O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory® (2nd Edition)

Book Description

EXAM PREP GUIDE

Fully updated for Windows Server 2008 R2! Ace your preparation for the skills measured by Exam 70-640 - and on the job. Work at your own pace through a series of lessons and reviews that fully cover each exam objective. Then, reinforce and apply your knowledge to real-world case scenarios and practice exercises.

Maximize your performance on the exam by learning to:

  • Deploy or upgrade domain controllers, domains, and forests for Windows Server 2008 R2

  • Manage user accounts and groups with Windows PowerShell

  • Implement Group Policy; configure software and security settings

  • Configure DNS settings and zones

  • Manage authentication

  • Plan and manage Active Directory replication

  • Monitor and ensure availability of directory services

  • PRACTICE TESTS

    Assess your skills with practice tests. You can work through hundreds of questions using multiple testing modes to meet your specific learning needs. You get detailed explanations for right and wrong answers—including a customized learning path that describes how and where to focus your studies.

    NOTE

    Exam 70-640 is one of three required exams for MCSA: Windows Server 2008 certification. For a limited time, it is also valid for MCTS certification, which will be retired.

    For customers who purchase an ebook version of this title, instructions for downloading the CD files can be found in the ebook.

    Table of Contents

    1. Self-Paced Training Kit (Exam 70-640): Configuring Windows Server® 2008 Active Directory® (2nd Edition)
    2. A Note Regarding Supplemental Files
    3. Introduction
      1. System Requirements
        1. Hardware Requirements
        2. Software Requirements
      2. Using the Companion CD
        1. How to Install the Practice Tests
        2. How to Use the Practice Tests
          1. Lesson Review Options
          2. Practice Test Options
        3. How to Uninstall the Practice Tests
      3. Acknowledgments
      4. Support & Feedback
        1. Errata
        2. We Want to Hear from You
        3. Stay in Touch
    4. Preparing for the Exam
    5. 1. Creating an Active Directory Domain
      1. Before You Begin
      2. Lesson 1: Installing Active Directory Domain Services
        1. Active Directory, Identity and Access
        2. Beyond Identity and Access
        3. Components of an Active Directory Infrastructure
        4. Preparing to Create a New Windows Server 2008 Forest
        5. Adding the AD DS Role Using the Windows Interface
        6. Creating a Domain Controller
          1. Practice Creating a Windows Server 2008 R2 Forest
            1. Practice Creating a Windows Server 2008 R2 Forest
        7. Lesson Summary
        8. Lesson Review
      3. Lesson 2: Active Directory Domain Services on Server Core
        1. Understanding Server Core
        2. Installing Server Core
        3. Performing Initial Configuration Tasks
        4. Server Configuration
        5. Adding AD DS to a Server Core Installation
        6. Removing Domain Controllers
          1. Practice Installing a Server Core Domain Controller
            1. Practice Installing a Server Core Domain Controller
        7. Lesson Summary
        8. Lesson Review
      4. Chapter Review
      5. Chapter Summary
      6. Key Terms
      7. Case Scenario
        1. Case Scenario: Creating an Active Directory Forest
      8. Take a Practice Test
    6. 2. Administering Active Directory Domain Services
      1. Before You Begin
      2. Lesson 1: Working with Active Directory Snap-ins
        1. Understanding the Microsoft Management Console
        2. Active Directory Administration Tools
        3. Finding the Active Directory Administrative Tools
        4. Adding the Administrative Tools to Your Start Menu
        5. Creating a Custom Console with Active Directory Snap-ins
        6. Running Administrative Tools with Alternate Credentials
        7. Saving and Distributing a Custom Console
          1. Practice Creating and Managing a Custom MMC
            1. Practice Creating and Managing a Custom MMC
        8. Lesson Summary
        9. Lesson Review
      3. Lesson 2: Creating Objects in Active Directory
        1. Creating an Organizational Unit
        2. Creating a User Object
        3. Creating a Group Object
        4. Creating a Computer Object
        5. Finding Objects in Active Directory
          1. Using the Select Users, Contacts, Computers, Or Groups Dialog Box
          2. Controlling the View of Objects in the Active Directory Users And Computers Snap-in
          3. Using the Find Commands
          4. Determining Where an Object Is Located
          5. Using Saved Queries
        6. Understanding DNs, RDNs, and CNs
        7. Finding Objects by Using Dsquery
          1. Practice Creating and Locating Objects in Active Directory
            1. Practice Creating and Locating Objects in Active Directory
        8. Lesson Summary
        9. Lesson Review
      4. Lesson 3: Delegation and Security of Active Directory Objects
        1. Understanding Delegation
        2. Viewing the ACL of an Active Directory Object
        3. Property Permissions, Control Access Rights, and Object Permissions
        4. Assigning a Permission Using the Advanced Security Settings Dialog Box
        5. Understanding and Managing Permissions with Inheritance
        6. Delegating Administrative Tasks with the Delegation Of Control Wizard
        7. Reporting and Viewing Permissions
        8. Removing or Resetting Permissions on an Object
        9. Understanding Effective Permissions
        10. Designing an OU Structure to Support Delegation
          1. Practice Delegating Administrative Tasks
            1. Practice Delegating Administrative Tasks
        11. Lesson Summary
        12. Lesson Review
      5. Chapter Review
      6. Chapter Summary
      7. Key Terms
      8. Case Scenario
        1. Case Scenario: Managing Organizational Units and Delegation
      9. Suggested Practices
        1. Maintain Active Directory Accounts
      10. Take a Practice Test
    7. 3. Administering User Accounts
      1. Before You Begin
      2. Lesson 1: Automating the Creation of User Accounts
        1. Creating Users with Templates
        2. Using Active Directory Command-Line Tools
        3. Creating Users with DSAdd
        4. Exporting Users with CSVDE
        5. Importing Users with CSVDE
        6. Importing Users with LDIFDE
          1. Practice Automating the Creation of User Accounts
            1. Practice Automating the Creation of User Accounts
        7. Lesson Summary
        8. Lesson Review
      3. Lesson 2: Administering with Windows PowerShell and Active Directory Administrative Center
        1. Introducing Windows PowerShell
        2. Preparing to Administer Active Directory Using Windows PowerShell
        3. cmdlets
        4. Parameters
        5. Get-Help
        6. Objects
        7. Variables
        8. Pipeline
          1. Extend the Pipeline to More than One Line
        9. Aliases
        10. Namespaces, Providers, and PSDrives
        11. The Active Directory PowerShell Provider
        12. Creating a User with Windows PowerShell
        13. Populating User Attributes
        14. Importing Users from a Database with Windows PowerShell
        15. The Active Directory Administrative Center
          1. Practice Creating Users with Windows PowerShell
            1. Practice Creating Users with Windows PowerShell
        16. Lesson Summary
        17. Lesson Review
      4. Lesson 3: Supporting User Objects and Accounts
        1. Managing User Attributes with Active Directory Users And Computers
          1. Viewing All Attributes
          2. Managing Attributes of Multiple Users
        2. Managing User Attributes with DSMod and DSGet
          1. DSMod
          2. Piping Multiple DNs to DSMod
          3. DSGet
        3. Managing User Attributes with Windows PowerShell
        4. Understanding Name and Account Attributes
          1. User Object Names
          2. Rename a User Account
          3. Account Properties
        5. Administering User Accounts
          1. Resetting a User’s Password
          2. Unlocking an Account
          3. Disabling and Enabling a User Account
          4. Deleting a User Account
          5. Moving a User Account
            1. Practice Supporting User Objects and Accounts
        6. Lesson Summary
        7. Lesson Review
      5. Chapter Review
      6. Chapter Summary
      7. Key Terms
      8. Case Scenario
        1. Case Scenario: Import User Accounts
      9. Suggested Practices
        1. Automate the Creation of User Accounts
        2. Maintain Active Directory Accounts
        3. Use the Active Directory Administrative Console
      10. Take a Practice Test
    8. 4. Managing Groups
      1. Before You Begin
      2. Lesson 1: Managing an Enterprise with Groups
        1. Understanding the Importance of Groups
          1. Challenges of Managing Without Groups
          2. Groups Add Manageability
          3. Groups Add Scalability
          4. One Type of Group Is Not Enough
          5. Role-Based Management: Role Groups and Rule Groups
        2. Defining Group Naming Conventions
        3. Understanding Group Types
        4. Understanding Group Scope
          1. Local Groups
          2. Domain Local Groups
          3. Global Groups
          4. Universal Groups
          5. Summarizing Group Membership Possibilities
        5. Converting Group Scope and Type
        6. Managing Group Membership
          1. The Members Tab
          2. The Member Of Tab
          3. The Add To A Group Command
          4. The Member and MemberOf Attributes
          5. Helping Membership Changes Take Effect Quickly
        7. Developing a Group Management Strategy
          1. Practice Creating and Managing Groups
            1. Practice Creating and Managing Groups
        8. Lesson Summary
        9. Lesson Review
      3. Lesson 2: Automating the Creation and Management of Groups
        1. Creating Groups with DSAdd
        2. Importing Groups with CSVDE
        3. Importing Groups with LDIFDE
          1. Modifying Group Membership with LDIFDE
        4. Retrieving Group Membership with DSGet
        5. Changing Group Membership with DSMod
        6. Copying Group Membership
        7. Moving and Renaming Groups with DSMove
        8. Deleting Groups with DSRm
        9. Managing Groups with Windows PowerShell
          1. Practice Automating the Creation and Management of Groups
            1. Practice Automating the Creation and Management of Groups
        10. Lesson Summary
        11. Lesson Review
      4. Lesson 3: Administering Groups in an Enterprise
        1. Best Practices for Group Attributes
        2. Protecting Groups from Accidental Deletion
        3. Delegating the Management of Group Membership
          1. Delegating Membership Management with the Managed By Tab
          2. Delegating Membership Management Using Advanced Security Settings
        4. Understanding Shadow Groups
        5. Default Groups
        6. Special Identities
          1. Practice Administering Groups in an Enterprise
            1. Practice Administering Groups in an Enterprise
        7. Lesson Summary
        8. Lesson Review
      5. Chapter Review
      6. Chapter Summary
      7. Key Terms
      8. Case Scenario
        1. Case Scenario: Implementing a Group Strategy
      9. Suggested Practices
        1. Automate Group Membership and Shadow Groups
      10. Take a Practice Test
    9. 5. Configuring Computer Accounts
      1. Before You Begin
      2. Lesson 1: Creating Computers and Joining the Domain
        1. Understanding Workgroups, Domains, and Trusts
        2. Identifying Requirements for Joining a Computer to the Domain
        3. The Computers Container and OUs
          1. The Default Computers Container
          2. OUs for Computers
        4. Delegating Permission to Create Computers
        5. Prestaging a Computer Account
        6. Joining a Computer to the Domain
        7. Secure Computer Creation and Joins
          1. Prestaging Computer Objects
          2. Configuring the Default Computer Container
          3. Restricting the Ability of Users to Create Computers
        8. Offline Domain Join
          1. Prepare for Offline Domain Join
          2. Provision a Computer in Active Directory for Offline Domain Join
          3. Perform an Offline Domain Join
            1. Practice Creating Computers and Joining the Domain
        9. Lesson Summary
        10. Lesson Review
      3. Lesson 2: Automating the Creation of Computer Objects
        1. Importing Computers with CSVDE
        2. Importing Computers with LDIFDE
        3. Creating Computers with DSAdd
        4. Creating Computers with NetDom
        5. Creating Computers with Windows PowerShell
          1. Practice Automating the Creation of Computer Objects
            1. Practice Automating the Creation of Computer Objects
        6. Lesson Summary
        7. Lesson Review
      4. Lesson 3: Supporting Computer Objects and Accounts
        1. Configuring Computer Properties
          1. Configuring Computer Attributes with DSMod and Windows PowerShell
        2. Moving a Computer
        3. Managing a Computer from the Active Directory Users And Computers Snap-In
        4. Understanding the Computer’s Logon and Secure Channel
        5. Recognizing Computer Account Problems
        6. Resetting a Computer Account
        7. Renaming a Computer
        8. Disabling and Enabling Computer Accounts
        9. Deleting Computer Accounts
        10. Recycling Computer Accounts
          1. Practice Supporting Computer Objects and Accounts
            1. Practice Supporting Computer Objects and Accounts
        11. Lesson Summary
        12. Lesson Review
      5. Chapter Review
      6. Chapter Summary
      7. Key Term
      8. Case Scenarios
        1. Case Scenario 1: Creating Computer Objects and Joining the Domain
        2. Case Scenario 2: Automating the Creation of Computer Objects
      9. Suggested Practices
        1. Create and Maintain Computer Accounts
      10. Take a Practice Test
    10. 6. Implementing a Group Policy Infrastructure
      1. Before You Begin
      2. Lesson 1: Implementing Group Policy
        1. What Is Configuration Management?
        2. An Overview and Review of Group Policy
          1. Policy Settings
          2. Configuring Policy Settings
          3. Group Policy Objects
          4. Creating and Managing GPOs
          5. Editing a GPO
          6. GPO Scope
          7. Group Policy Client and Client-Side Extensions
          8. Group Policy Refresh
          9. Resultant Set of Policy
          10. Slow Links and Disconnected Systems
        3. Group Policy Objects
          1. Local GPOs
          2. Domain-Based GPOs
          3. Creating, Linking, and Editing GPOs
          4. Manage GPOs and Their Settings
          5. GPO Storage
          6. GPO Replication
        4. Policy Settings
          1. Computer Configuration and User Configuration
          2. Software Settings Node
          3. Windows Settings Node
          4. Administrative Templates Node
          5. Preferences Node
        5. Registry Policies in the Administrative Templates Node
          1. Filtering Administrative Template Policy Settings
          2. Managed and Unmanaged Policy Settings
          3. Templates
          4. Central Store
          5. Commenting
          6. Starter GPOs
            1. Practice Implementing Group Policy
        6. Lesson Summary
        7. Lesson Review
      3. Lesson 2: Managing Group Policy Scope
        1. GPO Links
          1. Linking a GPO to Multiple OUs
          2. Deleting or Disabling a GPO Link
        2. GPO Inheritance and Precedence
          1. Precedence of Multiple Linked GPOs
          2. Blocking Inheritance
          3. Enforcing a GPO Link
        3. Using Security Filtering to Modify GPO Scope
          1. Filtering a GPO to Apply to Specific Groups
          2. Filtering a GPO to Exclude Specific Groups
        4. WMI Filters
        5. Enabling or Disabling GPOs and GPO Nodes
        6. Targeting Preferences
        7. Group Policy Processing
        8. Loopback Policy Processing
          1. Practice Configuring Group Policy Scope
            1. Practice Configuring Group Policy Scope
        9. Lesson Summary
        10. Lesson Review
      4. Lesson 3: Supporting Group Policy
        1. Understanding When Settings Take Effect
        2. Resultant Set Of Policy
          1. Generating RSOP Reports with the Group Policy Results Wizard
          2. Generating RSOP Reports with Gpresult.exe
        3. Troubleshooting Group Policy with the Group Policy Results Wizard and Gpresult.exe
        4. Performing What-If Analyses with the Group Policy Modeling Wizard
        5. Examining Policy Event Logs
          1. Practice Configuring Group Policy Scope
            1. Practice Configuring Group Policy Scope
        6. Lesson Summary
        7. Lesson Review
      5. Chapter Review
      6. Chapter Summary
      7. Key Terms
      8. Case Scenario
        1. Case Scenario: Implementing Group Policy
      9. Suggested Practices
        1. Create and Apply GPOs
      10. Take a Practice Test
    11. 7. Managing Enterprise Security and Configuration with Group Policy Settings
      1. Before You Begin
      2. Lesson 1: Delegating the Support of Computers
        1. Understanding Restricted Groups Policies
        2. Delegating Administration Using Restricted Groups Policies with the Member Of Setting
        3. Delegating Administration Using Restricted Groups Policies with the Members Of This Group Setting
          1. Defining Group Membership with Group Policy Preferences
            1. Practice Delegating the Support of Computers
        4. Lesson Summary
        5. Lesson Review
      3. Lesson 2: Managing Security Settings
        1. What Is Security Policy Management?
        2. Configuring the Local Security Policy
        3. Managing Security Configuration with Security Templates
          1. Using the Security Templates Snap-in
          2. Deploying Security Templates by Using Group Policy Objects
          3. Security Configuration And Analysis Tool
          4. Applying Database Settings to a Computer
          5. Analyzing the Security Configuration of a Computer
          6. Correcting Security Setting Discrepancies
          7. Creating a Security Template
          8. Secedit.exe
        4. The Security Configuration Wizard
          1. Creating a Security Policy
          2. Editing a Security Policy
          3. Applying a Security Policy
          4. Rolling Back an Applied Security Policy
          5. Modifying Settings of an Applied Security Policy
          6. Deploying a Security Policy Using Group Policy
        5. Settings, Templates, Policies, and GPOs
          1. Practice Managing Security Settings
            1. Practice Managing Security Settings
        6. Lesson Summary
        7. Lesson Review
      4. Lesson 3: Managing Software with Group Policy
        1. Understanding Group Policy Software Installation
          1. Windows Installer Packages
          2. Software Deployment Options
            1. Assigning Applications
              1. Assigning Applications
              2. Publishing Applications
        2. Preparing an SDP
        3. Creating a Software Deployment GPO
        4. Managing the Scope of a Software Deployment GPO
        5. Maintaining Applications Deployed with Group Policy
        6. GPSI and Slow Links
        7. Understanding AppLocker
          1. Practice Managing Software with Group Policy
            1. Practice Managing Software with Group Policy
        8. Lesson Summary
        9. Lesson Review
      5. Lesson 4: Implementing an Audit Policy
        1. Audit Policy
        2. Auditing Access to Files and Folders
          1. Specifying Auditing Settings on a File or Folder
          2. Enabling Audit Policy
          3. Evaluating Events in the Security Log
        3. Auditing Directory Service Changes
          1. Enabling Directory Service Changes Auditing
          2. Specifying Auditing Settings for Directory Service Changes
          3. Viewing Audited Events in the Security Log
            1. Practice Implementing an Audit Policy
        4. Lesson Summary
        5. Lesson Review
      6. Chapter Review
      7. Chapter Summary
      8. Key Terms
      9. Case Scenarios
        1. Case Scenario 1: Installing Software with Group Policy Software Installation
        2. Case Scenario 2: Configuring Security
      10. Suggested Practices
        1. Configure Restricted Groups
        2. Manage Security Configuration
      11. Take a Practice Test
    12. 8. Improving the Security of Authentication in an AD DS Domain
      1. Before You Begin
      2. Lesson 1: Configuring Password and Lockout Policies
        1. Understanding Password Policies
        2. Understanding Account Lockout Policies
        3. Configuring the Domain Password and Lockout Policy
        4. Fine-Grained Password and Lockout Policy
        5. Understanding Password Settings Objects
        6. PSO Precedence and Resultant PSO
        7. PSOs and OUs
          1. Practice Configuring Password and Lockout Policies
            1. Practice Configuring Password and Lockout Policies
        8. Lesson Summary
        9. Lesson Review
      3. Lesson 2: Auditing Authentication
        1. Account Logon and Logon Events
        2. Configuring Authentication-Related Audit Policies
        3. Scoping Audit Policies
        4. Viewing Logon Events
          1. Practice Auditing Authentication
            1. Practice Auditing Authentication
        5. Lesson Summary
        6. Lesson Review
      4. Lesson 3: Configuring Read-Only Domain Controllers
        1. Authentication and Domain Controller Placement in a Branch Office
        2. Read-Only Domain Controllers
        3. Deploying an RODC
          1. Verifying and Configuring Forest Functional Level of Windows Server 2003 or Higher
          2. Running ADPrep /RODCPrep
          3. Placing a Writable Windows Server 2008 or Windows Server 2008 R2 Domain Controller
          4. Installing an RODC
        4. Password Replication Policy
          1. Configuring Domain-Wide Password Replication Policy
          2. Configuring RODC-Specific Password Replication Policy
        5. Administering RODC Credentials Caching
        6. Administrative Role Separation
          1. Practice Configuring Read-Only Domain Controllers
            1. Practice Configuring Read-Only Domain Controllers
        7. Lesson Summary
        8. Lesson Review
      5. Lesson 4: Managing Service Accounts
        1. Understanding Managed Accounts
        2. Requirements for Managed Service Accounts
        3. Creating and Configuring a Managed Service Account
        4. Installing and Using a Managed Service Account
        5. Managing Delegation and Passwords
          1. Limitations of Managed Service Accounts
            1. Practice Managing Service Accounts
        6. Lesson Summary
        7. Lesson Review
      6. Chapter Review
      7. Chapter Summary
      8. Key Terms
      9. Case Scenarios
        1. Case Scenario 1: Increasing the Security of Administrative Accounts
        2. Case Scenario 2: Increasing the Security and Reliability of Branch Office Authentication
      10. Suggested Practices
        1. Configure Multiple Password Settings Objects
        2. Recover from a Stolen Read-Only Domain Controller
      11. Take a Practice Test
    13. 9. Integrating Domain Name System with AD DS
      1. Before You Begin
      2. Lesson 1: Understanding and Installing Domain Name System
        1. DNS and IPv6
        2. The Peer Name Resolution Protocol
        3. DNS Structures
        4. The Split-Brain Syndrome
        5. Understanding DNS
        6. Windows Server 2008 R2 DNS Features
        7. Integration with AD DS
        8. New DNS Features in Windows Server 2008 R2
          1. DNS Security Extensions
          2. DNS Cache Locking
          3. DNS Socket Pool
          4. DNS Devolution
            1. Practice Installing the DNS Service
        9. Lesson Summary
        10. Lesson Review
      3. Lesson 2: Configuring and Using Domain Name System
        1. Configuring DNS
          1. Security Considerations for the DNS Server Role
          2. Working with DNS Server Settings
            1. Configuring Scavenging for All Zones
              1. Configuring Scavenging for All Zones
              2. Finalizing FLZ Configuration
              3. Creating a Responsible Person Record
          3. Creating Reverse Lookup Zones
          4. Creating Custom Records
        2. Forwarders vs. Root Hints
        3. Single-Label Name Management
          1. DNS and WINS
        4. DNS and DHCP Considerations
        5. Working with Application Directory Partitions
          1. Creating and Assigning Custom Application Directory Partitions
        6. Administering DNS Servers
          1. Practice Finalizing a DNS Server Configuration in a Forest
            1. Practice Finalizing a DNS Server Configuration in a Forest
        7. Lesson Summary
        8. Lesson Review
      4. Chapter Review
      5. Chapter Summary
      6. Key Terms
      7. Case Scenario
        1. Case Scenario: Blocking Specific DNS Names
      8. Suggested Practices
        1. Work with DNS
      9. Take a Practice Test
    14. 10. Administering Domain Controllers
      1. Before You Begin
      2. Lesson 1: Deploying Domain Controllers
        1. Installing a Domain Controller with the Windows Interface
        2. Unattended Installation Options and Answer Files
        3. Installing a New Windows Server 2008 R2 Forest
        4. Installing Additional Domain Controllers in a Domain
          1. Installing the First Windows Server 2008 R2 Domain Controller in an Existing Forest or Domain
          2. Installing an Additional Domain Controller
        5. Installing a New Windows Server 2008 Child Domain
        6. Installing a New Domain Tree
        7. Staging the Installation of an RODC
          1. Creating the Prestaged Account for the RODC
          2. Attaching a Server to the RODC Account
        8. Installing AD DS from Media
        9. Removing a Domain Controller
          1. Practice Deploying Domain Controllers
            1. Practice Deploying Domain Controllers
        10. Lesson Summary
        11. Lesson Review
      3. Lesson 2: Managing Operations Masters
        1. Understanding Single Master Operations
        2. Forest-Wide Operations Master Roles
          1. Domain Naming Master Role
          2. Schema Master Role
        3. Domain-Wide Operations Master Roles
          1. RID Master Role
          2. Infrastructure Master Role
          3. PDC Emulator Role
        4. Optimizing the Placement of Operations Masters
        5. Identifying Operations Masters
        6. Transferring Operations Master Roles
        7. Recognizing Operations Master Failures
        8. Seizing Operations Master Roles
        9. Returning a Role to Its Original Holder
          1. Practice Transferring Operations Master Roles
            1. Practice Transferring Operations Master Roles
        10. Lesson Summary
        11. Lesson Review
      4. Lesson 3: Configuring DFS Replication of SYSVOL
        1. Raising the Domain Functional Level
        2. Understanding Migration Stages
        3. Migrating SYSVOL Replication to DFS-R
          1. Practice Configuring DFS Replication of SYSVOL
            1. Practice Configuring DFS Replication of SYSVOL
        4. Lesson Summary
        5. Lesson Review
      5. Chapter Review
      6. Chapter Summary
      7. Key Term
      8. Case Scenario
        1. Case Scenario: Upgrading a Domain
      9. Suggested Practices
        1. Upgrade a Windows Server 2003 Domain
      10. Take a Practice Test
    15. 11. Managing Sites and Active Directory Replication
      1. Before You Begin
      2. Lesson 1: Configuring Sites and Subnets
        1. Understanding Sites
          1. Replication Traffic
          2. Service Localization
        2. Planning Sites
          1. Connection Speed
          2. Service Placement
          3. User Population
          4. Summarizing Site Planning Criteria
        3. Creating Sites
        4. Managing Domain Controllers in Sites
        5. Understanding Domain Controller Location
          1. Service Locator Records
          2. Domain Controller Location
          3. Site Coverage
            1. Practice Configuring Sites and Subnets
        6. Lesson Summary
        7. Lesson Review
      3. Lesson 2: Configuring the Global Catalog and Application Directory Partitions
        1. Reviewing Active Directory Partitions
        2. Understanding the Global Catalog
        3. Placing Global Catalog Servers
        4. Configuring a Global Catalog Server
        5. Universal Group Membership Caching
        6. Understanding Application Directory Partitions
          1. Practice Replication and Directory Partitions
            1. Practice Replication and Directory Partitions
        7. Lesson Summary
        8. Lesson Review
      4. Lesson 3: Configuring Replication
        1. Understanding Active Directory Replication
        2. Connection Objects
        3. The Knowledge Consistency Checker
        4. Intrasite Replication
          1. Notification
          2. Polling
        5. Site Links
          1. Replication Transport Protocols
        6. Bridgehead Servers
          1. Preferred Bridgehead Servers
        7. Configuring Intersite Replication
          1. Site Link Transitivity
          2. Site Link Bridges
          3. Site Link Costs
          4. Replication Frequency
          5. Replication Schedules
        8. Monitoring Replication
          1. Repadmin.exe
          2. Dcdiag.exe
            1. Practice Configuring Replication
        9. Lesson Summary
        10. Lesson Review
      5. Chapter Review
      6. Chapter Summary
      7. Key Terms
      8. Case Scenario
        1. Case Scenario: Configuring Sites and Subnets
      9. Suggested Practices
        1. Monitor and Manage Replication
      10. Take a Practice Test
    16. 12. Managing Multiple Domains and Forests
      1. Before You Begin
      2. Lesson 1: Configuring Domain and Forest Functional Levels
        1. Understanding Functional Levels
        2. Domain Functional Levels
          1. Windows 2000 Native
          2. Windows Server 2003
          3. Windows Server 2008
          4. Windows Server 2008 R2
          5. Raising the Domain Functional Level
        3. Forest Functional Levels
          1. Windows 2000
          2. Windows Server 2003
          3. Windows Server 2008
          4. Windows Server 2008 R2
          5. Raising the Forest Functional Level
            1. Practice Raising the Domain and Forest Functional Levels
        4. Lesson Summary
        5. Lesson Review
      3. Lesson 2: Managing Multiple Domains and Trust Relationships
        1. Defining Your Forest and Domain Structure
          1. Dedicated Forest Root Domain
          2. Single-Domain Forest
          3. Multiple-Domain Forests
          4. Multiple Trees
          5. Multiple Forests
        2. Moving Objects Between Domains and Forests
          1. Understanding the Active Directory Migration Tool
          2. Security Identifiers and Migration
          3. Group Membership
          4. Other Migration Concerns
        3. Understanding Trust Relationships
          1. Trust Relationships Within a Domain
          2. Trust Relationships Between Domains
          3. Characteristics of Trust Relationships
        4. How Trusts Work
          1. Authentication Protocols and Trust Relationships
          2. Kerberos Authentication Within a Domain
          3. Kerberos Authentication Across Domains in a Forest
        5. Manual Trusts
          1. Creating Manual Trust Relationships
        6. Shortcut Trusts
          1. External Trusts
          2. Realm Trusts
          3. Forest Trusts
        7. Administering Trusts
        8. Resource Access for Users from Trusted Domains
          1. Domain Quarantine
          2. Authenticated Users
          3. Membership in Domain Local Groups
          4. ACLs
          5. Transitivity
          6. Selective Authentication
            1. Practice Administering a Trust Relationship
        9. Lesson Summary
        10. Lesson Review
      4. Chapter Review
      5. Chapter Summary
      6. Case Scenario
        1. Case Scenario: Managing Multiple Domains and Forests
      7. Suggested Practices
        1. Configure a Forest or Domain
      8. Take a Practice Test
    17. 13. Directory Business Continuity
      1. Before You Begin
      2. Lesson 1: Proactive Directory Maintenance and Data Store Protection
        1. Twelve Categories of AD DS Administration
          1. Using Specops Gpupdate
          2. Using AD DS Administration Tools
        2. Performing Online Maintenance
        3. Performing Offline Maintenance
        4. Relying on Built-in Directory Protection Measures
          1. Protecting AD DS Objects
          2. Auditing Directory Changes
          3. Using the AD Recycle Bin
          4. Restoring Deleted Objects with LDP.exe
          5. Using Quest Object Restore for Active Directory
        5. Relying on Windows Server Backup to Protect the Directory
          1. Working with the System State Only
          2. Creating Installation From Media Data Sets
          3. Performing a Full System Backup
            1. Creating an Interactive Full System Backup with Windows Server Backup
              1. Creating an Interactive Full System Backup with Windows Server Backup
              2. Creating an Interactive Full System Backup with Wbadmin.exe
              3. Scheduling a Backup with Windows Server Backup
              4. Scheduling a Backup with Wbadmin.exe
        6. Performing Proactive Restores
          1. Restarting in DSRM
          2. Identifying the Appropriate Backup Data Set
          3. Performing Nonauthoritative or Authoritative Restores
          4. Restoring from a Complete Backup
            1. Performing a Graphical Full Server Recovery
              1. Performing a Graphical Full Server Recovery
              2. Performing a Command-Line Full Server Recovery
        7. Protecting DCs as Virtual Machines
          1. Practice Working with the AD DS Database
            1. Practice Working with the AD DS Database
        8. Lesson Summary
        9. Lesson Review
      3. Lesson 2: Proactive Directory Performance Management
        1. Managing System Resources
          1. Using Task Manager
          2. Working with Event Viewer
          3. Working with Windows Reliability Monitor
          4. Working with Windows Performance Monitor
          5. Creating Baselines for AD DS and DNS
        2. Working with Windows System Resource Manager
          1. Practice AD DS Performance Analysis
            1. Practice AD DS Performance Analysis
        3. Lesson Summary
        4. Lesson Review
      4. Chapter Review
      5. Chapter Summary
      6. Key Terms
      7. Case Scenario
        1. Case Scenario: Working with Lost and Found Data
      8. Suggested Practices
        1. Practice Proactive Directory Maintenance
      9. Take a Practice Test
    18. 14. Active Directory Lightweight Directory Services
      1. Before You Begin
      2. Lesson 1: Understanding and Installing AD LDS
        1. Understanding AD LDS
        2. AD LDS Scenarios
        3. New AD LDS Features in Windows Server 2008 R2
        4. Installing AD LDS
          1. Identifying AD LDS Requirements
          2. Installing AD LDS on Server Core
            1. Practice Installing AD LDS
        5. Lesson Summary
        6. Lesson Review
      3. Lesson 2: Configuring and Using AD LDS
        1. Working with AD LDS Tools
        2. Creating AD LDS Instances
          1. Preparing for AD LDS Instance Creation
          2. Performing an Unattended AD LDS Instance Creation
          3. Migrating a Previous LDAP Instance to AD LDS
          4. Enabling the AD Recycle Bin in AD LDS
        3. Working with AD LDS Instances
          1. Using ADSI Edit to Work with Instances
          2. Using LDP.exe to Work with Instances
          3. Using the Schema Snap-in to Work with Instances
          4. Using Active Directory Sites And Services to Work with Instances
          5. Using Active Directory Module for Windows PowerShell to Work with Instances
            1. Practice Working with AD LDS Instances
        4. Lesson Summary
        5. Lesson Review
      4. Chapter Review
      5. Chapter Summary
      6. Key Terms
      7. Case Scenario
        1. Case Scenario: Determining AD LDS Instance Prerequisites
      8. Suggested Practices
        1. Work with AD LDS Instances
      9. Take a Practice Test
    19. 15. Active Directory Certificate Services and Public Key Infrastructures
      1. Before You Begin
      2. Lesson 1: Understanding and Installing Active Directory Certificate Services
        1. Understanding AD CS
          1. Stand-alone vs. Enterprise CAs
          2. Creating the CA Hierarchy
          3. Best Practices for AD CS Deployments
          4. Additional Planning Requirements
        2. New AD CS Features in Windows Server 2008 R2
          1. New AD CS Web Services
          2. Enrollment across Forests
          3. High-Volume CAs
        3. Installing AD CS
          1. Preparing for AD CS Installation
            1. Practice Installing a CA Hierarchy
        4. Lesson Summary
        5. Lesson Review
      3. Lesson 2: Configuring and Using Active Directory Certificate Services
        1. Finalizing the Configuration of an Issuing CA
          1. Creating a Revocation Configuration for a CA
          2. Configuring and Personalizing Certificate Templates
        2. Finalizing the Configuration of an Online Responder
          1. Adding a Revocation Configuration for an Online Responder
        3. Considerations for the Use and Management of AD CS
        4. Working with Enterprise PKI
        5. Protecting Your AD CS Configuration
          1. Practice Configuring and Using AD CS
            1. Practice Configuring and Using AD CS
        6. Lesson Summary
        7. Lesson Review
      4. Chapter Review
      5. Chapter Summary
      6. Key Terms
      7. Case Scenario
        1. Case Scenario: Managing Certificate Revocation
      8. Suggested Practices
        1. Work with AD CS
      9. Take a Practice Test
    20. 16. Active Directory Rights Management Services
      1. Before You Begin
      2. Lesson 1: Understanding and Installing Active Directory Rights Management Services
        1. Understanding AD RMS
          1. AD RMS Features
          2. AD RMS Installation Scenarios
        2. Installing Active Directory Rights Management Services
          1. Preparing AD RMS Installation Prerequisites
          2. Understanding AD RMS Certificates
          3. Installation Procedure
          4. Moving AD RMS to Windows Server 2008 R2
          5. Working with Windows PowerShell
            1. Practice Installing AD RMS
        3. Lesson Summary
        4. Lesson Review
      3. Lesson 2: Configuring and Using Active Directory Rights Management Services
        1. Configuring AD RMS
          1. Creating an Extranet URL
          2. Configuring Trust Policies
          3. Exporting the Server Licensor Certificate
          4. Preparing AD RMS Certificates
          5. Preparing Exclusion Policies
          6. Preparing Accounts and Access Rights
          7. Preparing Policy Templates
          8. Working with AD RMS Clients
          9. Managing Databases
            1. Practice Creating a Rights Policy Template
        2. Lesson Summary
        3. Lesson Review
      4. Chapter Review
      5. Chapter Summary
      6. Key Terms
      7. Case Scenario
        1. Case Scenario: Preparing to Work with an External AD RMS Cluster
      8. Suggested Practices
        1. Work with AD RMS
      9. Take a Practice Test
    21. 17. Active Directory Federation Services
      1. The Purpose of a Firewall
      2. Active Directory Federation Services
      3. Before You Begin
      4. Lesson 1: Understanding Active Directory Federation Services
        1. Working with AD FS Designs
        2. Understanding AD FS Components
          1. Understanding AD FS Terminology
          2. Core AD FS Components
          3. The AD FS Attribute Store
          4. The AD FS Configuration Database
          5. Claims
          6. Claim Rules
          7. Understanding AD FS Certificates
          8. AD FS 2.0 vs. AD FS 1.1
        3. Installing Active Directory Federation Services 2.0
          1. AD FS Installation Requirements
            1. Practice Prepare an AD FS Deployment
        4. Lesson Summary
        5. Lesson Review
      5. Lesson 2: Configuring and Using Active Directory Federation Services
        1. Finalizing the Configuration of AD FS
        2. Using and Managing AD FS
          1. Working with Windows PowerShell
          2. Ongoing AD FS 2.0 Administration
            1. Practice Finalizing the AD FS 2.0 Configuration
        3. Lesson Summary
        4. Lesson Review
      6. Chapter Review
      7. Chapter Summary
      8. Key Terms
      9. Case Scenario
        1. Case Scenario: Choosing the Right AD Technology
      10. Suggested Practices
        1. Prepare for AD FS
      11. Take a Practice Test
    22. A. Answers
      1. Chapter 1
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Creating an Active Directory Forest
      2. Chapter 2
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Case Scenario: Managing Organizational Units and Delegation
      3. Chapter 3
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Case Scenario: Import User Accounts
      4. Chapter 4
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Case Scenario: Implementing a Group Strategy
      5. Chapter 5
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Case Scenario 1: Creating Computer Objects and Joining the Domain
        5. Case Scenario 2: Automating the Creation of Computer Objects
      6. Chapter 6
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Case Scenario: Implementing Group Policy
      7. Chapter 7
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Lesson 4
        5. Case Scenario 1: Installing Software with Group Policy Software Installation
        6. Case Scenario 2: Configuring Security
      8. Chapter 8
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Lesson 4
        5. Case Scenario 1: Increasing the Security of Administrative Accounts
        6. Case Scenario 2: Increasing the Security and Reliability of Branch Office Authentication
      9. Chapter 9
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Blocking Specific DNS Names
      10. Chapter 10
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Case Scenario: Upgrading a Domain
      11. Chapter 11
        1. Lesson 1
        2. Lesson 2
        3. Lesson 3
        4. Case Scenario: Configuring Sites and Subnets
      12. Chapter 12
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Managing Multiple Domains and Forests
      13. Chapter 13
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Working with Lost and Found Data
      14. Chapter 14
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Determining AD LDS Instance Prerequisites
      15. Chapter 15
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Managing Certificate Revocation
      16. Chapter 16
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Preparing to Work with an External AD RMS Cluster
      17. Chapter 17
        1. Lesson 1
        2. Lesson 2
        3. Case Scenario: Choosing the Right AD Technology
    23. Index
    24. About the Authors
    25. Copyright