WEBVTT

00:05.630 --> 00:13.100
There are two roles that are commonly associated with the management of CPI IP within a network DHS

00:13.110 --> 00:21.340
S.P. configured is IP information on the various hosts as they start up and DNS maintains a directory

00:21.340 --> 00:23.610
of where to find everything.

00:23.650 --> 00:27.130
Now when I say everything I do mean everything.

00:27.340 --> 00:35.620
DNS helps you find servers printers and Web sites yes but it also tracks every object in Active Directory

00:36.040 --> 00:40.540
that's everything from group policies to the email address of a user.

00:40.630 --> 00:48.950
All of that information is tracked down through the lookup service provided by DNS if you've added the

00:48.950 --> 00:53.680
DNS roll while installing Active Directory Domain Services.

00:53.840 --> 01:00.890
It will configure itself while the server is being promoted to a domain controller and because the users

01:00.890 --> 01:07.550
might need to be able to look up resources on the Internet generally it has something called Route hints

01:08.090 --> 01:14.870
where your server is able to look to the outside world to get information about other Web sites so that

01:14.870 --> 01:23.300
you can provide that name resolution to users and applications inside your domain but just because there

01:23.300 --> 01:28.600
is an automatic configuration doesn't mean that it's the right thing for everyone.

01:28.600 --> 01:36.040
For example this test lab environment that I'm using for these demonstrations has a firewall that blocks

01:36.040 --> 01:43.600
DNS look ups to any server other than to specific DNS servers in the data center here.

01:43.600 --> 01:50.980
This is a way to protect our users and applications from being sent to some erroneous DNS server that

01:50.980 --> 01:54.100
is doing something malicious.

01:54.150 --> 01:58.500
In that case we can configure forwarders.

01:58.580 --> 02:05.030
This is a server that has been installed to be a domain controller and the DNS roll has been installed

02:05.030 --> 02:06.280
as well.

02:06.320 --> 02:11.120
If I go to the tools menu I can go ahead and open up the DNS tool.

02:11.300 --> 02:18.540
And from here we can look at the properties of our server inside forward lookup zones we can find the

02:18.570 --> 02:23.060
domains that we are able to research and locate information.

02:23.070 --> 02:29.450
For example land and Hotels.com and another Active Directory integrated zone.

02:29.700 --> 02:36.150
But if I want to change how the server works as a whole I can right click on the server and view its

02:36.150 --> 02:37.440
properties.

02:37.530 --> 02:43.260
And here you can see the route hints that were mentioned before where to find servers on the Internet

02:43.290 --> 02:51.390
to help look up generally and we can find forwarders here I can add the IP addresses of servers that

02:51.390 --> 02:54.410
will look up things on the Internet.

02:54.420 --> 03:01.290
This is also useful if this domain is buried down in the organization and you need to look to the top

03:01.290 --> 03:06.150
of the organization for your lookup information.

03:06.290 --> 03:14.600
In addition to using DNS having a DHS IP server that's also integrated with Active Directory will allow

03:14.600 --> 03:22.250
you to hand out configuration information to requesting hosts and report back to the DNS server so that

03:22.250 --> 03:26.360
the hosts can be registered in this list.

03:26.360 --> 03:32.840
This helps maintain the most complete and the most current list of hosts and their addresses throughout

03:32.840 --> 03:33.440
the network.

03:35.080 --> 03:41.560
There's one other feature that I want to point out to you that's not new to Windows Server 2019 but

03:41.560 --> 03:44.220
it is severely underutilized.

03:44.380 --> 03:51.820
Once you have an active directory environment with DNS and D.H. S.P. you now have the task of keeping

03:51.820 --> 03:55.660
track of how these roles are being used.

03:55.670 --> 04:03.710
Some people use spreadsheets to maintain lists of IP address ranges DHS IP exceptions and statically

04:03.710 --> 04:11.240
assigned or reserved IP addresses and these spreadsheets may seem to work in a small environment but

04:11.240 --> 04:17.270
they get outdated very quickly as soon as somebody has to change out a printer.

04:17.300 --> 04:24.970
Let's say the business center printer has died and so we've retired that machine and add a new printer.

04:25.100 --> 04:31.100
But we're in a hurry to get things up and going so we just add it to the DHS CPS server and we don't

04:31.100 --> 04:38.360
update the spreadsheet later on somebody comes in to do inventory and there's different information

04:38.390 --> 04:40.310
in different locations.

04:40.370 --> 04:46.760
This can get out of hand really quickly and you begin to question whether any of the other information

04:46.760 --> 04:48.970
in the spreadsheet is accurate as well.

04:50.890 --> 04:56.480
There is a feature named IP address Management Server or IBM server.

04:56.500 --> 05:02.770
This feature gives you a dashboard that you can use to track everything from an inventory of IP addresses

05:02.770 --> 05:07.030
and a scope to the details of a DNS zone.

05:07.140 --> 05:10.110
You may have noticed that the wallpaper is a different shade here.

05:10.110 --> 05:11.970
I moved from blue to green.

05:12.090 --> 05:17.580
This is a DHS IP server that's in the same Active Directory Domain.

05:17.580 --> 05:20.520
And this is where I'm going to install the feature.

05:20.520 --> 05:28.770
It can be added to any windows 2016 or 2019 server so long as the machine is not a domain controller.

05:28.770 --> 05:33.780
And this feature is added in pretty much the same process as a role.

05:33.870 --> 05:37.110
I'm going to start by add roles and features.

05:37.170 --> 05:43.910
This is a server that I haven't yet checked the box to skip this welcome page I want to install a role

05:43.910 --> 05:51.110
or feature I want to install it on this machine and this time what we're looking for is not a role it's

05:51.110 --> 05:52.910
not in the first list.

05:52.910 --> 06:00.320
So I need to move on to the second list where you'll find IP address management I Pam server when you

06:00.320 --> 06:06.950
check the box you'll see that not only do you get administration tools but there are several prerequisites

06:06.950 --> 06:08.740
that are being added as well.

06:08.810 --> 06:15.590
The Dot Net framework and ISP dot net versions four point seven components are required in addition

06:15.590 --> 06:21.590
to access to the DNS server tools as a general rule.

06:21.640 --> 06:28.240
I accept all of the prerequisites and tools that are offered to me when I install a role or a feature.

06:28.240 --> 06:32.010
But I do take time to scroll through them and see what they are.

06:32.020 --> 06:36.780
This helps give me some insight into what this feature is going to need from this server.

06:37.390 --> 06:42.880
So I'm going to go ahead and add that move on to the next screen which will confirm what I've asked

06:42.880 --> 06:51.560
it to do and then install the roll the dashboard that I have offers this is similar to that involved

06:51.560 --> 06:58.310
in many different software defined network packages including Windows System Center and third party

06:58.310 --> 06:59.610
products.

06:59.720 --> 07:03.140
If you're using one of those products already great.

07:03.380 --> 07:11.780
If not know that Windows Server 2019 and 2016 have you covered with features that are already included

07:11.780 --> 07:15.440
in the server product that you've bought and are deploying in your network.