Windows 2000 Directory Services Design, Implementation & Admin. Course

This course is for support professionals new to Windows 2000 who will be responsible for installing, configuring and supporting a Windows 2000 Active Directory infrastructure. This course provides delegates with the information and skills needed to create and administer an Active Directory infrastructure design that supports organisational, administrative and security requirements.

The course prepares delegates for the Microsoft examinations 70-217 and 70-219.

This course covers the subject areas covered in Microsoft Course MS2154 / 1561.

Delegates should have successfully completed the PTR Windows 2000 Operating System & Networking Essentials, Windows 2000 Professional and Server Support and Windows 2000 Network Infrastructure - Design, Implementation & Administration courses or have an equivalent knowledge level prior to attending this course.

Topics covered on the 5 day Windows 2000 Directory Services Design, Implementation & Admin. course

Introduction to Active Directory

• Microsoft Windows 2000 Active Directory
• Active Directory Schema
• Lightweight Directory Access Protocol
• Logical Structure of Active Directory
• Domains
• Organisational Units
• Trees and Forests
• Global Catalog
• Physical Structure of Active Directory
• Domain Controllers
• Sites
• Windows 2000 Network Administration Methods
• Benefits of the Active Directory
• The Need for Organisational Analysis
• Identifying Organisational Needs
• General Factors that Effect Active Directory Design
• General Active Directory Design Principles - Best Practices
• Design Components affecting Active Directory Structure
• Naming Strategy Considerations
• Delegation of Administrative Authority
• Schema Modifications
• Active Directory Design and Group Policy
• Single Active Directory Domains - Design Guidelines
• Designing Multiple Domains - Design Guidelines
• Designing Site Topologies

DNS and Active Directory

• The Role of DNS in Active Directory
• Service Resource Records
• Using DNS
• Integrating DNS Zones Into Active Directory
• Active Directory and DNS Requirements
• Installing DNS
• Active Directory Integrates with DNS
• Differences between DNS and Active Directory
• Using Berkeley Internet Name Domain (BIND) DNS Servers
• Planning Active Directory Domain Names
• Active Directory Scope
• Naming Hierarchies
• Active Directory Root omain Names
• The Internet Presence Factor
• Initial Decisions
• Single DNS Domain Name for Internal and External Networks
• Creating a Delegated DNS Sub-domain for the Active Directory Root Domain
• Multiple DNS Domain Names for Public and Private Networks.
• Design Guidelines for DNS Naming of Active Directory Root Domains
• Environment

Active Directory Domains

• Objectives
• Overview of Domains
• Creating a Windows 2000 Domain
• Creating the First Windows 2000 Domain
• Active Directory Installation Verification
• Site Configuration
• Configuration of Directory Services
• Configuration of Security and Services
• Final Installation Operations
• Verifying Active Directory Installation
• Performing Post Installation Tasks
• Integrating DNS Zones with Active Directory
• Changing the Domain Model
• Creating an Organisational Unit Structure
• Troubleshooting Active Directory Installation
• Removing Active Directory
• Designing an Active Directory Domain
• Planning for the First Active Directory Domain
• Guidelines for Creating Security Groups
• Designing an Organisational Unit Structure

Creating and Administering Users and Groups

• User and Group Accounts in Windows 2000
• User Accounts
• Alternative User Principal Name Suffixes
• Creating Multiple User Accounts
• Bulk Import Methods and Utilities
• The CSVDE Utility
• The LDIFDE Utility
• User Account Administration
• Locating User Accounts
• Windows 2000 Group Accounts
• Global Groups
• Local Groups
• Universal Groups
• Creating a Group
• Modifying and Deleting Groups
• Group Planning
• Key Points

Publishing Resources in Active Directory

• Introduction to Publishing Resources
• Published Printers
• Printer Publishing on Windows 2000 Print Servers
• Non-Windows 2000 Computers - Publishing Printers
• Published Printer Administration
• Printer Locations
• Prerequisites Required for Printer Locations
• Defining Location Names
• Configuring Printer Locations
• Published Shared Folders
• Adding Descriptions and Keywords to Shared Folders
• Published Objects vs Shared Resources

Delegating Administrative Authority

• Administrative Delegation
• Security Components of Active Directory
• Security Descriptor
• Inheritance
• The Logon Process
• Access Tokens
• Access to Active Directory Resources
• Permissions in Active Directory
• Preventing Inheritance
• Object Ownership
• Delegating Administrative Control
• Custom MMC Consoles
• Taskpad
• Creating a Task
• Identifying Business Needs
• Commonly Implemented IT Administrative Models
• Strategies for Delegated Administrative Designs
• Creating Container Objects Based on Location
• Creating Container Objects based on Departmental Organisation
• Creating Container Objects Based on Function
• Hybrid Models Based on Location then Organisation
• Hybrid Models Based on Organisation then Location
• Developing a Strategy for Delegation of Administrative Authority
• Determining Delegation Methods
• Object Ownership
• Object-based and Task-based Administrative Delegation
• Delegation Strategy Factors
• Design Guidelines

Supporting Group Policy

• Introduction to Windows 2000 Group Policy
• Types of Group Policy Settings
• Group Policy Objects (GPOs)
• Group Policy Settings for Computers and Users
• Order of Processing for Group Policy Objects
• Group Policy Inheritance in Active Directory
• Group Policy Object Linking
• Group Policy Conflicts
• Creating a Group Policy Object
• Associating a GPO with a Site
• Creating Unlinked Group Policy Objects
• Managing Group Policy Inheritance
• Managing Group Policy Permissions
• Disabling Group Policy Objects
• Group Policy and the PDC Emulator
• Group Policy and Slow Network Connections
• Delegating Administrative Control of Group Policy
• Monitoring Group Policy
• Group Policy Troubleshooting Tools
• Troubleshooting Group Policy

Controlling User Environments using Group Policy

• Configuring Group Policy
• Settings Folder
• Modifying the Administrative Template Settings
• Modifying Script Settings
• Modifying Security Settings
• Configuring Folder Redirection
• Modifying Group Policy to manage Desktop Environment
• Managing Software using Group Policy
• Windows 2000 Software Management Technologies
• Windows Installer
• Software Installation and Maintenance
• Software Life Cycle
• Deploying Software
• Software Package Assignment
• Publishing Software Packages
• How Document Invocation Works
• Publishing Applications vs. Assigning Applications
• Non-Windows Installer Packages
• Software Modifications
• Upgrading Software
• Mandatory Upgrades
• Optional Upgrades
• Redeploying Software
• Removing Software
• Software Management
• Associating File Extensions with Applications
• Categorising Software
• Modifying the Deployment Options
• Troubleshooting Software Deployment

Planning and Documenting Group Policy

• Identifying Administrative Needs
• Applying Group Policy at the Site Level
• Applying Group Policy at the Domain Level
• Applying Group Policy at the OU Level
• Settings Usually Applied at the Domain Level
• Settings Usually Applied at the OU Level
• Planning for Group Policy
• Group Policy Design Guidelines

Multiple Domains

• The Case for Single Domains
• Accessing Resources Across Domains
• Two-Way, Transitive Trusts
• Authentication Paths
• Multiple-Domain Trees
• Creation of Child Domains in an Existing Tree
• Creating an Empty Root
• Multiple-Domain Tree Guidelines
• Multiple-Tree Forests
• Design Guidelines for Multiple-Tree Forests
• Multiple Forests
• Multiple Forest Design Guidelines
• Creating New Domains
• Verifying Trust Relationships
• The Global Catalog

Managing Replication Traffic

• Multi-Master Replication
• Replication Processes
• Update Requests
• Replication Latency
• How Conflicts Occur
• Minimising Conflicts
• Globally Unique Stamps
• Types of Conflict
• Preventing Unnecessary Replication
• Update Sequence Number (USN)
• Up-To-Dateness Vector
• Replication Topologies
• Directory Partitions and Replication
• The Role of the Global Catalog in Replication
• Knowledge Consistency Checker (KCC)
• Default Replication Topology
• Connection Objects
• Manual Creation
• Initiating Replication Manually
• Physical Structure vs Logical Structure
• Sites and Subnets
• Server Objects
• Site Links
• Site Link Bridges
• Intra-Site Replication
• Inter-Site Replication
• Remote Procedure Call (RPC)
• Simple Mail Transfer Protocol (SMTP)
• Creating Sites
• Creating Subnets
• Moving a Server Object between Sites
• Site Links
• Creating a Site Link
• Configuring a Site Link
• Using Site Link Bridges
• Monitoring and Troubleshooting Replication
• Network Monitor
• Performance Monitor
• Replication Monitor
• The REPADMIN Utility
• Operation Masters and Replication Topology
• Forest Operation Masters
• Schema Master
• Domain Naming Master
• Domain Operation Masters
• PDC Emulator
• RID Master
• Infrastructure Master
• Transferring Operation Master Roles
• Handling Operation Master Failures
• Planning Inter-Site Replication
• Traffic Affected by Site Topology
• Factors affecting Replication
• Determining Connectivity and Bandwidth
• Estimating Replication Traffic
• Planning Site Links and Site Link Bridges
• Server Placement
• Domain Controller Placement
• Global Catalog Server Placement
• Operation Master Placement

Active Directory Schema Policy

• Schema Fundamentals
• Identifying Business Needs
• Schema Components
• Class-Schema Objects
• Attribute-Schema Objects
• Modifying the Schema
• Object Identifiers
• Deactivating Schema Components
• Implications of Modifying the Schema
• Planning for Schema Modifications
• Deciding When to Modify the Schema
• Planning for Directory Enabled Software Applications
• Anticipating Exchange 2000
• Testing Schema Changes
• Developing a Schema Modification Policy
• Design Guidelines
• Active Directory Maintenance and Troubleshooting
• Maintaining the Active Directory Database
• Active Directory Data Modification
• Garbage Collection
• Backing up Active Directory
• Restoring Active Directory
• Nonauthoritative Restores
• Authoritative Restores
• Moving the Active Directory Database
• Defragmenting the Active Directory Database

Designing an Active Directory Infrastructure

• Conducting an Organisational Analysis
• Assembling the Central Planning Team
• Identifying the Vision and Scope of The Project
• Performing Risk Management
• Documenting the Current Physical Network
• Analysing Current Business Practice
• Projecting Growth and Reorganisation
• Designing an Active Directory Structure
• Designing for Delegation of Administrative Authority
• Designing for Group Policy
• Designing a Domain Structure
• Designing a Schema Policy
• Designing a Site Topology
• Designing a Naming Convention Strategy
• Creating a Functional Specification

Appendix A - Test Practice

Appendix B - Glossary of Terms

Appendix C - Review Answers

Appendix D - Answers to Test Practice

Appendix E - Acknowledgements