Managing and Maintaining Windows Server 2008 Active Directory Servers
Course 6432A: Two days; Instructor-Led Preliminary Course Syllabus
   
Take This Training
Find training in a city near you.



Note: You are viewing a Preliminary Course Syllabus. This course is not yet available. Because 
some parts of the course are currently in development, some elements of this syllabus are subject to 
change.

On This Page
 Introduction 
 Audience 
 At Course Completion 
 Prerequisites 
 Course Outline  
 Take This Training 

Introduction
Elements of this syllabus are subject to change.

This two day instructor led course provides students with the knowledge and skills to manage and 
maintain Windows Server 2008 Active Directory servers. The course focuses on the Active 
Directory server lifecycle by creating baselines, monitoring the system health, and maintaining 
security for the Active Directory servers. The course also focuses on managing Active Directory 
Domain Services and Active Directory service roles.



Top of page
Audience
This course is intended for Server Administrators who are familiar with Microsoft Windows Server 
2008 and who are, or will be, responsible for the daily management and maintenance of Server 
2008 Active Directory servers. It is also intended for IT professionals who could benefit from 
acquiring the skills required by a Server 2008 Active Directory Server Administrator, such as a 
Server Administrator who is responsible for Network Application servers and works closely with 
the Active Directory Server Administrator, or an Enterprise Administrator who wants to understand 
the operational requirements of Server 2008 Active Directory Servers before designing a network 
server infrastructure.



Top of page
At Course Completion
After completing this course, students will be able to:

• Plan and identify different approaches to Active Directory server deployment.
 
• Add and remove the Active Directory Domain Services server role.
 
• Identify strategies for developing, monitoring, and reviewing baselines.
 
• Create baselines for different Active Directory roles with the appropriate metrics using the 
Windows Reliability and Performance Monitor.
 
• Create and evaluate a monitoring plan based on business needs and environments.
 
• Determine the health of Active Directory servers using performance monitoring and event log 
triggers.
 
• Configure effective alerts and responses as well as evaluate alternative recommendations for 
Active Directory Domain Services servers to meet a business goal.
 
• Describe and implement the methodology of maintaining Windows Server Active Directory 
Domain Services.
 
• Perform Active Directory Domain Services maintenance and administrative tasks.
 
• Explain and deploy proven methods to harden the Active Directory servers.
 
• Decide which Server 2008 security features can address a given business situation.
 
• Add server roles to a Windows 2008 network.
 
• Deploy and operate an Active Directory Lightweight Directory Services server role.
 


Top of page
Prerequisites
In addition to their professional experience, students who at tend this training should have technical 
knowledge equivalent to the following courses:

• 6424 Fundamentals of Windows Server 2008 Active Directory
 
• 6425 Configuring Windows Server 2008 AD DS
 
• 6426 Configuring Identity and Access Solutions with Windows Server 2008 Active Directory
 
• 6430 Managing and Maintaining Windows Server 2008 Servers
 


Top of page
Course Outline 
Module 1: Managing an Active Directory Server Lifecycle

This module explains how to support and maintain Active Directory servers to meet changing 
business requirements in an enterprise environment.

Lessons

• Planning an Active Directory Server Deployment
 
• Active Directory Server Deployment Technologies
 
• Adding Active Directory Domain Services Server Roles
 
• Removing Active Directory Services Server Roles
 

Lab: Managing and Maintaining a Windows Server 2008 Domain Controller

• Evaluating the Need for AD DS Promotion
 
• Meeting the Active Directory Need by Adding a Role
 
• Managing a Change Request for a RODC by the Using Command Line
 
• Developing a Management and Maintenance Plan
 
• Evaluating the Management and Maintenance Plan
 

After completing this module, students will be able to:

• Plan an Active Directory server deployment.
 
• Identify different approaches to Active Directory server deployment.
 
• Add and remove the AD DS server role with the Server Manager GUI.
 
• Evaluate the need for a new Active Directory role.
 
• Develop an ongoing management/maintenance plan.
 

Module 2: Creating Baselines for Active Directory Servers

This module explains how to create baselines using the Windows Reliability and Performance 
Monitor and through analysis, make decisions to improve server performance.

Lessons

• Methodologies for Implementing Baselines
 
• Using the Windows Reliability and Performance Monitor to Create Baselines
 
• Creating Baselines for Active Directory Servers
 

Lab: Creating Baselines for Active Directory Servers

• Involving Users in Baseline Development
 
• Choosing Relevant Windows Reliability and Performance Monitor (WRPM) Counters and 
Durations
 
• Evaluating and Revisiting a Baseline Document in the Face of Business Changes
 

After completing this module, students will be able to:

• Identify strategies for developing, monitoring, and reviewing baselines.
 
• Use the WRPM to create baselines.
 
• Create baselines for different Active Directory roles using the appropriate metrics.
 
• Generate ideas for involving users in baseline development.
 
• Choose the relevant WRPM counters and durations for an Active Directory Domain Controller.
 
• Explain how to revise an AD DS baseline document in the face of a doubling of the user 
community.
 

Module 3: Monitoring the System Health of the Active Directory Servers

This module explains how to create and evaluate a monitoring plan based on business needs and 
environments. It also explains how to determine the health of Active Directory servers using 
performance monitoring and even log triggers.

Lessons

• Overview of System Health
 
• Using Long-Term Monitoring to Identify Trends
 
• Setting Thresholds and Alerts for Short-Term Monitoring
 
• Choosing the Appropriate Server 2008 Monitoring Tools
 

Lab: Monitoring the Active Directory Server Roles

• Setting a Performance Alert to Meet a Business Goal
 
• Discussing Alert Response Strategies
 
• Building a Case for Configuration Change
 

After completing this module, students will be able to:

• Define system health, server health, and Active Directory health.
 
• Define the best procedures to ensure system health and optimal performance for Active Directory 
servers.
 
• Set thresholds and alerts that are used for short-term monitoring.
 
• Describe the Server 2008 monitoring tools and how to decide when the different tools are 
appropriate in different business situations.
 
• Set a performance alert using WPRM.
 
• Compare the pros and cons of both short-term and long-term alert response strategies.
 
• Explain which Server 2008 tools are available for building a case for a configuration change based 
on monitoring results.
 

Module 4: Managing Active Directory Domain Services

This module explains how to implement the methodology of maintaining Windows Server AD DS.

Lessons

• Restarting and Restoring the Active Directory
 
• Overview of the Flexible Single Master Operations (FSMO) Roles
 
• Evaluating Sites and Replication
 
• Managing Read-Only Domain Controllers (RODCs)
 
• Methods of Managing the Server Core
 
• Best Practices for Group Policy Objects and Links
 
• Delegating the Active Directory Administration
 

Lab: Managing the Active Directory Domain Services

• Offline Defragging of the NT Directory Service
 
• Evaluating a RODC with Read-Only DNS Solution
 
• Making Site Replication Decisions
 
• Group Policy Link Strategies
 

After completing this module, students will be able to:

• Describe the impact of Server 2008 methods for restarting Active Directory without rebooting.
 
• Restore deleted objects without restarting an AD DS server.
 
• Define the FSMO roles and the Global Catalog pseudo-role.
 
• Identify the exceptions to the standard Active Directory design rules.
 
• Explain the importance of site definitions and how to optimize the AD DS replication activity.
 
• Explain the functionality of RODCs and the key benefits with RODCs deployed.
 
• Explain the methods of managing Server Core.
 
• Identify the best practices for Group Policy objects and links.
 
• State the pros and cons of delegating administration of Active Directory.
 
• Perform an offline defrag of NTDS without rebooting.
 
• Evaluate a RODC.
 
• Change site replication latency.
 
• Propose Group Policy link strategies.
 

Module 5: Maintaining Security for Active Directory Servers

This module explains how to deploy proven methods to harden the Active Directory Servers.

Lessons

• Server Hardening Techniques
 
• Using the Microsoft Baseline Security Analyzer to Discover and Remove Security Holes
 
• Using Fine-Grained Password Policies to Simply Network Organization
 
• Planning Security Auditing
 
• Enhancing Physical Security
 

Lab: Maintaining Security for the Active Directory Servers

• Manually Implementing AD DS Server Hardening
 
• Assessing Ongoing Security Requirements
 
• Deploying Two Fine-Grained Password Policies
 
• Using AUDITPOL for Auditing
 

After completing this module, students will be able to:

• Describe the techniques used for manual server hardening.
 
• Deploy template-based server hardening using Group Policy.
 
• Use the MBSA to discover and remove security holes.
 
• Explain why you would use fine-grained password policies and how to maintain them.
 
• Describe when to perform security auditing and how to define a proper security baseline.
 
• Explain how to solve physical security problems and the ramifications of lax security policies.
 
• Plan a proper hardening policy for a given scenario.
 
• Assess ongoing security requirements with MBSA.
 
• Set up two fine-grained password policies.
 
• Use AUDITPOL for auditing.
 

Module 6: Managing Active Directory Service Roles

This module explains how to add the Service Roles to a Windows 2008 network.

Lessons

• Using Server 2008 Tools for Certificate Services
 
• Implementing Lightweight Directory Services
 
• Overview of Active Directory Federation Services
 
• Overview of Rights Management Services
 

Lab: Managing the Active Directory Service Roles

• Installing the AD LDS Role
 
• Identifying Ongoing Management Concerns
 
• Using Server 2008 Tools for Managing AD LDS
 

After completing this module, students will be able to:

• Use the Server 2008 tools to operate Certificate Services.
 
• Explain when to use LDS.
 
• Describe the deployment steps.
 
• Run the LDS using the Server 2008 tools.
 
• Identify management concerns with ADFS.
 
• Identify management concerns with Rights Management.
 
• Deploy an AD LDS instance on a 2008 Server.
 
• Identify ongoing management concerns for an Active Directory role.
 
• Use the Server 2008 tools to address specific concerns.