Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide
eBook - ePub

Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide

Deploy, configure, and troubleshoot identity services and Group Policy in Windows Server 2016

  1. 232 pages
  2. English
  3. ePUB (mobile friendly)
  4. Available on iOS & Android
eBook - ePub

Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide

Deploy, configure, and troubleshoot identity services and Group Policy in Windows Server 2016

Book details
Book preview
Table of contents
Citations

About This Book

Equip yourself with the most complete and comprehensive preparation experience for Identity with Windows Server 2016: Microsoft 70-742 exam.

Key Features

  • Helps you demonstrate real-world mastery of Windows Server 2016 identity features and functionality and prepare for 70-742
  • Acquire skills to reduce IT costs and deliver more business value
  • Enhance your existing skills through practice questions and mock tests

Book Description

MCSA: Windows Server 2016 certification is one of the most sought-after certifications for IT professionals, which includes working with Windows Server and performing administrative tasks around it. This book is aimed at the 70-742 certification and is part of Packt's three-book series on MCSA Windows Server 2016 certification, which covers Exam 70-740, Exam 70-741, and Exam 70-742.

This exam guide covers the exam objectives for the 70-742 Identity with Windows Server 2016 exam. It starts with installing and configuring Active Directory Domain Services (AD DS), managing and maintaining AD DS objects and advanced configurations, configuring Group Policy, Active Directory Certificate Services, and Active Directory Federation Services and Rights Management. At the end of each chapter, convenient test questions will help you in preparing for the certification in a practical manner.

By the end of this book, you will be able to develop the knowledge and skills needed to complete MCSA Exam 70-742: Identity with Windows Server 2016 with confidence.

What you will learn

  • Install, configure, and maintain Active Directory Domain Services (AD DS)
  • Manage Active Directory Domain Services objects
  • Configure and manage Active Directory Certificate Services
  • Configure and manage Group Policy
  • Design, implement, and configure Active Directory Federation Services
  • Implement and configure Active Directory Rights Management Services

Who this book is for

This book primarily targets system administrators who are looking to gain knowledge about identity and access technologies with Windows Server 2016 and aiming to pass the 70-742 certification. This will also help infrastructure administrators who are looking to gain advanced knowledge and understanding of identity and access technologies with Windows Server 2016. Familiarity with the concepts such as Active Directory, DNS is assumed.

Frequently asked questions

Simply head over to the account section in settings and click on “Cancel Subscription” - it’s as simple as that. After you cancel, your membership will stay active for the remainder of the time you’ve paid for. Learn more here.
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
Both plans give you full access to the library and all of Perlego’s features. The only differences are the price and subscription period: With the annual plan you’ll save around 30% compared to 12 months on the monthly plan.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes, you can access Identity with Windows Server 2016: Microsoft 70-742 MCSA Exam Guide by Vladimir Stefanovic, Sasha Kranjac in PDF and/or ePUB format, as well as other popular books in Informatique & Administration du système. We have over one million books available in our catalogue for you to explore.

Information

Publisher
Packt Publishing
Year
2019
ISBN
9781838558420
Edition
1
Topic
Informatique
Subtopic
Administration du système

Installing and Configuring Active Directory

From Windows Server 2000, Active Directory Domain Services (AD DS) has become the default identity provider for Windows operating systems. AD DS represents a central point for authentication and management of all AD DS objects, such as users, groups, and computer accounts. The AD DS database, a central store in AD DS, stores information related to users, groups, computers, services, and all other resources in the AD DS hierarchical structure, and is also known as the directory. AD DS gives us the ability to search objects through the hierarchically organized directory structure and to apply configuration and security settings to all active directory objects.
In this chapter, you will learn why we need AD DS, the components of AD DS, how AD DS is installed and configured, and how to create and manage AD DS objects.
We will learn about the following topics in this chapter:
  • Introduction to Active Directory
  • Installing and configuring Active Directory
  • Active Directory users and computers
  • Active Directory groups and organizational units

Introduction to Active Directory

Every AD DS is composed of both logical and physical components. All components work together and each component has a specific role in the proper functioning of AD DS. In this section, you'll learn what those components are and why they're important. We'll also look at which tools can be used to manage AD DS and what's new in AD DS in Windows Server 2016.
A knowledge of logical components is important for the proper implementation of appropriate AD DS design for an organization.
The following table shows the logical and physical components of AD DS:
Logical components Physical components
  • Partitions
  • Schema
  • Domains
  • Domain trees
  • Forests
  • Sites
  • Organizational units
  • Containers
  • Domain controllers
  • Read-only domain controllers
  • Data stores
  • Global catalog servers

Logical components

Logical components in AD DS are structures that are used to implement AD DS design. Different designs are appropriate for different organizations, so knowledge of logical components and their purpose is very important. In the following section, we'll describe the logical components in more detail.

Partitions

A partition is a portion of the AD DS database. Although the AD DS database stores all the data in one file, C:\Windows\NTDS\ntds.dit, the AD DS database is composed of a few different partitions and each partition contains different data. The AD DS database is logically separated into the following directory partitions:
  • Schema partition: There is only one schema partition per forest. The schema partition is stored on all domain controllers in the forest and contains definitions of all objects and attributes of objects.
  • Configuration partition: The configuration partition contains information about the forest-wide AD DS structure, as well as information about the domains and sites in a forest and the domain controllers that are installed in a forest.
  • Domain partition: Domain partitions are stored on every domain controller in a domain and contain information about users, groups, computers, and organizational units. All objects from the domain partition are stored in the global catalog.
  • Application partition: Every application in AD DS needs to store, categorize, and use specific information. This information is stored in the Application partition that can be domain- or forest-wide, depending on the application type.
Partitions are replicated through directory replication and are stored on every domain controller in the domain and forest.
By default, the location of the AD DS database is C:\Windows\NTDS\ntds.dit. While promoting the server to a domain controller, you can define another location for the AD DS database.

Schemas

A schema defines all object classes and attributes that AD DS uses to store data. Each AD DS object has a lot of attributes that need to be populated, such as the name, sAMAccountname, the canonical name, and the location. All of these are controlled by the schema. All domains in a single forest contain a copy of the schema that applies to the forest level. Each change in the schema is replicated from the schema master to every domain controller in the forest. The schema master is typically the first domain controller installed in a forest. An AD DS schema can be changed or modified, but only when necessary. The schema is responsible for information-storage controls, and every untested schema change can potentially affect other applications in the forest that use AD DS. Any schema changes must be performed by the Schema Admins and from the schema master.
Schema changes are one-way. You can't delete anything from a schema, you can only extend or modify schema attributes or classes.

 In most cases, a schema needs to be updated for specific applications. For example, if you want to install Microsoft Exchange Server 2016, you must apply the Exchange Server 2016 Active Directory schema changes. This will be done during the installation of the Exchange Server and will be performed without user interaction.

Domains

The domain is a logical component that acts as a central administrative point for AD DS objects, such as users, groups, and computers. Domains use a specific portion of the AD DS database and can be connected to other domains in a parent-child structure or a tree structure. The AD DS database stores all domain objects, and each domain controller holds a copy of the AD DS database.
AD DS uses a multi-master replication model. This means that every domain controller in the domain can make a change to the objects in the domain and that change will be replicated in all other domain controllers.
The AD DS domain provides authentication and authorization for domain-joined users. Every time the domain user wants to sign in to a domain-joined computer, AD DS must authenticate the login. Windows operating systems use authorization and access-control technologies to allow authenticated users to access resources.
Every domain in a forest has some objects that are unique to that domain:
  • Domain Admins group: By default, every domain has an administrator account and a Domain Admins group. The administrator account is a member of the Domain Admins groups, and the Domain Admins groups is, also by default, a member of the local Administrators group on each domain-joined computer.
  • RID master role: The Relative Identifier (RID) master role is a domain-specific role that's responsible for assigning a unique SID to the new AD DS object. If the RID master server isn't online, you might have issues adding new objects to the domain.
  • Infrastructure master role: This FSMO role is responsible for inter-domain object references, when objects from one domain are part of a group in another domain. If servers with this role are unavailable, domain controllers that aren't configured as a global catalog servers won't be able to authenticate users.
  • PDC emulator role: The Primary Domain Controller (PDC) emulator F...

Table of contents

  1. Title Page
  2. Copyright and Credits
  3. About Packt
  4. Contributors
  5. Preface
  6. Installing and Configuring Active Directory
  7. Managing and Maintaining Active Directory
  8. Creating and Managing Group Policy
  9. Understanding and Implementing Active Directory Certificate Services
  10. Understanding and Implementing Federation and Rights Management
  11. Assessements