Managing and Maintaining Windows Server 2008 Active Directory Servers
•
Course Number: 6432A
•
Course Length: 2 Days
Course Overview
This two-day instructor-led course provides students with the knowledge and skills to manage and
maintain Windows Server 2008 Active Directory servers. The course focuses on the Active Directory
server lifecycle by creating baselines, monitoring the system health, and maintaining security for the
Active Directory servers. The course also focuses on managing Active Directory Domain Services (AD
DS) and Active Directory service roles.
Prerequisites
In addition to their professional experience, students who attend this training should have technical
knowledge equivalent to the following courses:
•
6424A: Fundamentals of Windows Server 2008 Active Directory
•
6425A: Configuring Windows Server 2008 Active Directory Domain Services
•
6426A: Configuring Identity and Access Solutions with Windows Server 2008 Active Directory
•
6430A: Planning and Administering Windows Server 2008 Servers
Audience
This course is intended for Server Administrators who are familiar with Windows Server 2008 and who
are, or will be, responsible for the daily management and maintenance of Windows Server 2008 Active
Directory servers. It is also intended for IT professionals who could benefit from acquiring the skills
required by a Windows Server 2008 Active Directory Server Administrator, such as a Server
Administrator who is responsible for network application servers and works closely with the Active
Directory Server Administrator, or an Enterprise Administrator who wants to understand the operational
requirements of Windows Server 2008 Active Directory servers before designing a network server
infrastructure.
Course Outline
Course Introduction
Course Introduction 4m
Managing an Active Directory Server Lifecycle
Module 1 - Managing an Active Directory Server Lifecycle
Lesson 1: Planning an Active Directory Server Deployment Server Deployment Issues: Base Hardware
Server Deployment Issues: Upgrade vs. Clean Install RODC or Writeable Domain Controller Deployment
Deploying Windows Server Core as an Active Directory Server Lesson 2: Using Active Directory Server Deployment Technologies Active Directory Server Deployment: Local Installation
Active Directory Server Deployment: Network Installation
Active Directory Server Deployment: Windows Deployment Services Installation Active Directory Server Deployment: Installation from Backup
Using Systems Management Server (SMS) for Active Directory Deployment Lesson 3: Adding AD DS Server Roles
Defining Active Directory Roles Planning for Combining Roles
Method Selection Criteria for Adding Server Roles Demo - Installing Roles
Using Different Methods to Add Server Roles: Remote Microsoft Management Console (MMC) Using Different Methods to Add Server Roles: Other Remote Access Tools
Verifying Server Roles
Lesson 4: Removing AD DS Server Roles Removing Server Roles via the GUI
Removing Server Roles via the Command-Line Tool Verifying Removed Roles
Module 1 Review
Module 2 - Creating Baselines for Active Directory Servers
Creating Baselines for Active Directory Servers 54m
Lesson 1: Baseline Methodologies for Active Directory Servers Planning for Baselines
Defining Baseline Server Hardware and Roles Who Decides the Initial Performance Criteria?
Review of the Existing History of Microsoft Windows Server 2003 Evaluating Baseline Acceptability Over Time
Criteria for Revising Baselines vs. Starting Over Lesson 2: WRPM Overview
Reliability Monitor Performance Monitor
Essential Objects and Counters (Global) Logging Options
Report Options and Formats
Lesson 3: Creating Baselines for Active Directory Servers Metrics: AD DS
Metrics: AD LDS
Metrics: Active Directory Certificate Services (AD CS) Metrics: Active Directory Federation Services (AD FS)
Metrics: Active Directory Rights Management Services (AD RMS) Frequency of Measurement
Duration of Measurement Demo - WRPM
Module 2 Review
Monitoring the System Health of the Active Directory Servers Lesson 1: Overview of System Health
Defining System Health Defining Server Health
Defining Active Directory Health
Lesson 2: Using Long-Term Monitoring to Identify Trends System Center Operations Manager Features
Re-evaluating Performance vs. Baselines Adjusting Baselines
Lesson 3: Setting Thresholds and Alerts for Short-Term Monitoring Performance Threshold Basics
Creating Alerts and Triggers for Short-Term Monitoring: Informational Alerts Creating Alerts and Triggers for Short-Term Monitoring: Action Alerts Creating Alerts and Triggers for Short-Term Monitoring: Event Log Triggers Setting Action Plans for Alert Situations
Lesson 4: Choosing the Appropriate Windows Server 2008 Monitoring Tools Windows Reliability and Performance Monitor: Resource Overview
Windows Reliability and Performance Monitor: Performance Monitor Event Viewer
Demo - Event Viewer
Event Subscriptions and WinRM Services Console Server Manager RSAT PKIView Demo - WRPM Module 3 Review
Module 4 - Managing Active Directory Domain Services
Managing Active Directory Domain Services 1h 18m
Lesson 1: Restarting and Restoring Active Directory Restarting AD DS Without Rebooting
Restoring Active Directory Without Entering Directory Service Restore Mode (DSRM): DSAMAIN Lesson 2: Overview of the Flexible Single Master Operations (FSMO) Roles
Schema Master RID Master
Domain Naming Master Infrastructure Master PDC Emulator Global Catalog
Lesson 3: Planning Sites and Replication Creating Sites
Default Replication Settings Demo - IntersiteRepl Lesson 4: Managing RODCs Unidirectional Replication Read-Only DNS
Multi-RODC Installations
Remote-Enabled Administrative Tools Group Policy
Lesson 6: Best Practices for GPOs and Links
When to Link to Domains, Sites, and Organizational Units GPMC
Central Store for ADMX Files Group Policy Troubleshooting Tools
Group Policy as an Operating System Service Group Policy “Preferences”
Lesson 7: Delegating Active Directory Administration Active Directory Delegation
Demo - Delegation Editing Delegations
Delegating Management of an RODC Demo - NTDS
Module 4 Review
Module 5 - Maintaining Security for Active Directory Servers
Maintaining Security for Active Directory Servers 1h
Lesson 1: Server Hardening Techniques Manual Hardening Techniques
Applying Security Templates
Server Organizational Unit Placement ACL Deployment via Group Policy Group Policy Device Restrictions
Lesson 2: Using the MBSA to Discover and Remove Security Holes Overview of MBSA
Managing Windows Server 2008 Updates Proper Hardening Procedures
Lesson 3: Using Fine-Grained Password Policies to Simplify Network Organization Password Policies in Windows Server 2003
Overview of Implementing Fine-Grained Password Policies Password Policy Defaults
Managing Effective Passwords Lesson 4: Planning Security Auditing New AD DS Auditing Capabilities Using AUDITPOL.EXE
Lesson 5: Enhancing Physical Security RODC and Physical Security
RODC and Cached Credentials
Physical Security for Writeable Domain Controllers Physical Security for Backups
Demo - MBSA Module 5 Review
Module 6 - Managing Active Directory Service Roles
Managing Active Directory Service Roles 46m
Overview of the New Restricted Enrollment Agent Using the New Enterprise PKI Console (PKIView)
Group Policy Settings for Certificate Services in Windows Server 2008 Lesson 2: Implementing AD LDS
How AD LDS Differs from AD DS Managing an AD LDS Instance Lesson 3: Overview of AD FS AD FS Refresher
AD FS Management Console
Defining Web-Based Single Sign-On Mode Overview of AD FS Dependent Services New Import/Export Capabilities
Lesson 4: Overview of AD RMS AD RMS Refresher
New Administrative Groups
Overview of AD RMS Dependent Services Demo - LDS
Module 6 Review Course Closure