Contents
Introduction xxi
Assessment Test xxx
Chapter 1 Installing Active Directory 1
Verifying the File System 2
Resilient File System (ReFS) 3
NTFS 4
Verifying Network Connectivity 7
Basic Connectivity Tests 7
Tools and Techniques for Testing Network Configuration 8
Understanding Domain and Forest Functionality 10
About the Domain Functional Level 10
About Forest Functionality 12
Planning the Domain Structure 13
Installing Active Directory 14
New to Active Directory 14
Read-Only Domain Controllers 15
Adprep 15
Active Directory Prerequisites 16
The Installation Process 16
Deploying Active Directory in Windows Azure 24
Installing Additional Domain Controllers
by Using Install from Media 24
Verifying Active Directory Installation 25
Using Event Viewer 25
Using Active Directory Administrative Tools 27
Testing from Clients 29
Creating and Configuring Application Data Partitions 30
Creating Application Data Partitions 31
Managing Replicas 32
Removing Replicas 33
Using ntdsutil to Manage Application l Data Partitions 33
Configuring DNS Integration with Active Directory 35
Summary 37
Exam Essentials 37
Review Questions 39
Chapter 2 Administer Active Directory 43
Active Directory Overview 44
Understanding Active Directory Features 45
Understanding Security Principals 46
An Overview of OUs 47
The Purpose of OUs 48
Benefits of OUs 48
Planning the OU Structure 49
Logical Grouping of Resources 49
Understanding OU Inheritance 51
Delegating Administrative Control 51
Applying Group Policies 53
Creating OUs 53
Managing OUs 57
Moving, Deleting, and Renaming OUs 57
Administering Properties of OUs 58
Delegating Control of OUs 59
Troubleshooting OUs 62
Creating and Managing Active Directory Objects 63
Overview of Active Directory Objects 63
Managing Object Properties 70
Understanding Groups 74
Filtering and Advanced Active Directory Features 76
Moving, Renaming, and Deleting Active
Directory Objects 77
Resetting an Existing Computer Account 79
Understanding Dynamic Access Control 79
Managing Security and Permissions 80
Using ACLs and ACEs 81
Using Group Policy for Security 82
Fine-Grained Password Policies 84
Publishing Active Directory Objects 86
Making Active Directory Objects Available to Users 87
Publishing Printers 87
Publishing Shared Folders 88
Querying Active Directory 89
Using the Active Directory Administrative Center 90
Using the Command Prompt for Active Directory
Configuration 94
PowerShell for Active Directory 95
Summary 97
Exam Essentials 97
Review Questions 99
Chapter 3 Maintaining Active Directory 103
Overview of Network Planning 104
The Three Types of Networks 105
Exploring Network Constraints 105
Overview of Active Directory Replication and Sites 106
Replicating Active Directory 107
Understanding Active Directory Site Concepts 107
Understanding Distributed File System Replication 111
Implementing Sites and Subnets 112
Creating Sites 113
Creating Subnets 115
Configuring Sites 116
Configuring Replication 117
Intrasite Replication 118
Intersite Replication 118
RODCs and Replication 124
Configuring Server Topology 125
Using Universal Group Membership Caching 128
Configuring DNS SRV Records 129
Monitoring and Troubleshooting Active Directory Replication 129
About System Monitor 130
Troubleshooting Replication 130
Reasons for Creating Multiple Domains 132
Reasons for Using Multiple Domains 132
Drawbacks of Multiple Domains 135
Creating Domain Trees and Forests 135
Planning Trees and Forests 136
The Promotion Process 139
Creating a Domain Tree 140
Joining a New Domain Tree to a Forest 142
Adding Additional Domain Controllers 142
Demoting a Domain Controller 143
Managing Multiple Domains 144
Managing Single-Master Operations 145
Managing Trusts 149
Managing UPN Suffixes 153
Name Suffix Routing 153
Managing Global Catalog Servers 153
Managing Universal Group Membership Caching 155
Upgrading Existing Domains and Forests 156
Maintain Active Directory 157
Overview of the Windows Server 2016 Backup Utility 158
Setting Up an Active Directory Backup 163
Restoring Active Directory 164
Active Directory Recycle Bin 166
Restartable Active Directory 166
Offline Maintenance 167
Monitoring Replication 169
Using the ADSI Editor 170
Wbadmin Command-Line Utility 170
Summary 171
Exam Essentials 172
Review Questions 175
Chapter 4 Implementing GPOs 179
Introducing Group Policy 180
Understanding Group Policy Settings 181
The Security Settings Section of the GPO 184
Client-Side Extensions 185
Group Policy Objects 185
Group Policy Inheritance 186
Planning a Group Policy Strategy 187
Implementing Group Policy 188
Creating GPOs 188
Linking Existing GPOs to Active Directory 191
Forcing a GPO to Update 191
Managing Group Policy 193
Managing GPOs 193
Security Filtering of a Group Policy 195
Delegating Administrative Control of GPOs 197
Controlling Inheritance and Filtering Group Policy 198
Assigning Script Policies 199
Understanding the Loopback Policy 201
Managing Network Configuration 201
Configuring Network Settings 203
Automatically Enrolling User and
Computer Certificates in Group Policy 203
Redirecting Folders 205
Managing GPOs with Windows PowerShell Group Policy Cmdlets 206
Item-Level Targeting 207
Back Up, Restore, Import, Copy, and Migration Tables 208
Deploying Software Through a GPO 211
The Software Management Life Cycle 211
The Windows Installer 213
Deploying Applications 217
Implementing Software Deployment 218
Preparing for Software Deployment 218
Software Restriction Policies 219
Using AppLocker 220
Group Policy Slow Link Detection 220
Publishing and Assigning Applications 220
Applying Software Updates 222
Verifying Software Installation 223
Configuring Automatic Updates in Group Policy 224
Configuring Software Deployment Settings 224
The Software Installation Properties Dialog Box 225
Removing Programs 228
Microsoft Windows Installer Settings 229
Troubleshooting Group Policies 229
RSoP in Logging Mode 231
RSoP in Planning Mode 233
Using the gpresult.exe Command 234
Using the Group Policy Infrastructure Status Dashboard 236
Summary 236
Exam Essentials 237
Review Questions 239
Chapter 5 Understanding Certificates 243
Features of Windows Server 2016 Certificate Services 244
Active Directory Certificate Services Roles 245
Planning the Certificate Authority Hierarchy 246
Installing AD CS 252
Configuring Active Directory Certificate Services 255
PowerShell for AD CS 266
Summary 267
Exam Essentials 268
Review Questions 269
Chapter 6 Configure Access and Information Protection Solutions 273
Implement Active Directory Federation Services 274
What Is a Claim? 274
Whats New for AD FS in Windows Server 2016? 278
Active Directory Federation Services Installation 280
Workplace Join 292
Device Registration Service 292
Workplace Join Your Device 292
Active Directory Rights Management Services 293
Considerations and Requirements for AD RMS 294
Installing AD RMS 296
Managing AD RMS: AD RMS Service Connection Point 298
Configuring a Web Application Proxy 306
Publishing Applications 306
Configuring Pass-Through Authentication 307
Authentication Capabilities 308
PowerShell Commands 309
Summary 311
Exam Essentials 311
Review Questions 313
Appendix Answers to Review Questions 315
Chapter 1: Installing Active Directory 316
Chapter 2: Administer Active Directory 317
Chapter 3: Maintaining Active Directory 317
Chapter 4: Implementing GPOs 318
Chapter 5: Understanding Certificates 319
Chapter 6: Configure Access and Information
Protection Solutions 320
Index 321