Presentation is loading. Please wait.

Presentation is loading. Please wait.

MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) Chapter 1 Designing Active Directory Domain Services.

Published byMarilynn Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) Chapter 1 Designing Active Directory Domain Services."— Presentation transcript:

1 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) Chapter 1 Designing Active Directory Domain Services

2 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 2 Learning Objectives Create a virtual lab for testing different forest and domain designs Plan for different domain and forest functional levels Design Active Directory Domain Services domains and forests Design trusts and implement a forest trust

3 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 3 Learning Objectives (cont’d.) Prepare forests and domains for Windows Server 2008 Create and use an alternative UPN Understand different tools used to migrate Active Directory objects

4 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 4 The Active Directory..service is a distributed database that stores and manages information about network resources, as well as application- specific data from directory-enabled applications. Active Directory allows administrators to organize objects of a network (such as users, computers, and devices) into a hierarchical collection of containers known as the logical structure. The top-level logical container in this hierarchy is the forest. Within a forest are domain containers, and within domains are organizational units. Forest Root Domain Trees and Child Domains Domain Names

5 Basic Review of Active Directory Domain Services Active Directory domain –Administrative boundary –Holds a database of objects MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 5 Figure 1-1 A two-tree, four-domain forest Courtesy Course Technology/Cengage Learning

6 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 6 Active Directory Tree One or more domains with common namespace –Includes top-level name (.com) and second-level name (Cengage) Multiple trees within a forest allowed Tree domains in the same forest –All domains share the same schema and global catalog

7 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 7 Active Directory Forest Includes one or more trees –Comprised of one or more domains –A single root domain is a forest Considered a security boundary Forest Enterprise Admins group –Can administer any domain in the forest –Cannot administer domains in other forests Common schema and common global catalog –Shared by all forest domains Built-in trust relationships with every other forest domain

8 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 8 Schema Defines creatable Active Directory objects –User, computer, group Each has specific properties defined by the schema If object not defined in the schema: –Object cannot be added to Active Directory Schema modification –ADPrep: Active Directory preparation tool

9 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 9 Trusts When second or subsequent domain added to a forest: –Trust relationships automatically added to the parent domain –Allows child domain users access to parent domain resources Parent domain users can be granted access to child domain resources Trusts within a forest: transitive trusts Each time that you create a new domain in a forest, a two-way, transitive trust relationship is automatically created between the new domain and its parent domain..

10 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 10 Global Catalog Listing of all forest objects Single-domain forest: includes all domain objects (all forest objects) Multi-domain forest: includes all objects from each forest domain –Includes subset of object properties Hosted on a domain controller –At least one GC server required for each domain Lightweight Directory Access Protocol (LDAP) –Used to query GC Active Directory information

11 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 11 Organizational Units Used within a domain to organize objects Reasons for creating Organizational Unit (OU) –Use Group Policy to manage users and computers –Delegate permissions to administrators to manage a group of user and computer objects Used to organize objects –Easier for administrators to manage them

12 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 12 Group Policy Automates domain user and computer management and administration Settings created once in Group Policy object (GPO) –Linked to a site, domain, or OU Becomes the GPO’s scope GPO settings apply to all users and computers in the GPO scope Group Policy Management Console (GPMC) –Primary tool for managing Group Policy –Two default Group Policies created in each domain Default Domain Group Policy Default Domain Controller Group Policy

13 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 13 Site Group of well-connected computers or well- connected subnets Example: –Rooms within a single building Connected with a 1-Gb local area network (LAN) –Second building well connected with a 1-Gb LAN –Two buildings linked together with a 256-Kb connection –Each building considered a site –Two buildings not well connected to each other

14 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 14 Creating a Learning Environment Lab 60 mins Use Microsoft’s Virtual PC Assume knowledge of Windows Server 2008 installation and how to run DCpromo Microsoft Virtual PC free download at: –http://www.microsoft.com/downloadshttp://www.microsoft.com/downloads Search for “Microsoft Virtual PC SP1” Activity 1-1: Creating a Virtual PC Environment Activity 1-2: Promoting DC1 to a Domain Controller

15 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 15 Figure 1-2 Starting the Virtual PC console Courtesy Course Technology/Cengage Learning

16 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 16 Figure 1-3 Configuring the virtual machine network adapter to Local only Courtesy Course Technology/Cengage Learning

17 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 17 Activity 1-2 Promoting DC1 to a Domain Controller Lab Time 25 minutes

18 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 18 Understanding Domain and Forest Functional Levels Functional level applied –Dictates available capabilities within domains and forest As functional levels rise: –More capabilities added Cannot raise levels –Until all domain controllers running specific versions of Windows Server Can only raise forest functional level –When all domains have reached the same level

19 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 19 Understanding Domain and Forest Functional Levels (cont’d.) Can only raise domain functional level –When all domain controllers running the appropriate versions of Windows Server Design plan steps –Verify all domain controllers running at least Windows Server 2003 –Raise domain functional levels of each domain in each forest to at least Windows Server 2003 –Raise forest functional level of each forest to at least Windows Server 2003

20 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 20 Domain Functional Level Provide different capabilities Domain functional levels: –Windows Server 2000 Native –Windows Server 2003 –Windows Server 2008 –Windows Server 2008 R2 Key concept –Domain functional levels directly related to the domain controllers in the domain Default domain functional level –Windows Server 2000 Native

21 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 21 Table 1-1 Domain Functional Level Features

22 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 22 Domain Functional Level (cont’d.) Servers running older server operating systems cannot be promoted to domain controllers –Once domain functional level raised Windows Server 2008 significant addition –Fine-grained password and account lockout policies Activity 1-3: Raising the Domain Functional Level

23 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 23 Figure 1-4 Raising the domain functional level in Active Directory Users and Computers Courtesy Course Technology/Cengage Learning

24 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 24 Forest Functional Level Capabilities Apply to all domains in the forest –Can be applied when all domains have been raised Cannot raise forest functional level –Until all domains raised Example: forest functional level of Windows Server 2008 –Indicates every domain and domain controller in the forest must be running at least Windows Server 2008 Active Directory Domains and Trusts –Used to raise forest functional level

25 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 25 Table 1-2 Forest Functional Level Features

26 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 26 Activity 1-4 Raising the Forest Functional Level 15 Minutes

27 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 27 Forest Functional Level Capabilities (cont’d.) Activity 1-4: Raising the Forest Functional Level Figure 1-5 Raising the forest functional level in Active Directory Domains and Trusts Courtesy Course Technology/Cengage Learning

28 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 28 Designing Active Directory Domains and Forests Involves determining forest and domain structure –Logical structure of Active Directory Primary questions –How many forests needed? –How many domains needed? Single-domain forest (Should be considered first) –Works for the majority of Active Directory designs –Compared with multiple domains and multiple forests Easier to manage and maintain Reduces potential problems

29 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 29 Autonomy vs. Isolation Requirements –Determined by business needs –Implemented by creating one or more forests Important points –Autonomy Provides independent, but not exclusive resource control –Isolation Provides independent and exclusive resource control

30 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 30 Autonomy Independence achieved by: –Creating separate domains within a forest Does not provide exclusive control Service autonomy –Organization independently manages the service Manages a child domain within a forest Data autonomy –Organization independently manages the data Store all objects in an Organizational Unit (OU) Use the Delegation of Control Wizard

31 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 31 Isolation Achieved by creating a separate forest –Resource sharing still allowed Summary –If part of an organization needs autonomy: Delegated control over an OU can provide data autonomy A separate domain in the forest can provide service autonomy –If complete isolation required: Design must include a separate forest

32 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 32 Creating a Separate Forest for a Separate Schema If extensive schema changes required for a specific company department or branch –Create a separate forest for this group Provides isolation for the group Limits schema complexities for most of the other users Schema changes used by the specific group –Not seen in the primary forest One-way forest trust used for access to resources in the forest used by the majority of the users

33 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 33 Identifying Bandwidth Requirements for a Forest Replication within a well-connected site –Rarely a problem Replication occurring over a wide area network (WAN) –Bandwidth consumption raises concerns Create two separate forests to eliminate the replication traffic Replication between domains in a forest –Less extensive and does not include all domain controllers (Only to DCs with GC on them)

34 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 34 Identifying Domain Requirements Start the design with a single domain –Can handle more than 100,000 users Primary reason to create an additional domain –Provide service autonomy within a forest Additional reasons to create separate domains –Control replication traffic over WAN links –Protect root domain (and Enterprise Admins group) –Protect the root domain And the accounts and groups in it

35 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 35 Identifying Domain Requirements (cont’d.) Microsoft specific recommendations –Provide valid starting points Table 1-3 Maximum Users in a Domain

36 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 36 Activity 1-5 Creating Forest Trust With Selective Authentication 40 Minutes Activity 1-6 Configuring DNS to Support the Forest Trust 30 Minutes

37 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 37 Understanding Trusts Trust relationships –Automatically created between domains in a forest –Created between individual domains in different forests or between forests –Can be one-way or two-way –Can be transitive or non-transitive

38 One-way and Two-way Trusts Users in Domain B (trusted domain) granted access to resources in Domain A (trusting domain) –Expressed as Domain A trusts Domain B If arrow points both ways (two one-way arrows): –Two-way trust relationship exists MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 38 Figure 1-6 Typical one-way trust relationship Courtesy Course Technology/Cengage Learning

39 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 39 Transitive and Non-Transitive Trusts Non-transitive trust –Creates an explicit trust relationship between two domains Not transferred to any other domains Transitive trust –Granted between several domains No explicit trust relationships created between the different domains

40 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 40 Figure 1-7 Transitive trusts in a forest Courtesy Course Technology/Cengage Learning

41 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 41 Transitive and Non-Transitive Trusts (cont’d.) Without transitive trusts: –Explicit trust relationships needed between each domain Managed in Active Directory Domains and Trusts Figure 1-8 Viewing a trust in Active Directory Domains and Trusts Courtesy Course Technology/Cengage Learning

42 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 42 Creating Trusts Between Forests Trust relationships between domains in two separate forests –External trust Non-transitive –Forest trust Transitive Forest trusts –Became available in Windows Server 2003 –Allows the creation of one transitive trust between all domains

43 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 43 Choosing the Authentication Method Forest-wide authentication –Windows automatically authenticates users in other forests Allowing resource access in the local forest –Still requires user access No restriction on which users granted access Selective authentication –Prevents automatic authentication of users in the other forests Allowed To Authenticate permission required

44 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 44 Figure 1-9 Choosing the trust authentication level Courtesy Course Technology/Cengage Learning

45 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 45 Choosing the Authentication Method (cont’d.) Forest-wide authentication –Any user can be authenticated –Only use if organization implicitly trusts the other organization Activity 1-5: Creating a Forest Trust with Selective Authentication Activity 1-6: Configuring DNS to Support the Forest Trust

46 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 46 Granting Access to Users in Another Forest Figure 1-11 Selecting users from another forest Courtesy Course Technology/Cengage Learning

47 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 47 Granting Access to Users in Another Forest (cont’d.) Once a forest trust created –Can grant access to resources in one domain to users in another domain Once the other domain selected as the location –Users in the other domain can be located and granted access to the resource Same procedure used for forest-wide authentication or selective authentication Selective authentication requires an additional step

48 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 48 Implementing Selective Authentication Implementing selective authentication on a forest trust –Requires the Allowed to Authenticate permission on each server or computer where access granted –Accomplished through Active Directory Users and Computers Activity 1-7: Granting the Allowed to Authenticate Permission

49 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 49 Figure 1-12 Granting Allowed to Authenticate permission to the Domain Admins group in a trusted domain Courtesy Course Technology/Cengage Learning

50 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 50 Using ADPrep Command-line tool available in the installation DVD Sources\ADPrep folder –Must be run with elevated permissions Needed if forest started with servers other than Windows Server 2008 Three major switches –/ForestPrep –/DomainPrep –/RODCPrep

51 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 51 Preparing the Forest ADPrep /ForestPrep command –Modifies forest schema –Run on server currently hosting the schema operations master role –Requires membership in each of the following groups Enterprise Admins group Schema Admins Group From the installation DVD run: –D:\Sources\ADPrep\ADPrep /ForestPrep –Provide time for replication

52 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 52 Preparing a Domain Run ADPrep /DomainPrep command after ADPrep /ForestPrep Run on server holding infrastructure operations master role –Must be Domain Admins group member –Need administrative permissions command prompt After command runs: –Can promote Windows Server 2008 and Windows Server 2008 R2 servers to domain controllers Can also run ADPrep /DomainPrep /GPPrep

53 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 53 Preparing for RODCs Run the ADPrep /RODCPrep command Required even if first domain controller in the forest created on a Windows Server 2008 or Windows Server 2008 R2 server Can be run on any domain controller in the forest Only needs to be run once Must be a member of the Enterprise Admins group: –To run this command

54 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 54 Migration Strategies Reasons for redesign: –Accommodate organization restructure –Reflect changes in the organization physical layout –Reduce organization complexity By reducing the number of domains or forests Factors affecting the upgrade or migration –Time constraints –Resource availability –Funding –Application compatibility

55 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 55 Active Directory Migration Tool (ADMT) Migrates objects from one domain to another –Within the same forest or between different forests Objects commonly migrated: –Users, computers, groups Current ADMT version: version 3.1 –Free copy available at Microsoft’s download site ADMT source: where accounts migrating from ADMT destination: where accounts migrating to

56 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 56 ADMT Versions Needed for Different Functional Levels Functional level required for target domain: –Windows Server 2000 Native –Windows Server 2003 –Windows Server 2008 ADMT 3.1 or > Cannot migrate objects from Windows 2000 mixed domain functional level –Must remove or upgrade NT 4.0 domain controllers Then raise the domain functional level –Can also use ADMT v3.0 to migrate objects from NT 4.0 domains

57 Interforest and Intraforest Migration Interforest migration –Objects migrated between domains in separate forests Intraforest migration –Objects migrated between domains in the same forest MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 57 Table 1-4 Comparison of Interforest and Intraforest Migrations

58 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 58 Understanding and Using SID History Security identifier (SID) –Uniquely identifies a domain/forest object –Created when object created –Grants access to any objects in the domain Discretionary Access Control List (DACL) –Controls access to any domain resource

59 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 59 Figure 1-13 Viewing SIDs in a DACL Courtesy Course Technology/Cengage Learning

60 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 60 Understanding and Using SID History (cont’d.) Implementing SID history –Allows importing of the original SID when importing the account –Users retain access to data and resources ADMT supports SID history retention –Account can support multiple SIDs Included in SID history

61 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 61 Using SID Filtering Used when SID history presents security risk –If attacker obtains SID history data: Attacker can assign these SIDs to the SID history attributed to accounts he creates in his own domain New accounts have access to resources based on the SIDs listed in SID history Also referred to as SID filter quarantining Risk prevention –Blocks the use of any SIDs not originating in the same domain

62 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 62 Using SID Filtering (cont’d.) Disable SID filtering –Run Netdom command on the trusting domain Requires command prompt with elevated permissions Requires Domain Admins or Enterprise Admins group account member Netdom trust /domain: /quarantine:No /userD: /passwordD: –Use only after careful consideration

63 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 63 Figure 1-14 One-way trust between Cengage and CT Courtesy Course Technology/Cengage Learning

64 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 64 Using SID Filtering (cont’d.) Activity 1-8: Verifying SID Filtering Status Figure 1-15 Disabling SID filtering Courtesy Course Technology/Cengage Learning

65 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 65 Using Alternative UPN Suffixes User Principal Name (UPN) –Allows a user to log on with an account that looks like an e-mail address May create alternative UPN suffixes –Assign these to users in the domain Activity 1-9: Creating an Alternative UPN Suffix

66 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 66 Figure 1-16 Creating an alternative UPN suffix Courtesy Course Technology/Cengage Learning

67 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 67 Figure 1-17 Assigning an alternative UPN suffix to a user account Courtesy Course Technology/Cengage Learning

68 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 68 Installing the ADMT Install and run ADMT v3.1 on a Windows Server 2008 domain controller –In the target domain –Previous ADMT versions on this domain controller Should be uninstalled first Activity 1-10: Installing ADMT 20 minutes

69 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 69 Enabling SID History for ADMT Steps: –Create a domain local group in the source domain Named netBiOSDomainName$$$ –Modify registry of the PDC emulator on the source domain Create a DWord value of TcpipClientSupport in the HKEY_LOCAL_MACHINE\System\CurrentControlSet\C ontrol\LSA subkey Set the value to one

70 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 70 Enabling SID History for ADMT (cont’d.) Steps (cont’d.) –Enable Success and Failure for Account Management in the Default Domain Controller Policy Both the source and target domains –Install and configure the Password Export Server (PES) service tool

71 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 71 Running ADMT After installing ADMT v3.1 –Migration process can begin Requires trust relationship between target and forest domains Trust examples: –Trust between two domains in the same forest Can be a direct parent-child trust or a transitive trust –External trust between two domains in different forests –Forest trust between two separate forests Activity 1-11: Running a Test Migration with ADMT

72 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 72 Figure 1-18 Selecting Group Account Migration Courtesy Course Technology/Cengage Learning

73 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 73 Figure 1-19 Completing the source and target domain selections Courtesy Course Technology/Cengage Learning

74 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 74 Figure 1-20 Successfully migrating a group Courtesy Course Technology/Cengage Learning

75 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 75 Activity 11-1 Running A Test Migration With ADMT 30 Minutes

76 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 76 Summary Active Directory basics –Tree, forest, schema, trusts, global catalog, Organizational Unit, Group Policy, site Domain and forest functional levels –Dictate available features Design considerations –Autonomy and isolation, separate forests, bandwidth requirements, domain requirements Active Directory Preparation (ADPrep) tool

77 MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) 77 Summary (cont’d.) Trusts –One-way and two-way trusts, transitive and non- transitive trusts, trusts between forests Authentication methods –Forest-wide and selective authentication Migration considerations –Active Directory Migration Tool (ADMT) –Interforest and intraforest migration –SID history and SID filtering Using the Netdom command

Download ppt "MCITP Guide to Microsoft Windows Server 2008 Enterprise Administration (Exam #70-647) Chapter 1 Designing Active Directory Domain Services."

Similar presentations

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.

70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory, Enhanced Chapter 1: Introduction to Active Directory.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
Chapter 4 Chapter 4: Planning the Active Directory and Security.

Chapter 4 Chapter 4: Planning the Active Directory and Security.
Introduction to Active Directory

Introduction to Active Directory
6.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
Administering Active Directory

Administering Active Directory
By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.

By Rashid Khan Lesson 4-Preparing to Serve: Understanding Microsoft Networking.
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.

Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
Chapter 4 Introduction to Active Directory and Account Management

Chapter 4 Introduction to Active Directory and Account Management
7.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.

7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Understanding Active Directory

Understanding Active Directory
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 1: Introduction to Windows Server 2003.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Chapter 7 WORKING WITH GROUPS.

Chapter 7 WORKING WITH GROUPS.
Hands-On Microsoft Windows Server 2008

Hands-On Microsoft Windows Server 2008
Vikram Thakur Introduction to Active Directory Structure.

Vikram Thakur Introduction to Active Directory Structure.
MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 10: Configuring and Maintaining the Active Directory Infrastructure.

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory Chapter 10: Configuring and Maintaining the Active Directory Infrastructure.

Similar presentations

Ads by Google