Course Overview
This course provides students with the knowledge and skills to install and configure
domain controllers, manage Active Directory objects, secure Active Directory Domain
Services, work with complex AD DS infrastructures, implement Group Policy, understand
Microsoft Azure AD and Directory Synchronization, monitor and recover AD DS, and
implement Active Directory Certificate, Federation, and Rights Management Services.
Course Introduction 8m
Course Introduction
Chapter 01 – Installing and Configuring Domain Controllers 2h 31m
Topic A: Overview of Active Directory Domain Services
Information Protection Concepts
Identity and Access (IDA)
Authentication and Authorization
AD DS Terms
Access Tokens
Access Control Lists
The Kerberos Logon Process
Workgroup vs. Domain
Understanding AD DS Domains
AD DS Components and Concepts
Active Directory Database
Physical Data Store
Logical Partitions
Active Directory Schema
Domains
Trees and Forests
Organizational Units
AD DS Sites
Controlling Replication
Trust Relationships
Topic B: Overview of Domain Controllers
Introducing Domain Controllers
Global Catalog Servers
Read-Only Domain Controllers
FSMO Roles
Demo – Working with FSMO Roles
Locating Domain Controllers
Demo – Viewing SRV Records
Topic C: Deploying Domain Controllers
Reasons for Multiple Domain Controllers
Installing from Server Manager
Considerations for Installing Domain Controllers
Demo – Installing a Domain Controller
Installing on Server Core
Demo – Promoting a Server Core DC
Upgrading Domain Controllers
Additional Installation Options
Cloning Domain Controllers
Demo – Cloning Domain Controllers
Chapter 01 Review
Chapter 02 – Managing Active Directory Objects 3h 40m
Topic A: Overview of AD DS Object Management
Understanding AD DS Objects
Names for AD DS Objects
Management Tools
Demo – Overview of AD DS Management Tools
Topic B: Managing User Accounts
The Importance of the User Account
Naming Considerations
Configuring User Passwords
Creating User Accounts
Demo – Creating AD DS Users
Managing User Attributes
User Account Management
Demo – Managing Users
Topic C: Managing Groups
Group Types and Scopes
Types of Groups
Group Scopes
Domain Local and Global Groups
Universal Groups
Group Nesting
Group Naming Considerations
Creating and Configuring Groups
Demo – Creating and Configuring Groups
Introduction to Default Groups
Identifying Default Groups
Administrative Groups
Demo – Configuring Default Groups
Using Special Identities
Strategies for Using Groups
Group Nesting Strategies
Demo – Group Nesting
Topic D: Managing Computer Accounts
Introduction to Computer Accounts
Creating Computer Accounts
Working with Secure Channel Passwords
Offline Domain Joins
Demo – Working with Computer Accounts
Topic E: Managing Organizational Units
Planning Organizational Units
OU Hierarchy Considerations
Creating OUs
Demo – Creating an OU Hierarchy
Object Security in AD DS
AD DS Object Permissions
Demo – Viewing Object Permissions in Active Directory
Delegating Administrative Control
Modifying Delegated Rights
Best Practices for Administrative Delegation
Demo – Delegating Administrative Control
Chapter 02 Review
Chapter 03 – Securing Active Directory Domain Services 2h 7m
Topic A: Securing Domain Controllers
Understanding Security Risks
Using Group Policy
Group Policy Security Settings
Securing the Authentication Process
Physical Access Security
Branch Office Domain Controllers
RODC Features
RODC Limitations and Considerations
Deploying RODCs
Demo – Installing an RODC
Password Replication Policies
Topic B: Implementing Account Security
Account Security in Windows Server 2016
Complexity Options
Password Policies
Account Lockout Policies
Configuring Domain Password and Lockout Policies
Demo – Configuring Account Policies in Group Policy
Configuring Fine-Grained Password Policies
Demo – Configuring Fine-Grained Password Policies
Restricted Groups
Protected Users Security Groups
Authentication Policies
Authentication Silos
Enhancing Password Authentication
Topic C: Auditing AD DS
Utilizing Auditing
The Purpose of Auditing
Types of Events
Auditing Goals
Auditing File and Object Access
Advanced Auditing
Demo – Configuring Auditing
Topic D: Configuring Managed Service Accounts
Overview of Service Accounts
Challenges to Managing Service Accounts
Managed Service Accounts
Group MSAs
Demo – Configuring Group MSAs
Chapter 03 Review
Chapter 04 – Working with Complex AD DS Infrastructures 1h 58m
Topic A: Overview of Advanced AD DS Deployments
Domain Boundaries
Forest Boundaries
Reasons for Implementing Multiple Domains
Reasons for Implementing Multiple Forests
Deploying Domain Controllers in Azure
Managing Objects
Topic B: Deploying a Distributed AD DS Environment
Domain Functional Levels
Forest Functional Levels
Deploying AD DS Domains
DNS Considerations
UPN Considerations
Demo – Deploying a Child Domain
Understanding Trust Relationships
Types of Trusts
How Trusts Work
Forest Trusts
Advanced Trust Settings
Demo – Configuring a Forest Trust
Topic C: Overview of AD DS Replication
AD DS Partitions
AD DS Replication
Types of Replication
Resolving Replication Conflicts
Topic D: Configuring AD DS Sites
Reasons for Sites
Planning for Sites
Overview of Sites and Subnets
Moving Domain Controller Accounts
Domain Controller Placement
Demo – Creating Sites
Controlling Inter-Site Replication
Defining Site Links
Site Links
Site Link Properties
Demo – Creating Site Links
Bridgehead Servers
Bridging Site Links
Monitor and Manage Replication
Chapter 04 Review
Chapter 05 – Implementing Group Policy 3h 14m
Topic A: Overview of Group Policy
What is Group Policy?
Group Policy Settings
Local Group Policies
Policies vs. Preferences
Demo – Examining Policy Settings
Domain Policies
GPO Storage
Linking GPOs
GPO Processing Order
Controlling Inheritance
Determining Inheritance
GPO Link Options
Security Filtering
WMI Filtering
Refreshing Policies
Other Processing Options
Topic B: Creating and Configuring GPOs
Creating GPOs
Starter GPOs
Administrative Templates
Group Policy Preferences
Demo – Creating and Configuring Policies
Group Policy Management
Delegation of Control
Demo – Managing GPOs
Topic C: Monitoring and Troubleshooting Group Policy
Troubleshooting Group Policy Application
Demo – Troubleshooting Group Policy Application
Topic D: Security Management Using Group Policy
Security Management Using Group Policy
Configuring User Rights
Managing Security Options
User Account Control
Demo – Managing Security Options
Controlling Applications
Software Restriction Policies
Security Levels
AppLocker
Support for AppLocker
AppLocker Rules
Creating Default Rules
Demo – Controlling Applications Using Group Policy
Configuring the Windows Firewall
Windows Firewall with Advanced Security
Firewall Profiles
Creating Firewall Rules
Configuring the Windows Firewall
Types of Rules
Connection Security Rules
Demo – Configuring Firewalls using Group Policy
Topic E: Managing User Environments
Using Scripts in Group Policy
What is Folder Redirection?
Common Folders for Redirection
Redirection Options
Demo – Configuring Folder Redirection
Deploying Software Using Group Policy
How Software Distribution Works
Using Windows Installer
Software Life Cycle
Deploying Software
Deployment Options
Maintaining Software through Group Policy
Removing Software Deployments
Chapter 05 Review
Chapter 06 – Understanding Microsoft Azure AD and Directory Synchronization 53m
Topic A: Planning Directory Synchronization
Overview of Azure AD
Limitations of AD DS
Extending AD DS Authentication
Comparing AD DS and Azure AD
Authentication Options
Planning Directory Synchronization
Enabling AD DS Synchronization
Topic B: Implementing Azure AD Connect
What is Azure AD Connect?
Azure AD Connect Requirements
Azure AD Connect Express Settings
Azure AD Connect Custom Installation
Monitoring Azure AD
Privileged Identity Management
Topic C: Managing Identities with Directory Synchronization
Managing Users
Managing Groups
Filtering Azure AD Connect
Monitoring Directory Synchronization
Troubleshooting Directory Synchronization
Chapter 06 Review
Chapter 07 – Monitoring and Recovering AD DS 1h
Topic A: Monitoring AD DS
Performance Monitoring Benefits
Establishing Performance Baselines
Introduction to Monitoring Tools
Event Viewer
Demo – Using Event Viewer
Reliability Monitor
Real-Time Monitoring
Data Collector Sets
Data Collection Points
Common AD DS Counters
Best Practices
Topic B: Database Management
Physical Data Store
Using NTDSUtil
AD DS Maintenance
Topic C: Backup and Recovery in AD DS
Disaster Recovery for Active Directory
Backing Up Active Directory
Using Backup Tools
Backup Requirements
Restoring Data
Additional Restore Options
Demo – Enabling the AD Recycle Bin
Best Practices for Backup and Recovery
Chapter 07 Review
Chapter 08 – Implementing Active Directory Certificate Services 1h 34m
Topic A: Overview of Public Key Infrastructure and AD CS
What is a PKI?
Encryption Types
PKI Components
PKI Enabled Applications
Certificate Authorities
CA Types
Internal vs. External CAs
AD CS in Windows Server 2016
Topic B: Deploying Certificate Authority Hierarchy
Decision Factors for CA Hierarchy
CA Hierarchy Roles
Best Practices for CA Hierarchies
Installing Root CAs
Demo – Installing a Root CA
Installing Subordinate CAs
Benefits of Using Subordinates
Automating Installations
Topic C: Administering Certificate Authorities
Administration Tools
Configuring CA Security
Security Roles for CA Administration
Policy and Exit Modules
Certificate Revocation Lists (CRL)
Publishing the CRL
Publishing AIAs and CDPs
Topic D: Deploying and Managing Certificates
Digital Certificates
Certificate Templates
Template Versions in Windows Server 2016
Certificate Template Permissions
Updating Templates
Demo – Modifying and Enabling a Certificate Template
Enrollment Types
Manual Enrollment
Automating Enrollment
Autoenrollment Components
Demo – Configuring Autoenrollment
Credential Roaming
Topic E: Managing Revocation and Distribution
Certificate Revocation
Online Responder
Online Responder Process
Comparing CRL and OCSP
Configuring an Online Responder
Topic F: Configuring Certificate Recovery
Importance of Key Archival and Recovery
Key Archival
Data Recovery vs. Key Recovery
Archival Methods
Export Methods
Automating Archival
Recovering Lost Keys
Chapter 08 Review
Chapter 09 – Implementing Active Directory Federation Services (AD FS) 1h 4m
Topic A: Overview of AD FS
What is Identity Federation?
Federation Benefits
AD FS Components
Additional AD FS Terms
Identity Federation Scenarios
Business to Business Scenario
Business to Employee Scenario
Business to Consumer Scenario
New Features in Windows Server 2016
Topic B: Planning and Deploying AD FS
AD FS Requirements
Server Roles
Planning High Availability
AD FS Claims
AD FS Claim Rules
Trust Relationships
Installing AD FS
Demo – Installing AD FS
Configuring Partners
Home Realm Discovery
Managing AD FS
Topic C: Overview of Web Application Proxy
Introducing the Web Application Proxy
Web Application Proxy and AD FS Proxy
Authentication Methods
Publishing Software
Chapter 09 Review
Chapter 10 – Implementing Active Directory Rights Management Services 45m
Topic A: Overview of AD RMS
Introducing AD RMS
The AD RMS Difference
AD RMS Components
Certificates and Licenses
Protecting Content
Consuming Content
Azure RMS
Topic B: Deploying AD RMS
Deployment Scenarios
Installation Overview
AD RMS Configuration
Demo – Installing AD RMS Cluster
AD RMS Management
External Sharing
Topic C: Protecting Content with AD RMS
Rights Policy Templates
Configuring Templates for Offline Usage
Demo – Configuring Rights Management Templates
Exclusion Policies
Chapter 10 Review
Course Closure
Total Duration: 18h 52m