Course Description
During this five-day course, students will learn how to design an ActiveDirectory infrastructure in the Windows Server 2008 and Windows Server 2008 R2operating systems. Students will learn how to design Active Directory forests,domain infrastructure, sites and replication, administrative structures, GroupPolicy, and Public Key Infrastructures (PKIs). Students will also learn how todesign for security, high availability, disaster recovery, and migrations. Audience Profile
Agenda
Job Role
The primary audience for this course is IT professionals, includingadministrators of Windows 2000 Server and Windows Server 2003 Enterprise whowant to become administrators of Windows Server 2008 Enterprise.
Skill Level: 30
Product and Technology Experience. At least three to five years of experiencein medium-to-large enterprise organizations, supporting and implementing ActiveDirectory.
Audience Description
This course is intended for IT professionals who want to gain professional jobrole skills to help them design the infrastructure for Active DirectoryforWindows Server 2008 and Windows Server 2008 R2 as an Enterprise Administrator.This course is also intended for IT professionals who have been working asEnterprise Administrators on previous versions of Windows Server and who wantto update their skills to Windows Server 2008. Students might already be, orhave been, Server Administrators who make planning and design decisions at aserver level and who want to gain the skills and knowledge they need totransition to enterprise-level design decisions.
At Course Completion
After completing this course, students will be able to:
Provide an overview of the lab scenario. Create a design for the Active Directory Domain Services (AD DS) forestand forest trust deployment. Design an AD DS domain and Domain Name Service (DNS) integrationdesign. Design AD DS sites and AD DS replication. Create an AD DS domain controller deployment plan. Create an AD DS domain administration design and partially implementthe design. Create an AD DS Group Policy design and implement some components ofthat design. Design and implement AD DS security policies that meet securityrequirements. Design and implement a PKI deployment by using Active DirectoryCertificate Services (AD CS). Design an Active Directory Rights Management Services (AD RMS) solutionand deploy RMS for internal users. Create and implement an Active Directory Lightweight Directory Services(AD LDS) design. Review and validate a Federated Web single sign-on (SSO) deployment. Design and implement a domain restructure. Prerequisites
In addition to their professional experience, students who attend this trainingshould already have the following technical knowledge:
System administrator-level working knowledge. Up to one year of experience implementing server plans. Knowledge of client operating system equivalent to the followingcertifications is beneficial: Exam 70-680: TS: Windows 7, Configuration
Or
Exam 70-620: TS: Windows Vista, Configuring
Students can meet the prerequisites by attending the following courses or byobtaining equivalent knowledge and skills:
6425C: Configuring and Troubleshooting Windows Server 2008 ActiveDirectory Domain Services 6426C: Configuring and Troubleshooting Identity and Access Solutionswith Windows Server 2008 Active Directory 6433A: Planning and Implementing Windows Server 2008 Servers Course Outline
Module 1: Overview of Active Directory Design
For most organizations, the Active Directory deployment may be the single mostimportant component in the IT infrastructure. When organizations deploy AD DSor any of the other Active Directory services within Windows Server 2008, theyare deploying a central authentication and authorization service that providesSSO access to many other network services in the organization. AD DS providesthe primary security mechanism within most organizations, and it enablespolicy-based management for user and computer accounts. You can use the otherActive Directory services to extend some of this functionality to users who areexternal to the organization.
The critical functionality that the Active Directory services provide meansthat you should design your Active Directory infrastructure to meet yourorganization's unique requirements. This module provides an overview of theinformation that you must gather to prepare for an Active Directory deployment,and it provides an overview of the steps that you use as you create an ActiveDirectory design.
Lessons
Preparing For Active Directory Design Designing the Internal AD DS Infrastructure Extending the Active Directory Design Lab: Exploring the Lab Scenario
Exploring the Contoso Ltd. Scenario Exploring Additional Scenarios for Active Directory Designs After completing this module, students will be able to:
Prepare for Active Directory design. Design the internal AD DS infrastructure. Extend the Active Directory design. Module 2: Designing an AD DS Forest Infrastructure
To design the infrastructure of an AD DS forest for your organization, firstyou must collect organizational and administrative requirements, and then youmust decide which design to use. There are several possible designs, and eachone requires some trade-offs. Based on the requirements of your organization,you must determine the type of AD DS forest and forest root domain. You alsomust plan for trusts between forests, determine whether your organizationrequires multiple forests, and determine which modifications, if any, you mustmake to the AD DS schema. In addition, you must design for the timesynchronization of all computer clocks in your organization by using theWindows Time service (Win32Time).
In this module, you will learn about forest design concepts as well as aboutforest trusts, the AD DS schema, and the Windows Time Service.
Lessons
Designing an AD DS Forest Designing AD DS Forest Trusts Planning for AD DS Schema Changes Designing a Windows Time Service Deployment Lab: Designing an AD DS Forest Infrastructure
Design an AD DS Forest Create and Implement Forest Trusts After completing this module, students will be able to:
Design an AD DS forest. Design AD DS forest trusts. Plan for AD DS schema changes. Design a Windows Time service deployment. Module 3: Designing an AD DS Domain Infrastructure
After designing the infrastructure for the AD DS forest as described in Module1, you need to design the AD DS domain infrastructure. To do this, you firstneed to decide on the AD DS domain design model and the placement anddeployment of domain controllers, based on your organization's needs. Afterdesigning the AD DS domain, you then integrate the internal and external DNSnamespaces with the AD DS domain by using DNS servers. If your design consistsof multiple domains, you can create domain trusts to enable easy and reliablecommunication from one domain to another. You need to choose the right type ofdomain trust, based on your organization's needs.
In this module, you will learn about designing AD DS domains, DNS, and domaintrusts.
Lessons
Designing AD DS Domains Designing DNS Namespaces in an AD DS Environment Designing AD DS Domain Trusts Lab: Designing an AD DS Domain Infrastructure
Designing and Implementing AD DS Domains Designing and Implementing DNS Integration Designing and Implementing Domain Trusts After completing this module, students will be able to
Design AD DS domains. Design DNS namespaces in an AD DS environment. Design AD DS domain trusts. Module 4: Designing AD DS Sites and Replication
You should design the site topology for the network after you design the logicalstructure of the AD DS infrastructure in your organization. The site topologyis a logical representation of the physical network. You use the site topologyto manage replication and logon network traffic, among other things. When youcreate the site design, include information about the location of the AD DSsites, the AD DS domain controllers within each site, and the site links andsite-link bridges that support AD DS replication between sites. Windows Server2008 uses site information for many purposes, including routing replication,client affinity, system volume (SYSVOL) replication, Distributed File System(DFS) namespaces, and service locations.
In this module, you will learn how to design a distributed directory servicethat supports domain controllers that are in portions of your network that areseparated by expensive, slow, or unreliable links.
Lessons
Designing AD DS Sites Designing AD DS Replication Lab: Designing AD DS Sites and Replication
Designing and Implementing AD DS Sites Designing and Implementing AD DS Replication After completing this module, students will be able to:
Design AD DS sites. Design AD DS replication. Module 5: Designing AD DS Domain Controllers
This module explains how to design an AD DS domain controller. Lessons
Designing Domain Controllers and Domain Controller Placement Designing RODC Deployments Designing Domain Controllers As Virtual Machines Designing Domain Controller Availability Lab: Designing AD DS Domain Controllers
Designing an AD DS Controller Deployment Designing and Implementing an RODC Deployment After completing this module, students will be able to:
Design domain controllers and domain controller placement. Design read only domain controller (RODC) deployments. Design domain controllers as virtual machines. Design domain controller availability. Module 6: Designing AD DS Domain Administration
You can use an AD DS domain to simplify the administration of your IT resourcesby creating a manageable structure that underlies a network infrastructurebased on the Windows operating system.
To design the effective administration of an AD DS domain, you need to firstassess the state of the configuration and administration of the AD DSenvironment. To determine the best design for your AD DS domain administration,first collect information about how your organization needs to administer thevarious resources in your AD DS domain environment. This information providesthe basis on which you can design and build the AD DS domain structures thatwill enable the most effective AD DS domain administrative methods for yourorganization, such as organizational units (OUs), AD DS groups, and user andcomputer account objects.
Lessons
Planning the Delegation of AD DS Administration Designing the Structure of OUs Designing an AD DS Group Strategy Planning to Manage User and Computer Accounts Lab: Designing AD DS Domain Administration
Creating and Implementing an OU Design Creating and Implementing an AD DS Group Design Automating User and Group Management After completing this module, students will be able to:
Plan the delegation of AD DS administration. Design the structure of OUs. Design an AD DS group strategy. Plan to manage user and computer accounts. Module 7: Designing AD DS Group Policy
The AD DS Group Policy environment is the principal vehicle for configurationmanagement in Windows Server 2008. An effective Group Policy design means amore standardized and easy-to-manage environment in which to perform all otheradministrative tasks.
This module introduces the key concepts for designing Group Policy as theyrelate to planning, implementing. and managing Group Policy in AD DS.
Lessons
Preparing for Group Policy Design Designing Group Policy Objects Designing Group Policy Processing Planning for Group Policy Management Lab: Designing AD DS Group Policy
Designing and Implementing Group Policy Objects Designing and Implementing Group Policy Application After completing this module, students will be able to:
Prepare for Group Policy design. Design Group Policy objects. Design Group Policy processing. Plan for Group Policy management. Module 8: Designing AD DS Security
One of the primary reasons to deploy a directory service like AD DS is to providesecurity for the organization's network. Managing secure access to networkresources is critical to ensuring that only authorized users can access thedata and that only authorized administrators can make changes to theenvironment.
By ensuring that the AD DS deployment is secure, you can help ensure systemstability and reliability, and you can minimize the number of successfulattempts to jeopardize system security and integrity.
Lessons
Preparing to Design AD DS Security Designing AD DS Account and Password Policies Designing AD DS Domain Controller Security Designing AD DS Administrator Security Lab: Designing and Implementing AD DS Security
Designing and Implementing Security Policies for Accounts and Passwords Designing and Implementing Administrative Security Policies After completing this module, students will be able to:
Prepare to design AD DS security. Design AD DS account and password policies. Design AD DS domain controller security. Design AD DS administrator security. Module 9: Designing a Public Key Infrastructure
This module explains how to design a PKI deployment by using Windows Server2008 AD CS.
Lessons
Overview of PKI and AD CS Designing a Certification Authority Deployment Designing Certificate Templates Designing Certificate Distribution and Revocation Lab: Designing and Implementing a PKI Deployment
Designing and Implementing a CA Hierarchy Designing and Implementing AD CS Certificate Templates After completing this module, students will be able to:
Describe the PKI and AD CS features and components. Design a certification authority (CA) deployment hierarchy in AD CS. Design certificate templates. Design a strategy for distributing and revoking certificates. Module 10: Designing and Deploying AD RMS
This module explains how to design and implement a rights protectioninfrastructure by using AD RMS.
Lessons
AD RMS Overview Designing an AD RMS Deployment Extending the AD RMS Deployment Outside an Organization Lab: Designing and Deploying AD RMS
Designing an AD RMS Deployment Implementing an Internal AD RMS Deployment Verifying the AD RMS Deployment After completing this module, students will be able to:
Describe the AD RMS components and functionality. Design an AD RMS deployment. Extend an AD RMS deployment outside an organization. Module 11: Designing an AD LDS Infrastructure
This module explains how to design and implement an AD LDS deployment.
Lessons
AD LDS Deployment Scenarios Designing an AD LDS Server Deployment Designing AD LDS Replication Integrating AD LDS with AD DS Lab: Designing and Implementing an AD LDS Infrastructure
Designing AD LDS Replication for Internal Applications Designing AD LDS Replication for External Applications Designing Highly Available LDAP Services for Multiple Applications Implementing an AD LDS Solution After completing this module, students will be able to:
Describe the AD LDS deployment scenarios. Design an AD LDS server deployment. Design an AD LDS replication topology. Integrate AD LDS with AD DS. Module 12: Designing an AD FS Infrastructure
This module explains how to design an implementation of Active DirectoryFederation Services (AD FS).
Lessons
Overview of an AD FS Design Designing an AD FS Deployment Designing AD FS Claims and Applications Lab: Integrating AD FS and AD RMS
Configuring AD FS in the Account Partner Configuring AD FS in the Resource Forest Adding Resource and Account Partners Configuring AD RMS to Work with AD FS Configuring the AD FS Client Verifying AD RMS and AD FS Functionality After completing this module, students will be able to:
Describe the AD FS components and deployment scenarios. Design an AD FS deployment. Design AD FS claims and applications. Module 13: Designing AD DS Transitions
This module explains how to design and implement AD DS upgrades and migrations.
Lessons
Choosing an AD DS Transition Strategy Designing a Domain-Upgrade Strategy Designing a Domain-Restructure Strategy Designing AD DS Domain Renaming Lab: Designing and Implementing an AD DS Domain Restructure
Designing an AD DS Domain Restructure Implementing an AD DS Domain Restructure After completing this module, students will be able to:
Choose the best AD DS transition strategy, based on the currentenvironment and requirements. Design a domain-upgrade strategy. Design a domain-restructure strategy. Design AD DS domain renaming.