Windows Server Guide [2026]: Active Directory, IIS, and PowerShell

Q: What is Active Directory and why does every company use it?

Active Directory (AD) is Microsoft's directory service that centralizes identity management for an organization. It stores information about users, computers, groups, and policies in a hierarchical database. When you log into any computer at a company with a single username and password, that authentication goes through Active Directory. AD enables centralized user management (one place to create/disable accounts), group policy (push settings to thousands of machines at once), and single sign-on across Microsoft services.

Q: What PowerShell skills do Windows admins need?

Core PowerShell skills for Windows admins: managing Active Directory (New-ADUser, Get-ADUser, Get-ADGroupMember), managing services (Start-Service, Get-Service), working with files and registry, running remote commands (Invoke-Command, Enter-PSSession), scheduling tasks (New-ScheduledTask), managing IIS (WebAdministration module), and writing automation scripts with loops, conditionals, and error handling. PowerShell remoting enables managing hundreds of servers from a single terminal.

Q: What certifications are available for Windows Server?

Microsoft's current certification path: AZ-800 (Administering Windows Server Hybrid Core Infrastructure) and AZ-801 (Configuring Windows Server Hybrid Advanced Services) replace the old MCSA. Together they validate Windows Server administration skills including AD, DNS, DHCP, IIS, and hybrid cloud integration with Azure. The MD-102 (Microsoft 365 Endpoint Administrator) is relevant for desktop management. CompTIA Server+ is vendor-neutral and good for entry-level validation.

Key Takeaways

Active Directory is the identity backbone of most enterprise organizations — every Windows admin must know it
PowerShell is mandatory: GUI-only admins are being replaced by those who can automate at scale
Microsoft retired MCSA — the new certs are AZ-800 and AZ-801 for Windows Server administration
Modern Windows Server administration increasingly means hybrid: on-prem AD synced to Azure AD (Entra ID)
Group Policy enables pushing configurations to thousands of machines in minutes

Windows Server Runs Most Enterprise Infrastructure

Despite the rise of Linux and cloud, Windows Server remains dominant in enterprise environments. Active Directory runs identity management at the majority of Fortune 500 companies. Exchange/Microsoft 365 handles corporate email. IIS hosts internal web applications. Windows Server skills are not going away — they're evolving into hybrid cloud administration.

Aspect	Windows Server	Linux Server
Enterprise adoption	Dominant in corporate/enterprise	Dominant in web/cloud/startup
Identity management	Active Directory (industry standard)	LDAP/Kerberos (less common)
Management interface	GUI (Server Manager) + PowerShell	CLI (bash) primarily
Licensing	Paid (per core/CAL model)	Free (most distributions)
Cloud integration	Deep Azure/Microsoft 365 ties	Strong AWS/GCP integration

Active Directory: The Core of Enterprise Identity

Active Directory Domain Services (AD DS) is the directory service that most enterprises use for identity and access management. It organizes network resources into a hierarchical structure: Forest → Domain → Organizational Units (OUs) → Users/Computers/Groups.

Key AD Concepts:

Domain Controller (DC) — The server running AD DS. Handles all authentication requests. You should always have at least two DCs for redundancy.
LDAP — The protocol used to query Active Directory. When an application "authenticates against AD," it's making LDAP queries.
Kerberos — The authentication protocol AD uses. Tickets replace passwords in network authentication.
Trust relationships — Allow users in one domain to access resources in another. Common in mergers and multi-domain enterprises.

Common AD tasks with PowerShell (preferred over GUI for repeatability):

# Create new user
New-ADUser -Name "Jane Smith" -SamAccountName jsmith `
  -UserPrincipalName [email protected] `
  -AccountPassword (ConvertTo-SecureString "TempP@ss1" -AsPlainText -Force) `
  -Enabled $true -Path "OU=Staff,DC=corp,DC=local"

# Add user to group
Add-ADGroupMember -Identity "IT-Admins" -Members jsmith

# Find all disabled accounts
Get-ADUser -Filter {Enabled -eq $false} | Select Name, SamAccountName

# Reset password
Set-ADAccountPassword -Identity jsmith `
  -NewPassword (ConvertTo-SecureString "NewP@ss1" -AsPlainText -Force)
  -Reset

DNS and DHCP: Supporting Services

Windows Server DNS integrates tightly with Active Directory — AD depends on DNS for DC discovery. Every AD environment runs Windows DNS. Key concepts:

Forward lookup zone — Resolves hostnames to IP addresses
Reverse lookup zone — Resolves IP addresses to hostnames
SRV records — Critical for AD — domain clients use SRV records to find domain controllers
Conditional forwarders — Forward specific domain queries to designated DNS servers

DHCP Server role handles dynamic IP assignment. Key DHCP terms: scope (IP range), exclusions (IPs not to assign), reservations (permanent IP for a specific MAC address), lease duration.

PowerShell: The Modern Windows Admin's CLI

PowerShell is non-negotiable for serious Windows administration. GUI-only admins cannot manage enterprise scale. PowerShell enables:

Bulk operations (create 500 users from a CSV file in one script)
Remote management (run commands on 100 servers from your workstation)
Scheduled automation (nightly reports, cleanup tasks, backups)
Infrastructure as Code (Desired State Configuration)

# Remote command execution
Invoke-Command -ComputerName Server01, Server02 -ScriptBlock {
    Get-Service -Name "wuauserv" | Select Name, Status
}

# Bulk create users from CSV
Import-Csv users.csv | ForEach-Object {
    New-ADUser -Name $_.Name -SamAccountName $_.Username `
      -Department $_.Department -Enabled $true
}

# Get all servers with low disk space
Get-ADComputer -Filter {OperatingSystem -like "*Server*"} | ForEach-Object {
    $disk = Get-WmiObject Win32_LogicalDisk -ComputerName $_.Name -Filter "DeviceID='C:'"
    [PSCustomObject]@{
        Server = $_.Name
        FreeGB = [math]::Round($disk.FreeSpace/1GB, 2)
    }
} | Where-Object { $_.FreeGB -lt 20 }

IIS: Windows Web Server

Internet Information Services (IIS) is the Windows web server. It hosts ASP.NET applications, acts as a reverse proxy, handles SSL termination, and serves static content. Key IIS concepts:

Application Pool — Isolated worker process for a web application. Each app pool runs independently — crashes in one don't affect others.
Sites — Virtual hosts bound to IP/port/hostname combinations
Bindings — HTTP/HTTPS port assignments and SSL certificate association
URL Rewrite module — Redirect and rewrite rules (similar to nginx rewrite)

Group Policy: Central Configuration Management

Group Policy Objects (GPOs) are one of the most powerful Windows Server features. A single GPO can configure thousands of machines. Common uses:

Password complexity requirements (minimum length, expiration, history)
Software deployment (push MSI installers to computers)
Desktop lockdown (prevent USB drives, restrict control panel access)
Security settings (Windows Firewall rules, audit policies, RDP settings)
Drive mappings and printer deployment based on OU membership

GPO processing order (last write wins): Local → Site → Domain → OU (LSDOU). Child OUs inherit from parents but can block inheritance.

Windows Server Certifications in 2026

Cert	Replaces	Focus
AZ-800	MCSA (partially)	Windows Server core: AD, DNS, DHCP, Hyper-V, file services
AZ-801	MCSA (advanced)	Hybrid cloud, security, backup/recovery, migration
MD-102	MCSA Endpoint	Windows 11 client management, Intune, Endpoint Manager
CompTIA Server+	N/A (vendor-neutral)	Cross-platform server fundamentals, good entry point

Build IT Administration Skills at Precision AI Academy

Learn the systems administration skills that enterprise environments actually use — Windows, Linux, cloud, and automation. Five cities, October 2026.

$1,490 · October 2026 · Denver, LA, NYC, Chicago, Dallas

Reserve Your Seat

Frequently Asked Questions

What is Active Directory and why does every company use it?

Active Directory centralizes identity management. It handles user authentication, group membership, and policy enforcement across all Windows machines in an organization. It's the backbone of corporate IT.

What PowerShell skills do Windows admins need?

AD user management, remote execution with Invoke-Command, bulk operations from CSV files, service management, and automation scripting with loops and error handling.

What certifications are available for Windows Server?

Microsoft replaced MCSA with AZ-800 (hybrid core) and AZ-801 (advanced hybrid services). CompTIA Server+ covers cross-platform fundamentals. Both paths are recognized by employers.

Bo Peng

Founder of Precision AI Academy. Software engineer and AI instructor with enterprise systems and federal tech experience. Teaches practical IT skills to working professionals.