Exam Ref 70-742 Identity 7E Prepare for Microsoft Exam 70-742—and help demonstrate Identity with 0x -a your real-world mastery of Windows Server 2016 identity Windows Server 2016 7m features and functionality. Designed for experienced 4 IT professionals ready to advance their status, this Exam Ref 2 R focuses on the critical-thinking and decision-making acumen About the Exam e with Windows needed for success at the MCSA level. f Exam 70-742 focuses on the skills and knowledge necessary to implement Focus on the expertise measured by and configure identity features and Id functionality in Windows Server 2016. e these objectives: n t • Install and configure Active Directory Domain Services i Server 2016 About Microsoft Certification t • Manage and maintain AD DS y • Create and manage Group Policy Passing this exam earns you credit toward w a Microsoft Certified Solutions Associate • Implement Active Directory Certificate Services it (MCSA) certification that demonstrates h • Implement identity federation and access solutions your mastery of core Windows Server W 2016 skills for reducing IT costs and This Microsoft Exam Ref: delivering more business value. in ptg19289508 Exam 70-740 (Installation, Storage, and d • Organizes its coverage by exam objectives Compute with Windows Server 2016) and o Exam 70-741 (Networking with Windows w • Features strategic, what-if scenarios to challenge you Server 2016) are also required for MCSA: s • Assumes you have experience working with Windows Server, Windows Server 2016 certification. S Windows clients, and virtualization; are familiar with core e networking technologies, and are aware of basic security See full details at: rv microsoft.com/learning e best practices r - 2 Exam Ref 70 742 About the Author 0 1 Andrew James Warren has served as 6 subject matter expert for Windows Server 2016 courses, technical lead for Windows 10 courses, and co-developer of TechNet W sessions covering Microsoft Exchange a r r Server. He has 30+ years of IT experience. e n MicrosoftPressStore.com ISBN-13: 978-0-7356-9881-9 U.S.A. $39.99 ISBN-10: 0-7356-9881-3 5 3 9 9 9 Canada $49.99 [Recommended] Andrew Warren 9 780735 698819 Certification/WindowsServer 9780735698819_ExamRef_70-742_Identity_WinServer2016.indd 1 2/21/17 11:56 AM Exam Ref 70-742 Identity with Windows Server 2016 ptg19289508 Andrew Warren Exam Ref 70-742 Identity with Windows Server 2016 Published with the authorization of Microsoft Corporation by: Pearson Education, Inc. Copyright © 2017 by Pearson Education Inc. All rights reserved. Printed in the United States of America. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit www.pearsoned.com/permissions/. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein. ISBN-13: 978-0-7356-9881-9 ISBN-10: 0-7356-9881-3 Library of Congress Control Number: 2016962648 First Printing March 2017 Trademarks Microsoft and the trademarks listed at http://www.microsoft.com on the “Trademarks” webpage are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. Warning and Disclaimer Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The authors, the publisher, and Microsoft Corporation shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information ptg19289508 contained in this book or programs accompanying it. Special Sales For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at [email protected] or (800) 382-3419. For government sales inquiries, please contact [email protected]. For questions about sales outside the U.S., please contact [email protected]. Editor-in-Chief Greg Wiegand Acquisitions Editor Trina MacDonald Development Editor Rick Kughen Managing Editor Sandra Schroeder Senior Project Editor Tracey Croom Editorial Production Ellie Vee Design Copy Editor Christina Rudloff Indexer Julie Grady Proofreader Christina Rudloff Technical Editor Tim Warner Cover Designer Twist Creative, Seattle Contents at a glance Introduction xi Preparing for the exam xv CHAPTER 1 Install and configure Active Directory Domain Services 1 CHAPTER 2 Manage and maintain AD DS 77 CHAPTER 3 Create and manage Group Policy 149 CHAPTER 4 Implement Active Directory Certificate Services 241 CHAPTER 5 Implement identity federation and access solutions 295 Index 347 ptg19289508 This page intentionally left blank ptg19289508 Contents Introduction xi Organization of this book ..........................................xi Microsoft certifications ...........................................xii Acknowledgments ...............................................xii Free ebooks from Microsoft Press ..................................xii Microsoft Virtual Academy ........................................xii Quick access to online references ..................................xiii Errata, updates, & book support ...................................xiii We want to hear from you ........................................xiii Stay in touch ....................................................xiv ptg19289508 Preparing for the exam xv Chapter 1 Install and configure Active Directory Domain Services 1 Skill 1.1: Install and configure domain controllers .....................1 AD DS fundamentals 2 Install a new forest 4 Add or remove a domain controller 9 Install AD DS on a Server Core installation 17 Install a domain controller using Install from Media 18 Install and configure a read-only domain controller 20 Configure a global catalog server 24 Configure domain controller cloning 28 Upgrade domain controllers 33 Transfer and seize operations master roles 36 Resolve DNS SRV record registration issues 41 What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit: https://aka.ms/tellpress v Skill 1.2: Create and manage Active Directory users and computers ....44 Create, copy, configure, and delete users and computers 44 Implement offline domain join 57 Configure user rights 58 Perform bulk Active Directory operations 60 Skill 1.3: Create and manage Active Directory groups and organizational units. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62 Create and manage groups 63 Create and manage OUs 69 Delegate management of Active Directory with groups and OUs 71 Chapter summary ................................................75 Thought experiment ..............................................76 Thought experiment answer .......................................76 Chapter 2 Manage and maintain AD DS 77 ptg19289508 Skill 2.1: Configure service authentication and account policies ........77 Create and configure MSAs and gMSAs 78 Manage SPNs 80 Configure Kerberos Constrained Delegation 82 Configure virtual accounts 82 Configure account policies 83 Configure and apply Password Settings Objects 89 Delegate password settings management 95 Skill 2.2: Maintain Active Directory .................................96 Manage Active Directory offline 96 Active Directory backup and recovery 102 Manage Read Only Domain Controllers 110 Managing AD DS replication 113 Skill 2.3: Configure Active Directory in a complex enterprise environment .................................................120 Configure a multi-domain and multi-forest AD DS infrastructure 120 Deploy Windows Server 2016 domain controllers within a preexisting AD DS environment 121 vi Contents Upgrade existing domains and forests 122 Configure domain and forest functional levels 122 Configure multiple user principal name suffixes 123 Configure trusts 126 Configure AD DS sites and subnets 136 Chapter summary ...............................................145 Thought experiment .............................................146 Thought experiment answers .....................................147 Chapter 3 Create and manage Group Policy 149 Skill 3.1: Create and manage Group Policy Objects ..................149 Configure multiple local Group Policies 150 Overview of domain-based GPOs 156 Manage starter GPOs 162 Configure GPO links 164 Back up, restore, import, and copy GPOs 166 ptg19289508 Create and configure a migration table 170 Reset default GPOs 174 Delegate Group Policy management 174 Detect health issues using the Group Policy Infrastructure Status dashboard 178 Skill 3.2: Configure Group Policy processing ........................179 Configure processing order and precedence 181 Configuring inheritance 182 Configure security filtering and WMI filtering 187 Configure loopback processing 195 Configure and manage slow-link processing and Group Policy caching 197 Configure client-side extension behavior 199 Force a Group Policy update 201 Skill 3.3: Configure Group Policy settings ...........................202 Configure software installation 202 Configure scripts 209 Import security templates 211 Contents vii Configure folder redirection 214 Configure administrative templates 221 Skill 3.4: Configure Group Policy preferences .......................225 Configuring Group Policy preferences 226 Configure item-level targeting 236 Chapter summary ...............................................238 Thought experiment .............................................239 Thought experiment answers .....................................240 Chapter 4 Implement Active Directory Certificate Services 241 Skill 4.1: Install and configure AD CS ...............................241 Choosing between a standalone and an enterprise CA 243 Install standalone CAs 246 Install an AD DS integrated enterprise CA 252 Install offline root and subordinate CAs 253 ptg19289508 Install and configure an Online Responder 266 Implement administrative role separation 269 Configure CA backup and recovery 272 Skill 4.2: Manage certificates ......................................275 Manage certificate templates 275 Implement and manage certificate deployment, validation, and revocation 283 Configure and manage key archival and recovery 288 Chapter summary ...............................................293 Thought experiment .............................................293 Thought experiment answers .....................................294 Chapter 5 Implement identity federation and access solutions 295 Skill 5.1: Install and configure AD FS ...............................295 Examine AD FS requirements 296 Install the AD FS server role 300 Configure the AD FS server role 300 viii Contents Implement claims-based authentication, including relying party trusts 303 Configure authentication policies 310 Implement and configure device registration 313 Configure for use with Microsoft Azure and Microsoft Office 365 316 Configure AD FS to enable authentication of users stored in LDAP directories 317 Upgrade and migrate previous AD FS workloads to Windows Server 2016 318 Skill 5.2: Implement Web Application Proxy ........................319 Install and configure Web Application Proxy 319 Integrate Web Application Proxy with AD FS 322 Implement Web Application Proxy in pass-through mode 326 Publish Remote Desktop Gateway applications 327 Skill 5.3: Install and configure AD RMS .............................330 An AD RMS overview 330 ptg19289508 Deploying an AD RMS server 331 Manage rights policy templates 339 Configure exclusion policies 343 Backup and restore AD RMS 344 Chapter summary ...............................................344 Thought experiment .............................................345 Thought experiment answers .....................................345 Index 347 What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit: https://aka.ms/tellpress Contents ix
Description: