You are previewing MCTS Configuring Windows® Server 2008 Active Directory Services Study Guide (Exam 70-640).
O'Reilly logo
MCTS Configuring Windows® Server 2008 Active Directory Services Study Guide (Exam 70-640)

Book Description

The Best Fully Integrated Study System Available for Exam 70-640

With hundreds of practice questions and hands-on exercises, MCTS Configuring Windows Server 2008 Active Directory Study Guide covers what you need to know-and shows you how to prepare-for this challenging exam.

• 100% complete coverage of all official objectives for exam 70-640

• Exam Readiness Checklist at the front of the book--you're ready for the exam when all objectives on the list are checked off

• Two-Minute Drills for quick review at the end of every chapter

• Simulated exam questions match the format, tone, topics, and difficulty of the real exam

Covers all the exam topics, including:

Directory Services · DNS · AD DS Forest and Domain Structure · Global Catalog Servers · Flexible Single Master Operation Roles · AD DS Site Topology · Organizational Units and Delegation · Replication · Troubleshooting, Backup, and Recovery · Groups and User Accounts · User Authentication · Group Policy · AD Certificate Services · AD Federated Services · AD Lightweight Directory Service · AD Rights Management Service

CD-ROM includes:

• Complete MasterExam practice testing engine, featuring: one full practice exam; detailed answers with explanations; and Score Report performance assessment tool

• MasterSim interactive task simulation software

• Electronic book for studying on the go

CD-ROM content is not available for e-book.

Table of Contents

  1. Cover Page
  2. MCTS Configuring Windows® Server 2008 Active Directory Services Study Guide (Exam 70-640)
  3. Copyright Page
  4. About the Author
  5. Contents at a Glance
  6. Contents
  7. Preface
  8. Acknowledgments
  9. Introduction
  10. 1 Directory Services
    1. A Little Bit of History
    2. Definition of a Directory and Directory Services
      1. Storing User Data
      2. Searching User Data
      3. Authentication and Authorization
      4. Example: Windows Server 2008
      5. Reasons to Implement Directories
    3. Directory Standards
    4. Overview of X.500
      1. The Fundamental Structure Model
      2. The Security Model
      3. The Distributed Model
      4. Data Replication
      5. Access Protocols
    5. Windows Implementations of Directory Services
      1. Early Competitors
      2. Windows 2000 and Active Directory
      3. Windows Server 2003 Active Directory
      4. Windows Server 2003 R2
      5. Windows Server 2008 Active Directory
      6. Two-Minute Drill
      7. Q&A Self Test Questions
      8. Self Test Answers
  11. 2 Overview of Domain Name System (DNS)
    1. Overview of DNS
      1. Purpose of DNS
    2. Elements of DNS
      1. Authoritative Server
      2. Caching Server
      3. DNS Servers and Resolvers
      4. Domain Namespace
      5. Forwarder Server
      6. Resource Records
      7. Round-Robin Functionality
    3. DNS Query Functionality
      1. Recursive Queries and Iterative Queries
      2. Reverse and Inverse Queries
    4. DNS Zones
      1. Active Directory–Integrated Zone
      2. Delegation of Zones
      3. GlobalNames Zone
      4. Primary Zone
      5. Reverse Lookup Zone
      6. Secondary Zone
      7. Stub Zone
      8. Zone Transfers
    5. DNS Security
      1. Dynamic DNS Updates
      2. Removing Stale Records (Scavenging)
      3. Two-Minute Drill
      4. Q&A Self Test Questions
      5. Self Test Answers
  12. 3 Configuring DNS for Active Directory
    1. Implementing DNS Services
      1. Installing DNS Services
      2. Exercise 3-1: Installing DNS Services on Windows Server 2008
      3. DNS Management Tools
      4. Configuring Forward and Reverse Lookup Zones
      5. Exercise 3-2: Creating a Forward Lookup Zone in Windows Server 2008
      6. Exercise 3-3: Creating a Reverse Lookup Zone using the Command Line
      7. Configuring Clients
      8. Configuring DNS Zone Transfers
      9. Configuring Conditional Forwarders
      10. Exercise 3-4: Configuring Conditional Forwarders in Windows Server 2008
    2. DNS Planning Considerations for Active Directory
      1. Namespace Considerations
      2. Replication and Performance Considerations
      3. Security Considerations
      4. Two-Minute Drill
      5. Q&A Self Test Questions
      6. Self Test Answers
  13. 4 Planning and Implementing the Active Directory Infrastructure
    1. Plan and Implement the AD DS Forest and Domain Structure
      1. Analyzing Business Requirements
      2. Application Data Partitions
      3. Domain Controllers
      4. Exercise 4-1: Deploying AD DS on the First and Second Domain Controllers
      5. Domain Functional Levels
      6. Forest Functional Levels
      7. Forest Root Domain
      8. Regional (Child) Domains
      9. Trust Relationships
      10. Upgrading Domain Controllers
    2. Plan and Implement Global Catalog Servers
      1. Global Catalog Servers
      2. Exercise 4-2: Implementing Additional Global Catalogs
      3. Exercise 4-3: Modifying a Partial Attribute Set for Global Catalog Replication
      4. Network Traffic Considerations
      5. Universal Group Membership Caching
      6. Exercise 4-4: Enabling Universal Group Membership Caching
      7. Two-Minute Drill
      8. Q&A Self Test Questions
      9. Self Test Answers
  14. 5 Planning and Implementing the Active Directory Sites and Services
    1. Plan and Implement Flexible Single Master Operation Roles
      1. Operation Master Roles
      2. Maintaining Business Continuity
      3. Exercise 5-1: Transferring the PDC Emulator Role to a Different Domain Controller
      4. Operation Master Dependencies
    2. Plan and Implement the AD Site Topology
      1. Site Links
      2. Bridgehead Servers
    3. Plan and Implement Organizational Units and Delegation
      1. Analyzing Requirements
      2. OU Structure
      3. Exercise 5-2: Creating an Organizational Unit
      4. Delegation and Security Issues
      5. Two-Minute Drill
      6. Q&A Self Test Questions
      7. Self Test Answers
  15. 6 Managing and Maintaining an Active Directory Infrastructure
    1. Manage an Active Directory Forest and Domain Structure
      1. Manage Schema Modifications
      2. Manage Trust Relationships
      3. Exercise 6-1: Setting Up Trust Relationships
      4. Manage the UPN Suffix
    2. Manage an Active Directory Site
      1. Configure Site Boundaries
      2. Exercise 6-2: Creating a New Site and Associating It with IP Subnet(s)
      3. Configure Replication Schedules
      4. Exercise 6-3: Configuring a Replication Schedule for a Connection Object
      5. Exercise 6-4: Creating Site Links and Adjusting Replication Schedules
      6. Configure Site Link Costs
    3. Monitor Active Directory Replication Failures
      1. Monitor Active Directory Replication
      2. Monitor File Replication Service
      3. Replication Monitor (Replmon)
      4. Event Viewer
      5. Two-Minute Drill
      6. Q&A Self Test Questions
      7. Self Test Answers
  16. 7 Active Directory Troubleshooting, Backup, and Recovery
    1. Restore Active Directory Services
      1. System State Backup
      2. Exercise 7-1: Authoritative Restore of Active Directory Domain Services
      3. Backup Age Issues
    2. Troubleshoot Active Directory
      1. Troubleshooting Failures of Operations Master Roles
      2. Exercise 7-2: Using ntdsutil to Seize an FSMO Role
      3. Troubleshooting Replication Failures
      4. Troubleshooting Active Directory Database Failures
      5. Exercise 7-3: Using ntdsutil to Move AD DS Database Files
      6. Exercise 7-4: Running Semantic Database Analysis and Creating a Snapshot
      7. Other Active Directory Troubleshooting Tools
      8. Two-Minute Drill
      9. Q&A Self Test Questions
      10. Self Test Answers
  17. 8 Creating and Maintaining Active Directory Objects
    1. Create and Maintain Groups and User Accounts
      1. Active Directory User Accounts
      2. Exercise 8-1: Account Import Using csvde and ldifde
      3. Active Directory Computer Accounts
      4. Active Directory Groups
      5. Security Group Strategy
      6. Security Principals and Descriptors
      7. Exercise 8-2: Modifying Access Permissions on an Active Directory Object
      8. Assigning Permissions
      9. Exercise 8-3: Assigning Special Permissions to an Object
      10. Object Ownership
    2. Plan a User Authentication Strategy
      1. Kerberos Authentication Protocol
      2. Account Policies
      3. Exercise 8-4: Creating a New Fine-Grained Policy
      4. Two-Minute Drill
      5. Q&A Self Test Questions
      6. Self Test Answers
  18. 9 Planning and Implementing Group Policy
    1. Plan and Implement an Organizational Unit Structure
      1. Analyzing Administrative Requirements
      2. Analyzing Group Policy Requirements
      3. Creating Organizational Units
      4. Delegating Permissions
      5. Exercise 9-1: Using the Delegation of Control Wizard to Delegate Authority
      6. Moving Objects Within the Structure
      7. Exercise 9-2: Creating OUs, User Objects, and Moving Objects Between OUs
      8. Exercise 9-3: Moving User Accounts Between Domains Using ADMTv3
    2. Plan and Implement a Group Policy Strategy
      1. Group Policy Scope in Active Directory
      2. Ease of Administration
      3. Group Policy Architecture
      4. Group Policy Management Tools
      5. User Environment Considerations
      6. Computer Environment Considerations
      7. Exercise 9-4: Creating, Editing, and Applying Group Policies
      8. Configure the User Environment by Using Group Policy
      9. User Software Distribution
      10. Exercise 9-5: Deploying Software Using Group Policy
      11. Folder Redirection
      12. Group Policy User Security
      13. Configure a Computer Environment by Using Group Policy
      14. Exercise 9-6: Configuring a Central ADMX Store
      15. Two-Minute Drill
      16. Q&A Self Test Questions
      17. Self Test Answers
  19. 10 Additional Active Directory Server Roles
    1. Active Directory Certificate Services
      1. Public Key Infrastructure (PKI)
      2. AD CS in Windows Server 2008
      3. Exercise 10-1: Installing Active Directory Certificate Services
      4. Exercise 10-2: Configuring a Certificate Template, Key Archival, and Automatic Enrollment
      5. Exercise 10-3: Performing Autoenrollment
      6. Smart Cards
      7. Additional CA Configuration Tasks
    2. Active Directory Federation Services
      1. AD FS Components
      2. AD FS Design Scenarios
      3. Exercise 10-4: Installing and Configuring the AD FS Role
    3. Active Directory Lightweight Directory Services
      1. LDS Overview
      2. Exercise 10-5: Working with AD LDS
    4. Active Directory Rights Management Service
      1. RMS Requirements
      2. Two-Minute Drill
      3. Q&A Self Test Questions
      4. Self Test Answers
  20. A Windows Server 2008 Network Port Reference
    1. Active Directory Ports
      1. 88/tcp and 88/udp-Kerberos
      2. 123/udp and 123/tcp-NTP
      3. 135/tcp and 135/udp-RPC
      4. 389/tcp and 389/udp-LDAP
      5. 445/tcp and 445/udp-SMB
      6. 464/tcp and 464/udp-Kerberos Password
      7. 636/tcp-LDAP over SSL
      8. 3268/tcp-Global Catalog
      9. 3269/tcp-Global Catalog over SSL
    2. Additional Domain Controller Ports
      1. 25/tcp-SMTP
      2. 53/tcp-DNS
      3. 53/udp-DNS
      4. 137/udp-NetBIOS Name Server
      5. 138/udp-NetBIOS Datagram
      6. 139/tcp-NetBIOS Session Services
      7. 443/tcp-HTTPS
      8. 500/udp-ISAKMP
      9. 3389/tcp-RDP
      10. 50000+/tcp-AD LDS
    3. Extending AD DS Beyond a Firewall
      1. List of Ports That Must Be Allowed Through the Firewall
      2. Deploying Active Directory in Firewalled Networks Using Dynamic RPC
      3. Deploying Active Directory in Firewalled Networks Using Static RPC
      4. Special Considerations for NAT'ed Networks
  21. B Windows Server 2008 Command Reference
  22. C About the CD
    1. System Requirements
    2. Installing and Running MasterExam
    3. MasterExam
    4. Electronic Book
    5. Help
    6. Removing Installation(s)
    7. Technical Support
      1. LearnKey Technical Support
  23. Glossary
  24. Index