Configuring Windows Server 2008 Active Directory Domain Services - 6425 Course Outline
This five-day instructor-led course provides in-depth training on implementing, configuring, managing and troubleshooting Active Directory Domain Services (AD DS) in Windows Server 2008 and Windows Server 2008 R2 environments. It covers core AD DS concepts and functionality as well as implementing Group Policies, performing backup and restore and monitoring and troubleshooting Active Directory related issues. After completing this course students will be able to configure AD DS in their Windows Server 2008 and Windows server 2008 R2 environments.
The course also provides a direct mapping to the objective domain of the 70-640: TS: Windows Server 2008 Active Directory, Configuring exam.
This course is intended for Active Directory Technology Specialists, Server and Enterprise Administrators who want to learn how to implement Active Directory Domain Services in Windows Server 2008 and Windows Server 2008 R2 environments. Those attending would be interested in learning how to secure domains by using Group Policies, back up, restore, monitor, and troubleshoot configuration to ensure trouble-free operation of Active Directory Domain Services.
Those intending to take the 70-640: TS: Windows Server 2008 Active Directory, Configuring exam will also benefit from attendance at this course.
At Course Completion
After completing this course, students will be able to:
Describe the features and functionality of Active Directory Domain Services.
Perform secure and efficient administration of Active Directory.
Manage users and service accounts.
Manage computer accounts.
Implement a Group Policy infrastructure.
Manage User Desktops with Group Policy.
Manage enterprise security and configuration by using Group Policy settings.
Improve the security of authentication in an AD DS Domain.
Configure Domain Name System.
Administer AD DS domain controllers.
Manage sites and Active Directory Replication.
Monitor, maintain and back up directory Service to ensure Directory Service continuity.
Manage multiple domains and forests.
Before attending this course, students must have:
Basic understanding of networking
Intermediate understanding of network operating systems
An awareness of security best practices
Basic knowledge of server hardware
Some experience creating objects in Active Directory
Basic concepts of backup and recovery in a Windows Server environment
A good knowledge of Windows Client operating systems such as Windows Vista or Windows 7
Module 1: Introducing Active Directory Domain Services
This module provides an overview of Active Directory components and concepts and steps through the basics of installing and configuring an Active Directory domain
Lesson 1: Overview of Active Directory, Identity, and Access
Lesson 2: Active Directory Components and Concepts
Lesson 3: Install Active Directory Domain Services
Lab : Install an AD DS DC to Create a Single Domain Forest
Perform Post-Installation Configuration Tasks
Install a New Windows Server 2008 Forest with the Windows Interface
Raise Domain and Forest Functional Levels
Module 2: Administering Active Directory Securely and Efficiently
This module explains how to work securely and efficiently in Active Directory using Administration Tools and some best practices as well as use of Windows PowerShell.
Work with Active Directory Administration Tools
Custom Consoles and Least Privilege
Find Objects in Active Directory
Use Windows PowerShell to Administer Active Directory
Lab : Administer Active Directory Using Administrative Tools
Perform Administrative Tasks by Using Administrative Tools
Create a Custom Active Directory Administrative Console
Perform Administrative Tasks with Least Privilege, Run As Administrator, and User Account Control
Lab : Find Objects in Active Directory
Find Objects in Active Directory
Use Saved Queries
Lab : Use Windows PowerShell to Administer Active Directory
Use PowerShell Commands to Administer Active Directory
Module 3: Managing Users and Service Accounts
This module explains how to create, manage and support user and Managed Service Accounts in Active Directory.
Create and Administer User Accounts
Configure User Object Attributes
Automate User Account Creation
Create and Configure Managed Service Accounts
Lab : Create and Administer User Accounts
Create User Accounts
Administer User Accounts
Lab : Configure User Object Attributes
Examine User Object Attributes
Manage User Object Attributes
Create Users from a Template
Lab : Automate User Account Creation
Export and Import Users with CSVDE
Import Users with LDIFDE
Import Users by Using Windows PowerShell
Lab : Create and Administer Managed Service Accounts
Create and Associate a Managed Service Account
Module 4: Managing Groups
This module explains how to create, modify, delete, and support group objects in Active Directory.
Overview of Groups
Best Practices for Group Management
Lab : Administer Groups
Implement Role-Based Management by Using Groups
(Advanced Optional) Explore Group Membership Reporting Tools
(Advanced Optional) Understand Account Unknown Permissions
Lab : Best Practices for Group Management
Implement Best Practices for Group Management
Module 5: Managing Computer Accounts
This module explains how to create and configure computer accounts.
Create Computers and Join the Domain
Administer Computer Objects and Accounts
Perform an Offline Domain Join
Lab : Create Computers and Join the Domain
Join a computer to the Domain with the Windows Interface
Secure Computer Joins
Manage Computer Account Creation
Lab : Administer Computer Objects and Accounts
Administer Computer Objects Through Their Life Cycle
Administer and Troubleshoot Computer Accounts
Lab : Perform an Offline Domain Join
Perform an Offline Domain Join
Module 6: Implementing a Group Policy Infrastructure
This module explains what Group Policy is, how it works, and how best to implement Group Policy in your organization.
Understand Group Policy
Manage Group Policy Scope
Group Policy Processing
Troubleshoot Policy Application
Lab : Implement Group Policy
Create, Edit, and Link GPOs
Use Filtering and Commenting
Lab : Manage Group Policy Scope
Configure GPO Scope with Links
Configure GPO Scope with Filtering
Configure Loopback Processing
Lab : Troubleshoot Policy Application
Perform RSoP Analysis
Use the Group Policy Modeling Wizard
View Policy Events
Module 7: Managing User Desktop with Group Policy
This module explains how to manage and configure desktop environments using Administrative templates and Group Policy Preferences as well as how to deploy software using Group Policy
Implement Administrative Templates
Configure Group Policy Preferences
Manage Software with GPSI
Lab : Manage Administrative Templates and Central Store
Manage Administrative Templates
Lab : Manage Group Policy Preferences
Configure Group Policy Preferences
Verify Group Policy Preferences Application
Lab : Manage Software with GPSI
Deploy Software with GPSI
Upgrade Applications with GPSI
Module 8: Managing Enterprise Security and Configuration with Group Policy Settings
This module explains how to use Group Policy to manage a variety of components and features of Windows. It will also explain how to audit files and folders and how to restrict access to applications using application control policies.
Manage Group Membership by Using Group Policy Settings
Manage Security Settings
Software Restriction Policy and Applocker
Lab : Using Group Policy to Manage Group Membership
Configure the Membership of Administrators by Using Restricted Group Policies
Lab : Manage Security Settings
Manage Local Security Settings
Create a Security Template
Use the security Configuration Wizard
Lab : Audit File System Access
Configure Permissions and Audit Settings
Configure Audit Policy
Examine Audit Results
Lab : Configure Application Control Policies
Configure Application Control Policies
Module 9: Securing Administration
This module explains how to administer Active Directory Domain Services Securely.
Delegate Administrative Permissions
Audit Active Directory Administration
Lab : Delegate Administration
Delegate Permission to Create and Support User Accounts
View Delegated Permissions
Remove and Reset Permissions
Lab : Audit Active Directory Changes
Audit Changes to Active Directory Using Default Audit Policy
Audit Changes to Active Directory Using Directory Service Changes Auditing
Module 10: Improving the Security of Authentication in an AD DS Domain
This module explains the domain-side components of authentication, including the policies that specify password requirements and the auditing of authentication-related activities.
Configure Password and Lockout Policies
Configure Read-Only Domain Controllers
Lab : Configure Password and Account Lockout Policies
Configure the Domains Password and Lockout Policies
Configure a Fine-Grained Password Policy
Lab : Audit Authentication
Lab : Configure Read-Only Domain Controllers
Exercise 1: Install an RODC
Exercise 2: Configure Password Replication Policy
Exercise 3: Manage Credential Caching
Module 11: Configuring Domain Name System
This module explains how to implement DNS to support name resolution both within your AD DS domain and outside your domain and your intranet.
Install and Configure DNS in an AD DS Domain
Integration of AD DS, DNS, and Windows
Advanced DNS Configuration and Administration
Lab : Installing the DNS Service
Add the DNS Server Role
Configure Forward Lookup Zones and Resource Records
Lab : Advanced Configuration of DNS
Enable Scavenging of DNS Zones
Explore Domain Controller Location
Configure Name Resolution for External Domains
Module 12: Administering AD DS Domain Controllers
This module explains how to add Windows Server 2008 domain controllers to a forest or domain, how to prepare a Microsoft Windows Server 2003 forest or domain for its first Windows Server 2008 DC, how to manage the roles performed by DCs, and how to migrate the replication of SYSVOL from the File Replication Service (FRS) used in previous versions of Windows to the Distributed File System Replication (DFS-R) mechanism that provides more robust and manageable replication.
Domain Controller Installation Options
Install a Server Core Domain Controller
Manage Operations Masters
Configure Global Catalog
Configure DFS-R Replication of SYSVOL
Lab : Install Domain Controllers
Create an Additional DC with the Active Directory Domain Services Installation Wizard
Add a Domain Controller from the Command Line
Create a Domain Controller from Installation Media
Lab : Install a Server Core Domain Controller
Perform Post-Installation Configuration on Server Core
Create a Domain Controller with Server Core
Lab : Transfer Operations Masters Roles
Identify Operations Masters
Transfer Operations Masters Roles
Lab : Configure the Global Catalog and Universal Group Membership Caching
Configure a Global Catalog
Configure Universal Group Membership Caching
Lab : Configure DFS-R Replication of SYSVOL
Observe the Replication of SYSVOL
Prepare to Migrate to DFS-R
Migrate SYSVOL Replication to DFS-R
Verify DFS-R Replication of SYSVOL
Module 13: Managing Sites and Active Directory Replication
This module explains how to create a distributed directory service that supports domain controllers in portions of your network that are separated by expensive, slow, or unreliable links and how to configure replication amongst those servers.
Configure Sites and Subnets
Lab : Configure Sites and Subnets
Configure the Default Site
Create Additional Sites
Move Domain Controllers into Sites
Lab : Configure Replication
Create a Connection Object
Create Site Links
Designate a Preferred Bridgehead Server
Configure Intersite Replication
Module 14: Directory Service Continuity
This module explains about the technologies and tools that are available to help ensure the health and longevity of the directory service. You will explore tools that help you monitor performance in real time, and you will learn to log performance over time so that you can keep an eye on performance trends in order to spot potential problems.
Monitor Active Directory
Manage the Active Directory Database
Active Directory Recycle Bin
Back Up and Restore AD DS and Domain Controllers
Lab : Monitor Active Directory Events and Performance
Monitor AD DS with Performance Monitor
Work with Data Collector Sets
Lab : Manage the Active Directory Database
Perform Database Maintenance
Work with Snapshots and Recover a Deleted User
Lab : Using Active Directory Recycle Bin
Enable Active Directory Recycle Bin
Restore Deleted Objects with Active Directory Recycle Bin
Lab : Back Up and Restore Active Directory
Back Up Active Directory
Restore Active Directory and a Deleted OU
Module 15: Managing Multiple Domains and Forests
This module explains how to raise the domain and forest functionality levels within your environment, how to design the optimal AD DS infrastructure for your enterprise, how to migrate objects between domains and forests, and how to enable authentication and resources access across multiple domains and forests.
Configure Domain and Forest Functional Levels
Manage Multiple Domains and Trust Relationships
Move Objects between Domains and Forests
Lab : Administer Trust Relationships
Configure Name Resolution between Contoso.com and Tailspintoys.com
Create a Forest Trust
View outline in Word