2. Cram Class 101
• Introductions
• The Power of Your ITT Student email
• Logon to Alex’s Cloud
• Microsoft Virtual Academy
• TechNet Virtual Labs
• Microsoft Press & Learning
• Various Student Links
• ITT’s MSDN AA
• Download and install Windows Server 2008 R2
• Introduction of Exam 70-640: Windows Server 2008
R2, Configuring Active Directory
3. Your ITT Student Email
• The power of your student email
– Designates you as a student from a valid
institution
• Discounts
• Free access to dozens of websites
• Access to the ITT MSDN AA
– Is a Microsoft Passport
• Access to SkyDrive (Free 25 GB)
• Access to multiple Microsoft websites
• Get in the habit of using your ITT email!!
4. Alex’s Cloud
• Send me an email to get access to
Alex’s Cloud
– Use your ITT email!
– www.euphoriaalbums.com
• Use the site to stay up-to-date
with Cram Class
schedules, upcoming events, and
free material
• Communicate with the other
class members
• Follow on Facebook and Google+
– Use that site until I have the other
domain ready
• Currently working with Microsoft
to expand my Office 365 account
for our classes.
– www.alexscloud.sharepoint.com
5. Microsoft Virtual Academy
• Improve your IT skill set
and help advance your
career with a free, easy to
access training portal.
Learn at your own pace,
focusing on Microsoft
technologies, gain points
and get recognition.
• Register with your ITT
email!!
• Click the logo to visit the
website!
6. TechNet Virtual Labs
• TechNet Virtual Labs enable
you to quickly evaluate and
test Microsoft's newest
products and technologies
through a series of
guided, hands-on labs that you
can complete in 90 minutes or
less. There is no complex
setup or installation
required, and you can use
TechNet Virtual Labs online
immediately, free.
• Register with your ITT email!!
• Click the logo to visit the site!
7. Microsoft Press & Learning
• Microsoft offers a series of books entitled Exam Kits
that will help you study for the associated exams at
your own pace.
• The books include step-by-step instructions, detailed
overviews, labs, and practice exam questions.
• Microsoft’s Learning site and blog will keep you up-to-
date with the latest in certifications and publications
• Microsoft Press
• Microsoft Learning
• Each of these can be followed on Facebook and
Google+.
8. Various Student Links
• Born to Learn
• Microsoft Dreamspark
• Microsoft Student
• Microsoft Student Lounge
• Microsoft IT Academy Program
• Microsoft Education
• MSDN
• On The Hub
9. ITT’s MSDN AA
• As an ITT student, you should have received an email at
your ITT email with instructions to the MSDN Academic
Alliance website.
– Which is now powered by OnTheHub and Dreamspark.
– ITT MSDN AA
• If you have not received this email, use the link above and
using your ITT email, use the password recovery.
• On the MSDN AA there are over 150 Microsoft Operating
Systems, programs, and applications (with Product Keys) for
you to download and use.
• For those of you that are IEEE members, they also have
access to the MSDN AA and sometimes offer better
resources, but not always.
10. Windows Server 2008 R2
• Now that everyone has access to ITT’s MSDN
AA…
• Download Windows Server 2008 R2 w SP1.
– Make sure to save your Product Keys in a text file with
the ISO file.
– The first key is for Standard, the second key is for
Enterprise and Web Server, and the third key is for
Datacenter.
• Don’t worry, I have the ISO already downloaded!
– Just use your product keys to activate it.
11. VM Management
• The key is have one instance of each of your
VMs at a neutral state.
– Nothing installed, just a clean install and the
product activated.
– Use VMWorkstation, VMPlayer, or Virtual PC to
clone the VM.
– Or just copy the VM to another folder if you do
not have that option.
• This will save on using up your Product Keys!
12. Exam 70-640: Configuring Active
Directory
• Configuring Domain Name System (DNS) for Active • Configuring the Active Directory infrastructure (17 %)
Directory (17%)
• Configure a forest or a domain.
• Configure zones. – May include but is not limited to: remove a domain;
– May include but is not limited to: Dynamic DNS perform an unattended installation; Active Directory
(DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic Migration Tool (ADMT) ; change forest and domain
DNS (SDDNS); Time to Live (TTL); GlobalNames; functional levels; interoperability with previous versions of
Primary, Secondary, Active Directory Integrated, Stub; SOA; Active Directory; multiple user principal name (UPN)
zone scavenging; forward lookup; reverse lookup suffixes; forestprep; domainprep
• Configure trusts.
• Configure DNS server settings. – May include but is not limited to: forest trust; selective
– May include but is not limited to: forwarding; root hints; authentication vs. forest-wide authentication; transitive
configure zone delegation; round robin; disable recursion; trust; external trust; shortcut trust; SID filtering
debug logging; server scavenging • Configure sites.
– May include but is not limited to: create Active Directory
subnets; configure site links; configure site link costing;
• Configure zone transfers and replication. configure sites infrastructure
– May include but is not limited to: configure replication • Configure Active Directory replication.
scope (forestDNSzone; domainDNSzone); incremental zone
transfers; DNS Notify; secure zone transfers; configure – May include but is not limited to: DFSR; one-way
name servers; application directory partitions replication; Bridgehead server; replication scheduling;
configure replication protocols; force intersite replication
• Configure the global catalog.
– May include but is not limited to: Universal Group
Membership Caching (UGMC); partial attribute set;
promote to global catalog
• Configure operations masters.
– May include but is not limited to: seize and transfer; backup
operations master; operations master placement; Schema
Master; extending the schema; time service
13. Exam 70-640: Configuring Active
Directory
• Configuring Active Directory Roles and Services (14 %) • Creating and maintaining Active Directory objects (18 %)
• Configure Active Directory Lightweight Directory Service (AD LDS). • Automate creation of Active Directory accounts.
– May include but is not limited to: migration to AD LDS; configure – May include but is not limited to: bulk import; configure the
data within AD LDS; configure an authentication server; Server UPN; create computer, user, and group accounts
Core Installation
(scripts, import, migration); template accounts; contacts;
• Configure Active Directory Rights Management Service (AD RMS). distribution lists; offline domain join
– May include but is not limited to: certificate request and
installation; self-enrollments; delegation; create RMS templates; • Maintain Active Directory accounts.
RMS administrative roles; RM Add-on for IE – May include but is not limited to: manage computer
• Configure the read-only domain controller (RODC). accounts; configure group membership; account resets;
– May include but is not limited to: replication; Administrator role delegation; AGDLP/AGGUDLP; deny domain local group;
separation; read-only DNS; BitLocker; credential caching; password local vs. domain; Protected Admin; disabling accounts vs.
replication; syskey; read-only SYSVOL; staged install deleting accounts; deprovisioning; contacts; creating
• Configure Active Directory Federation Services (AD FSv2). organizational units (OUs); delegation of control; protecting
– May include but is not limited to: install AD FS server role; AD objects from deletion; managed service accounts
exchange certificate with AD FS agents; configure trust policies; • Create and apply Group Policy objects (GPOs).
configure user and group claim mapping; import and export trust – May include but is not limited to: enforce, OU
policies
hierarchy, block inheritance, and enabling user objects;
group policy processing priority; WMI; group policy filtering;
group policy loopback; Group Policy Preferences (GPP)
• Configure GPO templates.
– May include but is not limited to: user rights; ADMX Central
Store; administrative templates; security templates;
restricted groups; security options; starter GPOs; shell
access policies
• Deploy and manage software by using GPOs.
– May include but is not limited to: publishing to users;
assigning software to users; assigning to computers;
software removal; software restriction policies; AppLocker
• Configure account policies.
– May include but is not limited to: domain password policy;
account lockout policy; fine-grain password policies
• Configure audit policy by using GPOs.
– May include but is not limited to: audit logon events; audit
account logon events; audit policy change; audit access
privilege use; audit directory service access; audit object
access; advanced audit policies; global object access
auditing; “Reason for Access” reporting
14. Exam 70-640: Configuring Active
Directory
• Maintaining the Active Directory environment (18 • Configuring Active Directory Certificate Services
%) (15 %)
• Configure backup and recovery. • Install Active Directory Certificate Services.
– May include but is not limited to: using Windows – May include but is not limited to: certificate authority
Server Backup; back up files and system state data to (CA) types, including standalone, enterprise, root, and
media; backup and restore by using removable media; subordinate; role services; prepare for multiple-forest
perform an authoritative or non-authoritative deployments
restores; linked value replication; Directory Services • Configure CA server settings.
Recovery Mode (DSRM); backup and restore GPOs;
configure AD recycle bin – May include but is not limited to: key archival;
certificate database backup and restore; assigning
• Perform offline maintenance. administration roles; high-volume CAs; auditing
– May include but is not limited to: offline • Manage certificate templates.
defragmentation and compaction; Restartable Active
Directory; Active Directory database mounting tool – May include but is not limited to: certificate template
types; securing template permissions; managing
• Monitor Active Directory. different certificate template versions; key recovery
– May include but is not limited to: event viewer agent
subscriptions; data collector sets; real-time • Manage enrollments.
monitoring; analyzing logs; WMI queries; PowerShell
– May include but is not limited to: network device
enrollment service (NDES); auto enrollment; Web
enrollment; extranet enrollment; smart card
enrollment; authentication mechanism assurance;
creating enrollment agents; deploying multiple-forest
certificates; x.509 certificate mapping
• Manage certificate revocations.
– May include but is not limited to: configure Online
Responders; Certificate Revocation List (CRL); CRL
Distribution Point (CDP); Authority Information Access
(AIA)
15. Next Class
Feb 4, 2012
• At home • Class #2
– Logon to Alex’s Cloud – We will start off with
and download the PDF PowerPoint slides and
and CD Contents if you lecture from study
haven’t already done so. material that I have.
– Clone your new VM of – Get ready to dive into
Server and create AD!
another VM for Server – Then will we review
Standard Core to use the some exam questions.
labs in the book.