Managing and Maintaining Windows Server 2008 Active Directory Servers Course Number: 6432A Course Length: 2 Days Course Overview This two-day instructor-led course provides students with the knowledge and skills to manage and maintain Windows Server 2008 Active Directory servers. The course focuses on the Active Directory server lifecycle by creating baselines, monitoring the system health, and maintaining security for the Active Directory servers. The course also focuses on managing Active Directory Domain Services (AD DS) and Active Directory service roles. Prerequisites In addition to their professional experience, students who attend this training should have technical knowledge equivalent to the following courses: 6424A: Fundamentals of Windows Server 2008 Active Directory 6425A: Configuring Windows Server 2008 Active Directory Domain Services 6426A: Configuring Identity and Access Solutions with Windows Server 2008 Active Directory 6430A: Planning and Administering Windows Server 2008 Servers Audience This course is intended for Server Administrators who are familiar with Windows Server 2008 and who are, or will be, responsible for the daily management and maintenance of Windows Server 2008 Active Directory servers. It is also intended for IT professionals who could benefit from acquiring the skills required by a Windows Server 2008 Active Directory Server Administrator, such as a Server Administrator who is responsible for network application servers and works closely with the Active Directory Server Administrator, or an Enterprise Administrator who wants to understand the operational requirements of Windows Server 2008 Active Directory servers before designing a network server infrastructure. Course Outline Course Introduction Course Introduction 4m Managing an Active Directory Server Lifecycle Module 1 - Managing an Active Directory Server Lifecycle Lesson 1: Planning an Active Directory Server Deployment Server Deployment Issues: Base Hardware Server Deployment Issues: Edition Differences
Server Deployment Issues: Upgrade vs. Clean Install RODC or Writeable Domain Controller Deployment Deploying Windows Server Core as an Active Directory Server Lesson 2: Using Active Directory Server Deployment Technologies Active Directory Server Deployment: Local Installation Active Directory Server Deployment: Network Installation Active Directory Server Deployment: Windows Deployment Services Installation Active Directory Server Deployment: Installation from Backup Using Systems Management Server (SMS) for Active Directory Deployment Lesson 3: Adding AD DS Server Roles Defining Active Directory Roles Planning for Combining Roles Method Selection Criteria for Adding Server Roles Demo - Installing Roles Using Different Methods to Add Server Roles: Remote Microsoft Management Console (MMC) Using Different Methods to Add Server Roles: Other Remote Access Tools Verifying Server Roles Lesson 4: Removing AD DS Server Roles Removing Server Roles via the GUI Removing Server Roles via the Command-Line Tool Verifying Removed Roles Module 1 Review Module 2 - Creating Baselines for Active Directory Servers Creating Baselines for Active Directory Servers Lesson 1: Baseline Methodologies for Active Directory Servers Planning for Baselines Defining Baseline Server Hardware and Roles Who Decides the Initial Performance Criteria? Review of the Existing History of Microsoft Windows Server 2003 Evaluating Baseline Acceptability Over Time Criteria for Revising Baselines vs. Starting Over Lesson 2: WRPM Overview Reliability Monitor Performance Monitor Essential Objects and Counters (Global) Logging Options Report Options and Formats Lesson 3: Creating Baselines for Active Directory Servers Metrics: AD DS Metrics: AD LDS Metrics: Active Directory Certificate Services (AD CS) Metrics: Active Directory Federation Services (AD FS) Metrics: Active Directory Rights Management Services (AD RMS) Frequency of Measurement Duration of Measurement Demo - WRPM Module 2 Review 54m Module 3 - Monitoring the System Health of the Active Directory Servers 1h 5m
Monitoring the System Health of the Active Directory Servers Lesson 1: Overview of System Health Defining System Health Defining Server Health Defining Active Directory Health Lesson 2: Using Long-Term Monitoring to Identify Trends System Center Operations Manager Features Re-evaluating Performance vs. Baselines Adjusting Baselines Lesson 3: Setting Thresholds and Alerts for Short-Term Monitoring Performance Threshold Basics Creating Alerts and Triggers for Short-Term Monitoring: Informational Alerts Creating Alerts and Triggers for Short-Term Monitoring: Action Alerts Creating Alerts and Triggers for Short-Term Monitoring: Event Log Triggers Setting Action Plans for Alert Situations Lesson 4: Choosing the Appropriate Windows Server 2008 Monitoring Tools Windows Reliability and Performance Monitor: Resource Overview Windows Reliability and Performance Monitor: Performance Monitor Event Viewer Demo - Event Viewer Event Subscriptions and WinRM Services Console Server Manager RSAT PKIView Demo - WRPM Module 3 Review Module 4 - Managing Active Directory Domain Services 1h 18m Managing Active Directory Domain Services Lesson 1: Restarting and Restoring Active Directory Restarting AD DS Without Rebooting Restoring Active Directory Without Entering Directory Service Restore Mode (DSRM): DSAMAIN Lesson 2: Overview of the Flexible Single Master Operations (FSMO) Roles Schema Master RID Master Domain Naming Master Infrastructure Master PDC Emulator Global Catalog Lesson 3: Planning Sites and Replication Creating Sites Default Replication Settings Demo - IntersiteRepl Lesson 4: Managing RODCs Unidirectional Replication Read-Only DNS Multi-RODC Installations Lesson 5: Methods for Managing Windows Server Core Command-Line Tools
Remote-Enabled Administrative Tools Group Policy Lesson 6: Best Practices for GPOs and Links When to Link to Domains, Sites, and Organizational Units GPMC Central Store for ADMX Files Group Policy Troubleshooting Tools Group Policy as an Operating System Service Group Policy Preferences Lesson 7: Delegating Active Directory Administration Active Directory Delegation Demo - Delegation Editing Delegations Delegating Management of an RODC Demo - NTDS Module 4 Review Module 5 - Maintaining Security for Active Directory Servers Maintaining Security for Active Directory Servers Lesson 1: Server Hardening Techniques Manual Hardening Techniques Applying Security Templates Server Organizational Unit Placement ACL Deployment via Group Policy Group Policy Device Restrictions Lesson 2: Using the MBSA to Discover and Remove Security Holes Overview of MBSA Managing Windows Server 2008 Updates Proper Hardening Procedures Lesson 3: Using Fine-Grained Password Policies to Simplify Network Organization Password Policies in Windows Server 2003 Overview of Implementing Fine-Grained Password Policies Password Policy Defaults Managing Effective Passwords Lesson 4: Planning Security Auditing New AD DS Auditing Capabilities Using AUDITPOL.EXE Lesson 5: Enhancing Physical Security RODC and Physical Security RODC and Cached Credentials Physical Security for Writeable Domain Controllers Physical Security for Backups Demo - MBSA Module 5 Review 1h Module 6 - Managing Active Directory Service Roles Managing Active Directory Service Roles Lesson 1: Using Windows Server 2008 Tools for AD CS Benefits of OCSP and Online Responders 46m
Overview of the New Restricted Enrollment Agent Using the New Enterprise PKI Console (PKIView) Group Policy Settings for Certificate Services in Windows Server 2008 Lesson 2: Implementing AD LDS How AD LDS Differs from AD DS Managing an AD LDS Instance Lesson 3: Overview of AD FS AD FS Refresher AD FS Management Console Defining Web-Based Single Sign-On Mode Overview of AD FS Dependent Services New Import/Export Capabilities Lesson 4: Overview of AD RMS AD RMS Refresher New Administrative Groups Overview of AD RMS Dependent Services Demo - LDS Module 6 Review Course Closure Total Duration: 6h 4m