|
Course 6432A: Two days; Instructor-Led Preliminary Course Syllabus
Sign Up Now!
Note: You are viewing a Preliminary Course Syllabus.
This course is not yet available. Because some parts of the course
are currently in development, some elements of this syllabus are subject
to change.
On This Page
Introduction
Elements of this syllabus are subject to change.
This two day instructor led course provides students with the knowledge
and skills to manage and maintain Windows Server 2008 Active Directory
servers. The course focuses on the Active Directory server lifecycle
by creating baselines, monitoring the system health, and maintaining
security for the Active Directory servers. The course also focuses
on managing Active Directory Domain Services and Active Directory service
roles.
Audience
This course is intended for Server Administrators who are familiar
with Microsoft Windows Server 2008 and who are, or will be, responsible
for the daily management and maintenance of Server 2008 Active Directory
servers. It is also intended for IT professionals who could benefit
from acquiring the skills required by a Server 2008 Active Directory
Server Administrator, such as a Server Administrator who is responsible
for Network Application servers and works closely with the Active Directory
Server Administrator, or an Enterprise Administrator who wants to understand
the operational requirements of Server 2008 Active Directory Servers
before designing a network server infrastructure.
At Course Completion
After completing this course, students will be able to:
| • |
Plan and identify different approaches to Active Directory
server deployment. |
| • |
Add and remove the Active Directory Domain Services server
role. |
| • |
Identify strategies for developing, monitoring, and reviewing
baselines. |
| • |
Create baselines for different Active Directory roles with
the appropriate metrics using the Windows Reliability and Performance
Monitor. |
| • |
Create and evaluate a monitoring plan based on business
needs and environments. |
| • |
Determine the health of Active Directory servers using performance
monitoring and event log triggers. |
| • |
Configure effective alerts and responses as well as evaluate
alternative recommendations for Active Directory Domain Services
servers to meet a business goal. |
| • |
Describe and implement the methodology of maintaining Windows
Server Active Directory Domain Services. |
| • |
Perform Active Directory Domain Services maintenance and
administrative tasks. |
| • |
Explain and deploy proven methods to harden the Active Directory
servers. |
| • |
Decide which Server 2008 security features can address a
given business situation. |
| • |
Add server roles to a Windows 2008 network. |
| • |
Deploy and operate an Active Directory Lightweight Directory
Services server role. |
Prerequisites
In addition to their professional experience, students who at tend
this training should have technical knowledge equivalent to the following
courses:
| • |
6424 Fundamentals of Windows Server 2008 Active Directory |
| • |
6425 Configuring Windows Server 2008 AD DS |
| • |
6426 Configuring Identity and Access Solutions with Windows
Server 2008 Active Directory |
| • |
6430 Managing and Maintaining Windows Server 2008 Servers |
Course Outline
Module 1: Managing an Active Directory Server Lifecycle
This module explains how to support and maintain Active Directory
servers to meet changing business requirements in an enterprise environment.
Lessons
| • |
Planning an Active Directory Server Deployment |
| • |
Active Directory Server Deployment Technologies |
| • |
Adding Active Directory Domain Services Server Roles |
| • |
Removing Active Directory Services Server Roles |
Lab: Managing and Maintaining a Windows Server 2008 Domain
Controller
| • |
Evaluating the Need for AD DS Promotion |
| • |
Meeting the Active Directory Need by Adding a Role |
| • |
Managing a Change Request for a RODC by the Using Command
Line |
| • |
Developing a Management and Maintenance Plan |
| • |
Evaluating the Management and Maintenance Plan |
After completing this module, students will be able to:
| • |
Plan an Active Directory server deployment. |
| • |
Identify different approaches to Active Directory server
deployment. |
| • |
Add and remove the AD DS server role with the Server Manager
GUI. |
| • |
Evaluate the need for a new Active Directory role. |
| • |
Develop an ongoing management/maintenance plan. |
Module 2: Creating Baselines for Active Directory Servers
This module explains how to create baselines using the Windows Reliability
and Performance Monitor and through analysis, make decisions to improve
server performance.
Lessons
| • |
Methodologies for Implementing Baselines |
| • |
Using the Windows Reliability and Performance Monitor to
Create Baselines |
| • |
Creating Baselines for Active Directory Servers |
Lab: Creating Baselines for Active Directory Servers
| • |
Involving Users in Baseline Development |
| • |
Choosing Relevant Windows Reliability and Performance Monitor
(WRPM) Counters and Durations |
| • |
Evaluating and Revisiting a Baseline Document in the Face
of Business Changes |
After completing this module, students will be able to:
| • |
Identify strategies for developing, monitoring, and reviewing
baselines. |
| • |
Use the WRPM to create baselines. |
| • |
Create baselines for different Active Directory roles using
the appropriate metrics. |
| • |
Generate ideas for involving users in baseline development. |
| • |
Choose the relevant WRPM counters and durations for an Active
Directory Domain Controller. |
| • |
Explain how to revise an AD DS baseline document in the
face of a doubling of the user community. |
Module 3: Monitoring the System Health of the Active Directory Servers
This module explains how to create and evaluate a monitoring plan
based on business needs and environments. It also explains how to determine
the health of Active Directory servers using performance monitoring
and even log triggers.
Lessons
| • |
Overview of System Health |
| • |
Using Long-Term Monitoring to Identify Trends |
| • |
Setting Thresholds and Alerts for Short-Term Monitoring |
| • |
Choosing the Appropriate Server 2008 Monitoring Tools |
Lab: Monitoring the Active Directory Server Roles
| • |
Setting a Performance Alert to Meet a Business Goal |
| • |
Discussing Alert Response Strategies |
| • |
Building a Case for Configuration Change |
After completing this module, students will be able to:
| • |
Define system health, server health, and Active Directory
health. |
| • |
Define the best procedures to ensure system health and optimal
performance for Active Directory servers. |
| • |
Set thresholds and alerts that are used for short-term monitoring. |
| • |
Describe the Server 2008 monitoring tools and how to decide
when the different tools are appropriate in different business
situations. |
| • |
Set a performance alert using WPRM. |
| • |
Compare the pros and cons of both short-term and long-term
alert response strategies. |
| • |
Explain which Server 2008 tools are available for building
a case for a configuration change based on monitoring results. |
Module 4: Managing Active Directory Domain Services
This module explains how to implement the methodology of maintaining
Windows Server AD DS.
Lessons
| • |
Restarting and Restoring the Active Directory |
| • |
Overview of the Flexible Single Master Operations (FSMO)
Roles |
| • |
Evaluating Sites and Replication |
| • |
Managing Read-Only Domain Controllers (RODCs) |
| • |
Methods of Managing the Server Core |
| • |
Best Practices for Group Policy Objects and Links |
| • |
Delegating the Active Directory Administration |
Lab: Managing the Active Directory Domain Services
| • |
Offline Defragging of the NT Directory Service |
| • |
Evaluating a RODC with Read-Only DNS Solution |
| • |
Making Site Replication Decisions |
| • |
Group Policy Link Strategies |
After completing this module, students will be able to:
| • |
Describe the impact of Server 2008 methods for restarting
Active Directory without rebooting. |
| • |
Restore deleted objects without restarting an AD DS server. |
| • |
Define the FSMO roles and the Global Catalog pseudo-role. |
| • |
Identify the exceptions to the standard Active Directory
design rules. |
| • |
Explain the importance of site definitions and how to optimize
the AD DS replication activity. |
| • |
Explain the functionality of RODCs and the key benefits
with RODCs deployed. |
| • |
Explain the methods of managing Server Core. |
| • |
Identify the best practices for Group Policy objects and
links. |
| • |
State the pros and cons of delegating administration of
Active Directory. |
| • |
Perform an offline defrag of NTDS without rebooting. |
| • |
Evaluate a RODC. |
| • |
Change site replication latency. |
| • |
Propose Group Policy link strategies. |
Module 5: Maintaining Security for Active Directory Servers
This module explains how to deploy proven methods to harden the Active
Directory Servers.
Lessons
| • |
Server Hardening Techniques |
| • |
Using the Microsoft Baseline Security Analyzer to Discover
and Remove Security Holes |
| • |
Using Fine-Grained Password Policies to Simply Network Organization |
| • |
Planning Security Auditing |
| • |
Enhancing Physical Security |
Lab: Maintaining Security for the Active Directory Servers
| • |
Manually Implementing AD DS Server Hardening |
| • |
Assessing Ongoing Security Requirements |
| • |
Deploying Two Fine-Grained Password Policies |
| • |
Using AUDITPOL for Auditing |
After completing this module, students will be able to:
| • |
Describe the techniques used for manual server hardening. |
| • |
Deploy template-based server hardening using Group Policy. |
| • |
Use the MBSA to discover and remove security holes. |
| • |
Explain why you would use fine-grained password policies
and how to maintain them. |
| • |
Describe when to perform security auditing and how to define
a proper security baseline. |
| • |
Explain how to solve physical security problems and the
ramifications of lax security policies. |
| • |
Plan a proper hardening policy for a given scenario. |
| • |
Assess ongoing security requirements with MBSA. |
| • |
Set up two fine-grained password policies. |
| • |
Use AUDITPOL for auditing. |
Module 6: Managing Active Directory Service Roles
This module explains how to add the Service Roles to a Windows 2008
network.
Lessons
| • |
Using Server 2008 Tools for Certificate Services |
| • |
Implementing Lightweight Directory Services |
| • |
Overview of Active Directory Federation Services |
| • |
Overview of Rights Management Services |
Lab: Managing the Active Directory Service Roles
| • |
Installing the AD LDS Role |
| • |
Identifying Ongoing Management Concerns |
| • |
Using Server 2008 Tools for Managing AD LDS |
After completing this module, students will be able to:
| • |
Use the Server 2008 tools to operate Certificate Services. |
| • |
Explain when to use LDS. |
| • |
Describe the deployment steps. |
| • |
Run the LDS using the Server 2008 tools. |
| • |
Identify management concerns with ADFS. |
| • |
Identify management concerns with Rights Management. |
| • |
Deploy an AD LDS instance on a 2008 Server. |
| • |
Identify ongoing management concerns for an Active Directory
role. |
| • |
Use the Server 2008 tools to address specific concerns. |
|
