MCITP Server Administrator on Windows Server 2008

MCITP Server Administrator

Windows Server 2008 AD Configuration 640
Windows Server 2008 Network Infrastructure 642
Windows Server 2008 Server Administrator 646

 

A. Windows Server 2008 Active Directory Configuration    640

  • Maintaining the Active Directory environment (18 percent)
    • Configure backup and recovery.
      • May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin
    • Perform offline maintenance.
      • May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool
    • Monitor Active Directory.
      • May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell
  • Creating and maintaining Active Directory objects (18 percent)
    • Automate creation of Active Directory accounts.
      • May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join
    • Maintain Active Directory accounts.
      • May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts
    • Create and apply Group Policy objects (GPOs).
      • May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)
    • Configure GPO templates.
      • May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies
    • Deploy and manage software by using GPOs.
      • May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker
    • Configure account policies.
      • May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies
    • Configure audit policy by using GPOs.
      • May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting
  • Configuring Domain Name System (DNS) for Active Directory (18%)
    • Configuring Active Directory Roles and Services (14 percent)
      • Configure Active Directory Lightweight Directory Service (AD LDS). May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation
    • Configure Active Directory Rights Management Service (AD RMS).
      • May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE
    • Configure the read-only domain controller (RODC).
      • May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install
    • Configure Active Directory Federation Services (AD FSv2).
      • May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies
    • Configure zones.
      • May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup
    • Configure DNS server settings.
      • May include but is not limited to: forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging
    • Configure zone transfers and replication.
      • May include but is not limited to: configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions
  • Configuring the Active Directory infrastructure (17 percent)
    • Configure a forest or a domain.
      • May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep
    • Configure trusts.
      • May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering
    • Configure sites.
      • May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure
    • Configure Active Directory replication.
      • May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication
    • Configure the global catalog.
      • May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog
    • Configure operations masters.
      • May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service
  • Configuring Active Directory Certificate Services (15 percent)
    • Install Active Directory Certificate Services.
      • May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments
    • Configure CA server settings.
      • May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing
    • Manage certificate templates.
      • May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent
    • Manage enrollments.
      • May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping
    • Manage certificate revocations.
      • May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)

 

B. Windows Server 2008 Network Infrastructure    642

  • Configuring File and Print Services (20 percent)
    • Configure a file server.
      • May include but is not limited to: file share publishing; Offline Files; share permissions; NTFS permissions; encrypting file system (EFS); BitLocker; Access-Based Enumeration (ABE); branch cache; Share and Storage Management console
    • Configure Distributed File System (DFS).
      • May include but is not limited to: DFS namespace; DFS configuration and application; creating and configuring targets; DFS replication; read-only replicated folder; failover cluster support; health reporting
    • Configure backup and restore.
      • May include but is not limited to: backup types; backup schedules; managing remotely; restoring data; shadow copy services; volume snapshot services (VSS); bare metal restore; backup to remote file share
    • Manage file server resources.
      • May include but is not limited to: FSRM; quota by volume or quota by user; quota entries; quota templates; file classification; Storage Manager for SANs; file management tasks; file screening
    • Configure and monitor print services.
      • May include but is not limited to: printer share; publish printers to Active Directory; printer permissions; deploy printer connections; install printer drivers; export and import print queues and printer settings; add counters to Performance Monitor to monitor print servers; print pooling; print priority; print driver isolation; location-aware printing; print management delegation
  • Configuring Network Access (18 percent)
    • Configure remote access.
      • May include but is not limited to: dial-up; Remote Access Policy; Network Address Translation (NAT); VPN protocols, such as Secure Socket Tunneling Protocol (SSTP) and IKEv2; Routing and Remote Access Services (RRAS); packet filters; Connection Manager; VPN reconnect; RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP
    • Configure Network Access Protection (NAP).
      • May include but is not limited to: network layer protection; DHCP enforcement; VPN enforcement; RDS enforcement; configure NAP health policies; IPsec enforcement; 802.1x enforcement; flexible host isolation; multi-configuration System Health Validator (SHV)
    • Configure DirectAccess.
      • May include but is not limited to: IPv6; IPsec; server requirements; client requirements; perimeter network; name resolution policy table
    • Configure Network Policy Server (NPS).
      • May include but is not limited to: IEEE 802.11 wireless; IEEE 802.3 wired; group policy for wireless; RADIUS accounting; Connection Request policies; RADIUS proxy; NPS templates
  • Configuring Names Resolution (22 percent)
    • Configure a Domain Name System (DNS) server.
      • May include but is not limited to: conditional forwarding; external forwarders; root hints; cache-only; socket pooling; cache locking
    • Configure DNS zones.
      • May include but is not limited to: zone scavenging; zone types; Active Directory integration; Dynamic Domain Name System (DDNS); Secure DDNS; GlobalNames; zone delegation; DNS Security Extensions (DNSSEC); reverse lookup zones
    • Configure DNS records.
      • May include but is not limited to: record types; Time to live (TTL); weighting records; registering records; netmask ordering; DnsUpdateProxy group; round robin; DNS record security; auditing
    • Configure DNS replication.
      • May include but is not limited to: DNS secondary zones; DNS stub zones; Active Directory Integrated replication scopes; securing zone transfer; SOA refresh; auditing
    • Configure name resolution for client computers.
      • May include but is not limited to: configuring HOSTS file; Link-Local Multicast Name Resolution (LLMNR); broadcasting; resolver cache; DNS server list; Suffix Search order; DNS devolution
    • Configure IPv4 and IPv6 addressing.
      • May include but is not limited to: configure IP address options; subnetting; supernetting; multi-homed; interoperability between IPv4 and IPv6
    • Configure Dynamic Host Configuration Protocol (DHCP).
      • May include but is not limited to: DHCP options; creating new options; PXE boot; default user profiles; DHCP relay agents; exclusions; authorize server in Active Directory; scopes; DHCPv6
    • Configure routing.
      • May include but is not limited to: static routing; persistent routing; Routing Internet Protocol (RIP); metrics; choosing a default gateway; maintaining a routing table; demand-dial routing; IGMP proxy
    • Configure Windows Firewall with Advanced Security.
      • May include but is not limited to: inbound and outbound rules; custom rules; authorized users; authorized computers; configure firewall by using Group Policy; network location profiles; service groups; import/export policies; isolation policy; IPsec group policies; Connection Security Rules
  • Configuring Addressing and Services (21 percent)
    • Monitoring and Managing a Network Infrastructure (20 percent)
      • Configure Windows Server Update Services (WSUS) server settings. May include but is not limited to: update type selection; client settings; Group Policy object (GPO); client targeting; software updates; test and approval; disconnected networks
    • Configure performance monitoring.
      • May include but is not limited to: Data Collector Sets; Performance Monitor; Reliability Monitor; monitoring System Stability Index; page files; analyze performance data
    • Configure event logs.
      • May include but is not limited to: custom views; application and services logs; subscriptions; attaching tasks to events find and filter
    • Gather network data.
      • May include but is not limited to: Simple Network Management Protocol (SNMP); Network Monitor; Connection Security Rules monitoring

 

C. Windows Server 2008, Server Administrator    646

  • Planning for Server Deployment (19 percent)
    • Plan server installations and upgrades.
      • May include but is not limited to: Windows Server 2008 edition selection, rollback planning, Bitlocker implementation requirements
    • Plan for automated server deployment.
      • May include but is not limited to: standard server image, automation and scheduling of server deployments
    • Plan infrastructure services server roles.
      • May include but is not limited to: address assignment, name resolution, network access control, directory services, application services, certificate services
    • Plan application servers and services.
      • May include but is not limited to: virtualization server planning, availability, resilience, and accessibility
    • Plan file and print server roles.
      • May include but is not limited to: access permissions, storage quotas, replication, indexing, file storage policy, availability, printer publishing
  • Planning for Server Management (23 percent)
    • Plan server management strategies.
      • May include but is not limited to: remote administration, remote desktop, server management technologies, Server Manager and ServerManagerCMD, delegation policies and procedures
    • Plan for delegated administration.
      • May include but is not limited to: delegate authority, delegate Active Directory objects, application management
    • Plan and implement group policy strategy.
      • May include but is not limited to: GPO management, GPO backup and recovery, group policy troubleshooting, group policy planning
  • Monitoring and Maintaining Servers (20 percent)
    • Implement patch management strategy.
      • May include but is not limited to: operating system patch level maintenance, Windows Server Update Services (WSUS), application patch level maintenance
    • Monitor servers for performance evaluation and optimization.
      • May include but is not limited to: server and service monitoring, optimization, event management, trending and baseline analysis
    • Monitor and maintain security and policies.
      • May include but is not limited to: remote access, monitor and maintain NPAS, network access, server security, firewall rules and policies, authentication and authorization, data security, auditing
  • Planning Application and Data Provisioning (19 percent)
    • Provision applications.
      • May include but is not limited to: presentation virtualization, terminal server infrastructure, resource allocation, application virtualization alternatives, application deployment, System Center Configuration Manager
    • Provision data.
      • May include but is not limited to: shared resources, offline data access
  • Planning for Business Continuity and High Availability (19 percent)
    • Plan storage.
      • May include but is not limited to: storage solutions, storage management
    • Plan high availability.
      • May include but is not limited to: service redundancy, service availability
    • Plan for backup and recovery.
      • May include but is not limited to: data recovery strategy, server recovery strategy, directory service recovery strategy, object level recovery