Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
Cover Page
Title Page
Copyright Page
Introduction
Acknowledgments
About the Author
Contact the Author
Before You Begin
Lab Setup Guide
Host Computer Configuration
Server Configuration Details
ServerDC1
ServerDM1
ServerDM2
ServerSA1
Using an Evaluation Version of Windows Server 2016
Where to Go for Help
Chapter 1. Introducing Active Directory
Chapter Introduction
The Role of a Directory Service
Windows Active Directory
Overview of the Active Directory Structure
Active Directory’s Physical Structure
Active Directory’s Logical Structure
Installing Active Directory
Installing Additional Domain Controllers in a Domain
Installing a New Domain in an Existing Forest
Installing Active Directory in Server Core
Installing a DC with Install from Media
What’s Inside Active Directory?
The Active Directory Schema
Active Directory Container Objects
Organizational Units
Folder Objects
Domain Objects
Active Directory Leaf Objects
User Accounts
Groups
Computer Accounts
Other Leaf Objects
Recovering Objects with the Active Directory Recycle Bin
Locating Active Directory Objects
Working with Forests, Trees, and Domains
Active Directory Terminology
Active Directory Replication
Directory Partitions
Operations Master Roles
Using PowerShell to View FSMO Roles
Trust Relationships
The Role of Forests
The Importance of the Global Catalog Server
Forest Root Domain
Understanding Domains and Trees
Designing the Domain Structure
Introducing Group Policies
The Computer Configuration Node
The User Configuration Node
How Group Policies Are Applied
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 2. Managing OUs and Active Directory Accounts
Chapter Introduction
Working with Organizational Units
OU Delegation of Control
Active Directory Object Permissions
Permission Inheritance in OUs
Advanced Features Option in Active Directory Users and Computers
Managing User Accounts
Creating and Modifying User Accounts
Disabling User Accounts
Using User Templates
Modifying Multiple Users
Understanding Account Properties
The General Tab
The Account Tab
The Profile Tab
The Member Of Tab
Using Contacts and Distribution Groups
Managing Group Accounts
Group Types
Converting Group Type
Group Scope
Domain Local Groups
Global Groups
Universal Groups
Local Groups
Nesting Groups
Converting Group Scope
Default Groups in a Windows Domain
Default Groups in the Builtin Folder
Default Groups in the Users Folder
Special Identity Groups
Working with Computer Accounts
Creating Computer Accounts
Changing the Default Computer Account Location
Joining a Domain
Performing an Offline Domain Join
Managing Computer Accounts
Disabling Computer Accounts
Automating Account Management
Command-Line Tools for Managing Active Directory Objects
Piping Output
Bulk Import and Export with csvde and ldifde
Creating Users with csvde
Creating Users with ldifde
Managing Accounts with PowerShell
Resetting Passwords Using PowerShell
Managing Group Membership with PowerShell
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 3. User and Service Account Configuration
Chapter Introduction
Overview of User Accounts and Group Policies
Creating and Configuring Group Policies
Configuring Account Policies
Delegating Password Settings Management
Local Account Policies
Kerberos Policy Settings
Configuring Password Settings Objects
Creating and Configuring a PSO
Managing Service Accounts
Working with Service Accounts
Using Administrator-Created Service Accounts
Service Principal Names
Working with Managed Service Accounts
Working with Group Managed Service Accounts
Virtual Accounts
Kerberos Delegation
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 4. Configuring Group Policies
Chapter Introduction
Group Policy Objects
Local and Domain Group Policy Objects
Local GPOs
Domain GPOs
Group Policy Templates
Group Policy Containers
Group Policy Replication
Creating and Linking GPOs
Editing an Existing GPO
Creating a New GPO
Using Starter GPOs
Group Policy Settings
Software Installation Policies
Configuring Software Installation for Computers
Advanced Application Deployment Options
Configuring Software Installation for Users
Deploying Scripts
Folder Redirection
Security Settings
Local Policies: Audit Policy
Auditing Object Access
Changing Default Auditing
Local Policies: User Rights Assignment
Local Policies: Security Options
Restricted Groups
File System
Working with Administrative Templates
Computer Configuration Settings
User Configuration Settings
The ADMX Central Store
Working with Filters
Using Custom Administrative Templates
Adding a Custom Administrative Template to Group Policy
Working with Older Administrative Templates
Migrating Administrative Templates
Working with Security Templates
The Security Templates Snap-in
The Security Configuration and Analysis Snap-in
Configuring Group Policy Preferences
How Group Policy Preferences Are Applied
Creating Group Policy Preferences
Item-Level Targeting
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 5. Managing Group Policies
Chapter Introduction
Configuring Group Policy Processing
GPO Scope and Precedence
Understanding Site-Linked GPOs
Understanding Domain-Linked GPOs
Understanding OU-Linked GPOs
Group Policy Inheritance
Blocking Inheritance
GPO Enforcement
Managing GPO Status and Link Status
GPO Filtering
WMI Filtering
Loopback Policy Processing
Configuring Group Policy Client Processing
Configuring Slow Link Processing
Changing Background Processing
Processing Unchanged Policies
Synchronous and Asynchronous Processing
Group Policy Caching
Forcing Group Policy Updates
Remote Group Policy Updates
Configuring the Firewall for Remote Group Policy Updates
Group Policy Results and Modeling
Managing GPOs
GPO Backup and Restore
GPO Copy and Paste
Resetting Default GPOs
GPO Migration
Configuring a Migration Table
GPO Management Delegation
PowerShell Cmdlets for Managing GPOs
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 6. Domain Controller and Active Directory Management
Chapter Introduction
Active Directory Review
Cloning a Virtual Domain Controller
Domain Controller Cloning Prerequisites
Steps for Cloning a Domain Controller
Configuring Read Only Domain Controllers
RODC Installation
Staged RODC Installation
Staged RODC Installation with PowerShell
Staged RODC Installation on the Target Server
RODC Replication
Password Replication Policy
Read Only DNS
Understanding and Configuring Sites
Site Components
Subnets
Site Links
Bridgehead Servers
The Global Catalog and Universal Group Membership Caching
Working with Operations Master Roles
Operations Master Best Practices
Domain Naming Master
Schema Master
Primary Domain Controller (PDC) Emulator
RID Master
Infrastructure Master
Managing Operations Master Roles
Transferring Operations Master Roles
Seizing Operations Master Roles
Maintaining Active Directory
Active Directory Backup
System State Backup
Active Directory Restorations
Nonauthoritative Active Directory Restore
Authoritative Restore
Recovering Deleted Objects from the Recycle Bin
Active Directory Defragmentation
Active Directory Metadata Cleanup
Working with Active Directory Snapshots
Creating and Mounting Snapshots
Activating a Snapshot
Exporting a Snapshot
Unmounting and Deleting a Snapshot
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 7. Configuring Advanced Active Directory
Chapter Introduction
Configuring Multidomain Environments
Reasons for a Single-Domain Environment
Reasons for a Multidomain Environment
Adding a Subdomain
Adding a Tree to an Existing Forest
Configuring an Alternative UPN Suffix
Configuring Multiforest Environments
Active Directory Trusts
One-Way and Two-Way Trusts
Transitive Trusts
Shortcut Trusts
Forest Trusts
External Trusts and Realm Trusts
Configuring Active Directory Trusts
Configuring Shortcut Trusts
Configuring Forest Trusts
Configuring External and Realm Trusts
Configuring Trust Properties
The General Tab
The Name Suffix Routing Tab
The Authentication Tab
SID Filtering
Upgrading Domains and Forests
Forest Functional Levels
Windows 2000 Native
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Domain Functional Levels
Windows 2000 Native
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Raising Domain and Forest Functional Levels
Raising the Domain Functional Level
Raising the Forest Functional Level
Adding Domain Controllers to an Existing Domain
Configuring Sites
Registering SRV Records
Working with Automatic Site Coverage
Moving DCs between Sites
Active Directory Replication
Active Directory Intrasite Replication
Knowledge Consistency Checker
Connection Objects
Creating Connection Objects
Special Replication Scenarios
Checking Replication Status
Active Directory Intersite Replication
Intersite Transport Protocols
Site Link Bridges
SYSVOL Replication
Group Policy Replication
Upgrading to DFSR
Managing Replication
Managing Replication with Active Directory Sites and Services
Monitoring Replication
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 8. Implementing Active Directory Certificate Services
Chapter Introduction
Introducing Active Directory Certificate Services
Public Key Infrastructure Overview
PKI Terminology
AD CS Terminology
Deploying the Active Directory Certificate Services Role
Standalone and Enterprise CAs
Online and Offline CAs
CA Hierarchy
Certificate Practice Statements
Installing the AD CS Role
Configuring a Certification Authority
Configuring Certificate Templates
Configuring Certificate Enrollment Options
Configuring Certificate Autoenrollment
Requesting a Certificate with the Certificates Snap-in
Configuring Web Enrollment
Using the Network Device Enrollment Service
Using Smart Card Enrollment
Configuring the Online Responder
Creating a Revocation Configuration
Maintaining and Managing a PKI
CA Backup and Restore
Key and Certificate Archival and Recovery
Using Windows PowerShell to Manage AD CS
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Chapter 9. Implementing Identity Solutions
Chapter Introduction
Active Directory Federation Services
AD FS Overview
Federation Trusts
Account Partners and Resource Partners
Claims-Aware Applications
Windows NT Token Applications
AD FS Components
AD FS Design Concepts
Web SSO
Federated Web SSO
Federated Web SSO with Forest Trust
Preparing to Deploy AD FS
Configuring a Relying Party Trust
Configuring a Claims Provider Trust
Configuring Claims Provider Claim Rules
Configuring Authentication Policies
Device Registration
Upgrading AD FS to Windows Server 2016
Integrating AD FS with Additional Services
Integrating AD FS with Microsoft Passport
Integrating AD FS with Microsoft Azure and Office 365
Configuring AD FS to Work with LDAP Directories
Active Directory Rights Management Service
AD RMS Key Features
AD RMS Components
AD RMS Deployment
AD RMS Certificate Types
AD RMS License Types
Configuring the AD RMS Service Connection Point
Working with Rights Policy Templates
Configuring Exclusion Policies
Working with Trust Policies
Trusted User Domains
Trusted Publishing Domains
Federated Identity Support
Backing Up and Restoring AD RMS
Implementing Web Application Proxy
Publishing Web Apps with WAP
Publishing Remote Desktop Gateway Applications
Chapter Review
Chapter Summary
Key Terms
Review Questions
Critical Thinking
Appendix A. MCSA Exam 70-742 Objectives
← Prev
Back
Next →
← Prev
Back
Next →