Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services
Course Number: 6425B
Course Length: 5 Days
Course Overview
This five-day course provides to teach Active Directory Technology Specialists with the
knowledge and skills to configure Active Directory Domain Services in a distributed
environment, implement Group Policies, perform backup and restore, and monitor and
troubleshoot Active Directory related issues.
Prerequisites
Before attending this course, students must have:
Basic understanding of networking.
Intermediate understanding of network operating systems.
An awareness of security best practices.
Basic knowledge of server hardware.
Some experience creating objects in Active Directory.
Foundation course (6424) or equivalent knowledge.
Basic concepts of backup and recovery in a Windows Server Environment.
Audience
The primary audience for this course are AD Technology Specialists, Server Administrators, and
Enterprise Administrators who want to learn how to implement AD in a distributed environment,
secure domains using Group Policies, and perform backup, restore, and monitor and troubleshoot
AD configuration to ensure trouble free operation.
Course
Outline
Course Introduction 5 m
Module 01 - Introducing Active Directory Domain Services (AD DS) 1h 35m Lesson: Introducing Active Directory, Identity, and Access
Information Protection in a Nutshell Identity and Access (IDA)
Authentication and Authorization Authentication
Access Tokens
Security Descriptors, ACLs and ACEs Authorization
Active Directory, Identity, and Access
Lesson: Active Directory Components and Concepts Active Directory as a Database
Demo - Active Directory Schema Organizational Units
Policy-Based Management The Active Directory Data Store Domain Controllers Domain Replication Sites Tree Forest
The Global Catalog Functional Level
DNS and Application Partitions Trust Relationships
Lesson: Install Active Directory Domain Services Install Windows Server 2008
Server Manager and Role-Based Configuration of Windows Server 2008 Prepare to Create a New Forest with Windows Server 2008
Install and Configure a Domain Controller
Lesson: Extend IDA with Active Directory Services Active Directory Lightweight Directory Services (AD LDS) Active Directory Certificate Services (AD CS)
Active Directory Rights Management Services (AD RMS) Active Directory Federation Services (AD FS)
Module 01 Review
Module 02 - Secure and Efficient Administration of Active Directory 1h 32m
Lesson: Work with Active Directory Snap-ins The MMC Console
Active Directory Administration Snap-ins Find Active Directory Snap-ins
Demo - Basic Administration with Active Directory Users and Computers Lesson: Custom Consoles and Least Privilege
Demo - Create a Custom MMC Console for Administering Active Directory
Secure Administration with Least Privilege, Run As Administrator, and User Account Control Demo - Secure Administration with User Account Control and Run As Administrator Demo - “Super Consoles”
Demo - Administrator's Launch Pad Lesson: Find Objects in Active Directory Find Objects in Active Directory
Demo - Use the Select Users, Contacts, Computers, or Groups Dialog Box Options for Locating Objects in Active Directory Users and Computers Demo - Control the View of Objects in Active Directory Users and Computers Demo - Use the Find Command
Determine Where an Object is Located Demo - Use Saved Queries
DNs, RDNs, and CNs The DS Commands Find Objects with DSQuery
Retrieve Object Attributes with DSGet Pipe DNs to Other DS Commands Modify Object Attributes with DSMod Delete an Object with DSRm
Move an Object with DSMove Add an Object with DSAdd Administration without the GUI Module 02 Review
Module 03 - Manage Users 1h 10m
Lesson: Create and Administer User Accounts User Account
Demo - Create a User Object Create Users with DSAdd Name Attributes
Rename a User Account Account Attributes Reset a User’s Password Unlock a User Account
Disable and Enable a User Account Delete a User Account
Move a User Account
Lesson: Configure User Object Attributes Demo - A Tour of User Attributes
View All Attributes
Modify Attributes of Multiple Users
Manage User Attributes with DSMod and DSGet Demo - Create Users with Templates
Create Users with Templates
Lesson: Automate User Account Creation Export Users with CSVDE
Import Users with CSVDE Import Users with LDIFDE Module 03 Review
Module 04 - Manage Groups 1h 14m
Lesson: Manage an Enterprise with Groups Demo - Create a Group Object
Access Management without Groups Groups Add Manageability
Groups Add Scalability
One Type of Group is Not Enough
Role-Based Management: Role Groups and Rule Groups Define Group Naming Conventions
Domain Local Groups Global Groups Universal Groups
Group Scope Possibilities Summarized Manage Group Membership
Develop a Group Management Strategy (IGDLA)
Role-Based Management and Windows Group Management Strategy Lesson: Administer Groups
Create Groups with DSAdd Import Groups with CSVDE Import Groups with LDIFDE Convert Group Type and Scope
Modify Group Membership with DSMod Modify Group Membership with LDIFDE Retrieve Group Membership with DSGet Copy Group Membership
Move and Rename Groups Delete Groups
Lesson: Best Practices for Group Management Best Practices for Group Documentation Protect Groups from Accidental Deletion
Delegate Membership Management with the Managed By Tab Default Groups
Special Identities Module 04 Review
Module 05 - Support Computer Accounts 35m
Lesson: Create Computers and Join the Domain Workgroups, Domains, and Trusts
Requirements for Joining a Computer to the Domain The Computer’s Container and Organizational Units (OUs) Prestage a Computer Account
Join a Computer to the Domain Secure Computer Creation and Joins Automate Computer Account Creation Import Computers with CSVDE Import Computers with LDIFDE Create Computers with DSAdd
Create and Join Computers with NetDom
Lesson: Administer Computer Objects and Accounts Configure Computer Attributes
Move a Computer
Computer Account and Secure Channel Recognize Computer Account Problems Reset a Computer Account
Rename a Computer
Module 06 - Implement a Group Policy Infrastructure 1h 48m Lesson: Understand Group Policy
What is Configuration Management? Policy Settings (Also Known as Policies) Group Policy Objects
GPO Scope
Group Policy Client and Client-Side Extensions Group Policy Refresh
Resultant Set of Policy
Review and Discuss the Components of Group Policy Lesson: Implement GPOs
Local GPOs Domain-Based GPOs
Demo - Create, Link, and Edit GPOs GPO Storage
Demo - Policy Settings
Lesson: A Deeper Look at Settings and GPOs Registry Policies in the Administrative Templates Node Managed Settings, Unmanaged Settings, and Preferences Administrative Templates
The Central Store
Demo - Work with Settings and GPOs Manage GPOs and Their Settings Lesson: Manage Group Policy Scope GPO Links
GPO Inheritance and Precedence Group Policy Processing Order
Use Security Filtering to Modify GPO Scope WMI Filters
Enable or Disable GPOs and GPO Nodes Target Preferences
Loopback Policy Processing Lesson: Group Policy Processing
A Detailed Review of Group Policy Processing Slow Links and Disconnected Systems Understand When Settings Take Effect Lesson: Troubleshoot Policy Application Resultant Set of Policy
Generate RSoP Reports
Perform What-If Analyses with the Group Policy Modeling Wizard Examine Policy Event Logs
Module 06 Review
Module 07 - Manage Enterprise Security and Configuration with Group Policy Settings 1h
Lesson: Delegate the Support of Computers Understand Restricted Groups Policies
Lesson: Manage Security Settings What is Security Policy Management? Configure the Local Security Policy
Manage Security Configuration with Security Templates Demo - Create and Deploy Security Templates
Use Security Configuration and Analysis The Security Configuration Wizard Settings, Templates, Policies, and GPOs Lesson: Manage Software with GPSI
Understand Group Policy Software Installation (GPSI) Demo - Create a Software Distribution Point
Create and Scope a Software Deployment GPO Maintain Software Deployed with GPSI GPSI and Slow Links
Lesson: Auditing
An Overview of Audit Policies
Specify Auditing Settings on a File or Folder Enable Audit Policy
Evaluate Events in the Security Log Module 07 Review
Module 08 - Secure Administration 36m
Lesson: Delegate Administrative Permissions Understand Delegation
View the ACL of an Active Directory Object
Property Permissions, Property Sets, Control Access Rights, and Object Permissions Demo - Assign a Permission by Using the Advanced Security Settings Dialog Box Understand and Manage Permissions with Inheritance
Demo - Delegate Administrative Tasks with the Delegation Of Control Wizard Report and View Permissions
Remove or Reset Permissions on an Object Understand Effective Permissions
Design an OU Structure to Support Delegation Lesson: Audit Active Directory Administration Enable Audit Policy
Specify Auditing Settings for Directory Service Changes View Audited Events in the Security Log
Module 08 Review
Module 09 - Improve the Security of Authentication in an AD DS Domain 1h 3m
Lesson: Configure Password and Lockout Policies Understand Password Policies
Understand Account Lockout Policies
Configure the Domain Password and Lockout Policy Demo - Configure Domain Account Policies Fine-Grained Password and Lockout Policy Understand Password Settings Objects (PSOs) Demo - Configure Fine-Grained Password Policy PSO Precedence and Resultant PSO
Account Logon and Logon Events
Configure Authentication-Related Audit Policies Scoping Audit Policies
View Logon Events
Lesson: Configure Read-Only Domain Controllers
Authentication and Domain Controller Placement in a Branch Office Read-Only Domain Controllers
Deploy an RODC
Demo - Password Replication Policy
Demo - Administer RODC Credentials Caching Administrative Role Separation
Module 09 Review
Module 10 - Configure Domain Name System (DNS) 1h 20m
Lesson: Review of DNS Concepts, Components, and Processes Why DNS?
The DNS Hierarchy Zones
Resource Records (RRs) Resource Record Management Zone Replication
Subdomains
Placing DNS Servers and Zones DNS Client (Resolver) Query to DNS Server DNS Server Resolution Recursion
Lesson: Install and Configure DNS in an AD DS Domain Install and Manage the DNS Server Role
Create a Zone
Create a Zone: Dynamic Update Create Resource Records
Configure Redundant DNS Servers Configure Forwarders
Client Configuration
Lesson: AD DS, DNS, and Windows AD DS, DNS, and Windows
Integrate AD DS and the DNS Namespace Split-Brain DNS
Create a Delegation for an Active Directory Domain Active Directory–Integrated Zones
Application Partitions for DNS Zones DNS Application Partitions
Dynamic Updates Background Zone Loading Service Locator (SRV) Records
Demo - SRV Resource Records Registered by AD DS Domain Controllers Domain Controller Location
Lesson: Advanced DNS Configuration and Administration Resolving Single-Label Names
Resolve Names Outside Your Domain Reverse Lookup Zone
DNS Server and Zone Maintenance Test and Troubleshoot DNS Server Test and Troubleshoot DNS Client Module 10 Review
Module 11 - Administer Active Directory Domain Services (AD DS) Domain Controllers (DCs) 45m
Lesson: Domain Controller Installation Options Install a DC with the Windows Interface
Unattended Installation Options and Answer Files Install a New Windows Server 2008 Forest
Prepare an Existing Domain for Windows Server 2008 DCs Install an Additional DC in a Domain
Install a New Windows Server 2008 Child Domain Install a New Domain Tree in a Forest
Stage the Installation of an RODC
Attach a Server to a Prestaged RODC Account Install AD DS from Media
Remove a Domain Controller Lesson: Install a Server Core DC Understand Server Core
Install Server Core
Server Core Configuration Commands Lesson: Manage Operations Masters Understand Single Master Operations Operations Master Roles
Optimize the Placement of Operations Masters Identify Operations Masters
Transfer Operations Master Roles Seize Operations Master Roles
Lesson: Configure DFS-R Replication of SYSVOL Raise the Domain Functional Level
Understand Migration Stages
Migrate to DFS-R Replication of SYSVOL Module 11 Review
Module 12 - Manage Sites and Active Directory Replication 53m
Lesson: Configure Sites and Subnets Understand Sites
Plan Sites Create Sites
Manage Domain Controllers in Sites Domain Controller Location: SRV Records Domain Controller Location: Client
Lesson: Configure the Global Catalog and Application Partitions Review Active Directory Partitions
Place Global Catalog Servers Configure a Global Catalog Server Universal Group Membership Caching Understand Application Directory Partitions Lesson: Configure Replication
Understand Active Directory Replication Intrasite Replication
Site Links
Replication Transport Protocols Bridgehead Servers
Site Link Transitivity and Bridges Control Intersite Replication Whiteboard: Replication Monitor and Manage Replication Module 12 Review
Module 13 - Directory Service Continuity 1h 13m
Lesson: Monitor Active Directory Understand Performance and Bottlenecks Task Manager
Resource Monitor Event Viewer Demo - Event Viewer Custom Views Subscriptions
Demo - Configure Custom Views
Windows Reliability and Performance Monitor (WRPM) Demo - Windows Reliability and Performance Monitor (WRPM) Reliability Monitor
Performance Monitor Data Collector Sets Demo - Monitor AD DS Monitoring Best Practices
Lesson: Manage the Active Directory Database Active Directory Database Files
How the Database Is Modified NTDSUtil
Perform Database Maintenance Demo - AD DS Database Maintenance Active Directory Snapshots
Restore Deleted Objects
Lesson: Back Up and Restore AD DS and Domain Controllers Backup and Recovery Tools
Overview of AD DS and Domain Controller Backup Demo - Backing Up AD DS
Module 14 - Manage Multiple Domains and Forests 40m Lesson: Configure Domain and Forest Functional Levels
Understand Functional Levels Domain Functional Levels Forest Functional Levels
Lesson: Manage Multiple Domains and Trust Relationships Define Your Forest and Domain Structure
Move Objects Between Domains and Forests Understand Trust Relationships
Characteristics of Trust Relationships How Trusts Work Within a Forest Demo - Create a Trust
Shortcut Trusts
External Trusts and Realm Trusts Forest Trusts
Administer Trust Relationships Domain Quarantine
Resource Access for Users from Trusted Domains Module 14 Review
Course Closure
