Identity with Windows Server (Live Online)

Overview

This five-day instructor-led course is designed for IT professionals who need to develop expertise in administering, configuring, troubleshooting, and operating identity services in Active Directory Domain Services and Azure AD environments. The curriculum covers core AD DS identity services, including Group Policy Objects, Active Directory Certificate Services, and Active Directory Federation Services, plus hybrid solutions that integrate on-premises and cloud infrastructure.

Intended Audience

This course serves IT professionals responsible for administering, configuring, troubleshooting, and operating identity services in both Active Directory Domain Services and Azure AD. It is particularly valuable for system and infrastructure administrators with foundational AD DS knowledge who seek to deepen their expertise in core and advanced identity and access management technologies across Windows Server and Azure AD platforms.

Skills You Will Master Upon Completion:

Install and configure domain controllers in Active Directory Domain Services
Manage directory objects using both graphical tools and Windows PowerShell modules
Implement Active Directory Domain Services in complex organizational environments
Implement and configure AD DS sites, and configure and manage replication
Implement and manage Group Policy Objects within AD DS
Configure user settings and manage user environments using Group Policy
Secure Active Directory Domain Services infrastructure
Implement and manage a certificate authority hierarchy with Active Directory Certificate Services
Deploy and manage digital certificates across your organization
Implement and administer Active Directory Federation Services for single sign-on
Implement directory synchronization between AD DS and Azure AD
Monitor, troubleshoot, and maintain business continuity for AD DS services

Detailed Course Outline:

Module 1: Deploy Active Directory Services

Active Directory Domain Services is the cornerstone of on-premises networks for organizations worldwide. AD DS delivers authentication and authorization through domain controllers for on-premises applications and services. This module teaches you how to configure domain controllers to meet organizational needs and integrate AD DS with Microsoft Azure Active Directory to provide single sign-on functionality for users accessing both on-premises and cloud-based applications.

Understanding the components of Active Directory Domain Services
Configuring Active Directory Domain Services domain controllers
Deploying domain controllers in various scenarios
Understanding Azure AD overview and capabilities
Performing domain deployment and administration tasks
Deploying domain controllers using domain controller cloning
Administering Active Directory Domain Services

Module 2: Manage Directory Objects

Active Directory functions as a hierarchical database containing many different record types called objects, which represent network resources including users, groups, printers, shared folders, and computers. Each object contains multiple properties, called attributes, that store relevant information. Active Directory enables centralized management of these objects and the ability to group them into containers for efficient policy application. Organizations can distribute management responsibilities by granting administrators access to specific objects and containers.

Creating and managing user accounts effectively
Creating and managing security and distribution groups in AD DS
Managing computer objects and device management
Administering Active Directory using Windows PowerShell
Implementing and managing organizational units
Creating and managing AD DS objects for effective organization
Configuring user accounts in Active Directory
Managing computer objects and device settings
Delegating administration responsibilities within organizational units
Creating and modifying objects using Windows PowerShell

Module 3: Advanced AD DS Infrastructure Management

This module explores key technologies that form the foundation of advanced Active Directory Domain Services environments and provides guidance for implementing and managing complex deployments.

Understanding advanced Active Directory Domain Services deployment strategies
Deploying distributed Active Directory Domain Services environments
Configuring trust relationships between domains and forests
Implementing forest trusts for organizational integration
Implementing child domains in Active Directory Domain Services

Module 4: Implement and Administer AD DS Sites and Replication

This module covers the technical details of Active Directory Domain Services replication and how to leverage that knowledge to optimize the design and implementation of AD DS environments containing multiple geographically distributed domain controllers.

Understanding Active Directory Domain Services replication architecture
Configuring Active Directory Domain Services sites for efficient operations
Understanding AD DS site structure and concepts
Understanding reasons and benefits of implementing multiple sites
Configuring additional Active Directory Domain Services sites
Understanding how AD DS replication functions between sites
Understanding the intersite topology generator role
Understanding SRV resource records and their functions
Understanding how domain-joined computers locate domain controllers
Moving domain controllers between sites effectively
Implementing Active Directory Domain Services sites and replication
Understanding site links and their configuration
Understanding site-link bridging concepts
Managing and optimizing intersite replication
Configuring intersite replication parameters
Using tools for monitoring and managing replication

Module 5: Implement Group Policy

For organizations operating in on-premises AD DS environments, Group Policy provides centralized management of both user and computer settings. This capability enables administrators to configure, enforce, and maintain organizational settings across the infrastructure. Group Policy Objects are linked to container objects such as sites, domains, and organizational units, and users and computers in those containers inherit the applicable settings. GPOs can be blocked, unlinked, or enforced to override default application behavior. They can also be filtered based on security group membership and Windows Management Instrumentation filters. When settings do not apply as expected, understanding how to investigate and resolve issues is essential.

Understanding Group Policy concepts and capabilities
Implementing and administering Group Policy Objects
Understanding Group Policy scope and processing order
Troubleshooting Group Policy application issues
Creating and configuring Group Policy Objects
Managing Group Policy Object scope and linking
Verifying Group Policy application
Troubleshooting Group Policy infrastructure

Module 6: Manage User Settings with Group Policy

You can use Group Policy Objects to create standardized desktop environments for the entire organization or specific departments. This standardization is achieved using features including administrative templates, folder redirection, and Group Policy preferences.

Implementing administrative templates for user configuration
Configuring folder redirection for centralized file management
Configuring software installation and deployment
Creating and deploying scripts through Group Policy
Configuring Group Policy preferences
Using administrative templates for user settings management
Implementing settings through Group Policy preferences
Configuring folder redirection for organizational needs

Module 7: Secure AD DS

Active Directory Domain Services contains sensitive information about many components of your IT infrastructure, including user accounts and credentials. Security vulnerabilities in AD DS can result in data loss, information exposure, infrastructure disruption, or complete compromise of your IT environment. As an AD DS administrator, you must understand potential threats to AD DS and mitigation strategies.

Securing domain controllers and protecting the infrastructure
Implementing account security measures
Implementing authentication auditing for security monitoring
Configuring managed service accounts
Implementing security-related policies in Active Directory Domain Services
Implementing Read-Only Domain Controllers for enhanced security
Creating and managing service accounts securely

Module 8: Deploy and Manage AD CS

Public Key Infrastructure encompasses the tools and processes that allow you to issue digital certificates, which are commonly used for authentication and securing network communication. Windows Server can be configured as a certificate authority that issues digital certificates by installing the Active Directory Certificate Services role.

Deploying certificate authorities in a proper hierarchy
Administering certificate authority operations
Troubleshooting and maintaining certificate authorities
Deploying an offline root certificate authority
Deploying an enterprise subordinate certificate authority

Module 9: Deploy and Manage Certificates

Planning a certificate authority hierarchy is the initial step in implementing public key infrastructure. You must also understand how to manage certificate templates to ensure users and computers receive certificates with correct configuration. Additionally, you need knowledge of certificate lifecycle management, including revocation, and how to use certificates for securing network communication and other business purposes.

Deploying and managing certificate templates
Managing certificate deployment, revocation, and recovery processes
Using certificates in business environments
Configuring certificate templates for end users
Enrolling for certificates and using them for authentication
Configuring key recovery for critical certificates

Module 10: Implement and Administer AD FS

Windows Server provides Active Directory Federation Services, a single sign-on solution that enables organizations to provide users with seamless sign-in and authentication capabilities across internal services, partner organizations, and online applications. AD FS provides single sign-on functionality for many services across various organizations. This module teaches how AD FS works and how to implement it in different scenarios.

Understanding Active Directory Federation Services architecture and capabilities
Planning AD FS requirements and deployment strategies
Deploying and configuring Active Directory Federation Services
Understanding and deploying Web Application Proxy
Deploying Active Directory Federation Services infrastructure
Configuring applications to use Active Directory Federation Services
Configuring AD FS for business partner scenarios

Module 11: Implement AD DS Synchronization with Microsoft Azure AD

This module covers how to plan, prepare, and implement directory synchronization between on-premises Active Directory Domain Services and Azure AD, enabling hybrid identity management.

Planning and preparing for directory synchronization
Implementing directory synchronization using Azure AD Connect
Managing identities in a synchronized environment
Deploying directory synchronization between AD DS and Azure AD
Managing users and groups in a synchronized directory environment

Module 12: Monitor, Manage, and Recover AD DS

The Active Directory database is at the heart of AD DS operations. A major responsibility of administrators is monitoring AD DS and associated services to ensure proactive management of issues. In worst-case scenarios, administrators may need to restore the Active Directory database from backups, which requires a methodical approach to creating, testing, and performing regular backups. Microsoft provides several tools for monitoring AD DS in real time and collecting data to recognize trends. Specialized tools also help with backup and recovery operations.