Welcome to ONLC Training Centers

Identity with Windows Server (55344/20742) - 20742

Class Dates
(click date for class times)
(click Enroll for locations)

Fee:  $2975

Savings options:

 Learning Credits
Need a price quote?|/b>

Follow the link to our self-service price quote form to generate an email with a price quote.

Need a class for a group?

We can deliver this`class for your group. Follow the link to request more information.

Email Alert

Receive an email when this`class is available as`"Ready to`Run" or "Early Notice" status.

Train from your home or office

If you have high-speed internet and a computer you can likely take this class from your home or office.

Identity with Windows Server (55344/20742) - 20742 Course Outline

This five-day instructor-led is intended for IT professionals who wants to learn about administering, configuring, troubleshooting, and operating identity services in the Active Directory Domain Services and Azure AD. Course covers core AD DS identity services such as GPOs, AD CS, AD FS and also hybrid solutions with Azure AD

*** NOTE: This class also available in On-Demand, eLearning Format ***
Too busy at work to miss 5 days out of the office to take this class? Consider the Microsoft On-Demand version of this course. Watch expert lectures and demonstrations, take hands-on labs, access an online expert 24/7, and study on your own time, at your own pace. For details on this alternative format, go to:
Microsoft On-Demand 20742: Identity with Windows Server 2016

Audience Profile
This course is intended for IT professionals who work on administering, configuring, troubleshooting, and operating identity services in the Active Directory Domain Services and Azure AD. It is also useful for system or infrastructure administrators with general AD DS experience and knowledge who want to cross-train in core and advanced identity and access technologies in Windows Server and Azure AD.

At Course Completion
Install and configure domain controllers in AD DS
Manage objects in AD DS by using graphical tools and Windows PowerShell modules
Implement AD DS in complex environments
Implement and configure AD DS sites, and configure and manage replication
Implement and manage Group Policy Objects (GPOs) in AD DS
Manage user settings by using GPOs
Secure AD DS
Implement and manage a certificate authority (CA) hierarchy with AD CS
Deploy and manage certificates
Implement and administer Active Directory Federation Services (AD FS)
Implement synchronization between AD DS and Azure AD
Monitor, troubleshoot, and establish business continuity for AD DS services

Course Outline

Module 1: Deploy Active Directory services
Active Directory Domain Services (AD DS) is the cornerstone of on-premises networks for many organizations worldwide. AD DS delivers authentication and authorization by using domain controllers (DCs) for on-premises apps and services. In this module, youíll learn how to configure DCs to suit your specific organizational needs and integrate AD DS with Microsoft Azure Active Directory (Azure AD) to provide single sign-on (SSO) for users that access both on-premises and cloud-based apps.
Components of AD DS
Deploy AD DS DCs
Azure AD overview
Lab 1: Deploy and administer AD DS
Deploy AD DS.
Deploy DCs by performing DC cloning.
Administer AD DS.

Module 2: Manage directory objects
Active Directory, at its heart, is a hierarchical database. Unlike a traditional database, however, you can create many different types of records within Active Directory. These records are referred to as objects, which you can create to represent almost anything in your network, from users and groups to printers, shared folders, and computers.

Each object can have many different properties, referred to as attributes. For example, the user object type has attributes in which you can store the userís sign-in name, and street and email addresses.

Not only does Active Directory allow you to store information about objects, but it also enables you to manage those objects. After you create objects, you can use AD DS to manage and control these objects, which you can group together in containers to easily apply policies to them.

Active Directory is a powerful tool to centrally manage your network. Large organizations might want to distribute management to different teams of administrators. Active Directory enables this by allowing a domain administrator to provide lower-level administrators access to specific objects and containers.
Manage user accounts
Manage groups in AD DS
Manage computer objects in AD DS
Administer AD DS by using PowerShell
Implement and manage OUs
Lab 1: Manage AD DS Objects
Create and manage groups in AD DS.
Create and configure user accounts in AD DS.
Manage computer objects in AD DS.
Lab 2: Administer AD
Delegate administration for OUs.
Create and modify AD DS objects with Windows PowerShell.

Module 3: Advanced AD DS infrastructure management
This module describes key technologies that serve as the building blocks of more advanced AD DS environments and provides guidance about implementing and managing such environments.
Overview of advanced AD DS deployments.
Deploy a distributed AD DS environment
Configure AD DS trusts
Lab 1: Domain and trust management in AD DS
Implement forest trusts.
Implement child domains in AD DS.

Module 4: Implement and administer AD DS sites and replication
In this module, youíll learn about the technical details of AD DS replication and how you can leverage that knowledge to optimize the design and implementation of AD DS environments that consist of multiple geographically distributed DCs.
Overview of AD DS replication
Configure AD DS sites
Describe AD DS sites.
Explain reasons to implement additional sites.
Configure additional AD DS sites.
Describe how AD DS replication works between sites.
Describe the intersite topology generator.
Describe SRV resource records.
Describe how domain-joined computers locate DCs.
Explain how to move DCs between sites.
Lab 1: Implement AD DS sites and replication
Describe AD DS site links.
Explain the concept of site-link bridging.
Describe how to manage intersite replication.
Configure AD DS intersite replication.
Describe the tools for monitoring and managing replication.

Module 5: Implement Group Policy
For organizations operating in an on-premises AD DS environment, Group Policy offers centralized management of both user and computer settings. This enables administrators to configure, enforce, and maintain their organizationís on-premises configuration. GPOs are linked to container objects such as sites, domains, and OUs. Users and computers placed in those containers inherit the applicable containerís settings. However, GPOs can be blocked, unlinked, or enforced to override the default application behavior. GPOs can also be filtered based on security-group membership and Windows Management Instrumentation (WMI) filters. When settings donít apply as you expect, itís important that you know how to investigate and resolve the issues.
What is Group Policy?
Implement and administer Group Policy
Group Policy scope and processing
Troubleshoot the application of GPOs
Lab 1: Implement a Group Policy Infrastructure
Creating and configuring GPOs.
Managing GPO scope.
Lab 2: Troubleshoot Group Policy infrastructure
Verify GPO application.
Troubleshoot GPOs.

Module 6: Manage user settings with Group Policy
You can use GPOs to create a standard desktop for the entire organization or on a departmental basis. You construct this standard desktop by using features such as administrative templates, Folder Redirection, and Group Policy preferences.
Implement administrative templates
Configure Folder Redirection, software installation, and scripts
Configure Group Policy preferences
Lab 1: Manage user settings with Group Policy
Use administrative templates to manage user settings.
Implement settings by using Group Policy preferences.
Configure Folder Redirection.

Module 7: Secure AD DS
AD DS contains sensitive information about many parts of your IT infrastructure, such as users and their passwords. An issue with your AD DS security can result in data loss, data leakage, parts of your IT infrastructure being disabled, or even your entire IT infrastructure being compromised. As an AD DS administrator, you need to understand the potential threats to AD DS and how to mitigate them.
Secure DCs
Implement account security
Implement authentication auditing
Configure managed service accounts
Lab 1: Secure AD DS
Implement security-related polices in AD DS.
Implement Read Only Domain Controllers to secure AD DS.
Create and manage service accounts.

Module 8: Deploy and manage AD CS
Public key infrastructure (PKI) is the tools and processes that allow you to issue digital certificates, which are commonly used for authentication and to help secure network communication. You can configurate Windows Server as a CA that issues digital certificates by installing the AD CS role.
Deploy CAs
Administer CAs
Troubleshoot and maintain CAs
Lab 1: Deploy and configure a two-tier CA hierarchy
Deploy an offline root CA.
Deploy an enterprise subordinate CA.

Module 9: Deploy and manage certificates
Planning a CA hierarchy is just the first part of implementing PKI for your organization. You also need to understand how to manage certificate templates to ensure that users and computers get certificates with the correct configuration. Additionally, you need to know how to manage certificates, including certificate revocation, and how you can use certificates for purposes such as securing network communication.
Deploy and manage certificate templates
Manage certificate deployment, revocation, and recovery
Use certificates in a business environment
Lab 1: Deploy and use certificates
Configure certificate templates for end users.
Enroll for certificate and use certificates.
Configure key recovery for critical certificates

Module 10: Implement and administer AD FS
Windows Server provides AD FS, an SSO solution. AD FS enables organizations to provide users with the ability to sign in and authenticate to services and apps locally, in partner companies, and online. AD FS service provides SSO functionality for many services in various organizations. In this module, youíll learn how AD FS works and how to implement it in different scenarios.
Overview of AD FS
AD FS requirements and planning
Deploy and configure AD FS
Web Application Proxy Overview
Lab 1: Implement AD FS
Deploy AD FS infrastructure.
Configure an application to use AD FS.
Configure AD FS for a business-partner scenario.

Module 11: Implement AD DS synchronization with Microsoft Azure AD
In this module, youíll learn how to plan, prepare, and implement directory synchronization between local AD DS and Azure AD.
Plan and prepare for directory synchronization
Implement directory synchronization by using Azure AD Connect
Manage identities with directory synchronization
Lab 1: Configure Directory Synchronization.
Deploy directory synchronization between the AD DS and Azure AD.
Manage users and groups in a directory synchronization scenario.

Module 12: Monitor, manage, and recover AD DS
At the heart of AD DS is the Active Directory database. A major responsibility for administrators is to monitor AD DS and its associated services, which ensures youíre managing issues proactively. In a worst-case scenario, administrators might have to restore the Active Directory database from a backup, which requires a methodical approach to creating, testing, and performing regular backups. Microsoft provides several tools for monitoring AD DS in real time, and for storing data to recognize trends over time. There are also specific tools to help you backup and restore an Active Directory database.
Monitor AD DS
Manage the Active Directory database
Active Directory backup and recovery solutions
Lab 1: Recover Objects in AD DS
Backup and restore AD DS.
Recover objects in AD DS.
Monitor Azure AD.

View outline in Word


Attend hands-on, instructor-led Identity with Windows Server (55344/20742) - 20742 training classes at ONLC's more than 300 locations. Not near one of our locations? Attend these same live classes from your home/office PC via our Remote Classroom Instruction (RCI) technology.

For additional training options, check out our list of Courses and select the one that's right for you.


Class Format
Class Policies
Student Reviews

First Name

Last Name