70-742 - Identity with Windows Server 2016

70-742 - Identity with Windows Server 2016


Course Overview

This course provides students with the knowledge and skills to install and configure domain controllers, manage Active Directory objects, secure Active Directory Domain Services, work with complex AD DS infrastructures, implement Group Policy, understand Microsoft Azure AD and Directory Synchronization, monitor and recover AD DS, and implement Active Directory Certificate, Federation, and Rights Management Services.

Course Introduction

Course Introduction

Chapter 01 - Installing and Configuring Domain Controllers

Topic A: Overview of Active Directory Domain Services

Information Protection Concepts

Identity and Access (IDA)

Authentication and Authorization

AD DS Terms

Access Tokens

Access Control Lists

The Kerberos Logon Process

Workgroup vs. Domain

Understanding AD DS Domains

AD DS Components and Concepts

Active Directory Database

Physical Data Store

Logical Partitions

Active Directory Schema


Trees and Forests

Organizational Units

AD DS Sites

Controlling Replication

Trust Relationships

Topic B: Overview of Domain Controllers

Introducing Domain Controllers

Global Catalog Servers

Read-Only Domain Controllers

FSMO Roles

Demo - Working with FSMO Roles

Locating Domain Controllers

Demo - Viewing SRV Records

Topic C: Deploying Domain Controllers

Reasons for Multiple Domain Controllers

Installing from Server Manager

Considerations for Installing Domain Controllers

Demo- Installing a Domain Controller

Installing on Server Core

Demo- Promoting a Server Core DC

Upgrading Domain Controllers

Additional Installation Options

Cloning Domain Controllers

Demo- Cloning Domain Controllers

Chapter 01 Review

Chapter 02- Managing Active Directory Objects

Topic A: Overview of AD DS Object Management

Understanding AD DS Objects

Names for AD DS Objects

Management Tools

Demo- Overview of AD DS Management Tools

Topic B: Managing User Accounts

The Importance of the User Account

Naming Considerations

Configuring User Passwords

Creating User Accounts

Demo- Creating AD DS Users

Managing User Attributes

User Account Management

Demo- Managing Users

Topic C: Managing Groups

Group Types and Scopes

Types of Groups

Group Scopes

Domain Local and Global Groups

Universal Groups

Group Nesting

Group Naming Considerations

Creating and Configuring Groups

Demo- Creating and Configuring Groups

Introduction to Default Groups

Identifying Default Groups

Administrative Groups

Demo- Configuring Default Groups

Using Special Identities

Strategies for Using Groups

Group Nesting Strategies

Demo- Group Nesting

Topic D: Managing Computer Accounts

Introduction to Computer Accounts

Creating Computer Accounts

Working with Secure Channel Passwords

Offline Domain Joins

Demo- Working with Computer Accounts

Topic E: Managing Organizational Units

Planning Organizational Units

OU Hierarchy Considerations

Creating OUs

Demo- Creating an OU Hierarchy

Object Security in AD DS

AD DS Object Permissions

Demo- Viewing Object Permissions in Active Directory

Delegating Administrative Control

Modifying Delegated Rights

Best Practices for Administrative Delegation

Demo- Delegating Administrative Control

Chapter 02 Review

Chapter 03- Securing Active Directory Domain Services 

Topic A: Securing Domain Controllers

Understanding Security Risks

Using Group Policy

Group Policy Security Settings

Securing the Authentication Process

Physical Access Security

Branch Office Domain Controllers

RODC Features

RODC Limitations and Considerations Deploying RODCs

Demo- Installing an RODC

Password Replication Policies

Topic B: Implementing Account Security

Account Security in Windows Server 2016

Complexity Options

Password Policies

Account Lockout Policies

Configuring Domain Password and Lockout Policies

Demo- Configuring Account Policies in Group Policy

Configuring Fine-Grained Password Policies

Demo- Configuring Fine-Grained Password Policies

Restricted Groups

Protected Users Security Groups

Authentication Policies

Authentication Silos

Enhancing Password Authentication

Topic C: Auditing AD DS

Utilizing Auditing

The Purpose of Auditing

Types of Events

Auditing Goals

Auditing File and Object Access

Advanced Auditing

Demo- Configuring Auditing

Topic D: Configuring Managed Service Accounts

Overview of Service Accounts

Challenges to Managing Service Accounts

Managed Service Accounts

Group MSAs

Demo- Configuring Group MSAs

Chapter 03 Review

Chapter 04- Working with Complex AD DS Infrastructures

Topic A: Overview of Advanced AD DS Deployments

Domain Boundaries

Forest Boundaries

Reasons for Implementing Multiple Domains

Reasons for Implementing Multiple Forests

Deploying Domain Controllers in Azure

Managing Objects

Topic B: Deploying a Distributed AD DS Environment

Domain Functional Levels

Forest Functional Levels

Deploying AD DS Domains

DNS Considerations

UPN Considerations

Demo- Deploying a Child Domain

Understanding Trust Relationships

Types of Trusts

How Trusts Work

Forest Trusts

Advanced Trust Settings

Demo- Configuring a Forest Trust

Topic C: Overview of AD DS Replication

AD DS Partitions

AD DS Replication

Types of Replication

Resolving Replication Conflicts

Topic D: Configuring AD DS Sites

Reasons for Sites

Planning for Sites Overview of Sites and Subnets

Moving Domain Controller Accounts

Domain Controller Placement

Demo- Creating Sites

Controlling Inter-Site Replication

Defining Site Links

Site Links

Site Link Properties

Demo- Creating Site Links

Bridgehead Servers

Bridging Site Links

Monitor and Manage Replication

Chapter 04 Review

Chapter 05- Implementing Group Policy

Topic A: Overview of Group Policy

What is Group Policy?

Group Policy Settings

Local Group Policies

Policies vs. Preferences

Demo- Examining Policy Settings

Domain Policies

GPO Storage

Linking GPOs

GPO Processing Order

Controlling Inheritance

Determining Inheritance

GPO Link Options

Security Filtering

WMI Filtering

Refreshing Policies

Other Processing Options

Topic B: Creating and Configuring GPOs

Creating GPOs

Starter GPOs

Administrative Templates

Group Policy Preferences

Demo- Creating and Configuring Policies

Group Policy Management

Delegation of Control

Demo- Managing GPOs

Topic C: Monitoring and Troubleshooting Group Policy

Troubleshooting Group Policy Application

Demo- Troubleshooting Group Policy Application

Topic D: Security Management Using Group Policy

Security Management Using Group Policy

Configuring User Rights

Managing Security Options

User Account Control

Demo- Managing Security Options

Controlling Applications

Software Restriction Policies

Security Levels


Support for AppLocker

AppLocker Rules

Creating Default Rules

Demo- Controlling Applications Using Group Policy

Configuring the Windows Firewall

Windows Firewall with Advanced Security

Firewall Profiles

Creating Firewall Rules

Configuring the Windows Firewall

Types of Rules

Connection Security Rules

Demo - Configuring Firewalls using Group Policy

Topic E: Managing User Environments

Using Scripts in Group Policy

What is Folder Redirection?

Common Folders for Redirection

Redirection Options

Demo - Configuring Folder Redirection

Deploying Software Using Group Policy

How Software Distribution Works

Using Windows Installer

Software Life Cycle

Deploying Software

Deployment Options

Maintaining Software through Group Policy

Removing Software Deployments

Chapter 05 Review

Chapter 06 - Understanding Microsoft Azure AD and Directory Synchronization

Topic A: Planning Directory Synchronization

Overview of Azure AD

Limitations of AD DS

Extending AD DS Authentication

Comparing AD DS and Azure AD

Authentication Options

Planning Directory Synchronization

Enabling AD DS Synchronization

Topic B: Implementing Azure AD Connect

What is Azure AD Connect?

Azure AD Connect Requirements

Azure AD Connect Express Settings

Azure AD Connect Custom Installation

Monitoring Azure AD

Privileged Identity Management

Topic C: Managing Identities with Directory Synchronization

Managing Users

Managing Groups

Filtering Azure AD Connect

Monitoring Directory Synchronization

Troubleshooting Directory Synchronization

Chapter 06 Review

Chapter 07 - Monitoring and Recovering AD DS

Topic A: Monitoring AD DS

Performance Monitoring Benefits

Establishing Performance Baselines

Introduction to Monitoring Tools

Event Viewer

Demo - Using Event Viewer

Reliability Monitor

Real-Time Monitoring

Data Collector Sets

Data Collection Points

Common AD DS Counters

Best Practices

Topic B: Database Management

Physical Data Store

Using NTDSUtil

AD DS Maintenance

Topic C: Backup and Recovery in AD DS

Disaster Recovery for Active Directory

Backing Up Active Directory

Using Backup Tools

Backup Requirements

Restoring Data

Additional Restore Options

Demo- Enabling the AD Recycle Bin

Best Practices for Backup and Recovery

Chapter 07 Review

Chapter 08- Implementing Active Directory Certificate Services

Topic A: Overview of Public Key Infrastructure and AD CS

What is a PKI?

Encryption Types

PKI Components

PKI Enabled Applications

Certificate Authorities

CA Types

Internal vs. External CAs

AD CS in Windows Server 2016

Topic B: Deploying Certificate Authority Hierarchy

Decision Factors for CA Hierarchy

CA Hierarchy Roles

Best Practices for CA Hierarchies

Installing Root CAs

Demo- Installing a Root CA

Installing Subordinate CAs

Benefits of Using Subordinates

Automating Installations

Topic C: Administering Certificate Authorities

Administration Tools

Configuring CA Security

Security Roles for CA Administration

Policy and Exit Modules

Certificate Revocation Lists (CRL)

Publishing the CRL

Publishing AIAs and CDPs

Topic D: Deploying and Managing Certificates

Digital Certificates

Certificate Templates

Template Versions in Windows Server 2016

Certificate Template Permissions

Updating Templates

Demo - Modifying and Enabling a Certificate Template

Enrollment Types

Manual Enrollment

Automating Enrollment

Autoenrollment Components

Demo - Configuring Autoenrollment

Credential Roaming

Topic E: Managing Revocation and Distribution

Certificate Revocation

Online Responder

Online Responder Process

Comparing CRL and OCSP

Configuring an Online Responder

Topic F: Configuring Certificate Recovery

Importance of Key Archival and Recovery

Key Archival

Data Recovery vs. Key Recovery

Archival Methods

Export Methods

Automating Archival

Recovering Lost Keys

Chapter 08 Review

Chapter 09 - Implementing Active Directory Federation Services (AD FS)

Topic A: Overview of AD FS

What is Identity Federation?

Federation Benefits

AD FS Components

Additional AD FS Terms

Identity Federation Scenarios

Business to Business Scenario

Business to Employee Scenario

Business to Consumer Scenario

New Features in Windows Server 2016

Topic B: Planning and Deploying AD FS

AD FS Requirements

Server Roles

Planning High Availability

AD FS Claims

AD FS Claim Rules

Trust Relationships

Installing AD FS

Demo - Installing AD FS

Configuring Partners

Home Realm Discovery

Managing AD FS

Topic C: Overview of Web Application Proxy

Introducing the Web Application Proxy

Web Application Proxy and AD FS Proxy

Authentication Methods

Publishing Software

Chapter 09 Review

Chapter 10 - Implementing Active Directory Rights Management Services

Topic A: Overview of AD RMS

Introducing AD RMS

The AD RMS Difference

AD RMS Components

Certificates and Licenses

Protecting Content

Consuming Content

Azure RMS

Topic B: Deploying AD RMS

Deployment Scenarios

Installation Overview

AD RMS Configuration

Demo - Installing AD RMS Cluster

AD RMS Management

External Sharing

Topic C: Protecting Content with AD RMS

Rights Policy Templates

Configuring Templates for Offline Usage

Demo - Configuring Rights Management Templates

Exclusion Policies

Chapter 10 Review

Course Closure

70-742 - Identity with Windows Server 2016
tag icon Price $99.99
tag icon Instrutor 1
tag icon Duration 18h 52m
tag icon Lessons 10
tag icon Access 12 Months
Add to Cart