Transcription
MCTS 70-640 Cert Guide:Windows Server 2008 ActiveDirectory, ConfiguringDon PoultonPearson800 East 96th StreetIndianapolis, Indiana 46240 USA
ivMCTS 70-640 Cert Guide: Windows Server 2008 ActiveDirectory, ConfiguringTable of ContentsIntroduction3Goals and MethodsHow This Book IsStudy and3Preparation TipsExam8Study Tips9Study StrategiesPretesting YourselfPrep Tips1010Microsoft 70-640 ExamChapter1TopicsStarted with ActiveGettingThe Foundation of ActiveX.S0077Learning NamingStandards of X.500 and LDAPDistinguish ed NamesRelativeUserDistinguished NamesThe21Blocks of Schemas2424Global CatalogsPartitionsDomainsTrees2425Logical Componentsof Active2627Forests27Organizational UnitsSites21Canonical NamesDirectoryBuilding2021Globally Unique IdentifiersSecurity Identifiers1919Principal NamesActive172930Domain Controllers31Directory26
VGlobal Catalog ServersOperationsMasters32New Features of ActiveServer Manager31Directoryin Windows Server 2008Adding Roles and Features36Command-Line Server ManagementWindows Server 2008 R2Chapter2Summary40Installingand3637Configuring DNS for Active Directory"Do I Know ThisAlready?" Quiz43The Hierarchical Nature of DNS48Installing DNSConfiguringonWindows Server 2008 R2DNS ZonesDNS ZoneActive51S3Secondary ZonesStub Zones53S3ZonesDirectory-IntegratedGkbalNames ZonesPrimary Name ServerCaching-OnlyServerReverse555656Creating DNSForward5555Name ServerForwarders5354DNS Name Server RolesSecondaryZonesLookupLookup57ZonesZones5759DNS Resource RecordsConfiguringDNS ZoneConfiguring Zone Types61PropertiesDynamic, Nondynamic,ZoneScavengingTimeto6263Adding Authoritative DNS ServersLive4952TypesZonesPrimaryand Secureto aZone63Dynamic DNS646566Integrating DNS with WINS68Command-Line DNS Server AdministrationReview All the3335Key Topics716943
MCTS 70-640 Cert Guide: Windows Server 2008 Activethe Tables and Lists fromCompleteDefinitions ofChapter3Key Terms"Do I Know est Practices7373Directory Namespacethe Active71Domain ServicesAlready?" Quizthe ActiveMemory71Installing Active DirectoryPlanningDirectory, Configuring7777Directory NamespaceGeographical Organization of Domains787980Creating Forestsand Domains81Requirements for Installing Active Directory Domain ServicesInstalling Active Directory DomainNew ForestsExistingExisting DomainsForests8889Unattended Installations of ActiveServer Core Domain ControllersRemoving8283New Domains ility with Previous Versions of ActiveForest and Domain Functional LevelsUpgradingUtility94Running96Runningthe Adprep I domainprep Command97Server 2003 Domain ControllerAdditional Forest and DomainConfiguration Tasksv.3.1CompleteKey ady?" QuizDNS ServerSettings112Conditional ForwardersMemory103104DNS Server"Do I Know This101103the Tables and Lists fromDefinitions of Key Terms98100Alternative User Principal Name SuffixesReview All the9798Proper Installation of Active DirectoryActive Directory Migration Tool495the Adprep I farestprep CommandVerifying the9396Upgrading a WindowsChapterDirectoryDomain and Forest Functional LevelsThe Adprep90Directory114and107112Replication107
viiRoot Hints116ZoneConfiguringD tensions121Options123ServerServer Options123Round Robin124Disable RecursionName125125CheckingLoadingZone Data126Server Scavenging126DNS127MonitoringConfiguringZone Transfers andTypes of Zone TransfersTransferlncre?nental Zone130131TransferConfiguring DNS NotifySecure Zone Transfers132133134Name ServersApplication DirectoryInstalling and136Partitions138PartitionApplication Directory Partition ReferenceCompleteChapter5GlobalKey TopicsKey TermsCatalogs"Do I Know Catalog Serversof GlobalDomain Controllersto148CatalogServersGlobal CatalogUsing Universal Group Membership CachingUsing Partial139MemoryOperationsPlanning the Placement139140Already?" QuizGlobalReplicas138140the Tables and Lists fromDefinitions ofPartitionsConfiguring Application DirectoryCreatingApplication DirectoryReview All the128130Configuring Zone TransfersConfiguringReplication128Replication ScopeFull Zone117DelegationAttribute Sets152148Servers151150
MOTS 70-640 Cert Guide: Windows Server 2008 Active Directory, ConfiguringMastersConfiguring OperationsSchema Masterthe SchemaConfiguring154Extending the SchemaSchemaDeactivatingDomain155159ObjectsNaming Master160160PDC EmulatorTime Service153153161Infrastructure MasterRID Master162162Placement ofTransferringMastersOperationsandof Operations Master RolesSeizingTransferring OperationsMaster RolesSeizing Operations Masters RolesReview All theCompleteKey Topics6ConfiguringActive"Do I Know ThisDirectorySites andSites and Subnets178180Creating and Using Subnets182Links,Site LinkBridges,andBridgehead ServersThe Need for Site Links and Site LinkConfiguring Site LinksSite Link BridgesSite Link Costs185186189Knowledge eGenerator189189Directory Replicationof ActiveReplicationSystemOne-Way Replication189Directory ReplicationIntersite and IntrasiteDistributed FileBridges185Sites D omain ControllersAdding169Memory170Already?" QuizCreating Sites165167The Need for Active Directory SitesConfiguring164169the Tables and Lists fromDefinitions of Key TermsChapter163192193191190184184
ixBridgehead ServersReplication193Protocols194Ports Used for Intersite ReplicationReplication SchedulingIntersite196Replication SchedulingIntrasite ReplicationDefinitions of7Key Topics200201TermsKeyAdditional Active"Do I Know ThisMemoryDirectoryRolesAlready?" Quiz205205210Directory Lightweight DirectoryInstallingAD LDSInstalling ADConfiguringServicesLDS Instances213214Data Within AD LDSUsing the ADSI EditSnap-in217217218UsingLdp.exeUsing the Active DirectorySchemaUsing the Active DirectorySites and ServicesMigratingto AD LDSConfiguringanSnap-in220Snap-intoanUsing ADActiveAD LDS Instance -withLDSServer Coreon222InstallingAD LDS Directory MetadirectoryDirectory FederationInstalling the ADGroupServicesServicesFS Server RoleConfiguring TrustUser and225226Certificate Request and InstallationActive222Directory Rights Management ServicesAD RMSPoliciesClaim221221Authentication ServerCreating AD LDS User Accounts and GroupsBinding211213the AD LDS RoleInstalling202202New Server Roles and FeaturesActive198the Tables and Lists fromCompleteChapter196SchedulingForcing Intersite ReplicationReview All the1952312 33236Mapping237231224
xMOTS 70-640 Cert Guide: Windows Server 2008 Active Directory,Federation TrustsConfiguringCreating Claims238239Creating Account StoresEnabling ApplicationsCreating240241Federation Trusts242Windows Server 2008 R2 VirtualizationReview M theChapter8Keyand Lists fromTerms251251Already?" QuizRead-Only Domain ControllerPlanning theInstallingUse of ead-Only r RoleSeparation261262263YourComputer toEnabling BitLockerManaging BitLockerReplicationPlanning aUse BitLocker269of Passwordsa270AdministeringPolicyPassword ReplicationCredential Caching265265Password ReplicationConfiguringsyskey254Read-Only Domain ControllerManaging a271Policy2 72213the RODCs Authentication ListsKey TopicsDefinitions of Key Terms278278Active Directory User and Group Accounts"Do I Know ThisCreating275276Review ail theChapter 9248"Do I Know ThisInstalling247MemoryRead-Only Domain Controllersa244247Key TopicsComplete the TablesDefinitions ofConfiguringAlready?" QuizUser and281Group AccountsIntroducing User AccountsIntroducing Group2862 86AccountsCreating User, Computer,281and287GroupAccounts288
xiUse of Template AccountsUsing BulkImport290Automate Account Creationto292CsvdeLdifde293294DsaddAdditional Command-Line TookScripts296UPN SuffixesRemovingorConfiguring296.the UPNUPN ing DistributionLists299Managing and Maintaining AccountsCreatingOrganizational UnitsAGDLP/AGUDLPAccount ResetsProtected Admin306GroupGroupsDeprovisioning Accounts321325325326External Trusts and Realm TrustsShortcut TrustsCreatingandCreatinga326327Configuring Trust RelationshipsForest TrustCreating ExternalCreating RealmCreating318321DirectoryAlready? "QuizForest TrustsMemory318of Trust RelationshipsTransitive TrustsDirectory Objects317in ActiveRelationships"Do I Know ThisTypesControl of Activethe Tables and Lists fromDefinitions of Key TermsTrust310312Delegating AdministrativeReview All the Key Topics10308309Local Versus DomainChapter304308Domain LocalComplete300301Configuring Group MembershipDeny291RelationshipTrust RelationshipsTrustRelationshipsShortcut Trust Relationships329335336337328313
xiiMCTS 70-640 Cert Guide: Windows Server 2008 Active Directory,Managing Trust RelationshipsValidatingAuthentication ScopeSIDFilteringRemoving340Key TopicsDefinitions of Key TermsCreatingand343351Components of Group PolicyGroup PolicyContainersGroup Policy TemplatesNew Features of352Group Policy in WindowsLinkingGPOsGPOs359Deleting aGPOControlof GPOsGPOOVHierarchyControllerHierarchyProcessing Priority369Sequence of GPO ApplicationUser370Objects371Group Policy FilteringSecurity Filtering of GPOs371Management InstrumentationWindows PvmerShellConfiguring365and367Modifying theWindows362361Block InheritanceDisabling361362Specifying a DomainEnforced355360GPO LinksConfiguringGPOTemplates376Rights378ADMX Central Store3 74374Group Policy Loopback ProcessingUserServer 2008 and354GPOsManagingDelegating351352Windows Server 2008 R2Creating and Applying345345Already?" QuizGroup PolicyManaging343MemoryApplying Group Policy Objects"Do I Know ThisOverview of341Relationship343the Tables and Lists fromComplete11338338Cross-forest TrustaReview All istrative Templates3803773 70365
xiiiRestricted3 84GroupsStarter GPOs385Shell Access PoliciesReview All theCompleteChapter12387Definitions ofKey TermsGroup PolicySoftware"Do I Know ThisTypes38 9Key Topicsthe Tables and Lists from390DeploymentAlready?" Quizof SoftwareDeploymentAssigning and Publishing393393398SoftwareAssigning SoftwaretoUsersAssigning SoftwaretoComputersPublishing Software399399to Users399399Deploying Software Using Group PolicyZAP Files407Use of Transform FilesRedeploymentof13Account"Do I Know ThisUse ofTermsPolicies414Already?" QuiztoConfiguring Account PoliciesUnlockingKerberosan41742242342 7428Fine-Grained Password PoliciesPassword Settings Precedence428429Configuring Fine-Grained Password PoliciesManaging Fine-Grained Password PoliciesViewing the422426AccountPolicy417Configure SecurityDomain Password PoliciesAccount Lockout414Memory414and Audit PoliciesGroup Policy411413Key TopicsKeySoftware PackagesSoftwarethe Tables and Lists fromD efinitions ofChapterModifytoUpgradedRemoval of SoftwareReview All the403405Package PropertiesUpgrading SoftwareComplete400402Software Installation PropertiesSoftware389MemoryResultant PSO43543043 J409
MCTS 70-640 Cert Guide: Windows Server 2008 ActiveDirectory, Configuring436Security OptionsUsing Additional Security Configuration ToolsAuditing of Active Directory ServicesNew Features of ActiveUsingGPOsDirectory AuditingConfiguring Basic Auditing Policies443Configuring Advanced Audit PoliciesUsing Auditpol. exeComplete14Configure AuditingKey Terms"Do I Know ThisTools Usedto453453Already?" QuizMonitor ActiveDirectory 459459463ManagerConfiguring Application PriorityEvent ViewerCustomizingViewer DetailPerformance MonitorData Collector Setsreplmon476479System Resource c492493syncall484486and Troubleshooting Active Directory Replicationrepadminadd471473Server Performance AdvisorMonitoring470473MonitorWindows468and Performance MonitorResource MonitorReliability465466Event ViewerCustomizing EventReliability450450DirectoryNetwork Monitor447449Key TopicsActiveMonitoringTask446the Tables and Lists from MemoryDefinitions ofChapterto441442442Available Auditing CategoriesReview All the441Configure Auditingto439493
gtheApplicationResultant Set of PolicyofGroup Policy Objects497Planning Mode/Group Policy ModelingLogging Mode/Group Policy ResultsUsingthe Delegation15512Key TopicsKey TermsActiveMaintaining"Do I Know ThisBacking UpBackup509Wizardthe Tables and Lists fromDefinitions ofChapterof Control501509GpresultReview All theCompleteandInstalling515515Already?" QuizActiveRecoveringDirectoryWindows ServerThe wbadmin Command521521BackupUsing Removable Mediathe527Services Restore ModePerforming anRecoveringPerforming a FullThe Active528CommandtoRecover Your ServerServerRecovery ofaDirectory Recycle BinBacking UpandDirectory RecycleRestoringGPOsImportingGPOs538of Group Memberships540BinBinRestoring GPOsBacking Up GPOs537Domain ControllerReplication and Authoritative Restorethe Active534536ofAuthoritatively Restored ObjectsEnabling the Active Directory RecycleUsing529Authoritative RestoreBack-LinksLinked-Value528Nonauthoritative Restorewbadmin522525Recovering Active DirectoryaController526Scheduling a BackupPerforming520521Backing Up Critical Volumes ofa DomainDirectory513513DirectoryPermissionsMemoryUse of Windows Server BackupUsing496496to541Restore Deleted545545545547Using Scripts for Group Policy Backup and Restore548Objects543539
MOTS 70-640 Cert Guide: Windows Server 2008 Active Directory,Offline Maintenance of ActiveRestartable Active549DirectoryDirectory 549Offline Defragmentation and CompactionOnline Defragmentation551Offline Defragmentation551ActiveDirectoryReview All theDefinitions figuring Certificate"Do I Know This553555Key TopicsTerms550AllocationStoragethe Tables and Lists fromCompleteConfiguringAlready?" QuizServices559559What's New with Certificate Services in Windows Server 2008?New Features of ActiveInstalling Active DirectoryConfiguringCertificate ServicesCAsCertificate571Requests571Certificate Practice StatementsConfiguringInstallingthe CertificatesWorking with CertificateUsing Group PolicyRestoring CertificatesUsing Group able CredentialRoamingCertificate DatabasesAdministration Roles581Configuring Certificate Server PermissionsReview All theCompleteKey TopicsChapter17ManagingCertificateMemory5845 84Templates, Enrollments,and Certificate Revocation"Do I Know This582583the Tables and Lists fromDefinitions of Key Terms575576KeysRestoring587Already?" QuizManaging Certificate Templates573573Import CertificatestoBacking Up CertificatesAssigning572Certificate Authority ServerBacking Up565567Subordinate CAsUnderstandingUsing564Certificate Authority Types and HierarchiesInstalling RootInstallingCertificate Services inDirectoryWindows Server 2008 R2587592578580565
xviiUnderstanding Certificate Template TypesConfiguringCertificateSecuring TemplateEnablingthe UseTemplatesPermissions592593595591of TemplatesManaging Different Certificate Template VersionsArchiving KeysConfiguring Key Recovery AgentsManaging Certificate Enrollments599602Understanding Network Device EnrollmentCertificate AutoenrollmentEnablingConfiguring Web EnrollmentConfiguringtoRequireConfiguringSmart Cards forTroubleshootingConfiguringCRLsOnlineRevocation ListsRevocationConfiguring ey TopicsKey TermsPractice Exam62462 5the Tables and Lists fromDefinitions of617619Configuring Authority Information AccessReview All the614620Configuring Responder PropertiesAdding aLogon616CPJL Distribution Pointa609610Certificate RevocationConfiguring CertificateMemory626626629Answers to Practice Exam691AppendixAAnswers to the "Do I Know This Already?" QuizzesAppendixBInstallingWindows Server 2008 R2773GlossaryIndexElements Available796onCDAppendixCMemory TablesAppendixDMemory Tables602605Smart Card EnrollmentUsing Group PolicyServices606Creating Enrollment AgentsManaging5975993AnswerKey3763729
iv MCTS70-640 CertGuide: WindowsServer 2008Active Directory, Configuring Table of Contents Introduction 3 GoalsandMethods 3 HowThisBookIs Organized 4 StudyandExam PreparationTips 7 LearningStyles 7 StudyTips 8 Study Strategies 9 Pretesting Yourself 10 ExamPrepTips 10 Microsoft 70-640ExamTopics 12 Chapter1 Getting StartedwithActiveDirectory 17 TheFoundationofActive Directory 17 X.S00 17
