Windows Server Guide [2026]: Active Directory, IIS, and PowerShell

Windows Server Runs Most Enterprise Infrastructure

Despite the rise of Linux and cloud, Windows Server remains dominant in enterprise environments. Active Directory runs identity management at the majority of Fortune 500 companies. Exchange/Microsoft 365 handles corporate email. IIS hosts internal web applications. Windows Server skills are not going away — they're evolving into hybrid cloud administration.

Active Directory: The Core of Enterprise Identity

Active Directory Domain Services (AD DS) is the directory service that most enterprises use for identity and access management. It organizes network resources into a hierarchical structure: Forest → Domain → Organizational Units (OUs) → Users/Computers/Groups.

Key AD Concepts:

• Domain Controller (DC) — The server running AD DS. Handles all authentication requests. You should always have at least two DCs for redundancy.
• LDAP — The protocol used to query Active Directory. When an application "authenticates against AD," it's making LDAP queries.
• Kerberos — The authentication protocol AD uses. Tickets replace passwords in network authentication.
• Trust relationships — Allow users in one domain to access resources in another. Common in mergers and multi-domain enterprises.

Common AD tasks with PowerShell (preferred over GUI for repeatability):

# Create new user
New-ADUser -Name "Jane Smith" -SamAccountName jsmith `
  -UserPrincipalName [email protected] `
  -AccountPassword (ConvertTo-SecureString "TempP@ss1" -AsPlainText -Force) `
  -Enabled $true -Path "OU=Staff,DC=corp,DC=local"

# Add user to group
Add-ADGroupMember -Identity "IT-Admins" -Members jsmith

# Find all disabled accounts
Get-ADUser -Filter {Enabled -eq $false} | Select Name, SamAccountName

# Reset password
Set-ADAccountPassword -Identity jsmith `
  -NewPassword (ConvertTo-SecureString "NewP@ss1" -AsPlainText -Force)
  -Reset

DNS and DHCP: Supporting Services

Windows Server DNS integrates tightly with Active Directory — AD depends on DNS for DC discovery. Every AD environment runs Windows DNS. Key concepts:

• Forward lookup zone — Resolves hostnames to IP addresses
• Reverse lookup zone — Resolves IP addresses to hostnames
• SRV records — Critical for AD — domain clients use SRV records to find domain controllers
• Conditional forwarders — Forward specific domain queries to designated DNS servers

DHCP Server role handles dynamic IP assignment. Key DHCP terms: scope (IP range), exclusions (IPs not to assign), reservations (permanent IP for a specific MAC address), lease duration.

PowerShell: The Modern Windows Admin's CLI

PowerShell is non-negotiable for serious Windows administration. GUI-only admins cannot manage enterprise scale. PowerShell enables:

• Bulk operations (create 500 users from a CSV file in one script)
• Remote management (run commands on 100 servers from your workstation)
• Scheduled automation (nightly reports, cleanup tasks, backups)
• Infrastructure as Code (Desired State Configuration)

# Remote command execution
Invoke-Command -ComputerName Server01, Server02 -ScriptBlock {
    Get-Service -Name "wuauserv" | Select Name, Status
}

# Bulk create users from CSV
Import-Csv users.csv | ForEach-Object {
    New-ADUser -Name $_.Name -SamAccountName $_.Username `
      -Department $_.Department -Enabled $true
}

# Get all servers with low disk space
Get-ADComputer -Filter {OperatingSystem -like "*Server*"} | ForEach-Object {
    $disk = Get-WmiObject Win32_LogicalDisk -ComputerName $_.Name -Filter "DeviceID='C:'"
    [PSCustomObject]@{
        Server = $_.Name
        FreeGB = [math]::Round($disk.FreeSpace/1GB, 2)
    }
} | Where-Object { $_.FreeGB -lt 20 }

IIS: Windows Web Server

Internet Information Services (IIS) is the Windows web server. It hosts ASP.NET applications, acts as a reverse proxy, handles SSL termination, and serves static content. Key IIS concepts:

• Application Pool — Isolated worker process for a web application. Each app pool runs independently — crashes in one don't affect others.
• Sites — Virtual hosts bound to IP/port/hostname combinations
• Bindings — HTTP/HTTPS port assignments and SSL certificate association
• URL Rewrite module — Redirect and rewrite rules (similar to nginx rewrite)

Group Policy: Central Configuration Management

Group Policy Objects (GPOs) are one of the most powerful Windows Server features. A single GPO can configure thousands of machines. Common uses:

• Password complexity requirements (minimum length, expiration, history)
• Software deployment (push MSI installers to computers)
• Desktop lockdown (prevent USB drives, restrict control panel access)
• Security settings (Windows Firewall rules, audit policies, RDP settings)
• Drive mappings and printer deployment based on OU membership

GPO processing order (last write wins): Local → Site → Domain → OU (LSDOU). Child OUs inherit from parents but can block inheritance.

Windows Server Certifications in 2026