Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services
Course Number: 6425C
Course Length: 5 Days
Course Overview
This five-day course provides in-depth training on implementing, configuring, managing and
troubleshooting Active Directory Domain Services (AD DS) in Windows Server 2008 and
Windows Server 2008 R2 environments. It covers core AD DS concepts and functionality as
well as implementing Group Policies, performing backup and restore and monitoring and
troubleshooting Active Directory related issues. After completing this course students will be
able to configure AD DS in their Windows Server 2008 and Windows server 2008 R2
environments.
Prerequisites
Before attending this course, students must have:
Basic understanding of networking
Intermediate understanding of network operating systems
An awareness of security best practices
Basic knowledge of server hardware
Some experience creating objects in Active Directory
Basic concepts of backup and recovery in a Windows Server environment
A good knowledge of Windows Client operating systems such as Windows Vista or
Windows 7
Audience
This course is intended for Active Directory Technology Specialists, Server and Enterprise
Administrators who want to learn how to implement Active Directory Domain Services in
Windows Server 2008 and Windows Server 2008 R2 environments. Those attending would
be interested in learning how to secure domains by using Group Policies, back up, restore,
monitor, and troubleshoot configuration to ensure trouble-free operation of Active Directory
Domain Services.
Course
Outline
Course Introduction 3m Course Introduction
Module 01 - Introducing Active Directory Domain Services 1hr 45m Lesson 1: Overview of Active Directory, Identity, and Access
Authentication and Authorization Authentication
Access Tokens
Security Descriptors, ACLs and ACEs Authorization
Stand-Alone (Workgroup) Authentication Active Directory Domains: Trusted Identity Store Active Directory, Identity, and Access
Active Directory IDA Services
Lesson 2: Active Directory Components and Concepts Active Directory as a Database
Active Directory Data Store Domain Controllers
Demo - Active Directory Schema Organizational Units Domain Forest Tree Replication Sites Global Catalog Functional Levels
DNS and Application Partitions Trust Relationships
Lesson 3: Install Active Directory Domain Services Install and Configure a Domain Controller
Prepare to Create a New Forest with Windows Server 2008 R2 Lab Demonstration - Install an AD DS Domain Controller Module 01 Review
Module 02 - Administering Active Directory Securely and Efficiently 1hr 30m Lesson 1: Work with Active Directory Administration Tools
Active Directory Administration Snap-Ins
What Is the Active Directory Administrative Center? Find Active Directory Administration Tools
Demo - Perform Administrative Tasks by Using Active Directory Administration Tools Lesson 2: Custom Consoles and Least Privilege
Demo - Create a Custom MMC Console for Administering Active Directory
Secure Administration with Least Privilege, Run As Administrator, and User Account Control Demo - Secure Administration with User Account Control and Run As Administrator Lesson 3: Find Objects in Active Directory
Scenarios for Finding Objects in Active Directory
Demo - Use the Select Users, Contacts, Computers, Service Accounts or Groups Dialog Box Options for Locating Objects
Demo - Use the Find Command Determine Where an Object is Located Demo - Use Saved Queries
Demo - Find Objects by Using Active Directory Administrative Center Lesson 4: Use Windows PowerShell to Administer Active Directory What Is Windows PowerShell?
Installation Requirements for Windows PowerShell 2.0 Overview of the Windows PowerShell Syntax
Windows PowerShell Cmdlets for Active Directory
Demo - Manage Users and Groups by Using Windows PowerShell Module 02 Review
Module 03 - Managing Users and Service Accounts 33m Lesson 1: Create and Administer User Accounts
User Account
Create Users with PowerShell Demo - Create a User Object Name Attributes
Account Attributes User Account Management
Lesson 2: Configure User Object Attributes View All Attributes
Modify Attributes of Multiple Users Modify User Attributes by Using PowerShell Create Users with Templates
Lesson 3: Automate User Account Creation Export Users with CSVDE
Import Users with CSVDE Import Users with LDIFDE
Import Users with Windows PowerShell
Lesson 4: Create and Configure Managed Service Accounts Challenges of Using Standard User Accounts for Services What Is a Managed Service Account?
Configure and Administer Managed Service Accounts Module 03 Review
Module 04 - Managing Groups 54m Lesson 1: Overview of Groups
Role-Based Management: Role Groups and Rule Groups Define Group Naming Conventions
Universal Groups
Summary of Group Scope Possibilities Develop a Group Management Strategy Default Groups
Special Identities
Lesson 2: Administer Groups Tools for Group Management Demo - Create a Group Object Manage Group Membership Convert Group Type and Scope Copy Group Membership Delete Groups
Lesson 3: Best Practices for Group Management Best Practices for Documenting Groups
Protect Groups from Accidental Deletion
Delegate Membership Management with the Managed By Tab Module 04 Review
Module 05 - Managing Computer Accounts 51m Lesson 1: Create Computers and Join the Domain
Workgroups, Domains, and Trusts
Requirements for Joining a Computer to the Domain The Computer’s Container and Organizational Units Prestage a Computer Account
Join a Computer to the Domain Secure Computer Creation and Joins Automate Computer Account Creation Import Computers with CSVDE Import Computers with LDIFDE
Create Computer Accounts with DSAdd and PowerShell Create and Join Computers with NetDom
Lesson 2: Administer Computer Objects and Accounts Configure Computer Attributes
Move a Computer
Computer Account and Secure Channel Recognize Computer Account Problems Reset a Computer Account
Rename a Computer
Disable and Enable a Computer Delete and Recycle Computer Accounts Lesson 3: Offline Domain Join What Is an Offline Domain Join?
Module 06 - Implementing a Group Policy Infrastructure 1hr 12m Lesson 1: Understand Group Policy
What Is Configuration Management? Overview of Policies
Benefits of Using Group Policy Group Policy Objects
GPO Scope
Group Policy Client and Client-Side Extensions Group Policy Refresh
Review the Components of Group Policy Lesson 2: Implement GPOs
Local GPOs Domain-Based GPOs
Demo - Create, Link, and Edit GPOs GPO Storage
Manage GPOs and Their Settings Lesson 3: Manage Group Policy Scope GPO Links
Group Policy Processing Order GPO Inheritance and Precedence
Use Security Filtering to Modify GPO Scope WMI Filters
Enable or Disable GPOs and GPO Nodes Target Preferences
Loopback Policy Processing Lesson 4: Group Policy Processing Detailed Review of Group Policy Processing Slow Links and Disconnected Systems Identify When Settings Take Effect
Lesson 5: Troubleshoot Policy Application Resultant Set of Policy
Generate RSoP Reports
Perform What-If Analyses with the Group Policy Modeling Wizard Examine Policy Event Logs
Module 06 Review
Module 07 - Managing User Desktop with Group Policy 54m Lesson 1: Implement Administrative Templates
What Are Administrative Templates? How Administrative Templates Work
Managed Settings, Unmanaged Settings, and Preferences Central Store
Demo - Work with Settings and GPOs
What Are Group Policy Preferences?
Differences Between Group Policy Preferences and Settings Demo - Configure Group Policy Preferences
Lesson 3: Manage Software with GPSI Understand GPSI
Software Deployment Options
Demo - Create a Software Distribution Point Create and Scope a Software Deployment GPO Maintain Software Deployed with GPSI GPSI and Slow Links
Module 07 Review
Module 08 - Managing Enterprise Security and 46m Configuration with Group Policy Settings
Lesson 1: Manage Group Membership by Using Group Policy Settings What Are Restricted Groups?
Demo - Delegate Administration by Using Restricted Groups Policies Define Group Membership with Group Policy Preferences
Lesson 2: Manage Security Settings What Is Security Policy Management? Configure the Local Security Policy
Manage Security Configuration with Security Templates Demo - Create and Deploy Security Templates
Security Configuration Wizard Settings, Templates, Policies, and GPOs Lesson 3: Auditing
Overview of Audit Policies
Specify Auditing Settings on a File or a Folder Enable Audit Policy
Evaluate Events in the Security Log
Lesson 4: Software Restriction Policy and Applocker What Is a Software Restriction Policy?
Overview of Application Control Policies
Compare Applocker and Software Restriction Policies Demo - How to Configure Application Control Policies Module 08 Review
Module 09 - Securing Administration 40m Lesson 1: Delegate Administrative Permissions
Understand Delegation
View the ACL of an Active Directory Object
Property Permissions, Property Sets, Control Access Rights and Object Permissions Demo - Assign a Permission by Using the Advanced Security Settings Dialog Box Understand and Manage Permissions with Inheritance
Report and View Permissions
Remove or Reset Permissions on an Object Understand Effective Permissions
Design an OU Structure to Support Delegation Lesson 2: Audit Active Directory Administration Enable Audit Policy
Specify Auditing Settings for Directory Service Changes View Audited Events in the Security Log
Advanced Audit Policies Global Object Access Auditing Reason for Access Reporting Demo - Advanced Audit Policies Module 09 Review
Module 10 - Improving the Security of 1hr 8m Authentication in an AD DS Domain
Lesson 1: Configure Password and Lockout Policies Understand Password Policies
Understand Account Lockout Policies
Configure the Domain Password and Lockout Policy Demo - Configure Domain Account Policies Fine-Grained Password and Lockout Policy Understand Password Settings Objects
Demo - Configure Fine-Grained Password Policy PSO Precedence and Resultant PSO
Lesson 2: Audit Authentication Account Logon and Logon Events
Configure Authentication-Related Audit Policies Scoping Audit Policies
View Logon Events
Lesson 3: Configure Read-Only Domain Controllers
Authentication and Domain Controller Placement in a Branch Office What Are Read-Only Domain Controllers?
Prerequisites for Deploying an RODC Installing an RODC
Demo - Configure a Password Replication Policy Demo - Administer RODC Credentials Caching Administrative Role Separation
Module 10 Review
Module 11 - Configuring Domain Name System 1hr 15m Lesson 1: Install and Configure DNS in an AD DS Domain
Install and Manage the DNS Server Role Create a Zone
Configure Redundant DNS Servers Configure Forwarders
Client Configuration
Lesson 2: Integration of AD DS, DNS, and Windows Integrate AD DS and the DNS Namespace
Split-Brain DNS
Create a Delegation for an Active Directory Domain Active Directory–Integrated Zones
Application Partitions for DNS Zones DNS Application Partitions
Dynamic Updates Background Zone Loading Service Locator Records
Demo - SRV Resource Records Registered by AD DS Domain Controllers Domain Controller Location
Read-Only DNS Zones
Lesson 3: Advanced DNS Configuration and Administration Resolving Single-Label Names
Resolve Names Outside Your Domain DNS Server and Zone Maintenance
Test and Troubleshoot DNS Server and Client DNS Enhancements in Windows Server 2008 R2 Module 11 Review
Module 12 - Administering AD DS Domain Controllers 1hr 4m Lesson 1: Domain Controller Installation Options
Install a Domain Controller by Using the Windows Interface Unattended Installation Options and Answer Files
Install a New Windows Server 2008 Forest
Prepare an Existing Domain for Windows Server 2008 Domain Controllers Options for Installing Domain Controllers in a Domain
Stage the Installation of a RODC
Attach a Server to a Prestages RODC Account Install AD DS from Media
Remove a Domain Controller
Lab Demonstration - Install Domain Controllers Lesson 2: Install a Server Core Domain Controller Understand Server Core
Install Server Core
Server Core Configuration Commands
Lab Demonstration - Install a Server Core Domain Controller Lesson 3: Manage Operations Masters
Understand Single Master Operations Operations Master Roles
Identify Operations Masters Transfer Operations Master Roles Seize Operations Master Roles Lesson 4: Configure Global Catalog Understand the Global Catalog Global Catalog Servers Placement Configure a Global Catalog Server Universal Group Membership Caching
Lesson 5: Configure DFS-R Replication of SYSVOL Raise the Domain Functional Level
Understand Migration Stages
Migrate to DFS-R Replication of SYSVOL Module 12 Review
Module 13 - Managing Sites and Active Directory Replication 45m Lesson 1: Configure Sites and Subnets
Understand Sites Plant Sites Create Sites
Manage Domain Controllers in Sites SRV Records for Domain Controller How Client Locates Domain Controller
Lab Demonstration - Configure Sites and Subnets Lesson 2: Configure Replication
Understand Active Directory Replication Intrasite Replication
Site Links
Replication Transport Protocols Bridgehead Servers
Site Link Transitivity and Bridges Control Intersite Replication Whiteboard: Replication Monitor and Manage Replication
Lab Demonstration - Configure Replication Module 13 Review
Module 14 - Directory Service Continuity 57m Lesson 1: Monitor Active Directory
Understand Performance and Bottlenecks Monitoring Tools Overview
Performance Monitor Data Collector Sets Demo - Monitor AD DS Monitoring Best Practices
Demo - Using Active Directory Best Practices Analyzer Lesson 2: Manage the Active Directory Database Active Directory Database Files
How the Database Is Modified NTDSUtil
Restartable Active Directory Domain Services Perform Database Maintenance
Demo - AD DS Database Maintenance Active Directory Snapshots
Restore Deleted Objects
Lesson 3: Active Directory Recycle Bin Delete and Restore objects from Active Directory What Is Active Directory Recycle Bin?
Active Directory Recycle Bin Requirements
Lesson 4: Back Up and Restore AD DS and Domain Controllers Backup and Recovery Tools
Overview of AD DS and Domain Controller Backup Demo - Backing Up AD DS
Additional Backup and Recovery Tools Active Directory Restore Options Nonauthoritative Restore Authoritative Restore Module 14 Review
Module 15 - Managing Multiple Domains and Forests 52m Lesson 1: Configure Domain and Forest Functional Levels
Understand Functional Levels Domain Functional Levels Forest Functional Levels
Lesson 2: Manage Multiple Domains and Trust Relationships Define Your Forest and Domain Structure
Understand Trust Relationships Characteristics of Trust Relationships How Trusts Work Within a Forest Demo - Create a Trust
Shortcut Trusts
External Trusts and Realm Trusts Forest Trusts
Administer Trust Relationships Domain Quarantine
Resource Access for Users from Trusted Domains Lesson 3: Move Objects Between Domains and Forests Considerations for Moving Objects Between Domains and Forests What Is the Active Directory Migration Tool?
Module 15 Review Course Closure
