Content and/or textbook subject to change without notice. Pennsylvania College of Technology Workforce Development & Continuing Education Windows Server 2003 Active Directory MST 887 Course Outline Course Description: Textbook: Prerequisites Course Length: This course prepares students for the practical challenges of planning, designing, and implementing Windows Server 2003 Active Directory Services. Hands-on activities are interspersed throughout the course, balancing conceptual material and activities. Topics include: Installing Active Directory; Active Directory Design Philosophy Managing Directory Objects: Users, Groups, and Resources; Security and Protecting the Network; Active Directory Sites, Replication, Maintenance, and Data Recovery; Using Active Directory as a Tool to Enforce Corporate Policy; Interoperability between Active Directory and Other Directories; and Upgrading a Windows NT or Windows 2000 Domain. Windows Server 2003 Active Directory This course is intended for students who have some experience administering and supporting Windows network and directory services. Students should have a background in basic computer concepts and operating systems. 2 days Course Objectives: Course Outline: Active Directory: The Directory Service For Microsoft Windows Networks Introducing Active Directory Active Directory As The Directory Service For The Operating System Active Directory As A Directory Service For Applications Active Directory Is An Application Itself The Power Of Active Directory x:\www.pct.edu\docs\wdce\worddocs\mst887.doc 1 10/9/2012 9:50 AM
Introduction To Multinational Mega Corporation And Heartland Hospital The Building Blocks Of Active Directory Windows Domains Forests And Trees The Active Directory Schema Active Directory Classes, Objects, And Attributes Replication And Partitions Searching And Global Catalog Servers Installing Active Directory Understanding The Domain Name System DNS Structure DNS Names DNS Servers The DNS Name Resolution Process Common Errors And Misconceptions About DNS Using DNS With Active Directory Defining The Namespace Locating Services Resolving Names To IP Addresses Installing Microsoft DNS Server In Windows Server 2003 Installing Active Directory Exploring Available Options In The Active Directory Installation Wizard Gathering The Required Information Running The Active Directory Installation Wizard An Active Directory Design Philosophy Introducing Design Philosophy Ownership Rules A Question Of Trust Making Active Directory Design Decisions Design To Support The Organization s Goals Gaining Executive Sponsorship With Documented Value Designing For The Future And The Present Designing To Support The Delegation Of Authority Designing To Support The Application Of Group Policy Justifying The Design Starting A Design Project Microsoft Solutions Framework (MSF) Microsoft Operations Framework (MOF) The Need For A Vision Practical Active Directory Design Decisions Choosing A DNS Name What Makes A Good DNS Name? Choosing How DNS Names For Internet And Active Directory Will Be Related Best Practices For Choosing A DNS Name x:\www.pct.edu\docs\wdce\worddocs\mst887.doc 2 10/9/2012 9:50 AM
Designing A Forest Characteristics Of A Forest How Many Forests? Understanding And Implementing Trust Relationships Two-Way, Transitive Trusts Shortcut Trusts Explicit Inter-Forest Trusts Designing Domains Functions Of A Domain The Forest Root Domain Is It A Security Boundary? Which Works Better: Single Or Multiple Domains? Using A Dedicated Forest Root Designing Organizational Units Best Practices For Designing OUs Managing Directory Objects: Users, Groups, And Resources Creating And Managing User Objects User Classes, Properties, And Schema Creating Users With Active Directory Users And Computers Setting Additional Attributes Resetting Passwords Creating Users Programmatically Working With Groups Group Types Group Scopes Groups As Member Of Other Groups Creating Groups Changing Groups Creating Resource Objects Shared Folder Printers Other Resources Organizing Objects In The Directory Organizing And Controlling With OUs Moving Objects Between OUs Moving Objects Between Domains Securing And Protecting The Network Security Concepts In Active Directory Security Principals Kerberos Tickets And Access Tokens Discretionary Access Control Lists (DACL) System Access Control Lists (SACL) ACEs That Allow Or Deny Inheritance Groups In Security x:\www.pct.edu\docs\wdce\worddocs\mst887.doc 3 10/9/2012 9:50 AM
Protecting Objects In Active Directory Delegation Of Control Granular Control Protecting Network Resources The NT File System (NTFS) Printers File Shares Registry Keys Other Applications Understanding The User Authentication Process Kerberos Version 5 Kerberos In Action NTLM Authentication Down-Level Client Authentication Two-Factor Authentication Public Key Infrastructure For Authentication With Smart Cards Active Directory Sites Understanding Sites Active Directory Objects Related To Sites Naming Contexts (Partitions) Site Objects Subnet Objects Domain Controllers Bridgehead Servers Connection Objects Global Catalog Planning And Designing Sites Physical Network Site Topology Creating And Managing Sites Assigning Computers To Sites Creating Sites Modifying The Default-First-Site-Name Site Configuring Site Links Configuring Site Link Bridges Active Directory Replication The Replication Process Tracking Replication Replication Timing Replication Topology Active Directory Partitions Intra-Site Replication Inter-Site Replication Replication Updates Replication Conflicts x:\www.pct.edu\docs\wdce\worddocs\mst887.doc 4 10/9/2012 9:50 AM
Managing Active Directory Replication Using Sites Site Links Monitoring Active Directory Replication Operations Masters Schema Master Domain Naming Master RID Master PDC Emulator Infrastructure Master Troubleshooting Active Directory Replication Active Directory Maintenance And Data Recovery Active Directory File Structure NTDS.DIT EDB.LOG EDBXXXX.LOG EDB.CHK RES1.LOG and RES2.LOG TEMP.EDB How Data Is Written To Active Directory Managing Deleted Objects Defragmenting The Database Online Defragmentation Offline Defragmentation Moving The Active Directory Database Backing Up Active Directory Recovering Active Directory Soft Recovery Repairing Active Directory Restoring Active Directory Reinstalling Active Directory Operations Master Roles Changing The Holder Of Operations Master Roles Using Active Directory As A Tool To Enforce Corporate Policy Group Policy Administrative Templates Group Policy Storage Group Policy Application Group Policy Priority Controlling Group Policy Application With Permissions Windows Management Instrumentation Filters Desktop Management With Group Policy Restricting Windows Folder Redirection Scripts x:\www.pct.edu\docs\wdce\worddocs\mst887.doc 5 10/9/2012 9:50 AM
Application Distribution With Group Policy Application Types Maintaining Applications Security Management With Group Policy Account Policies Local Policies Restricted Groups System Services Registry Settings File System Wireless Network Policies IP Security Policies Security Templates Analyzing Security Troubleshooting Group Policy Troubleshooting Tools Interoperability Between Active Directory And Other Directories Lightweight Directory Access Protocol A Common Protocol For Directory Access LDAP And Active Directory LDAP Naming Lightweight Directory Interchange Format Querying Active Directory Using LDAP Active Directory Services Interface A Common Programming Mechanism For Directory Access Administrative Uses For ADSI Microsoft Metadirectory Services Management Agents Active Directory Connector Installing ADC Configuring Connection Agreements Upgrading A Windows NT Or Windows 2000 Domain Active Directory Functionality Levels Windows 2000 Mixed Domains Windows 2000 Native Domains Windows 2003 Interim Domains Windows 2003 Native Domains Windows 2000 Forests Windows 2003 Interim Forests Windows 2003 Forests Upgrading Windows NT Domains Domain Structure Keeping The Existing Domain Structure Creating A New Domain Structure PDC Overloading x:\www.pct.edu\docs\wdce\worddocs\mst887.doc 6 10/9/2012 9:50 AM
Upgrading Windows 2000 Domains Adding Windows Server 2003 Domain Controllers Restructuring Existing Domains x:\www.pct.edu\docs\wdce\worddocs\mst887.doc 7 10/9/2012 9:50 AM