Managing and Maintaining Windows Server 2008 Active Directory Servers

Introduction

This two day instructor led course provides students with the knowledge and skills to manage and maintain Windows Server 2008 Active Directory servers. The course focuses on the Active Directory server lifecycle by creating baselines, monitoring the system health, and maintaining security for the Active Directory servers. The course also focuses on managing Active Directory Domain Services and Active Directory service roles.

Audience

At Course Completion

• Plan and identify different approaches to Active Directory server deployment.

• Add and remove the Active Directory Domain Services server role.

• Identify strategies for developing, monitoring, and reviewing baselines.

• Create baselines for different Active Directory roles with the appropriate metrics using the Windows Reliability and Performance Monitor.

• Create and evaluate a monitoring plan based on business needs and environments.

• Determine the health of Active Directory servers using performance monitoring and event log triggers.

• Configure effective alerts and responses as well as evaluate alternative recommendations for Active Directory Domain Services servers to meet a business goal.

• Describe and implement the methodology of maintaining Windows Server Active Directory Domain Services.

• Perform Active Directory Domain Services maintenance and administrative tasks.

• Explain and deploy proven methods to harden the Active Directory servers.

• Decide which Server 2008 security features can address a given business situation.

• Add server roles to a Windows 2008 network.

• Deploy and operate an Active Directory Lightweight Directory Services server role.

Prerequisites

• 6424 Fundamentals of Windows Server 2008 Active Directory

• 6425 Configuring Windows Server 2008 AD DS

• 6426 Configuring Identity and Access Solutions with Windows Server 2008 Active Directory

• 6430 Managing and Maintaining Windows Server 2008 Servers

Course Outline

This module explains how to support and maintain Active Directory servers to meet changing business requirements in an enterprise environment.

Lessons

• Planning an Active Directory Server Deployment

• Active Directory Server Deployment Technologies

• Adding Active Directory Domain Services Server Roles

• Removing Active Directory Services Server Roles

Lab: Managing and Maintaining a Windows Server 2008 Domain Controller

• Evaluating the Need for AD DS Promotion

• Meeting the Active Directory Need by Adding a Role

• Managing a Change Request for a RODC by the Using Command Line

• Developing a Management and Maintenance Plan

• Evaluating the Management and Maintenance Plan

After completing this module, students will be able to:

• Plan an Active Directory server deployment.

• Identify different approaches to Active Directory server deployment.

• Add and remove the AD DS server role with the Server Manager GUI.

• Evaluate the need for a new Active Directory role.

• Develop an ongoing management/maintenance plan.

Module 2: Creating Baselines for Active Directory Servers

This module explains how to create baselines using the Windows Reliability and Performance Monitor and through analysis, make decisions to improve server performance.

Lessons

• Methodologies for Implementing Baselines

• Using the Windows Reliability and Performance Monitor to Create Baselines

• Creating Baselines for Active Directory Servers

Lab: Creating Baselines for Active Directory Servers

• Involving Users in Baseline Development

• Choosing Relevant Windows Reliability and Performance Monitor (WRPM) Counters and Durations

• Evaluating and Revisiting a Baseline Document in the Face of Business Changes

After completing this module, students will be able to:

• Identify strategies for developing, monitoring, and reviewing baselines.

• Use the WRPM to create baselines.

• Create baselines for different Active Directory roles using the appropriate metrics.

• Generate ideas for involving users in baseline development.

• Choose the relevant WRPM counters and durations for an Active Directory Domain Controller.

• Explain how to revise an AD DS baseline document in the face of a doubling of the user community.

Module 3: Monitoring the System Health of the Active Directory Servers

This module explains how to create and evaluate a monitoring plan based on business needs and environments. It also explains how to determine the health of Active Directory servers using performance monitoring and even log triggers.

Lessons

• Overview of System Health

• Using Long-Term Monitoring to Identify Trends

• Setting Thresholds and Alerts for Short-Term Monitoring

• Choosing the Appropriate Server 2008 Monitoring Tools

Lab: Monitoring the Active Directory Server Roles

• Setting a Performance Alert to Meet a Business Goal

• Discussing Alert Response Strategies

• Building a Case for Configuration Change

After completing this module, students will be able to:

• Define system health, server health, and Active Directory health.

• Define the best procedures to ensure system health and optimal performance for Active Directory servers.

• Set thresholds and alerts that are used for short-term monitoring.

• Describe the Server 2008 monitoring tools and how to decide when the different tools are appropriate in different business situations.

• Set a performance alert using WPRM.

• Compare the pros and cons of both short-term and long-term alert response strategies.

• Explain which Server 2008 tools are available for building a case for a configuration change based on monitoring results.

Module 4: Managing Active Directory Domain Services

This module explains how to implement the methodology of maintaining Windows Server AD DS.

Lessons

• Restarting and Restoring the Active Directory

• Overview of the Flexible Single Master Operations (FSMO) Roles

• Evaluating Sites and Replication

• Managing Read-Only Domain Controllers (RODCs)

• Methods of Managing the Server Core

• Best Practices for Group Policy Objects and Links

• Delegating the Active Directory Administration

Lab: Managing the Active Directory Domain Services

• Offline Defragging of the NT Directory Service

• Evaluating a RODC with Read-Only DNS Solution

• Making Site Replication Decisions

• Group Policy Link Strategies

After completing this module, students will be able to:

• Describe the impact of Server 2008 methods for restarting Active Directory without rebooting.

• Restore deleted objects without restarting an AD DS server.

• Define the FSMO roles and the Global Catalog pseudo-role.

• Identify the exceptions to the standard Active Directory design rules.

• Explain the importance of site definitions and how to optimize the AD DS replication activity.

• Explain the functionality of RODCs and the key benefits with RODCs deployed.

• Explain the methods of managing Server Core.

• Identify the best practices for Group Policy objects and links.

• State the pros and cons of delegating administration of Active Directory.

• Perform an offline defrag of NTDS without rebooting.

• Evaluate a RODC.

• Change site replication latency.

• Propose Group Policy link strategies.

Module 5: Maintaining Security for Active Directory Servers

This module explains how to deploy proven methods to harden the Active Directory Servers.

Lessons

• Server Hardening Techniques

• Using the Microsoft Baseline Security Analyzer to Discover and Remove Security Holes

• Using Fine-Grained Password Policies to Simply Network Organization

• Planning Security Auditing

• Enhancing Physical Security

Lab: Maintaining Security for the Active Directory Servers

• Manually Implementing AD DS Server Hardening

• Assessing Ongoing Security Requirements

• Deploying Two Fine-Grained Password Policies

• Using AUDITPOL for Auditing

After completing this module, students will be able to:

• Describe the techniques used for manual server hardening.

• Deploy template-based server hardening using Group Policy.

• Use the MBSA to discover and remove security holes.

• Explain why you would use fine-grained password policies and how to maintain them.

• Describe when to perform security auditing and how to define a proper security baseline.

• Explain how to solve physical security problems and the ramifications of lax security policies.

• Plan a proper hardening policy for a given scenario.

• Assess ongoing security requirements with MBSA.

• Set up two fine-grained password policies.

• Use AUDITPOL for auditing.

Module 6: Managing Active Directory Service Roles

This module explains how to add the Service Roles to a Windows 2008 network.

Lessons

• Using Server 2008 Tools for Certificate Services

• Implementing Lightweight Directory Services

• Overview of Active Directory Federation Services

• Overview of Rights Management Services

Lab: Managing the Active Directory Service Roles

• Installing the AD LDS Role

• Identifying Ongoing Management Concerns

• Using Server 2008 Tools for Managing AD LDS

After completing this module, students will be able to:

• Use the Server 2008 tools to operate Certificate Services.

• Explain when to use LDS.

• Describe the deployment steps.

• Run the LDS using the Server 2008 tools.

• Identify management concerns with ADFS.

• Identify management concerns with Rights Management.

• Deploy an AD LDS instance on a 2008 Server.

• Identify ongoing management concerns for an Active Directory role.

• Use the Server 2008 tools to address specific concerns.