Product Cover Image

MCTS 70-640 Cert Guide: Windows Server 2008 Active Directory, Configuring

By Don Poulton

Published by Pearson IT Certification

Published Date: Dec 23, 2010

Description

This is the eBook version of the printed book.

Learn, prepare, and practice for exam success

 

  • Master every topic on Microsoft’s new MCTS 70-640 exam.
  • Assess your knowledge and focus your learning.
  • Get the practical workplace knowledge you need!

 

CD Includes Complete Sample Exam

 

Start-to-finish MCTS 70-640 preparation from top Microsoft technology consultant, trainer, and author Don Poulton!

 

Master every MCTS 70-640 topic!

  • DNS and domain installation, including zones
  • AD Domain Services installation
  • Upgrading older domains
  • Server settings and replication
  • Global catalogs and operations masters
  • Site management and data replication
  • AD LDS, AD FS, and AD RMS roles
  • Read-Only Domain Controller deployment
  • User/group account management
  • Trust relationships, including troubleshooting
  • Group Policy Object configuration, usage, and hierarchies
  • Software deployment via group policies
  • Account and audit policy management
  • Monitoring and maintenance
  • Certificate Services installation, configuration, and management

Test your knowledge, build your confidence, and succeed!

  • Packed with visuals to help you learn fast
  • Dozens of troubleshooting scenarios
  • Real-world MCTS 70-640 prep advice from experts
  • Easy-to-use exam preparation task lists

 

From Don Poulton, professional Microsoft technology consultant, IT training expert, and best-selling exam guide author

Don Poulton (A+, Network+, Security+, MCSA, MCSE) is an independent consultant who has been involved with computers since the days of 80-column punch cards. He has consulted extensively with training providers, preparing training and exam prep materials for Windows technologies. He has written or contributed to several Que titles, including MCTS 70-680 Cert Guide: Microsoft® Windows 7, Configuring; Security+ Lab Manual; and MCSA/MCSE 70-299 Exam Cram 2.

 

CD Includes Complete Sample Exam

  • Detailed explanations of correct and incorrect answers
  • Multiple test modes
  • Random questions and order of answers

 

Shelving Category: Certification/Microsoft

 

 

 

Table of Contents

Introduction 3

    Goals and Methods 3

    How This Book Is Organized 4

    Study and Exam Preparation Tips 7

        Learning Styles 7

        Study Tips 8

        Study Strategies 9

        Pretesting Yourself 10

        Exam Prep Tips 10

    Microsoft 70-640 Exam Topics 12

Chapter 1 Getting Started with Active Directory 17

    The Foundation of Active Directory 17

        X.500 17

        LDAP 18

        Naming Standards of X.500 and LDAP 19

        Distinguished Names 19

        Relative Distinguished Names 20

        User Principal Names 21

        Globally Unique Identifiers 21

        Security Identifiers 21

        Active Directory Canonical Names 22

    The Building Blocks of Active Directory 22

        Namespaces 22

        Objects 23

        Containers 24

        Schemas 24

        Global Catalogs 24

        Partitions 25

    Logical Components of Active Directory 26

        Domains 26

        Trees 27

        Forests 27

        Organizational Units 29

        Sites 30

        Domain Controllers 31

        Global Catalog Servers 31

        Operations Masters 32

    New Features of Active Directory in Windows Server 2008 33

        Server Manager 35

        Adding Roles and Features 36

        Command-Line Server Management 36

        Windows Server 2008 R2 37

    Summary 40

Chapter 2 Installing and Configuring DNS for Active Directory 43

    “Do I Know This Already?” Quiz 43

    The Hierarchical Nature of DNS 48

    Installing DNS on Windows Server 2008 R2 49

    Configuring DNS Zones 51

        DNS Zone Types 52

        Primary Zones 53

        Secondary Zones 53

        Stub Zones 53

        Active Directory—Integrated Zones 53

        GlobalNames Zones 54

        DNS Name Server Roles 55

        Primary Name Server 55

        Secondary Name Server 55

        Caching-Only Server 56

        Forwarders 56

        Creating DNS Zones 57

        Forward Lookup Zones 57

        Reverse Lookup Zones 59

        DNS Resource Records 61

        Configuring DNS Zone Properties 62

        Configuring Zone Types 63

        Adding Authoritative DNS Servers to a Zone 63

        Dynamic, Nondynamic, and Secure Dynamic DNS 64

        Zone Scavenging 65

        Time to Live 66

        Integrating DNS with WINS 68

        Command-Line DNS Server Administration 69

    Review All the Key Topics 71

    Complete the Tables and Lists from Memory 71

    Definitions of Key Terms 71

Chapter 3 Installing Active Directory Domain Services 73

    “Do I Know This Already?” Quiz 73

    Planning the Active Directory Namespace 77

        Subdividing the Active Directory Namespace 77

        Administrative or Geographical Organization of Domains 78

        Use of Multiple Trees 79

        Best Practices 80

    Creating Forests and Domains 81

        Requirements for Installing Active Directory Domain Services 81

        Installing Active Directory Domain Services 82

        New Forests 83

        New Domains in Existing Forests 88

        Existing Domains 89

        Performing Unattended Installations of Active Directory 90

        Server Core Domain Controllers 92

        Removing Active Directory 92

    Interoperability with Previous Versions of Active Directory 93

        Forest and Domain Functional Levels 94

        Upgrading Domain and Forest Functional Levels 95

        The Adprep Utility 96

        Running the Adprep /forestprep Command 96

        Running the Adprep /domainprep Command 97

        Upgrading a Windows Server 2003 Domain Controller 97

    Additional Forest and Domain Configuration Tasks 98

        Verifying the Proper Installation of Active Directory 98

        Active Directory Migration Tool v.3.1 100

        Alternative User Principal Name Suffixes 101

    Review All the Key Topics 103

    Complete the Tables and Lists from Memory 103

    Definitions of Key Terms 104

Chapter 4 Configuring DNS Server Settings and Replication 107

    “Do I Know This Already?” Quiz 107

    Configuring DNS Server Settings 112

        Forwarding 112

        Conditional Forwarders 114

        Root Hints 116

        Configuring Zone Delegation 117

        Debug Logging 119

        Event Logging 121

        DNS Security Extensions 121

        Advanced Server Options 123

        Server Options 123

        Round Robin 124

        Disable Recursion 125

        Name Checking 125

        Loading Zone Data 126

        Server Scavenging 126

        Monitoring DNS 127

    Configuring Zone Transfers and Replication 128

        Replication Scope 128

        Types of Zone Transfers 130

        Full Zone Transfer 130

        Incremental Zone Transfer 131

        Configuring Zone Transfers 132

        Configuring DNS Notify 133

        Secure Zone Transfers 134

        Configuring Name Servers 136

        Application Directory Partitions 138

        Installing and Configuring Application Directory Partitions 138

        Creating Application Directory Partition Replicas 139

        Application Directory Partition Reference Domains 139

    Review All the Key Topics 140

    Complete the Tables and Lists from Memory 140

    Definitions of Key Terms 140

Chapter 5 Global Catalogs and Operations Masters 143

    “Do I Know This Already?” Quiz 143

    Configuring Global Catalog Servers 148

        Planning the Placement of Global Catalog Servers 148

        Promoting Domain Controllers to Global Catalog Servers 150

        Using Universal Group Membership Caching 151

        Using Partial Attribute Sets 152

    Configuring Operations Masters 153

        Schema Master 153

        Configuring the Schema 154

        Extending the Schema 155

        Deactivating Schema Objects 159

        Domain Naming Master 160

        PDC Emulator 160

        Time Service 161

        Infrastructure Master 162

        RID Master 162

        Placement of Operations Masters 163

        Transferring and Seizing of Operations Master Roles 164

        Transferring Operations Master Roles 165

        Seizing Operations Masters Roles 167

    Review All the Key Topics 169

    Complete the Tables and Lists from Memory 169

    Definitions of Key Terms 170

Chapter 6 Configuring Active Directory Sites and Replication 173

    “Do I Know This Already?” Quiz 173

    The Need for Active Directory Sites 178

    Configuring Sites and Subnets 179

        Creating Sites 180

        Adding Domain Controllers 181

        Creating and Using Subnets 182

    Site Links, Site Link Bridges, and Bridgehead Servers 184

        The Need for Site Links and Site Link Bridges 184

        Configuring Site Links 185

        Site Link Bridges 185

        Site Link Costs 186

        Sites Infrastructure 189

        Knowledge Consistency Checker 189

        Intersite Topology Generator 189

    Configuring Active Directory Replication 189

        Concepts of Active Directory Replication 190

        Intersite and Intrasite Replication 191

        Distributed File System 192

        One-Way Replication 193

        Bridgehead Servers 193

        Replication Protocols 194

        Ports Used for Intersite Replication 195

        Replication Scheduling 196

        Intersite Replication Scheduling 196

        Intrasite Replication Scheduling 198

        Forcing Intersite Replication 200

    Review All the Key Topics 201

    Complete the Tables and Lists from Memory 202

    Definitions of Key Terms 202

Chapter 7 Additional Active Directory Roles 205

    “Do I Know This Already?” Quiz 205

    New Server Roles and Features 210

    Active Directory Lightweight Directory Services 211

        Installing AD LDS 213

        Installing the AD LDS Role 213

        Installing AD LDS Instances 214

        Configuring Data Within AD LDS 217

        Using the ADSI Edit Snap-in 217

        Using Ldp.exe 218

        Using the Active Directory Schema Snap-in 220

        Using the Active Directory Sites and Services Snap-in 221

        Migrating to AD LDS 221

        Configuring an Authentication Server 222

        Creating AD LDS User Accounts and Groups 222

        Binding to an AD LDS Instance with an AD LDS User 224

        Using AD LDS on Server Core 224

    Active Directory Rights Management Services 225

        Installing AD RMS 226

        Certificate Request and Installation 228

        Self-Enrollments 230

        Delegation 230

    Active Directory Metadirectory Services 231

        Active Directory Federation Services 231

        Installing the AD FS Server Role 233

        Configuring Trust Policies 236

        User and Group Claim Mapping 237

        Configuring Federation Trusts 238

        Creating Claims 239

        Creating Account Stores 240

        Enabling Applications 241

        Creating Federation Trusts 242

    Windows Server 2008 R2 Virtualization 244

    Review All the Key Topics 247

    Complete the Tables and Lists from Memory 247

    Definitions of Key Terms 248

Chapter 8 Read-Only Domain Controllers 251

    “Do I Know This Already?” Quiz 251

    Installing a Read-Only Domain Controller 254

        Planning the Use of RODCs 254

        Installing RODCs 256

        Prestaging an RODC 257

    Managing a Read-Only Domain Controller 259

        Unidirectional Replication 260

        Administrator Role Separation 261

        Read-Only DNS 262

        BitLocker 263

        Preparing Your Computer to Use BitLocker 265

        Enabling BitLocker 265

        Managing BitLocker 269

        Replication of Passwords 270

        Planning a Password Replication Policy 271

        Configuring a Password Replication Policy 272

        Credential Caching 273

        Administering the RODC’s Authentication Lists 275

        syskey 276

    Review all the Key Topics 278

    Definitions of Key Terms 278

Chapter 9 Active Directory User and Group Accounts 281

    “Do I Know This Already?” Quiz 281

    Creating User and Group Accounts 286

        Introducing User Accounts 286

        Introducing Group Accounts 287

        Creating User, Computer, and Group Accounts 288

        Use of Template Accounts 290

        Using Bulk Import to Automate Account Creation 291

        Csvde 292

        Ldifde 293

        Dsadd 294

        Additional Command-Line Tools 295

        Scripts 296

        Configuring the UPN 296

        UPN Suffixes 296

        Adding or Removing UPN Suffixes 297

        Configuring Contacts 298

        Creating Distribution Lists 299

    Managing and Maintaining Accounts 300

        Creating Organizational Units 301

        Configuring Group Membership 304

        AGDLP/AGUDLP 306

        Account Resets 308

        Deny Domain Local Group 308

        Protected Admin 309

        Local Versus Domain Groups 310

        Deprovisioning Accounts 312

        Delegating Administrative Control of Active Directory Objects 313

    Review All the Key Topics 317

    Complete the Tables and Lists from Memory 318

    Definitions of Key Terms 318

Chapter 10 Trust Relationships in Active Directory 321

    “Do I Know This Already?” Quiz 321

    Types of Trust Relationships 325

        Transitive Trusts 325

        Forest Trusts 326

        External Trusts and Realm Trusts 326

        Shortcut Trusts 327

    Creating and Configuring Trust Relationships 328

        Creating a Forest Trust Relationship 329

        Creating External Trust Relationships 335

        Creating Realm Trust Relationships 336

        Creating Shortcut Trust Relationships 337

    Managing Trust Relationships 338

        Validating Trust Relationships 338

        Authentication Scope 338

        SID Filtering 340

        Removing a Cross-forest Trust Relationship 341

    Review All the Key Topics 343

    Complete the Tables and Lists from Memory 343

    Definitions of Key Terms 343

Chapter 11 Creating and Applying Group Policy Objects 345

    “Do I Know This Already?” Quiz 345

    Overview of Group Policy 351

        Components of Group Policy 351

        Group Policy Containers 352

        Group Policy Templates 352

        New Features of Group Policy in Windows Server 2008 and Windows Server 2008 R2 354

    Creating and Applying GPOs 355

        Managing GPOs 359

        Linking GPOs 360

        Managing GPO Links 361

        Deleting a GPO 362

        Delegating Control of GPOs 362

        Specifying a Domain Controller 365

        Configuring GPO Hierarchy and Processing Priority 365

        OU Hierarchy 367

        Enforced 367

        Block Inheritance 369

        Modifying the Sequence of GPO Application 370

        Disabling User Objects 370

        Group Policy Filtering 371

        Security Filtering of GPOs 371

        Windows Management Instrumentation 374

        Windows PowerShell 374

    Configuring GPO Templates 376

        Group Policy Loopback Processing 377

        User Rights 378

        ADMX Central Store 379

        Administrative Templates 380

        Restricted Groups 384

        Starter GPOs 385

        Shell Access Policies 387

    Review All the Key Topics 389

    Complete the Tables and Lists from Memory 389

    Definitions of Key Terms 390

Chapter 12 Group Policy Software Deployment 393

    “Do I Know This Already?” Quiz 393

    Types of Software Deployment 398

        Assigning and Publishing Software 399

        Assigning Software to Users 399

        Assigning Software to Computers 399

        Publishing Software to Users 399

    Deploying Software Using Group Policy 400

        ZAP Files 402

        Software Installation Properties 403

        Software Package Properties 405

    Upgrading Software 407

        Use of Transform Files to Modify Software Packages 409

        Redeployment of Upgraded Software 411

    Removal of Software 413

    Review All the Key Topics 414

    Complete the Tables and Lists from Memory 414

    Definitions of Key Terms 414

Chapter 13 Account Policies and Audit Policies 417

    “Do I Know This Already?” Quiz 417

    Use of Group Policy to Configure Security 422

        Configuring Account Policies 422

        Domain Password Policies 423

        Account Lockout 426

        Unlocking an Account 427

        Kerberos Policy 428

        Fine-Grained Password Policies 428

        Password Settings Precedence 429

        Configuring Fine-Grained Password Policies 430

        Managing Fine-Grained Password Policies 435

        Viewing the Resultant PSO 435

        Security Options 436

        Using Additional Security Configuration Tools 439

    Auditing of Active Directory Services 441

        New Features of Active Directory Auditing 441

        Using GPOs to Configure Auditing 442

        Available Auditing Categories 442

        Configuring Basic Auditing Policies 443

        Configuring Advanced Audit Policies 446

        Using Auditpol.exe to Configure Auditing 447

    Review All the Key Topics 449

    Complete the Tables and Lists from Memory 450

    Definitions of Key Terms 450

Chapter 14 Monitoring Active Directory 453

    “Do I Know This Already?” Quiz 453

    Tools Used to Monitor Active Directory 459

        Network Monitor 459

        Task Manager 463

        Configuring Application Priority 465

        Event Viewer 466

        Customizing Event Viewer 468

        Customizing Event Viewer Detail 470

        Reliability and Performance Monitor 471

        Resource Monitor 473

        Reliability Monitor 473

        Performance Monitor 476

        Data Collector Sets 479

        Windows System Resource Manager 484

        Server Performance Advisor 486

    Monitoring and Troubleshooting Active Directory Replication 487

        replmon 487

        repadmin 491

        replicate 491

        showmeta 492

        showreps 492

        add 492

        sync 493

        syncall 493

        showconn 493

        replsummary 494

        dcdiag 494

    Troubleshooting the Application of Group Policy Objects 496

        Resultant Set of Policy 496

        Planning Mode/Group Policy Modeling 497

        Logging Mode/Group Policy Results 501

        Using the Delegation of Control Wizard 509

        Gpresult 509

    Review All the Key Topics 512

    Complete the Tables and Lists from Memory 513

    Definitions of Key Terms 513

Chapter 15 Maintaining Active Directory 515

    “Do I Know This Already?” Quiz 515

    Backing Up and Recovering Active Directory 520

        Backup Permissions 521

        Use of Windows Server Backup 521

        Installing Windows Server Backup 521

        Backing Up Critical Volumes of a Domain Controller 522

        The wbadmin Command 525

        Scheduling a Backup 526

        Using Removable Media 527

        Recovering Active Directory 528

        Directory Services Restore Mode 528

        Performing a Nonauthoritative Restore 529

        Using the wbadmin Command to Recover Your Server 534

        Performing an Authoritative Restore 536

        Recovering Back-Links of Authoritatively Restored Objects 537

        Performing a Full Server Recovery of a Domain Controller 538

        Linked-Value Replication and Authoritative Restore of Group Memberships 539

        The Active Directory Recycle Bin 540

        Enabling the Active Directory Recycle Bin 541

        Using the Active Directory Recycle Bin to Restore Deleted Objects 543

        Backing Up and Restoring GPOs 545

        Backing Up GPOs 545

        Restoring GPOs 545

        Importing GPOs 547

        Using Scripts for Group Policy Backup and Restore 548

    Offline Maintenance of Active Directory 549

        Restartable Active Directory 549

        Offline Defragmentation and Compaction 550

        Online Defragmentation 551

        Offline Defragmentation 551

        Active Directory Database Storage Allocation 553

    Review All the Key Topics 555

    Complete the Tables and Lists from Memory 556

    Definitions of Key Terms 556

Chapter 16 Installing and Configuring Certificate Services 559

    “Do I Know This Already?” Quiz 559

    What’s New with Certificate Services in Windows Server 2008? 563

        New Features of Active Directory Certificate Services in Windows Server 2008 R2 564

    Installing Active Directory Certificate Services 565

        Configuring Certificate Authority Types and Hierarchies 565

        Installing Root CAs 567

        Installing Subordinate CAs 571

        Understanding Certificate Requests 571

        Using Certificate Practice Statements 572

    Configuring Certificate Authority Server Settings 573

        Installing the Certificates Snap-in 573

        Working with Certificate Stores 575

        Using Group Policy to Import Certificates 575

        Backing Up Certificates and Keys 576

        Restoring Certificates and Keys 577

        Using Group Policy to Enable Credential Roaming 578

        Backing Up and Restoring Certificate Databases 580

        Assigning Administration Roles 581

        Configuring Certificate Server Permissions 582

    Review All the Key Topics 583

    Complete the Tables and Lists from Memory 584

    Definitions of Key Terms 584

Chapter 17 Managing Certificate Templates, Enrollments, and Certificate Revocation 587

    “Do I Know This Already?” Quiz 587

    Managing Certificate Templates 592

        Understanding Certificate Template Types 592

        Configuring Certificate Templates 593

        Securing Template Permissions 595

        Enabling the Use of Templates 597

        Managing Different Certificate Template Versions 597

        Archiving Keys 599

        Configuring Key Recovery Agents 599

    Managing Certificate Enrollments 602

        Understanding Network Device Enrollment Services 602

        Enabling Certificate Autoenrollment 605

        Configuring Web Enrollment 606

        Configuring Smart Card Enrollment 609

        Creating Enrollment Agents 610

        Using Group Policy to Require Smart Cards for Logon 614

    Managing Certificate Revocation 616

        Configuring Certificate Revocation Lists 617

        Configuring a CRL Distribution Point 619

        Troubleshooting CRLs 620

        Configuring Online Responders 621

        Configuring Responder Properties 622

        Adding a Revocation Configuration 623

        Configuring Arrays 624

        Configuring Authority Information Access 624

    Review All the Key Topics 625

    Complete the Tables and Lists from Memory 626

    Definitions of Key Terms 626

Practice Exam 629

Answers to Practice Exam 691

Appendix A Answers to the “Do I Know This Already?” Quizzes 729

Appendix B Installing Windows Server 2008 R2 763

Glossary 773

Elements Available on CD

Appendix C Memory Tables 3

Appendix D Memory Tables Answer Key 3

TOC, 9780789747082, 11/19/2010

 

Purchase Info

ISBN-10: 0-13-270756-X

ISBN-13: 978-0-13-270756-5

Format: eBook (Watermarked)?

This eBook includes the following formats, accessible from your Account page after purchase:

ePubEPUBThe open industry format known for its reflowable content and usability on supported mobile devices.

MOBIMOBIThe eBook format compatible with the Amazon Kindle and Amazon Kindle applications.

Adobe ReaderPDFThe popular standard, used most often with the free Adobe® Reader® software.

This eBook requires no passwords or activation to read. We customize your eBook by discretely watermarking it with your name, making it uniquely yours.

Includes EPUB, MOBI, and PDF

$47.99 $38.39

Add to Cart