Course Overview
This course teaches students about server infrastructure upgrades and migration, storage and file
services, network infrastructure services, planning for external user access, designing and
implementing logical AD infrastructure, AD GPO, designing a physical AD infrastructure, and
domain controllers.
Course Introduction 5m
Course Introduction
Module 01 – Server Infrastructure – Upgrade and Migration 2h 14m
Server Infrastructure – Upgrade and Migration
Planning for Deployment
Windows Server Editions
Choice Summary
Pre-installation Requirements
Windows Server 2012 Upgrades
Upgrade Options
Migration to Windows Server 2012
Roles That Can Be Migrated
Roles That Can Be Combined on a Single Server
MAP Toolkit
Windows Assessment and Deployment Kit (ADK)
Windows Server 2012 Licensing
Activation Strategies
Considerations for Virtualization
Virtualization Planning
Hyper-V Virtual Licensing
Planning Hardware for Hyper-V Hosts
Deployment Considerations for Virtualized Workloads
Tools for Deploying Virtual Machines
Virtual Machines and Domain Controllers
Cloning Domain Controllers
Demo – Cloning Domain Controllers
VHDs
VHDXs
Imaging Strategies
Windows Imaging Format
WIM File Structure
High Touch Retail Media Deployments
High Touch with Retail Media Deployment Steps
High Touch Standard Image Deployment
High Touch with Standard Image Process
Lite Touch
Zero Touch High-Volume Deployments
Designing the ZTI Environment
Automated Deployment Methods
Types of Images
Choosing a Deployment Method
Deployment Scenarios
Tools for Image-Based Installation of Windows
ImageX Tasks
Image Servicing and Management: DISM
Windows AIK
Tools Available in Windows AIK
Demo – Installing Windows AIK
Windows PE
Windows DS
Windows DS Architecture
New Features in Windows DS
MDT 2012
Configuration Manager
Configuration Manager Task Sequence and Packages
Module 01 Review
Module 02 – Storage and File Services 1h 38m
Storage and File Services
Direct Attached Storage (DAS)
Network Attached Storage (NAS)
Storage Area Network (SAN)
SAN Components
iSCSI
iSCSI Target Server and iSCSI Initiator
iSCSI Target Server Scenarios
Windows Server 2012 R2 New and Changed Functionality
iSCSI and High-Availability
Defense in Depth
DFS
DFSR Replication
Standalone DFS Namespace
Domain DFS Namespace
DFS Uses
Demo – Deploying and Configuring DFS
BranchCache
BranchCache Modes
Procedure Reference to Install
Demo – Implementing BrancheCache
Discretionary Access Control
Dynamic Access Control
DAC Scenarios
DAC Requirements
Central Access Policy
Creating Central Access Policies
Implementing Central Access Policy
DAC Claims
Creating Claims
Resource Properties
Accessing Resources with DAC
Enabling Support in AD DS KDC
Creating Resource Properties
Central Access Control Rules
File Access Auditing
Planning for Access Denied Assistance
Dynamic Access Control Prerequisites
Module 02 Review
Module 03 – Network Infrastructure Services 2h 51m
Network Infrastructure Services
Best Practices for Designing an IPv4 Addressing Scheme
How to Plan and Implement the Appropriate Addressing Scheme
Selecting an Address Scheme (eNotes)
DHCP Server Placement Infrastructure
DHCP Redundancy Options
DHCP Failover
DHCP Super Scopes
DHCP Reservations
DHCP Option Classes
IPv6 Autoconfiguration
Autoconfigured Address States
Improved PowerShell Commands for DHCP in Server 2012 R2
New PowerShell Commands for DHCP
New PowerShell Commands for DHCP (Cont)
DHCP Guidelines
IPAM Definition and Benefits
IPAM
IPAM and DHCP
IPAM Components
Role Based Access Control
Role Based Access Control Roles Provided by Default
IPAM Prerequisites
IPAM Database Support
IPAM Users and Groups
Manual Provisioning for IPAM
Manual Provisioning for IPAM (Cont)
IPAM Design Considerations
IPAM Views
IPAM Monitoring
DNS Namespace Design
Evaluating a Namespace Design
DNS Namespaces (eNotes)
NetBIOS Name Resolution
GlobalNames
WINS vs. GNZ
DNS and AD DS
DNS Records Needed by AD
Demo – DNS Records Needed by AD
DNS Design Considerations
Integrating Multiple DNS Namespaces
DNS Application Partitions
DNS Server Capacity Planning
Demo – Performance Monitor and DNS
DNS Server Roles
DNS Zone Types
DNS Zone Delegation
Zone Transfers and Replications
DNS BIND Versions
Zone Transfer Security
Root Hints Servers
Optimizing DNS Root Hints
DNS Forwarders | Conditional | Stub Zones
Demo – Configuring Zone Transfers
NetBIOS Name Resolution (Cont.)
Demo – Creating DNS Zones
Optimizing Queries
Optimizing DNS Server
Optimizing Active Directory Integrated Zones
DNS and High-Availability
Common DNS Security Issues
DNS Security Levels
Additional DNS Security Settings
Module 03 Review
Module 04 – Planning for External User Access 2h 5m
Planning for External User Access
Types of Network Access Services
Types of Users
Considerations of Data to Access
Remote Access Methods
Tunneling Protocols: PPTP
Tunneling Protocols: L2TP
Tunneling Protocols: SSTP
Tunneling Protocols: IKEv2
Authentication Protocols and Methods
Encryption Protocols and Methods Set
Planning for Remote Access
New Features in Remote Access Windows Server 2012
New Features Windows 8.1
Placement of VPN Servers
Network Access Policies
Connection Request Policies
How Policies are Applied
Order of Applying Connections
Demo – Creating a VPN
Perimeter Networks
Common Perimeter Network Applications and Protocols
Types of Firewall Configurations
Windows Firewall with Advanced Security
Secure Outside Access Options
DirectAccess
DirectAccess Server Functions
DirectAccess Infrastructure Prerequisites
DirectAccess Server Prerequisites
DirectAccess Client Prerequisites
Methods of Client Connections
DirectAccess Client Connections
Planning DirectAccess
Getting Ready: DirectAccess
Configure DirectAccess Server
DirectAccess with a Single Network Card
RADIUS Authentication and NPS
NPS RADIUS Server
RADIUS Proxy
RADIUS Client
RADIUS Client Examples
Connection Request Policies Conditions | Settings
Conditions | Settings | Default Connection Policy
Connection Request Processing
Network Security
Defense in Depth
Network Policies
Points of Failure for Security Policies
Employee Training
Reasons For Network Attacks
Types of Network Attacks
STRIDE Model
Security Measures
Windows Firewall
Connection Security Rules
IPsec
Server and Domain Isolation
Authentication Options
Best Practices
Demo – Connection Security Rules
Module 04 Review
Module 05 – Design and Implement Logical AD Infrastructure 3h 38m
Design and Implement Logical AD Infrastructure
AD DS Forest Designed
Forest Models: Single
Forest Models: Organizational
Forest Models: Resource Forest Model
Forest Models: Restricted Access
Benefits of Multiple Forests
Guidelines for Designing AD DS Forests
Demo – Creating a Forest Root
Demo – Viewing and Editing the Schema
Forest Trusts
Security Considerations Forest Trust
Accessing Resources in Another Forest
Forest Trust Guidelines
Demo – Creating a Forest Trust
AD DS Domains
Domain Models
Forest Root Domains
Password Policies
Demo – Install Second Domain Controller to Domain
Items That Affected Domain Design
Replication and WAN Links
Trust Relationships
Trusts within a Domain
Trusts Between Domains
Shortcut Trusts
External Trusts
Realm Trusts
Best Practice for Domain Trusts
AD Delegation Options
Delegation Models
Examples of Delegation
Administrative Models
How to Start Planning Resource Management
Administrative Permissions
Branch Office Management
OU Strategies
Users and Permissions
OU Security Descriptors
Demo – Exploring AD Permissions within OU Structure
Delegation Administrative Methods
Where OU Permissions Fall
Examples of Permissions at OU Level (eNotes)
OU Accidental Deletion
Protecting OUs using PowerShell
Demo – Protecting OUs using PowerShell
Active Directory Groups
Group Scope and Nesting
Demo – Creating Groups with Active Directory Administration Center
Demo – Creating Groups with PowerShell
Group Strategy
Default Groups
Protected Users Security Group
Protected Users Security Group User Limitations
Special Identities
Computer Accounts
Best Practices
Module 05 Review
Module 06 – AD GPO 51m
AD GPO
Factors for Group Policy Design
Planning for Desktop Environments with Group Policy
Planning Group Policy for Administrative Models
Group Policy Components
Uses for Group Policy
Demo – Group Policy Categories
Group Policy Templates
Nodes: Computer
Nodes: User
Group Policy Preferences
Configuring Group Policy Preference
GPO Design Considerations
Group Policy Inheritance
Group Policy Filtering
Group Policy Processing
Group Policy, Backup and Restore and Documentation
PowerShell Cmdlets
Migrating GPOs to a New Domain Set
Migration Table Editor
Administration of Group Policy
Slow Link Detection
Module 06 Review
Module 07 – Designing a Physical AD Infrastructure 41m
Designing a Physical AD Infrastructure
AD DS Sites
Location of AD DS Site Configuration
Replication Traffic
Service Localization
Designing AD DS Sites
Factors that Determine AD DS Site Design
Automatic Site Coverage
AD DS and DNS
AD DS Site Considerations
Domain Controller Placement
AD DS Replication Components: Connection Objects
AD DS Replication Components: Notification and Polling
KCC
ISTG – Intersite Topology Generator
Replication Topologies: Ring
Replication Topologies: Hub and Spoke
Replication Topologies: Full Mesh
Replication Topologies: Hybrid
Replication Protocols
Notes on SMTP
Replication and RODCs
Replication and Global Catalogs
Replication and SYSVOL
Site Links
Bridgehead Servers
Site Link Bridging
Virtualized Domain Controllers
Cloning Virtual Domain Controllers
Process: Cloning Server 2012 VDC
DcCloneConfig.xml Syntax
DcCloneConfig.xml Parameters
Domain Controller Safe Backup and Restore
PowerShell for Hyper-V Snapshot Management
Module 07 Review
Module 08 – Domain Controllers 36m
Domain Controllers
Hardware Requirements for Domain Controllers
Installing Server Core
FSMO Roles
FSMO Locations
RODC Limitations
Tools For Monitoring Domain Controllers
Best Practices Analyzer
Demo – Best Practices Analyzer
Security Best Practices
High-Availability
Defining High-Availability Needs for Active Directory
Active Directory, High-Availability
DNS High-Availability
Backup and Recovery AD DS
Types of Backups
Backing Up Critical Volumes
Active Directory Restores
Restoring Active Directory
Active Directory Recycle Bin
Module 08 Review
Course Closure
Total Duration: 14h 40m