www.it-ebooks.info Exam 70-640: TS: Windows Server 2008 Active Directory, Conguring (2nd Edition)    Congure zones. Chapter 9, Lesson 1 Congure DNS server settings. Chapter 9, Lesson 2 Congure zone transfers and replication. Chapter 9, Lesson 2  Congure a forest or a domain. Chapter 1, Lessons 1, 2 Chapter 10, Lessons 1, 2 Chapter 12, Lessons 1, 2 Congure trusts. Chapter 12, Lesson 2 Congure sites. Chapter 11, Lessons 1, 2 Congure Active Directory replications. Chapter 8, Lesson 3 Chapter 10, Lesson 3 Chapter 11, Lesson 3 Congure the global catalog. Chapter 11, Lesson 2 Congure operations masters. Chapter 10, Lesson 2  Congure Active Directory Lightweight Directory Service (AD LDS). Chapter 14, Lessons 1, 2 Congure Active Directory Rights management Service (AD RMS). Chapter 16, Lessons 1, 2 Congure the read-only domain controller (RODC). Chapter 8, Lesson 3 Congure Active Directory Federation Services (AD FS). Chapter 17, Lessons 1, 2  Automate creation of Active Directory accounts. Chapter 3, Lessons 1, 2 Chapter 4, Lessons 1, 2 Chapter 5, Lessons 1, 2 Maintain Active Directory accounts. Chapter 2, Lessons 1, 2, 3 Chapter 3, Lessons 1, 2, 3 Chapter 4, Lessons 1, 2, 3 Chapter 5, Lessons 1, 2, 3 Chapter 8, Lesson 4 Create and apply Group Policy objects (GPOs). Chapter 6, Lessons 1, 2, 3 Congure GPO templates. Chapter 6, Lessons 1, 2, 3 Chapter 7, Lessons 1, 2, 3 Congure software deployment GPOs. Chapter 7, Lesson 3 Congure account policies. Chapter 8, Lesson 1 Congure audit policy by using GPOs. Chapter 7, Lesson 4 Chapter 8, Lesson 2  Congure backup and recovery. Chapter 13, Lesson 2 Perform ofine maintenance. Chapter 13, Lesson 1 Monitor Active Directory. Chapter 6, Lesson 3 Chapter 11, Lesson 3 Chapter 13, Lesson 1  Install Active Directory Certicate Services. Chapter 15, Lesson 1 Congure CA server settings. Chapter 15, Lesson 2 Manage certicate templates. Chapter 15, Lesson 2 Manage enrollments. Chapter 15, Lesson 2 Manage certicate revocations Chapter 15, Lesson 2  The exam objectives listed here are current as of this book’s publication date. Exam objectives are subject to change at any time without prior notice and at Microsoft’s sole discretion. Please visit the Microsoft Learning Web site for the most current listing of exam objectives: http://www.microsoft.com/learning/en/us/ Exam.aspx?ID=70-640. www.it-ebooks.info www.it-ebooks.info MCTS Self-Paced Training Kit (Exam 70-640): Conguring Windows Server ® 2008 Active Directory ® (2 nd Edition) Dan Holme Danielle Ruest Nelson Ruest Jason Kellington www.it-ebooks.info PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2011 by Dan Holme, Nelson Ruest, Danielle Ruest, and Jason Kellington All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2011929710 ISBN: 978-0-7356-5193-7 Printed and bound in the United States of America. First Printing Microsoft Press books are available through booksellers and distributors worldwide. If you need support related to this book, email Microsoft Press Book Support at mspinput@microsoft.com. Please tell us what you think of this book at http://www.microsoft.com/learning/booksurvey. Microsoft and the trademarks listed at http://www.microsoft.com/about/legal/en/us/IntellectualProperty/ Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other marks are property of their respective owners. The example companies, organizations, products, domain names, email addresses, logos, people, places, and events depicted herein are ctitious. No association with any real company, organization, product, domain name, email address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book.  Jeff Koch  Karen Szall  Rosemary Caperton  Tiffany Timmerman, S4Carlisle Publishing Services  Kurt Meyer; Technical Review services provided by Content Master, a member of CM Group, Ltd.  Crystal Thomas  Maureen Johnson  Twist Creative • Seattle www.it-ebooks.info Contents at a Glance Introduction xxvii  Creating an Active Directory Domain 1  Administering Active Directory Domain Services 35  Administering User Accounts 87  Managing Groups 149  Conguring Computer Accounts 205  Implementing a Group Policy Infrastructure 247  Managing Enterprise Security and Conguration with Group Policy Settings 317  Improving the Security of Authentication in an AD DS Domain 389  Integrating Domain Name System with AD DS 439  Administering Domain Controllers 507  Managing Sites and Active Directory Replication 557  Managing Multiple Domains and Forests 605  Directory Business Continuity 655  Active Directory Lightweight Directory Services 731  Active Directory Certicate Services and Public Key Infrastructures 771  Active Directory Rights Management Services 833  Active Directory Federation Services 879 Answers 921 Index 963 www.it-ebooks.info www.it-ebooks.info  What do you think of this book? We want to hear from you! Microsoft is interested in hearing your feedback so we can continually improve our books and learning resources for you. To participate in a brief online survey, please visit: www.microsoft.com/learning/booksurvey/ Contents    System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii Hardware Requirements xxviii Software Requirements xxix Using the Companion CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxx How to Install the Practice Tests xxx How to Use the Practice Tests xxx How to Uninstall the Practice Tests xxxii Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii Support & Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxxii Errata xxxiii We Want to Hear from You xxxiii Stay in Touch xxxiii    Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Lesson 1: Installing Active Directory Domain Services . . . . . . . . . . . . . . . . . . 3 Active Directory, Identity and Access 3 Beyond Identity and Access 8 Components of an Active Directory Infrastructure 9 Preparing to Create a New Windows Server 2008 Forest 12 Adding the AD DS Role Using the Windows Interface 12 Creating a Domain Controller 13 Lesson Summary 21 Lesson Review 22 www.it-ebooks.info   Lesson 2: Active Directory Domain Services on Server Core . . . . . . . . . . . 23 Understanding Server Core 23 Installing Server Core 24 Performing Initial Conguration Tasks 25 Server Conguration 26 Adding AD DS to a Server Core Installation 27 Removing Domain Controllers 27 Lesson Summary 30 Lesson Review 30 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Case Scenario: Creating an Active Directory Forest 33 Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33    Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Lesson 1: Working with Active Directory Snap-ins . . . . . . . . . . . . . . . . . . . . 37 Understanding the Microsoft Management Console 37 Active Directory Administration Tools 39 Finding the Active Directory Administrative Tools 39 Adding the Administrative Tools to Your Start Menu 40 Creating a Custom Console with Active Directory Snap-ins 40 Running Administrative Tools with Alternate Credentials 41 Saving and Distributing a Custom Console 42 Lesson Summary 47 Lesson Review 48 Lesson 2: Creating Objects in Active Directory . . . . . . . . . . . . . . . . . . . . . . . 49 Creating an Organizational Unit 49 Creating a User Object 51 Creating a Group Object 53 Creating a Computer Object 55 Finding Objects in Active Directory 57 www.it-ebooks.info  Understanding DNs, RDNs, and CNs 63 Finding Objects by Using Dsquery 63 Lesson Summary 70 Lesson Review 71 Lesson 3: Delegation and Security of Active Directory Objects . . . . . . . . . 72 Understanding Delegation 72 Viewing the ACL of an Active Directory Object 73 Property Permissions, Control Access Rights, and Object Permissions 75 Assigning a Permission Using the Advanced Security Settings Dialog Box 76 Understanding and Managing Permissions with Inheritance 76 Delegating Administrative Tasks with the Delegation Of Control Wizard 77 Reporting and Viewing Permissions 78 Removing or Resetting Permissions on an Object 78 Understanding Effective Permissions 79 Designing an OU Structure to Support Delegation 80 Lesson Summary 82 Lesson Review 83 Chapter Review . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Chapter Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Key Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Case Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Case Scenario: Managing Organizational Units and Delegation 84 Suggested Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Maintain Active Directory Accounts 85 Take a Practice Test . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86    Before You Begin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Lesson 1: Automating the Creation of User Accounts . . . . . . . . . . . . . . . . . 89 Creating Users with Templates 89 Using Active Directory Command-Line Tools 91 www.it-ebooks.info [...]... is available at http://www.microsoft.com/learning/ en/us /exam. aspx?ID =70-640& locale=en-us#tab2 By using this training kit, you will learn how to do the following: n Deploy Active Directory Domain Services, Active Directory Lightweight Directory Services, Active Directory Certificate Services, Active Directory Federation Services, and Active Directory Rights Management Services in a forest or domain... professionals who support or plan to support Microsoft Active Directory (AD) on Windows Server 2008 R2 and who also plan to take the Microsoft Certified Technology Specialist (MCTS) 70-640 examination It is assumed that you have a solid foundation-level understanding of Microsoft Windows client and server operating systems and common Internet technologies The MCTS exam, and this book, assume that you have at... with Windows PowerShell and Active Directory Administrative Center 102 Introducing Windows PowerShell 102 Preparing to Administer Active Directory Using Windows PowerShell 103 cmdlets 105 Parameters 107 Get-Help 107 Objects 108 Variables 108 Pipeline 109 Aliases 111 Namespaces, Providers, and PSDrives 112 The Active Directory PowerShell Provider 113 Creating a User with Windows. .. 16 Active Directory Rights Management Services 833 Before You Begin 835 Lesson 1: Understanding and Installing Active Directory Rights Management Services 837 Understanding AD RMS 837 Installing Active Directory Rights Management Services 844 Lesson Summary 860 Lesson Review 860 Lesson 2: Configuring and Using Active Directory. .. DNS 452 Windows Server 2008 R2 DNS Features 459 Integration with AD DS 461 New DNS Features in Windows Server 2008 R2 463 Lesson Summary 478 Lesson Review 478 Lesson 2: Configuring and Using Domain Name System 480 Configuring DNS 480 Forwarders vs Root Hints 488 Single-Label Name Management 490 DNS and DHCP Considerations 492 Working with Application Directory. .. Lesson 2: Configuring the Global Catalog and Application Directory Partitions 572 Reviewing Active Directory Partitions 572 Understanding the Global Catalog 573 Placing Global Catalog Servers 573 Configuring a Global Catalog Server 574 Universal Group Membership Caching 574 Understanding Application Directory Partitions 576 Lesson Summary 579 Lesson Review 579 Lesson 3: Configuring. .. computers Hardware Requirements You can perform exercises on physical computers Each computer must meet the minimum hardware requirements for Windows Server 2008 R2, published at http://www.microsoft com/windowsserver2008/en/us/system-requirements.aspx Windows Server 2008 R2 can run comfortably with 512 megabytes (MB) of memory in small test environments such as the sample contoso.com domain However, when... Although Windows Server 2008 R2 Standard edition is sufficient for most chapters, later chapters require the Enterprise edition, and we recommend installing that edition when setting up servers for Chapters 14 through 17 To minimize the time and expense of configuring the several computers required for this training kit, it’s recommended that you create virtual machines by using Hyper-V—a feature of Windows. .. then click Microsoft Press Training Kit Exam Prep A window appears that shows all the Microsoft Press training kit exam prep suites installed on your computer 2 Double-click the lesson review or practice test you want to use xxx Introduction www.it-ebooks.info Note  Lesson reviews vs practice tests Select the (70-640) TS: Windows Server 2008 Active Directory, Configuring lesson review to use the questions... Active Directory, Configuring lesson review to use the questions from the “Lesson Review” sections of this book Select the (70-640) TS: Windows Server 2008 Active Directory, Configuring practice test to use a pool of 200 questions similar to those that appear on the 70-640 certification exam Lesson Review Options When you start a lesson review, the Custom Mode dialog box appears so that you can configure . www.it-ebooks.info Exam 70-640: TS: Windows Server 2008 Active Directory, Conguring (2nd Edition)    Congure. listing of exam objectives: http://www.microsoft.com/learning/en/us/ Exam. aspx?ID =70-640. www.it-ebooks.info www.it-ebooks.info MCTS Self-Paced Training Kit (Exam 70-640) : Conguring Windows Server. Sites and Active Directory Replication 557  Managing Multiple Domains and Forests 605  Directory Business Continuity 655  Active Directory Lightweight Directory