Tag Archives: Server 2016

CBT Nuggets Releasing 70-743 Upgrading Your Skills to MCSA: Windows Server 2016


You heard it here first – sections of the 70-743 course from Garth Schulte are already available on CBT Nuggets.

Sections complete as I write this are:

Enjoy the latest Server 2016 training and certification from a trainer and learning organization you can trust.

Garth has also worked hard on providing Hands On Labs to accompany that great training, so you can easily learn while following along with him.

This is training not to be missed!

70-742 Additional Notes – Active Directory Rights Management Services (AD RMS)

Active Directory Rights Management Services rights can be assigned to users in forests that have a federated trust in place via Active Directory Federation Services . This enables organizations to share rights-protected content without establishing another trust or building a separate Active Directory Rights Management Services infrastructure.

Active Directory Federation Services (AD FS) is a standards-based service that enables federation of identity by implementing claims-based authentication across forests. Claims-based authentication is the process of authenticating a user, based on a set of claims contained in a trusted token. The token is typically issued and signed by a trusted entity.

With AD FS, identity federation is established between two organizations by establishing trust between two security realms . An AD FS server on one side of the trust (ADFS-ACCOUNT) authenticates the user through Active Directory Domain Services and issues a token containing a series of claims about the user, including her identity. On the other side, an AD FS server (ADFS-RESOURCE) validates the token and issues a separate token that the local servers accept, enabling the user to access a requested resource. This process enables an organization to provide controlled access, to its resources or services, to a user that belongs to another security realm. Users do not have to directly authenticate to the federated environment and the organizations do not have to share user identities or passwords.

In order to benefit from identity federation, a service must accept federated identities, and AD RMS is one such service. In particular, AD RMS is designed to accept requests for licenses, from remote users through a single sign-on agent or Web single sign-on, and redirect the requests to the local federation server (ADFS-RESOURCE). This server requires the user to authenticate to ADFS-ACCOUNT, which authenticates the user via Active Directory and issues the corresponding security token. This token is presented to the single sign-on agent, which validates the token and provides the identity to the AD RMS server. Finally, the AD RMS server issues the requested licenses.

AD FS provides a very efficient way to deliver access to protected content to users in remote, independent organizations, including organizations that have not deployed AD RMS. It also uses infrastructure that can be used for other federation purposes, such as providing access to extranet sites and to SharePoint Server based sites.

Trusted User Domains (TUDs) allow you to configure an AD RMS cluster to manage requests for CLCs for users that have been issued RACs from a different AD RMS cluster. For example, if an organization has two separate Active Directory forests and each forest has its own AD RMS deployment, you’d configure Trusted User Domains so that clients from one forest are able to issue CLCs to clients with RACs issued from the other forest. TUDs can be one-way or bi-directional. When configuring TUDs, you must export the TUD from the partner before importing the TUD locally.

Trusted Publishing Domains (TPDs) allow the AD RMS cluster in one forest to issue end-user licenses to content published with licenses issued from an AD RMS cluster in another forest. You must export the TPD file and have it imported by the partner AD RMS cluster before the AD RMS cluster in the partner forest can issue end-user licenses to local AD RMS clients.

Identity with Windows Server 2016 (Exam 70-742)


My latest course at CBT Nuggets is complete:

Identity with Windows Server 2016 (Exam 70-742) – MCSA: Windows Server 2016 Microsoft Certified Solutions Associate

This course consists of the following action-packed Nuggets (NOTE: 41 of these Nuggets feature Hands On Labs to allow you to follow along, step-by-step!)

1. Course Introduction – 8 min
2. Active Directory Overview and Install – 19 min
3. Read-Only Domain Controllers and Removing DCs – 16 min
4. Install from Media and Domain Controller Upgrades – 13 min
5. Flexible Single Master Operator Roles – 15 min
6. Configure Domain Controller Cloning – 15 min
7. Troubleshooting Active Directory Installations – 8 min
8. Create, Copy, Configure, and Delete Users and Computers – 14 min
9. Automate the Creation of Active Directory Accounts – 19 min remaining
10. More Automation and Account Management – 11 min
11. Perform Bulk Active Directory Operations – 9 min
12. Configure User Rights – 5 min
13. Implement Offline Domain Join – 12 min
14. Create, Copy, Configure, and Delete Groups and OUs – 14 min
15. Automate Groups and OUs with PowerShell – 7 min
16. Manage Group Membership Using Group Policy – 4 min
17. Group Types and Group Nesting – 22 min
18. Configure Service Accounts – 11 min
19. Group Managed Service Accounts (gMSAs) – 10 min
20. Configure Kerberos Constrained Delegation (KCD) – 4 min
21. Manage Service Principal Names (SPNs) – 8 min
22. Configure Account Policies – 12 min
23. Offline AD and Defragmentation – 7 min
24. Clean Up Metadata – 7 min
25. Backup and Restore of Active Directory – 17 min
26. Replication of Active Directory – 10 min
27. Replication and PRP for RODC – 7 min
28. Multi-Domain and Multi-Forest Active Directory – 9 min
29. Configure Domain and Forest Settings – 6 min
30. Trusts – 10 min
31. Configure Sites and Subnets – 9 min
32. Create and Manage Group Policy Objects (GPOs) – 17 min
33. Configure Group Policy Processing – 13 min
34. Configure Group Policy Settings – 15 min
35. Configure Group Policy Preferences – 5 min
36. Install a Certificate Authority – 9 min
37. Installing a Subordinate CA – 23 min
38. CA Management – 10 min
39. Manage Certificates – 11 min
40. Install and Configure Active Directory Federation Services – 13 min
41. Implement Web Application Proxy (WAP) – 8 min
42. Install and Configure Active Directory Rights Management Services – 7 min