Module 6 – Active Directory
Module 6 discusses using Active Directory roles; using RODC to access read-only partitions of an Active Directory database, adding Certificate Services role services, managing GPOs, managing software distribution, and configuring password policies
Section 6.1: Active Directory
Summary
This section examines using the following Active Directory roles: • Active Directory Domain Services (AD DS)
• Active Directory Lightweight Directory Service (AD LDS) • Active Directory Certificate Services (AD CS)
• Active Directory Federation Services (AD FS)
• Active Directory Rights Management Service (AD RMS) Students will learn how to:
• Add the Active Directory roles and role services.
Windows Server 2008 Server Administrator
• 103. Plan infrastructure services server roles.
Video/Demo Time
6.1.2 Installing AD DS 7:45Total Time: About 10 minutes
Section 6.2: RODC
Summary
This section provides information about using a read-only domain controller (RODC) on a domain that hosts read-only partitions of the Active Directory database. Concepts covered include:
• Features of RODCs:
o Administrator role separation o Unidirectional replication o Read-only data
Windows Server 2008 Server Administrator
• 103. Plan infrastructure services server roles.
Video/Demo Time
6.2.1 RODC 8:57Total Time: About 15 minutes
Section 6.3: Certificate Services
SummaryThis section provides an overview of certificate services. The following elements are discussed:
• Role services available when installing AD CS on a server: o Certification Authority
o Certification Authority Web Enrollment o Online Responder
o Network Device Enrollment Service (NDES)
o Certificate Enrollment Web Service and Certificate Enrollment Policy Web Service
• Additional features available through Active Directory Certificate Services: o Certificate templates
o Autoenrollment o Web enrollment o Credential roaming
o Certificate enrollment across forests o High-volume CA support o Delta CRLs • CA Hierarchy role: o Root o Subordinate • CA Type o Enterprise o Standalone o Third-party • CA Access o Online o Offline
• PKI infrastructure designs:
o Offline standalone root CA with online enterprise subordinate CAs o Internal PKI for internal certificates and a third-party CA for external
• Certificate templates version numbers: o Version 1 templates
o Version 2 templates o Version 3 templates • Safeguarding CAs
Students will learn how to:
• Add Certificate Services role services to meet the network requirements. • Configure a CA to support an online responder.
Windows Server 2008 Server Administrator
• 103. Plan infrastructure services server roles.
Video/Demo Time
6.3.1 AD CS 9:05
6.3.3 Installing Certificate Services 3:11
6.3.6 Configuring an Online Responder 3:11Total 15:27
Lab/Activity
•
Add Role Services for AD CS 1 •
Add Role Services for AD CS 2
Number of Exam Questions: 6 questions Total Time: About 40 minutesSection 6.4: Group Policy
SummaryIn this section students will learn about managing GPOs. Details include: • GPO inheritance
• Methods to customize how GPO settings are applied: o Block Inheritance
o Disabling a GPO link
o Disabling a part of the GPO o GPO Permissions
o WMI Filtering
• Methods to use templates when creating new GPOs: o Security Templates
o Administrative Templates o Starter GPO
o GPO copy or import Students will learn how to:
• Create, link, and edit GPOs.
• Block GPO inheritance and enforce GPOs.
• Control GPO application using permissions, WMI filtering, and loopback processing.
• Enable the Administrative Template central store and create a starter GPO.
Windows Server 2008 Server Administrator
• 203. Plan and implement group policy strategy.
Video/Demo Time
6.4.1 Group Policy 9:03
6.4.2 Managing GPOs 5:06
6.4.7 Templates 5:44 Total 19:53 Lab/Activity•
Modify GPO Links•
Control GPO Inheritance •
Configure GPO Permissions •
Create a Starter GPO
Number of Exam Questions: 13 questions Total Time: About 60 minutesSection 6.5: Software Distribution
SummaryThis section discusses managing software distribution. Concepts covered include: • The steps in software deployment lifecycle:
o Plan o Deploy
o Remove
• Comparison of configuration options for assigning or publishing software for both users and computers:
o Install automatically with file extension activation o Install automatically at logon
o Install or uninstall through Add/Remove Programs o Uninstall when out of the scope of management o Add/Remove Programs categories
o Use for upgrading existing installations
Windows Server 2008 Server Administrator
• 203. Plan and implement group policy strategy. • 301. Implement patch management strategy. • 401. Provision applications.
Number of Exam Questions: 4 questions Total Time: About 10 minutesSection 6.6: Password Policies
SummaryThis section examines password policies. Details include: • Methods of setting password policies:
o Account policies
o Granular password policy Students will learn how to:
• Configure password policies for groups of users who need policies different from the domain password policies.
Windows Server 2008 Server Administrator
• 303. Monitor and maintain security and policies.
Video/Demo Time
6.6.1 Fine-grained Password Policies 4:52Total 15:00