Download full Mcsa 70-742 cert guide: identity with windows server 2016 1st edition benjamin finkel

Visit to download the full and correct content document: https://ebookmass.com/product/mcsa-70-742-cert-guide-identity-with-windows-server -2016-1st-edition-benjamin-finkel/

More products digital (pdf, epub, mobi) instant download maybe you interests ...

MCSA Guide to Identity with Windows Server® 2016, Exam 70-742 1st Edition Greg Tomsho

https://ebookmass.com/product/mcsa-guide-to-identity-withwindows-server-2016-exam-70-742-1st-edition-greg-tomsho/

MCSA 70-740 Cert Guide: Installation, Storage, and Compute with Windows Server 2016 1st Edition Anthony Sequeira

https://ebookmass.com/product/mcsa-70-740-cert-guideinstallation-storage-and-compute-with-windows-server-2016-1stedition-anthony-sequeira/

McSa Guide to Installation, Storage, and Compute with Microsoft Windows Server2016, Exam 70-740 Greg Tomsho

https://ebookmass.com/product/mcsa-guide-to-installation-storageand-compute-with-microsoft-windows-server2016-exam-70-740-gregtomsho/

MCSA Guide to Installation, Storage, and Compute with Microsoft Windows

https://ebookmass.com/product/mcsa-guide-to-installation-storageand-compute-with-microsoft-windows/

Hands-on Microsoft Windows Server 2016 Second Edition. Edition Palmer

https://ebookmass.com/product/hands-on-microsoft-windowsserver-2016-second-edition-edition-palmer/

Microsoft Specialist Guide to Microsoft Windows 10 (Exam 70 697, Configuring Windows Devices) 1st Edition, (Ebook PDF)

https://ebookmass.com/product/microsoft-specialist-guide-tomicrosoft-windows-10-exam-70-697-configuring-windows-devices-1stedition-ebook-pdf/

Microsoft SQL Server 2016 a beginner's guide Sixth Edition Petkovic

https://ebookmass.com/product/microsoft-sqlserver-2016-a-beginners-guide-sixth-edition-petkovic/

Windows Server 2022 & PowerShell All-in-One For Dummies 1st Edition Sara Perrott

https://ebookmass.com/product/windows-server-2022-powershell-allin-one-for-dummies-1st-edition-sara-perrott/

Hands-On Microsoft Windows Server 2019 (MindTap Course List) 3rd Edition Jason Eckert

https://ebookmass.com/product/hands-on-microsoft-windowsserver-2019-mindtap-course-list-3rd-edition-jason-eckert/

About This eBook

ePUB is an open, industry-standard format for eBooks. However, support of ePUB and its many features varies across reading devices and applications. Use your device or app settings to customize the presentation to your liking. Settings that you can customize often include font, font size, single or double column, landscape or portrait mode, and figures that you can click or tap to enlarge. For additional information about the settings and features on your reading device or app, visit the device manufacturer’s Web site.

Many titles include programming code or configuration examples. To optimize the presentation of these elements, view the eBook in single-column, landscape mode and adjust the font size to the smallest setting. In addition to presenting code and configurations in the reflowable text format, we have included images of the code that mimic the presentation found in the print book; therefore, where the reflowable format may compromise the presentation of the code listing, you will see a “Click here to view code image” link. Click the link to view the print-fidelity code image. To return to the previous page viewed, click the Back button on your device or app.

MCSA 70-742 Cert Guide

Copyright © 2017 by Pearson Education, Inc.

All rights reserved. No part of this book shall be reproduced, stored in a retrieval system, or transmitted by any means, electronic, mechanical, photocopying, recording, or otherwise, without written permission from the publisher. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.

ISBN-10: 0-7897-5703-6

ISBN-13: 978-0-7897-5703-6

Library of Congress Control Number: 2017935716

Printed in the United States of America

First Printing: June 2017

Trademark Acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Pearson IT Certification cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.

Windows is a registered trademark of Microsoft Corporation.

Warning and Disclaimer

This book is designed to provide information about the Microsoft MCSA 70-742 Identity with Windows Server 2016 exam. Every effort has been made to make this book as complete and accurate as possible, but no warranty or fitness is implied. The information provided is on an “as is” basis. The author and the publisher shall have neither liability nor responsibility to any person or entity with

respect to any loss or damages arising from the information contained in this book or from the use of the supplemental online content or programs accompanying it.

Special Sales

For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at corpsales@pearsoned.com or (800) 382-3419.

For government sales inquiries, please contact governmentsales@pearsoned.com.

For questions about sales outside the U.S., please contact intlcs@pearsoned.com.

Editor-in-Chief

Mark Taub

Product Line Manager

Brett Bartow

Acquisitions Editor

Michelle Newcomb

Managing Editor

Sandra Schroeder

Development Editor

Christopher Cleveland

Project Editor

Lori Lyons

Copy Editor

Geneil Breeze

Technical Editor

Chris Crayton

Publishing Coordinator

Vanessa Evans

Cover Designer

Chuti Prasertsith

Composition

Bronkella Publishing

Indexer

Kenneth D. Johnson

Proofreader

Gill Editorial Services

Contents at a Glance

Introduction

Part I: Installing and Configuring Active Directory Domain Services

Chapter 1 Introducing Active Directory 2016

Chapter 2 Installing and Configuring Domain Controllers

Chapter 3 Creating and Managing Active Directory Users and Computers

Chapter 4 Creating and Managing Active Directory Groups and Organizational Units

Part II: Managing and Maintaining Active Directory Domain Services

Chapter 5 Configuring Service Authentication and Account Policies

Chapter 6 Maintaining Active Directory

Chapter 7 Configuring Active Directory in a Complex Enterprise Environment

Part III: Creating and Managing Group Policy

Chapter 8 Creating and Managing Group Policy Objects (GPOs)

Chapter 9 Configuring Group Policy Processing

Chapter 10 Configuring Group Policy Settings

Chapter 11 Configuring Group Policy Preferences

Part IV: Implementing Active Directory Certification Services

Chapter 12 Installing and Configuring Active Directory

Certificate Services

Chapter 13 Managing Certificates

Part V: Implementing Identity Federation and Access Solutions

Chapter 14 Installing and Configuring Active Directory Federation Services

Chapter 15 Implementing Web Application Proxy

Chapter 16 Installing and Configuring Active Directory

Rights Management Services

Chapter 17 Final Preparation

Part VI: Appendices

Appendix A Answers to the “Do I Know This Already?” Quizzes and End-of-Chapter Review Questions

Glossary Glossary of Key Terms

Index

Elements Available on the Book Website

Appendix B Memory Tables

Appendix C Memory Tables Answer Key

Appendix D Study Planner

Table of Contents

Introduction

Part I: Installing and Configuring Active Directory Domain Services

Chapter 1 Introducing Active Directory 2016

“Do I Know This Already?” Quiz

Foundation Topics

Identity and Active Directory 2016

Active Directory Domain Services (AD DS)

Object

Containers and Organizational Units

Domains

Domain Trees and Forests

Group Policy Objects (GPOs)

Active Directory Federation Services (AD FS)

Identity Federation

Claims-Based Authentication

Single Sign-On (SSO)

Active Directory Certificate Services (AD CS)

Active Directory Rights Management Services (AD RMS)

AD RMS Clients

AD RMS Server

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter

Review Questions

Chapter 2 Installing and Configuring Domain Controllers

“Do I Know This Already?” Quiz

Foundation Topics

Installing a New Forest

Planning the Domain

Installing AD DS from Server Manager

Promoting the Server to Domain Controller

Adding or Removing a Domain Controller from a Domain

Multimaster Replication and FSMO Roles

Forest and Domain Functional Levels

Adding a New Domain Controller to an Existing Domain

Demoting a Server from Domain Controller

Upgrading a Domain Controller

Installing AD DS on a Server Core Installation

Installing AD DS with PowerShell

Promoting a Server to Domain Controller with PowerShell

Installing a Domain Controller with Install from Media (IFM)

Creating the Media for Installation

Deploying a Domain Controller Using IFM

Installing and Configuring a Read-Only Domain Controller (RODC)

Configuring Domain Controller Cloning

Requirements to Clone a Virtual Domain Controller

Creating DCCloneConfig.xml

Exporting and Importing the Cloned DC

Resolving DNS SRV Record Registration Issues

Configuring a Global Catalog Server

Transferring and Seizing Operations Master Roles

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 3 Creating and Managing Active Directory Users and Computers

“Do I Know This Already?” Quiz

Foundation Topics

Creating, Copying, Configuring, and Deleting Users and Computers

Creating and Configuring a New User

Creating and Configuring a New Computer

Copying Users

Configuring Templates

Deleting Objects

Automating the Creation of Active Directory Accounts

Working with Users

Working with Computers

Performing Bulk Active Directory Operations

Comma Separated Value Data Exchange (csvde)

LDAP Data Interchange Format Data Exchange (ldifde)

Configuring User Rights

Implementing Offline Domain Join

Managing Inactive and Disabled Accounts

Automating Unlocking of Disabled Accounts Using Windows

PowerShell

Automating Password Resets Using Windows PowerShell

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 4 Creating and Managing Active Directory Groups and Organizational Units

“Do I Know This Already?” Quiz

Foundation Topics

Creating, Copying, Configuring, and Deleting Groups and OUs

Active Directory Groups and Active Directory OUs

OrganizationalUnits

Groups

GroupTypes

GroupScope

Working with Active Directory Groups

Working with Active Directory OUs

Automate Groups and OUs with PowerShell

Converting Group Scope and Type

Configuring Group Nesting

IGDLA

Enumerating Group Membership

Delegating the Creation and Management of Groups and OUs

Managing Group Membership Using Group Policy

Managing Default Active Directory Containers

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Part II: Managing and Maintaining Active Directory Domain Services

Chapter 5 Configuring Service Authentication and Account Policies

“Do I Know This Already?” Quiz

Foundation Topics

Creating and Configuring Service Accounts

Service Accounts

Managed Service Accounts

Group Managed Service Accounts (gMSAs)

Virtual Service Accounts

Configuring Kerberos Constrained Delegation (KCD)

Constrained Delegation

Managing Service Principal Names (SPNs)

Configuring Default Domain Account Policies

Configuring Domain and Local User Password Policy Settings

Configuring Account Lockout Policy Settings

Configuring Kerberos Policy Settings Within Group Policy

Configuring and Applying Password Settings Objects (PSOs)

PSO Precedence

Creating PSOs

Delegating Password Settings Management

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 6 Maintaining Active Directory

“Do I Know This Already?” Quiz

Foundation Topics

Configuring Active Directory Snapshots

NTDSUTIL Snapshot Menu

Creating and Mounting a Snapshot

Hosting a Snapshot

Backing Up and Restoring Active Directory and SYSVOL

Backing Up Active Directory

Restoring Active Directory

Nonauthoritative Restore

Authoritative Restore

Configuring and Restoring Objects by Using the Active Directory Recycle Bin

Managing Active Directory Offline

Performing Offline Defragmentation of an Active Directory

Database

Cleaning Up Metadata

Configuring Replication to Read-Only Domain Controllers (RODCs)

Configuring Password Replication Policy (PRP) for RODC

Monitoring and Managing Replication

Upgrading SYSVOL Replication to Distributed File System

Replication (DFSR)

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 7 Configuring Active Directory in a Complex Enterprise Environment

“Do I Know This Already?” Quiz

Foundation Topics

Deploying Windows Server 2016 Domain Controllers Within a PreExisting Active Directory Environment

Upgrading Existing Domains and Forests

Configuring Domain and Forest Functional Levels

Configuring Multiple User Principal Name (UPN) Suffixes

Configuring Trusts

Configuring Forest, External, Realm, and Shortcut Trusts

Configuring SID Filtering

Configuring Name Suffix Routing

Configuring Sites

Configuring Sites and Subnets

Sites

Subnets

Creating and Configuring Site Links

Managing Sites with PowerShell

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Part III: Creating and Managing Group Policy

Chapter 8 Creating and Managing Group Policy Objects (GPOs)

“Do I Know This Already?” Quiz

Foundation Topics

Introduction to Group Policy

Creating Group Policy Objects

Configuring GPO Links

Managing Starter GPOs

Backing Up, Importing, Copying, and Restoring GPOs

Using the Group Policy Management Editor (GPME)

Using PowerShell to Manage GPOs

Creating and Configuring a Migration Table

Resetting Default GPOs

Delegating Group Policy Management

Detecting Health Issues Using the Group Policy Infrastructure

Status Dashboard

Group Policy Infrastructure

Group Policy Infrastructure Status Dashboard

Local Group Policies

Configuring Multiple Local Group Policies

Configuring a Central Store

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 9 Configuring Group Policy Processing

“Do I Know This Already?” Quiz

Foundation Topics

Configuring Processing Order, Precedence, and Blocking of Inheritance

Processing Order and Precedence

Blocking of Inheritance

Configuring Security Filtering and Windows Management

Instrumentation (WMI) Filtering

Security Filtering

WMI Filtering

Loopback Processing

Client-Side Processing

Configure and Manage Slow Link Processing and Group Policy

Caching

Configure Client-Side Extension (CSE) Behavior

Force a Group Policy Update

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 10 Configuring Group Policy Settings

“Do I Know This Already?” Quiz

Foundation Topics

Configuring Software Installation

Configuring Folder Redirection

Configuring Scripts

Configuring Administrative Templates

Importing a Custom Administrative Template File

Configuring Property Filters for Administrative Templates

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 11 Configuring Group Policy Preferences

“Do I Know This Already?” Quiz

Configuring Control Panel Settings

Configuring Printer Preferences

Configuring Power Options

Configuring Internet Explorer Settings

Configuring Item-Level Targeting

Configuring Windows Settings

Configuring Custom Registry Settings

Defining Network Drive Mappings

Configuring File and Folder Deployment

Configuring Shortcut Deployment

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Part IV: Implementing Active Directory Certification Services

Chapter 12 Installing and Configuring Active Directory Certificate Services

“Do I Know This Already?” Quiz

Foundation Topics

Installing Active Directory Integrated Enterprise Certificate Authority

Installing AD CS on a Server

Configuring AD CS on a Server

Installing Offline Root and Subordinate CAs

Configuring Certificate Revocation List Distribution Points

Creating New CRL Distribution Points (CDPs)

Installing and Configuring Online Responders

Configuring CA Backup, Recovery, and Administrative Role

Separation

Configuring CA Backup and Recovery

Administrative Role Separation

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 13 Managing Certificates

“Do I Know This Already?” Quiz

Foundation Topics

Managing Certificate Templates

Enabling Certificate Templates

Creating New Templates

Managing Certificate Deployment, Validation, Revocation, and Renewal

Manual Enrollment

CA Web Enrollment

Revoking Certificates

Managing Certificate Autoenrollment Using Group Policies

Configuring Key Archival and Recovery

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Part V: Implementing Identity Federation and Access Solutions

Chapter 14 Installing and Configuring Active Directory Federation Services

“Do I Know This Already?” Quiz

Foundation Topics

Implementing Claims-Based Authentication

Installing a Standalone AD FS Server

Installing an AD FS Server Farm

Configuring Authentication

Configuring Authentication Policies

Configuring Multi-Factor Authentication

Implementing and Configuring Device Registration

Integrating AD FS with Microsoft Passport

Configuring AD FS to Enable Authentication of Users Stored in LDAP Directories

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 15 Implementing Web Application Proxy

“Do I Know This Already?” Quiz

Foundation Topics

Installing and Configuring Web Application Proxy

Installing Web Application Proxy

Implementing WAP in Pass-Through Mode

Implementing WAP as AD FS Proxy

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 16 Installing and Configuring Active Directory

Rights Management Services

“Do I Know This Already?” Quiz

Foundation Topics

Installing an Active Directory Rights Management Services Server

Installing AD RMS

Configuring AD RMS

Managing AD RMS Service Connection Point

Managing AD RMS Templates and Exclusion Policies

AD RMS Policy Templates

Configuring Exclusion Policies

Backing Up and Restoring AD RMS

Exam Preparation Tasks

Review All Key Topics

Complete Tables and Lists from Memory

Define Key Terms

End-of-Chapter Review Questions

Chapter 17 Final Preparation

Tools for Final Preparation

Pearson Cert Practice Test Engine and Questions on the Website

AccessingthePearsonTestPrepSoftwareOnline

AccessingthePearsonTestPrepSoftwareOffline

Customizing Your Exams

Updating Your Exams

Premium Edition

Memory Tables

Chapter-Ending Review Tools

Suggested Plan for Final Review/Study

Summary

Part VI: Appendices

Appendix A Answers to the “Do I Know This Already?” Quizzes and End-of-Chapter Review Questions

Glossary of Key Terms

Index

Elements Available on the Book Website

Appendix B Memory Tables

Appendix C Memory Tables Answer Key

Appendix D Study Planner

About the Author

Benjamin Finkel has had his hands on a keyboard since his father brought home the original Compaq portable when he was just four years old. He began professional consulting in 1997 directly out of high school. Ben spent the next 17 years developing and supporting systems in a wide variety of industries, from health care to finance to medical research, before becoming a full-time trainer with CBT Nuggets. Today he lives near Niagara Falls, New York, with his wife and two children. When he’s not busy learning about the next big thing in IT, he enjoys snowboarding, reading, and dissuading his wife from adopting yet another cat.

Dedication

Thisbookisdedicatedtomyparents,SidneyandAnnaFinkel. They’rethereasonIfoundapassioninITinthefirstplaceand throughoutmyentirelifehavealwayssupported,encouraged,and believedinme.Thanksguys!

About the Technical Reviewer

Chris Crayton (MCSE) is an author, technical consultant, and trainer. He has worked as a computer technology and networking instructor, information security director, network administrator, network engineer, and PC specialist. Chris has authored several print and online books on PC repair, CompTIA A+, CompTIA Security+, and Microsoft Windows. He has also served as technical editor and content contributor on numerous technical titles for several leading publishing companies. He holds numerous industry certifications, has been recognized with many professional teaching awards, and has served as a state-level SkillsUSA competition judge.

Acknowledgments

I want to thank the small army of individuals at Pearson who helped to make this book possible, especially Michelle Newcomb for her introduction to and guidance through the process, Chris Cleveland for his patience with me and thoroughness in review, and Chris Crayton for his invaluable and detailed feedback. Thank you as well to all the additional people at Pearson whose hard work is reflected in these pages. This book is a collaborative effort and only exists by virtue of all their input. I would also like to thank Anthony Sequeira for getting me into this mess in the first place.

We Want to Hear from You!

As the reader of this book, youare our most important critic and commentator. We value your opinion and want to know what we’re doing right, what we could do better, what areas you’d like to see us publish in, and any other words of wisdom you’re willing to pass our way.

We welcome your comments. You can email or write to let us know what you did or didn’t like about this book—as well as what we can do to make our books better.

Pleasenotethatwecannothelpyouwithtechnicalproblemsrelated tothetopicofthisbook.

When you write, please be sure to include this book’s title and author as well as your name and email address. We will carefully review your comments and share them with the author and editors who worked on the book.

Email: feedback@pearsonitcertification.com

Mail: Pearson IT Certification ATTN: Reader Feedback 800 East 96th Street Indianapolis, IN 46240 USA

Reader Services

Register your copy of MCSA70-742CertGuideat www.pearsonitcertification.com for convenient access to downloads, updates, and corrections as they become available. To start the registration process, go to www.pearsonitcertification.com/register and log in or create an account*. Enter the product ISBN 9780789757036 and click Submit. When the process is complete, you will find any available bonus content under Registered Products. *Be sure to check the box that you would like to hear from us to receive exclusive discounts on future editions of this product.

Introduction

MCSA70-742CertGuide:IdentitywithWindowsServer2016is designed to prepare you to implement and administer the identity management tools contained within Windows Server 2016. It is structured around the objectives and topics published by Microsoft for exam 70-742. With this book you get a direct and hands-on approach to identity management with technologies such as Active Directory, Group Policy, and Federation Services. Not only will this book help to prepare you for the certification exam, it will ensure you have a fundamental understanding of the way in which you can leverage these powerful tools regardless of the size or complexity of your organization.

With the release of Windows Server 2016, Microsoft has once again restructured the layout of the certification exams needed to obtain your MCSA on Windows Server. In previous iterations, each exam focused on a wide array of products and features across the Windows Server platform. With this release, the exams have been retooled to each focus on a single area of the technology. Exam 70742 is centered on the Active Directory product suite and its ancillary services. It is the third of three exams required to complete your MCSA certification. The exam relies heavily on use-case scenarios and real-world situations. These questions test your knowledge of the proper way to deploy and configure Active Directory when faced with challenges that are common when operating Windows Server in the real world.

This book covers all the topics listed in Microsoft’s exam objectives, and each chapter includes key topics and preparation tasks to assist you in mastering this information. Reviewing tables and practicing test questions will help you practice your knowledge on all subject areas.

About the 70-742 Identity with Windows Server 2016 Exam

The 70-742 Identity with Windows Server 2016 exam is the third of three exams required to complete your MCSA certification. It has been designed for individuals who already have experience administering Active Directory in an enterprise environment and want to transition their responsibilities to the next career level. The 70-742 exam tests candidates’ understanding of the role Active Directory and its ancillary services, with a particular focus on bestpractice solutions to real-world challenges. It assumes a high degree of familiarity with the material covered in earlier exams, including Windows Server administration and network design and implementation.

The 70-742 Identity with Windows Server 2016 exam is a computerbased test that has 40 to 60 questions and a 120 minute time limit. All exam information is managed by Microsoft and always subject to change, so candidates should monitor the Microsoft certificate site for any exam updates at https://www.microsoft.com/enus/learning/exam-70-742.aspx.

You can take the exam at Pearson VUE testing centers. You can register with VUE at www.vue.com/microsoft.

70-742 Exam Topics

Table I-1 lists the topics of the 70-742 exam and indicates the chapter in the book where they are covered.