Course

Active Directory by Itfreetraining

5

(18)

14h51m

Teacher

Itfreetraining

Free IT training aimed at getting you certified.

Ver sobre

Sign in or Register to access the course.

Do not worry, it is free!

Share

Evaluate course

Go to certificates

Report a problem

Course content

  • MCITP 70-640: Introduction To Active Directory

    Active Directory is a system which offers centralized control of your computers. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for the rest of our always free training videos. This video looks at what Active Directory is and why you would use it. The video explains the difference between a workgroup and a domain so you can better understand when you would want to deploy Active Directory.

    Terminology used in the video
    Workgroup
    A workgroup is a network setup in which each computer on the network keeps its own store of user names and passwords. In order to access another computer on the network, you need to know a username and password on that computer. This does not scale well. The user will be prompted for a username and password when he or she accesses another computer when the passwords are not in sync.

    HomeGroup
    Available only in a pure Windows 7 network. HomeGroup provides a simple way to share files and printers in a network. HomeGroup allows Windows 7

  • MCITP 70-640: New Features in Windows Server 2008 R2 and Service Pack 1

    Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
    This video explores the new features that are found in Windows Server 2008, Windows Server 2008 R2, and Service Pack 1. One of the biggest changes in Windows Server 2008 is that it is now very modular. You can customize Windows Server 2008 very easily by adding or subtracting roles and features from the operation system. Here is a list of the new features for each server.

    Windows Server 2008 Service Pack 1 for R2 New Features
    Dynamic memory for Hyper-V
    Remote FX

    Windows Server 2008 R2 New Features
    BranchCache (Requires Windows 7 client)
    DirectAcess (Requires Windows 7 client)
    Active Directory recycle bin
    Starter group polices

    Windows Server 2008 Active Directory New Features
    Active Directory Certificate Services
    Active Directory Application Mode (ADAM)
    Active Directory Federation Services
    Active Directory Rights Management
    Read Only Domain Controllers
    Active Director

  • MCITP 70-640: Active Directory Under The Hood

    Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
    Active Directory utilizes two main standards. These are the X.500 standard and LDAP. This video looks at how the X.500 standard is used to store the Active Directory objects in the database. It also looks at how LDAP is used to access this data and the formatting LDAP uses.

    NTDS.DIT
    The Active Directory Database by default is stored in c:\windows\NTDS\ntds.dit. This file is based on the X.500 standard. Originally Active Directory was called NT Directory Services and this is where the file got its name.

    Each domain in Active Directory will have a separate database. Domain Controllers hold the copy of the database in the ntds.dit file and replicate changes to each other. If you have more than one domain, then each separate domain will have its own copy of the ntds.dit file.

    Organization Units
    In order to organize objects in Active Directory more easily, objects in Act

  • MCITP 70-640: Active Directory forest and trees

    Active Directory has forests and trees which are ways of representing multiple domains. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.This video looks at how domains sharing the same namespace are considered a tree. Domains in separate namespaces are considered separate trees in the same forest.

    Tree
    When you have multiple domains in the same namespace (e.g., ITFreeTraining.com, west.ITFreeTraining.com, and sales.ITFreeTraining.com), they are considered to be in the same tree. The tree also supports multiple levels of domains. For example, you could have west.sales.ITFreeTraining.com and east.ITFreeTraining.com in the same tree.

    Forest
    A forest is a collection of one or more domains which may have one or more trees. What makes a forest unique is that it shares the same schema. The schema defines what and how Active Directory objects are stored. The schema defines the database for the whole forest but it should be

  • MCITP 70-640: Active Directory System Requirments

    Before you deploy Active Directory in your organization you should ensure that the server hardware that you are using meets the minimum requirements to run Active Directory. Check out http://itfreetraining.com for more of our always free training videos. This video looks at the hardware requirements needed by Active Directory to run in your organization.

    Listed below are the minimum requirements. Whenever possible you should try to exceed these values as the minimum values will not give you the best Windows experience. To ensure you have enough room for the Active Directory database and room to expand, you should have at least a 100GB hard disk.

    64bit Hardware Windows Server 2008/R2
    1.4 Ghz CPU
    1.3 Ghz dual core on Windows Server 2008 R2
    64GB hard disk space

    32bit hardware Windows Server 2008
    1Ghz CPU
    512mb ROM (2GB recommended)
    32GB hard disk space
    32bit is not supported for Windows Server 2008 R2

    DNS
    Active directory also requires DNS Infrastructure to work. Certain DNS records n

  • MCITP 70-640: Installing Active Directory

    Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
    To install Active Directory you need to promote your first server to a Domain Controller. This video looks at the process of using DCPromo as well as the prerequisites required. The video also discusses DNS requirements for Active Directory. DNS is required by Active Directory in order to operate.

    Demo Network Setup 01:49
    Demo DCPromo 04:47

    Prerequisites
    Server must have an IPv4 and/or IPv6 static address.
    DNS infrastructure (either Microsoft or 3rd party).
    Microsoft DNS can be installed when promoting the server.
    If you install DNS during the install, set the DNS server to 127.0.0.1

    The Active Directory Domain Services role needs to be installed in order for the server to be promoted to a Domain Controller. This can be done through the server manager or when using DCPromo.
    When you are ready to promote your server to a Domain Controller, run the command DCPromo. Thi

  • MCITP 70-640: Installing Active Directory on Server Core

    This video looks at promoting a server running Windows Server 2008 R2 Core to a Domain Controller using the command line. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This covers using an answer file and also using the command line only. The core edition of Windows Server is a scaled down version of Windows Server with very limited GUI options.

    For a complete list of promotion options refer to http://support.microsoft.com/kb/947034

    For a GUI interface for servers, check out Core Configurator,
    http://coreconfig.codeplex.com.
    This free open source product is great for quickly configuring Server Core and even supports promoting the server to a Domain Controller. Microsoft will not test you on this product so for the exam you should have an understanding of the command line tools demonstrated in this video. For the everyday administrator of Server Core, this product is a life saver.

    The advantages of running Server

  • MCITP 70-640: Global Catalog Server

    Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
    Global Catalog Servers contain a partial replica for every object in Active Directory. A Global Catalog Server is used to find objects in any domain in the forest. Any Domain Controller can be made into a Global Catalog Server. This video looks at how to remove or make a Domain Controller into a Global Catalog Server and also the reasons why and where you should put Global Catalog Servers.

    Global Catalog Servers are used to find objects in any domain in the forest but it should be remembered that this does not give the user access to that object. Unless the user has the correct permissions they will not be able to access resources in other domains.

    Global Catalog Servers also contain information about groups that span across domains and services that work at the forest level.
    How to change a Domain Controller to a Global Catalog Server 04:18
    Using the admin tool Activ

  • MCITP 70-640: Operation Master Roles

    Active Directory has five operations master roles otherwise known as FSMO roles. Check out http://itfreetraining.com for more of our always free training videos. These roles are assigned to one Domain Controller to ensure changes happen in only one location at a time. This ensures that the Active Directory database is kept consistent. This video goes through the five operations master roles. At the forest level, there is the Schema Master and Domain Naming Master. At the domain level, the 3 other operational roles are Infrastructure Master, PDC Emulator and RID Master.

    Schema Master 01:32
    Domain Naming Master 03:01
    RID Master 03:53
    PDC Emulator 07:06
    Infrastructure Master 11:03

    Schema Master (Forest Wide)
    The Schema Master determines the structure and thus what can be stored in Active Directory. It contains details of every object that can be created and the attributes for that object. For example, if you want to add an attribute to every user in the forest (such as a field with the

  • MCITP 70-640: Moving Operation Master Roles

    Check out http://itfreetraining.com or http://youtube.com/ITFreeTraining for more of our always free training videos.
    Active Directory has 5 operations master roles. These roles can be moved from Domain Controller to Domain Controller. Two are at the forest level and three are at the domain level. This video looks at how to move these operations roles from one Domain Controller to another.

    How To Points
    The 3 operations roles at the domain level are PDC Emulator, RID Master and Infrastructure Master.
    These can be transferred using active users and computers by right clicking the domain and selecting operations master.
    The 2 forest wide operations roles are Schema Master and Domain Naming Master.
    To install the Schema Master, run Regsvr32 schmmgmt.dll. Then access it by using the mmc to add the schema snap in.
    To move the Domain Naming Master role, run Active Directory domains and trusts and right click Active Directory domains and trusts.

  • MCITP 70-640: Operators Master Role Placemnet Global catalog

    In Active Directory there are five operations master roles known as FSMO roles. This video looks at which Domain Controllers you should put these roles on and also which Domain Controllers you should make into Global Catalog Servers.

    There are five operations master roles. The Schema and Domain Naming Masters are forest wide so there will only one of each of these roles regardless of how many domains you have in your forest. The PDC Emulator, RID Master and Infrastructure Master are domain wide. There will always be 3 operations master roles per domain, one of each. When considering where to put the operations master roles, you should consider the availability of the operations role and what effect not having the operations master role available during an outage will have on your network.

    Schema Master (Forest wide)
    The Schema Master is generally found in the root domain in a multiple domain environment. On most networks it will not be used that often. For this reason availability is

  • MCITP 70-640: Seizing roles

    Active Directory has five operational master roles that can be transferred from domain controller to domain controller as required. Check out http://itfreetraining.com or http://youtube.com/ITFreeTraining for more of our always free training videos. In some cases the role may not be able to be transferred; for example, if the hardware on the domain controller was to fail, a transfer cannot be made. When this occurs, the operational master role must be seized. This video looks at how to seize an operational master role, clean up the Active Directory database afterwards, and recover a server that has had an operational master role seized.

    Demo seizing the role 04:40
    Demo cleaning up the Active Directory database 08:55
    Demo removing Active Directory from a recovered server 14:04

    What is an operational master role?
    See our operational master role video for more information. http://itfreetraining.com/70-640/oper...

    Impact of missing operational master role
    Seizing an operational master

  • MCITP 70-640: Setting an External Time Source

    Check out http://itfreetraining.com or http://youtube.com/ITFreeTraining for more of our always free training videos.
    In any environment you need to ensure that the time and date on your computers is set correctly. If the time drifts too far from the correct time, this can cause problems logging in to the network and cause time sensitive authentication systems to fail. This video looks at keeping computers in your domain up to date and configuring your computers to use a reliable external time source.

    All computers have a battery on the motherboard that is responsible for ensuring the internal clock inside the computer does not lose power even when the computer is not plugged in. The internal clock can lose or gain time as time passes. If the clocks get out of sync with the correct time, this can affect authentication systems. Authentication systems that use tickets generate the tickets using the time and date. Big differences in these times will mean that new tickets that were just c

  • MCITP 70-640: Active Directory Domain Functional Levels

    Active Directory has functional levels at the domain and forest levels which determine which Active Directory features are available. The higher the functional level the more features available. This video looks at which domain functional levels are available and how to raise the domain functional level to get access to these features. The next video in this free series looks at the forest functional levels.

    Raising the domain function level demo 17:46

    The different domain functional levels and the features you get from the functional level are listed below.

    Windows 2000 native
    * Gives basic Active Directory functionality

    Windows Server 2003
    * Allows the computer name of a domain controller to be changed.
    * Adds last login time stamp to each user account
    * Adds UserPassword to iNetOrgPerson object. This is used when migrating from a 3rd party directory service. It allows the 3rd party password to be stored in Active Directory.
    * Constrained delegation. Delegation is when credential

  • MCITP 70-640: Active Directory Forest Functional Levels

    Like domain functional levels the forest functional level determines which additional features in Active Directory will be available. In order to raise your forest functional level all domains in the forest must be at the corresponding forest level or higher. This video looks at the features that are available at each forest level and how to raise the forest level.

    Raise forest functional demo 16:04

    When looking at an existing network with multiple domains, these domains may have been put in place originally due to limitations in Active Directory. Previously Active Directory was not able to support more than one password policy per domain and even though quite high there were some limits to how many users could be put into certain groups. Given these limits may have meant that more domains were created then what would be required now days. When rasing your domain and forest functional level consider if any domains can be combined together. Doing so will reduce the complexity of

  • MCITP 70-640: Upgrading Active Directory

    This video looks at upgrading your current Active Directory environment so that you can deploy Windows Server 2008/R2 domain controllers in your environment. The video looks at the prerequisites required, the commands you need to run and a demonstration of how to prepare your environment for Windows Server 2008/R2

    Upgrading demo 05:40

    The following only needs to be done if you are planning to deploy Windows Server 2008 or Windows Server 2008 R2 Domain controllers on your network. If you only want to use Windows Server 2008 as a member server (that is, you do not want to promote it to a domain controller), you can do this without having to perform any of the steps in this video.

    Upgrading Prerequisites
    Remove all NT4 Domain controllers
    Upgrade all Domain controllers to Windows Server 2000 SP4 or above
    Domain functional level needs to be Windows 2000 or higher
    Forest functional level needs to Windows Server 2000 or higher
    The user performing the upgrade needs to be a member of the fol

  • MCITP 70-640: Active Directory adding a child domain

    This video looks at how to add a child domain to an existing domain in Active Directory. Child domains can access resources from the parent and also from any other domain in the forest. This video will look at adding the east domain to the existing domain.

    Demonstration at 04:35

    Things to consider before adding a child domain
    The more domains that you have in your forest, the harder it will be to administer your network. When possible, you should attempt to reduce the number of domains in your forest. Sometimes due to company needs or security reasons, extra domains may be created. It should be remembered that in Windows Server 2008 there have been a number of improvements and features which in previous versions of Windows would have required additional domains. These are:

    1) Active Directory could previously only have one password policy per domain. If your domain functional level is Windows Server 2008 or higher, you can support multiple password policies for the same domai

  • MCITP 70-640: Uninstalling Active Directory

    At any stage you can add and remove domain controllers from Active Directory. This video looks at how to remove the last domain controller from a child domain. When this occurs, the Active Directory database will be removed and with it anything that was stored in it. This video looks at how to remove a child domain; however, the same process could be used to remove the last domain controller in the forest.

    Demo at 03:46

    If you need to remove a domain controller that has failed from Active Directory, refer to video http://itfreetraining.com/70-640/seizing-roles/.

    Operational Master Roles
    If the domain controller is holding any operational master roles, these can be moved manually or DCPromo will automatically move them to another domain controller when the domain controller is demoted. Refer to our video on moving operation master roles for information on how to move operational master roles: http://itfreetraining.com/70-640/moving-operation-roles/.
    If you want to check if yo

  • MCITP 70-640: Active Directory Trusts

    Trusts in Active Directory create the pathways for authentication to occur. They are used to link Active Directory domains to each other and also link Active Directory domains to non Microsoft systems.

    Demonstration 08:56

    In order to share resources between two domains, there must a trust or trusts connecting the two domains. Trusts do not provide access they only create a pathway to the destination. Think of trusts like roads: if you need to get to a house and there is a road between you and the house, you can drive to the destination. If the house is locked you won't be able get in unless you have the key. The same applies with trusts: you need the path to the resource via a trust and permission to access the resource.

    Trust direction (One-way or two)
    Trusts can be one-way or two-way. If the trust is two-way, then the domain on either side can access the other side. If the trust is one-way, the terminology used to describe the trust will usually be "Domain A trusts domain B." This

  • MCITP 70-640: Sites and Subnets

    Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
    Active Directory allows you to model your physical network topology using sites. This video looks at how to create sites in Active Directory. Creating sites allows you to control how data is replicated in your organization.

    Demonstration 04:05

    Sites Definition
    Microsoft defines a site as a group of well-connected networks.

    Advantages of sites
    1) Sites automatically direct users to the closest resource.
    2) Schedules can be configured that allow the administrator to control when replication will occur.

    Site design
    Multiple networks can be combined together regardless of which IP address ranges they use. If you have two networks separated by a high speed networking device, you may want to combine these networks together. Usually networks that are separated by a Wide Area Network will be put into different sites. You could also place different networks into different si

Course content

0h08m

MCITP 70-640: Introduction To Active Directory

Active Directory is a system which offers centralized control of your computers. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for the rest of our always free training videos. This video looks at what Active Directory is and why you would use it. The video explains the difference between a workgroup and a domain so you can better understand when you would want to deploy Active Directory.

Terminology used in the video
Workgroup
A workgroup is a network setup in which each computer on the network keeps its own store of user names and passwords. In order to access another computer on the network, you need to know a username and password on that computer. This does not scale well. The user will be prompted for a username and password when he or she accesses another computer when the passwords are not in sync.

HomeGroup
Available only in a pure Windows 7 network. HomeGroup provides a simple way to share files and printers in a network. HomeGroup allows Windows 7

0h14m

MCITP 70-640: New Features in Windows Server 2008 R2 and Service Pack 1

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
This video explores the new features that are found in Windows Server 2008, Windows Server 2008 R2, and Service Pack 1. One of the biggest changes in Windows Server 2008 is that it is now very modular. You can customize Windows Server 2008 very easily by adding or subtracting roles and features from the operation system. Here is a list of the new features for each server.

Windows Server 2008 Service Pack 1 for R2 New Features
Dynamic memory for Hyper-V
Remote FX

Windows Server 2008 R2 New Features
BranchCache (Requires Windows 7 client)
DirectAcess (Requires Windows 7 client)
Active Directory recycle bin
Starter group polices

Windows Server 2008 Active Directory New Features
Active Directory Certificate Services
Active Directory Application Mode (ADAM)
Active Directory Federation Services
Active Directory Rights Management
Read Only Domain Controllers
Active Director

0h08m

MCITP 70-640: Active Directory Under The Hood

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
Active Directory utilizes two main standards. These are the X.500 standard and LDAP. This video looks at how the X.500 standard is used to store the Active Directory objects in the database. It also looks at how LDAP is used to access this data and the formatting LDAP uses.

NTDS.DIT
The Active Directory Database by default is stored in c:\windows\NTDS\ntds.dit. This file is based on the X.500 standard. Originally Active Directory was called NT Directory Services and this is where the file got its name.

Each domain in Active Directory will have a separate database. Domain Controllers hold the copy of the database in the ntds.dit file and replicate changes to each other. If you have more than one domain, then each separate domain will have its own copy of the ntds.dit file.

Organization Units
In order to organize objects in Active Directory more easily, objects in Act

0h08m

MCITP 70-640: Active Directory forest and trees

Active Directory has forests and trees which are ways of representing multiple domains. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.This video looks at how domains sharing the same namespace are considered a tree. Domains in separate namespaces are considered separate trees in the same forest.

Tree
When you have multiple domains in the same namespace (e.g., ITFreeTraining.com, west.ITFreeTraining.com, and sales.ITFreeTraining.com), they are considered to be in the same tree. The tree also supports multiple levels of domains. For example, you could have west.sales.ITFreeTraining.com and east.ITFreeTraining.com in the same tree.

Forest
A forest is a collection of one or more domains which may have one or more trees. What makes a forest unique is that it shares the same schema. The schema defines what and how Active Directory objects are stored. The schema defines the database for the whole forest but it should be

0h05m

MCITP 70-640: Active Directory System Requirments

Before you deploy Active Directory in your organization you should ensure that the server hardware that you are using meets the minimum requirements to run Active Directory. Check out http://itfreetraining.com for more of our always free training videos. This video looks at the hardware requirements needed by Active Directory to run in your organization.

Listed below are the minimum requirements. Whenever possible you should try to exceed these values as the minimum values will not give you the best Windows experience. To ensure you have enough room for the Active Directory database and room to expand, you should have at least a 100GB hard disk.

64bit Hardware Windows Server 2008/R2
1.4 Ghz CPU
1.3 Ghz dual core on Windows Server 2008 R2
64GB hard disk space

32bit hardware Windows Server 2008
1Ghz CPU
512mb ROM (2GB recommended)
32GB hard disk space
32bit is not supported for Windows Server 2008 R2

DNS
Active directory also requires DNS Infrastructure to work. Certain DNS records n

0h17m

MCITP 70-640: Installing Active Directory

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
To install Active Directory you need to promote your first server to a Domain Controller. This video looks at the process of using DCPromo as well as the prerequisites required. The video also discusses DNS requirements for Active Directory. DNS is required by Active Directory in order to operate.

Demo Network Setup 01:49
Demo DCPromo 04:47

Prerequisites
Server must have an IPv4 and/or IPv6 static address.
DNS infrastructure (either Microsoft or 3rd party).
Microsoft DNS can be installed when promoting the server.
If you install DNS during the install, set the DNS server to 127.0.0.1

The Active Directory Domain Services role needs to be installed in order for the server to be promoted to a Domain Controller. This can be done through the server manager or when using DCPromo.
When you are ready to promote your server to a Domain Controller, run the command DCPromo. Thi

0h15m

MCITP 70-640: Installing Active Directory on Server Core

This video looks at promoting a server running Windows Server 2008 R2 Core to a Domain Controller using the command line. Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos. This covers using an answer file and also using the command line only. The core edition of Windows Server is a scaled down version of Windows Server with very limited GUI options.

For a complete list of promotion options refer to http://support.microsoft.com/kb/947034

For a GUI interface for servers, check out Core Configurator,
http://coreconfig.codeplex.com.
This free open source product is great for quickly configuring Server Core and even supports promoting the server to a Domain Controller. Microsoft will not test you on this product so for the exam you should have an understanding of the command line tools demonstrated in this video. For the everyday administrator of Server Core, this product is a life saver.

The advantages of running Server

0h13m

MCITP 70-640: Global Catalog Server

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
Global Catalog Servers contain a partial replica for every object in Active Directory. A Global Catalog Server is used to find objects in any domain in the forest. Any Domain Controller can be made into a Global Catalog Server. This video looks at how to remove or make a Domain Controller into a Global Catalog Server and also the reasons why and where you should put Global Catalog Servers.

Global Catalog Servers are used to find objects in any domain in the forest but it should be remembered that this does not give the user access to that object. Unless the user has the correct permissions they will not be able to access resources in other domains.

Global Catalog Servers also contain information about groups that span across domains and services that work at the forest level.
How to change a Domain Controller to a Global Catalog Server 04:18
Using the admin tool Activ

0h13m

MCITP 70-640: Operation Master Roles

Active Directory has five operations master roles otherwise known as FSMO roles. Check out http://itfreetraining.com for more of our always free training videos. These roles are assigned to one Domain Controller to ensure changes happen in only one location at a time. This ensures that the Active Directory database is kept consistent. This video goes through the five operations master roles. At the forest level, there is the Schema Master and Domain Naming Master. At the domain level, the 3 other operational roles are Infrastructure Master, PDC Emulator and RID Master.

Schema Master 01:32
Domain Naming Master 03:01
RID Master 03:53
PDC Emulator 07:06
Infrastructure Master 11:03

Schema Master (Forest Wide)
The Schema Master determines the structure and thus what can be stored in Active Directory. It contains details of every object that can be created and the attributes for that object. For example, if you want to add an attribute to every user in the forest (such as a field with the

0h08m

MCITP 70-640: Moving Operation Master Roles

Check out http://itfreetraining.com or http://youtube.com/ITFreeTraining for more of our always free training videos.
Active Directory has 5 operations master roles. These roles can be moved from Domain Controller to Domain Controller. Two are at the forest level and three are at the domain level. This video looks at how to move these operations roles from one Domain Controller to another.

How To Points
The 3 operations roles at the domain level are PDC Emulator, RID Master and Infrastructure Master.
These can be transferred using active users and computers by right clicking the domain and selecting operations master.
The 2 forest wide operations roles are Schema Master and Domain Naming Master.
To install the Schema Master, run Regsvr32 schmmgmt.dll. Then access it by using the mmc to add the schema snap in.
To move the Domain Naming Master role, run Active Directory domains and trusts and right click Active Directory domains and trusts.

0h12m

MCITP 70-640: Operators Master Role Placemnet Global catalog

In Active Directory there are five operations master roles known as FSMO roles. This video looks at which Domain Controllers you should put these roles on and also which Domain Controllers you should make into Global Catalog Servers.

There are five operations master roles. The Schema and Domain Naming Masters are forest wide so there will only one of each of these roles regardless of how many domains you have in your forest. The PDC Emulator, RID Master and Infrastructure Master are domain wide. There will always be 3 operations master roles per domain, one of each. When considering where to put the operations master roles, you should consider the availability of the operations role and what effect not having the operations master role available during an outage will have on your network.

Schema Master (Forest wide)
The Schema Master is generally found in the root domain in a multiple domain environment. On most networks it will not be used that often. For this reason availability is

0h16m

MCITP 70-640: Seizing roles

Active Directory has five operational master roles that can be transferred from domain controller to domain controller as required. Check out http://itfreetraining.com or http://youtube.com/ITFreeTraining for more of our always free training videos. In some cases the role may not be able to be transferred; for example, if the hardware on the domain controller was to fail, a transfer cannot be made. When this occurs, the operational master role must be seized. This video looks at how to seize an operational master role, clean up the Active Directory database afterwards, and recover a server that has had an operational master role seized.

Demo seizing the role 04:40
Demo cleaning up the Active Directory database 08:55
Demo removing Active Directory from a recovered server 14:04

What is an operational master role?
See our operational master role video for more information. http://itfreetraining.com/70-640/oper...

Impact of missing operational master role
Seizing an operational master

0h09m

MCITP 70-640: Setting an External Time Source

Check out http://itfreetraining.com or http://youtube.com/ITFreeTraining for more of our always free training videos.
In any environment you need to ensure that the time and date on your computers is set correctly. If the time drifts too far from the correct time, this can cause problems logging in to the network and cause time sensitive authentication systems to fail. This video looks at keeping computers in your domain up to date and configuring your computers to use a reliable external time source.

All computers have a battery on the motherboard that is responsible for ensuring the internal clock inside the computer does not lose power even when the computer is not plugged in. The internal clock can lose or gain time as time passes. If the clocks get out of sync with the correct time, this can affect authentication systems. Authentication systems that use tickets generate the tickets using the time and date. Big differences in these times will mean that new tickets that were just c

0h18m

MCITP 70-640: Active Directory Domain Functional Levels

Active Directory has functional levels at the domain and forest levels which determine which Active Directory features are available. The higher the functional level the more features available. This video looks at which domain functional levels are available and how to raise the domain functional level to get access to these features. The next video in this free series looks at the forest functional levels.

Raising the domain function level demo 17:46

The different domain functional levels and the features you get from the functional level are listed below.

Windows 2000 native
* Gives basic Active Directory functionality

Windows Server 2003
* Allows the computer name of a domain controller to be changed.
* Adds last login time stamp to each user account
* Adds UserPassword to iNetOrgPerson object. This is used when migrating from a 3rd party directory service. It allows the 3rd party password to be stored in Active Directory.
* Constrained delegation. Delegation is when credential

0h17m

MCITP 70-640: Active Directory Forest Functional Levels

Like domain functional levels the forest functional level determines which additional features in Active Directory will be available. In order to raise your forest functional level all domains in the forest must be at the corresponding forest level or higher. This video looks at the features that are available at each forest level and how to raise the forest level.

Raise forest functional demo 16:04

When looking at an existing network with multiple domains, these domains may have been put in place originally due to limitations in Active Directory. Previously Active Directory was not able to support more than one password policy per domain and even though quite high there were some limits to how many users could be put into certain groups. Given these limits may have meant that more domains were created then what would be required now days. When rasing your domain and forest functional level consider if any domains can be combined together. Doing so will reduce the complexity of

0h11m

MCITP 70-640: Upgrading Active Directory

This video looks at upgrading your current Active Directory environment so that you can deploy Windows Server 2008/R2 domain controllers in your environment. The video looks at the prerequisites required, the commands you need to run and a demonstration of how to prepare your environment for Windows Server 2008/R2

Upgrading demo 05:40

The following only needs to be done if you are planning to deploy Windows Server 2008 or Windows Server 2008 R2 Domain controllers on your network. If you only want to use Windows Server 2008 as a member server (that is, you do not want to promote it to a domain controller), you can do this without having to perform any of the steps in this video.

Upgrading Prerequisites
Remove all NT4 Domain controllers
Upgrade all Domain controllers to Windows Server 2000 SP4 or above
Domain functional level needs to be Windows 2000 or higher
Forest functional level needs to Windows Server 2000 or higher
The user performing the upgrade needs to be a member of the fol

0h08m

MCITP 70-640: Active Directory adding a child domain

This video looks at how to add a child domain to an existing domain in Active Directory. Child domains can access resources from the parent and also from any other domain in the forest. This video will look at adding the east domain to the existing domain.

Demonstration at 04:35

Things to consider before adding a child domain
The more domains that you have in your forest, the harder it will be to administer your network. When possible, you should attempt to reduce the number of domains in your forest. Sometimes due to company needs or security reasons, extra domains may be created. It should be remembered that in Windows Server 2008 there have been a number of improvements and features which in previous versions of Windows would have required additional domains. These are:

1) Active Directory could previously only have one password policy per domain. If your domain functional level is Windows Server 2008 or higher, you can support multiple password policies for the same domai

0h07m

MCITP 70-640: Uninstalling Active Directory

At any stage you can add and remove domain controllers from Active Directory. This video looks at how to remove the last domain controller from a child domain. When this occurs, the Active Directory database will be removed and with it anything that was stored in it. This video looks at how to remove a child domain; however, the same process could be used to remove the last domain controller in the forest.

Demo at 03:46

If you need to remove a domain controller that has failed from Active Directory, refer to video http://itfreetraining.com/70-640/seizing-roles/.

Operational Master Roles
If the domain controller is holding any operational master roles, these can be moved manually or DCPromo will automatically move them to another domain controller when the domain controller is demoted. Refer to our video on moving operation master roles for information on how to move operational master roles: http://itfreetraining.com/70-640/moving-operation-roles/.
If you want to check if yo

0h20m

MCITP 70-640: Active Directory Trusts

Trusts in Active Directory create the pathways for authentication to occur. They are used to link Active Directory domains to each other and also link Active Directory domains to non Microsoft systems.

Demonstration 08:56

In order to share resources between two domains, there must a trust or trusts connecting the two domains. Trusts do not provide access they only create a pathway to the destination. Think of trusts like roads: if you need to get to a house and there is a road between you and the house, you can drive to the destination. If the house is locked you won't be able get in unless you have the key. The same applies with trusts: you need the path to the resource via a trust and permission to access the resource.

Trust direction (One-way or two)
Trusts can be one-way or two-way. If the trust is two-way, then the domain on either side can access the other side. If the trust is one-way, the terminology used to describe the trust will usually be "Domain A trusts domain B." This

0h09m

MCITP 70-640: Sites and Subnets

Check out http://YouTube.com/ITFreeTraining or http://itfreetraining.com for more of our always free training videos.
Active Directory allows you to model your physical network topology using sites. This video looks at how to create sites in Active Directory. Creating sites allows you to control how data is replicated in your organization.

Demonstration 04:05

Sites Definition
Microsoft defines a site as a group of well-connected networks.

Advantages of sites
1) Sites automatically direct users to the closest resource.
2) Schedules can be configured that allow the administrator to control when replication will occur.

Site design
Multiple networks can be combined together regardless of which IP address ranges they use. If you have two networks separated by a high speed networking device, you may want to combine these networks together. Usually networks that are separated by a Wide Area Network will be put into different sites. You could also place different networks into different si