- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
Learn, prepare, and practice for exam successMaster every topic on Microsoft's new MCTS 70-640 exam. Assess your knowledge and focus your learning. Get the practical workplace knowledge you need!CD Includes Complete Sample ExamStart-to-finish MCTS 70-640 preparation from top Microsoft technology consultant, trainer, and author Don Poulton!Master every MCTS 70-640 topic!DNS and domain installation, including zones AD Domain Services installation Upgrading older domains Server settings and replication Global catalogs and operations masters Site management and data replication AD LDS, AD FS, and AD RMS roles Read-Only Domain Controller deployment User/group account management Trust relationships, including troubleshooting Group Policy Object configuration, usage, and hierarchies Software deployment via group policies Account and audit policy management Monitoring and maintenance Certificate Services installation, configuration, and managementTest your knowledge, build your confidence, and succeed!Packed with visuals to help you learn fast Dozens of troubleshooting scenarios Real-world MCTS 70-640 prep advice from experts Easy-to-use exam preparation task listsFrom Don Poulton, professional Microsoft technology consultant, IT training expert, and best-selling exam guide authorDon Poulton (A+, Network+, Security+, MCSA, MCSE) is an independent consultant who has been involved with computers since the days of 80-column punch cards. He has consulted extensively with training providers, preparing training and exam prep materials for Windows technologies. He has written or contributed to several Que titles, including MCTS 70-680 Cert Guide: Microsoft (R) Windows 7, Configuring; Security+ Lab Manual; and MCSA/MCSE 70-299 Exam Cram 2.CD Includes Complete Sample ExamDetailed explanations of correct and incorrect answers Multiple test modes Random questions and order of answersShelving Category: Certification/Microsoft
Contents
Introduction 3Goals and Methods 3How This Book Is Organized 4Study and Exam Preparation Tips 7Learning Styles 7Study Tips 8Study Strategies 9Pretesting Yourself 10Exam Prep Tips 10Microsoft 70-640 Exam Topics 12Chapter 1 Getting Started with Active Directory 17The Foundation of Active Directory 17X.500 17LDAP 18Naming Standards of X.500 and LDAP 19Distinguished Names 19Relative Distinguished Names 20User Principal Names 21Globally Unique Identifiers 21Security Identifiers 21Active Directory Canonical Names 22The Building Blocks of Active Directory 22Namespaces 22Objects 23Containers 24Schemas 24Global Catalogs 24Partitions 25Logical Components of Active Directory 26Domains 26Trees 27Forests 27Organizational Units 29Sites 30Domain Controllers 31Global Catalog Servers 31Operations Masters 32New Features of Active Directory in Windows Server 2008 33Server Manager 35Adding Roles and Features 36Command-Line Server Management 36Windows Server 2008 R2 37Summary 40Chapter 2 Installing and Configuring DNS for Active Directory 43"Do I Know This Already?" Quiz 43The Hierarchical Nature of DNS 48Installing DNS on Windows Server 2008 R2 49Configuring DNS Zones 51DNS Zone Types 52Primary Zones 53Secondary Zones 53Stub Zones 53Active Directory-Integrated Zones 53GlobalNames Zones 54DNS Name Server Roles 55Primary Name Server 55Secondary Name Server 55Caching-Only Server 56Forwarders 56Creating DNS Zones 57Forward Lookup Zones 57Reverse Lookup Zones 59DNS Resource Records 61Configuring DNS Zone Properties 62Configuring Zone Types 63Adding Authoritative DNS Servers to a Zone 63Dynamic, Nondynamic, and Secure Dynamic DNS 64Zone Scavenging 65Time to Live 66Integrating DNS with WINS 68Command-Line DNS Server Administration 69Review All the Key Topics 71Complete the Tables and Lists from Memory 71Definitions of Key Terms 71Chapter 3 Installing Active Directory Domain Services 73"Do I Know This Already?" Quiz 73Planning the Active Directory Namespace 77Subdividing the Active Directory Namespace 77Administrative or Geographical Organization of Domains 78Use of Multiple Trees 79Best Practices 80Creating Forests and Domains 81Requirements for Installing Active Directory Domain Services 81Installing Active Directory Domain Services 82New Forests 83New Domains in Existing Forests 88Existing Domains 89Performing Unattended Installations of Active Directory 90Server Core Domain Controllers 92Removing Active Directory 92Interoperability with Previous Versions of Active Directory 93Forest and Domain Functional Levels 94Upgrading Domain and Forest Functional Levels 95The Adprep Utility 96Running the Adprep /forestprep Command 96Running the Adprep /domainprep Command 97Upgrading a Windows Server 2003 Domain Controller 97Additional Forest and Domain Configuration Tasks 98Verifying the Proper Installation of Active Directory 98Active Directory Migration Tool v.3.1 100Alternative User Principal Name Suffixes 101Review All the Key Topics 103Complete the Tables and Lists from Memory 103Definitions of Key Terms 104Chapter 4 Configuring DNS Server Settings and Replication 107"Do I Know This Already?" Quiz 107Configuring DNS Server Settings 112Forwarding 112Conditional Forwarders 114Root Hints 116Configuring Zone Delegation 117Debug Logging 119Event Logging 121DNS Security Extensions 121Advanced Server Options 123Server Options 123Round Robin 124Disable Recursion 125Name Checking 125Loading Zone Data 126Server Scavenging 126Monitoring DNS 127Configuring Zone Transfers and Replication 128Replication Scope 128Types of Zone Transfers 130Full Zone Transfer 130Incremental Zone Transfer 131Configuring Zone Transfers 132Configuring DNS Notify 133Secure Zone Transfers 134Configuring Name Servers 136Application Directory Partitions 138Installing and Configuring Application Directory Partitions 138Creating Application Directory Partition Replicas 139Application Directory Partition Reference Domains 139Review All the Key Topics 140Complete the Tables and Lists from Memory 140Definitions of Key Terms 140Chapter 5 Global Catalogs and Operations Masters 143"Do I Know This Already?" Quiz 143Configuring Global Catalog Servers 148Planning the Placement of Global Catalog Servers 148Promoting Domain Controllers to Global Catalog Servers 150Using Universal Group Membership Caching 151Using Partial Attribute Sets 152Configuring Operations Masters 153Schema Master 153Configuring the Schema 154Extending the Schema 155Deactivating Schema Objects 159Domain Naming Master 160PDC Emulator 160Time Service 161Infrastructure Master 162RID Master 162Placement of Operations Masters 163Transferring and Seizing of Operations Master Roles 164Transferring Operations Master Roles 165Seizing Operations Masters Roles 167Review All the Key Topics 169Complete the Tables and Lists from Memory 169Definitions of Key Terms 170Chapter 6 Configuring Active Directory Sites and Replication 173"Do I Know This Already?" Quiz 173The Need for Active Directory Sites 178Configuring Sites and Subnets 179Creating Sites 180Adding Domain Controllers 181Creating and Using Subnets 182Site Links, Site Link Bridges, and Bridgehead Servers 184The Need for Site Links and Site Link Bridges 184Configuring Site Links 185Site Link Bridges 185Site Link Costs 186Sites Infrastructure 189Knowledge Consistency Checker 189Intersite Topology Generator 189Configuring Active Directory Replication 189Concepts of Active Directory Replication 190Intersite and Intrasite Replication 191Distributed File System 192One-Way Replication 193Bridgehead Servers 193Replication Protocols 194Ports Used for Intersite Replication 195Replication Scheduling 196Intersite Replication Scheduling 196Intrasite Replication Scheduling 198Forcing Intersite Replication 200Review All the Key Topics 201Complete the Tables and Lists from Memory 202Definitions of Key Terms 202Chapter 7 Additional Active Directory Roles 205"Do I Know This Already?" Quiz 205New Server Roles and Features 210Active Directory Lightweight Directory Services 211Installing AD LDS 213Installing the AD LDS Role 213Installing AD LDS Instances 214Configuring Data Within AD LDS 217Using the ADSI Edit Snap-in 217Using Ldp.exe 218Using the Active Directory Schema Snap-in 220Using the Active Directory Sites and Services Snap-in 221Migrating to AD LDS 221Configuring an Authentication Server 222Creating AD LDS User Accounts and Groups 222Binding to an AD LDS Instance with an AD LDS User 224Using AD LDS on Server Core 224Active Directory Rights Management Services 225Installing AD RMS 226Certificate Request and Installation 228Self-Enrollments 230Delegation 230Active Directory Metadirectory Services 231Active Directory Federation Services 231Installing the AD FS Server Role 233Configuring Trust Policies 236User and Group Claim Mapping 237Configuring Federation Trusts 238Creating Claims 239Creating Account Stores 240Enabling Applications 241Creating Federation Trusts 242Windows Server 2008 R2 Virtualization 244Review All the Key Topics 247Complete the Tables and Lists from Memory 247Definitions of Key Terms 248Chapter 8 Read-Only Domain Controllers 251"Do I Know This Already?" Quiz 251Installing a Read-Only Domain Controller 254Planning the Use of RODCs 254Installing RODCs 256Prestaging an RODC 257Managing a Read-Only Domain Controller 259Unidirectional Replication 260Administrator Role Separation 261Read-Only DNS 262BitLocker 263Preparing Your Computer to Use BitLocker 265Enabling BitLocker 265Managing BitLocker 269Replication of Passwords 270Planning a Password Replication Policy 271Configuring a Password Replication Policy 272Credential Caching 273Administering the RODC's Authentication Lists 275syskey 276Review all the Key Topics 278Definitions of Key Terms 278Chapter 9 Active Directory User and Group Accounts 281"Do I Know This Already?" Quiz 281Creating User and Group Accounts 286Introducing User Accounts 286Introducing Group Accounts 287Creating User, Computer, and Group Accounts 288Use of Template Accounts 290Using Bulk Import to Automate Account Creation 291Csvde 292Ldifde 293Dsadd 294Additional Command-Line Tools 295Scripts 296Configuring the UPN 296UPN Suffixes 296Adding or Removing UPN Suffixes 297Configuring Contacts 298Creating Distribution Lists 299Managing and Maintaining Accounts 300Creating Organizational Units 301Configuring Group Membership 304AGDLP/AGUDLP 306Account Resets 308Deny Domain Local Group 308Protected Admin 309Local Versus Domain Groups 310Deprovisioning Accounts 312Delegating Administrative Control of Active Directory Objects 313Review All the Key Topics 317Complete the Tables and Lists from Memory 318Definitions of Key Terms 318Chapter 10 Trust Relationships in Active Directory 321"Do I Know This Already?" Quiz 321Types of Trust Relationships 325Transitive Trusts 325Forest Trusts 326External Trusts and Realm Trusts 326Shortcut Trusts 327Creating and Configuring Trust Relationships 328Creating a Forest Trust Relationship 329Creating External Trust Relationships 335Creating Realm Trust Relationships 336Creating Shortcut Trust Relationships 337Managing Trust Relationships 338Validating Trust Relationships 338Authentication Scope 338SID Filtering 340Removing a Cross-forest Trust Relationship 341Review All the Key Topics 343Complete the Tables and Lists from Memory 343Definitions of Key Terms 343Chapter 11 Creating and Applying Group Policy Objects 345"Do I Know This Already?" Quiz 345Overview of Group Policy 351Components of Group Policy 351Group Policy Containers 352Group Policy Templates 352New Features of Group Policy in Windows Server 2008 and Windows Server 2008 R2 354Creating and Applying GPOs 355Managing GPOs 359Linking GPOs 360Managing GPO Links 361Deleting a GPO 362Delegating Control of GPOs 362Specifying a Domain Controller 365Configuring GPO Hierarchy and Processing Priority 365OU Hierarchy 367Enforced 367Block Inheritance 369Modifying the Sequence of GPO Application 370Disabling User Objects 370Group Policy Filtering 371Security Filtering of GPOs 371Windows Management Instrumentation 374Windows PowerShell 374Configuring GPO Templates 376Group Policy Loopback Processing 377User Rights 378ADMX Central Store 379Administrative Templates 380Restricted Groups 384Starter GPOs 385Shell Access Policies 387Review All the Key Topics 389Complete the Tables and Lists from Memory 389Definitions of Key Terms 390Chapter 12 Group Policy Software Deployment 393"Do I Know This Already?" Quiz 393Types of Software Deployment 398Assigning and Publishing Software 399Assigning Software to Users 399Assigning Software to Computers 399Publishing Software to Users 399Deploying Software Using Group Policy 400ZAP Files 402Software Installation Properties 403Software Package Properties 405Upgrading Software 407Use of Transform Files to Modify Software Packages 409Redeployment of Upgraded Software 411Removal of Software 413Review All the Key Topics 414Complete the Tables and Lists from Memory 414Definitions of Key Terms 414Chapter 13 Account Policies and Audit Policies 417"Do I Know This Already?" Quiz 417Use of Group Policy to Configure Security 422Configuring Account Policies 422Domain Password Policies 423Account Lockout 426Unlocking an Account 427Kerberos Policy 428Fine-Grained Password Policies 428Password Settings Precedence 429Configuring Fine-Grained Password Policies 430Managing Fine-Grained Password Policies 435Viewing the Resultant PSO 435Security Options 436Using Additional Security Configuration Tools 439Auditing of Active Directory Services 441New Features of Active Directory Auditing 441Using GPOs to Configure Auditing 442Available Auditing Categories 442Configuring Basic Auditing Policies 443Configuring Advanced Audit Policies 446Using Auditpol.exe to Configure Auditing 447Review All the Key Topics 449Complete the Tables and Lists from Memory 450Definitions of Key Terms 450Chapter 14 Monitoring Active Directory 453"Do I Know This Already?" Quiz 453Tools Used to Monitor Active Directory 459Network Monitor 459Task Manager 463Configuring Application Priority 465Event Viewer 466Customizing Event Viewer 468Customizing Event Viewer Detail 470Reliability and Performance Monitor 471Resource Monitor 473Reliability Monitor 473Performance Monitor 476Data Collector Sets 479Windows System Resource Manager 484Server Performance Advisor 486Monitoring and Troubleshooting Active Directory Replication 487replmon 487repadmin 491replicate 491showmeta 492showreps 492add 492sync 493syncall 493showconn 493replsummary 494dcdiag 494Troubleshooting the Application of Group Policy Objects 496Resultant Set of Policy 496Planning Mode/Group Policy Modeling 497Logging Mode/Group Policy Results 501Using the Delegation of Control Wizard 509Gpresult 509Review All the Key Topics 512Complete the Tables and Lists from Memory 513Definitions of Key Terms 513Chapter 15 Maintaining Active Directory 515"Do I Know This Already?" Quiz 515Backing Up and Recovering Active Directory 520Backup Permissions 521Use of Windows Server Backup 521Installing Windows Server Backup 521Backing Up Critical Volumes of a Domain Controller 522The wbadmin Command 525Scheduling a Backup 526Using Removable Media 527Recovering Active Directory 528Directory Services Restore Mode 528Performing a Nonauthoritative Restore 529Using the wbadmin Command to Recover Your Server 534Performing an Authoritative Restore 536Recovering Back-Links of Authoritatively Restored Objects 537Performing a Full Server Recovery of a Domain Controller 538Linked-Value Replication and Authoritative Restore of Group Memberships 539The Active Directory Recycle Bin 540Enabling the Active Directory Recycle Bin 541Using the Active Directory Recycle Bin to Restore Deleted Objects 543Backing Up and Restoring GPOs 545Backing Up GPOs 545Restoring GPOs 545Importing GPOs 547Using Scripts for Group Policy Backup and Restore 548Offline Maintenance of Active Directory 549Restartable Active Directory 549Offline Defragmentation and Compaction 550Online Defragmentation 551Offline Defragmentation 551Active Directory Database Storage Allocation 553Review All the Key Topics 555Complete the Tables and Lists from Memory 556Definitions of Key Terms 556Chapter 16 Installing and Configuring Certificate Services 559"Do I Know This Already?" Quiz 559What's New with Certificate Services in Windows Server 2008? 563New Features of Active Directory Certificate Services in Windows Server 2008 R2 564Installing Active Directory Certificate Services 565Configuring Certificate Authority Types and Hierarchies 565Installing Root CAs 567Installing Subordinate CAs 571Understanding Certificate Requests 571Using Certificate Practice Statements 572Configuring Certificate Authority Server Settings 573Installing the Certificates Snap-in 573Working with Certificate Stores 575Using Group Policy to Import Certificates 575Backing Up Certificates and Keys 576Restoring Certificates and Keys 577Using Group Policy to Enable Credential Roaming 578Backing Up and Restoring Certificate Databases 580Assigning Administration Roles 581Configuring Certificate Server Permissions 582Review All the Key Topics 583Complete the Tables and Lists from Memory 584Definitions of Key Terms 584Chapter 17 Managing Certificate Templates, Enrollments, and Certificate Revocation 587"Do I Know This Already?" Quiz 587Managing Certificate Templates 592Understanding Certificate Template Types 592Configuring Certificate Templates 593Securing Template Permissions 595Enabling the Use of Templates 597Managing Different Certificate Template Versions 597Archiving Keys 599Configuring Key Recovery Agents 599Managing Certificate Enrollments 602Understanding Network Device Enrollment Services 602Enabling Certificate Autoenrollment 605Configuring Web Enrollment 606Configuring Smart Card Enrollment 609Creating Enrollment Agents 610Using Group Policy to Require Smart Cards for Logon 614Managing Certificate Revocation 616Configuring Certificate Revocation Lists 617Configuring a CRL Distribution Point 619Troubleshooting CRLs 620Configuring Online Responders 621Configuring Responder Properties 622Adding a Revocation Configuration 623Configuring Arrays 624Configuring Authority Information Access 624Review All the Key Topics 625Complete the Tables and Lists from Memory 626Definitions of Key Terms 626Practice Exam 629Answers to Practice Exam 691Appendix A Answers to the "Do I Know This Already?" Quizzes 729Appendix B Installing Windows Server 2008 R2 763Glossary 773Elements Available on CDAppendix C Memory Tables 3Appendix D Memory Tables Answer Key 3TOC, 9780789747082, 11/19/2010
