|
Configuring Domain Name System (DNS) for Active
Directory (16 percent)
·
Configure zones.
May include but is not limited to: Dynamic DNS (DDNS),
Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS),
Time to Live (TTL), GlobalNames, Primary, Secondary,
Active Directory Integrated, Stub, SOA, zone scavenging,
forward lookup, reverse lookup
·
Configure DNS server settings.
May include but is not limited to: forwarding, root
hints, configure zone delegation, round robin, disable
recursion, debug logging, server scavenging
·
Configure zone transfers and replication.
May include but is not limited to: configure replication
scope (forestDNSzone, domainDNSzone), incremental zone
transfers, DNS Notify, secure zone transfers, configure
name servers, application directory partitions
Configuring the Active Directory infrastructure (25
percent)
·
Configure a forest or a domain.
May include but is not limited to: remove a domain,
perform an unattended installation, Active Directory
Migration Tool (ADMT) v3 (pruning and grafting), raise
forest and domain functional levels, interoperability
with previous versions of Active Directory, alternate
user principal name (UPN) suffix, forestprep, domainprep
·
Configure trusts.
May include but is not limited to: forest trust,
selective authentication versus forest-wide
authentication, transitive trust, external trust,
shortcut trust, SID filtering
·
Configure sites.
May include but is not limited to: create Active
Directory subnets, configure site links, configure site
link costing, configure sites infrastructure
·
Configure Active Directory replication.
May include but is not limited to: Distributed File
System, one-way replication, bridgehead server,
replication scheduling, configure replication protocols,
force intersite replication
·
Configure the global catalog.
May include but is not limited to: Universal Group
Membership Caching (UGMC), partial attribute set,
promote to global catalog
·
Configure operations masters.
May include but is not limited to: seize and transfer,
backup operations master, operations master placement,
Schema Master, extending the schema, time service
Configuring additional Active Directory server roles (9
percent)
·
Configure Active Directory Lightweight Directory Service
(AD LDS).
May include but is not limited to: migration to AD LDS,
configure data within AD LDS, configure an
authentication server, server core, Windows Server 2008
Hyper-V
·
Configure Active Directory Rights Management Service (AD
RMS).
May include but is not limited to: certificate request
and installation, self-enrollments, delegation, Active
Directory Metadirectory Services (AD MDS), Windows
Server virtualization
·
Configure the read-only domain controller (RODC).
May include but is not limited to: unidirectional
replication, Administrator role separation, read-only
DNS, BitLocker, credential caching, password
replication, syskey, Windows Server virtualization
·
Configure Active Directory Federation Services (AD FS).
May include but is not limited to: install AD FS server
role, exchange certificate with AD FS agents, configure
trust policies, configure user and group claim mapping,
Windows Server virtualization
Creating and maintaining Active Directory objects (24
percent)
·
Automate creation of Active Directory accounts.
May include but is not limited to: bulk import,
configure the UPN, create computer, user, and group
accounts (scripts, import, migration), template
accounts, contacts, distribution lists
·
Maintain Active Directory accounts.
May include but is not limited to: configure group
membership, account resets, delegation, AGDLP/AGGUDLP,
deny domain local group, local versus domain, Protected
Admin, disabling accounts versus deleting accounts,
deprovisioning, contacts, creating organizational units
(OUs), delegation of control
·
Create and apply Group Policy objects (GPOs).
May include but is not limited to: enforce, OU
hierarchy, block inheritance, and enabling user objects,
Group Policy processing priority, WMI, Group Policy
filtering, Group Policy loopback
·
Configure GPO templates.
May include but is not limited to: user rights, ADMX
Central Store, administrative templates, security
templates, restricted groups, security options, starter
GPOs, shell access policies
·
Configure GPO templates.
May include but is not limited to: user rights, ADMX
Central Store, administrative templates, security
templates, restricted groups, security options, starter
GPOs, shell access policies
·
Configure software deployment GPOs.
May include but is not limited to: publishing to users,
assigning software to users, assigning to computers,
software removal
·
Configure account policies.
May include but is not limited to: domain password
policy, account lockout policy, fine-grain password
policies
·
Configure audit policy by using GPOs.
May include but is not limited to: audit logon events,
audit account logon events, audit policy change, audit
access privilege use, audit directory service access,
audit object access
Maintaining the Active Directory environment (13
percent)
·
Configure backup and recovery.
May include but is not limited to: using Windows Server
Backup, backup files and system state data to media,
backup and restore by using removable media, perform an
authoritative or non-authoritative Active Directory
restore, linked value replication, Directory Services
Recovery Mode (DSRM) (reset admin password), back up and
restore GPOs
·
Perform offline maintenance.
May include but is not limited to: offline
defragmentation and compaction, Restartable Active
Directory, Active Directory database storage allocation
·
Monitor Active Directory.
May include but is not limited to: Network Monitor, Task
Manager, Event Viewer, ReplMon, RepAdmin, Windows System
Resource Manager, Reliability and Performance Monitor,
Server Performance Advisor, RSOP
Configuring Active Directory Certificate Services (13
percent)
·
Install Active Directory Certificate Services.
May include but is not limited to: standalone versus
enterprise, CA hierarchies—root versus subordinate,
certificate requests, certificate practice statement
·
Configure CA server settings.
May include but is not limited to: key archival,
certificate database backup and restore, assigning
administration roles
·
Manage certificate templates.
May include but is not limited to: certificate template
types, securing template permissions, managing different
certificate template versions, key recovery agent
·
Manage enrollments.
May include but is not limited to: network device
enrollment service (NDES), autoenrollment, Web
enrollment, smart card enrollment, creating enrollment
agents
·
Manage certificate revocations.
May include but is not limited to: configure Online
Responders, Certificate Revocation List (CRL), CRL
Distribution Point (CDP), Authority Information Access (AIA)
Course Duration - 10 Days
The above course runs over 10 days at our training
centre in Cape Town.
Click here for enquiries |
Candidates
who wish to prepare for the MCTS in Windows Server 2008 Active
Directory Configuration will be focused on achieving skills for the
following work focus:
