Exam 220-601, Best IT Certification Training

When creating additional forests, you use the Active Directory Installation Wizard. To create an additional forest, complete the following steps:

1.      Restart your computer and log on as Administrator.

2.      Click Start and then click Run. In the Run dialog box, type dcpromo in the Run

box and then click OK.

3.      On the Welcome To The Active Directory Installation Wizard page, click Next.

4.      On the Operating System Compatibility page, click Next.

5.      On the Domain Controller Type page, shown previously in Figure 4-1, select

Domain Controller For A New Domain, and then click Next.

6.      On the Create New Domain page, shown previously in Figure 4-2, select Domain

In A New Forest, and then click Next.

7.      On the New Domain Name page, shown in Figure 4-9, type the complete DNS

name of the new forest root domain in the Full DNS Name For New Domain box,

and then click Next.

8.      Proceed through the following Active Directory Installation Wizard pages in the

same way you did in the "Installing Active Directory Using the Active Directory

Installation Wizard" section of Chapter 2:

a       NetBIOS Domain Name

a       Database And Log Folders

a       Shared System Volume

Q      DNS Registration Diagnostics

Q      Permissions

a       Directory Services Restore Mode Administrator Password

9.      On the Summary page, shown in Figure 4-10, the options that you selected are

listed. Note that the new forest is indicated. Review the contents of the Summary

page, and then click Next. The Configuring Active Directory progress indicator

appears as the Active Directory service is installed on the server. This process

takes several minutes.

Some stand-alone snap-ins can use extensions that provide additional functionality, for example, Computer Management. However, some snap-ins, like Event Viewer, can act as either a snap-in or an extension.

Console Options

Use console options to determine how each MMC operates by selecting the appropriate console mode. The console mode determines the MMC functionality for the person who is using a saved MMC. The two available console modes are author mode and user mode.

Note Additional console options can be set using Group Policy. For information on setting group policies, see Chapter 11, "Administering Group Policy."

When you save an MMC in author mode, you enable full access to all MMC functionality, which includes modifying the MMC. Save the MMC using author mode to allow those using it to do the following:

•       Add or remove snap-ins.

•       Create new windows.

View all portions of the console tree

. Save MMCs.

Note By default, all new MMCs are saved in author mode.

Usually, if you plan to distribute an MMC to other administrators, you save the MMC in user mode. When you set an MMC to user mode, users cannot add snap-ins to, remove snap-ins from, or save the MMC.

There are three types of user modes that allow different levels of access and functionality. Table 3-4 describes when to use each type of user mode.

Used to Sdcheck.exe: Security Descriptor Check Utility

Search.vbs: Active Directory Search Tool1

Setspn.exe: Manipulate Ser-vice Principal Names for Accounts1

SIDwalker Security Administration Tools

Display the security descriptor for any object stored in Active Directory. This tool enables an administrator to determine if ACLs are being inherited correctly and if ACL changes are being replicated from one domain controller to another.

Perform searches against an LDAP server to get information from Active Directory.

Read, modify, and delete the Service Principal Names (SPN) directory property for an Active Directory service account.

Manage access control policies on Windows Server 2003 and Windows NT systems. SID walker consists of three separate

programs: Showaccs.exe1 and Siclwalk.exe1 for examining and changing access control entries, and Security Migration Editor for editing mapping between old and new security identifiers (SIDs).

1       command-line tool

2       MMC snap-in

3       GUI tool

See Windows Support Tools help for more information about using the Windows Support Tools that pertain to Active Directory.

Active Directory Service Interfaces (ADSI) provides a simple, powerful, object-oriented interface to Active Directory. ADSI makes it easy for programmers and administrators to create programs utilizing directory services by using high-level tools such as Microsoft Visual Basic, Java, C, C# or Visual C++ as well as scripted languages such as VBScript, JScript, or PerlScript without having to worry about the underlying differences between the different namespaces. ADSI is a fully programmable Automation object for use by administrators.

ADSI enables you to build or buy programs that give you a single point of access to multiple directories in your network environment, whether those directories are based on LDAP or another protocol.

Note A detailed discussion of ADSI is beyond the scope of this training kit. For further information about ADSI, refer to the Microsoft Windows Server 2003 Resource Kit located on the Microsoft Web site at http://www.microsoft.com/windowsserver2003/techinfo/reskit/ resourcekitmspx.

Practice: Viewing Active Directory Administration Tools

In this practice, you view the Active Directory administrative consoles and some of the Active Directory support tools.

Exercise 1: Viewing Active Directory Administrative Consoles

In this exercise, you view the Active Directory administrative consoles.

^-  To view Active Directory administrative consoles

1.      Log on to Server Ol as Administrator,

2.      Click Start, point to Administrative Tools, and then click Active Directory Domains

And Trusts.

3.      In the console tree, right-click the contoso.com domain and then select Properties.

In the Properties dialog box for the contoso.com domain, click the Trusts tab.

Notice the trust information boxes that would contain information about trusts if

there were other domains in the forest. Click Cancel.

4.      In the console tree, right-click the contoso.com domain and then select Raise

Domain Functional Level. On the Raise Domain Functional Level dialog box,

notice the list in which you can raise domain functionality. Click Cancel. In the

console tree, right-click the Active Directory Domains And Trusts node and then

select Raise Forest Functional Level. On the Raise Forest Functional Level dialog

box, notice that you cannot raise forest functionality until you have raised the

domain functional level to Windows Server 2003. Click OK.

5.      In the console tree, right-click the Active Directory Domains And Trusts node and

then select Properties. On the UPN Suffixes tab, notice where you can enter alter¬

nate UPN suffixes. Click OK and then close the Active Directory Domains And

Trusts console.

6.      Click Start, point to Administrative Tools, and then click Active Directory Sites And

Services. In the console tree, double-click the Sites folder. Notice that a site called

Default-First-Site is present. This site is created automatically when Active Direc¬

tory is installed. Close the Active Directory Sites And Services console.

7.      Click Start, point to Administrative Tools, and then click Active Directory Users

And Computers. In the console tree, double-click the Builtin folder and examine

all the default groups. Double-click the Users folder and examine all the default

users. Close the Active Directory Users And Computers console.

1.    How is a directory service different from a directory?

A directory service differs from a directory in that it is both the source of the information and the mechanism that makes the information available to the users.

2.    How is Active Directory scalable?

Active Directory enables you to scale the directory to meet business and network requirements through the configuration of domains and trees, and the placement of domain controllers. Active Directory allows millions of objects per domain and uses indexing technology and advanced replication techniques to speed performance.

3.    What is multimaster replication?

Multimaster replication is a replication model in which any domain controller accepts and rep¬licates directory changes to any other domain controller. Because multiple domain controllers are employed, replication continues, even if any single domain controller stops working.

4.    Name the Active Directory components used to represent an organization's logical

structure.

The Active Directory components used to represent an organization's logical structure are domains, organizational units (OUs), trees, and forests.

5.    Name the physical components of Active Directory.

The physical components of Active Directory are sites and domain controllers.

6.    What is the function of the global catalog?

The global catalog has two main functions: (1) it enables a user to log on to a network by pro¬viding universal group membership information to a domain controller when a logon process is initiated, and (2) it enables finding directory information regardless of which domain in the for-est actually contains the data.

Lesson 2 Review

1. List the four directory partitions of the Active Directory database.

The four directory partitions of the Active Directory database are schema partition, configuration partition, domain partition, and application partition.

What is A+ Essentials exam?

CompTIA’s 220-601 test is designed to measure your ability to support computers having different hardware and software configurations. Exam 220-601 is a mandatory requirement for the A Certification. You should also pass one of the electives tests (220-602, 220-603, (220-604) to complete the updated A+ certification.

Is A+ Essentials exam right for you?

This test is appropriate for you if you want to be an entry-level IT professional and have job responsibilities including: IT Technician, Enterprise Technician, PC Technician, Desktop Support Technician, Field Technician, PC Support Technician, Remote Support Technician, Help Desk Technician, Call Center Technician, Depot Technician and Bench Technician. If you would like to know more about the A+ Essentials test 220-601 please visit the CompTIA Website.

The A+ Essentials validates your skills and knowledge on different types of hardware and operating systems, basic networking as well as soft skills and office communication. This is a vendor neutral entry-level test, which can be used for the preparation of many advanced certification such as MCSE, CCNA etc.

What to expect in A+ Essentials exam?

This test consists of multiple-choice questions. There are no case study type questions and the test is not adaptive. You will be required to attempt approximately 100 questions in 90 minutes. To pass, you need a score of 675.

How to prepare for A+ Essentials exam?

The CompTIA test A+ Essentials is meant for entry-level computer technicians. This test measures an individual’s ability to install, configure, and troubleshoot hardware on a stand-alone computer as well as on a computer in a network. Before taking the 220-601 test, you should practice the following :

*Install the motherboard in the computer case
*Install and remove memory modules on the motherboard
*Identify the name of different parts in a computer and their *functions and characteristics
*Identify the components on the motherboard, such as hard disk *controller, floppy disk controller, CMOS chip, expansion slots, etc.

What is covered in PrepKit A+ Essentials?

The PrepKit covers 100% objectives for CompTIA’s 220-601: A+ Essentials, in accordance with actual exam pattern and question types. The 220-601 prep kit covers following exam essentials:

*Security
*Networks
*Operating Systems
*Printers and Scanners
*Personal Computer Components
*Laptops and Portable Devices
*Safety and Environmental Issues
*Communication and Professionalism

In the Windows Server 2003 family and Active Directory, there are several new concepts and some changes to the concepts used in Windows NT. These concepts include replication, trust relationships, change and configuration management, group policies, DNS, and object naming. It is important that you understand the meaning of these concepts as they apply to Active Directory. In addition, you should also familiarize yourself with the Active Directory administration tasks, which correspond to the chapters in this training kit.

After this lesson, you will be able to

•       Explain Active Directory replication

•       Explain the security relationships between domains in a tree (trusts)

•       Explain the components of change and configuration management

•       Explain the purpose and function of Group Policy

•       Describe how DNS is used by Active Directory

•       Describe how objects are named in Active Directory

•       Describe the tasks required for Active Directory administration

Estimated lesson time: 20 minutes

Replication

Users and services should be able to access directory information at any time from any computer in the domain tree or forest. Replication ensures that changes to a domain controller are reflected in all domain controllers within a domain. Directory information is replicated to domain controllers both within and among sites.

What Information Is Replicated

The information stored in the directory (in the Ntds.dit file) is logically partitioned into four categories. Each of these information categories is referred to as a directory partition. A directory partition is also referred to as a naming context. These directory partitions are the units of replication. The directory contains the following partitions:

•       Schema partition This partition defines the objects that can be created in the

directory and the attributes those objects can have. This data is common to all

domains in a forest and is replicated to all domain controllers in a forest.

•       Configuration partition This partition describes the logical structure of the

deployment, including data such as domain structure or replication topology. This data is common to all domains in a forest and is replicated to all domain controllers in a forest.

•       Domain partition This partition describes all of the objects in a domain. This

data is domain-specific and is not replicated to any other domains. However, the

data is replicated to every domain controller in that domain.

•       Application Directory partition This partition stores dynamic application-

specific data in Active Directory without significantly affecting network performance by enabling you to control the scope of replication and the placement of

replicas. The application directory partition can contain any type of object except

security principals (users, groups, and computers). Data can be explicitly rerouted

to administrator-specified domain controllers within a forest in order to prevent

unnecessary replication traffic, or it can be set to replicate everything to all domain

controllers in the same fashion as the schema, configuration, and domain partitions.

A domain controller stores and replicates:

•       The schema partition data for a forest.

•       The configuration partition data for all domains in a forest.

•       The domain partition data (all directory objects and properties) for its domain.

This data is replicated to additional domain controllers in the domain. For the pur¬

pose of finding information, a partial replica containing commonly used attributes

of all objects in the domain is replicated to the global catalog.

A global catalog stores and replicates:

•       The schema partition data for a forest

•       The configuration partition data for all domains in a forest

•       A partial replica containing commonly used attributes for all directory objects in

the forest (replicated between global catalog servers only)

•       A full replica containing all attributes for all directory objects in the domain in

which the global catalog is located

Caution Extensions to schema in a global catalog should be approached carefully. Schema extensions can have disastrous effects on large networks because the extensions cannot be deleted (only disabled) and because of the large amount of network traffic generated as the extensions are synchronized throughout the forest.

Welcome to MCSE Self-Paced Training Kit (Exam 70-294): Planning, Implementing, and Maintaining a Microsoft Windows Sewer 2003 Active Directory Infrastructure.

This kit introduces you to Windows Server 2003 Active Directory and prepares you to plan, configure, and administer your Active Directory infrastructure. You will learn to use Active Directory directory service to centrally manage users, groups, shared folders, and network resources, and to administer the user environment and software with Group Policy. This kit shows you how to implement and troubleshoot security in a directory services infrastructure and how to monitor and troubleshoot Active Directory performance.

Important In this book, the use of "Windows Server 2003 family" and "Windows Server       . 2003" refers to the family of four products: Microsoft Windows Server 2003, Standard Edition; Microsoft Windows Server 2003, Enterprise Edition; Microsoft Windows Server 2003, Datacenter Edition; and Microsoft Windows Server 2003, Web Edition. However, Windows Server 2003, Web Edition, only partially supports the use of Active Directory. Windows Server 2003, Web Edition, can participate as a member server in an Active Directory-enabled network, but it cannot be used as an Active Directory domain controller.

See Also For more information about becoming a Microsoft Certified Professionals, see the section titled "The Microsoft Certified Professional Program" later in this introduction.

Read the scenario and then answer the question that follows.

Scenario You are a new security designer for Tailspin Toys. Your boss has asked you to begin the process of threat modeling for a proposed shared research project between Tailspin Toys and Wingtip Toys. The project will allow researchers from both companies to access to Tailspin Toys documents. Your job is to predict the threats to the company when allowing this type of non-employee access to internal documents.

Review Question    Answer the following question.

1. What types of threats should you think about?