MS Server 2016 – Identity with Windows Server 2016
Course Introduction
This course is designed to prepare students for the Windows Server 2016 (70-742) certification exam. The 70-742 certification exam is the third step on the path to becoming a Microsoft Certified Solutions Associate (MCSA).
In this course, students obtain the skills and knowledge required to handle Active Directory Domain Controllers, accounts and permissions, groups and OUs, service authentication and account policies, maintenance and recovery techniques, trusts, and sites. Students will learn about GPOs, group policy processing, settings, and preferences, Certificate Authorities with root, subordinate, and standalone CAs. Students will also learn about Active Directory Federation Services (ADFS), Web application proxies, and Active Directory Rights Management Services (AD RMS).
Course Prerequisites
Experience in the IT field, Installation, Storage, and Compute with Microsoft Windows Server 2016 70-740 and Networking with Microsoft Windows Server 2016 70-741, or equivalent.
Course Notes
A student manual is provided for ongoing reference. The course consists of 13 graded end-of-module quizzes and a final exam. Participants who receive 75% or higher on their final grade will receive a certificate.
Due to the dynamic nature of the IT industry, job success mandates that an individual not only learn the theory, but also obtain the skills to locate resources that provide answers and help solve problems on the job. We encourage our students to develop research and study skills that will help them make the transition from the classroom to the work environment. Independent thinking is required of anyone considering IT courses and a career in Information Technology.
Course Breakdown
Module 1: Add and remove Domain Controllers (DC), Server Cores, DC upgrades, IFM deployments, DNS SRV records, Global Catalog Servers, Operations Master Roles, RODCs
Module 2: Automating and managing AD user and computer accounts, template accounts, bulk AD operations, configure NTFS and share permissions, offline domain join, inactive and disabled accounts, password resets, DC cloning
Module 3: Manage group nesting, converting groups, group membership in group policy and PowerShell, enumerating group memberships, delegating management, AD containers, groups and OUs
Module 4: Managing service accounts and gMSAs, Kerberos Constrained Delegation (KCD), Service Principal Names (SPNs), virtual accounts, Password Policy Settings Objects (PSOs) and delegation, account lockout, Kerberos, and authentication policy settings and silos
Module 5: Backup AD, and SYSVOL, offline management of AD, AD defragmentation, metadata cleanup, object and container-level recovery, AD restore, AD recycle bin, SYSVOL replication to DFRS, multidomain and multi-forest configuration, deploy DC in existing AD environments, upgrade and configure domain and forest functional level, and multiple UPN suffixes
Module 6: ADDS, forest, external, and realm trusts, trust authentication, SID filtering, name suffice routing, sites and subnets, site links and coverages, registration of SRV records, moving DCs between sites
Module 7: Managing ADMX central store for GPOs, starter GPOs, GPO links, migration tables, local group policy, restoring default GPOs, delegating group policy management, status page health issues using the group policy infrastructure
Module 8: Group policy processing and precedence, block inheritance, enforcing GPOs, security filtering and WMI filtering, loopback processing, slowlink processing, group policy caching, ClientSide Extension (CSE), forcing a group policy update
Module 9: AD group policy settings for software installation and redirection policies, creating scripts, administrative and import security templates, import a custom administrative template file, filtering administrative templates
Module 10: Group policy preferences for printer preferences, map network drives, power options, custom registry settings, control panel settings, Internet Explorer settings, file and folder deployment, shortcut deployment, item-level targeting
Module 11: Installing Active Directory Certificate Services (CAs), root and subordinate CAs, and standalone CAs, certificate revocation lists, online responders, administrative role separation, CA backup and recovery, managing certificates, templates, deployment, validation and revocation, renewal, enrollment using group policies, configure key archival and recovery
Module 12: Upgrade and migrate AD FS workloads, client-based authentication, relying party trusts, authentication and multi-authentication policies, configure device registration, AD FS with Microsoft Passport, AD FS with Microsoft Azure and Office 365, AD FS stored authentication in LDAP directories. Install, implement, and configure Web Application Proxy (WAP), passthrough mode, WAP as AD FS Proxy, WAP and AD FS integration, publish Web apps in WAP, HTTP and HTTPS redirects and FQDNs internal and external configurations
Module 13: Active Directory Rights Management Services (AD RMS), Licensor Certificate AD RMS Server, AD RMS Service Connection Point (SCP), templates, exclusion policies, backup and restore AD RMS