Syngress knows what passing the exam means to
you and to your career. And we know that you
are often financing your own training and
certification; therefore, you need a system that is
comprehensive, affordable, and effective.
Boasting one-of-a-kind integration of text, DVD-quality
instructor-led training, and Web-based exam simulation, the
Syngress Study Guide & DVD Training System guarantees 100% coverage of exam
objectives.
The Syngress Study Guide & DVD Training System includes:
■
Study Guide with 100% coverage of exam objectives By reading
this study guide and following the corresponding objective list, you
can be sure that you have studied 100% of the exam objectives.
■
Instructor-led DVD This DVD provides almost two hours of virtual
classroom instruction.
■
Web-based practice exams Just visit us at www.syngress.com/
certification to access a complete exam simulation.
Thank you for giving us the opportunity to serve your certification needs. And
be sure to let us know if there’s anything else we can do to help you get the
maximum value from your investment. We’re listening.
www.syngress.com/certification
254_70-291_FM.qxd 8/14/03 3:27 PM Page i
254_70-291_FM.qxd 8/14/03 3:27 PM Page ii
Deborah Littlejohn Shinder
Dr. Thomas W. Shinder
Chad Todd
Technical Reviewer

Laura Hunter
DVD Presenter
Exam 70-291: Implementing, Managing,
and Maintaining a Windows Server 2003
Network Infrastructure
MCSA/MCSE
254_70-291_FM.qxd 8/14/03 3:27 PM Page iii
Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or
production (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results
to be obtained from the Work.
There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work
is sold AS IS and WITHOUT WARRANTY. You may have other legal rights, which vary from state
to state.
In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or
other incidental or consequential damages arising out from the Work or its contents. Because some
states do not allow the exclusion or limitation of liability for consequential or incidental damages, the
above limitation may not apply to you.
You should always use reasonable care, including backup and other appropriate precautions, when
working with computers, networks, data, and files.
Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,” “Ask the Author
UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc. “Mission
Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress
Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of
their respective companies.
KEY SERIAL NUMBER
001 PV43SLUGGY
002 Q2TQRGN7VA
003 8C38A9R7FF
004 Z6TDAVAN9Y
005 P33JEET8MS

006 3SHX6SN$RK
007 CH3W7E42AK
008 9EU6V4DER7
009 SUPACM4NFH
010 5BVF3MEV2Z
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD
Training System
Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of
America. Except as permitted under the Copyright Act of 1976, no part of this publication may be
reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings
may be entered, stored, and executed in a computer system, but they may not be reproduced for
publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-931836-92-2
Technical Editor:Deborah Littlejohn Shinder Cover Designer: Patricia Lupien
and Thomas W. Shinder M.D Page Layout and Art by: Patricia Lupien
Technical Reviewer: Chad Todd Copy Editors: Adrienne Rebello
Acquisitions Editor: Jonathan Babcock Indexer: Nara Wood
DVD Production: Michael Donovan DVD Presenter: Laura Hunter
254_70-291_FM.qxd 8/14/03 3:27 PM Page iv
v
Acknowledgments
v
We would like to acknowledge the following people for their kindness and support in

making this book possible.
Karen Cross, Meaghan Cunningham, Kim Wylie, Harry Kirchner, Kevin Votel, Kent
Anderson, Frida Yara, Jon Mayes, John Mesjak, Peg O’Donnell, Sandra Patterson, Betty
Redmond, Roy Remer, Ron Shapiro, Patricia Kelly, Andrea Tetrick, Jennifer Pascal,
Doug Reil, David Dahl, Janis Carpenter, and Susan Fryer of Publishers Group West for
sharing their incredible marketing experience and expertise.
Duncan Enright, AnnHelen Lindeholm, David Burton, Febea Marinetti, and Rosie Moss
of Elsevier Science for making certain that our vision remains worldwide in scope.
David Buckland,Wendi Wong, Daniel Loh, Marie Chieng, Lucy Chong, Leslie Lim,
Audrey Gan, and Joseph Chan of Transquest Publishers for the enthusiasm with which
they receive our books.
Kwon Sung June at Acorn Publishing for his support.
Jackie Gross, Gayle Voycey, Alexia Penny, Anik Robitaille, Craig Siddall, Darlene Morrow,
Iolanda Miller, Jane Mackay, and Marie Skelly at Jackie Gross & Associates for all their
help and enthusiasm representing our product in Canada.
Lois Fraser, Connie McMenemy, Shannon Russell, and the rest of the great folks at
Jaguar Book Group for their help with distribution of Syngress books in Canada.
David Scott, Annette Scott, Delta Sams, Geoff Ebbs, Hedley Partis, and Tricia Herbert of
Woodslane for distributing our books throughout Australia, New Zealand, Papua New
Guinea, Fiji Tonga, Solomon Islands, and the Cook Islands.
A special thanks to Deb and Tom Shinder for going the extra mile on our core four
MCSE 2003 guides.Thank you both for all your work.
And to Laura Hunter, thank you for the exceptional work on the DVD for this book.
254_70-291_FM.qxd 8/14/03 3:27 PM Page v
Debra Littlejohn Shinder (MCSE) is a technology consultant, trainer, and writer
who has authored a number of books on networking, including Scene of the Cybercrime:
Computer Forensics Handbook, published by Syngress Publishing (ISBN: 1-931836-65-5),
and Computer Networking Essentials, published by Cisco Press. She is co-author, with her
husband, Dr.Thomas Shinder, of Troubleshooting Windows 2000 TCP/IP (ISBN: 1-
928994-11-3), the best-selling Configuring ISA Server 2000 (ISBN: 1-928994-29-6),

and ISA Server and Beyond (ISBN: 1-931836-66-3). Deb is also a technical editor and
contributor to books on subjects such as the Windows 2000 MCSE exams, the
CompTIA Security+ exam, and TruSecure’s ICSA certification. She edits the
Brainbuzz A+ Hardware News and Sunbelt Software’s WinXP News and is regularly
published in TechRepublic’s TechProGuild and Windowsecurity.com. Deb currently
specializes in security issues and Microsoft products. She lives and works in the Dallas-
Fort Worth area and can be contacted at or via the website at
www.shinder.net.
Thomas W. Shinder M.D. (MVP,
MCSE) is a computing industry veteran who has
worked as a trainer, writer, and a consultant for Fortune 500 companies including FINA
Oil, Lucent Technologies, and Sealand Container Corporation.Tom was a Series Editor
of the Syngress/Osborne Series of Windows 2000 Certification Study Guides and is
author of the best selling books Configuring ISA Server 2000: Building Firewalls with
Windows 2000 (Syngress Publishing, ISBN: 1-928994-29-6) and Dr.Tom Shinder’s ISA
Server and Beyond (ISBN: 1-931836-66-3).Tom is the editor of the Brainbuzz.com
Win2k News newsletter and is a regular contributor to TechProGuild. He is also content
editor, contributor and moderator for the World’s leading site on ISA Server 2000,
www.isaserver.org. Microsoft recognized Tom’s leadership in the ISA Server community
and awarded him their Most Valued Professional (MVP) award in December of 2001.
Technical Editors
254_70-291_FM.qxd 8/14/03 3:27 PM Page vi
vii
Chad Todd (MCSE: Security, MCSE, MCSA: Security, MCSA, MCP+I, MCT, CNE,
A+, Network+, i-Net+) author of the best-selling Hack Proofing Windows 2000 Server
co-owns a training and integration company (Training Concepts, LLC) in Columbia,
SC. Chad first certified on Windows NT 4.0 and has been training on Windows oper-
ating systems ever since. His specialties include Exchange messaging and Windows
security. Chad was awarded MCSE 2000 Charter Member for being one of the first
two thousand Windows 2000 MCSEs and MCSA 2002 Charter Member for being

one of the first five thousand MCSAs. Chad is a regular contributing author for
Microsoft Certified Professional Magazine. Chad has worked for companies such as Fleet
Mortgage Group, Ikon Office Solutions, and Netbank.
Chad would like to first thank his wife Sarah.Without her love and support all
of the late nights required to write this book would not be possible. He would also
like to thank Kirk Vigil and Jim Jones for their support and encouragement. Lastly,
Chad would like to thank Olean Rabon and Theresa Johnson for being his greatest
fans.
Susan Snedaker (MCP, MCT, MCSE+I, MBA) is a strategic business consultant spe-
cializing in business planning, development, and operations. She has served as author,
editor, curriculum designer, and instructor during her career in the computer industry.
Susan holds a Master of Business Administration and a Bachelor of Arts in
Management from the University of Phoenix. She has held key executive and tech-
nical positions at Microsoft, Honeywell, Keane, and Apta Software. Susan has con-
tributed chapters to five books on Microsoft Windows 2000 and 2003. Susan currently
provides strategic business, management and technology consulting services (www.vir-
tualteam.com).
Hal Kurz (MCSE, CCDP, CCNP, CCDA, CCNA) is CIO of Innovative Technology
Consultants and Company, Inc. (www.itccinc.com), a computer consulting and training
Technical Reviewer
Contributors
254_70-291_FM.qxd 8/14/03 3:28 PM Page vii
viii
company located in Miami, FL as well as chief technologist for ITC-Hosting
(www.itc-hosting.com) a web hosting and web-based application development com-
pany. He holds Microsoft MCSE certifications for Windows 2000 and Windows NT
4.0. He is currently gearing up for his CCIE lab exam. Hal is a University of Florida
engineering graduate with experience in VMS, Unix, Linux, OS/400, and Microsoft
Windows. He lives in Miami with his wife Tricia and four children Alexa, Andrew,
Alivia, and Adam. Thank you again Tricia and kids for all of your support!

Kirk Vigil (MCSE, MCSA) is a senior network consultant for Netbank, Inc. in
Columbia, SC. He has worked in the IT integration industry for over 11 years, special-
izing in Microsoft messaging and network operating system infrastructures. He has
worked with Microsoft Exchange since its inception and continues to focus on its
advancements with the recent release of Exchange 2003 as well as its integration with
Windows Server 2003. Kirk holds a bachelor’s degree from the University of South
Carolina. He also works as an independent consultant for a privately owned integra-
tion company, lending technical direction to local business practices. He is a con-
tributing author for the monthly technical subscription Microsoft Certified
Professional Magazine. Beginning his career in Information Technology for a small
startup company,The Computer Group, he helped integrate that company into the
technology division of the worldwide IKON Office Solutions.
Kirk would first like to thank his family for their continuous love and support.
Thanks also go to Chad Todd for his introduction to Syngress Publishing as well as his
counsel. Special appreciation goes to Jim Jones for his encouragement and under-
standing, making the writing of this book possible. Lastly, Kirk is grateful to editors Jon
Babcock, Deborah Littlejohn Shinder, and Thomas Shinder for their technical guid-
ance and leadership throughout the editorial process.
Dan Douglass (MCSE+I, MCDBA, MCSD, MCT) is a software developer and
trainer with a cutting edge medical software company in Dallas,Texas. He currently
provides software development skills, internal training and integration solutions, as well
as peer guidance for technical skills development. His specialties include enterprise
application integration and design, HL7, XML, XSL,Visual Basic, database design and
administration, Back Office and .NET Server platforms, Network design, including
LAN and WAN solutions, Microsoft operating systems and FreeBSD. Dan is a former
US Navy Submariner and lives in Plano,TX with his very supportive and under-
standing wife,Tavish.
254_70-291_FM.qxd 8/14/03 3:28 PM Page viii
ix
Laura E. Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I, CCNA, A+,

Network+, iNet+, CNE-4, CNE-5) is a Senior IT Specialist with the University of
Pennsylvania, where she provides network planning, implementation and trou-
bleshooting services for various business units and schools within the University. Her
specialties include Microsoft Windows NT and 2000 design and implementation, trou-
bleshooting and security topics. As an “MCSE Early Achiever” on Windows 2000,
Laura, was one of the first in the country to renew her Microsoft credentials under the
Windows 2000 certification structure. Laura’s previous experience includes a position
as the Director of Computer Services for the Salvation Army and as the LAN adminis-
trator for a medical supply firm. She also operates as an independent consultant for
small businesses in the Philadelphia metropolitan area and is a regular contributor to
the TechTarget family of websites.
Laura has previously contributed to the Syngress Publishing Configuring Symantec
Antivirus, Corporate Edition (ISBN 1-931836-81-7). She has also contributed to several
other exam guides in the Syngress Windows Server 2003 MCSE/MCSA DVD Guide
and Training System series as a DVD presenter, contributing author and technical
reviewer.
Laura holds a bachelor’s degree from the University of Pennsylvania and is a
member of the Network of Women in Computer Technology, the Information
Systems Security Association, and InfraGard, a cooperative undertaking between the
U.S. Government other participants dedicated to increasing the security of United
States critical infrastructures.
DVD Presenter
254_70-291_FM.qxd 8/14/03 3:28 PM Page ix
254_70-291_FM.qxd 8/14/03 3:28 PM Page x
Exam Objective Map
Objective Number Objective Chapter Number
1 Implementing, Managing, and 1, 3
MaintainingIP Addressing
1.1 Configure TCP/IP addressing on a server 1
computer.

1.2 Manage DHCP. 3
1.2.1 Manage DHCP clients and leases. 3
1.2.2 Manage DHCP Relay Agent. 3
1.2.3 Manage DHCP databases. 3
1.2.4 Manage DHCP scope options. 3
1.2.5 Manage reservations and reserved clients. 3
1.3 Troubleshoot TCP/IP addressing. 1
1.3.1 Diagnose and resolve issues related to 3
Automatic Private IP Addressing (APIPA).
1.3.2 Diagnose and resolve issues related to 3
incorrect TCP/IP configuration.
1.4 Troubleshoot DHCP. 3
xi
MCSA/MCSE 70-291 Exam Objectives Map
and Table of Contents
All of Microsoft’s published objectives for the
MCSA/MCSE 70-291 Exam are covered in this book.
To help you easily find the sections that directly
support particular objectives, we’ve listed all of the
exam objectives below, and mapped them to the
Chapter number in which they are covered. We’ve
also assigned numbers to each objective, which we
use in the subsequent Table of Contents and again
throughout the book to identify objective coverage.
In some chapters, we’ve made the judgment that it is
probably easier for the student to cover objectives in a slightly
different sequence than the order of the published Microsoft objectives. By reading
this study guide and following the corresponding objective list, you can be sure
that you have studied 100% of Microsoft’s MCSA/MCSE 70-291 Exam objectives.
254_70-291_Matrx.qxd 8/14/03 4:22 PM Page xi

xii Contents
Objective Number Objective Chapter Number
1.4.1 Diagnose and resolve issues related to 3
DHCP authorization.
1.4.2 Verify DHCP reservation configuration. 3
1.4.3 Examine the system event log and DHCP 3
server audit log files to find related events.
1.4.4 Diagnose and resolve issues related to 3
configuration of DHCP server and scope
options.
1.4.5 Verify that the DHCP Relay Agent is 3
working correctly.
1.4.6 Verify database integrity. 3
2 Implementing, Managing, and 5, 6
Maintaining Name Resolution
2.1 Install and configure the DNS Server service. 6
2.1.1 Configure DNS server options. 6
2.1.2 Configure DNS zone options. 6
2.1.3 Configure DNS forwarding. 6
2.2 Manage DNS. 6
2.2.1 Manage DNS zone settings. 6
2.2.2 Manage DNS record settings. 6
2.2.3 Manage DNS server options. 5
2.3 Monitor DNS. Tools might include System 6
Monitor, Event Viewer, Replication Monitor,
and DNS debug logs.
3 Implementing, Managing, and 9, 10
Maintaining Network Security
3.1 Implement secure network administration 9
procedures.

3.1.1 Implement security baseline settings and 9
audit security settings by using security
templates.
3.1.2 Implement the principle of least privilege. 9
3.2 Monitor network protocol security. Tools 10
might include the IP Security Monitor
Microsoft Management Console (MMC)
snap-in and Kerberos support tools.
254_70-291_Matrx.qxd 8/14/03 4:22 PM Page xii
Contents xiii
Objective Number Objective Chapter Number
3.3 Troubleshoot network protocol security. 10
Tools might include the IP Security Monitor
MMC snap-in, Event Viewer, and Network
Monitor.
4 Implementing, Managing, and 7, 8
Maintaining Routing and Remote Access
4.1 Configure Routing and Remote Access user 7
authentication.
4.1.1 Configure remote access authentication 7,8
protocols.
4.1.2 Configure Internet Authentication Service 8
(IAS) to provide authentication for Routing
and Remote Access clients.
4.1.3 Configure Routing and Remote Access 8
policies to permit or deny access.
4.2 Manage remote access. 8
4.2.1 Manage packet filters. 8
4.2.2 Manage Routing and Remote Access 8
routing interfaces.

4.2.3 Manage devices and ports. 8
4.2.4 Manage routing protocols. 8
4.2.5 Manage Routing and Remote Access clients. 8
4.3 Manage TCP/IP routing. 8
4.3.1 Manage routing protocols. 8
4.3.2 Manage routing tables. 2
4.3.3 Manage routing ports. 8
4.4 Implement secure access between private 7
networks.
4.5 Troubleshoot user access to remote access 8
services.
4.5.1 Diagnose and resolve issues related to 7
remote access VPNs.
4.5.2 Diagnose and resolve issues related to 8
establishing a remote access connection.
254_70-291_Matrx.qxd 8/14/03 4:22 PM Page xiii
Contents xiv
Objective Number Objective Chapter Number
4.5.3 Diagnose and resolve user access to 8
resources beyond the remote access
server.
4.6 Troubleshoot Routing and Remote Access 8
routing.
4.6.1 Troubleshoot demand-dial routing. 8
4.6.2 Troubleshoot router-to-router VPNs. 7
5 Maintaining a Network Infrastructure 3, 4, 6, 8, 10
5.1 Monitor network traffic. Tools might 10
include Network Monitor and System
Monitor.
5.2 Troubleshoot connectivity to the Internet. 10

5.3 Troubleshoot server services. 3, 4, 6,8
5.3.1 Diagnose and resolve issues related to 3, 4, 6, 8
service dependency.
5.3.2 Use service recovery options to diagnose 3, 4, 6, 8
and resolve service-related issues.
254_70-291_Matrx.qxd 8/14/03 4:22 PM Page xiv
Contents
xv
Foreword xxix
Chapter 1 Reviewing TCP/IP Basics 1
Introduction …………………………………………………………2
Understanding the Purpose and Function of Networking Models …2
Understanding the Department
of Defense (DoD) Networking Model …………………………3
Layer One: Network Interface …………………………………4
Media Access Control …………………………………………6
Network Interface Hardware/Software ………………………6
Layer Two: Internet (or Internetworking) ……………………7
Layer Three: Host to Host (or Transport) ……………………7
Layer Four: Application ………………………………………8
Understanding the OSI Model ……………………………………8
Layer 1: Physical ………………………………………………9
Layer 2: Data Link ……………………………………………11
Layer 3: Network ……………………………………………13
Layer 4:Transport ……………………………………………14
Layer 5: Session ………………………………………………16
Layer 6: Presentation …………………………………………17
Layer 7 Application …………………………………………17
The Microsoft Model ……………………………………………18
Understanding the Function of Boundary Layers ……………19

Understanding Component Layers …………………………21
1.1/1.3
Understanding the TCP/IP Protocol Suite …………………………22
Layer 1: Network Interface ………………………………………24
CSMA/CD …………………………………………………24
CSMA/CA …………………………………………………25
Token Passing …………………………………………………25
Other Access Control Methods ………………………………26
Layer 2: Internet …………………………………………………27
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xv
xvi Contents
Internet Protocol ……………………………………………27
Internet Control Message Protocol …………………………28
Internet Group Management Protocol ………………………28
Address Resolution Protocol …………………………………29
Layer 3: Host-to-Host Transport …………………………………30
Transmission Control Protocol ………………………………30
User Datagram Protocol ……………………………………34
Layer 4: Application ………………………………………………35
NetBIOS over TCP …………………………………………35
Windows Internet Name Service ……………………………36
Server Message Block/Common Internet File System ………37
Internet Printing Protocol ……………………………………37
Windows Sockets ……………………………………………38
Telnet …………………………………………………………38
Dynamic Host Configuration Protocol ………………………39
Simple Mail Transport Protocol ………………………………40
Post Office Protocol …………………………………………40
Internet Message Access Protocol ……………………………40
Hypertext Transport Protocol ………………………………41

Network News Transfer Protocol ……………………………41
File Transfer Protocol …………………………………………41
Domain Naming System ……………………………………42
Routing Information Protocol ………………………………43
SNMP ………………………………………………………43
1.1/1.3
Understanding IP Addressing ………………………………………45
Converting from Decimal to Binary ……………………………45
Network ID and Host ID ………………………………………50
Rules for Network IDs ………………………………………52
Rules for Host IDs …………………………………………52
Class A ……………………………………………………………52
Class B ……………………………………………………………53
Class C …………………………………………………………53
Class D and Class E ………………………………………………54
Address Class Summary …………………………………………54
Understanding Subnetting ……………………………………………55
Understanding Subnet Masking ……………………………………57
How Bitwise ANDing Works ……………………………………57
Default Subnet Mask ……………………………………………59
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xvi
Contents xvii
Custom Subnet Mask ……………………………………………60
Determine the Number of Host Bits to Be Used ……………61
Determine the New Subnetted Network IDs ………………62
Determine the IP Addresses for Each New Subnet …………64
Creating the Subnet Mask ……………………………………64
Public and Private IP Addresses …………………………………67
Understanding Basic IP Routing ……………………………………68
Name and Address Resolution …………………………………68

Host Name Resolution ………………………………………68
NetBIOS Name Resolution …………………………………70
How Packets Travel from Network to Network …………………72
IP Routing Tables ……………………………………………73
Route Processing ……………………………………………75
Physical Address Resolution …………………………………76
Inverse ARP …………………………………………………77
Proxy ARP ……………………………………………………77
Static and Dynamic IP Routers ………………………………77
Routing Utilities ……………………………………………82
Conclusion ……………………………………………………83
Example of a Simple Classful Network …………………………83
Summary of Exam Objectives ………………………………………85
Exam Objectives Fast Track …………………………………………86
Exam Objectives Frequently Asked Questions ………………………89
Self Test ………………………………………………………………91
Self Test Quick Answer Key …………………………………………96
Chapter 2 Variable Length Subnet Masking
and Client Configuration 97
Introduction …………………………………………………………98
Review of Classful Subnet Masking …………………………………98
Variable Length or Nonclassful (Classless) Subnet Masking ………104
Example of Subnetting a Class A Network ……………………107
Requirement #1:
Reserve Half the Addresses for Future Use ………………107
Requirement #2:
Twelve Networks with 8,190 Hosts per Subnet …………107
Requirement #3:
Ten Networks with 2,046 Hosts per Subnet ……………108
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xvii

xviii Contents
Requirement #4:
Five Networks with 250 Hosts per Subnet ………………109
Example of Subnetting a Class B Network ……………………110
Requirement #1: One Subnet of Up to 30,000 Hosts ……110
Requirement #2:Twelve Subnets with Ip to 1,500 Hosts …110
Requirement #3: Six Subnets with Up to 250 Hosts ………112
Requirement #4: Reserve at
Least Five Subnets with 250 Hosts for Future Use ………112
Example of Subnetting a Class C Network ……………………113
Requirement #1:
Create One Subnet with at Least 60 Host Addresses ……113
Requirement #2: Create at
Least Five Subnets with Up to Six Host Addresses ………114
Requirement #3: Save at
Least Two Subnets for Future Use ………………………114
Variable Length Subnetting Summary …………………………119
Supernetting Class C Networks ………………………………120
Example of Supernetting a Class C Network …………………121
4.3.2
The Windows XP/Windows 2000 Routing Table …………………124
Adding Routing Table Entries …………………………………127
Removing Routing Table Entries ………………………………128
4.3.2
The Windows Server 2003 Routing Table …………………………128
Creating Routing Table Entries ………………………………134
Removing Routing Table Entries ………………………………136
Assigning IP Addressing Information to Network Clients …………138
Static IP Addressing ……………………………………………138
Dynamic IP Addressing …………………………………………141

APIPA …………………………………………………………143
Configuring Alternate
IP Addressing Configurations ………………………………145
Summary of Exam Objectives ………………………………………147
Exam Objectives Fast Track …………………………………………148
Exam Objectives Frequently Asked Questions ……………………152
Self Test ……………………………………………………………153
Self Test Quick Answer Key ………………………………………159
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xviii
Contents xix
Chapter 3 The Dynamic Host Configuration Protocol 161
Introduction ………………………………………………………162
1.2
Review of DHCP …………………………………………………162
1.2.1
DHCP Leases ………………………………………………………164
General Lease Duration Rules ………………………………165
The DHCP Lease Process ………………………………………166
IP Lease Request (Discover) ………………………………168
IP Offer Response …………………………………………170
IP Selection Request ………………………………………171
IP Lease Acknowledgement …………………………………172
Lease Renewal …………………………………………………173
Automatic Renewal …………………………………………174
Manual Renewal ……………………………………………175
1.2.1/1.2.4
Configuring the Windows
1.2.5/1.4.4
Server 2003 DHCP Server ……………………………………176
Installing the DHCP Service …………………………………176

1.2.4
Configuring DHCP Scopes ………………………………………179
Configuring DHCP Options …………………………………186
Server Options ………………………………………………189
Scope Options ………………………………………………189
User and Vendor Class Options ……………………………………189
1.2.5
Configuring DHCP Reservations ……………………………197
Configuring BOOTP Tables ……………………………………199
Configuring Superscopes ………………………………………201
When to Use Superscopes …………………………………202
How to Create a Superscope ………………………………202
Configuring Multicast Scopes …………………………………203
Configuring Scope Allocation of IP Addresses …………………206
Conflict Detection …………………………………………207
1.2.2/1.4.5
Configuring the DHCP Relay Agent ………………………………209
BOOTP versus DHCP Relay …………………………………210
Configuring the DHCP Relay Agent …………………………211
Integrating the DHCP Server with Dynamic DNS ………………214
Dealing with Windows NT 4.0 and Win9x Clients ……………216
DNS Updating Options ……………………………………217
DNSUpdateProxy Group …………………………………218
Security Concerning the DNSUpdateProxy Group ………220
1.4/1.4.1
Integrating the DHCP Server with Routing and Remote Access …222
DHCP and RRAS Scenarios …………………………………223
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xix
xx Contents
Scenario 1: RRAS Acts as DHCP Server …………………223

Scenario 2: RRAS Passes Requests to Another
DHCP Server ……………………………………………224
Scenario 3: Static IP Assigned to User ………………………224
Integrating DHCP with Active Directory …………………………226
Authorizing DHCP Servers in the Active Directory …………229
Rogue DHCP Server Detection ………………………………230
1.3.1/1.3.2
Understanding Automatic Private IP Addressing (APIPA) …………231
How APIPA Works ……………………………………………232
Disabling APIPA ………………………………………………232
1.2/1.4.6
Managing the Windows Server 2003 DHCP Server ………………235
1.2.3
Managing the DHCP Server Database …………………………235
Viewing and Recording DHCP Server Statistics ………………239
Delegating DHCP Administration ……………………………241
Enterprise Admins Group …………………………………242
1.4.3/1.4
DHCP Administrators Group ………………………………242
DHCP Users Group ………………………………………242
1.4/1.4.3
Monitoring and Troubleshooting
1.4.4/5.3/
the Windows Server 2003 DHCP Server ………………………243
5.3.1/5.3.2
Using the Event Viewer ………………………………………243
Using System Monitor …………………………………………245
1.4.3
Real World Data Sniffing ………………………………………248
1.4.3

Using the DHCP Server Audit Log ……………………………250
Using DHCP Log Files …………………………………………251
Client-Side Troubleshooting ……………………………………254
Summary of Exam Objectives ………………………………………256
Exam Objectives Fast Track …………………………………………258
Exam Objectives Frequently Asked Questions ……………………262
Self Test ……………………………………………………………266
Self Test Quick Answer Key ………………………………………277
Chapter 4 NetBIOS Name Resolution and WINS 279
Introduction ………………………………………………………280
Review of NetBIOS Name Resolution ……………………………281
Network Browsing ……………………………………………283
NetBIOS Name Registration …………………………………283
NetBIOS Name Registration ………………………………284
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xx
Contents xxi
NetBIOS Name Discovery …………………………………284
NetBIOS Name Release ……………………………………284
Standard NetBIOS Name Resolution …………………………285
Local Broadcast ……………………………………………285
NetBIOS Name Cache ……………………………………287
NetBIOS Name Server ……………………………………288
NetBIOS Over TCP/IP ………………………………………289
Resolving NetBIOS Names to IP Addresses …………………289
The NetBIOS Node Types …………………………………………290
b-node (Broadcasts) ……………………………………………291
p-node (Peer-to-peer) …………………………………………291
m-node (Mixed) ………………………………………………291
h-node (Hybrid) ………………………………………………292
Enhanced h-node ………………………………………………292

The LMHOSTS file ………………………………………………294
The Windows Server 2003 Windows Internet Name Server ………300
Overview of WINS ……………………………………………300
Client Name Registration …………………………………302
Client Name Renewal ………………………………………303
Client Name Release ………………………………………304
Client Name Resolution Query ……………………………305
Installing the WINS Server ……………………………………307
Configuring and Managing the WINS Server …………………309
Configuring WINS Replication ……………………………310
Managing WINS Records and Its Database ………………321
Back Up and Restore the WINS Database …………………344
Configuring the WINS Client ……………………………………354
Possible WINS Clients …………………………………………356
WINS Proxy Agent ……………………………………………357
Non-WINS NetBIOS Registration ………………………357
Non-WINS NetBIOS Resolution …………………………357
Network Service Interoperability …………………………………359
WINS and DHCP ……………………………………………359
WINS and DNS ………………………………………………361
WINS and RRAS ………………………………………………365
5.3
WINS and Active Directory ……………………………………366
WINS and the Browser Service ………………………………367
WINS and Win9x/NT Clients …………………………………368
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xxi
xxii Contents
5.3/5.3.1/
Monitoring and Troubleshooting
5.3.2

the Windows Server 2003 WINS Server ………………………368
WINS System Monitor Objects ………………………………369
Troubleshooting WINS Clients ………………………………373
Troubleshooting WINS Servers ………………………………378
WINS Monitoring and Statistics ……………………………379
Summary of Exam Objectives ………………………………………383
Exam Objectives Fast Track …………………………………………385
Exam Objectives Frequently Asked Questions ……………………388
Self Test ……………………………………………………………392
Self Test Quick Answer Key ………………………………………407
Chapter 5 Domain Naming System Concepts 409
Introduction ………………………………………………………410
Review of DNS ……………………………………………………411
Comparing NetBIOS and DNS Naming Conventions ………412
Flat versus Hierarchical ……………………………………413
Naming Conventions ………………………………………413
NetBIOS Name Resolution Review ………………………415
NetBIOS and Winsock Interface Name Resolution ………417
The DNS Namespace …………………………………………417
Domain and Host Names …………………………………420
Naming Subdomains ………………………………………421
Basic DNS Concepts ……………………………………………421
DNS Servers ………………………………………………422
DNS Resolvers ……………………………………………422
Resource Records …………………………………………422
Zones ………………………………………………………422
Zone Files …………………………………………………422
DNS Zones ……………………………………………………423
Commonly Used Resource Records ………………………427
Delegation and Glue Records …………………………………431

DNS Zone Transfer ……………………………………………434
Host Name Resolution ……………………………………………435
Order of Host Name Resolution ………………………………436
Recursive Queries ………………………………………………436
Iterative Queries ………………………………………………438
Forward Lookups ………………………………………………439
Reverse Lookups ………………………………………………440
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xxii
Contents xxiii
Root Hints File …………………………………………………440
2.2.3
Windows Server 2003 DNS Server Roles …………………………440
Standard Primary DNS Server …………………………………441
Standard Secondary DNS Server ………………………………441
Caching-only DNS Server ……………………………………442
DNS Forwarder and DNS Slave Servers ………………………442
Testing the DNS Server ……………………………………444
Dynamic DNS Servers …………………………………………447
Aging and Scavenging of Stale Records ………………………452
DNS Extensions ………………………………………………453
Windows Server 2003 Active Directory Integrated DNS Servers …454
Secure Dynamic Updates ………………………………………455
Active Directory Integrated Zones ……………………………455
Active Directory Related DNS Entries ………………………456
Summary of Exam Objectives ………………………………………457
Exam Objectives Fast Track …………………………………………459
Exam Objectives Frequently Asked Questions ……………………462
Self Test ……………………………………………………………464
Self Test Quick Answer Key ………………………………………470
Chapter 6 The Windows Server 2003 DNS Server 471

Introduction ………………………………………………………472
2.1/2.1.1/
Installing and Configuring the Windows Server
2.1.2/2.1.3/
2003 DNS Server ………………………………………………472
2.2/2.2.1/2.2.2
2.1.1
Configuring Your DNS Server …………………………………480
Configuring Forward Lookup Zones ………………………483
Adding DNS Database Records ……………………………487
Configuring Reverse Lookup Zones ………………………490
2.1.1
Configuring Your DNS Server ………………………………492
2.1.2
Configuring Your DNS Zones ……………………………………502
2.2
Configuring DNS Clients …………………………………………508
Using DHCP to Configure DNS Clients ………………………510
Integrating the Windows
Server 2003 DNS Server with DHCP …………………………517
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xxiii
xxiv Contents
DNS Updating Options ………………………………………518
Enabling DNS Dynamic Updates …………………………519
DNSUpdateProxy Group ………………………………………520
Security Concerning the DNSUpdateProxy Group ………522
Integrating the Windows Server 2003 DNS Server with WINS …524
WINS and DNS ………………………………………………524
Integrating the Windows Server 2003 DNS Server with BIND …528
2.3

Monitoring the Windows Server 2003 DNS Server ………………533
DNS Console …………………………………………………533
System Monitor ………………………………………………536
Network Monitor ………………………………………………542
5.3/5.3.1/
Troubleshooting the Windows Server 2003 DNS Server …………544
5.3.2
Logging …………………………………………………………544
Diagnostic Tools ………………………………………………546
Summary of Exam Objectives ………………………………………550
Exam Objectives Fast Track …………………………………………551
Exam Objectives Frequently Asked Questions ……………………554
Self Test ……………………………………………………………557
Self Test Quick Answer Key ………………………………………568
Chapter 7 Configuring the Windows Server 2003
Routing and Remote Access Service VPN Services 569
Introduction ………………………………………………………570
Review of Windows Server 2003 Remote Access Concepts ………570
Enabling the Windows Server 2003 Remote Access Service ………575
4.1/4.1.1/
Configuring the Windows Server 2003 VPN Server ………………584
4.5.1
Supporting Network Infrastructure ……………………………584
Underlying Network Connection …………………………585
VPN Server Placement ……………………………………585
Certificate Infrastructure ……………………………………586
Centralized Accounting ……………………………………587
PPP Authentication Process and Protocols ……………………588
The PPP Authentication Process ……………………………588
VPN Tunneling Protocols ………………………………………597

Understanding Tunneling ……………………………………597
Tunneling Protocols Supported by Windows Server 2003 …598
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xxiv