admx files is but im sure ill get there.

This seems like fairly basic best practice type of things, I give this question two thumbs up.

The wording on this seems a bit thin or I possibly dont understand what its asking. So ive got a XML configuring all of the roles and features I want on several servers? If that’s the case then it possibly makes sense other than that Im in the dark as to the meaning of
this one.

We are only left to assume what this mysterious XML files actually does in the explanation. Bummer. So I guess ill stick with their intent is to use an XML to configure roles and features on a several machines?

Nothing overly complicated, no incomplete sentence just a note about what time change is considered. I would assume it would be sensitive but apparently its not.

As you can see its under “non-sensitive privilege” use.

This seems obscure as using powershell for this may not be commonplace in practice how ever I suppose its good to be able to recognize this error and be able to troubleshoot it through a gui or (as in this case) powershell.

here is how to do it through user right assignment in the gui in case that’s more helpful.

Nothing to complicated here just solid info about how to create a global catalog (is there a universal catalog?)

I suppose I found the set-adobject line to be slightly surprising. Not sure why but I do wish we had a whole line of code to get a more complete picture of this. Not sure if the line listed on TechNet is still functional or not.

Set-ADObject “CN=NTDS Settings,CN=Fabrikam-DC1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=Fabrikam,DC=COM” -Replace@{options=’1′}

Im sure ill remember that the next time I need to set up a GC server…

Moving on to the next set of questions, just 5 more chosen by my degree of understanding from a conceptual standpoint or my lack of understanding from an actual being aware of the answer standpoint. The first one is an applocker question about merging a policy, it
seems as though if you would want to merge a policy you would have to “get” the policy first rather than use a verb such as “set” that seems entirely too static for this but as we can see below that is not the case.

It would be nice if they would give the whole line of code instead of just saying “use the -merge parm.” The TechNet article on the subject isn’t overly helpful in this case either stating:

If the Merge parameter is not specified, the existing AppLocker policy in the target GPO will be overwritten by the new policy.

So if you just add a few things we have to use -merge or the entire policy will be overwritten? This is a case where the gui has a clear advantage but regardless this is an important take away.

This one I feel like I just don’t have a strong enough grasp on how to configure cert policies in an AD environment. If the cert doesn’t do anything then its not exactly helpful in this case, that much I understand but its still the option I selected because dont I have to have a policy before I bind it to a site?

So if you que up this video you can see the process of installing a CA but it isn’t a native server CA so im not sure that its overly helpful but its important to see how this generally works I would assume as the wider knowledge base we have to pull from the greater actual understanding as opposed to just memorizing answers that may or may not be beneficial in the real world. Im having trouble finding this process seen to completion using netsh just like its hard to find info on writing answer files, deploying images start to finish….ect.

This is confusing for the problem of a NIC team can only have two adapters in it.

Failover has nothing to do with load balancing so I can agree that this is the wrong answer. However NLB is kind of a rabbit hole as well and one that im not overly familiar with so maybe we should talk about that briefly but before that let’s check out a youtube video
and see the answer.

it explains nothing about how 3 adapters fit into this scenario, frustrating. Any way maybe we could glean a little info on NIC teaming:

This is actually really good as he is showing PS commands as well, hopefully you can see them at full screen. He also hits on dynamic load balancing and switch independent vs dependant which is a process worth understanding. I understand the basic concept
but Im not sure of the reasons you would go dependant vs independent. Honestly, thats one of the most helpful sets of material ive seen in a while as it actually covers a whole thought process from conception to creation. a google search also takes us here to understand dependant vs independent. Though im still not sure of a use case. Suppose we will figure that out as we go? It looks as if we can have up to 32 adapters in a single team. That’s helpful to know and helps me to understand the reasons for the two modes. With attempting to avoid running on for two long on one question I think we will move on but also link a PluralSight article.

I had some confusion about starter gpos and this actually cleared it up or solidified it for me. A starter gpo is not a built in template but rather one that you create yourself. So once you have the template you created you can then create an actual GPO from the template, if im understanding this correctly.

Then its new-gplink, a little unclear as to when the set-gplink cmd should be used.

This question wasn’t overly complicated, i’m just left wondering, again, what is the complete process to create a template? So I just run new-aduser and then I have the start of a template?

I think it may be easier than im assuming given the process in this video: