Log In
Or create an account ->
Imperial Library
Home
About
News
Upload
Forum
Help
Login/SignUp
Index
MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory® (2nd Edition)
A Note Regarding Supplemental Files
Introduction
System Requirements
Hardware Requirements
Software Requirements
Using the Companion CD
How to Install the Practice Tests
How to Use the Practice Tests
Lesson Review Options
Practice Test Options
How to Uninstall the Practice Tests
Acknowledgments
Support & Feedback
Errata
We Want to Hear from You
Stay in Touch
Preparing for the Exam
1. Creating an Active Directory Domain
Before You Begin
Lesson 1: Installing Active Directory Domain Services
Active Directory, Identity and Access
Beyond Identity and Access
Components of an Active Directory Infrastructure
Preparing to Create a New Windows Server 2008 Forest
Adding the AD DS Role Using the Windows Interface
Creating a Domain Controller
Practice Creating a Windows Server 2008 R2 Forest
Practice Creating a Windows Server 2008 R2 Forest
Lesson Summary
Lesson Review
Lesson 2: Active Directory Domain Services on Server Core
Understanding Server Core
Installing Server Core
Performing Initial Configuration Tasks
Server Configuration
Adding AD DS to a Server Core Installation
Removing Domain Controllers
Practice Installing a Server Core Domain Controller
Practice Installing a Server Core Domain Controller
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Creating an Active Directory Forest
Take a Practice Test
2. Administering Active Directory Domain Services
Before You Begin
Lesson 1: Working with Active Directory Snap-ins
Understanding the Microsoft Management Console
Active Directory Administration Tools
Finding the Active Directory Administrative Tools
Adding the Administrative Tools to Your Start Menu
Creating a Custom Console with Active Directory Snap-ins
Running Administrative Tools with Alternate Credentials
Saving and Distributing a Custom Console
Practice Creating and Managing a Custom MMC
Practice Creating and Managing a Custom MMC
Lesson Summary
Lesson Review
Lesson 2: Creating Objects in Active Directory
Creating an Organizational Unit
Creating a User Object
Creating a Group Object
Creating a Computer Object
Finding Objects in Active Directory
Using the Select Users, Contacts, Computers, Or Groups Dialog Box
Controlling the View of Objects in the Active Directory Users And Computers Snap-in
Using the Find Commands
Determining Where an Object Is Located
Using Saved Queries
Understanding DNs, RDNs, and CNs
Finding Objects by Using Dsquery
Practice Creating and Locating Objects in Active Directory
Practice Creating and Locating Objects in Active Directory
Lesson Summary
Lesson Review
Lesson 3: Delegation and Security of Active Directory Objects
Understanding Delegation
Viewing the ACL of an Active Directory Object
Property Permissions, Control Access Rights, and Object Permissions
Assigning a Permission Using the Advanced Security Settings Dialog Box
Understanding and Managing Permissions with Inheritance
Delegating Administrative Tasks with the Delegation Of Control Wizard
Reporting and Viewing Permissions
Removing or Resetting Permissions on an Object
Understanding Effective Permissions
Designing an OU Structure to Support Delegation
Practice Delegating Administrative Tasks
Practice Delegating Administrative Tasks
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Managing Organizational Units and Delegation
Suggested Practices
Maintain Active Directory Accounts
Take a Practice Test
3. Administering User Accounts
Before You Begin
Lesson 1: Automating the Creation of User Accounts
Creating Users with Templates
Using Active Directory Command-Line Tools
Creating Users with DSAdd
Exporting Users with CSVDE
Importing Users with CSVDE
Importing Users with LDIFDE
Practice Automating the Creation of User Accounts
Practice Automating the Creation of User Accounts
Lesson Summary
Lesson Review
Lesson 2: Administering with Windows PowerShell and Active Directory Administrative Center
Introducing Windows PowerShell
Preparing to Administer Active Directory Using Windows PowerShell
cmdlets
Parameters
Get-Help
Objects
Variables
Pipeline
Extend the Pipeline to More than One Line
Aliases
Namespaces, Providers, and PSDrives
The Active Directory PowerShell Provider
Creating a User with Windows PowerShell
Populating User Attributes
Importing Users from a Database with Windows PowerShell
The Active Directory Administrative Center
Practice Creating Users with Windows PowerShell
Practice Creating Users with Windows PowerShell
Lesson Summary
Lesson Review
Lesson 3: Supporting User Objects and Accounts
Managing User Attributes with Active Directory Users And Computers
Viewing All Attributes
Managing Attributes of Multiple Users
Managing User Attributes with DSMod and DSGet
DSMod
Piping Multiple DNs to DSMod
DSGet
Managing User Attributes with Windows PowerShell
Understanding Name and Account Attributes
User Object Names
Rename a User Account
Account Properties
Administering User Accounts
Resetting a User’s Password
Unlocking an Account
Disabling and Enabling a User Account
Deleting a User Account
Moving a User Account
Practice Supporting User Objects and Accounts
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Import User Accounts
Suggested Practices
Automate the Creation of User Accounts
Maintain Active Directory Accounts
Use the Active Directory Administrative Console
Take a Practice Test
4. Managing Groups
Before You Begin
Lesson 1: Managing an Enterprise with Groups
Understanding the Importance of Groups
Challenges of Managing Without Groups
Groups Add Manageability
Groups Add Scalability
One Type of Group Is Not Enough
Role-Based Management: Role Groups and Rule Groups
Defining Group Naming Conventions
Understanding Group Types
Understanding Group Scope
Local Groups
Domain Local Groups
Global Groups
Universal Groups
Summarizing Group Membership Possibilities
Converting Group Scope and Type
Managing Group Membership
The Members Tab
The Member Of Tab
The Add To A Group Command
The Member and MemberOf Attributes
Helping Membership Changes Take Effect Quickly
Developing a Group Management Strategy
Practice Creating and Managing Groups
Practice Creating and Managing Groups
Lesson Summary
Lesson Review
Lesson 2: Automating the Creation and Management of Groups
Creating Groups with DSAdd
Importing Groups with CSVDE
Importing Groups with LDIFDE
Modifying Group Membership with LDIFDE
Retrieving Group Membership with DSGet
Changing Group Membership with DSMod
Copying Group Membership
Moving and Renaming Groups with DSMove
Deleting Groups with DSRm
Managing Groups with Windows PowerShell
Practice Automating the Creation and Management of Groups
Practice Automating the Creation and Management of Groups
Lesson Summary
Lesson Review
Lesson 3: Administering Groups in an Enterprise
Best Practices for Group Attributes
Protecting Groups from Accidental Deletion
Delegating the Management of Group Membership
Delegating Membership Management with the Managed By Tab
Delegating Membership Management Using Advanced Security Settings
Understanding Shadow Groups
Default Groups
Special Identities
Practice Administering Groups in an Enterprise
Practice Administering Groups in an Enterprise
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Implementing a Group Strategy
Suggested Practices
Automate Group Membership and Shadow Groups
Take a Practice Test
5. Configuring Computer Accounts
Before You Begin
Lesson 1: Creating Computers and Joining the Domain
Understanding Workgroups, Domains, and Trusts
Identifying Requirements for Joining a Computer to the Domain
The Computers Container and OUs
The Default Computers Container
OUs for Computers
Delegating Permission to Create Computers
Prestaging a Computer Account
Joining a Computer to the Domain
Secure Computer Creation and Joins
Prestaging Computer Objects
Configuring the Default Computer Container
Restricting the Ability of Users to Create Computers
Offline Domain Join
Prepare for Offline Domain Join
Provision a Computer in Active Directory for Offline Domain Join
Perform an Offline Domain Join
Practice Creating Computers and Joining the Domain
Lesson Summary
Lesson Review
Lesson 2: Automating the Creation of Computer Objects
Importing Computers with CSVDE
Importing Computers with LDIFDE
Creating Computers with DSAdd
Creating Computers with NetDom
Creating Computers with Windows PowerShell
Practice Automating the Creation of Computer Objects
Practice Automating the Creation of Computer Objects
Lesson Summary
Lesson Review
Lesson 3: Supporting Computer Objects and Accounts
Configuring Computer Properties
Configuring Computer Attributes with DSMod and Windows PowerShell
Moving a Computer
Managing a Computer from the Active Directory Users And Computers Snap-In
Understanding the Computer’s Logon and Secure Channel
Recognizing Computer Account Problems
Resetting a Computer Account
Renaming a Computer
Disabling and Enabling Computer Accounts
Deleting Computer Accounts
Recycling Computer Accounts
Practice Supporting Computer Objects and Accounts
Practice Supporting Computer Objects and Accounts
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Term
Case Scenarios
Case Scenario 1: Creating Computer Objects and Joining the Domain
Case Scenario 2: Automating the Creation of Computer Objects
Suggested Practices
Create and Maintain Computer Accounts
Take a Practice Test
6. Implementing a Group Policy Infrastructure
Before You Begin
Lesson 1: Implementing Group Policy
What Is Configuration Management?
An Overview and Review of Group Policy
Policy Settings
Configuring Policy Settings
Group Policy Objects
Creating and Managing GPOs
Editing a GPO
GPO Scope
Group Policy Client and Client-Side Extensions
Group Policy Refresh
Resultant Set of Policy
Slow Links and Disconnected Systems
Group Policy Objects
Local GPOs
Domain-Based GPOs
Creating, Linking, and Editing GPOs
Manage GPOs and Their Settings
GPO Storage
GPO Replication
Policy Settings
Computer Configuration and User Configuration
Software Settings Node
Windows Settings Node
Administrative Templates Node
Preferences Node
Registry Policies in the Administrative Templates Node
Filtering Administrative Template Policy Settings
Managed and Unmanaged Policy Settings
Templates
Central Store
Commenting
Starter GPOs
Practice Implementing Group Policy
Lesson Summary
Lesson Review
Lesson 2: Managing Group Policy Scope
GPO Links
Linking a GPO to Multiple OUs
Deleting or Disabling a GPO Link
GPO Inheritance and Precedence
Precedence of Multiple Linked GPOs
Blocking Inheritance
Enforcing a GPO Link
Using Security Filtering to Modify GPO Scope
Filtering a GPO to Apply to Specific Groups
Filtering a GPO to Exclude Specific Groups
WMI Filters
Enabling or Disabling GPOs and GPO Nodes
Targeting Preferences
Group Policy Processing
Loopback Policy Processing
Practice Configuring Group Policy Scope
Practice Configuring Group Policy Scope
Lesson Summary
Lesson Review
Lesson 3: Supporting Group Policy
Understanding When Settings Take Effect
Resultant Set Of Policy
Generating RSOP Reports with the Group Policy Results Wizard
Generating RSOP Reports with Gpresult.exe
Troubleshooting Group Policy with the Group Policy Results Wizard and Gpresult.exe
Performing What-If Analyses with the Group Policy Modeling Wizard
Examining Policy Event Logs
Practice Configuring Group Policy Scope
Practice Configuring Group Policy Scope
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Implementing Group Policy
Suggested Practices
Create and Apply GPOs
Take a Practice Test
7. Managing Enterprise Security and Configuration with Group Policy Settings
Before You Begin
Lesson 1: Delegating the Support of Computers
Understanding Restricted Groups Policies
Delegating Administration Using Restricted Groups Policies with the Member Of Setting
Delegating Administration Using Restricted Groups Policies with the Members Of This Group Setting
Defining Group Membership with Group Policy Preferences
Practice Delegating the Support of Computers
Lesson Summary
Lesson Review
Lesson 2: Managing Security Settings
What Is Security Policy Management?
Configuring the Local Security Policy
Managing Security Configuration with Security Templates
Using the Security Templates Snap-in
Deploying Security Templates by Using Group Policy Objects
Security Configuration And Analysis Tool
Applying Database Settings to a Computer
Analyzing the Security Configuration of a Computer
Correcting Security Setting Discrepancies
Creating a Security Template
Secedit.exe
The Security Configuration Wizard
Creating a Security Policy
Editing a Security Policy
Applying a Security Policy
Rolling Back an Applied Security Policy
Modifying Settings of an Applied Security Policy
Deploying a Security Policy Using Group Policy
Settings, Templates, Policies, and GPOs
Practice Managing Security Settings
Practice Managing Security Settings
Lesson Summary
Lesson Review
Lesson 3: Managing Software with Group Policy
Understanding Group Policy Software Installation
Windows Installer Packages
Software Deployment Options
Assigning Applications
Assigning Applications
Publishing Applications
Preparing an SDP
Creating a Software Deployment GPO
Managing the Scope of a Software Deployment GPO
Maintaining Applications Deployed with Group Policy
GPSI and Slow Links
Understanding AppLocker
Practice Managing Software with Group Policy
Practice Managing Software with Group Policy
Lesson Summary
Lesson Review
Lesson 4: Implementing an Audit Policy
Audit Policy
Auditing Access to Files and Folders
Specifying Auditing Settings on a File or Folder
Enabling Audit Policy
Evaluating Events in the Security Log
Auditing Directory Service Changes
Enabling Directory Service Changes Auditing
Specifying Auditing Settings for Directory Service Changes
Viewing Audited Events in the Security Log
Practice Implementing an Audit Policy
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenarios
Case Scenario 1: Installing Software with Group Policy Software Installation
Case Scenario 2: Configuring Security
Suggested Practices
Configure Restricted Groups
Manage Security Configuration
Take a Practice Test
8. Improving the Security of Authentication in an AD DS Domain
Before You Begin
Lesson 1: Configuring Password and Lockout Policies
Understanding Password Policies
Understanding Account Lockout Policies
Configuring the Domain Password and Lockout Policy
Fine-Grained Password and Lockout Policy
Understanding Password Settings Objects
PSO Precedence and Resultant PSO
PSOs and OUs
Practice Configuring Password and Lockout Policies
Practice Configuring Password and Lockout Policies
Lesson Summary
Lesson Review
Lesson 2: Auditing Authentication
Account Logon and Logon Events
Configuring Authentication-Related Audit Policies
Scoping Audit Policies
Viewing Logon Events
Practice Auditing Authentication
Practice Auditing Authentication
Lesson Summary
Lesson Review
Lesson 3: Configuring Read-Only Domain Controllers
Authentication and Domain Controller Placement in a Branch Office
Read-Only Domain Controllers
Deploying an RODC
Verifying and Configuring Forest Functional Level of Windows Server 2003 or Higher
Running ADPrep /RODCPrep
Placing a Writable Windows Server 2008 or Windows Server 2008 R2 Domain Controller
Installing an RODC
Password Replication Policy
Configuring Domain-Wide Password Replication Policy
Configuring RODC-Specific Password Replication Policy
Administering RODC Credentials Caching
Administrative Role Separation
Practice Configuring Read-Only Domain Controllers
Practice Configuring Read-Only Domain Controllers
Lesson Summary
Lesson Review
Lesson 4: Managing Service Accounts
Understanding Managed Accounts
Requirements for Managed Service Accounts
Creating and Configuring a Managed Service Account
Installing and Using a Managed Service Account
Managing Delegation and Passwords
Limitations of Managed Service Accounts
Practice Managing Service Accounts
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenarios
Case Scenario 1: Increasing the Security of Administrative Accounts
Case Scenario 2: Increasing the Security and Reliability of Branch Office Authentication
Suggested Practices
Configure Multiple Password Settings Objects
Recover from a Stolen Read-Only Domain Controller
Take a Practice Test
9. Integrating Domain Name System with AD DS
Before You Begin
Lesson 1: Understanding and Installing Domain Name System
DNS and IPv6
The Peer Name Resolution Protocol
DNS Structures
The Split-Brain Syndrome
Understanding DNS
Windows Server 2008 R2 DNS Features
Integration with AD DS
New DNS Features in Windows Server 2008 R2
DNS Security Extensions
DNS Cache Locking
DNS Socket Pool
DNS Devolution
Practice Installing the DNS Service
Lesson Summary
Lesson Review
Lesson 2: Configuring and Using Domain Name System
Configuring DNS
Security Considerations for the DNS Server Role
Working with DNS Server Settings
Configuring Scavenging for All Zones
Configuring Scavenging for All Zones
Finalizing FLZ Configuration
Creating a Responsible Person Record
Creating Reverse Lookup Zones
Creating Custom Records
Forwarders vs. Root Hints
Single-Label Name Management
DNS and WINS
DNS and DHCP Considerations
Working with Application Directory Partitions
Creating and Assigning Custom Application Directory Partitions
Administering DNS Servers
Practice Finalizing a DNS Server Configuration in a Forest
Practice Finalizing a DNS Server Configuration in a Forest
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Blocking Specific DNS Names
Suggested Practices
Work with DNS
Take a Practice Test
10. Administering Domain Controllers
Before You Begin
Lesson 1: Deploying Domain Controllers
Installing a Domain Controller with the Windows Interface
Unattended Installation Options and Answer Files
Installing a New Windows Server 2008 R2 Forest
Installing Additional Domain Controllers in a Domain
Installing the First Windows Server 2008 R2 Domain Controller in an Existing Forest or Domain
Installing an Additional Domain Controller
Installing a New Windows Server 2008 Child Domain
Installing a New Domain Tree
Staging the Installation of an RODC
Creating the Prestaged Account for the RODC
Attaching a Server to the RODC Account
Installing AD DS from Media
Removing a Domain Controller
Practice Deploying Domain Controllers
Practice Deploying Domain Controllers
Lesson Summary
Lesson Review
Lesson 2: Managing Operations Masters
Understanding Single Master Operations
Forest-Wide Operations Master Roles
Domain Naming Master Role
Schema Master Role
Domain-Wide Operations Master Roles
RID Master Role
Infrastructure Master Role
PDC Emulator Role
Optimizing the Placement of Operations Masters
Identifying Operations Masters
Transferring Operations Master Roles
Recognizing Operations Master Failures
Seizing Operations Master Roles
Returning a Role to Its Original Holder
Practice Transferring Operations Master Roles
Practice Transferring Operations Master Roles
Lesson Summary
Lesson Review
Lesson 3: Configuring DFS Replication of SYSVOL
Raising the Domain Functional Level
Understanding Migration Stages
Migrating SYSVOL Replication to DFS-R
Practice Configuring DFS Replication of SYSVOL
Practice Configuring DFS Replication of SYSVOL
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Term
Case Scenario
Case Scenario: Upgrading a Domain
Suggested Practices
Upgrade a Windows Server 2003 Domain
Take a Practice Test
11. Managing Sites and Active Directory Replication
Before You Begin
Lesson 1: Configuring Sites and Subnets
Understanding Sites
Replication Traffic
Service Localization
Planning Sites
Connection Speed
Service Placement
User Population
Summarizing Site Planning Criteria
Creating Sites
Managing Domain Controllers in Sites
Understanding Domain Controller Location
Service Locator Records
Domain Controller Location
Site Coverage
Practice Configuring Sites and Subnets
Lesson Summary
Lesson Review
Lesson 2: Configuring the Global Catalog and Application Directory Partitions
Reviewing Active Directory Partitions
Understanding the Global Catalog
Placing Global Catalog Servers
Configuring a Global Catalog Server
Universal Group Membership Caching
Understanding Application Directory Partitions
Practice Replication and Directory Partitions
Practice Replication and Directory Partitions
Lesson Summary
Lesson Review
Lesson 3: Configuring Replication
Understanding Active Directory Replication
Connection Objects
The Knowledge Consistency Checker
Intrasite Replication
Notification
Polling
Site Links
Replication Transport Protocols
Bridgehead Servers
Preferred Bridgehead Servers
Configuring Intersite Replication
Site Link Transitivity
Site Link Bridges
Site Link Costs
Replication Frequency
Replication Schedules
Monitoring Replication
Repadmin.exe
Dcdiag.exe
Practice Configuring Replication
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Configuring Sites and Subnets
Suggested Practices
Monitor and Manage Replication
Take a Practice Test
12. Managing Multiple Domains and Forests
Before You Begin
Lesson 1: Configuring Domain and Forest Functional Levels
Understanding Functional Levels
Domain Functional Levels
Windows 2000 Native
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Raising the Domain Functional Level
Forest Functional Levels
Windows 2000
Windows Server 2003
Windows Server 2008
Windows Server 2008 R2
Raising the Forest Functional Level
Practice Raising the Domain and Forest Functional Levels
Lesson Summary
Lesson Review
Lesson 2: Managing Multiple Domains and Trust Relationships
Defining Your Forest and Domain Structure
Dedicated Forest Root Domain
Single-Domain Forest
Multiple-Domain Forests
Multiple Trees
Multiple Forests
Moving Objects Between Domains and Forests
Understanding the Active Directory Migration Tool
Security Identifiers and Migration
Group Membership
Other Migration Concerns
Understanding Trust Relationships
Trust Relationships Within a Domain
Trust Relationships Between Domains
Characteristics of Trust Relationships
How Trusts Work
Authentication Protocols and Trust Relationships
Kerberos Authentication Within a Domain
Kerberos Authentication Across Domains in a Forest
Manual Trusts
Creating Manual Trust Relationships
Shortcut Trusts
External Trusts
Realm Trusts
Forest Trusts
Administering Trusts
Resource Access for Users from Trusted Domains
Domain Quarantine
Authenticated Users
Membership in Domain Local Groups
ACLs
Transitivity
Selective Authentication
Practice Administering a Trust Relationship
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Case Scenario
Case Scenario: Managing Multiple Domains and Forests
Suggested Practices
Configure a Forest or Domain
Take a Practice Test
13. Directory Business Continuity
Before You Begin
Lesson 1: Proactive Directory Maintenance and Data Store Protection
Twelve Categories of AD DS Administration
Using Specops Gpupdate
Using AD DS Administration Tools
Performing Online Maintenance
Performing Offline Maintenance
Relying on Built-in Directory Protection Measures
Protecting AD DS Objects
Auditing Directory Changes
Using the AD Recycle Bin
Restoring Deleted Objects with LDP.exe
Using Quest Object Restore for Active Directory
Relying on Windows Server Backup to Protect the Directory
Working with the System State Only
Creating Installation From Media Data Sets
Performing a Full System Backup
Creating an Interactive Full System Backup with Windows Server Backup
Creating an Interactive Full System Backup with Windows Server Backup
Creating an Interactive Full System Backup with Wbadmin.exe
Scheduling a Backup with Windows Server Backup
Scheduling a Backup with Wbadmin.exe
Performing Proactive Restores
Restarting in DSRM
Identifying the Appropriate Backup Data Set
Performing Nonauthoritative or Authoritative Restores
Restoring from a Complete Backup
Performing a Graphical Full Server Recovery
Performing a Graphical Full Server Recovery
Performing a Command-Line Full Server Recovery
Protecting DCs as Virtual Machines
Practice Working with the AD DS Database
Practice Working with the AD DS Database
Lesson Summary
Lesson Review
Lesson 2: Proactive Directory Performance Management
Managing System Resources
Using Task Manager
Working with Event Viewer
Working with Windows Reliability Monitor
Working with Windows Performance Monitor
Creating Baselines for AD DS and DNS
Working with Windows System Resource Manager
Practice AD DS Performance Analysis
Practice AD DS Performance Analysis
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Working with Lost and Found Data
Suggested Practices
Practice Proactive Directory Maintenance
Take a Practice Test
14. Active Directory Lightweight Directory Services
Before You Begin
Lesson 1: Understanding and Installing AD LDS
Understanding AD LDS
AD LDS Scenarios
New AD LDS Features in Windows Server 2008 R2
Installing AD LDS
Identifying AD LDS Requirements
Installing AD LDS on Server Core
Practice Installing AD LDS
Lesson Summary
Lesson Review
Lesson 2: Configuring and Using AD LDS
Working with AD LDS Tools
Creating AD LDS Instances
Preparing for AD LDS Instance Creation
Performing an Unattended AD LDS Instance Creation
Migrating a Previous LDAP Instance to AD LDS
Enabling the AD Recycle Bin in AD LDS
Working with AD LDS Instances
Using ADSI Edit to Work with Instances
Using LDP.exe to Work with Instances
Using the Schema Snap-in to Work with Instances
Using Active Directory Sites And Services to Work with Instances
Using Active Directory Module for Windows PowerShell to Work with Instances
Practice Working with AD LDS Instances
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Determining AD LDS Instance Prerequisites
Suggested Practices
Work with AD LDS Instances
Take a Practice Test
15. Active Directory Certificate Services and Public Key Infrastructures
Before You Begin
Lesson 1: Understanding and Installing Active Directory Certificate Services
Understanding AD CS
Stand-alone vs. Enterprise CAs
Creating the CA Hierarchy
Best Practices for AD CS Deployments
Additional Planning Requirements
New AD CS Features in Windows Server 2008 R2
New AD CS Web Services
Enrollment across Forests
High-Volume CAs
Installing AD CS
Preparing for AD CS Installation
Practice Installing a CA Hierarchy
Lesson Summary
Lesson Review
Lesson 2: Configuring and Using Active Directory Certificate Services
Finalizing the Configuration of an Issuing CA
Creating a Revocation Configuration for a CA
Configuring and Personalizing Certificate Templates
Finalizing the Configuration of an Online Responder
Adding a Revocation Configuration for an Online Responder
Considerations for the Use and Management of AD CS
Working with Enterprise PKI
Protecting Your AD CS Configuration
Practice Configuring and Using AD CS
Practice Configuring and Using AD CS
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Managing Certificate Revocation
Suggested Practices
Work with AD CS
Take a Practice Test
16. Active Directory Rights Management Services
Before You Begin
Lesson 1: Understanding and Installing Active Directory Rights Management Services
Understanding AD RMS
AD RMS Features
AD RMS Installation Scenarios
Installing Active Directory Rights Management Services
Preparing AD RMS Installation Prerequisites
Understanding AD RMS Certificates
Installation Procedure
Moving AD RMS to Windows Server 2008 R2
Working with Windows PowerShell
Practice Installing AD RMS
Lesson Summary
Lesson Review
Lesson 2: Configuring and Using Active Directory Rights Management Services
Configuring AD RMS
Creating an Extranet URL
Configuring Trust Policies
Exporting the Server Licensor Certificate
Preparing AD RMS Certificates
Preparing Exclusion Policies
Preparing Accounts and Access Rights
Preparing Policy Templates
Working with AD RMS Clients
Managing Databases
Practice Creating a Rights Policy Template
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Preparing to Work with an External AD RMS Cluster
Suggested Practices
Work with AD RMS
Take a Practice Test
17. Active Directory Federation Services
The Purpose of a Firewall
Active Directory Federation Services
Before You Begin
Lesson 1: Understanding Active Directory Federation Services
Working with AD FS Designs
Understanding AD FS Components
Understanding AD FS Terminology
Core AD FS Components
The AD FS Attribute Store
The AD FS Configuration Database
Claims
Claim Rules
Understanding AD FS Certificates
AD FS 2.0 vs. AD FS 1.1
Installing Active Directory Federation Services 2.0
AD FS Installation Requirements
Practice Prepare an AD FS Deployment
Lesson Summary
Lesson Review
Lesson 2: Configuring and Using Active Directory Federation Services
Finalizing the Configuration of AD FS
Using and Managing AD FS
Working with Windows PowerShell
Ongoing AD FS 2.0 Administration
Practice Finalizing the AD FS 2.0 Configuration
Lesson Summary
Lesson Review
Chapter Review
Chapter Summary
Key Terms
Case Scenario
Case Scenario: Choosing the Right AD Technology
Suggested Practices
Prepare for AD FS
Take a Practice Test
A. Answers
Chapter 1
Lesson 1
Lesson 2
Case Scenario: Creating an Active Directory Forest
Chapter 2
Lesson 1
Lesson 2
Lesson 3
Case Scenario: Managing Organizational Units and Delegation
Chapter 3
Lesson 1
Lesson 2
Lesson 3
Case Scenario: Import User Accounts
Chapter 4
Lesson 1
Lesson 2
Lesson 3
Case Scenario: Implementing a Group Strategy
Chapter 5
Lesson 1
Lesson 2
Lesson 3
Case Scenario 1: Creating Computer Objects and Joining the Domain
Case Scenario 2: Automating the Creation of Computer Objects
Chapter 6
Lesson 1
Lesson 2
Lesson 3
Case Scenario: Implementing Group Policy
Chapter 7
Lesson 1
Lesson 2
Lesson 3
Lesson 4
Case Scenario 1: Installing Software with Group Policy Software Installation
Case Scenario 2: Configuring Security
Chapter 8
Lesson 1
Lesson 2
Lesson 3
Lesson 4
Case Scenario 1: Increasing the Security of Administrative Accounts
Case Scenario 2: Increasing the Security and Reliability of Branch Office Authentication
Chapter 9
Lesson 1
Lesson 2
Case Scenario: Blocking Specific DNS Names
Chapter 10
Lesson 1
Lesson 2
Lesson 3
Case Scenario: Upgrading a Domain
Chapter 11
Lesson 1
Lesson 2
Lesson 3
Case Scenario: Configuring Sites and Subnets
Chapter 12
Lesson 1
Lesson 2
Case Scenario: Managing Multiple Domains and Forests
Chapter 13
Lesson 1
Lesson 2
Case Scenario: Working with Lost and Found Data
Chapter 14
Lesson 1
Lesson 2
Case Scenario: Determining AD LDS Instance Prerequisites
Chapter 15
Lesson 1
Lesson 2
Case Scenario: Managing Certificate Revocation
Chapter 16
Lesson 1
Lesson 2
Case Scenario: Preparing to Work with an External AD RMS Cluster
Chapter 17
Lesson 1
Lesson 2
Case Scenario: Choosing the Right AD Technology
Index
About the Authors
← Prev
Back
Next →
← Prev
Back
Next →