Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

Windows Server 2003 Active Directory Infrastructure

advertisement 
Lesson Plans
LabSim for Microsoft’s Implementing
a Server 2003 Active Directory
Infrastructure
(Exam 70-294)
Table of Contents
Course Overview .................................................................................................. 2
Section 1.1: Introduction to Active Directory ......................................................... 3
Section 2.1: Installing Active Directory .................................................................. 4
Section 2.2: Advanced Installation ........................................................................ 5
Section 2.3: Verifying Installation .......................................................................... 7
Section 2.4: Backup and Restore.......................................................................... 8
Section 3.1: Managing Groups ........................................................................... 10
Section 3.2: Group Security Planning ................................................................. 12
Section 3.3: Delegating Authority ........................................................................ 14
Section 4.1: Planning the Structure..................................................................... 15
Section 4.2: Trust Relationships ......................................................................... 16
Section 4.3: Functional Levels ............................................................................ 18
Section 4.4: Operation Masters .......................................................................... 19
Section 4.5: Schema ........................................................................................... 21
Section 4.6: Active Directory Objects .................................................................. 22
Section 5.1: Creating and Linking GPOs ............................................................ 23
Section 5.2: Editing GPOs .................................................................................. 24
Section 5.3: Group Policy Inheritance ................................................................. 25
Section 5.4: Planning GPOs ............................................................................... 27
Section 5.5: Delegating Administration ............................................................... 29
Section 5.6: Software Distribution ....................................................................... 31
Section 5.7: Administrative Templates ................................................................ 33
Section 5.8: Folder Redirection ........................................................................... 34
Section 5.9: Managing Logon ............................................................................. 35
Section 5.10: Managing Certificate Enrollment ................................................... 37
Section 6.1: Managing Sites ............................................................................... 39
Section 6.2: Customizing Replication.................................................................. 41
Section 6.3: Troubleshooting Replication ............................................................ 43
Section 6.4: Global Catalogs .............................................................................. 45
Section 6.5: Site License Servers ....................................................................... 47
Section 6.6: Application Directory Partitions ....................................................... 48
Practice Exams ................................................................................................... 49
Appendix A: Approximate Time for the Course ................................................... 50
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
1
Course Overview
1.0 Active Directory Overview
Module 1 provides an introduction to Active Directory. Students receive an
overview of Active Directory topology and components, including forests, trees,
domains, containers, and objects.
2.0 Installing and Maintaining Active Directory
Module 2 teaches students how to install Active Directory. The module also
covers troubleshooting tools and techniques.
3.0 Active Directory Security
Module 3 covers the methods for securing Active Directory. Topics include
security principals, group types, group strategies, permissions, and delegation.
4.0 Managing the Active Directory Structure
Module 4 covers the Active Directory management tasks. Students learn design
principles as well as management tools and procedures for establishing Active
Directory.
5.0 Managing Group Policy
Module 5 covers Group Policy. Many students find Group Policy a difficult subject
to master. You may want to spend additional time on the sections in this module.
6.0 Sites and Services
Module 6 covers Active Directory management across multiple sites. Students
learn about replication, site links, site link costs, universal membership caching,
and the different types of services that Active Directory uses.
Practice Exams
In Practice Exams students will have the opportunity to test themselves and
verify that they understand the concepts and are ready to take the certification
exam.
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
2
Section 1.1: Introduction to Active Directory
Summary
This section introduces the components of Active Directory. The students should
be familiar with many of the terms.
Students will learn how to:



Describe the components that constitute an Active Directory deployment.
Design an Active Directory structure.
Identify the tools used for Active Directory configuration and management.
Windows Server 2003 Active Directory Infrastructure Objectives


101. Plan a strategy for placing global catalog servers.
103. Implement an Active Directory directory service forest and domain
structure.
Lecture Focus Questions:






What was the first directory service?
What is a directory information tree?
How does Active Directory use DNS?
What is the purpose of a global catalog server?
Is a global catalog server useful in a single domain environment?
What are three examples of a Microsoft Management Console provided
with Windows Server 2003?
Video/Demo
1.1.1 Introduction to Directories
1.1.2 Domains, Trees, and Forests
Time
5:17
11:50
1.1.3 Container Objects
4:56
1.1.4 Sites and Site Links
5:22
1.1.5 The Active Directory Database
4:06
1.1.6 Active Directory Consoles
4:09
1.1.7 Active Directory Console
3:12
Total
38:52
Total Time
About 40 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
3
Section 2.1: Installing Active Directory
Summary
You should be familiar with Active Director installation. If possible, perform an
installation operation for the students to observe.
Students will learn how to:


Create Active Directory objects like a forest root, a tree, and a domain.
Use the Dcpromo tool to configure a domain controller.
Windows Server 2003 Active Directory Infrastructure Objectives

103. Implement an Active Directory directory service forest and domain
structure.
o Create the forest root domain.
o Create a child domain.
o Install and configure an Active Directory domain controller.
Lecture Focus Questions:



What does DCPromo do?
What are the domain options you'll be offered during installation?
What domain configuration information will you need to provide during
installation?
Video/Demo
Time
2.1.1 Active Directory Installation
2:49
2.1.2 Installing Active Directory
3:32
2.1.3 Creating a Forest Root
4:11
2.1.4 Installing a Domain Controller
2:26
Total
12:58
Number of Exam Questions
2 questions
Total Time
About 15 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
4
Section 2.2: Advanced Installation
Summary
If possible, create a domain on which you can perform management operations,
like renaming and removing Active Directory.
Students will learn how to:



Follow the steps to prepare a Windows 2000 Domain for a Windows
Server 2003 installation.
Select from advanced installation options to facilitate installation
procedures.
Take the necessary steps to rename Active Directory objects or remove
Active Directory.
Windows Server 2003 Active Directory Infrastructure Objectives

103. Implement an Active Directory directory service forest and domain
structure.
o Create the forest root domain.
o Create a child domain.
o Create and configure Application Data Partitions.
o Install and configure an Active Directory domain controller.
Lecture Focus Questions:




What are two advanced methods of installing active directory?
What commands must you run before installing the first Windows Server
2003 server into a Windows 2000 tree?
What are the ramifications of renaming a Domain?
Which command to you use to remove a domain controller from Active
Directory?
Video/Demo
Time
2.2.1 Preparing a Windows 2000 Domain
2:29
2.2.2 Advanced Installation Options
2:29
2.2.3 Renaming Domains and Domain Controllers 4:12
2.2.4 Removing Active Directory
Total
2:06
11:16
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
5
Number of Exam Questions
2 questions
Total Time
About 15 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
6
Section 2.3: Verifying Installation
Summary
Be familiar with the Active Directory installation so that you can show students
the settings they should check when troubleshooting problems. Demonstrate the
use of the troubleshooting tools.
Students will learn how to:



Identify installation problems and take steps to correct them.
Examine an Active Directory installation to verify a complete, correct
installation.
Identify and use tools designed to diagnose and correct installation
problems.
Windows Server 2003 Active Directory Infrastructure Objectives

103. Implement an Active Directory directory service forest and domain
structure.
Lecture Focus Questions:



How can you verify that Active Directory is installed?
What settings should you check as you begin to troubleshoot Active
Directory?
How can you use each of the available tools to troubleshoot Active
Directory?
Video/Demo
Time
2.3.1 Verifying Installation
4:14
2.3.2 Troubleshooting Installation
5:43
Total
9:57
Total Time
About 10 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
7
Section 2.4: Backup and Restore
Summary
Know the difference between authoritative and nonauthoritative restores. Prepare
examples of each for use during lecture.
Students will learn how to:



Establish a backup policy and deployment for Active Directory.
Explain the differences between a nonauthoritative restore and an
authoritative restore.
Choose the correct restore method based on the circumstances.
Windows Server 2003 Active Directory Infrastructure Objectives

204. Restore Active Directory directory services.
o Perform an authoritative restore operation.
o Perform a nonauthoritative restore operation.
Lecture Focus Questions:







What limitations make System State backups different from regular data
backups?
What happens during a nonauthoritative restore?
What happens during an authoritative restore?
What is the difference between the two restore types?
What are the steps for an authoritative restore?
What are the steps for a nonauthoritative restore?
How can you ensure data integrity after doing a restore?
Video/Demo
Time
2.4.1 Backing Up Active Directory
6:45
2.4.2 Backing Up Active Directory
2:40
2.4.3 Performing a Nonauthoritative Restore
3:45
2.4.4 Backup and Restore Facts
4:02
Total
17:12
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
8
Number of Exam Questions
9 questions
Total Time
About 30 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
9
Section 3.1: Managing Groups
Summary
Divide the students into groups. Create a domain, domain local, and universal
group. Explore the differences among them with the students. Discuss the
differences between builtin and custom groups. Explain when to use custom
groups. Prepare examples to show the differences among GUID, SID, and RID.
Students will learn how to:



Use the concept of security principals to control access to network
resources.
Design groups that allow you to enforce the principle of least privilege.
Create groups of different scopes and types.
Windows Server 2003 Active Directory Infrastructure Objectives


103. Implement an Active Directory directory service forest and domain
structure.
301. Plan a security group strategy.
Lecture Focus Questions:





What are two security principals?
What is a DACL?
What is inheritance?
What are the types of Active Directory groups?
Why do you create groups?
Video/Demo
Time
3.1.1 Security Principals
2:35
3.1.2 Groups
4:06
3.1.3 Creating Groups
2:37
Total
9:18
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
10
Lab/Activity



Create a Domain Group
Create a Domain Local Group
Create a Universal Group
Total Time
About 30 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
11
Section 3.2: Group Security Planning
Summary
Prepare examples to illustrate each of the group strategies. Understand nesting
and inheritance. Introduce permissions and the idea of inheritance.
Students will learn how to:



Design group strategies based on network deployment needs.
Deploy different types of group strategies.
Use group strategies to define task delegation.
Windows Server 2003 Active Directory Infrastructure Objectives


105. Plan an administrative delegation strategy.
o Plan an organizational unit (OU) structure based on delegation
requirements.
o Plan a security group hierarchy based on delegation requirements.
301. Plan a security group strategy.
Lecture Focus Questions:




What is group nesting?
When is a Universal group available?
Which type of group has users added to it?
How does a Universal group differ from a Domain Local group in its use
and membership?
Video/Demo
Time
3.2.1 Security Group Plan
4:13
3.2.3 Implementing a Group Plan
3:04
3.2.6 Assigning Active Directory Permissions
2:20
Total
9:37
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
12
Lab/Activity


Implement a Group Strategy 1
Implement a Group Strategy 2
Number of Exam Questions
2 questions
Total Time
About 25 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
13
Section 3.3: Delegating Authority
Summary
Organize the students into groups of administrators and users. Give permissions
to the administrators groups. Let the students explore the permissions. (Do not
perform this activity on a live network.)
Students will learn how to:


Describe the types of administrative control and when they are best
implemented.
Create an Active Directory structure that facilitates delegation.
Windows Server 2003 Active Directory Infrastructure Objectives


105. Plan an administrative delegation strategy.
o Plan an organizational unit (OU) structure based on delegation
requirements.
o Plan a security group hierarchy based on delegation requirements.
303. Plan an OU structure.
o Analyze the administrative requirements for an OU.
Lecture Focus Questions:



What are the two types of administration?
Why would you want to delegate administration?
What are two ways of delegating administration?
Video/Demo
Time
3.3.1 Delegation of Control
2:46
3.3.2 Delegating Control
3:18
Total
6:04
Number of Exam Questions
6 questions
Total Time
About 15 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
14
Section 4.1: Planning the Structure
Summary
Design some scenarios that allow the students to consider different design
considerations.
Students will learn how to:

Design an Active Directory structure by considering the deployment of
forests, domains, and Organizational Units.
Windows Server 2003 Active Directory Infrastructure Objectives

303. Plan an OU structure.
o Analyze the administrative requirements for an OU.
o Analyze the Group Policy requirements for an OU structure.
Lecture Focus Questions:





What is a forest?
Why would you need more than one forest?
What is a domain?
Why would you need more than one domain?
What is the primary reason for creating Organizational Units?
Video/Demo
Time
4.1.1 Planning the Forest
2:53
4.1.2 Planning Domains
2:49
4.1.3 Planning OUs
2:19
Total
8:01
Number of Exam Questions
1 question
Total Time
About 10 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
15
Section 4.2: Trust Relationships
Summary
Draw some trust relationships. Help the students analyze site link costs.
Students will learn how to:


Identify the different types of trusts used in Active Directory.
Create different types of trust relationships including external, shortcut,
and forest root trusts.
Windows Server 2003 Active Directory Infrastructure Objectives


103. Implement an Active Directory directory service forest and domain
structure.
o Establish trust relationships. Types of trust relationships might
include external trusts, shortcut trusts, and cross-forest trusts.
201. Manage an Active Directory forest and domain structure.
o Manage trust relationships.
Lecture Focus Questions:





What is a trust?
What is a transitive trust?
When would you install a non-transitive trust?
If you create two domains, do you have to create a trust manually?
Why would you use a one-way trust?
Video/Demo
Time
4.2.1 Trust Relationships
7:45
4.2.3 Creating Trust Relationships
4:58
Total
12:43
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
16
Lab/Activity




Create an External Trust 1
Create an External Trust 2
Create a Shortcut Trust
Create a Forest Root Trust
Number of Exam Questions
5 questions
Total Time
About 40 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
17
Section 4.3: Functional Levels
Summary
Create a chart of the functional levels, their requirements, and their
characteristics to use for class discussion.
Students will learn how to:


Identify the characteristics of domain and forest functional levels.
Raise the functional levels of domains and forests
Windows Server 2003 Active Directory Infrastructure Objectives

103. Implement an Active Directory directory service forest and domain
structure.
o Set an Active Directory forest and domain functional level based on
requirements.
Lecture Focus Questions:






What are the functional levels of a domain?
What functions do each of the different levels have?
When would you raise the domain functional level?
What are the requirements to raise functional levels?
What are the functional levels of a forest?
What determines the forest functional level?
Video/Demo
Time
4.3.1 Functional Levels
4:42
4.3.3 Changing Domain and Forest Levels
3:21
Total
8:03
Lab/Activity



Raise the Domain Functional Level
Raise the Forest Functional Level
Raise the Domain and/or Forest Level
Total Time
About 25 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
18
Section 4.4: Operation Masters
Summary
Understand each of the operation master roles. Prepare a chart that helps the
students understand the tasks each server performs.
Students will learn how to:



Transfer operation master roles among domain controllers.
Troubleshoot operation master roles to diagnose network problems.
Seize an operation master role in the case of a defunct role operations
master.
Windows Server 2003 Active Directory Infrastructure Objectives


102. Plan flexible operations master role placement.
o Plan for business continuity of operations master roles.
o Identify operations master role dependencies.
205. Troubleshoot Active Directory.
o Diagnose and resolve issues related to operations master role
failure.
Lecture Focus Questions:







What is the purpose of an operation master role server?
What is a schema master?
What is a domain naming master?
What is the RID master role?
What is the function of a PDC emulator?
What does the infrastructure master role do?
What is the difference between transferring a role and seizing a role?
Video/Demo
Time
4.4.1 Operation Master Roles
5:10
4.4.3 Changing Operation Masters
5:21
Total
10:31
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
19
Lab/Activity





Transfer an Operation Master 1
Transfer an Operation Master 2
Transfer the Naming Master
Identify Operation Master Placement 1
Identify Operation Master Placement 2
Number of Exam Questions
7 questions
Total Time
About 45 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
20
Section 4.5: Schema
Summary
Make a list of Active Directory objects and their attributes that make up the
schema. Discuss the function of each object and its attributes.
Students will learn how to:


Understand how to extend and manage the schema.
Explain the composition of the schema.
Windows Server 2003 Active Directory Infrastructure Objectives

201. Manage an Active Directory forest and domain structure.
o Manage schema modifications.
Lecture Focus Questions:




What is the schema?
What is metadata?
Why does Active Directory store the object definitions as objects?
What does it mean to extend the schema?
Number of Exam Questions
2 questions
Total Time
About 5 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
21
Section 4.6: Active Directory Objects
Summary
Create several OUs to work with during the course of the lecture. Show the
students how to migrate an OU. Show its attributes. Create objects inside the
OU.
Students will learn how to:



Create and manage Active Directory objects, including Organizational
Unit, User, Computer, and Group objects.
Move objects between domains using the Active Directory Migration Tool.
Choose the appropriate tools for Active Directory management tasks.
Windows Server 2003 Active Directory Infrastructure Objectives


303. Plan an OU structure.
304. Implement an OU structure.
Lecture Focus Questions:



What does the ADMT do?
Why is it better to rename or move an object than delete and recreate it?
What tools can you use to create an OU in Active Directory?
Video/Demo
Time
4.6.1 Managing Active Directory Objects
1:40
4.6.3 Using the Migration Tool
4:30
Total
6:10
Lab/Activity

Create OUs
Number of Exam Questions
6 questions
Total Time
About 20 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
22
Section 5.1: Creating and Linking GPOs
Summary
Group policy is a concept the students will find difficult. For this module, you
need to prepare plenty of examples. You also need an in-depth understanding of
Group Policy.
Students will learn how to:



Use GPOs to manage computers and users in Active Directory.
Create GPOs and links to Active Directory objects.
Delete GPOs and their respective links.
Windows Server 2003 Active Directory Infrastructure Objectives

501. Troubleshoot issues related to Group Policy application deployment.
Tools might include RSoP and the gpresult command.
Lecture Focus Questions:



What is a group policy?
Why would you institute a group policy?
What Active Directory objects can you link to a group policy?
Video/Demo
Time
5.1.1 Group Policy
5:41
5.1.2 Group Policy Application Order
2:54
5.1.3 Creating and Linking a GPO
6:26
Total
15:01
Lab/Activity


Link an Existing GPO
Create and Link a GPO
Number of Exam Questions
2 questions
Total Time
About 30 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
23
Section 5.2: Editing GPOs
Summary
Set some group policies to review with your students. If possible, implement
them on a limited scale to examine their effects.
Students will learn how to:

Apply GPO settings to control the computer and user configurations.
Windows Server 2003 Active Directory Infrastructure Objectives


402. Configure the user environment by using Group Policy.
o Distribute software by using Group Policy.
o Configure user security settings by using Group Policy.
403. Deploy a computer environment by using Group Policy.
o Distribute software by using Group Policy.
o Configure computer security settings by using Group Policy.
Lecture Focus Questions:




What is the purpose of an Administrative Template?
What does the Software Settings option allow you to do?
What operations do you use the Windows Settings for?
What does Security Settings allow an administrator to do?
Video/Demo
Time
5.2.1 The Group Policy Editor
2:49
5.1.3 Configuring GPO Settings
4:58
Total
5:47
Total Time
About 5 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
24
Section 5.3: Group Policy Inheritance
Summary
If possible, set some policies on a computer or group of computers. Perform
some of the management tasks like blocking inheritance and setting the No
Override value. Examine and discuss the effects of the changes with the
students.
Students will learn how to:



Modify the order in which GPOs are applied.
Manage GPOs by disabling the GPO or removing the GPO link.
Use Block Inheritance, No Override, WMI Filtering, and Loopback
Processing to control GPO application.
Windows Server 2003 Active Directory Infrastructure Objectives



402. Configure the user environment by using Group Policy.
o Configure user security settings by using Group Policy.
403. Deploy a computer environment by using Group Policy.
o Configure computer security settings by using Group Policy.
503. Troubleshoot the application of Group Policy security settings. Tools
might include RSoP and the gpresult command.
Lecture Focus Questions:





In what order are group policies applied?
If there is more than one group policy linked to a domain, what controls
the order of application?
How does group policy inheritance affect computer or user settings?
What is the difference between No Override and Block Inheritance?
How can you apply group policy settings to specific users or groups?
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
25
Video/Demo
Time
5.3.1 Group Policy Inheritance
4:50
5.3.2 Controlling Group Policy Application
2:56
5.3.8 Filtering Group Policy
2:19
5.3.9 Filtering GPOs
2:22
Total
12:27
Lab/Activity





Change the GPO Order
Disable a GPO
Remove a GPO Link
Block Inheritance
Set No Override
Number of Exam Questions
10 questions
Total Time
About 50 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
26
Section 5.4: Planning GPOs
Summary
If possible, set some policies against which you can run the RSoP wizard in both
its modes. Discuss the results as part of the lecture.
Students will learn how to:


Design GPOs to meet specified requirements for regulating the computer
and user environments.
Use Group Policy tools to analyze the effects of GPOs in test and live
environments.
Windows Server 2003 Active Directory Infrastructure Objectives

401. Plan Group Policy strategy.
o Plan a Group Policy strategy by using Resultant Set of Policy
(RSoP) Planning mode.
o Plan a strategy for configuring the user environment by using
Group Policy.
o Plan a strategy for configuring the computer environment by using
Group Policy.
Lecture Focus Questions:



What are two reasons to use RSoP?
What tools or utilities are available for managing group policies?
What are best practices for using group policy?
Video/Demo
Time
5.4.1 Planning OUs for Group Policy
2:19
5.4.4 Analyzing GPOs
2:25
5.4.5 Using Resultant Set of Policy (RSoP)
6:06
Total
10:50
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
27
Lab/Activity


Implement a GPO 1
Implement a GPO 2
Number of Exam Questions
8 questions
Total Time
About 30 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
28
Section 5.5: Delegating Administration
Summary
Prepare different scenarios that would require different delegation strategies.
Discuss the pros and cons of each delegation strategy.
Students will learn how to:


Explain the three types of delegation: decentralized, centralized, and taskbased.
Delegate GPO control depending on the requirements of the chosen
delegation strategy.
Windows Server 2003 Active Directory Infrastructure Objectives



105. Plan an administrative delegation strategy.
o Plan an organizational unit (OU) structure based on delegation
requirements.
o Plan a security group hierarchy based on delegation requirements.
303. Plan an OU structure.
o Analyze the Group Policy requirements for an OU structure.
304. Implement an OU structure.
o Delegate permissions for an OU to a user or to a security group.
Lecture Focus Questions:



What are common group policy administration tasks?
What are the differences between centralized and decentralized
administration control?
What is tasked-based administration?
Video/Demo
Time
5.5.1 Delegating Group Policy Administration
3:40
5.5.2 Delegating GPO Control
5:47
Total
9:27
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
29
Total Time
About 10 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
30
Section 5.6: Software Distribution
Summary
Discuss the types of software that administrators most commonly need to apply
across networks. Be familiar with the recommended best practices and discuss
them with the students.
Students will learn how to:


Perform software distribution management tasks including assigning
software, publishing software, and designing software distribution.
Implement changes to software distribution by modifying configurations
and restrictions.
Windows Server 2003 Active Directory Infrastructure Objectives




402. Configure the user environment by using Group Policy.
o Distribute software by using Group Policy.
403. Deploy a computer environment by using Group Policy.
o Distribute software by using Group Policy.
501. Troubleshoot issues related to Group Policy application deployment.
Tools might include RSoP and the gpresult command.
502. Maintain installed software by using Group Policy.
o Distribute updates to software distributed by Group Policy.
o Configure automatic updates for network clients by using Group
Policy.
Lecture Focus Questions:





What type of drive mapping would you use to point to a software
distribution point?
Can you use group policies to remove software?
Who determines the order software packages are installed?
What is a file with the extension MSI?
What is a repackaged application?
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
31
Video/Demo
Time
5.6.1 Software Distribution
6:49
5.6.2 Distributing Software
5:33
5.6.7 Modifying Software Distribution
7:08
5.6.8 Configuring Software Restriction Policies
9:22
Total
28:52
Lab/Activity




Publish Software
Assign Software
Design Software Distribution 1
Design Software Distribution 2
Number of Exam Questions
15 questions
Total Time
About 65 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
32
Section 5.7: Administrative Templates
Summary
Familiarize yourself with the most common Administrative Template settings.
Configure some settings to discuss with the students.
Students will learn how to:


Manage computers and users by configuring GPOs through the
Administrative Templates node.
Identify and describe the uses of the various Administrative Templates.
Windows Server 2003 Active Directory Infrastructure Objectives



401. Plan Group Policy strategy.
o Plan a strategy for configuring the user environment by using
Group Policy.
o Plan a strategy for configuring the computer environment by using
Group Policy.
402. Configure the user environment by using Group Policy.
403. Deploy a computer environment by using Group Policy.
Lecture Focus Questions:



What does an administrative template contain?
What is the purpose of an .ADM file?
Where do administrative templates come from?
Video/Demo
Time
5.7.1 Administrative Templates
2:44
5.7.2 Configuring Administrative Templates
3:51
Total
6:35
Lab/Activity


Configure Administrative Templates 1
Configure Administrative Templates 2
Total Time
About 20 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
33
Section 5.8: Folder Redirection
Summary
Redirect the My Documents folder for your students or on some test machines.
Discuss the effects of folder redirection on clients.
Students will learn how to:


Redirect folders using GPOs.
Identify the folders that can be redirected.
Windows Server 2003 Active Directory Infrastructure Objectives

402. Configure the user environment by using Group Policy.
o Redirect folders by using Group Policy.
Lecture Focus Questions:




What is the impact of a roaming user profile and folder redirection?
How do you implement folder redirection?
What types of folders are redirected?
How can you test folder redirection to make sure it is working properly?
Video/Demo
Time
5.8.1 Folder Redirection
3:11
5.8.2 Redirecting Folders
4:21
Total
7:32
Lab/Activity

Redirect Folders
Number of Exam Questions
4 questions
Total Time
About 20 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
34
Section 5.9: Managing Logon
Summary
Familiarize yourself with the different account settings. Discuss how each of the
settings ties into the design of password and logon policies. Discuss the pros and
cons of configuring each setting.
Students will learn how to:


Manage user logons by configuring account settings, unlocking accounts,
and enforcing password standards.
Simplify user logon by modifying UPN suffixes.
Windows Server 2003 Active Directory Infrastructure Objectives

302. Plan a user authentication strategy.
o Create a password policy for domain users.
Lecture Focus Questions:




What are the settings administrators can use to enforce password
policies?
What are the characteristics of complex passwords?
What is the purpose of an account lockout policy?
What does each of the account lockout settings do?
Video/Demo
Time
5.9.1 Password Policies
2:55
5.9.2 Account Lockout
2:22
5.9.3 Configuring Account Policies
6:10
5.9.8 Adding a UPN Suffix
2:23
Total
13:50
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
35
Lab/Activity




Configure Account Settings 1
Configure Account Settings 2
Configure Password Settings 1
Configure Password Settings 2
Number of Exam Questions
9 questions
Total Time
About 45 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
36
Section 5.10: Managing Certificate Enrollment
Summary
This is another difficult concept that the students may find troublesome.
Familiarize yourself with the principles of PKI and certificates to clarify students’
confusions.
Students will learn how to:



Describe the uses of PKI.
Identify the appropriate circumstances of implementing smart cards.
Modify settings to facilitate certificate enrollment for users.
Windows Server 2003 Active Directory Infrastructure Objectives



302. Plan a user authentication strategy.
o Plan a smart card authentication strategy.
402. Configure the user environment by using Group Policy.
o Automatically enroll user certificates by using Group Policy.
403. Deploy a computer environment by using Group Policy.
o Automatically enroll computer certificates by using Group Policy.
Lecture Focus Questions:











What comprises the Public Key Infrastructure?
What is a digital certificate?
What is a Certificate Authority responsible for doing?
How do public and private keys work?
What makes smart cards an effective means of authentication?
What requirements must a network meet before implementing smart
cards?
What are the costs involved in implementing a smart card solution?
What does a public key policy allow you to control?
What is a trusted root CA?
What does a CTL do?
What are the uses of auto enrollment?
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
37
Video/Demo
Time
5.10.1 Certificates and PKI
3:34
5.10.2 Smart Cards
1:37
5.10.3 Public Key Policies
1:46
5.10.4 Configuring Automatic Certificate Enrollment 3:28
Total
10:25
Number of Exam Questions
3 questions
Total Time
About 15 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
38
Section 6.1: Managing Sites
Summary
Prepare examples of sites and subnets. Show students the different types of
configurations that can be implemented. Prepare trust examples for discussion.
Understand the importance of trusts to be able to explain it to the students.
Students will learn how to:


Design, create, and manage site and subnet infrastructure.
Manage replication including calculating site link costs.
Windows Server 2003 Active Directory Infrastructure Objectives


104. Implement an Active Directory site topology. (6.2)
o Configure site links.
202. Manage an Active Directory site. (6.2, 6.1
o Configure replication schedules.
o Configure site link costs.
Lecture Focus Questions:






What is a site?
What is a site used for?
What is the purpose of a site link?
What does a site cost do?
What are advantages of having sites with transitive trusts?
How are replication links chosen?
Video/Demo
Time
6.1.1 Site Concepts
7:00
6.1.2 Creating Sites
4:43
Total
11:43
Lab/Activity


Rename the Default Site
Create a Site and Subnet
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
39
Number of Exam Questions
1 question
Total Time
About 25 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
40
Section 6.2: Customizing Replication
Summary
Familiarize yourself with the concept of replication. Understand the components
involved in replication like intra- and intersite replication, bridgehead servers, site
links.
Students will learn how to:


Configure data transport by administering site links and bridgehead
servers.
Manage replication by performing such tasks as configuring intrasite and
intersite replication and forcing replication.
Windows Server 2003 Active Directory Infrastructure Objectives



104. Implement an Active Directory site topology.
o Configure site links.
o Configure preferred bridgehead servers.
202. Manage an Active Directory site.
o Configure replication schedules.
o Configure site link costs.
205. Troubleshoot Active Directory.
o Diagnose and resolve issues related to Active Directory replication.
Lecture Focus Questions:







What are the differences between intrasite and intersite replication?
What are the characteristics of intra- and intersite replication?
What is a site schedule?
What are two intersite transport protocols?
What is the purpose of a KCC?
What is the function of the bridgehead server?
How is a preferred bridgehead server determined?
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
41
Video/Demo
Time
6.2.1 Active Directory Replication
5:46
6.2.2 Intersite Transports
4:17
6.2.3 Managing Replication
6:14
6.2.8 Designating Bridgehead Servers
1:47
Total
18:04
Lab/Activity





Modify Site Links
Configure Intersite Replication
Configure Intrasite Replication
Force Replication
Designate a Bridgehead Server
Number of Exam Questions
10 questions
Total Time
About 55 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
42
Section 6.3: Troubleshooting Replication
Summary
Be familiar with how each of the troubleshooting tools works. If possible,
generate data to use as examples during your lecture.
Students will learn how to:



Diagnose replication problems using log files in Event Viewer.
Monitor replication with Replmon.
Manage replication tasks, like scheduling, setting replication intervals, and
forcing domain controller synchronization.
Windows Server 2003 Active Directory Infrastructure Objectives

203. Monitor Active Directory replication failures. Tools might include
Replication Monitor, Event Viewer, and support tools.
o Monitor Active Directory replication.
o Monitor File Replication service (FRS) replication.
Lecture Focus Questions:









How does Repelmon help with troubleshooting?
What does Repadmin do?
What do you use Dsastat for?
What is an update sequence number (USN)?
What is the Up-to-dateness vector?
What is the function of the attribute version number?
What is a tombstoned object?
What happens during garbage collection?
What can you find in Lost and Found?
Video/Demo
Time
6.3.1 Troubleshooting Replication
4:12
6.3.2 Monitoring Replication
4:12
Total
8:24
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
43
Lab/Activity

Troubleshoot replication
Number of Exam Questions
13 questions
Total Time
About 30 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
44
Section 6.4: Global Catalogs
Summary
Understand the function of the global catalog server. You should also be familiar
with universal group membership and the advantages and disadvantages of
using universal groups.
Students will learn how to:


Manage Global Catalog servers by creating single or multiple Global
Catalog server configurations.
Establish universal group membership caching for a site or multiple sites.
Windows Server 2003 Active Directory Infrastructure Objectives


101. Plan a strategy for placing global catalog servers.
o Evaluate network traffic considerations when placing global catalog
servers.
o Evaluate the need to enable universal group caching.
205. Troubleshoot Active Directory.
o Diagnose and resolve issues related to Active Directory replication.
Lecture Focus Questions:






How does a Global Catalog query work?
What are the advantages of having more than one Global Catalog server?
What kind of data does a Global Catalog server store?
Why doesn't a single domain network need a Global Catalog server?
What is the function of Universal Group Membership caching?
What considerations should you make before implementing a Global
Catalog server?
Video/Demo
Time
6.4.1 Global Catalog Server Placement
6:10
6.4.2 Designating a Global Catalog Server
2:12
Total
8:22
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
45
Lab/Activity


Designate a Global Catalog Server
Enable Universal Group Membership Caching
Number of Exam Questions
9 questions
Total Time
About 30 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
46
Section 6.5: Site License Servers
Summary
Be familiar with the importance of licensing. Discuss licensing issues with the
students, including the risks of running unlicensed products on a network.
Students will learn how to:

Manage site licenses by creating, selecting, and changing site licensing
servers.
Windows Server 2003 Active Directory Infrastructure Objectives

202. Manage an Active Directory site.
Lecture Focus Questions:


What does a site license server do?
How does the license monitoring process work?
Video/Demo
Time
6.5.1 Site License Server
1:11
6.5.2 Changing the Licensing Server
1:15
Total
2:26
Lab/Activity

Select the Site Licensing Server
Total Time
About 10 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
47
Section 6.6: Application Directory Partitions
Summary
There are several different types of partitions. Know and understand each of
them. Be familiar with the differences between application directory partitions and
other partition types.
Students will learn how to:


Describe the circumstances under which application directory partitions
are more effective than other partition types.
Create and delete application directory partitions and replicas.
Windows Server 2003 Active Directory Infrastructure Objectives

202. Manage an Active Directory site.
o Configure replication schedules.
Lecture Focus Questions:



What factors make application directory partitions ideal for storing dynamic
data?
What types of objects can an application directory partitions store?
What limitations do objects in application directory partitions operate
under?
Total Time
About 5 minutes
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
48
Practice Exams
Summary
This section provides information to help prepare students to take the exam and
to register for the exam.
Students will also have the opportunity of testing their mastery of the concepts
presented in this course to reaffirm that they are ready for the certification exam.
For example, all questions that apply to Objective 100. Infrastructure Planning
are grouped together and presented in practice exam 100. Infrastructure
Planning, All Questions. Students will typically take about 30-90 minutes to
complete each of the following practice exams.
100. Infrastructure Planning, All Questions (29 questions)
200. Infrastructure Management, All Questions (38 questions)
300. Users, Computers and Groups, All Questions (17 questions)
400. Group Policy Planning, All Questions (35 questions)
500. Group Policy Management, All Questions (8 questions)
The Certification Practice Exam consists of 45 questions that are randomly
selected from the above practice exams. Each time the Certification Practice
Exam is accessed different questions may be presented. The Certification
Practice Exam has a time limit of 90 minutes -- just like the real certification
exam. A passing score of 95% should verify that the student has mastered the
concepts and is ready to take the real certification exam.
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
49
Appendix A: Approximate Time for the Course
The total time for the LabSim for Microsoft’s Implementing a Server 2003 Active
Directory Infrastructure Exam 70-294 course is approximately 15 hours and 42
minutes. The time is calculated by adding the approximate time for each section
which is calculated using the following elements:




Video/demo times
Approximate time to read the text lesson (the length of each text lesson is
taken into consideration)
Simulations (5 minutes assigned per simulation)
Questions (1 minute per question)
Module
Sections
Time
Minute HR:MM
1.0 Active Directory Overview
1.1 Introduction to Active Directory
40
40
:40
15
15
10
30
70
1:10
30
25
15
70
1:10
10
40
25
45
5
20
145
2:25
2.0 Installing and Maintaining Active Directory
2.1 Installing Active Directory
2.2 Advanced Installation
2.3 Verifying Installation
2.4 Backup and Restore
3.0 Active Directory Security
3.1 Managing Groups
3.2 Group Security Planning
3.3 Delegating Authority
4.0 Managing the Active Directory Structure
4.1 Planning the Structure
4.2 Trust Relationships
4.3 Functional Levels
4.4 Operation Masters
4.5 Schema
4.6 Active Directory Objects
5.0 Managing Group Policy
5.1 Creating and linking GPOs
5.2 Editing GPOs
5.3 Group Policy Inheritance
5.4 Planning GPOs
30
5
50
30
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
50
5.5 Delegating Administration
5.6 Software Distribution
5.7 Administrative Templates
5.8 Folder Redirection
5.9 Managing Logon
5.10 Managing Certificate Enrollment
10
65
20
20
45
15
290
4:50
25
55
30
30
10
5
155
2:35
29
38
17
35
8
45
172
2:52
942
15:42
6.0 Sites and Services
6.1 Managing Sites
6.2 Customizing Replication
6.3 Troubleshooting Replication
6.4 Global Catalogs
6.5 Site License Servers
6.6 Application Directory Partitions
Practice Exams
100. Infrastructure Planning (29 questions)
200. Infrastructure Management (38 questions)
300. Users, Computers and Groups (17 questions)
400. Group Policy Planning (35 questions)
500. Group Policy Management (8 questions)
Certification Practice Exam (45 questions)
Total
Time
©2002 TestOut Corporation (Rev 5/12)
Implementing a Server 2003 Active Directory Infrastructure (70-294)
51
Related documents
reading
reading
Construction Check List for The Preserve, Delwood Point, and
Construction Check List for The Preserve, Delwood Point, and
Faculty Directory Information Form
Faculty Directory Information Form
Data Classification Examples
Data Classification Examples
Membership Enrollment Form
Membership Enrollment Form
File-Directory
File-Directory
Installing the CAR package.doc
Installing the CAR package.doc
Windows Azure Active Directory Overview
Windows Azure Active Directory Overview
Download
advertisement