Syngress knows what passing the exam means to
you and to your career. And we know that you
are often financing your own training and
certification; therefore, you need a system that is
comprehensive, affordable, and effective.
Boasting one-of-a-kind integration of text, DVD-quality
instructor-led training, and Web-based exam simulation, the
Syngress Study Guide & DVD Training System guarantees 100% coverage of exam
objectives.
The Syngress Study Guide & DVD Training System includes:
■
Study Guide with 100% coverage of exam objectives By reading
this study guide and following the corresponding objective list, you
can be sure that you have studied 100% of the exam objectives.
■
Instructor-led DVD This DVD provides almost two hours of virtual
classroom instruction.
■
Web-based practice exams Just visit us at www.syngress.com/
certification to access a complete exam simulation.
Thank you for giving us the opportunity to serve your certification needs. And
be sure to let us know if there’s anything else we can do to help you get the
maximum value from your investment. We’re listening.
www.syngress.com/certification
254_70-291_FM.qxd 8/14/03 3:27 PM Page i
254_70-291_FM.qxd 8/14/03 3:27 PM Page ii
Deborah Littlejohn Shinder
Dr. Thomas W. Shinder
Chad Todd
Technical Reviewer

006 3SHX6SN$RK
007 CH3W7E42AK
008 9EU6V4DER7
009 SUPACM4NFH
010 5BVF3MEV2Z
PUBLISHED BY
Syngress Publishing, Inc.
800 Hingham Street
Rockland, MA 02370
Implementing, Managing, and Maintaining a Windows Server 2003 Network Infrastructure Guide & DVD
Training System
Copyright © 2003 by Syngress Publishing, Inc. All rights reserved. Printed in the United States of
America. Except as permitted under the Copyright Act of 1976, no part of this publication may be
reproduced or distributed in any form or by any means, or stored in a database or retrieval system,
without the prior written permission of the publisher, with the exception that the program listings
may be entered, stored, and executed in a computer system, but they may not be reproduced for
publication.
Printed in the United States of America
1 2 3 4 5 6 7 8 9 0
ISBN: 1-931836-92-2
Technical Editor:Deborah Littlejohn Shinder Cover Designer: Patricia Lupien
and Thomas W. Shinder M.D Page Layout and Art by: Patricia Lupien
Technical Reviewer: Chad Todd Copy Editors: Adrienne Rebello
Acquisitions Editor: Jonathan Babcock Indexer: Nara Wood
DVD Production: Michael Donovan DVD Presenter: Laura Hunter
254_70-291_FM.qxd 8/14/03 3:27 PM Page iv
v
Acknowledgments
v
We would like to acknowledge the following people for their kindness and support in

and ISA Server and Beyond (ISBN: 1-931836-66-3). Deb is also a technical editor and
contributor to books on subjects such as the Windows 2000 MCSE exams, the
CompTIA Security+ exam, and TruSecure’s ICSA certification. She edits the
Brainbuzz A+ Hardware News and Sunbelt Software’s WinXP News and is regularly
published in TechRepublic’s TechProGuild and Windowsecurity.com. Deb currently
specializes in security issues and Microsoft products. She lives and works in the Dallas-
Fort Worth area and can be contacted at or via the website at
www.shinder.net.
Thomas W. Shinder M.D. (MVP,
MCSE) is a computing industry veteran who has
worked as a trainer, writer, and a consultant for Fortune 500 companies including FINA
Oil, Lucent Technologies, and Sealand Container Corporation.Tom was a Series Editor
of the Syngress/Osborne Series of Windows 2000 Certification Study Guides and is
author of the best selling books Configuring ISA Server 2000: Building Firewalls with
Windows 2000 (Syngress Publishing, ISBN: 1-928994-29-6) and Dr.Tom Shinder’s ISA
Server and Beyond (ISBN: 1-931836-66-3).Tom is the editor of the Brainbuzz.com
Win2k News newsletter and is a regular contributor to TechProGuild. He is also content
editor, contributor and moderator for the World’s leading site on ISA Server 2000,
www.isaserver.org. Microsoft recognized Tom’s leadership in the ISA Server community
and awarded him their Most Valued Professional (MVP) award in December of 2001.
Technical Editors
254_70-291_FM.qxd 8/14/03 3:27 PM Page vi
vii
Chad Todd (MCSE: Security, MCSE, MCSA: Security, MCSA, MCP+I, MCT, CNE,
A+, Network+, i-Net+) author of the best-selling Hack Proofing Windows 2000 Server
co-owns a training and integration company (Training Concepts, LLC) in Columbia,
SC. Chad first certified on Windows NT 4.0 and has been training on Windows oper-
ating systems ever since. His specialties include Exchange messaging and Windows
security. Chad was awarded MCSE 2000 Charter Member for being one of the first
two thousand Windows 2000 MCSEs and MCSA 2002 Charter Member for being

Kirk Vigil (MCSE, MCSA) is a senior network consultant for Netbank, Inc. in
Columbia, SC. He has worked in the IT integration industry for over 11 years, special-
izing in Microsoft messaging and network operating system infrastructures. He has
worked with Microsoft Exchange since its inception and continues to focus on its
advancements with the recent release of Exchange 2003 as well as its integration with
Windows Server 2003. Kirk holds a bachelor’s degree from the University of South
Carolina. He also works as an independent consultant for a privately owned integra-
tion company, lending technical direction to local business practices. He is a con-
tributing author for the monthly technical subscription Microsoft Certified
Professional Magazine. Beginning his career in Information Technology for a small
startup company,The Computer Group, he helped integrate that company into the
technology division of the worldwide IKON Office Solutions.
Kirk would first like to thank his family for their continuous love and support.
Thanks also go to Chad Todd for his introduction to Syngress Publishing as well as his
counsel. Special appreciation goes to Jim Jones for his encouragement and under-
standing, making the writing of this book possible. Lastly, Kirk is grateful to editors Jon
Babcock, Deborah Littlejohn Shinder, and Thomas Shinder for their technical guid-
ance and leadership throughout the editorial process.
Dan Douglass (MCSE+I, MCDBA, MCSD, MCT) is a software developer and
trainer with a cutting edge medical software company in Dallas,Texas. He currently
provides software development skills, internal training and integration solutions, as well
as peer guidance for technical skills development. His specialties include enterprise
application integration and design, HL7, XML, XSL,Visual Basic, database design and
administration, Back Office and .NET Server platforms, Network design, including
LAN and WAN solutions, Microsoft operating systems and FreeBSD. Dan is a former
US Navy Submariner and lives in Plano,TX with his very supportive and under-
standing wife,Tavish.
254_70-291_FM.qxd 8/14/03 3:28 PM Page viii
ix
Laura E. Hunter (CISSP, MCSE, MCT, MCDBA, MCP, MCP+I, CCNA, A+,

1.2 Manage DHCP. 3
1.2.1 Manage DHCP clients and leases. 3
1.2.2 Manage DHCP Relay Agent. 3
1.2.3 Manage DHCP databases. 3
1.2.4 Manage DHCP scope options. 3
1.2.5 Manage reservations and reserved clients. 3
1.3 Troubleshoot TCP/IP addressing. 1
1.3.1 Diagnose and resolve issues related to 3
Automatic Private IP Addressing (APIPA).
1.3.2 Diagnose and resolve issues related to 3
incorrect TCP/IP configuration.
1.4 Troubleshoot DHCP. 3
xi
MCSA/MCSE 70-291 Exam Objectives Map
and Table of Contents
All of Microsoft’s published objectives for the
MCSA/MCSE 70-291 Exam are covered in this book.
To help you easily find the sections that directly
support particular objectives, we’ve listed all of the
exam objectives below, and mapped them to the
Chapter number in which they are covered. We’ve
also assigned numbers to each objective, which we
use in the subsequent Table of Contents and again
throughout the book to identify objective coverage.
In some chapters, we’ve made the judgment that it is
probably easier for the student to cover objectives in a slightly
different sequence than the order of the published Microsoft objectives. By reading
this study guide and following the corresponding objective list, you can be sure
that you have studied 100% of Microsoft’s MCSA/MCSE 70-291 Exam objectives.
254_70-291_Matrx.qxd 8/14/03 4:22 PM Page xi

3.1.1 Implement security baseline settings and 9
audit security settings by using security
templates.
3.1.2 Implement the principle of least privilege. 9
3.2 Monitor network protocol security. Tools 10
might include the IP Security Monitor
Microsoft Management Console (MMC)
snap-in and Kerberos support tools.
254_70-291_Matrx.qxd 8/14/03 4:22 PM Page xii
Contents xiii
Objective Number Objective Chapter Number
3.3 Troubleshoot network protocol security. 10
Tools might include the IP Security Monitor
MMC snap-in, Event Viewer, and Network
Monitor.
4 Implementing, Managing, and 7, 8
Maintaining Routing and Remote Access
4.1 Configure Routing and Remote Access user 7
authentication.
4.1.1 Configure remote access authentication 7,8
protocols.
4.1.2 Configure Internet Authentication Service 8
(IAS) to provide authentication for Routing
and Remote Access clients.
4.1.3 Configure Routing and Remote Access 8
policies to permit or deny access.
4.2 Manage remote access. 8
4.2.1 Manage packet filters. 8
4.2.2 Manage Routing and Remote Access 8
routing interfaces.

5.3 Troubleshoot server services. 3, 4, 6,8
5.3.1 Diagnose and resolve issues related to 3, 4, 6, 8
service dependency.
5.3.2 Use service recovery options to diagnose 3, 4, 6, 8
and resolve service-related issues.
254_70-291_Matrx.qxd 8/14/03 4:22 PM Page xiv
Contents
xv
Foreword xxix
Chapter 1 Reviewing TCP/IP Basics 1
Introduction …………………………………………………………2
Understanding the Purpose and Function of Networking Models …2
Understanding the Department
of Defense (DoD) Networking Model …………………………3
Layer One: Network Interface …………………………………4
Media Access Control …………………………………………6
Network Interface Hardware/Software ………………………6
Layer Two: Internet (or Internetworking) ……………………7
Layer Three: Host to Host (or Transport) ……………………7
Layer Four: Application ………………………………………8
Understanding the OSI Model ……………………………………8
Layer 1: Physical ………………………………………………9
Layer 2: Data Link ……………………………………………11
Layer 3: Network ……………………………………………13
Layer 4:Transport ……………………………………………14
Layer 5: Session ………………………………………………16
Layer 6: Presentation …………………………………………17
Layer 7 Application …………………………………………17
The Microsoft Model ……………………………………………18
Understanding the Function of Boundary Layers ……………19

Network News Transfer Protocol ……………………………41
File Transfer Protocol …………………………………………41
Domain Naming System ……………………………………42
Routing Information Protocol ………………………………43
SNMP ………………………………………………………43
1.1/1.3
Understanding IP Addressing ………………………………………45
Converting from Decimal to Binary ……………………………45
Network ID and Host ID ………………………………………50
Rules for Network IDs ………………………………………52
Rules for Host IDs …………………………………………52
Class A ……………………………………………………………52
Class B ……………………………………………………………53
Class C …………………………………………………………53
Class D and Class E ………………………………………………54
Address Class Summary …………………………………………54
Understanding Subnetting ……………………………………………55
Understanding Subnet Masking ……………………………………57
How Bitwise ANDing Works ……………………………………57
Default Subnet Mask ……………………………………………59
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xvi
Contents xvii
Custom Subnet Mask ……………………………………………60
Determine the Number of Host Bits to Be Used ……………61
Determine the New Subnetted Network IDs ………………62
Determine the IP Addresses for Each New Subnet …………64
Creating the Subnet Mask ……………………………………64
Public and Private IP Addresses …………………………………67
Understanding Basic IP Routing ……………………………………68
Name and Address Resolution …………………………………68

xviii Contents
Requirement #4:
Five Networks with 250 Hosts per Subnet ………………109
Example of Subnetting a Class B Network ……………………110
Requirement #1: One Subnet of Up to 30,000 Hosts ……110
Requirement #2:Twelve Subnets with Ip to 1,500 Hosts …110
Requirement #3: Six Subnets with Up to 250 Hosts ………112
Requirement #4: Reserve at
Least Five Subnets with 250 Hosts for Future Use ………112
Example of Subnetting a Class C Network ……………………113
Requirement #1:
Create One Subnet with at Least 60 Host Addresses ……113
Requirement #2: Create at
Least Five Subnets with Up to Six Host Addresses ………114
Requirement #3: Save at
Least Two Subnets for Future Use ………………………114
Variable Length Subnetting Summary …………………………119
Supernetting Class C Networks ………………………………120
Example of Supernetting a Class C Network …………………121
4.3.2
The Windows XP/Windows 2000 Routing Table …………………124
Adding Routing Table Entries …………………………………127
Removing Routing Table Entries ………………………………128
4.3.2
The Windows Server 2003 Routing Table …………………………128
Creating Routing Table Entries ………………………………134
Removing Routing Table Entries ………………………………136
Assigning IP Addressing Information to Network Clients …………138
Static IP Addressing ……………………………………………138
Dynamic IP Addressing …………………………………………141

1.2.4
Configuring DHCP Scopes ………………………………………179
Configuring DHCP Options …………………………………186
Server Options ………………………………………………189
Scope Options ………………………………………………189
User and Vendor Class Options ……………………………………189
1.2.5
Configuring DHCP Reservations ……………………………197
Configuring BOOTP Tables ……………………………………199
Configuring Superscopes ………………………………………201
When to Use Superscopes …………………………………202
How to Create a Superscope ………………………………202
Configuring Multicast Scopes …………………………………203
Configuring Scope Allocation of IP Addresses …………………206
Conflict Detection …………………………………………207
1.2.2/1.4.5
Configuring the DHCP Relay Agent ………………………………209
BOOTP versus DHCP Relay …………………………………210
Configuring the DHCP Relay Agent …………………………211
Integrating the DHCP Server with Dynamic DNS ………………214
Dealing with Windows NT 4.0 and Win9x Clients ……………216
DNS Updating Options ……………………………………217
DNSUpdateProxy Group …………………………………218
Security Concerning the DNSUpdateProxy Group ………220
1.4/1.4.1
Integrating the DHCP Server with Routing and Remote Access …222
DHCP and RRAS Scenarios …………………………………223
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xix
xx Contents
Scenario 1: RRAS Acts as DHCP Server …………………223

Using the DHCP Server Audit Log ……………………………250
Using DHCP Log Files …………………………………………251
Client-Side Troubleshooting ……………………………………254
Summary of Exam Objectives ………………………………………256
Exam Objectives Fast Track …………………………………………258
Exam Objectives Frequently Asked Questions ……………………262
Self Test ……………………………………………………………266
Self Test Quick Answer Key ………………………………………277
Chapter 4 NetBIOS Name Resolution and WINS 279
Introduction ………………………………………………………280
Review of NetBIOS Name Resolution ……………………………281
Network Browsing ……………………………………………283
NetBIOS Name Registration …………………………………283
NetBIOS Name Registration ………………………………284
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xx
Contents xxi
NetBIOS Name Discovery …………………………………284
NetBIOS Name Release ……………………………………284
Standard NetBIOS Name Resolution …………………………285
Local Broadcast ……………………………………………285
NetBIOS Name Cache ……………………………………287
NetBIOS Name Server ……………………………………288
NetBIOS Over TCP/IP ………………………………………289
Resolving NetBIOS Names to IP Addresses …………………289
The NetBIOS Node Types …………………………………………290
b-node (Broadcasts) ……………………………………………291
p-node (Peer-to-peer) …………………………………………291
m-node (Mixed) ………………………………………………291
h-node (Hybrid) ………………………………………………292
Enhanced h-node ………………………………………………292

the Windows Server 2003 WINS Server ………………………368
WINS System Monitor Objects ………………………………369
Troubleshooting WINS Clients ………………………………373
Troubleshooting WINS Servers ………………………………378
WINS Monitoring and Statistics ……………………………379
Summary of Exam Objectives ………………………………………383
Exam Objectives Fast Track …………………………………………385
Exam Objectives Frequently Asked Questions ……………………388
Self Test ……………………………………………………………392
Self Test Quick Answer Key ………………………………………407
Chapter 5 Domain Naming System Concepts 409
Introduction ………………………………………………………410
Review of DNS ……………………………………………………411
Comparing NetBIOS and DNS Naming Conventions ………412
Flat versus Hierarchical ……………………………………413
Naming Conventions ………………………………………413
NetBIOS Name Resolution Review ………………………415
NetBIOS and Winsock Interface Name Resolution ………417
The DNS Namespace …………………………………………417
Domain and Host Names …………………………………420
Naming Subdomains ………………………………………421
Basic DNS Concepts ……………………………………………421
DNS Servers ………………………………………………422
DNS Resolvers ……………………………………………422
Resource Records …………………………………………422
Zones ………………………………………………………422
Zone Files …………………………………………………422
DNS Zones ……………………………………………………423
Commonly Used Resource Records ………………………427
Delegation and Glue Records …………………………………431

Introduction ………………………………………………………472
2.1/2.1.1/
Installing and Configuring the Windows Server
2.1.2/2.1.3/
2003 DNS Server ………………………………………………472
2.2/2.2.1/2.2.2
2.1.1
Configuring Your DNS Server …………………………………480
Configuring Forward Lookup Zones ………………………483
Adding DNS Database Records ……………………………487
Configuring Reverse Lookup Zones ………………………490
2.1.1
Configuring Your DNS Server ………………………………492
2.1.2
Configuring Your DNS Zones ……………………………………502
2.2
Configuring DNS Clients …………………………………………508
Using DHCP to Configure DNS Clients ………………………510
Integrating the Windows
Server 2003 DNS Server with DHCP …………………………517
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xxiii
xxiv Contents
DNS Updating Options ………………………………………518
Enabling DNS Dynamic Updates …………………………519
DNSUpdateProxy Group ………………………………………520
Security Concerning the DNSUpdateProxy Group ………522
Integrating the Windows Server 2003 DNS Server with WINS …524
WINS and DNS ………………………………………………524
Integrating the Windows Server 2003 DNS Server with BIND …528
2.3

Understanding Tunneling ……………………………………597
Tunneling Protocols Supported by Windows Server 2003 …598
254_70-291_TOC.qxd 8/14/03 4:50 PM Page xxiv