Exam Objectives Active Directory Objectives Exam 70 640: TS: Windows Server 2008 Active Directory, Configuring This certification exam measures your ability to manage Windows Server 2008 Active Directory roles and features. Before taking the exam, you should be proficient in the skills listed below: # Objective Module.Section 100 Configuring Domain Name System (DNS) for Active Directory (17 percent) 101 Configure zones. Dynamic DNS (DDNS), Non dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS) Time to Live (TTL) GlobalNames Primary, Secondary, Active Directory Integrated, Stub SOA Zone scavenging Forward lookup Reverse lookup 102 Configure DNS server settings. Forwarding Root hints Configure zone delegation Round robin Disable recursion Debug logging Server scavenging 103 Configure zone transfers and replication. Configure replication scope (forestdnszone; domaindnszone) Incremental zone transfers DNS Notify Secure zone transfers Configure name servers Application directory partitions 2.1 2.3 2.4 2.6 2.10 2.6 2.7 2.8 2.3 2.4 2.5 2.9 200 Configuring the Active Directory infrastructure (17 percent) 201 Configure a forest or a domain. Remove a domain 1.22 3.1 3.2
Perform an unattended installation Active Directory Migration Tool (ADMT) Change forest and domain functional levels Interoperability with previous versions of Active Directory Multiple user principal name (UPN) suffixes Forestprep Domainprep 3.3 4.1 202 Configure trusts. Forest trust Selective authentication vs. forest wide authentication Transitive trust External trust Shortcut trust SID filtering 203 Configure sites. Create Active Directory subnets Configure site links Configure site link costing Configure sites infrastructure 204 Configure Active Directory replication. DFSR One way replication Bridgehead server Replication scheduling Configure replication protocols Force intersite replication 205 Configure the global catalog. Universal Group Membership Caching (UGMC) Partial attribute set Promote to global catalog 206 Configure operations masters. Seize and transfer Backup operations master Operations master placement Schema Master Extending the schema Time service 4.5 4.2 4.2 4.3 4.4
300 Configuring Active Directory Roles and Services (14 percent) 301 Configure Active Directory Lightweight Directory Service (AD LDS). Migration to AD LDS Configure data within AD LDS Configure an authentication server Server Core installation 302 Configure Active Directory Rights Management Service (AD RMS). Certificate request and installation Self enrollments Delegation Create RMS templates RMS administrative roles RM Add on for IE 303 Configure the read only domain controller (RODC). Replication Administrator role separation Read only DNS BitLocker Credential caching Password replication Syskey Read only SYSVOL Staged install 304 Configure Active Directory Federation Services (AD FSv2). Install AD FS server role Exchange certificate with AD FS agents Configure trust policies Configure user and group claim mapping Import and export trust policies 8.1 8.3 3.1 5.1 5.2 5.3 5.4 8.2 400 Creating and maintaining Active Directory objects (18 percent) 401 Automate creation of Active Directory accounts. Bulk import Configure the UPN Create computer, user, and group accounts (scripts, import, migration) Template accounts Contacts 1.2 1.3 1.5 1.7
Distribution lists Offline domain join 402 Maintain Active Directory accounts. Manage Computer Accounts Configure group membership Account resets Delegation AGDLP/AGGUDLP Deny domain local group Local vs. domain Protected Admin Disabling accounts vs. deleting accounts Deprovisioning Contacts Creating organizational units (OUs) Delegation of control Protecting AD objects from deletion Managed service accounts 403 Create and apply Group Policy objects (GPOs). Enforce, OU hierarchy, block inheritance, and enabling user objects Group policy processing priority WMI Group policy filtering Group policy loopback Group Policy Preferences (GPP) 404 Configure GPO templates. User rights ADMX Central Store Administrative templates Security templates Restricted groups Security options Starter GPOs Shell access policies 405 Deploy and manage software by using GPOs. Publishing to users Assigning software to users Assigning to computers Software removal 1.1 1.2 1.3 1.4 1.5 1.6 6.1 6.2 6.3 6.1 6.2 6.4 6.5
Software restriction policies AppLocker 406 Configure account policies. Domain password policy Account lockout policy Fine grain password policies 407 Configure audit policy by using GPOs. Audit logon events Audit account logon events Audit policy change Audit access privilege use Audit directory service access Audit object access Advanced audit policies Global object access auditing "Reason for Access" reporting 6.6 6.7 500 Maintaining the Active Directory environment (18 percent) 501 Configure backup and recovery. Using Windows Server Backup Back up files and system state data to media Back up and restore by using removable media Perform an authoritative or non authoritative Active Directory restore Linked value replication Directory Services Recovery Mode (DSRM) Back up and restore GPOs Configure AD recycle bin 502 Perform offline maintenance. Offline defragmentation and compaction Restartable Active Directory Active Directory database mounting tool 503 Monitor Active Directory. Event viewer subscriptions Data collector sets Real time monitoring Analyzing logs WMI queries PowerShell 9.1 9.2 9.3 9.4 9.4
600 Configuring Active Directory Certificate Services (15 percent) 601 Install Active Directory Certificate Services. Certificate authority (CA) types, including standalone, enterprise, root, and subordinate Role services Prepare for multiple forest deployments 602 Configure CA server settings. Key archival Certificate database backup and restore Assigning administration roles High volume CAs Auditing 603 Manage certificate templates. Certificate template types Securing template permissions Managing different certificate template versions Key recovery agent 604 Manage enrollments. Network device enrollment service (NDES) Autoenrollment Web enrollment Extranet enrollment Smart card enrollment Authentication mechanism assurance Creating enrollment agents Deploying multiple forest certificates x.509 certificate mapping 605 Manage certificate revocations. Configure Online Responders Certificate Revocation List (CRL) CRL Distribution Point (CDP) Authority Information Access (AIA) 7.1 7.2 7.6 7.3 7.7 7.3 7.4 7.6 7.7 7.5