Configuring Domain Name System (DNS) for Active Directory (17%) DNS

Configure a forest or a domain. remove a domain perform an unattended installation

Configure zones. Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS) and Secure Dynamic DNS (SDDNS) Time to Live (TTL) GlobalNames Primary, Secondary, Active Directory Integrated, Stub SOA zone scavenging forward lookup reverse lookup Configure DNS server settings. forwarding root hints configure zone delegation round robin disable recursion debug logging server scavenging Configure zone transfers and replication. configure replication scope (forestDNSzone; domainDNSzone) incremental zone transfers DNS Notify secure zone transfers configure name servers application directory partitions

Active Directory Migration Tool (ADMT) change forest and domain functional levels interoperability with previous versions of Active Directory multiple user principal name (UPN) suffixes forestprep domainprep Configure trusts. forest trust selective authentication vs. forest-wide authentication transitive trust external trust shortcut trust SID filtering Configure sites. create Active Directory subnets configure site links configure site link costing configure sites infrastructure Configure Active Directory replication. DFSR one-way replication Bridgehead server replication scheduling configure replication protocols force intersite replication Configure the global catalog.

Configuring the Active Directory infrastructure (17 percent) AD DS Infra

Universal Group Membership Caching (UGMC) partial attribute set promote to global catalog

Configure operations masters. seize and transfer backup operations master operations master placement Schema Master extending the schema time service

staged install Configure Active Directory Federation Services (AD FSv2). install AD FS server role exchange certificate with AD FS agents configure trust policies configure user and group claim mapping import and export trust policies

Configuring Active Directory Roles and Services (14 percent) AD DS Roles and Services

Creating and maintaining Active Directory objects (18 percent) ADDS Objects

Configure Active Directory Lightweight Directory Service (AD LDS). migration to AD LDS configure data within AD LDS configure an authentication server Server Core Installation Configure Active Directory Rights Management Service (AD RMS). certificate request and installation self-enrollments delegation create RMS templates RMS administrative roles RM Add-on for IE Configure the read-only domain controller (RODC). replication Administrator role separation read-only DNS BitLocker credential caching password replication syskey read-only SYSVOL

Automate creation of Active Directory accounts. bulk import configure the UPN create computer, user, and group accounts (scripts, import, migration) template accounts contacts distribution lists offline domain join Maintain Active Directory accounts. manage computer accounts configure group membership account resets delegation AGDLP/AGGUDLP deny domain local group local vs. domain Protected Admin disabling accounts vs. deleting accounts deprovisioning contacts

creating organizational units (OUs) delegation of control protecting AD objects from deletion managed service accounts Create and apply Group Policy objects (GPOs). enforce, OU hierarchy, block inheritance, and enabling user objects

account lockout policy fine-grain password policies Configure audit policy by using GPOs. audit logon events audit account logon events audit policy changevaudit access privilege use audit directory service access

group policy processing priority WMI group policy filtering group policy loopback Group Policy Preferences (GPP) Configure GPO templates. user rights ADMX Central Store administrative templates

audit object access advanced audit policies global object access auditing Reason for Access reporting

Maintaining the Active Directory environment (18 percent) Maintaining AD DS

Configure backup and recovery. using Windows Server Backup back up files and system state data to media

security templates restricted groups security options starter GPOs shell access policies Deploy and manage software by using GPOs. publishing to users assigning software to users assigning to computers software removal software restriction policies AppLocker Configure account policies. domain password policy

backup and restore by using removable media perform an authoritative or non-authoritative restores linked value replication Directory Services Recovery Mode (DSRM) backup and restore GPOs configure AD recycle bin Perform offline maintenance. offline defragmentation and compaction Restartable Active Directory Active Directory database mounting tool Monitor Active Directory. event viewer subscriptions data collector sets real-time monitoring

analyzing logs WMI queries PowerShell

x.509 certificate mapping Manage certificate revocations. configure Online Responders Certificate Revocation List (CRL)

Configuring Active Directory Certificate Services (15 percent) AD CS

CRL Distribution Point (CDP) Authority Information Access (AIA)

Install Active Directory Certificate Services. certificate authority (CA) types, including standalone, enterprise, root, and subordinate role services prepare for multiple-forest deployments Configure CA server settings. key archival certificate database backup and restore assigning administration roles high-volume CAs auditing Manage certificate templates. certificate template types securing template permissions managing different certificate template versions key recovery agent Manage enrollments. network device enrollment service (NDES) auto enrollment Web enrollment extranet enrollment smart card enrollment authentication mechanism assurance creating enrollment agents deploying multiple-forest certificates

Skills Being Measured 1. Configuring Addressing and Services (24 percent)

authorized users authorized computers configure firewall by using Group Policy

Configure IPv4 and IPv6 addressing. configure IP address options subnetting supernetting multi-homed interoperability between IPv4 and IPv6 Configure Dynamic Host Configuration Protocol (DHCP). DHCP options creating new options PXE boot

network location profiles service groups import/export policies isolation policy IPsec group policies Security Rules

Configuring Names Resolution (27 percent)

Configure a Domain Name System (DNS) server. conditional forwarding

default user profiles DHCP relay agents exclusions authorize server in Active Directory scopes DHCPv6 Configure routing. static routing persistent routing Routing Internet Protocol (RIP) metrics hoosing a default gateway maintaining a routing table demand-dial routing IGMP proxy Configure Windows Firewall with Advanced Security. inbound and outbound rules custom rules

external forwarders root hints cache-only socket pooling cache locking Configure DNS zones. zone scavenging zone types Active Directory integration Dynamic Domain Name System (DDNS) Secure DDNS GlobalNames zone delegation DNS Security Extensions (DNSSEC) reverse lookup zones Configure DNS records. record types Time to live (TTL)

weighting records registering records netmask ordering DnsUpdateProxy group round robin DNS record security auditing Configure DNS replication. DNS secondary zones DNS stub zones Active Directory Integrated replication scopes securing zone transfer SOA refresh auditing Configure name resolution for client computers. configuring HOSTS file Link-Local Multicast Name Resolution (LLMNR) broadcasting resolver cache DNS server list Suffix Search order DNS devolution

packet filters Connection Manager VPN reconnect RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP Configure Network Access Protection (NAP). network layer protection DHCP enforcement VPN enforcement RDS enforcement configure NAP health policies IPsec enforcement 802.1x enforcement flexible host isolation multi-configuration System Health Validator (SHV) Configure DirectAccess. IPv6 IPsec server requirements client requirements perimeter network name resolution policy table Configure Network Policy Server (NPS). IEEE 802.11 wireless

Configuring Network Access (22 percent)

IEEE 802.3 wired group policy for wireless

Configure remote access. dial-up Remote Access Policy Network Address Translation (NAT) VPN protocols, such as Secure Socket Tunneling Protocol (SSTP) and IKEv2 Routing and Remote Access Services (RRAS)

RADIUS accounting Connection Request policies RADIUS proxy NPS templates

Configuring File and Print Services (13 percent)

Configure a file server. file share publishing Offline Files share permissions NTFS permissions encrypting file system (EFS) BitLocker Access-Based Enumeration (ABE) branch cache Share and Storage Management console Configure Distributed File System (DFS). DFS namespace DFS configuration and application creating and configuring targets DFS replication read-only replicated folder failover cluster support health reporting Configure backup and restore. backup types backup schedules managing remotely restoring data shadow copy services volume snapshot services (VSS) bare metal restore backup to remote file share Manage file server resources. FSRM quota by volume or quota by user quota entries quota templates

file classification Storage Manager for SANs file management tasks file screening Configure and monitor print services. printer share publish printers to Active Directory printer permissions deploy printer connections install printer drivers export and import print queues and printer settings add counters to Performance Monitor to monitor print servers print pooling print priority print driver isolation location-aware printing print management delegation

Monitoring and Managing a Network Infrastructure (14 percent)

Configure Windows Server Update Services (WSUS) server settings. update type selection client settings Group Policy object (GPO) client targeting software updates test and approval disconnected networks Configure performance monitoring. Data Collector Sets Performance Monitor Reliability Monitor

monitoring System Stability Index page files analyze performance data Configure event logs. custom views application and services logs subscriptions attaching tasks to events find and filter Gather network data. Simple Network Management Protocol (SNMP) Network Monitor Connection Security Rules monitoring

Planning for Server Deployment

remote desktop server management technologies

Plan server installations and upgrades. Windows Server 2008 edition selection rollback planning Bitlocker implementation requirements Plan for automated server deployment. standard server image automation and scheduling of server deployments Plan infrastructure services server roles. address assignment name resolution network access control directory services application services certificate services Plan application servers and services. virtualization server planning availability resilience and accessibility Plan file and print server roles. access permissions storage quotas replication indexing file storage policy availability printer publishing Planning for Server Management (23 percent) Plan server management strategies. remote administration

Server Manager and ServerManagerCMD delegation policies and procedures Plan for delegated administration. delegate authority delegate Active Directory objects application management Plan and implement group policy strategy. GPO management GPO backup and recovery group policy troubleshooting group policy planning Monitoring and Maintaining Servers (20 percent) Implement patch management strategy. operating system patch level maintenance Windows Server Update Services (WSUS) application patch level maintenance Monitor servers for performance evaluation and optimization. server and service monitoring optimization event management trending and baseline analysis Monitor and maintain security and policies. remote access monitor and maintain NPAS network access server security firewall rules and policies authentication and authorization data security auditing

Planning Application and Data Provisioning (19 percent) Provision applications. presentation virtualization terminal server infrastructure resource allocation application virtualization alternatives application deployment System Center Configuration Manager Provision data. shared resources offline data access Planning for Business Continuity and High Availability (19 percent) Plan storage. storage solutions storage management Plan high availability. service redundancy service availability Plan for backup and recovery. data recovery strategy server recovery strategy directory service recovery strategy object level recovery