Home       Microsoft Office 2010      Microsoft Windows Server 2008        Web Page Design      Flash Animation       New 2008 Track      Register       About

Configuring Active Directory -  Exam 70-640

Server 2008 Platform

 

Skills Measured for Exam 70-640

 

Configuring Domain Name System (DNS) for Active Directory (16 percent)

 

 Configure zones

• May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure
• Dynamic DNS (SDDNS), Time to Live (TTL), GlobalNames, Primary, Secondary, Active Directory
• Integrated, Stub, SOA, zone scavenging, forward lookup, reverse lookup

 

 Configure DNS server settings

• May include but is not limited to: forwarding, root hints, configure zone delegation, round robin, disable recursion, debug logging, server scavenging

 

Configure zone transfers and replication

• May include but is not limited to: configure replication scope (forestDNSzone, domainDNSzone), incremental zone transfers, DNS Notify, secure zone transfers, configure name servers, application directory partitions

 

Configuring the Active Directory infrastructure (25 percent)

Configure a forest or a domain.

• May include but is not limited to: remove a domain, perform an unattended installation, Active Directory
• Migration Tool (ADMT) v3 (pruning and grafting), raise forest and domain functional levels,
• interoperability with previous versions of Active Directory, alternate user principal name (UPN) suffix,
• forestprep, domainprep

 

Configure trusts.

• May include but is not limited to: forest trust, selective authentication versus forest-wide authentication,
• transitive trust, external trust, shortcut trust, SID filtering

 

 Configure sites.

• May include but is not limited to: create Active Directory subnets, configure site links, configure site link costing, configure sites infrastructure

 

 

 

 

 

Configure Active Directory replication.

• May include but is not limited to: Distributed File System, one-way replication, bridgehead server, replication scheduling, configure replication protocols, force intersite replication

 

 Configure the global catalog

• May include but is not limited to: Universal Group Membership Caching (UGMC), partial attribute set,
• promote to global catalog

 

 Configure operations masters

• May include but is not limited to: seize and transfer, backup operations master, operations master placement, Schema Master, extending the schema, time service

 

Configuring additional Active Directory server roles (9 percent)

 

 Configure Active Directory Lightweight Directory Service (AD LDS).

 

• May include but is not limited to: migration to AD LDS, configure data within AD LDS, configure an authentication server, server core, Windows Server 2008 Hyper-V

 

 Configure Active Directory Rights Management Service (AD RMS).

• May include but is not limited to: certificate request and installation, self-enrollments, delegation, Active Directory Metadirectory Services (AD MDS), Windows Server virtualization

 

Configure the read-only domain controller (RODC).

• May include but is not limited to: unidirectional replication, Administrator role separation, read-only DNS, BitLocker, credential caching, password replication, syskey, Windows Server virtualization

 

 Configure Active Directory Federation Services (AD FS).

• May include but is not limited to: install AD FS server role, exchange certificate with AD FS agents, configure trust policies, configure user and group claim mapping, Windows Server virtualization

 

Creating and maintaining Active Directory objects (24 percent)

 

Automate creation of Active Directory accounts.

• May include but is not limited to: bulk import, configure the UPN, create computer, user, and group accounts (scripts, import, migration), template accounts, contacts, distribution lists

 

 

 

Maintain Active Directory accounts

• May include but is not limited to: configure group membership, account resets, delegation, AGDLP/AGGUDLP, deny domain local group, local versus domain, Protected Admin, disabling accounts versus deleting accounts, deprovisioning, contacts, creating organizational units (OUs), delegation of control

 

Create and apply Group Policy objects (GPOs).

• May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects, Group Policy processing priority, WMI, Group Policy filtering, Group Policy loopback

 

Configure GPO templates

• May include but is not limited to: user rights, ADMX Central Store, administrative templates, security templates, restricted groups, security options, starter GPOs, shell access policies

 

 Configure GPO templates

• May include but is not limited to: user rights, ADMX Central Store, administrative templates, security templates, restricted groups, security options, starter GPOs, shell access policies

 

 Configure software deployment GPOs

• May include but is not limited to: publishing to users, assigning software to users, assigning to computers, software removal

 

Configure account policies

• May include but is not limited to: domain password policy, account lockout policy, fine-grain password policies

 

Configure audit policy by using GPOs.

• May include but is not limited to: audit logon events, audit account logon events, audit policy change, audit access privilege use, audit directory service access, audit object access

 

Maintaining the Active Directory environment (13 percent)

 Configure backup and recovery

• May include but is not limited to: using Windows Server Backup, backup files and system state data to media, backup and restore by using removable media, perform an authoritative or non-authoritative Active Directory restore, linked value replication, Directory Services Recovery Mode (DSRM) (resetadmin password), back up and restore GPOs

Perform offline maintenance.

• May include but is not limited to: offline defragmentation and compaction, Restartable Active Directory, Active Directory database storage allocation

 

 

Monitor Active Directory

• May include but is not limited to: Network Monitor, Task Manager, Event Viewer, ReplMon, RepAdmin,
• Windows System Resource Manager, Reliability and Performance Monitor, Server Performance Advisor, RSOP

 

Configuring Active Directory Certificate Services (13 percent)

Install Active Directory Certificate Services.

• May include but is not limited to: standalone versus enterprise, CA hierarchies—root versus subordinate, certificate requests, certificate practice statement

 

 Configure CA server settings

• May include but is not limited to: key archival, certificate database backup and restore, assigning administration roles

 

Manage certificate templates.

• May include but is not limited to: certificate template types, securing template permissions, managing different certificate template versions, key recovery agent

 

Manage enrollments

• May include but is not limited to: network device enrollment service (NDES), autoenrollment, Web enrollment, smart card enrollment, creating enrollment agents

 

Manage certificate revocations.

 

• May include but is not limited to: configure Online Responders, Certificate Revocation List (CRL),
• CRL Distribution Point (CDP), Authority Information Access (AIA)