Designing a Windows Server 2008 Active Directory Infrastructure and Services

(1)

1

Pólo Tecnológico de Lisboa, Lote 6, 2B Θ 1600-546 Lisboa Θ Tel: +351 217 158 018 Θ Fax: +351 217 147 020

www.actualtraining.pt

Document Version: 13-04-2016 11:01:07

Designing a Windows Server 2008 Active Directory Infrastructure and

Services

Course M6436B 5 Day(s) – 30:00 Hours

Introduction

During this five-day course, students will learn how to design an Active Directory infrastructure in the Windows Server 2008 and Windows Server 2008 R2 operating systems. Students will learn how to design Active Directory forests, domain

infrastructure, sites and replication, administrative structures, Group Policy, and Public Key Infrastructures. Students will also learn how to design for security, high availability, disaste r recovery, and migrations.

Audience

This course is intended for IT professionals who want to gain professional job role skills to help them design the

infrastructure for Active Directory for Windows Server 2008 and Windows Server 2008 R2 as an Enterprise Administra tor. This course is also intended for IT professionals who have been working as Enterprise Administrators on previous versions of Windows Server and who want to update their skills to Windows Server 2008 and Windows Server 2008 R2. Students might already be, or have been, Server Administrators making planning and design decisions at a server level who want to gain skills and knowledge they need to transition to enterprise -level design decisions.

At Course Completion

After completing this course, students will be able to:

• Understand the basic principles and considerations in an Active Directory design • Create a design for the AD DS forest and forest trust deployment.

• Design an AD DS domain and DNS integration design. • Design AD DS sites and AD DS replication.

• Create an AD DS domain controller deployment plan.

• Create an AD DS domain administration design and partially implement the design. • Create an AD DS Group Policy design and implement some components of that design. • Design and implement AD DS security policies that meet security requirements. • Design and implement a PKI deployment using Active Directory Certificate Services. • Design an AD RMS solution and deploy RMS services for internal users.

• Create and implement an AD LDS design.

• Design an Active Directory Federation Services Infrastructure • Design Active Directory Domain Services Transitions.

Prerequisites

In addition to their professional experience, students who attend this training should already have the following technical knowledge:

• System administrator–level working knowledge.

• Up to one year of experience implementing server plans.

• Knowledge of client operating system equivalent to the following certifications is beneficial: o Exam 70-680: TS: Windows 7, Configuration

Or

(2)

2

Students can meet the prerequisites by attending the following courses or by obtaining equivalent knowledge and skills: • 6425: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services

• 6426: Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory • 6433: Planning and Implementing Windows Server 2008 Servers

Certification exams

Course Outline

Module 1: Overview of Active Directory Design

The critical functionality that the Active Directory services provide means that you should design your Active Directory infrastructure to meet your organization’s unique requirements. This module provides an overview of the information that you must gather to prepare for an Active Directory deployment, and pro vides an overview of the steps that you would use as you create an Active Directory design. It covers the basic principles and considerations you need to take on board in an Active Directory design with Windows Server 2008 and Windows Server 2008 environme nts.

Lessons

• Preparing For Active Directory Design

• Designing the Infrastructure for the Internal AD DS • Extending the Active Directory Design

Lab : Exploring a Business Scenario and Requirements • Exploring the Required Business Scenario

• Exploring Additional Scenarios for Active Directory Designs After completing this module, students will be able to:

• Prepare for Active Directory design. • Design the internal AD DS infrastructure. • Extend the Active Directory design.

Module 2: Designing an Active Directory Domain Services Forest Infrastructure

In this module, you will learn about forest design concepts as well as about forest trusts, the AD DS schema, and the Windows Time Service in Windows Server 2008 and Windows Server 2008 R2 environments.

Lessons

• Designing an AD DS Forest • Designing AD DS Forest Trusts • Planning for AD DS Schema Changes

• Designing a Windows Time Service Deployment Lab : Designing an AD DS Forest Infrastructure

• Design an AD DS Forest

• Create and Implement Forest Trusts

After completing this module, students will be able to: • Design an AD DS forest.

• Design AD DS forest trusts.

• Plan for changes to the AD DS schema.

• Design a deployment of the Windows Time service. Module 3: Designing an AD DS Domain Infrastructure

(3)

3

infrastructure. To do this, you first need to decide on the AD DS domain design model and the placement and deployment of domain controllers, based on your organizational needs. After designing the AD DS domain, you then integrate the internal and external DNS namespaces with the AD DS domain by using Domain Name System (DNS) servers. If your design consists of multiple domains, you can create domain trusts to enable easy and reliable communication from one domain to another. You need to choose the right type of domain trust, based on your organizational needs.

In this module, you will learn about designing AD DS domains, DNS, and domain trus ts in Windows Server 2008 and Windows Server 2008 R2.

Lessons

• Designing AD DS Domains

• Designing DNS Namespaces in an AD DS Environment • Designing AD DS Domain Trusts

Lab : Designing an AD DS Domain Infrastructure • Designing and Implementing AD DS Domains • Designing and Implementing DNS Integration • Designing and Implementing Domain Trusts After completing this module, students will be able to • Design AD DS domains.

• Design DNS namespaces in an AD DS environment. • Design AD DS domain trusts.

Module 4: Designing AD DS Sites and Replication

You should design the site topology for the network after you design the logical structure of the AD DS infrastructure in you r organization. The site topology is a logical representation of the physical netwo rk. You use the site topology to manage replication and logon network traffic, among other things. When you create the site design, include information about the location of the AD DS sites, the AD DS domain controllers within each site, and the site links and site-link bridges that support AD DS replication between sites. Windows Server 2008 and Windows Server 2008 R2 uses site information for many purposes, including routing replication, client affinity, system volume (SYSVOL) replication, Distributed Fil e System

namespaces, and service locations.

In this module, you will learn how to design a distributed directory service that supports domain controllers that are in portions of your network that are separated by expensive, slow, or unreliable links.

Lessons

• Designing AD DS Sites • Designing AD DS Replication Lab : Designing AD DS Sites and Replication • Designing and Implementing AD DS Sites • Designing and Implementing AD DS Replication After completing this module, students will be able to: • Design AD DS sites.

• Design AD DS replication.

Module 5: Designing AD DS Domain Controllers

This module explains how to design an AD DS domain controller deployment. Lessons

(4)

4

• Designing Domain Controllers as Virtual Machines • Designing Domain Controller Availability

Lab : Designing AD DS Domain Controllers

• Designing an AD DS Controller Deployment

• Designing and Implementing an RODC Deployment

After completing this module, students will be able to:

• Design domain controllers and domain controller placement. • Design read only domain controller deployments.

• Design domain controllers as virtual machines. • Design domain controller availability.

Module 6: Designing Active Directory Domain Services Domain Administration

You can use an AD DS domain to simplify the administration of your IT resources by creating a manageable structure that underlies a network infrastructure based on the Windows ope rating system.

To design the effective administration of an AD DS domain, you need to first assess the state of the configuration and administration of the AD DS environment. To determine the best design for your AD DS domain administration, first collect information about how your organization needs to administer the various resources in your AD DS domain environment. This information provides the basis on which you can design and build the AD DS domain structures that will enable the most effective AD DS domain administrative methods for your organization, such as organizational units, AD DS groups, and user and computer account objects.

Lessons

• Planning AD DS Administration Delegation • Designing Organizational Unit Structures • Designing an AD DS Group Strategy

• Planning for User and Computer Account Management Lab : Designing AD DS Domain Administration

• Creating and Implementing an Organizational Unit Design • Creating and Implementing an AD DS Group Design • Automating User and Group Management

After completing this module, students will be able to: • Plan for the delegation of AD DS administration. • Design the structure of organizational units. • Design an AD DS group strategy.

• Plan to manage user and computer accounts.

Module 7: Designing Active Directory Domain Services Group Policy

The AD DS Group Policy environment is the principal vehicle for configuration management in Windows Server 2008. An effective Group Policy design means a more standardized and easy -to-manage environment in which to perform all other administrative tasks.

This module introduces to the key concepts for designing Group Policy as they relate to planning, implementing. and managing Group Policy in AD DS.

Lessons

(5)

5

• Planning for Group Policy Management Lab : Designing AD DS Group Policy

• Designing and Implementing Group Policy Objects • Designing and Implementing the Group Policy Application

After completing this module, students will be able to: • Prepare for Group Policy design.

• Design Group Policy objects. • Design Group Policy processing. • Plan for Group Policy management. Module 8: Designing AD DS Security

One of the primary reasons to deploy a directory se rvice like AD DS is to provide security for the organization’s network. Managing secure access to network resources is critical to ensure that only properly authorized users can access the data and that only authorized administrators can make changes to the environment.

By ensuring that the AD DS deployment is secure, you can help ensure system stability and reliability, and you can minimize the number of successful attempts to jeopardize system security and integrity. This module provides the skills and

knowledge necessary to design AD DS security in Windows Server 2008 and Windows Server 2008 R2 environments Lessons

• Preparing to Design AD DS Security

• Designing AD DS Account and Password Policies • Designing AD DS Domain-Controller Security • Designing AD DS Administrator Security Lab : Designing and Implementing AD DS Security

• Designing and Implementing Security Policies for Accounts and Passwords • Designing and Implementing Administrative Security Policies

After completing this module, students will be able to: • Prepare and design AD DS security.

• Design AD DS account and password policies. • Design AD DS domain-controller security. • Design AD DS administrator security. Module 9: Designing a Public Key Infrastructure

This module explains how to design a public key infrastructure (PKI) deployment by using Active Directory Certificate Services (AD CS) in Windows Server 2008 and Windows Server 2008 R2.

Lessons

• Overview of PKI and Active Directory Certificate Services • Designing a Certification Authority Deployment

• Designing Certificate Templates

• Designing Certificate Distribution and Revocation Lab : Designing and Implementing a PKI Deployment

• Designing and Implementing a Certification Authority Hierarchy • Designing and Implementing AD CS Certificate Templates

• Designing and Implementing Certificate Enrollment and Revocation After completing this module, students will be able to:

(6)

6

• Design a CA deployment hierarchy in AD CS.

• Design a strategy for configuring and maintaining certificate templates. • Design a strategy for distributing and revoking certificates.

Module 10: Designing an AD RMS Infrastructure

This module explains how to design and implement a rights protection infrastruc ture by using Active Directory Rights Management Services (AD RMS).

Lessons

• AD RMS Overview

• Designing an AD RMS Deployment

• Designing External Access to AD RMS Services Lab : Designing and Deploying AD RMS

• Designing an AD RMS Deployment

• Implementing an Internal AD RMS Deployment • Verifying AD RMS Deployment

After completing this module, students will be able to: • Describe the AD RMS components and functionality. • Design an AD RMS deployment.

• Design an AD RMS deployment for external users. Module 11: Designing an AD LDS Infrastructure

This module explains how to design and implement an Active Directory Lightweight Directory Services (AD LDS) deployment in Windows Server 2008 and Windows Server 2008 R2

Lessons

• AD LDS Deployment Scenarios

• Designing an AD LDS Server Deployment • Designing AD LDS Replication

• Integrating AD LDS with AD DS

Lab : Designing and Implementing an AD LDS Infrastructure • Designing AD LDS Replication for Internal Applications • Designing AD LDS Replication for External Applications

• Designing Highly Available LDAP Services for Multiple Applications • Implementing an AD LDS Solution

• Describe the AD LDS functionality and deployment scenarios. • Design an AD LDS server deployment.

• Design an AD LDS replication topology. • Integrate AD LDS with AD DS.

Module 12: Designing an Active Directory Federation Services Infrastructure

This module explains how to design an implementation of Active Directory Federation Serv ices (AD FS) in Windows Server 2008 and Windows Server 2008 R2 environments.

Lessons

(7)

7

• Designing Active Directory Federation Services Claims and Applications Lab : Understanding the AD FS Federated Web SSO

• Reviewing the AD FS Deployment • Validating the AD FS Deployment

• Describe the AD FS components and the AD FS deployment scenarios. • Design the AD FS deployment.

• Design AD FS claims and applications. Module 13: Designing AD DS Transitions

This module explains how to design and implement AD DS upgrades and migrations in Windows Server 2008 and Windows Server 2008 R2 environments.

Lessons

• Choosing an AD DS Transition Strategy • Designing a Domain Upgrade Strategy • Designing a Domain Restructure Strategy • Designing AD DS Domain Renaming

Lab : Designing and Implementing an AD DS Domain Restructure • Designing an AD DS Domain Restructure

• Implementing an AD DS Domain Restructure After completing this module, students will be able to:

• Identify the best AD DS transition strategy based on the current environment and requirements. • Design and implement a domain upgrade.