Sunday, July 31, 2016

MCSE Studying - Week Ending July 31, 2016

Overview
The study path for 70-411 has been going a lot better over the past two weeks, as I have finally got back into the groove and have found the time to study. I have also validated the fact that studying by exam objective is working out better for me than studying each resource all the way through. Using multiple resources for each objective, sometimes over a dozen different courses, books, and blog posts is working out quite well. It is somewhat luxurious to be able to explore each exam objective thoroughly, gathering every detail possible.

This time round, I have not been going through the objectives in order, but instead, starting with the areas that were identified as my weakest. The confidence level is finally on the rise, and I feel I should be able to take the exam in the next month or so.

Cool Stuff
The coolest thing I covered in the past week was virtual domain controller cloning. When I first got into this objective, I was thinking to myself that it wasn't that big of a deal. Once I started into it, however, I discovered that it is an awesome way to deploy additional domain controllers. It was nice to be able to get one set up, just the way I like, and then be able to clone it. The new domain controller then has the same configuration, folders, updates, and preferences set up, and it only took 20 minutes!

PowerShell cmdlet of the Week
This weeks cmdlet will in fact, be the two cmdlets related to virtual domain controller cloning, along with a few other cmdlets sprinkled in for flavor.

Get-ADDCCloningExludedApplicationList
New-ADDCCloneConfigFile

Here are the basic steps for cloning a virtual domain controller:

Source DC: DC-01
Cloned DC: DC-02

Step 1: Add the source domain controller to the 'Cloneable Domain Controllers' security group

Add-ADGroupMember -Identity 'Cloneable Domain Controllers' -Members (Get-ADComputer -Identity DC01)

Step 2: Check for excluded applications that would cause cloning to fail

Get-ADDCCloningExludedApplicationList

Check the results. If the excluded applications are from Microsoft they will need to be removed. If they are from a third party vendor, check with that vendor to see if the application is compatible with cloning. If not, remove the application, if it is, add it to the user defined inclusion list using the following parameter

Get-ADDCCloningExludedApplicationList -GenerateXML

This adds the CustomDCCloneAllowList.xml to the C:\Windows\NTDS folder (by default)

Step 3: Create the DCCloneConfig.xml file

New-ADDCCloneConfigFile -CloneComputerName "DC02" `
-Static `
-IPv4Address "192.168.2.157" `
-IPv4SubnetMask "255.255.255.0" `
-IPv4DefaultGateway "192.168.2.1" `
-IPv4DNSResolver @("192.168.2.151","192.168.2.152")

Step 4: Shut down the source domain controller

Stop-Computer

Step 5: Copy the source VHD to a new location and rename it to match the new domain controller

Once the copy is complete, you can restart the source domain controller

Step 6: Create a new virtual machine and attach the copied VHD,

$ClonedDC = New-VM -Name DC02 `
-MemoryStartupBytes 2048MB -Generation 2 `
-BootDevice VHD -Path E:\Hyper-V\VM `
-VHDPath E:\Hyper-V\VHD\DC02.vhdx `
-Switch "Virtual Switch - Training"

Set-VM -VM $ClonedDC -ProcessorCount 2 `
-DynamicMemory

Step 7: Start the new virtual domain controller

Start-VM $ClonedDC

At this point, the new domain controller starts up and begins the cloning process.

Step 8: Remove all of the domain controllers from the 'Cloneable Domain Controllers' group

Remove-ADGroupMember -Identity "Cloneable Domain Controllers" -Member (Get-ADGroupMember -Identity "Cloneable Domain Controllers")

That's it! Easy. Although, I do suggest reading through the documentation thoroughly, and practicing in your test environment before trying it in Production.

Studying Stats
Total time studying: 10 hrs. 10 mins.
  • 70-411: 10 hrs. 10 mins.
Objectives Covered
  • 70-411
    • 5.2.1 - Transfer and seize operations master roles
    • 5.2.2 - Install and configure a read-only domain controller (RODC)
    • 5.2.3 - Configure domain controller cloning

IT News, Blogs, and Podcasts
  • Nothing this week
In Closing
It is nice to finally feel like I am making progress with my studies. I am going try to add a few more hours of study time next week and see if I can complete 1-2 sub-objectives per week. Some will require more effort than others as I am still struggling with these concepts. Others will go very quickly as they are topics that I am quite familiar with and have used regularly. Within a few weeks, I should be able to tell when I can write 70-411.

Have a great week everyone!