slides exam 70-640
TRANSCRIPT
Windows Server 2008 Technology Specialist series: Exams 70-640
Presenter: Bob Reinsch, Centriq Training, Leawood, KS (USA)
Microsoft Learning
Exam Cram Marathon
Presenter: Bob Reinsch Education & Certifications B.A., Wichita State University MCT, MCITP: Enterprise Messaging Admin., MCITP: Enterprise Support Tech, MCITP: Enterprise Admin., MCITP: Server Admin., A+, Network+, Security+, CTT, MCSE: Windows 2003, MCSE: Security, MCSE: Messaging, Real World Security Authorized Instructor and Sair/GNU Linux Certified Professional
Number of Years in IT 24 years
Number of Years in Training 18 years
Areas of Expertise Windows 2000 Windows 2003 Windows 2008 Windows XP Windows Vista Windows 7 Active Directory Security Exchange Messaging
LinkedIn.com/in/TheBobster
Facebook.com/CentriqTraining
Email: [email protected]
General Study Tips
70-640 Exam Cram
Subject Focus
Study & Pass your exams
Agenda
Choose Your Path
MTA
MCTS
MCITP & MCPD
MCM
MCA
MOS
MOS EXPERT
MOS MASTER
AND/OR
MO
S C
ert
ific
ati
ons
IT C
ert
ific
ati
ons
Where to Get It (MCTS -
MCA)
Microsoft Microsoft Technology Specialist and Professional Series
certifications exams are administered by Prometric
• All audio of the sessions will be downloadable
• All content of the sessions will be downloadable
• Sessions run continuously all day today
• Microsoft Learning representatives are available
all day to answer certification questions via chat
• Download promotional offers into your Virtual
Backpack and book your exams soon!
More information about
these Exam Cram sessions
Study Tips Relax
Fall back on your experience
Process of Elimination
Mark your questions
Review afterwards
Trust your gut
General Tips – Exam Information 70-640 Information
•http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-
640&locale=en-us
Question Types include multiple choice, drag & drop, sequentials
50 Questions
Passing Score is 700
General Tips - Studying Study Recommendations
•Real-world experience in field
•Hands-on experience in lab/virtual machine
•Microsoft Official Curriculum (MOC) - ILT
•Online course (MODL)
•Microsoft E-learning
•Microsoft Press
•Practice Questions – MeasureUp or SelfTest
•**Focus on New Features/Upgraded Features from Windows Server
2003**
70-640 : Configuring Windows Server
2008 Network Infrastructure The Microsoft Certified Technology Specialist (MCTS)
on Windows Server 2008 credentials are intended for
information technology (IT) professionals who work in
the complex computing environment of medium to
large companies.
Passing this exam earns you the certification for
MCTS:Windows Server 2008 Active Directory,
Configuring and counts as credit towards
MCITP:Enterprise Administrator and MCITP:Server
Administrator
70-640 : Configuring Windows Server
2008 Network Infrastructure The MCTS candidate should have at least
one year of experience implementing and administering Windows Server 2008 R2 in
an environment that has the following characteristics:
• 250 to 5,000 or more users
• multiple physical locations, multiple domain controllers
• network services and resources such as messaging, databases, file and print, firewalls, Internet access, an intranet, Public Key Infrastructure,
remote access, remote desktop, virtualization, and client computer management
• connectivity requirements such as connecting branch offices and individual users in remote locations to corporate resources, and
connecting corporate networks
Skills being measured… Configuring Domain Name System (DNS) for Active Directory (17%)
Configure zones.
May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic
DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL);
GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA;
zone scavenging; forward lookup; reverse lookup
Configure DNS server settings.
May include but is not limited to: forwarding; root hints; configure zone
delegation; round robin; disable recursion; debug logging; server
scavenging
Configure zone transfers and replication.
May include but is not limited to: configure replication scope
(forestDNSzone; domainDNSzone); incremental zone transfers; DNS
Notify; secure zone transfers; configure name servers; application
directory partitions
Skills being measured… Configuring the Active Directory infrastructure (17 percent)
Configure a forest or a domain.
May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep
Configure trusts.
May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering
Configure sites.
May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure
Configure Active Directory replication.
May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication
Configure the global catalog.
May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog
Configure operations masters.
May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service
Skills being measured… Configuring Active Directory Roles and Services (14 percent)
Configure Active Directory Lightweight Directory Service (AD LDS).
May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation
Configure Active Directory Rights Management Service (AD RMS).
May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE
Configure the read-only domain controller (RODC).
May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install
Configure Active Directory Federation Services (AD FSv2).
May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies
Skills being measured… Creating and maintaining Active Directory objects (18 percent)
Automate creation of Active Directory accounts.
May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join
Maintain Active Directory accounts.
May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts
Create and apply Group Policy objects (GPOs).
May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)
Configure GPO templates.
May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies
Deploy and manage software by using GPOs.
May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker
Configure account policies.
May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies
Configure audit policy by using GPOs.
May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting
Skills being measured… Maintaining the Active Directory environment (18 percent)
Configure backup and recovery.
May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin
Perform offline maintenance.
May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool
Monitor Active Directory.
May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell
Skills being measured… Configuring Active Directory Certificate Services
(15 percent) Install Active Directory Certificate Services.
May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments
Configure CA server settings.
May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing
Manage certificate templates.
May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent
Manage enrollments.
May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping
Manage certificate revocations.
May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)
Deep Dive: Command Line Command Line Necessities:
My experience has lead me to believe that one of the areas that
many admins pursuing this certification is knowledge of the
command line and the options.
Dcpromo.exe netdom netsh ocsetup
dsacls dsadd dsget dsmod
dsmove dsrm dsquery csvde
redircmp redirusr gpupdate gpresult
secedit scwcmd Scw.exe adprep
Deep Dive: Command Line
Dsmgmt Nslookup Dnscmd Ntdsutil
Dfsrmig.exe Repadmin.exe Dcdiag.exe Dsamain
Dsmgmt Gpfixup.exe Ipconfig Ksetup
Ktpass Ldifde Ldp Movetree
Nltest W32tm.exe Wbadmin Adaminstall.exe
Adamsync.exe Adamuninstall.exe Adschemaanalyzer Dsdbutil.exe
Certutil A-Z List of
Commands
Additional Info
Windows Server 2008 and 2008 R2 Springboard Site • http://technet.microsoft.com/en-us/windowsserver/bb310558
Download an evaluation copy of Windows Server 2008 R2 • http://technet.microsoft.com/en-us/evalcenter/dd459137.aspx
Technet Virtual Labs • http://technet.microsoft.com/en-us/windowsserver/bb512925.aspx
Exam 70-640
TS: Windows Server 2008 Active Directory,
Configuring presented by Bob Reinsch
Resources
To find more prep materials for your exam visit:
http://www.microsoft.com/learning/en/us/Exam.aspx?ID=
70-640&locale=en-us
Schedule your next exam:
https://www.prometric.com/Microsoft/default.htm
Review the Entire Windows Server Certification Path
http://www.microsoft.com/learning/en/us/certification/c
ert-windowsserver.aspx