Mcsa 70 742 Cert Guide Identity With Windows Server 2016 1St Edition Benjamin Finkel Full Chapter
Mcsa 70 742 Cert Guide Identity With Windows Server 2016 1St Edition Benjamin Finkel Full Chapter
Mcsa 70 742 Cert Guide Identity With Windows Server 2016 1St Edition Benjamin Finkel Full Chapter
Trademark Acknowledgments
All terms mentioned in this book that are known to be trademarks or
service marks have been appropriately capitalized. Pearson IT
Certification cannot attest to the accuracy of this information. Use of
a term in this book should not be regarded as affecting the validity
of any trademark or service mark.
Windows is a registered trademark of Microsoft Corporation.
Warning and Disclaimer
This book is designed to provide information about the Microsoft
MCSA 70-742 Identity with Windows Server 2016 exam. Every effort
has been made to make this book as complete and accurate as
possible, but no warranty or fitness is implied. The information
provided is on an “as is” basis. The author and the publisher shall
have neither liability nor responsibility to any person or entity with
respect to any loss or damages arising from the information
contained in this book or from the use of the supplemental online
content or programs accompanying it.
Special Sales
For information about buying this title in bulk quantities, or for
special sales opportunities (which may include electronic versions;
custom cover designs; and content particular to your business,
training goals, marketing focus, or branding interests), please
contact our corporate sales department at
corpsales@pearsoned.com or (800) 382-3419.
For government sales inquiries, please contact
governmentsales@pearsoned.com.
For questions about sales outside the U.S., please contact
intlcs@pearsoned.com.
Editor-in-Chief
Mark Taub
Product Line Manager
Brett Bartow
Acquisitions Editor
Michelle Newcomb
Managing Editor
Sandra Schroeder
Development Editor
Christopher Cleveland
Project Editor
Lori Lyons
Copy Editor
Geneil Breeze
Technical Editor
Chris Crayton
Publishing Coordinator
Vanessa Evans
Cover Designer
Chuti Prasertsith
Composition
Bronkella Publishing
Indexer
Kenneth D. Johnson
Proofreader
Gill Editorial Services
Contents at a Glance
Introduction
Part I: Installing and Configuring Active Directory Domain
Services
Chapter 1 Introducing Active Directory 2016
Chapter 2 Installing and Configuring Domain Controllers
Chapter 3 Creating and Managing Active Directory Users
and Computers
Chapter 4 Creating and Managing Active Directory Groups
and Organizational Units
Part II: Managing and Maintaining Active Directory Domain
Services
Chapter 5 Configuring Service Authentication and Account
Policies
Chapter 6 Maintaining Active Directory
Chapter 7 Configuring Active Directory in a Complex
Enterprise Environment
Part III: Creating and Managing Group Policy
Chapter 8 Creating and Managing Group Policy Objects
(GPOs)
Chapter 9 Configuring Group Policy Processing
Chapter 10 Configuring Group Policy Settings
Chapter 11 Configuring Group Policy Preferences
Part IV: Implementing Active Directory Certification
Services
Chapter 12 Installing and Configuring Active Directory
Certificate Services
Chapter 13 Managing Certificates
Part V: Implementing Identity Federation and Access
Solutions
Chapter 14 Installing and Configuring Active Directory
Federation Services
Chapter 15 Implementing Web Application Proxy
Chapter 16 Installing and Configuring Active Directory
Rights Management Services
Chapter 17 Final Preparation
Part VI: Appendices
Appendix A Answers to the “Do I Know This Already?”
Quizzes and End-of-Chapter Review Questions
Glossary Glossary of Key Terms
Index
Elements Available on the Book Website
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
Table of Contents
Introduction
Part I: Installing and Configuring Active Directory Domain
Services
Chapter 1 Introducing Active Directory 2016
“Do I Know This Already?” Quiz
Foundation Topics
Identity and Active Directory 2016
Active Directory Domain Services (AD DS)
Object
Containers and Organizational Units
Domains
Domain Trees and Forests
Group Policy Objects (GPOs)
Active Directory Federation Services (AD FS)
Identity Federation
Claims-Based Authentication
Single Sign-On (SSO)
Active Directory Certificate Services (AD CS)
Active Directory Rights Management Services (AD RMS)
AD RMS Clients
AD RMS Server
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 2 Installing and Configuring Domain Controllers
“Do I Know This Already?” Quiz
Foundation Topics
Installing a New Forest
Planning the Domain
Installing AD DS from Server Manager
Promoting the Server to Domain Controller
Adding or Removing a Domain Controller from a Domain
Multimaster Replication and FSMO Roles
Forest and Domain Functional Levels
Adding a New Domain Controller to an Existing Domain
Demoting a Server from Domain Controller
Upgrading a Domain Controller
Installing AD DS on a Server Core Installation
Installing AD DS with PowerShell
Promoting a Server to Domain Controller with PowerShell
Installing a Domain Controller with Install from Media (IFM)
Creating the Media for Installation
Deploying a Domain Controller Using IFM
Installing and Configuring a Read-Only Domain Controller (RODC)
Configuring Domain Controller Cloning
Requirements to Clone a Virtual Domain Controller
Creating DCCloneConfig.xml
Exporting and Importing the Cloned DC
Resolving DNS SRV Record Registration Issues
Configuring a Global Catalog Server
Transferring and Seizing Operations Master Roles
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 3 Creating and Managing Active Directory Users
and Computers
“Do I Know This Already?” Quiz
Foundation Topics
Creating, Copying, Configuring, and Deleting Users and
Computers
Creating and Configuring a New User
Creating and Configuring a New Computer
Copying Users
Configuring Templates
Deleting Objects
Automating the Creation of Active Directory Accounts
Working with Users
Working with Computers
Performing Bulk Active Directory Operations
Comma Separated Value Data Exchange (csvde)
LDAP Data Interchange Format Data Exchange (ldifde)
Configuring User Rights
Implementing Offline Domain Join
Managing Inactive and Disabled Accounts
Automating Unlocking of Disabled Accounts Using Windows
PowerShell
Automating Password Resets Using Windows PowerShell
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 4 Creating and Managing Active Directory Groups
and Organizational Units
“Do I Know This Already?” Quiz
Foundation Topics
Creating, Copying, Configuring, and Deleting Groups and OUs
Active Directory Groups and Active Directory OUs
Organizational Units
Groups
Group Types
Group Scope
Working with Active Directory Groups
Working with Active Directory OUs
Automate Groups and OUs with PowerShell
Converting Group Scope and Type
Configuring Group Nesting
IGDLA
Enumerating Group Membership
Delegating the Creation and Management of Groups and OUs
Managing Group Membership Using Group Policy
Managing Default Active Directory Containers
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Part II: Managing and Maintaining Active Directory Domain
Services
Chapter 5 Configuring Service Authentication and Account
Policies
“Do I Know This Already?” Quiz
Foundation Topics
Creating and Configuring Service Accounts
Service Accounts
Managed Service Accounts
Group Managed Service Accounts (gMSAs)
Virtual Service Accounts
Configuring Kerberos Constrained Delegation (KCD)
Constrained Delegation
Managing Service Principal Names (SPNs)
Configuring Default Domain Account Policies
Configuring Domain and Local User Password Policy Settings
Configuring Account Lockout Policy Settings
Configuring Kerberos Policy Settings Within Group Policy
Configuring and Applying Password Settings Objects (PSOs)
PSO Precedence
Creating PSOs
Delegating Password Settings Management
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 6 Maintaining Active Directory
“Do I Know This Already?” Quiz
Foundation Topics
Configuring Active Directory Snapshots
NTDSUTIL Snapshot Menu
Creating and Mounting a Snapshot
Hosting a Snapshot
Backing Up and Restoring Active Directory and SYSVOL
Backing Up Active Directory
Restoring Active Directory
Nonauthoritative Restore
Authoritative Restore
Configuring and Restoring Objects by Using the Active
Directory Recycle Bin
Managing Active Directory Offline
Performing Offline Defragmentation of an Active Directory
Database
Cleaning Up Metadata
Configuring Replication to Read-Only Domain Controllers (RODCs)
Configuring Password Replication Policy (PRP) for RODC
Monitoring and Managing Replication
Upgrading SYSVOL Replication to Distributed File System
Replication (DFSR)
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 7 Configuring Active Directory in a Complex
Enterprise Environment
“Do I Know This Already?” Quiz
Foundation Topics
Deploying Windows Server 2016 Domain Controllers Within a Pre-
Existing Active Directory Environment
Upgrading Existing Domains and Forests
Configuring Domain and Forest Functional Levels
Configuring Multiple User Principal Name (UPN) Suffixes
Configuring Trusts
Configuring Forest, External, Realm, and Shortcut Trusts
Configuring SID Filtering
Configuring Name Suffix Routing
Configuring Sites
Configuring Sites and Subnets
Sites
Subnets
Creating and Configuring Site Links
Managing Sites with PowerShell
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Part III: Creating and Managing Group Policy
Chapter 8 Creating and Managing Group Policy Objects
(GPOs)
“Do I Know This Already?” Quiz
Foundation Topics
Introduction to Group Policy
Creating Group Policy Objects
Configuring GPO Links
Managing Starter GPOs
Backing Up, Importing, Copying, and Restoring GPOs
Using the Group Policy Management Editor (GPME)
Using PowerShell to Manage GPOs
Creating and Configuring a Migration Table
Resetting Default GPOs
Delegating Group Policy Management
Detecting Health Issues Using the Group Policy Infrastructure
Status Dashboard
Group Policy Infrastructure
Group Policy Infrastructure Status Dashboard
Local Group Policies
Configuring Multiple Local Group Policies
Configuring a Central Store
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 9 Configuring Group Policy Processing
“Do I Know This Already?” Quiz
Foundation Topics
Configuring Processing Order, Precedence, and Blocking of
Inheritance
Processing Order and Precedence
Blocking of Inheritance
Configuring Security Filtering and Windows Management
Instrumentation (WMI) Filtering
Security Filtering
WMI Filtering
Loopback Processing
Client-Side Processing
Configure and Manage Slow Link Processing and Group Policy
Caching
Configure Client-Side Extension (CSE) Behavior
Force a Group Policy Update
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 10 Configuring Group Policy Settings
“Do I Know This Already?” Quiz
Foundation Topics
Configuring Software Installation
Configuring Folder Redirection
Configuring Scripts
Configuring Administrative Templates
Importing a Custom Administrative Template File
Configuring Property Filters for Administrative Templates
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 11 Configuring Group Policy Preferences
“Do I Know This Already?” Quiz
Configuring Control Panel Settings
Configuring Printer Preferences
Configuring Power Options
Configuring Internet Explorer Settings
Configuring Item-Level Targeting
Configuring Windows Settings
Configuring Custom Registry Settings
Defining Network Drive Mappings
Configuring File and Folder Deployment
Configuring Shortcut Deployment
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Part IV: Implementing Active Directory Certification
Services
Chapter 12 Installing and Configuring Active Directory
Certificate Services
“Do I Know This Already?” Quiz
Foundation Topics
Installing Active Directory Integrated Enterprise Certificate
Authority
Installing AD CS on a Server
Configuring AD CS on a Server
Installing Offline Root and Subordinate CAs
Configuring Certificate Revocation List Distribution Points
Creating New CRL Distribution Points (CDPs)
Installing and Configuring Online Responders
Configuring CA Backup, Recovery, and Administrative Role
Separation
Configuring CA Backup and Recovery
Administrative Role Separation
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 13 Managing Certificates
“Do I Know This Already?” Quiz
Foundation Topics
Managing Certificate Templates
Enabling Certificate Templates
Creating New Templates
Managing Certificate Deployment, Validation, Revocation, and
Renewal
Manual Enrollment
CA Web Enrollment
Revoking Certificates
Managing Certificate Autoenrollment Using Group Policies
Configuring Key Archival and Recovery
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Part V: Implementing Identity Federation and Access
Solutions
Chapter 14 Installing and Configuring Active Directory
Federation Services
“Do I Know This Already?” Quiz
Foundation Topics
Implementing Claims-Based Authentication
Installing a Standalone AD FS Server
Installing an AD FS Server Farm
Configuring Authentication
Configuring Authentication Policies
Configuring Multi-Factor Authentication
Implementing and Configuring Device Registration
Integrating AD FS with Microsoft Passport
Configuring AD FS to Enable Authentication of Users Stored in
LDAP Directories
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 15 Implementing Web Application Proxy
“Do I Know This Already?” Quiz
Foundation Topics
Installing and Configuring Web Application Proxy
Installing Web Application Proxy
Implementing WAP in Pass-Through Mode
Implementing WAP as AD FS Proxy
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 16 Installing and Configuring Active Directory
Rights Management Services
“Do I Know This Already?” Quiz
Foundation Topics
Installing an Active Directory Rights Management Services Server
Installing AD RMS
Configuring AD RMS
Managing AD RMS Service Connection Point
Managing AD RMS Templates and Exclusion Policies
AD RMS Policy Templates
Configuring Exclusion Policies
Backing Up and Restoring AD RMS
Exam Preparation Tasks
Review All Key Topics
Complete Tables and Lists from Memory
Define Key Terms
End-of-Chapter Review Questions
Chapter 17 Final Preparation
Tools for Final Preparation
Pearson Cert Practice Test Engine and Questions on the
Website
Accessing the Pearson Test Prep Software Online
Accessing the Pearson Test Prep Software Offline
Customizing Your Exams
Updating Your Exams
Premium Edition
Memory Tables
Chapter-Ending Review Tools
Suggested Plan for Final Review/Study
Summary
Part VI: Appendices
Appendix A Answers to the “Do I Know This Already?”
Quizzes and End-of-Chapter Review Questions
Glossary of Key Terms
Index
Elements Available on the Book Website
Appendix B Memory Tables
Appendix C Memory Tables Answer Key
Appendix D Study Planner
About the Author
Benjamin Finkel has had his hands on a keyboard since his father
brought home the original Compaq portable when he was just four
years old. He began professional consulting in 1997 directly out of
high school. Ben spent the next 17 years developing and supporting
systems in a wide variety of industries, from health care to finance
to medical research, before becoming a full-time trainer with CBT
Nuggets. Today he lives near Niagara Falls, New York, with his wife
and two children. When he’s not busy learning about the next big
thing in IT, he enjoys snowboarding, reading, and dissuading his
wife from adopting yet another cat.
Dedication
This book is dedicated to my parents, Sidney and Anna Finkel.
They’re the reason I found a passion in IT in the first place and
throughout my entire life have always supported, encouraged, and
believed in me. Thanks guys!
About the Technical Reviewer
Chris Crayton (MCSE) is an author, technical consultant, and
trainer. He has worked as a computer technology and networking
instructor, information security director, network administrator,
network engineer, and PC specialist. Chris has authored several print
and online books on PC repair, CompTIA A+, CompTIA Security+,
and Microsoft Windows. He has also served as technical editor and
content contributor on numerous technical titles for several leading
publishing companies. He holds numerous industry certifications, has
been recognized with many professional teaching awards, and has
served as a state-level SkillsUSA competition judge.
Acknowledgments
I want to thank the small army of individuals at Pearson who helped
to make this book possible, especially Michelle Newcomb for her
introduction to and guidance through the process, Chris Cleveland
for his patience with me and thoroughness in review, and Chris
Crayton for his invaluable and detailed feedback. Thank you as well
to all the additional people at Pearson whose hard work is reflected
in these pages. This book is a collaborative effort and only exists by
virtue of all their input. I would also like to thank Anthony Sequeira
for getting me into this mess in the first place.
We Want to Hear from You!
As the reader of this book, you are our most important critic and
commentator. We value your opinion and want to know what we’re
doing right, what we could do better, what areas you’d like to see us
publish in, and any other words of wisdom you’re willing to pass our
way.
We welcome your comments. You can email or write to let us know
what you did or didn’t like about this book—as well as what we can
do to make our books better.
Please note that we cannot help you with technical problems related
to the topic of this book.
When you write, please be sure to include this book’s title and
author as well as your name and email address. We will carefully
review your comments and share them with the author and editors
who worked on the book.
Email: feedback@pearsonitcertification.com
Mail: Pearson IT Certification
ATTN: Reader Feedback
800 East 96th Street
Indianapolis, IN 46240 USA
Reader Services
Register your copy of MCSA 70-742 Cert Guide at
www.pearsonitcertification.com for convenient access to downloads,
updates, and corrections as they become available. To start the
registration process, go to www.pearsonitcertification.com/register
and log in or create an account*. Enter the product ISBN
9780789757036 and click Submit. When the process is complete,
you will find any available bonus content under Registered Products.
*
Be sure to check the box that you would like to hear from us to
receive exclusive discounts on future editions of this product.
Introduction
MCSA 70-742 Cert Guide: Identity with Windows Server 2016 is
designed to prepare you to implement and administer the identity
management tools contained within Windows Server 2016. It is
structured around the objectives and topics published by Microsoft
for exam 70-742. With this book you get a direct and hands-on
approach to identity management with technologies such as Active
Directory, Group Policy, and Federation Services. Not only will this
book help to prepare you for the certification exam, it will ensure
you have a fundamental understanding of the way in which you can
leverage these powerful tools regardless of the size or complexity of
your organization.
With the release of Windows Server 2016, Microsoft has once again
restructured the layout of the certification exams needed to obtain
your MCSA on Windows Server. In previous iterations, each exam
focused on a wide array of products and features across the
Windows Server platform. With this release, the exams have been
retooled to each focus on a single area of the technology. Exam 70-
742 is centered on the Active Directory product suite and its ancillary
services. It is the third of three exams required to complete your
MCSA certification. The exam relies heavily on use-case scenarios
and real-world situations. These questions test your knowledge of
the proper way to deploy and configure Active Directory when faced
with challenges that are common when operating Windows Server in
the real world.
This book covers all the topics listed in Microsoft’s exam objectives,
and each chapter includes key topics and preparation tasks to assist
you in mastering this information. Reviewing tables and practicing
test questions will help you practice your knowledge on all subject
areas.
About the 70-742 Identity with Windows
Server 2016 Exam
The 70-742 Identity with Windows Server 2016 exam is the third of
three exams required to complete your MCSA certification. It has
been designed for individuals who already have experience
administering Active Directory in an enterprise environment and
want to transition their responsibilities to the next career level. The
70-742 exam tests candidates’ understanding of the role Active
Directory and its ancillary services, with a particular focus on best-
practice solutions to real-world challenges. It assumes a high degree
of familiarity with the material covered in earlier exams, including
Windows Server administration and network design and
implementation.
The 70-742 Identity with Windows Server 2016 exam is a computer-
based test that has 40 to 60 questions and a 120 minute time limit.
All exam information is managed by Microsoft and always subject to
change, so candidates should monitor the Microsoft certificate site
for any exam updates at https://www.microsoft.com/en-
us/learning/exam-70-742.aspx.
You can take the exam at Pearson VUE testing centers. You can
register with VUE at www.vue.com/microsoft.
Book Features
To help you customize your study time using this book, the core
chapters have several features that help you make the best use of
your time:
“Do I Know This Already?” quiz: Each chapter begins with
a quiz that helps you determine how much time you need to
spend studying that chapter.
Foundation Topics: These are the core sections of each
chapter. They explain the concepts for the topics in that
chapter.
Exam Preparation Tasks: After the “Foundation Topics”
section of each chapter, the “Exam Preparation Tasks” section
lists a series of study activities that you should do at the end of
the chapter. Each chapter includes the activities that make the
most sense for studying the topics in that chapter:
Review All the Key Topics: The Key Topics icon appears
next to the most important items in the “Foundation Topics”
section of the chapter. The “Review All Key Topics” section
lists the key topics from the chapter, along with their page
numbers. Although the contents of the entire chapter could
be on the exam, you should definitely know the information
listed in each key topic, so you should review these.
Complete the Tables and Lists from Memory: To help
you memorize some lists of facts, many of the more
important lists and tables from the chapter are included in a
document on the companion website. This document lists
only partial information, allowing you to complete the table
or list.
Define Key Terms: Although the exam may be unlikely to
ask a question such as “Define this term,” the Microsoft
MCSA exams do require that you learn and know a lot of
Windows Server administration terminology. This section lists
the most important terms from the chapter, asking you to
write a short definition and compare your answer to the
glossary at the end of the book.
End-of-Chapter Review Questions: Confirm that you
understand the content that you just covered by answering
review questions.
Web-based practice exam: The companion website includes
the Pearson Test Prep practice test software that allows you to
take practice exam questions. Use these to prepare with a
sample exam and to pinpoint topics where you need more
study.
Companion Website
Register this book to get access to the Pearson Test Prep practice
test software and other study materials plus additional bonus
content. Check this site regularly for new and updated postings
written by the author that provide further insight into the more
troublesome topics on the exam. Be sure to check the box that you
would like to hear from us to receive updates and exclusive
discounts on future editions of this product or related products.
To access this companion website, follow these steps:
1. Go to www.pearsonITcertification.com/register and log in or
create a new account.
2. Enter the ISBN: 9780789757036.
3. Answer the challenge question as proof of purchase.
4. Click on the Access Bonus Content link in the Registered
Products section of your account page to be taken to the page
where your downloadable content is available.
Please note that many of our companion content files can be very
large, especially image and video files.
If you are unable to locate the files for this title by following the
preceding steps, please visit www.pearsonITcertification.com/contact
and select the Site Problems/Comments option. Our customer
service representatives will assist you.
OSTASIATISCHE KERAMIK.
EUROPÄISCHES PORZELLAN.
WIEN.
GLASARBEITEN.
Unmittelbar an die keramische Sammlung schließt sich die
Glassammlung an. Die Glaserzeugung, das heißt die Herstellung
einer amorphen Verbindung von Kieselsäure mit zwei Basen, die
durch Metalloxyde bestimmte Färbung erhält, reicht in das Dunkel
vorhistorischer Zeiten zurück. Zahlreiche Proben ägyptischer
Glasmacherkunst, die aus den Gräbern ans Licht gefördert wurden,
sind Zeugen einer hochentwickelten Technik, die bis in das IV.
Jahrtausend v. Chr. zurückreicht.
Die Glassammlung des Museums beläuft sich auf mehr als 2000
Nummern.[29]
Den kunsthistorisch bedeutendsten sowie an Vortrefflichkeit und
Zahl der Objekte hervorragendsten Teil bilden die gravierten und
geschliffenen böhmischen und schlesischen Glasarbeiten vom XVI.
bis gegen Ende des XVIII. Jahrhunderts.
Glasbecher mit Schmelzmalerei, in Silber montiert,
holländisch, XVIII. Jahrhundert, 1. Hälfte
ANTIKE GLASARBEITEN.