Tag Archives: microsoft

Active Directory (AD) Components

Microsoft Windows Server, , , , ,

AD

AD Components Overview

In this post, we examine the key concepts that make up Windows Server Active Directory (AD). This is a continuing series here at the blog as we get excited for my 70-742 Identity in Windows Server 2016 to get fired up at CBT Nuggets.

Domains

The key element of AD is the domain. This is how we organize the structure in an enterprise. A domain consists of:

  • An X.500 (LDAP) based hierarchical structure of containers and objects
  • A DNS domain name
  • A security service
  • Policies
  • A Domain Controller (DC) that is authoritative for the domain (you should have more than one DC!)

Note that you can string domains together in your enterprise to create a domain tree. Perhaps we have cbtnuggetlabs.com as our first domain, then we create eugene.cbtnuggetlabs.com as our next domain. Note that these domains in a tree explicitly trust each other in a transitive way.

Forests

What a perfect name for our next component. A forest is a collection of domain trees! The first domain you create is called the forest root domain. This forest root domain could be renamed later on, but it cannot be removed. Once you have multiple domain trees in a forest,  trust relationships permit resource sharing.

You can even create forest trust relationships if your forest must access resources in another separate forest.

While it is cool that we can create a forest of multiple domain trees, it is almost always correct to keep things as simple as possible and create a single domain forest.

Organizational Units

What most of us think of when we envision AD is Organization Units (OUs). These are containers we create to fill with objects like users and groups and printers and then we assign policy to these units using Group Policy. Do not confuse OUs with another type of container object in AD called – a container. While there are some default containers in Windows Server, we tend to use OUs all the time as we are building our hierarchy.

When you install AD, some default containers and OUs get created for you. For example, there is a Domain Controllers OU.

The Global Catalog (GC)

Need to search a forest for something? The Global Catalog (GC) server comes to the rescue. The attributes you can search on are inside the GC and we call this a partial attribute set (PAS). There are tools you can use to manipulate what attributes make it into the GC.

I hope you found this post informative, and I would like to thank you for reading. Next up, we will examine the Flexible Single Master Operator (FSMO) Roles in AD.
Pearson Education (InformIT)

70-742 Exam – Identity with Windows Server 2016

Microsoft Windows Server, , , ,

70-742

70-742 Overview

70-742 is one of the exams that makes up the MCSA: Windows Server 2016 Microsoft Certified Solutions Associate certification from Microsoft. I am creating a course for this certification at CBT Nuggets beginning on 3/13/2017.

This exam focuses on the identity functionality in Windows Server 2016. It covers the installation and configuration of Active Directory Domain Services (AD DS), in addition to Group Policy implementation for non-Nano Server environments. It also covers functionality such as Active Directory Certificate Services (AD CS), Active Directory Federations Services (AD FS), and Web Application proxy implementations.

70-742 Complete Outline

This is one really long outline – so be sure to click the Read More button below if you are interested in the entire thing!

Install and configure Active Directory Domain Services (AD DS) (20–25%)

  • Install and configure domain controllers
    • Install a new forest
    • Add or remove a domain controller from a domain
    • Upgrade a domain controller
    • Install AD DS on a Server Core installation
    • Install a domain controller from Install from Media (IFM)
    • Resolve DNS SRV record registration issues
    • Configure a global catalog server
    • Transfer and seize operations master roles
    • Install and configure a read-only domain controller (RODC)
    • Configure domain controller cloning

Pearson Education (InformIT)
Continue reading 70-742 Exam – Identity with Windows Server 2016