**if the post above has answered the question, please mark the topic as solved.
You are correct in that OUs are containers, but not all containers are OUs. OUs are specialized containers that Administrators can create. Administrators can also link group policies to an OU, and delegate control over an OU. System containers, like the computers container, builtin container, and the users container (there are several more), are created by the system. While admins can delegate control over most of these containers (not Builtin, which contains default Domain Local security groups), Group Policy cannot be linked to these. Group Policy can only be linked to the site, the domain, or an OU.
I will check on the episode, but hopefully that clears things up for you! If not, let me know.
The 70-744 episodes were produced in September, 2017, and Microsoft updated the objectives in November, 2017. We are currently in the process of updating all of the Windows 10 and Windows Server 2016 content to reflect the updates Microsoft has made to the exam objectives.
Is it the KRA certificate that has expired or the DRA certificate?
The Key Recovery Agent certificate is used to encrypt the private keys of issued certificates for key archival. It is not used for recovery of encrypted files, that is the purpose of the Data Recovery Agent.
If the KRA certificate has expired, you will need to issue a new KRA certificate. This certificate will be used to archive all future archived private keys. You will want to keep the expired KRA certificate, as it will be required to recover any keys archived before the new KRA certificate is issued. Even though the certificate has expired, it can still be used to decrypt archived keys.
If the DRA certificate has expired, you will need to issue a new DRA certificate. Then you will update group policy to reference the new and remove the old DRA from the policy. As users access their encrypted files, the DRA will be updated. You will want to export and keep the old DRA certificate, in case it is needed in the future.
When a certificate expires, it can no longer be used to sign anything. This is why the renewal process fails for an expired certificate, because you cannot sign the renewal request with an expired certificate. Expired certificates can still be used to decrypt however, as you are not signing anything.
Hope this helps, let me know if you need more information or clarification on this process.
Thanks for watching!
You are correct, it would not work with a private IP address if the DNS server was not on the local network. I used a private IP because all my VMs are on the same network.
The IP address for the master DNS server used when setting up a stub zone just needs to be reachable. So if you are setting up a stub zone to resolve names of an external business partner, you would need the public IP address of one of their DNS servers. If you were doing this internally, to speed up name resolution for a sub-domain for example, if the DNS server is on the same LAN, or reachable through a site-to-site VPN or something similar, than a private IP address will work fine.
So the short answer is you can use any IP address, public or private, when designating the master server for a stub zone, as long as the address is reachable by your DNS server.
Hope this helps, sorry for the confusion. Let me know if you have any other questions!
That's a tough one. 2012 is getting long in the tooth, but if you are supporting on-prem or hybrid solutions, you will still see a lot of it.
IMHO, it's worth getting your 2012 certs for a couple of reasons. One, t's still widely used. Two, most of what you learn while studying will apply to 2016 as well. While there are considerable changes between 2012 and 2016, AD is still AD, DNS is still DNS, etc. Plus having extra acronyms on your resume is always good!
I will assume you did not start the VM, otherwise you would know what hypervisor was being used, and that you want to find out the hypervisor being used for a VM that you are remotely connected to.
Earlier operating systems were unaware that they were running in a virtual machine. Windows Server 2012 and later, Windows 7 (I think) and later are aware of being virtualized.
Where to look to determine what hypervisor is being used for a VM will depend on what operating system the VM is running.
For Windows Server 2012 and 2016, you can look at the local server page of Server Manager. In the bottom left corner you will see hardware information, which for a VM will be the hypervisor being used.
For Windows 10, you'll have to open System Information (msinfo32). On the System Summary page, many times the BIOS version will indicate what hypervisor is being used. You can also look at some component information in System Information. The video adapter might be something like VMWare SVGA 3D, indicating VMWare is the hypervisor. Another one to check is under storage, then select disks. The disk model might indicate the hypervisor being used, like VMWare Virtual SCSI Disk.
In Linux (I'm using Kali) open your settings window. On the details page, select About. There you will see Virtualization, and it reports the vendor of the hypervisor. For example, my Kali VM is running in VirtualBox. The hypervisor is listed as Oracle.
Even on older OS's that don't know they are being virtualized, there are usually clues, if you know where to look. Driver information and device information can sometimes be used to determine what virtualization is being used.
Hope this helps!
I believe you can copy the contents of sources\sxs directory from the DVD to
the C:\Windows\WinSxS directory. But honestly, I've never tried, lol. I'd copy the files and try to install a simple feature like Windows Backup, and see if Windows asks for the disk.
Did you remove the source files to reduce the image size or just as a proof of concept?
You can also create a network share and host the SxS files there. Then from any server, you can point to the share when installing a role/feature. This way you can install a role/feature without the DVD and still have a smaller install footprint. The downside of this method is the source files don't get updated/patched.
If the server has an internet connection, it should be able to pull the source files from Windows Updates.
To use the DVD, the problem might be that there are multiple images (standard, core, etc) on the DVD media. You will need to specify the index number of the image in the command.
With the DVD inserted, run this command, with <drive> representing your drive letter:
Dism /get-wiminfo /wimfile:<drive>:\sources\install.wim
The output should be similar to this:
Index : 1 Name : Windows Server 2012 R2 SERVERSTANDARDCORE Description : Windows Server 2012 R2 SERVERSTANDARDCORE Size : 6,653,342,051 bytes Index : 2 Name : Windows Server 2012 R2 SERVERSTANDARD Description : Windows Server 2012 R2 SERVERSTANDARD Size : 11,807,528,410 bytes Index : 3 Name : Windows Server 2012 R2 SERVERDATACENTERCORE Description : Windows Server 2012 R2 SERVERDATACENTERCORE Size : 6,653,031,430 bytes Index : 4 Name : Windows Server 2012 R2 SERVERDATACENTER Description : Windows Server 2012 R2 SERVERDATACENTER Size : 11,809,495,151 bytes
Then, using PowerShell, run this command:
Install-WindowsFeature Server-Gui-Mgmt-Infra,Server-Gui-Shell –Source wim:<drive>:\sources\install.wim:<index>
Replace <drive> with your DVD drive letter, and <index> with the appropriate index number based on the previous command. Also change the feature you want to install. "Print-Services" sounds like what you want. Try:
to verify the name of the feature you want to install. So if the drive letter of the DVD is F:, and the index number is 2, the command would be:
Install-WindowsFeature Print-Services –Source wim:f:\sources\install.wim:2
Let me know if this helps.