To deploy a new primary DNS zone named fabrikam.com to DC1 and sign the zone, you can follow these steps:

Step 1: Create the Primary DNS Zone Use the Add-DnsServerPrimaryZone PowerShell command to create the primary zone:

Add-DnsServerPrimaryZone -Name 'fabrikam.com' -ZoneFile 'fabrikam.com.dns' -DynamicUpdate Secure

This command creates a primary zone for fabrikam.com with a DNS file named fabrikam.com.dns and allows secure dynamic updates.

Step 2: Sign the Zone To sign the zone, you can use the DNS Manager or Windows PowerShell. Here's how to sign the zone using PowerShell:

Add-DnsServerSigningKey -ZoneName 'fabrikam.com' -Type KeySigningKey -CryptoAlgorithm RsaSha256

Set-DnsServerDnsSecZoneSetting -ZoneName 'fabrikam.com' -DenialOfExistence NSEC3 -NSEC3Parameters 1,0,10,''

These commands add a signing key to the zone and set DNSSEC settings with NSEC3 parameters.

Step 3: Publish the Signed Zone After signing the zone, ensure that it is published and available for DNS queries. You can verify the zone signing status using the following command:

Get-DnsServerZone -Name 'fabrikam.com'

Note: Ensure that you have the appropriate permissions to perform these actions on DC1 and that the DNS Server role is installed and properly configured. Also, replace 'fabrikam.com.dns' with the actual path to your DNS file if it's different12.

By following these steps, you should be able to deploy and sign the new primary DNS zone fabrikam.com on DC1.

To configure the domain to support the creation of gMSAs, you need to perform the following steps:

On a domain controller or a computer that has the Remote Server Administration Tools (RSAT) installed, open PowerShell as an administrator and run the following command to install the Active Directory module:

Install-WindowsFeature -Name RSAT-AD-PowerShell

Run the following command to create a Key Distribution Service (KDS) root key, which is required for generating passwords for gMSAs. You only need to do this once per domain:

Add-KdsRootKey -EffectiveImmediately

Wait for at least 10 hours for the KDS root key to replicate to all domain controllers in the domain. Alternatively, you can use the-EffectiveTimeparameter to specify a past date and time for the KDS root key, but this is not recommended for security reasons. For more information, seeAdd-KdsRootKey.

After the KDS root key is replicated, you can create and configure gMSAs using theNew-ADServiceAccountandSet-ADServiceAccountcmdlets. For more information, seeCreate a gMSAandConfigure a gMSA.

One possible solution to configure Hyper-V to ensure that running virtual machines can be moved between SRV1 and SRV2 without downtime is to use Live Migration. Live Migration is a feature of Hyper-V that allows you to move a running virtual machine from one host to another without any noticeable interruption of service. To set up Live Migration between SRV1 and SRV2, you need to perform the following steps:

On both SRV1 and SRV2, openHyper-V Managerfrom theAdministrative Toolsmenu or by typingvirtmgmt.mscin the Run box.

In the left pane, right-click on the name of the server and selectHyper-V Settings.

In theHyper-V Settingsdialog box, selectLive Migrationsin the navigation pane.

Check the boxEnable incoming and outgoing live migrations.

UnderAuthentication protocol, select the method that you want to use to authenticate the live migration traffic between the servers. You can choose eitherKerberosorCredSSP. Kerberos does not require you to sign in to the source server before starting a live migration, but it requires you to configure constrained delegation on the domain controller. CredSSP does not require you to configure constrained delegation, but it requires you to sign in to the source server through a local console session, a Remote Desktop session, or a remote Windows PowerShell session. For more information on how to configure constrained delegation, seeConfigure constrained delegation.

UnderPerformance options, select the option that best suits your network configuration and performance requirements. You can choose eitherTCP/IPorCompressionorSMB. TCP/IP uses a single TCP connection for the live migration traffic. Compression uses multiple TCP connections and compresses the live migration traffic to reduce the migration time and network bandwidth usage. SMB uses the Server Message Block (SMB) 3.0 protocol and can leverage SMB features such as SMB Multichannel and SMB Direct. For more information on how to choose the best performance option, seeChoose a live migration performance option.

UnderAdvanced Features, you can optionally enable theUse any available network for live migrationoption, which allows Hyper-V to use any available network adapter on the source and destination servers for live migration. If you do not enable this option, you need to specify one or more network adapters to be used for live migration by clicking on theAddbutton and selecting the network adapter from the list. You can also change the order of preference by using theMove UpandMove Downbuttons.

ClickOKto apply the settings.

Now, you have configured Hyper-V to enable live migration between SRV1 and SRV2. You can use Hyper-V Manager or Windows PowerShell to initiate a live migration of a running virtual machine from one server to another.

https://docs.microsoft.com/en-us/windows-server/storage/data-deduplication/interop