Module 1: Deploy Active Directory services.
Active Directory Domain Services (AD DS) is the cornerstone of on-premises networks for many organizations worldwide. AD DS delivers authentication and authorization by using domain controllers (DCs) for on-premises apps and services. In this module, you’ll learn how to configure DCs to suit your specific organizational needs and integrate AD DS with Microsoft Azure Active Directory (Azure AD) to provide single sign-on (SSO) for users that access both on-premises and cloud-based apps.
• Components of AD DS.
• AD DS DCs.
• Deploy AD DS DCs.
• Azure AD overview.
• Labs: Deploy and administer AD DS.
- Deploy AD DS.
- Deploy DCs by performing DC cloning.
- Administer AD DS.
Module 2: Manage directory objects.
Active Directory, at its heart, is a hierarchical database. Unlike a traditional database, however, you can create many different types of records within Active Directory. These records are referred to as objects, which you can create to represent almost anything in your network, from users and groups to printers, shared folders, and computers.
Each object can have many different properties, referred to as attributes. For example, the user object type has attributes in which you can store the user’s sign-in name, and street and email addresses.
Not only does Active Directory allow you to store information about objects, but it also enables you to manage those objects. After you create objects, you can use AD DS to manage and control these objects, which you can group together in containers to easily apply policies to them.
Active Directory is a powerful tool to centrally manage your network. Large organizations might want to distribute management to different teams of administrators. Active Directory enables this by allowing a domain administrator to provide lower-level administrators access to specific objects and containers.
• Manage user accounts.
• Manage groups in AD DS.
• Manage computer objects in AD DS.
• Administer AD DS by using PowerShell.
• Implement and manage OUs.
• Labs: Manage AD DS Objects.
- Create and manage groups in AD DS.
- Create and configure user accounts in AD DS.
- Manage computer objects in AD DS.
• Labs: Administer AD.
- Delegate administration for OUs.
- Create and modify AD DS objects with Windows PowerShell.
Module 3: Advanced AD DS infrastructure management.
This module describes key technologies that serve as the building blocks of more advanced AD DS environments and provides guidance about implementing and managing such environments.
• Overview of advanced AD DS deployments.
• Deploy a distributed AD DS environment.
• Configure AD DS trusts.
• Labs: Domain and trust management in AD DS.
- Implement forest trusts.
- Implement child domains in AD DS.
Module 4: Implement and administer AD DS sites and replication.
In this module, you’ll learn about the technical details of AD DS replication and how you can leverage that knowledge to optimize the design and implementation of AD DS environments that consist of multiple geographically distributed DCs.
• Overview of AD DS replication
• Configure AD DS sites
• Describe AD DS sites.
• Explain reasons to implement additional sites.
• Configure additional AD DS sites.
• Describe how AD DS replication works between sites.
• Describe the intersite topology generator.
• Describe SRV resource records.
• Describe how domain-joined computers locate DCs.
• Explain how to move DCs between sites.
• Labs: Implement AD DS sites and replication.
- Describe AD DS site links.
- Explain the concept of site-link bridging.
- Describe how to manage intersite replication.
- Configure AD DS intersite replication.
- Describe the tools for monitoring and managing replication.
Module 5: Implement Group Policy.
For organizations operating in an on-premises AD DS environment, Group Policy offers centralized management of both user and computer settings. This enables administrators to configure, enforce, and maintain their organization’s on-premises configuration. GPOs are linked to container objects such as sites, domains, and OUs. Users and computers placed in those containers inherit the applicable container’s settings. However, GPOs can be blocked, unlinked, or enforced to override the default application behavior. GPOs can also be filtered based on security-group membership and Windows Management Instrumentation (WMI) filters. When settings don’t apply as you expect, it’s important that you know how to investigate and resolve the issues.
• What is Group Policy?
• Implement and administer Group Policy.
• Group Policy scope and processing.
• Troubleshoot the application of GPOs.
• Labs: Implement a Group Policy Infrastructure.
- Creating and configuring GPOs.
- Managing GPO scope.
• Labs: Troubleshoot Group Policy infrastructure.
- Verify GPO application.
- Troubleshoot GPOs.
Module 6: Manage user settings with Group Policy.
You can use GPOs to create a standard desktop for the entire organization or on a departmental basis. You construct this standard desktop by using features such as administrative templates, Folder Redirection, and Group Policy preferences.
• Implement administrative templates.
• Configure Folder Redirection, software installation, and scripts.
• Configure Group Policy preferences.
• Labs: Manage user settings with Group Policy.
- Use administrative templates to manage user settings.
- Implement settings by using Group Policy preferences.
- Configure Folder Redirection.
Module 7: Secure AD DS.
AD DS contains sensitive information about many parts of your IT infrastructure, such as users and their passwords. An issue with your AD DS security can result in data loss, data leakage, parts of your IT infrastructure being disabled, or even your entire IT infrastructure being compromised. As an AD DS administrator, you need to understand the potential threats to AD DS and how to mitigate them.
• Secure DCs.
• Implement account security.
• Implement authentication auditing.
• Configure managed service accounts.
• Labs: Secure AD DS.
- Implement security-related polices in AD DS.
- Implement Read Only Domain Controllers to secure AD DS.
- Create and manage service accounts.
Module 8: Deploy and manage AD CS.
Public key infrastructure (PKI) is the tools and processes that allow you to issue digital certificates, which are commonly used for authentication and to help secure network communication. You can configurate Windows Server as a CA that issues digital certificates by installing the AD CS role.
• Deploy CAs
• Administer CAs
• Troubleshoot and maintain CAs
• Labs: Deploy and configure a two-tier CA hierarchy.
- Deploy an offline root CA.
- Deploy an enterprise subordinate CA.
Module 9: Deploy and manage certificates.
Planning a CA hierarchy is just the first part of implementing PKI for your organization. You also need to understand how to manage certificate templates to ensure that users and computers get certificates with the correct configuration. Additionally, you need to know how to manage certificates, including certificate revocation, and how you can use certificates for purposes such as securing network communication.
• Deploy and manage certificate templates.
• Manage certificate deployment, revocation, and recovery.
• Use certificates in a business environment.
• Labs: Deploy and use certificates.
- Configure certificate templates for end users.
- Enroll for certificate and use certificates.
- Configure key recovery for critical certificates.
Module 10: Implement and administer AD FS.
Windows Server provides AD FS, an SSO solution. AD FS enables organizations to provide users with the ability to sign in and authenticate to services and apps locally, in partner companies, and online. AD FS service provides SSO functionality for many services in various organizations. In this module, you’ll learn how AD FS works and how to implement it in different scenarios.
• Overview of AD FS.
• AD FS requirements and planning.
• Deploy and configure AD FS.
• Web Application Proxy Overview.
• Labs: Implement AD FS.
- Deploy AD FS infrastructure.
- Configure an application to use AD FS.
- Configure AD FS for a business-partner scenario.
Module 11: Implement AD DS synchronization with Microsoft Azure AD.
In this module, you’ll learn how to plan, prepare, and implement directory synchronization between local AD DS and Azure AD.
• Plan and prepare for directory synchronization.
• Implement directory synchronization by using Azure AD Connect.
• Manage identities with directory synchronization.
• Labs: Configure Directory Synchronization.
- Deploy directory synchronization between the AD DS and Azure AD.
- Manage users and groups in a directory synchronization scenario.
Module 12: Monitor, manage, and recover AD DS.
At the heart of AD DS is the Active Directory database. A major responsibility for administrators is to monitor AD DS and its associated services, which ensures you’re managing issues proactively. In a worst-case scenario, administrators might have to restore the Active Directory database from a backup, which requires a methodical approach to creating, testing, and performing regular backups. Microsoft provides several tools for monitoring AD DS in real time, and for storing data to recognize trends over time. There are also specific tools to help you backup and restore an Active Directory database.
• Monitor AD DS.
• Manage the Active Directory database.
• Active Directory backup and recovery solutions.
• Labs: Recover Objects in AD DS.
- Backup and restore AD DS.
- Recover objects in AD DS.
- Monitor Azure AD.
