Server

Floating Topic
Introducing Active Directory Domain Services
1. Information protection
2. CIA: Confidentiality ,Integrity ,Availability
3. Identity and Access
4. Authentication
  1. Authentication is the process that verifies a user's identity
  2. Credentials :At least two components required
    1. User name
    2. Secret , for example, password
5. Authorization
  1. Resource
  2. Access Request
  3. Security Token
6. Active Directory Domains: Trusted Identity Store
  1. Centralized identity store trusted by all domain members
  2. Centralized authentication service
  3. Hosted by a server performing the role of an AD DS domain controller
7. Active Directory as a Database
8. Active Directory Data Store
Administering Active Directory Securely and Efficiently
1. Lesson1 :Work with Active Directory Administration Tools
  1. Active Directory Administration Snap-Ins
  2. What Is the Active Directory Administrative Center ?
  3. Find Active Directory Administration Tools
  4. Demonstration: Perform Administrative Tasks by Using Active Directory Administrative Tools
2. Active Directory Administration Snap-Ins
  1. Active Directory Users and Computers
  2. Active Directory Sites and Services
  3. Active Directory Domains and Trusts
  4. Active Directory Schema
3. Find Active Directory Administration Tools
  1. Active Directory snap-ins and installed on a domain controller
  2. Install the RSAT on a member client or server
4. Lesson2: Custom Consoles and Least Privilege
  1. Demonstration: Create a Custom MMC Console for Administering Active Directory
  2. Secure Administration with Least Privilege , Run As Administrator , and User Account Control
  3. Demonstration: Secure Administration with User Account Control and Run As Administrator
5. Demonstration : Create a Custom MMC Console for Administering Active Directory
  1. In this demonstration , you will see:
    1. How to create a custom MMC console with multiple snap-ins
    2. How to register the Active Directory schema snap-in
    3. Where to save custom console
6. Secure Administration with Least privilege , Run Administrator , and User Account Control
7. Options for Locating Objects
  1. Sorting : Use column headings to find the objects based on the columns
  2. Searching : provide the criteria for which you want to search
8. Demonstration :Use saved Queries
  1. In this demonstration , you will see
    1. How to create a saved query
    2. How to distribute a saved query
9. Lesson 4: Use Windows power Shell to Administer Active Directory
  1. What Is Windows power shell ?
  2. Installation Requirements for Windows power shell 2.0
  3. Overview of the Windows power shell syntax
  4. Windows power shell Cmdlets for Active Directory
  5. Demonstration : Manage Users and Groups by Using power shell
10. What Is Windows power shell ?
Managing Users and Service Accounts
1. Demonstration : Create a User Template
  1. In this demonstration , you will learn :
    1. How to create a template user account
    2. What a template user account is , and why it is useful
2. User Account
  1. A user account
  2. A user account can be stored
3. Create Users with templates
  1. General tab
  2. Address tab
  3. Account tab
  4. Profile tab
  5. Organization tab
  6. Member of tab
4. User Account Management
  1. Account Management involves the following tasks
5. Lesson 1: Create and Administer User Accounts
  1. User Account
  2. Demonstration :Create a User Object
  3. Name Attributes
  4. Account Attributes
  5. User Account Management
6. Name Attributes
  1. User logon name
  2. User logon name : userprincipalname
  3. Name or full name
  4. Display name :display name
7. Module Overview
  1. Create and Administer User Accounts
  2. Configure User Object Attributes
  3. Automate User Account Creation
  4. Create and Configure Managed Service Account
8. Lesson 2 :Configure User Object Attributes
  1. A Tour of User Attributes
  2. View All Attributes
  3. Modify Attributes of Multiple Users
  4. Demonstration : Create a User Template
  5. Create Users with Templates
9. A Tour of User Attributes
  1. In this demonstration , you will learn
    1. How to access the propeties of a user
    2. The role of each tab in theuser properties dialog box
10. Account Attributes
  1. Logon Hours
  2. Log On To
  3. User must change password at next logon
  4. User cannot change password
  5. password never expires
  6. Account is disabled
  7. smart card is requireg for interactive logon
Managing Groups
1. Define Group Naming Conventions
  1. Name properties
  2. Naming conventions
2. Group Scope
  1. Four group scopes
    1. Local
    2. Global
    3. Domain Local
    4. Universal
3. Group Type
  1. Distribution groups
  2. Security groups
4. Manage Group Membership
  1. Methods
    1. the group's Member tab
    2. the member's Member of tab
    3. the member's Add to a group
    4. 1. Changes to membership do not take effect immediately
5. Tools for Group Management
  1. Active Directory Users and computers
  2. Windows power shell with Active Directory Module (R2 only )
  3. DS commands
6. protect Groups form Accidental Deletion
  1. In the Active Directory Users and computers snap-in ,click the View menu and make sure that Advanced Features is selected
  2. Open the properties dialog box for a group
  3. On the Object tab , select the protect Object Form Accidental Deletion check box
  4. click OK
7. Convert group Type and Scope
  1. In Active `Directory Users and Computers , you can change group
  2. In Active Directory Users and Computers , you can change the group
    1. Global universal
    2. Domain universal
    3. Universal global
    4. Universal domain local
Managing Computer Accounts
1. Requirements for Joining a Computer to the Domain
  1. You must have permissions in Active Directory Domain Services that allow you to join a Computer to the domain
  2. you must be a member of the local Administrators group on the computer to change its domain or workgroup membership
2. Workgroups , Domains , and Trusts
  1. In domain , Active Directory is the authority for authentication
  2. In workgroup , SAM is the authority for authentication
3. prestage Computer Account
  1. prestage (pre _create ) a computer in the correct OU
  2. Computer Name and Computer Name (pre - windows 2000) should be the same
4. Secure Computer Creation and Joins
  1. Prestage computer objacts in OUs
  2. Requires no prestaging
5. The Computer,s Container and Organizational Units
  1. The default Computers container is a container not an organizatonalUnit object
    1. Cannot link GPOs to a container
    2. Cannot create sub-OUs in a container
  2. Best practice is to create OUs for computer objects Server
    1. Servers
    2. Client
6. Configure Computer Attributes
  1. Useful attributes
    1. Description
    2. Managed By
7. Automate Computet Account Creation
  1. CSVDE
  2. LDIFDE
8. Move a computer
  1. Using Active Directory Users and
  2. Right-click the computer , and then click Move
9. computers Account and Secure Channel
  1. Computers have accounts
  2. Scenarios where a secure channel can be broken
10. Reset a Computer Account
  1. Do not simply remove a computer form the rejoin
  2. Options for resetting the secure channel
  3. Active Directory Users and computers
  4. Right - click the computer , and then click Reset Account
  5. Requires the computer to rejoin the domain and restart
11. Delete and Recycle Computer Accounts
  1. Right-click the computet ,and then click Delete
12. Recognize Computer Account problems
  1. Logon messages
  2. Event log errors,including key words such as
    1. Password
    2. Trust
    3. Secure channel
  3. Missing computer account in Active Directory
13. Rename a Computer
  1. Use System properties of the computer to rename the computer and its account correctly
lmplementing a Group Policy ln Frastructure .
1. Module overview
  1. understand Group policy
  2. Implement GPO
  3. Manage Group policy scope
2. Verview of policies
  1. Divided between
    1. user
    2. computer
3. Group policy objects
  1. container for on or more policy setting
  2. managed with the GPMC
  3. Stored in Group policy objects container
4. GOP Scope
  1. Scope
  2. GPO Links
5. Group policy Refresh
  1. when GPO and their setting and are applied
  2. Computer configuration
  3. user configuration
6. Review the computer of Group policy
  1. Setting
  2. Scope
  3. Application
  4. Tools
7. Tow default GPO
  1. De fault Domain policy
  2. De fault Domain controllers policy
8. Manage GPO and This Setting
  1. copy and paste
  2. Back up
  3. Save Report
  4. Delete
  5. Rename
Configuring Domain Name System
1. Install and Manage the DNS Server Role
  1. Installation Methods
  2. DNS Manager Snap-In
2. Create a Zone
  1. Right - click
  2. Select zone type
  3. Specify replication
3. Create Resource Records
  1. Right - click the zone
  2. Dialog box appears specific to the record type you choose
4. Active Directory -Integrated Zones
5. Domain Controller Location
6. Read - Only DNS Zones
7. Prerequesites for Deploying an RODC
  1. Ensure the forest functional level is Windows Server 2003 higher
  2. Ensure that there is at least one writeable domain controller running Windows Server 2008
Administering AD DS Domain Controllers
1. Install a Domain controller by using the win dows Interface
  1. To install a domain controller
  2. DCPROMO . exe
2. options for Installing Domain controller in a Domain
  1. Installing additional domain controllers
  2. Install a new windows server 2008 child domain
  3. Install a new domain tree in a forest
3. understand single master operations
  1. In any multi master replication topology
  2. Many terms used for single master operations in AD DS
  3. Roles
4. operations master Roles
  1. forest - wide
  2. Domain - wide
5. Identify operations masters
  1. user interface tools
  2. command -line tools