www.it-ebooks.info Exam 70-640: TS: Windows Server 2008 Active Directory, Configuring (2nd Edition) objective Location in book configuring Domain name SyStem (DnS) for active Directory Configure zones. Chapter 9, Lesson 1 Configure DNS server settings. Chapter 9, Lesson 2 Configure zone transfers and replication. Chapter 9, Lesson 2 configuring the active Directory infraStructure Configure a forest or a domain. Chapter 1, Lessons 1, 2 Chapter 10, Lessons 1, 2 Chapter 12, Lessons 1, 2 Configure trusts. Chapter 12, Lesson 2 Configure sites. Chapter 11, Lessons 1, 2 Configure Active Directory replications. Chapter 8, Lesson 3 Chapter 10, Lesson 3 Chapter 11, Lesson 3 Configure the global catalog. Chapter 11, Lesson 2 Configure operations masters. Chapter 10, Lesson 2 configuring aDDitionaL active Directory Server roLeS Configure Active Directory Lightweight Directory Service (AD LDS). Chapter 14, Lessons 1, 2 Configure Active Directory Rights management Service (AD RMS). Chapter 16, Lessons 1, 2 Configure the read-only domain controller (RODC). Chapter 8, Lesson 3 Configure Active Directory Federation Services (AD FS). Chapter 17, Lessons 1, 2 creating anD maintaining active Directory objectS Automate creation of Active Directory accounts. Chapter 3, Lessons 1, 2 Chapter 4, Lessons 1, 2 Chapter 5, Lessons 1, 2 Maintain Active Directory accounts. Chapter 2, Lessons 1, 2, 3 Chapter 3, Lessons 1, 2, 3 Chapter 4, Lessons 1, 2, 3 Chapter 5, Lessons 1, 2, 3 Chapter 8, Lesson 4 Create and apply Group Policy objects (GPOs). Chapter 6, Lessons 1, 2, 3 Configure GPO templates. Chapter 6, Lessons 1, 2, 3 Chapter 7, Lessons 1, 2, 3 Configure software deployment GPOs. Chapter 7, Lesson 3 Configure account policies. Chapter 8, Lesson 1 Configure audit policy by using GPOs. Chapter 7, Lesson 4 Chapter 8, Lesson 2 maintaining the active Directory environment Configure backup and recovery. Chapter 13, Lesson 2 Perform offline maintenance. Chapter 13, Lesson 1 Monitor Active Directory. Chapter 6, Lesson 3 Chapter 11, Lesson 3 Chapter 13, Lesson 1 configuring active Directory certificate ServiceS Install Active Directory Certificate Services. Chapter 15, Lesson 1 Configure CA server settings. Chapter 15, Lesson 2 Manage certificate templates. Chapter 15, Lesson 2 Manage enrollments. Chapter 15, Lesson 2 Manage certificate revocations Chapter 15, Lesson 2 exam objectives The exam objectives listed here are current as of this book’s publication date. Exam objectives are subject to change at any time without prior notice and at Microsoft’s sole discretion. Please visit the Microsoft Learning Web site for the most current listing of exam objectives: http://www.microsoft.com/learning/en/us/ Exam.aspx?ID=70-640. www.it-ebooks.info www.it-ebooks.info MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server 2008 Active ® Directory (2nd Edition) ® Dan Holme Danielle Ruest Nelson Ruest Jason Kellington www.it-ebooks.info PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2011 by Dan Holme, Nelson Ruest, Danielle Ruest, and Jason Kellington All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2011929710 ISBN: 978-0-7356-5193-7 Printed and bound in the United States of America. First Printing Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Book Support at [email protected]. Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/ Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. acquisitions editor: Jeff Koch Developmental editor: Karen Szall Project editor: Rosemary Caperton editorial Production: Tiffany Timmerman, S4Carlisle Publishing Services technical reviewer: Kurt Meyer; Technical Review services provided by Content Master, a member of CM Group, Ltd. copyeditor: Crystal Thomas indexer: Maureen Johnson cover: Twist Creative • Seattle www.it-ebooks.info Contents at a Glance Introduction xxvii chaPter 1 Creating an Active Directory Domain 1 chaPter 2 Administering Active Directory Domain Services 35 chaPter 3 Administering User Accounts 87 chaPter 4 Managing Groups 149 chaPter 5 Configuring Computer Accounts 205 chaPter 6 Implementing a Group Policy Infrastructure 247 chaPter 7 Managing Enterprise Security and Configuration with Group Policy Settings 317 chaPter 8 Improving the Security of Authentication in an AD DS Domain 389 chaPter 9 Integrating Domain Name System with AD DS 439 chaPter 10 Administering Domain Controllers 507 chaPter 11 Managing Sites and Active Directory Replication 557 chaPter 12 Managing Multiple Domains and Forests 605 chaPter 13 Directory Business Continuity 655 chaPter 14 Active Directory Lightweight Directory Services 731 chaPter 15 Active Directory Certificate Services and Public Key Infrastructures 771 chaPter 16 Active Directory Rights Management Services 833 chaPter 17 Active Directory Federation Services 879 Answers 921 Index 963 www.it-ebooks.info www.it-ebooks.info Contents introduction xxvii System Requirements ...........................................xxvii Hardware Requirements xxviii Software Requirements xxix Using the Companion CD ........................................xxx How to Install the Practice Tests xxx How to Use the Practice Tests xxx How to Uninstall the Practice Tests xxxii Acknowledgments .............................................xxxii Support & Feedback ............................................xxxii Errata xxxiii We Want to Hear from You xxxiii Stay in Touch xxxiii chapter 1 creating an active Directory Domain 1 Before You Begin ..................................................2 Lesson 1: Installing Active Directory Domain Services ..................3 Active Directory, Identity and Access 3 Beyond Identity and Access 8 Components of an Active Directory Infrastructure 9 Preparing to Create a New Windows Server 2008 Forest 12 Adding the AD DS Role Using the Windows Interface 12 Creating a Domain Controller 13 Lesson Summary 21 Lesson Review 22 What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit: www.microsoft.com/learning/booksurvey/ vii www.it-ebooks.info Lesson 2: Active Directory Domain Services on Server Core ...........23 Understanding Server Core 23 Installing Server Core 24 Performing Initial Configuration Tasks 25 Server Configuration 26 Adding AD DS to a Server Core Installation 27 Removing Domain Controllers 27 Lesson Summary 30 Lesson Review 30 Chapter Review ..................................................32 Chapter Summary ................................................32 Key Terms .......................................................32 Case Scenario ....................................................33 Case Scenario: Creating an Active Directory Forest 33 Take a Practice Test ...............................................33 chapter 2 administering active Directory Domain Services 35 Before You Begin .................................................35 Lesson 1: Working with Active Directory Snap-ins ....................37 Understanding the Microsoft Management Console 37 Active Directory Administration Tools 39 Finding the Active Directory Administrative Tools 39 Adding the Administrative Tools to Your Start Menu 40 Creating a Custom Console with Active Directory Snap-ins 40 Running Administrative Tools with Alternate Credentials 41 Saving and Distributing a Custom Console 42 Lesson Summary 47 Lesson Review 48 Lesson 2: Creating Objects in Active Directory .......................49 Creating an Organizational Unit 49 Creating a User Object 51 Creating a Group Object 53 Creating a Computer Object 55 Finding Objects in Active Directory 57 viii contents www.it-ebooks.info Understanding DNs, RDNs, and CNs 63 Finding Objects by Using Dsquery 63 Lesson Summary 70 Lesson Review 71 Lesson 3: Delegation and Security of Active Directory Objects .........72 Understanding Delegation 72 Viewing the ACL of an Active Directory Object 73 Property Permissions, Control Access Rights, and Object Permissions 75 Assigning a Permission Using the Advanced Security Settings Dialog Box 76 Understanding and Managing Permissions with Inheritance 76 Delegating Administrative Tasks with the Delegation Of Control Wizard 77 Reporting and Viewing Permissions 78 Removing or Resetting Permissions on an Object 78 Understanding Effective Permissions 79 Designing an OU Structure to Support Delegation 80 Lesson Summary 82 Lesson Review 83 Chapter Review ..................................................84 Chapter Summary ................................................84 Key Terms .......................................................84 Case Scenario ....................................................84 Case Scenario: Managing Organizational Units and Delegation 84 Suggested Practices ..............................................85 Maintain Active Directory Accounts 85 Take a Practice Test ...............................................86 chapter 3 administering user accounts 87 Before You Begin .................................................88 Lesson 1: Automating the Creation of User Accounts .................89 Creating Users with Templates 89 Using Active Directory Command-Line Tools 91 contents ix www.it-ebooks.info
Description: