MCTS 70-640 Cert Guide

MCTS 70-640 Cert Guide : Windows Server 2008 Active Directory, Configuring

3.53 (13 ratings by Goodreads)
By (author) 

List price: US$63.99

Currently unavailable

We can notify you when this item is back in stock

Add to wishlist

AbeBooks may have this title (opens in new window).

Try AbeBooks


Learn, prepare, and practice for exam success

Master every topic on Microsoft's new MCTS 70-640 exam.
Assess your knowledge and focus your learning.
Get the practical workplace knowledge you need!

CD Includes Complete Sample Exam

Start-to-finish MCTS 70-640 preparation from top Microsoft technology consultant, trainer, and author Don Poulton!

Master every MCTS 70-640 topic!

DNS and domain installation, including zones
AD Domain Services installation
Upgrading older domains
Server settings and replication
Global catalogs and operations masters
Site management and data replication
AD LDS, AD FS, and AD RMS roles
Read-Only Domain Controller deployment
User/group account management
Trust relationships, including troubleshooting
Group Policy Object configuration, usage, and hierarchies
Software deployment via group policies
Account and audit policy management
Monitoring and maintenance
Certificate Services installation, configuration, and management

Test your knowledge, build your confidence, and succeed!

Packed with visuals to help you learn fast
Dozens of troubleshooting scenarios
Real-world MCTS 70-640 prep advice from experts
Easy-to-use exam preparation task lists

From Don Poulton, professional Microsoft technology consultant, IT training expert, and best-selling exam guide author

Don Poulton (A+, Network+, Security+, MCSA, MCSE) is an independent consultant who has been involved with computers since the days of 80-column punch cards. He has consulted extensively with training providers, preparing training and exam prep materials for Windows technologies. He has written or contributed to several Que titles, including MCTS 70-680 Cert Guide: Microsoft (R) Windows 7, Configuring; Security+ Lab Manual; and MCSA/MCSE 70-299 Exam Cram 2.

CD Includes Complete Sample Exam

Detailed explanations of correct and incorrect answers
Multiple test modes
Random questions and order of answers

Shelving Category: Certification/Microsoft
show more

Product details

  • Mixed media product | 880 pages
  • 194 x 234 x 50mm | 1,560g
  • Pearson It Certification
  • Upper Saddle River, United States
  • English
  • 0789747081
  • 9780789747082
  • 1,619,018

Table of contents

Introduction 3

Goals and Methods 3

How This Book Is Organized 4

Study and Exam Preparation Tips 7

Learning Styles 7

Study Tips 8

Study Strategies 9

Pretesting Yourself 10

Exam Prep Tips 10

Microsoft 70-640 Exam Topics 12

Chapter 1 Getting Started with Active Directory 17

The Foundation of Active Directory 17

X.500 17


Naming Standards of X.500 and LDAP 19

Distinguished Names 19

Relative Distinguished Names 20

User Principal Names 21

Globally Unique Identifiers 21

Security Identifiers 21

Active Directory Canonical Names 22

The Building Blocks of Active Directory 22

Namespaces 22

Objects 23

Containers 24

Schemas 24

Global Catalogs 24

Partitions 25

Logical Components of Active Directory 26

Domains 26

Trees 27

Forests 27

Organizational Units 29

Sites 30

Domain Controllers 31

Global Catalog Servers 31

Operations Masters 32

New Features of Active Directory in Windows Server 2008 33

Server Manager 35

Adding Roles and Features 36

Command-Line Server Management 36

Windows Server 2008 R2 37

Summary 40

Chapter 2 Installing and Configuring DNS for Active Directory 43

"Do I Know This Already?" Quiz 43

The Hierarchical Nature of DNS 48

Installing DNS on Windows Server 2008 R2 49

Configuring DNS Zones 51

DNS Zone Types 52

Primary Zones 53

Secondary Zones 53

Stub Zones 53

Active Directory-Integrated Zones 53

GlobalNames Zones 54

DNS Name Server Roles 55

Primary Name Server 55

Secondary Name Server 55

Caching-Only Server 56

Forwarders 56

Creating DNS Zones 57

Forward Lookup Zones 57

Reverse Lookup Zones 59

DNS Resource Records 61

Configuring DNS Zone Properties 62

Configuring Zone Types 63

Adding Authoritative DNS Servers to a Zone 63

Dynamic, Nondynamic, and Secure Dynamic DNS 64

Zone Scavenging 65

Time to Live 66

Integrating DNS with WINS 68

Command-Line DNS Server Administration 69

Review All the Key Topics 71

Complete the Tables and Lists from Memory 71

Definitions of Key Terms 71

Chapter 3 Installing Active Directory Domain Services 73

"Do I Know This Already?" Quiz 73

Planning the Active Directory Namespace 77

Subdividing the Active Directory Namespace 77

Administrative or Geographical Organization of Domains 78

Use of Multiple Trees 79

Best Practices 80

Creating Forests and Domains 81

Requirements for Installing Active Directory Domain Services 81

Installing Active Directory Domain Services 82

New Forests 83

New Domains in Existing Forests 88

Existing Domains 89

Performing Unattended Installations of Active Directory 90

Server Core Domain Controllers 92

Removing Active Directory 92

Interoperability with Previous Versions of Active Directory 93

Forest and Domain Functional Levels 94

Upgrading Domain and Forest Functional Levels 95

The Adprep Utility 96

Running the Adprep /forestprep Command 96

Running the Adprep /domainprep Command 97

Upgrading a Windows Server 2003 Domain Controller 97

Additional Forest and Domain Configuration Tasks 98

Verifying the Proper Installation of Active Directory 98

Active Directory Migration Tool v.3.1 100

Alternative User Principal Name Suffixes 101

Review All the Key Topics 103

Complete the Tables and Lists from Memory 103

Definitions of Key Terms 104

Chapter 4 Configuring DNS Server Settings and Replication 107

"Do I Know This Already?" Quiz 107

Configuring DNS Server Settings 112

Forwarding 112

Conditional Forwarders 114

Root Hints 116

Configuring Zone Delegation 117

Debug Logging 119

Event Logging 121

DNS Security Extensions 121

Advanced Server Options 123

Server Options 123

Round Robin 124

Disable Recursion 125

Name Checking 125

Loading Zone Data 126

Server Scavenging 126

Monitoring DNS 127

Configuring Zone Transfers and Replication 128

Replication Scope 128

Types of Zone Transfers 130

Full Zone Transfer 130

Incremental Zone Transfer 131

Configuring Zone Transfers 132

Configuring DNS Notify 133

Secure Zone Transfers 134

Configuring Name Servers 136

Application Directory Partitions 138

Installing and Configuring Application Directory Partitions 138

Creating Application Directory Partition Replicas 139

Application Directory Partition Reference Domains 139

Review All the Key Topics 140

Complete the Tables and Lists from Memory 140

Definitions of Key Terms 140

Chapter 5 Global Catalogs and Operations Masters 143

"Do I Know This Already?" Quiz 143

Configuring Global Catalog Servers 148

Planning the Placement of Global Catalog Servers 148

Promoting Domain Controllers to Global Catalog Servers 150

Using Universal Group Membership Caching 151

Using Partial Attribute Sets 152

Configuring Operations Masters 153

Schema Master 153

Configuring the Schema 154

Extending the Schema 155

Deactivating Schema Objects 159

Domain Naming Master 160

PDC Emulator 160

Time Service 161

Infrastructure Master 162

RID Master 162

Placement of Operations Masters 163

Transferring and Seizing of Operations Master Roles 164

Transferring Operations Master Roles 165

Seizing Operations Masters Roles 167

Review All the Key Topics 169

Complete the Tables and Lists from Memory 169

Definitions of Key Terms 170

Chapter 6 Configuring Active Directory Sites and Replication 173

"Do I Know This Already?" Quiz 173

The Need for Active Directory Sites 178

Configuring Sites and Subnets 179

Creating Sites 180

Adding Domain Controllers 181

Creating and Using Subnets 182

Site Links, Site Link Bridges, and Bridgehead Servers 184

The Need for Site Links and Site Link Bridges 184

Configuring Site Links 185

Site Link Bridges 185

Site Link Costs 186

Sites Infrastructure 189

Knowledge Consistency Checker 189

Intersite Topology Generator 189

Configuring Active Directory Replication 189

Concepts of Active Directory Replication 190

Intersite and Intrasite Replication 191

Distributed File System 192

One-Way Replication 193

Bridgehead Servers 193

Replication Protocols 194

Ports Used for Intersite Replication 195

Replication Scheduling 196

Intersite Replication Scheduling 196

Intrasite Replication Scheduling 198

Forcing Intersite Replication 200

Review All the Key Topics 201

Complete the Tables and Lists from Memory 202

Definitions of Key Terms 202

Chapter 7 Additional Active Directory Roles 205

"Do I Know This Already?" Quiz 205

New Server Roles and Features 210

Active Directory Lightweight Directory Services 211

Installing AD LDS 213

Installing the AD LDS Role 213

Installing AD LDS Instances 214

Configuring Data Within AD LDS 217

Using the ADSI Edit Snap-in 217

Using Ldp.exe 218

Using the Active Directory Schema Snap-in 220

Using the Active Directory Sites and Services Snap-in 221

Migrating to AD LDS 221

Configuring an Authentication Server 222

Creating AD LDS User Accounts and Groups 222

Binding to an AD LDS Instance with an AD LDS User 224

Using AD LDS on Server Core 224

Active Directory Rights Management Services 225

Installing AD RMS 226

Certificate Request and Installation 228

Self-Enrollments 230

Delegation 230

Active Directory Metadirectory Services 231

Active Directory Federation Services 231

Installing the AD FS Server Role 233

Configuring Trust Policies 236

User and Group Claim Mapping 237

Configuring Federation Trusts 238

Creating Claims 239

Creating Account Stores 240

Enabling Applications 241

Creating Federation Trusts 242

Windows Server 2008 R2 Virtualization 244

Review All the Key Topics 247

Complete the Tables and Lists from Memory 247

Definitions of Key Terms 248

Chapter 8 Read-Only Domain Controllers 251

"Do I Know This Already?" Quiz 251

Installing a Read-Only Domain Controller 254

Planning the Use of RODCs 254

Installing RODCs 256

Prestaging an RODC 257

Managing a Read-Only Domain Controller 259

Unidirectional Replication 260

Administrator Role Separation 261

Read-Only DNS 262

BitLocker 263

Preparing Your Computer to Use BitLocker 265

Enabling BitLocker 265

Managing BitLocker 269

Replication of Passwords 270

Planning a Password Replication Policy 271

Configuring a Password Replication Policy 272

Credential Caching 273

Administering the RODC's Authentication Lists 275

syskey 276

Review all the Key Topics 278

Definitions of Key Terms 278

Chapter 9 Active Directory User and Group Accounts 281

"Do I Know This Already?" Quiz 281

Creating User and Group Accounts 286

Introducing User Accounts 286

Introducing Group Accounts 287

Creating User, Computer, and Group Accounts 288

Use of Template Accounts 290

Using Bulk Import to Automate Account Creation 291

Csvde 292

Ldifde 293

Dsadd 294

Additional Command-Line Tools 295

Scripts 296

Configuring the UPN 296

UPN Suffixes 296

Adding or Removing UPN Suffixes 297

Configuring Contacts 298

Creating Distribution Lists 299

Managing and Maintaining Accounts 300

Creating Organizational Units 301

Configuring Group Membership 304


Account Resets 308

Deny Domain Local Group 308

Protected Admin 309

Local Versus Domain Groups 310

Deprovisioning Accounts 312

Delegating Administrative Control of Active Directory Objects 313

Review All the Key Topics 317

Complete the Tables and Lists from Memory 318

Definitions of Key Terms 318

Chapter 10 Trust Relationships in Active Directory 321

"Do I Know This Already?" Quiz 321

Types of Trust Relationships 325

Transitive Trusts 325

Forest Trusts 326

External Trusts and Realm Trusts 326

Shortcut Trusts 327

Creating and Configuring Trust Relationships 328

Creating a Forest Trust Relationship 329

Creating External Trust Relationships 335

Creating Realm Trust Relationships 336

Creating Shortcut Trust Relationships 337

Managing Trust Relationships 338

Validating Trust Relationships 338

Authentication Scope 338

SID Filtering 340

Removing a Cross-forest Trust Relationship 341

Review All the Key Topics 343

Complete the Tables and Lists from Memory 343

Definitions of Key Terms 343

Chapter 11 Creating and Applying Group Policy Objects 345

"Do I Know This Already?" Quiz 345

Overview of Group Policy 351

Components of Group Policy 351

Group Policy Containers 352

Group Policy Templates 352

New Features of Group Policy in Windows Server 2008 and Windows Server 2008 R2 354

Creating and Applying GPOs 355

Managing GPOs 359

Linking GPOs 360

Managing GPO Links 361

Deleting a GPO 362

Delegating Control of GPOs 362

Specifying a Domain Controller 365

Configuring GPO Hierarchy and Processing Priority 365

OU Hierarchy 367

Enforced 367

Block Inheritance 369

Modifying the Sequence of GPO Application 370

Disabling User Objects 370

Group Policy Filtering 371

Security Filtering of GPOs 371

Windows Management Instrumentation 374

Windows PowerShell 374

Configuring GPO Templates 376

Group Policy Loopback Processing 377

User Rights 378

ADMX Central Store 379

Administrative Templates 380

Restricted Groups 384

Starter GPOs 385

Shell Access Policies 387

Review All the Key Topics 389

Complete the Tables and Lists from Memory 389

Definitions of Key Terms 390

Chapter 12 Group Policy Software Deployment 393

"Do I Know This Already?" Quiz 393

Types of Software Deployment 398

Assigning and Publishing Software 399

Assigning Software to Users 399

Assigning Software to Computers 399

Publishing Software to Users 399

Deploying Software Using Group Policy 400

ZAP Files 402

Software Installation Properties 403

Software Package Properties 405

Upgrading Software 407

Use of Transform Files to Modify Software Packages 409

Redeployment of Upgraded Software 411

Removal of Software 413

Review All the Key Topics 414

Complete the Tables and Lists from Memory 414

Definitions of Key Terms 414

Chapter 13 Account Policies and Audit Policies 417

"Do I Know This Already?" Quiz 417

Use of Group Policy to Configure Security 422

Configuring Account Policies 422

Domain Password Policies 423

Account Lockout 426

Unlocking an Account 427

Kerberos Policy 428

Fine-Grained Password Policies 428

Password Settings Precedence 429

Configuring Fine-Grained Password Policies 430

Managing Fine-Grained Password Policies 435

Viewing the Resultant PSO 435

Security Options 436

Using Additional Security Configuration Tools 439

Auditing of Active Directory Services 441

New Features of Active Directory Auditing 441

Using GPOs to Configure Auditing 442

Available Auditing Categories 442

Configuring Basic Auditing Policies 443

Configuring Advanced Audit Policies 446

Using Auditpol.exe to Configure Auditing 447

Review All the Key Topics 449

Complete the Tables and Lists from Memory 450

Definitions of Key Terms 450

Chapter 14 Monitoring Active Directory 453

"Do I Know This Already?" Quiz 453

Tools Used to Monitor Active Directory 459

Network Monitor 459

Task Manager 463

Configuring Application Priority 465

Event Viewer 466

Customizing Event Viewer 468

Customizing Event Viewer Detail 470

Reliability and Performance Monitor 471

Resource Monitor 473

Reliability Monitor 473

Performance Monitor 476

Data Collector Sets 479

Windows System Resource Manager 484

Server Performance Advisor 486

Monitoring and Troubleshooting Active Directory Replication 487

replmon 487

repadmin 491

replicate 491

showmeta 492

showreps 492

add 492

sync 493

syncall 493

showconn 493

replsummary 494

dcdiag 494

Troubleshooting the Application of Group Policy Objects 496

Resultant Set of Policy 496

Planning Mode/Group Policy Modeling 497

Logging Mode/Group Policy Results 501

Using the Delegation of Control Wizard 509

Gpresult 509

Review All the Key Topics 512

Complete the Tables and Lists from Memory 513

Definitions of Key Terms 513

Chapter 15 Maintaining Active Directory 515

"Do I Know This Already?" Quiz 515

Backing Up and Recovering Active Directory 520

Backup Permissions 521

Use of Windows Server Backup 521

Installing Windows Server Backup 521

Backing Up Critical Volumes of a Domain Controller 522

The wbadmin Command 525

Scheduling a Backup 526

Using Removable Media 527

Recovering Active Directory 528

Directory Services Restore Mode 528

Performing a Nonauthoritative Restore 529

Using the wbadmin Command to Recover Your Server 534

Performing an Authoritative Restore 536

Recovering Back-Links of Authoritatively Restored Objects 537

Performing a Full Server Recovery of a Domain Controller 538

Linked-Value Replication and Authoritative Restore of Group Memberships 539

The Active Directory Recycle Bin 540

Enabling the Active Directory Recycle Bin 541

Using the Active Directory Recycle Bin to Restore Deleted Objects 543

Backing Up and Restoring GPOs 545

Backing Up GPOs 545

Restoring GPOs 545

Importing GPOs 547

Using Scripts for Group Policy Backup and Restore 548

Offline Maintenance of Active Directory 549

Restartable Active Directory 549

Offline Defragmentation and Compaction 550

Online Defragmentation 551

Offline Defragmentation 551

Active Directory Database Storage Allocation 553

Review All the Key Topics 555

Complete the Tables and Lists from Memory 556

Definitions of Key Terms 556

Chapter 16 Installing and Configuring Certificate Services 559

"Do I Know This Already?" Quiz 559

What's New with Certificate Services in Windows Server 2008? 563

New Features of Active Directory Certificate Services in Windows Server 2008 R2 564

Installing Active Directory Certificate Services 565

Configuring Certificate Authority Types and Hierarchies 565

Installing Root CAs 567

Installing Subordinate CAs 571

Understanding Certificate Requests 571

Using Certificate Practice Statements 572

Configuring Certificate Authority Server Settings 573

Installing the Certificates Snap-in 573

Working with Certificate Stores 575

Using Group Policy to Import Certificates 575

Backing Up Certificates and Keys 576

Restoring Certificates and Keys 577

Using Group Policy to Enable Credential Roaming 578

Backing Up and Restoring Certificate Databases 580

Assigning Administration Roles 581

Configuring Certificate Server Permissions 582

Review All the Key Topics 583

Complete the Tables and Lists from Memory 584

Definitions of Key Terms 584

Chapter 17 Managing Certificate Templates, Enrollments, and Certificate Revocation 587

"Do I Know This Already?" Quiz 587

Managing Certificate Templates 592

Understanding Certificate Template Types 592

Configuring Certificate Templates 593

Securing Template Permissions 595

Enabling the Use of Templates 597

Managing Different Certificate Template Versions 597

Archiving Keys 599

Configuring Key Recovery Agents 599

Managing Certificate Enrollments 602

Understanding Network Device Enrollment Services 602

Enabling Certificate Autoenrollment 605

Configuring Web Enrollment 606

Configuring Smart Card Enrollment 609

Creating Enrollment Agents 610

Using Group Policy to Require Smart Cards for Logon 614

Managing Certificate Revocation 616

Configuring Certificate Revocation Lists 617

Configuring a CRL Distribution Point 619

Troubleshooting CRLs 620

Configuring Online Responders 621

Configuring Responder Properties 622

Adding a Revocation Configuration 623

Configuring Arrays 624

Configuring Authority Information Access 624

Review All the Key Topics 625

Complete the Tables and Lists from Memory 626

Definitions of Key Terms 626

Practice Exam 629

Answers to Practice Exam 691

Appendix A Answers to the "Do I Know This Already?" Quizzes 729

Appendix B Installing Windows Server 2008 R2 763

Glossary 773

Elements Available on CD

Appendix C Memory Tables 3

Appendix D Memory Tables Answer Key 3

TOC, 9780789747082, 11/19/2010
show more

About Don Poulton

Don Poulton (A+, Network+, Security+, MCSA, MCSE) is an independent consultant who has been involved with computers since the days of 80-column punch cards. After a career of more than 20 years in environmental science, Don switched careers and trained as a Windows NT 4.0 MCSE. He has been involved in consulting with a couple of small training providers as a technical writer, during which time he wrote training and exam prep materials for Windows NT 4.0, Windows 2000, and Windows XP. Don has written or contributed to several titles, including Security+ Lab Manual (Que, 2004); MCSA/MCSE 70-299 Exam Cram 2: Implementing and Administering Security in a Windows 2003 Network (Exam Cram 2) (Que, 2004); MCSE 70-294 Exam Prep: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure (Que, 2006); MCTS 70-620 Exam Prep: Microsoft Windows Vista, Configuring (Que, 2008); and MCTS 70-680 Cert Guide: Microsoft Windows 7, Configuring (Que, 2011).

In addition, he has worked on programming projects, both in his days as an environmental scientist and more recently with Visual Basic to update an older statistical package used for multivariate analysis of sediment contaminants. When not working on computers, Don is an avid amateur photographer who has had his photos displayed in international competitions and published in magazines such as Michigan Natural Resources Magazine and National Geographic Traveler. Don also enjoys traveling and keeping fit.

Don lives in Burlington, Ontario, with his wife, Terry.
show more

Rating details

13 ratings
3.53 out of 5 stars
5 8% (1)
4 62% (8)
3 8% (1)
2 23% (3)
1 0% (0)
Book ratings by Goodreads
Goodreads is the world's largest site for readers with over 50 million reviews. We're featuring millions of their reader ratings on our book pages to help you find your new favourite book. Close X