Lesson Plans LabSim for Microsoft’s Implementing a Server 2003 Active Directory Infrastructure (Exam 70-294) Table of Contents Course Overview .................................................................................................. 2 Section 1.1: Introduction to Active Directory ......................................................... 3 Section 2.1: Installing Active Directory .................................................................. 4 Section 2.2: Advanced Installation ........................................................................ 5 Section 2.3: Verifying Installation .......................................................................... 7 Section 2.4: Backup and Restore.......................................................................... 8 Section 3.1: Managing Groups ........................................................................... 10 Section 3.2: Group Security Planning ................................................................. 12 Section 3.3: Delegating Authority ........................................................................ 14 Section 4.1: Planning the Structure..................................................................... 15 Section 4.2: Trust Relationships ......................................................................... 16 Section 4.3: Functional Levels ............................................................................ 18 Section 4.4: Operation Masters .......................................................................... 19 Section 4.5: Schema ........................................................................................... 21 Section 4.6: Active Directory Objects .................................................................. 22 Section 5.1: Creating and Linking GPOs ............................................................ 23 Section 5.2: Editing GPOs .................................................................................. 24 Section 5.3: Group Policy Inheritance ................................................................. 25 Section 5.4: Planning GPOs ............................................................................... 27 Section 5.5: Delegating Administration ............................................................... 29 Section 5.6: Software Distribution ....................................................................... 31 Section 5.7: Administrative Templates ................................................................ 33 Section 5.8: Folder Redirection ........................................................................... 34 Section 5.9: Managing Logon ............................................................................. 35 Section 5.10: Managing Certificate Enrollment ................................................... 37 Section 6.1: Managing Sites ............................................................................... 39 Section 6.2: Customizing Replication.................................................................. 41 Section 6.3: Troubleshooting Replication ............................................................ 43 Section 6.4: Global Catalogs .............................................................................. 45 Section 6.5: Site License Servers ....................................................................... 47 Section 6.6: Application Directory Partitions ....................................................... 48 Practice Exams ................................................................................................... 49 Appendix A: Approximate Time for the Course ................................................... 50 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 1 Course Overview 1.0 Active Directory Overview Module 1 provides an introduction to Active Directory. Students receive an overview of Active Directory topology and components, including forests, trees, domains, containers, and objects. 2.0 Installing and Maintaining Active Directory Module 2 teaches students how to install Active Directory. The module also covers troubleshooting tools and techniques. 3.0 Active Directory Security Module 3 covers the methods for securing Active Directory. Topics include security principals, group types, group strategies, permissions, and delegation. 4.0 Managing the Active Directory Structure Module 4 covers the Active Directory management tasks. Students learn design principles as well as management tools and procedures for establishing Active Directory. 5.0 Managing Group Policy Module 5 covers Group Policy. Many students find Group Policy a difficult subject to master. You may want to spend additional time on the sections in this module. 6.0 Sites and Services Module 6 covers Active Directory management across multiple sites. Students learn about replication, site links, site link costs, universal membership caching, and the different types of services that Active Directory uses. Practice Exams In Practice Exams students will have the opportunity to test themselves and verify that they understand the concepts and are ready to take the certification exam. ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 2 Section 1.1: Introduction to Active Directory Summary This section introduces the components of Active Directory. The students should be familiar with many of the terms. Students will learn how to: Describe the components that constitute an Active Directory deployment. Design an Active Directory structure. Identify the tools used for Active Directory configuration and management. Windows Server 2003 Active Directory Infrastructure Objectives 101. Plan a strategy for placing global catalog servers. 103. Implement an Active Directory directory service forest and domain structure. Lecture Focus Questions: What was the first directory service? What is a directory information tree? How does Active Directory use DNS? What is the purpose of a global catalog server? Is a global catalog server useful in a single domain environment? What are three examples of a Microsoft Management Console provided with Windows Server 2003? Video/Demo 1.1.1 Introduction to Directories 1.1.2 Domains, Trees, and Forests Time 5:17 11:50 1.1.3 Container Objects 4:56 1.1.4 Sites and Site Links 5:22 1.1.5 The Active Directory Database 4:06 1.1.6 Active Directory Consoles 4:09 1.1.7 Active Directory Console 3:12 Total 38:52 Total Time About 40 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 3 Section 2.1: Installing Active Directory Summary You should be familiar with Active Director installation. If possible, perform an installation operation for the students to observe. Students will learn how to: Create Active Directory objects like a forest root, a tree, and a domain. Use the Dcpromo tool to configure a domain controller. Windows Server 2003 Active Directory Infrastructure Objectives 103. Implement an Active Directory directory service forest and domain structure. o Create the forest root domain. o Create a child domain. o Install and configure an Active Directory domain controller. Lecture Focus Questions: What does DCPromo do? What are the domain options you'll be offered during installation? What domain configuration information will you need to provide during installation? Video/Demo Time 2.1.1 Active Directory Installation 2:49 2.1.2 Installing Active Directory 3:32 2.1.3 Creating a Forest Root 4:11 2.1.4 Installing a Domain Controller 2:26 Total 12:58 Number of Exam Questions 2 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 4 Section 2.2: Advanced Installation Summary If possible, create a domain on which you can perform management operations, like renaming and removing Active Directory. Students will learn how to: Follow the steps to prepare a Windows 2000 Domain for a Windows Server 2003 installation. Select from advanced installation options to facilitate installation procedures. Take the necessary steps to rename Active Directory objects or remove Active Directory. Windows Server 2003 Active Directory Infrastructure Objectives 103. Implement an Active Directory directory service forest and domain structure. o Create the forest root domain. o Create a child domain. o Create and configure Application Data Partitions. o Install and configure an Active Directory domain controller. Lecture Focus Questions: What are two advanced methods of installing active directory? What commands must you run before installing the first Windows Server 2003 server into a Windows 2000 tree? What are the ramifications of renaming a Domain? Which command to you use to remove a domain controller from Active Directory? Video/Demo Time 2.2.1 Preparing a Windows 2000 Domain 2:29 2.2.2 Advanced Installation Options 2:29 2.2.3 Renaming Domains and Domain Controllers 4:12 2.2.4 Removing Active Directory Total 2:06 11:16 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 5 Number of Exam Questions 2 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 6 Section 2.3: Verifying Installation Summary Be familiar with the Active Directory installation so that you can show students the settings they should check when troubleshooting problems. Demonstrate the use of the troubleshooting tools. Students will learn how to: Identify installation problems and take steps to correct them. Examine an Active Directory installation to verify a complete, correct installation. Identify and use tools designed to diagnose and correct installation problems. Windows Server 2003 Active Directory Infrastructure Objectives 103. Implement an Active Directory directory service forest and domain structure. Lecture Focus Questions: How can you verify that Active Directory is installed? What settings should you check as you begin to troubleshoot Active Directory? How can you use each of the available tools to troubleshoot Active Directory? Video/Demo Time 2.3.1 Verifying Installation 4:14 2.3.2 Troubleshooting Installation 5:43 Total 9:57 Total Time About 10 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 7 Section 2.4: Backup and Restore Summary Know the difference between authoritative and nonauthoritative restores. Prepare examples of each for use during lecture. Students will learn how to: Establish a backup policy and deployment for Active Directory. Explain the differences between a nonauthoritative restore and an authoritative restore. Choose the correct restore method based on the circumstances. Windows Server 2003 Active Directory Infrastructure Objectives 204. Restore Active Directory directory services. o Perform an authoritative restore operation. o Perform a nonauthoritative restore operation. Lecture Focus Questions: What limitations make System State backups different from regular data backups? What happens during a nonauthoritative restore? What happens during an authoritative restore? What is the difference between the two restore types? What are the steps for an authoritative restore? What are the steps for a nonauthoritative restore? How can you ensure data integrity after doing a restore? Video/Demo Time 2.4.1 Backing Up Active Directory 6:45 2.4.2 Backing Up Active Directory 2:40 2.4.3 Performing a Nonauthoritative Restore 3:45 2.4.4 Backup and Restore Facts 4:02 Total 17:12 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 8 Number of Exam Questions 9 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 9 Section 3.1: Managing Groups Summary Divide the students into groups. Create a domain, domain local, and universal group. Explore the differences among them with the students. Discuss the differences between builtin and custom groups. Explain when to use custom groups. Prepare examples to show the differences among GUID, SID, and RID. Students will learn how to: Use the concept of security principals to control access to network resources. Design groups that allow you to enforce the principle of least privilege. Create groups of different scopes and types. Windows Server 2003 Active Directory Infrastructure Objectives 103. Implement an Active Directory directory service forest and domain structure. 301. Plan a security group strategy. Lecture Focus Questions: What are two security principals? What is a DACL? What is inheritance? What are the types of Active Directory groups? Why do you create groups? Video/Demo Time 3.1.1 Security Principals 2:35 3.1.2 Groups 4:06 3.1.3 Creating Groups 2:37 Total 9:18 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 10 Lab/Activity Create a Domain Group Create a Domain Local Group Create a Universal Group Total Time About 30 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 11 Section 3.2: Group Security Planning Summary Prepare examples to illustrate each of the group strategies. Understand nesting and inheritance. Introduce permissions and the idea of inheritance. Students will learn how to: Design group strategies based on network deployment needs. Deploy different types of group strategies. Use group strategies to define task delegation. Windows Server 2003 Active Directory Infrastructure Objectives 105. Plan an administrative delegation strategy. o Plan an organizational unit (OU) structure based on delegation requirements. o Plan a security group hierarchy based on delegation requirements. 301. Plan a security group strategy. Lecture Focus Questions: What is group nesting? When is a Universal group available? Which type of group has users added to it? How does a Universal group differ from a Domain Local group in its use and membership? Video/Demo Time 3.2.1 Security Group Plan 4:13 3.2.3 Implementing a Group Plan 3:04 3.2.6 Assigning Active Directory Permissions 2:20 Total 9:37 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 12 Lab/Activity Implement a Group Strategy 1 Implement a Group Strategy 2 Number of Exam Questions 2 questions Total Time About 25 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 13 Section 3.3: Delegating Authority Summary Organize the students into groups of administrators and users. Give permissions to the administrators groups. Let the students explore the permissions. (Do not perform this activity on a live network.) Students will learn how to: Describe the types of administrative control and when they are best implemented. Create an Active Directory structure that facilitates delegation. Windows Server 2003 Active Directory Infrastructure Objectives 105. Plan an administrative delegation strategy. o Plan an organizational unit (OU) structure based on delegation requirements. o Plan a security group hierarchy based on delegation requirements. 303. Plan an OU structure. o Analyze the administrative requirements for an OU. Lecture Focus Questions: What are the two types of administration? Why would you want to delegate administration? What are two ways of delegating administration? Video/Demo Time 3.3.1 Delegation of Control 2:46 3.3.2 Delegating Control 3:18 Total 6:04 Number of Exam Questions 6 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 14 Section 4.1: Planning the Structure Summary Design some scenarios that allow the students to consider different design considerations. Students will learn how to: Design an Active Directory structure by considering the deployment of forests, domains, and Organizational Units. Windows Server 2003 Active Directory Infrastructure Objectives 303. Plan an OU structure. o Analyze the administrative requirements for an OU. o Analyze the Group Policy requirements for an OU structure. Lecture Focus Questions: What is a forest? Why would you need more than one forest? What is a domain? Why would you need more than one domain? What is the primary reason for creating Organizational Units? Video/Demo Time 4.1.1 Planning the Forest 2:53 4.1.2 Planning Domains 2:49 4.1.3 Planning OUs 2:19 Total 8:01 Number of Exam Questions 1 question Total Time About 10 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 15 Section 4.2: Trust Relationships Summary Draw some trust relationships. Help the students analyze site link costs. Students will learn how to: Identify the different types of trusts used in Active Directory. Create different types of trust relationships including external, shortcut, and forest root trusts. Windows Server 2003 Active Directory Infrastructure Objectives 103. Implement an Active Directory directory service forest and domain structure. o Establish trust relationships. Types of trust relationships might include external trusts, shortcut trusts, and cross-forest trusts. 201. Manage an Active Directory forest and domain structure. o Manage trust relationships. Lecture Focus Questions: What is a trust? What is a transitive trust? When would you install a non-transitive trust? If you create two domains, do you have to create a trust manually? Why would you use a one-way trust? Video/Demo Time 4.2.1 Trust Relationships 7:45 4.2.3 Creating Trust Relationships 4:58 Total 12:43 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 16 Lab/Activity Create an External Trust 1 Create an External Trust 2 Create a Shortcut Trust Create a Forest Root Trust Number of Exam Questions 5 questions Total Time About 40 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 17 Section 4.3: Functional Levels Summary Create a chart of the functional levels, their requirements, and their characteristics to use for class discussion. Students will learn how to: Identify the characteristics of domain and forest functional levels. Raise the functional levels of domains and forests Windows Server 2003 Active Directory Infrastructure Objectives 103. Implement an Active Directory directory service forest and domain structure. o Set an Active Directory forest and domain functional level based on requirements. Lecture Focus Questions: What are the functional levels of a domain? What functions do each of the different levels have? When would you raise the domain functional level? What are the requirements to raise functional levels? What are the functional levels of a forest? What determines the forest functional level? Video/Demo Time 4.3.1 Functional Levels 4:42 4.3.3 Changing Domain and Forest Levels 3:21 Total 8:03 Lab/Activity Raise the Domain Functional Level Raise the Forest Functional Level Raise the Domain and/or Forest Level Total Time About 25 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 18 Section 4.4: Operation Masters Summary Understand each of the operation master roles. Prepare a chart that helps the students understand the tasks each server performs. Students will learn how to: Transfer operation master roles among domain controllers. Troubleshoot operation master roles to diagnose network problems. Seize an operation master role in the case of a defunct role operations master. Windows Server 2003 Active Directory Infrastructure Objectives 102. Plan flexible operations master role placement. o Plan for business continuity of operations master roles. o Identify operations master role dependencies. 205. Troubleshoot Active Directory. o Diagnose and resolve issues related to operations master role failure. Lecture Focus Questions: What is the purpose of an operation master role server? What is a schema master? What is a domain naming master? What is the RID master role? What is the function of a PDC emulator? What does the infrastructure master role do? What is the difference between transferring a role and seizing a role? Video/Demo Time 4.4.1 Operation Master Roles 5:10 4.4.3 Changing Operation Masters 5:21 Total 10:31 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 19 Lab/Activity Transfer an Operation Master 1 Transfer an Operation Master 2 Transfer the Naming Master Identify Operation Master Placement 1 Identify Operation Master Placement 2 Number of Exam Questions 7 questions Total Time About 45 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 20 Section 4.5: Schema Summary Make a list of Active Directory objects and their attributes that make up the schema. Discuss the function of each object and its attributes. Students will learn how to: Understand how to extend and manage the schema. Explain the composition of the schema. Windows Server 2003 Active Directory Infrastructure Objectives 201. Manage an Active Directory forest and domain structure. o Manage schema modifications. Lecture Focus Questions: What is the schema? What is metadata? Why does Active Directory store the object definitions as objects? What does it mean to extend the schema? Number of Exam Questions 2 questions Total Time About 5 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 21 Section 4.6: Active Directory Objects Summary Create several OUs to work with during the course of the lecture. Show the students how to migrate an OU. Show its attributes. Create objects inside the OU. Students will learn how to: Create and manage Active Directory objects, including Organizational Unit, User, Computer, and Group objects. Move objects between domains using the Active Directory Migration Tool. Choose the appropriate tools for Active Directory management tasks. Windows Server 2003 Active Directory Infrastructure Objectives 303. Plan an OU structure. 304. Implement an OU structure. Lecture Focus Questions: What does the ADMT do? Why is it better to rename or move an object than delete and recreate it? What tools can you use to create an OU in Active Directory? Video/Demo Time 4.6.1 Managing Active Directory Objects 1:40 4.6.3 Using the Migration Tool 4:30 Total 6:10 Lab/Activity Create OUs Number of Exam Questions 6 questions Total Time About 20 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 22 Section 5.1: Creating and Linking GPOs Summary Group policy is a concept the students will find difficult. For this module, you need to prepare plenty of examples. You also need an in-depth understanding of Group Policy. Students will learn how to: Use GPOs to manage computers and users in Active Directory. Create GPOs and links to Active Directory objects. Delete GPOs and their respective links. Windows Server 2003 Active Directory Infrastructure Objectives 501. Troubleshoot issues related to Group Policy application deployment. Tools might include RSoP and the gpresult command. Lecture Focus Questions: What is a group policy? Why would you institute a group policy? What Active Directory objects can you link to a group policy? Video/Demo Time 5.1.1 Group Policy 5:41 5.1.2 Group Policy Application Order 2:54 5.1.3 Creating and Linking a GPO 6:26 Total 15:01 Lab/Activity Link an Existing GPO Create and Link a GPO Number of Exam Questions 2 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 23 Section 5.2: Editing GPOs Summary Set some group policies to review with your students. If possible, implement them on a limited scale to examine their effects. Students will learn how to: Apply GPO settings to control the computer and user configurations. Windows Server 2003 Active Directory Infrastructure Objectives 402. Configure the user environment by using Group Policy. o Distribute software by using Group Policy. o Configure user security settings by using Group Policy. 403. Deploy a computer environment by using Group Policy. o Distribute software by using Group Policy. o Configure computer security settings by using Group Policy. Lecture Focus Questions: What is the purpose of an Administrative Template? What does the Software Settings option allow you to do? What operations do you use the Windows Settings for? What does Security Settings allow an administrator to do? Video/Demo Time 5.2.1 The Group Policy Editor 2:49 5.1.3 Configuring GPO Settings 4:58 Total 5:47 Total Time About 5 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 24 Section 5.3: Group Policy Inheritance Summary If possible, set some policies on a computer or group of computers. Perform some of the management tasks like blocking inheritance and setting the No Override value. Examine and discuss the effects of the changes with the students. Students will learn how to: Modify the order in which GPOs are applied. Manage GPOs by disabling the GPO or removing the GPO link. Use Block Inheritance, No Override, WMI Filtering, and Loopback Processing to control GPO application. Windows Server 2003 Active Directory Infrastructure Objectives 402. Configure the user environment by using Group Policy. o Configure user security settings by using Group Policy. 403. Deploy a computer environment by using Group Policy. o Configure computer security settings by using Group Policy. 503. Troubleshoot the application of Group Policy security settings. Tools might include RSoP and the gpresult command. Lecture Focus Questions: In what order are group policies applied? If there is more than one group policy linked to a domain, what controls the order of application? How does group policy inheritance affect computer or user settings? What is the difference between No Override and Block Inheritance? How can you apply group policy settings to specific users or groups? ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 25 Video/Demo Time 5.3.1 Group Policy Inheritance 4:50 5.3.2 Controlling Group Policy Application 2:56 5.3.8 Filtering Group Policy 2:19 5.3.9 Filtering GPOs 2:22 Total 12:27 Lab/Activity Change the GPO Order Disable a GPO Remove a GPO Link Block Inheritance Set No Override Number of Exam Questions 10 questions Total Time About 50 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 26 Section 5.4: Planning GPOs Summary If possible, set some policies against which you can run the RSoP wizard in both its modes. Discuss the results as part of the lecture. Students will learn how to: Design GPOs to meet specified requirements for regulating the computer and user environments. Use Group Policy tools to analyze the effects of GPOs in test and live environments. Windows Server 2003 Active Directory Infrastructure Objectives 401. Plan Group Policy strategy. o Plan a Group Policy strategy by using Resultant Set of Policy (RSoP) Planning mode. o Plan a strategy for configuring the user environment by using Group Policy. o Plan a strategy for configuring the computer environment by using Group Policy. Lecture Focus Questions: What are two reasons to use RSoP? What tools or utilities are available for managing group policies? What are best practices for using group policy? Video/Demo Time 5.4.1 Planning OUs for Group Policy 2:19 5.4.4 Analyzing GPOs 2:25 5.4.5 Using Resultant Set of Policy (RSoP) 6:06 Total 10:50 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 27 Lab/Activity Implement a GPO 1 Implement a GPO 2 Number of Exam Questions 8 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 28 Section 5.5: Delegating Administration Summary Prepare different scenarios that would require different delegation strategies. Discuss the pros and cons of each delegation strategy. Students will learn how to: Explain the three types of delegation: decentralized, centralized, and taskbased. Delegate GPO control depending on the requirements of the chosen delegation strategy. Windows Server 2003 Active Directory Infrastructure Objectives 105. Plan an administrative delegation strategy. o Plan an organizational unit (OU) structure based on delegation requirements. o Plan a security group hierarchy based on delegation requirements. 303. Plan an OU structure. o Analyze the Group Policy requirements for an OU structure. 304. Implement an OU structure. o Delegate permissions for an OU to a user or to a security group. Lecture Focus Questions: What are common group policy administration tasks? What are the differences between centralized and decentralized administration control? What is tasked-based administration? Video/Demo Time 5.5.1 Delegating Group Policy Administration 3:40 5.5.2 Delegating GPO Control 5:47 Total 9:27 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 29 Total Time About 10 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 30 Section 5.6: Software Distribution Summary Discuss the types of software that administrators most commonly need to apply across networks. Be familiar with the recommended best practices and discuss them with the students. Students will learn how to: Perform software distribution management tasks including assigning software, publishing software, and designing software distribution. Implement changes to software distribution by modifying configurations and restrictions. Windows Server 2003 Active Directory Infrastructure Objectives 402. Configure the user environment by using Group Policy. o Distribute software by using Group Policy. 403. Deploy a computer environment by using Group Policy. o Distribute software by using Group Policy. 501. Troubleshoot issues related to Group Policy application deployment. Tools might include RSoP and the gpresult command. 502. Maintain installed software by using Group Policy. o Distribute updates to software distributed by Group Policy. o Configure automatic updates for network clients by using Group Policy. Lecture Focus Questions: What type of drive mapping would you use to point to a software distribution point? Can you use group policies to remove software? Who determines the order software packages are installed? What is a file with the extension MSI? What is a repackaged application? ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 31 Video/Demo Time 5.6.1 Software Distribution 6:49 5.6.2 Distributing Software 5:33 5.6.7 Modifying Software Distribution 7:08 5.6.8 Configuring Software Restriction Policies 9:22 Total 28:52 Lab/Activity Publish Software Assign Software Design Software Distribution 1 Design Software Distribution 2 Number of Exam Questions 15 questions Total Time About 65 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 32 Section 5.7: Administrative Templates Summary Familiarize yourself with the most common Administrative Template settings. Configure some settings to discuss with the students. Students will learn how to: Manage computers and users by configuring GPOs through the Administrative Templates node. Identify and describe the uses of the various Administrative Templates. Windows Server 2003 Active Directory Infrastructure Objectives 401. Plan Group Policy strategy. o Plan a strategy for configuring the user environment by using Group Policy. o Plan a strategy for configuring the computer environment by using Group Policy. 402. Configure the user environment by using Group Policy. 403. Deploy a computer environment by using Group Policy. Lecture Focus Questions: What does an administrative template contain? What is the purpose of an .ADM file? Where do administrative templates come from? Video/Demo Time 5.7.1 Administrative Templates 2:44 5.7.2 Configuring Administrative Templates 3:51 Total 6:35 Lab/Activity Configure Administrative Templates 1 Configure Administrative Templates 2 Total Time About 20 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 33 Section 5.8: Folder Redirection Summary Redirect the My Documents folder for your students or on some test machines. Discuss the effects of folder redirection on clients. Students will learn how to: Redirect folders using GPOs. Identify the folders that can be redirected. Windows Server 2003 Active Directory Infrastructure Objectives 402. Configure the user environment by using Group Policy. o Redirect folders by using Group Policy. Lecture Focus Questions: What is the impact of a roaming user profile and folder redirection? How do you implement folder redirection? What types of folders are redirected? How can you test folder redirection to make sure it is working properly? Video/Demo Time 5.8.1 Folder Redirection 3:11 5.8.2 Redirecting Folders 4:21 Total 7:32 Lab/Activity Redirect Folders Number of Exam Questions 4 questions Total Time About 20 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 34 Section 5.9: Managing Logon Summary Familiarize yourself with the different account settings. Discuss how each of the settings ties into the design of password and logon policies. Discuss the pros and cons of configuring each setting. Students will learn how to: Manage user logons by configuring account settings, unlocking accounts, and enforcing password standards. Simplify user logon by modifying UPN suffixes. Windows Server 2003 Active Directory Infrastructure Objectives 302. Plan a user authentication strategy. o Create a password policy for domain users. Lecture Focus Questions: What are the settings administrators can use to enforce password policies? What are the characteristics of complex passwords? What is the purpose of an account lockout policy? What does each of the account lockout settings do? Video/Demo Time 5.9.1 Password Policies 2:55 5.9.2 Account Lockout 2:22 5.9.3 Configuring Account Policies 6:10 5.9.8 Adding a UPN Suffix 2:23 Total 13:50 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 35 Lab/Activity Configure Account Settings 1 Configure Account Settings 2 Configure Password Settings 1 Configure Password Settings 2 Number of Exam Questions 9 questions Total Time About 45 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 36 Section 5.10: Managing Certificate Enrollment Summary This is another difficult concept that the students may find troublesome. Familiarize yourself with the principles of PKI and certificates to clarify students’ confusions. Students will learn how to: Describe the uses of PKI. Identify the appropriate circumstances of implementing smart cards. Modify settings to facilitate certificate enrollment for users. Windows Server 2003 Active Directory Infrastructure Objectives 302. Plan a user authentication strategy. o Plan a smart card authentication strategy. 402. Configure the user environment by using Group Policy. o Automatically enroll user certificates by using Group Policy. 403. Deploy a computer environment by using Group Policy. o Automatically enroll computer certificates by using Group Policy. Lecture Focus Questions: What comprises the Public Key Infrastructure? What is a digital certificate? What is a Certificate Authority responsible for doing? How do public and private keys work? What makes smart cards an effective means of authentication? What requirements must a network meet before implementing smart cards? What are the costs involved in implementing a smart card solution? What does a public key policy allow you to control? What is a trusted root CA? What does a CTL do? What are the uses of auto enrollment? ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 37 Video/Demo Time 5.10.1 Certificates and PKI 3:34 5.10.2 Smart Cards 1:37 5.10.3 Public Key Policies 1:46 5.10.4 Configuring Automatic Certificate Enrollment 3:28 Total 10:25 Number of Exam Questions 3 questions Total Time About 15 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 38 Section 6.1: Managing Sites Summary Prepare examples of sites and subnets. Show students the different types of configurations that can be implemented. Prepare trust examples for discussion. Understand the importance of trusts to be able to explain it to the students. Students will learn how to: Design, create, and manage site and subnet infrastructure. Manage replication including calculating site link costs. Windows Server 2003 Active Directory Infrastructure Objectives 104. Implement an Active Directory site topology. (6.2) o Configure site links. 202. Manage an Active Directory site. (6.2, 6.1 o Configure replication schedules. o Configure site link costs. Lecture Focus Questions: What is a site? What is a site used for? What is the purpose of a site link? What does a site cost do? What are advantages of having sites with transitive trusts? How are replication links chosen? Video/Demo Time 6.1.1 Site Concepts 7:00 6.1.2 Creating Sites 4:43 Total 11:43 Lab/Activity Rename the Default Site Create a Site and Subnet ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 39 Number of Exam Questions 1 question Total Time About 25 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 40 Section 6.2: Customizing Replication Summary Familiarize yourself with the concept of replication. Understand the components involved in replication like intra- and intersite replication, bridgehead servers, site links. Students will learn how to: Configure data transport by administering site links and bridgehead servers. Manage replication by performing such tasks as configuring intrasite and intersite replication and forcing replication. Windows Server 2003 Active Directory Infrastructure Objectives 104. Implement an Active Directory site topology. o Configure site links. o Configure preferred bridgehead servers. 202. Manage an Active Directory site. o Configure replication schedules. o Configure site link costs. 205. Troubleshoot Active Directory. o Diagnose and resolve issues related to Active Directory replication. Lecture Focus Questions: What are the differences between intrasite and intersite replication? What are the characteristics of intra- and intersite replication? What is a site schedule? What are two intersite transport protocols? What is the purpose of a KCC? What is the function of the bridgehead server? How is a preferred bridgehead server determined? ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 41 Video/Demo Time 6.2.1 Active Directory Replication 5:46 6.2.2 Intersite Transports 4:17 6.2.3 Managing Replication 6:14 6.2.8 Designating Bridgehead Servers 1:47 Total 18:04 Lab/Activity Modify Site Links Configure Intersite Replication Configure Intrasite Replication Force Replication Designate a Bridgehead Server Number of Exam Questions 10 questions Total Time About 55 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 42 Section 6.3: Troubleshooting Replication Summary Be familiar with how each of the troubleshooting tools works. If possible, generate data to use as examples during your lecture. Students will learn how to: Diagnose replication problems using log files in Event Viewer. Monitor replication with Replmon. Manage replication tasks, like scheduling, setting replication intervals, and forcing domain controller synchronization. Windows Server 2003 Active Directory Infrastructure Objectives 203. Monitor Active Directory replication failures. Tools might include Replication Monitor, Event Viewer, and support tools. o Monitor Active Directory replication. o Monitor File Replication service (FRS) replication. Lecture Focus Questions: How does Repelmon help with troubleshooting? What does Repadmin do? What do you use Dsastat for? What is an update sequence number (USN)? What is the Up-to-dateness vector? What is the function of the attribute version number? What is a tombstoned object? What happens during garbage collection? What can you find in Lost and Found? Video/Demo Time 6.3.1 Troubleshooting Replication 4:12 6.3.2 Monitoring Replication 4:12 Total 8:24 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 43 Lab/Activity Troubleshoot replication Number of Exam Questions 13 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 44 Section 6.4: Global Catalogs Summary Understand the function of the global catalog server. You should also be familiar with universal group membership and the advantages and disadvantages of using universal groups. Students will learn how to: Manage Global Catalog servers by creating single or multiple Global Catalog server configurations. Establish universal group membership caching for a site or multiple sites. Windows Server 2003 Active Directory Infrastructure Objectives 101. Plan a strategy for placing global catalog servers. o Evaluate network traffic considerations when placing global catalog servers. o Evaluate the need to enable universal group caching. 205. Troubleshoot Active Directory. o Diagnose and resolve issues related to Active Directory replication. Lecture Focus Questions: How does a Global Catalog query work? What are the advantages of having more than one Global Catalog server? What kind of data does a Global Catalog server store? Why doesn't a single domain network need a Global Catalog server? What is the function of Universal Group Membership caching? What considerations should you make before implementing a Global Catalog server? Video/Demo Time 6.4.1 Global Catalog Server Placement 6:10 6.4.2 Designating a Global Catalog Server 2:12 Total 8:22 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 45 Lab/Activity Designate a Global Catalog Server Enable Universal Group Membership Caching Number of Exam Questions 9 questions Total Time About 30 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 46 Section 6.5: Site License Servers Summary Be familiar with the importance of licensing. Discuss licensing issues with the students, including the risks of running unlicensed products on a network. Students will learn how to: Manage site licenses by creating, selecting, and changing site licensing servers. Windows Server 2003 Active Directory Infrastructure Objectives 202. Manage an Active Directory site. Lecture Focus Questions: What does a site license server do? How does the license monitoring process work? Video/Demo Time 6.5.1 Site License Server 1:11 6.5.2 Changing the Licensing Server 1:15 Total 2:26 Lab/Activity Select the Site Licensing Server Total Time About 10 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 47 Section 6.6: Application Directory Partitions Summary There are several different types of partitions. Know and understand each of them. Be familiar with the differences between application directory partitions and other partition types. Students will learn how to: Describe the circumstances under which application directory partitions are more effective than other partition types. Create and delete application directory partitions and replicas. Windows Server 2003 Active Directory Infrastructure Objectives 202. Manage an Active Directory site. o Configure replication schedules. Lecture Focus Questions: What factors make application directory partitions ideal for storing dynamic data? What types of objects can an application directory partitions store? What limitations do objects in application directory partitions operate under? Total Time About 5 minutes ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 48 Practice Exams Summary This section provides information to help prepare students to take the exam and to register for the exam. Students will also have the opportunity of testing their mastery of the concepts presented in this course to reaffirm that they are ready for the certification exam. For example, all questions that apply to Objective 100. Infrastructure Planning are grouped together and presented in practice exam 100. Infrastructure Planning, All Questions. Students will typically take about 30-90 minutes to complete each of the following practice exams. 100. Infrastructure Planning, All Questions (29 questions) 200. Infrastructure Management, All Questions (38 questions) 300. Users, Computers and Groups, All Questions (17 questions) 400. Group Policy Planning, All Questions (35 questions) 500. Group Policy Management, All Questions (8 questions) The Certification Practice Exam consists of 45 questions that are randomly selected from the above practice exams. Each time the Certification Practice Exam is accessed different questions may be presented. The Certification Practice Exam has a time limit of 90 minutes -- just like the real certification exam. A passing score of 95% should verify that the student has mastered the concepts and is ready to take the real certification exam. ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 49 Appendix A: Approximate Time for the Course The total time for the LabSim for Microsoft’s Implementing a Server 2003 Active Directory Infrastructure Exam 70-294 course is approximately 15 hours and 42 minutes. The time is calculated by adding the approximate time for each section which is calculated using the following elements: Video/demo times Approximate time to read the text lesson (the length of each text lesson is taken into consideration) Simulations (5 minutes assigned per simulation) Questions (1 minute per question) Module Sections Time Minute HR:MM 1.0 Active Directory Overview 1.1 Introduction to Active Directory 40 40 :40 15 15 10 30 70 1:10 30 25 15 70 1:10 10 40 25 45 5 20 145 2:25 2.0 Installing and Maintaining Active Directory 2.1 Installing Active Directory 2.2 Advanced Installation 2.3 Verifying Installation 2.4 Backup and Restore 3.0 Active Directory Security 3.1 Managing Groups 3.2 Group Security Planning 3.3 Delegating Authority 4.0 Managing the Active Directory Structure 4.1 Planning the Structure 4.2 Trust Relationships 4.3 Functional Levels 4.4 Operation Masters 4.5 Schema 4.6 Active Directory Objects 5.0 Managing Group Policy 5.1 Creating and linking GPOs 5.2 Editing GPOs 5.3 Group Policy Inheritance 5.4 Planning GPOs 30 5 50 30 ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 50 5.5 Delegating Administration 5.6 Software Distribution 5.7 Administrative Templates 5.8 Folder Redirection 5.9 Managing Logon 5.10 Managing Certificate Enrollment 10 65 20 20 45 15 290 4:50 25 55 30 30 10 5 155 2:35 29 38 17 35 8 45 172 2:52 942 15:42 6.0 Sites and Services 6.1 Managing Sites 6.2 Customizing Replication 6.3 Troubleshooting Replication 6.4 Global Catalogs 6.5 Site License Servers 6.6 Application Directory Partitions Practice Exams 100. Infrastructure Planning (29 questions) 200. Infrastructure Management (38 questions) 300. Users, Computers and Groups (17 questions) 400. Group Policy Planning (35 questions) 500. Group Policy Management (8 questions) Certification Practice Exam (45 questions) Total Time ©2002 TestOut Corporation (Rev 5/12) Implementing a Server 2003 Active Directory Infrastructure (70-294) 51