COURSE SERIES	300
TITLE	Windows 2000 Active Directory Internals
DURATION	5 days
CONTENT LEVEL	Advanced
KEYWORDS	DNS, Active Directory, Replication, LDAP, Branch Office, Deployment
COURSE FOCUS	DNS, Active Directory Replication, Design, Configuration, Deployment, Internals
DELIVERY METHOD	Instructor Led / VIL
LEARNING TECHNIQUES	Interactive Lecture, Hands-on
COURSEWARE PROVIDED	MSEtechnology digital curriculum, Technical whitepapers, Automation scripts, Procedural guides, Microsoft curriculum courses #1561 and #2010 (post class study aids)

Course Summary

The class is intended for students with a high level of skill using Windows 2000, Active Directory and it’s associated technologies. It is designed to provide detailed information regarding the “behind the scenes” activities of Active Directory and the processes that maintain it. This level of detail provides participants with advanced design and configuration techniques paramount to both a successful directory services design and it’s on-going use.

The class also covers many of the core services upon which common Active Directory implementations rely, including DHCP, DNS and FRS. These critical topics are covered both theoretically and practically in order to ensure maximum student retention.

Upon completion of the class, students will be able to:

§         Design, implement and administer an effective DNS namespace

§         Configure efficient name resolution services

§         Configure fault tolerant and load balanced name resolution

§         Configure DNS to provide Internet name resolution

§         Implement DNS in a heterogeneous environment

§         Design, implement and administer an Active Directory

§         Determine a suitable structure for an Active Directory forest

§         Design, configure and implement a replication strategy

§         Effectively configure Active Directory for single site and multi site deployment

Classroom Dynamics       

The class utilizes a well proven delivery approach and focuses the learning time on both the critical theory and necessary hands-on. The topics are complex and highly technical, students learn in an interactive fashion and are regularly quizzed in order to determine their level of understanding. The learning environment is designed to provide a forum allowing the students to put into practice many of the advanced design and implementation strategies discussed throughout the curriculum. The lab exercises generally require multiple teams and usually incorporate the entire class. Due to the scale of the tasks assigned, each team will elect a representative who will co-ordinate with their peer team leaders in order to create an effective design, an implementation plan or an administrative solution based on a complex yet realistic scenario defined by the instructor. Course progression and content depth are tailored dynamically.

Curriculum Focus                                               

• DNS requirements, specifications and BIND compliance –

(Estimated duration – 15 minutes)

o        DNS in an Active Directory

o        RFC compliance

o        BIND revisions

o        Naming standards

o        Domain names

o        Host names

• Resolution and caching –

(Estimated duration – 1 hour)

o        Recursive vs. Iterative queries

o        Query responses

o        Client side caching review

o        Server side caching

o        Positive cache vs. negative cache

o        Time To Live (TTL)

• DNS server installation, configuration and management –

(Estimated duration – 15 minutes)

o        Instructor walk through

§         Installation

§         Management interfaces

·         DNSMGMT.MSC

·         DNSCMD.EXE

• Zone types –

(Estimated duration – 30 minutes)

o        Standard zone types

§         Primary vs. Secondary zones

§         Forward lookup vs. Reverse lookup zones

o        Master/Slave relationship

o        SOA records

o        Active Directory integrated zones

o        LAB EXERCISE –

(Estimated duration – 1 hour)

§         Installation and basic requirements

§         Remote management

§         Creating standard primary and secondary forward lookup zones

§         Creating reverse lookup zones

§         Creating resource records

• Zone Transfer –

(Estimated duration – 30 minutes)

o        Zone Transfer/Replicating zone content

§         Absolute Zone Transfer (AXFR)

§         Incremental Zone Transfer (IXFR)

§         Active Directory integrated

·         Requirements

·         Benefits

o        Potential issues

o        Determining the need

o        LAB EXERCISE –

(Estimated duration – 30 minutes)

§         Create standard secondary forward lookup zones

§         Enabling zone transfer

§         Securing zone transfer

§         Configuring  the SOA record

• Forwarders and Root hints –

(Estimated duration – 1 hour)

§         Forwarders vs. Root hints

§         Resolution sequence

§         Query types

§         Caching

§         CACHE.DNS file

§         Root zone

§         Determining the need

o        LAB EXERCISE –

(Estimated duration – 30 minutes)

§         Configuring Forwarders

§         Configuring Root hints

§         Caching only servers

§         Customizing Root hints

• Critical Resource Records in an Active Directory –

(Estimated duration – 30 minutes)

o        SRV Records

o        The _msdcs sub-domain

§         Characteristics of the forest root zone

o        Locator service

o        A Records

o        CNAME Records

o        NETLOGON.DNS

• Critical Resource Records in an Active Directory (continued) –

o        LAB EXERCISE –

(Estimated duration – 30 minutes)

§         Creating common resource records

§         Examining zone content

§         Determining the critical records

• Core diagnostic tools –

(Estimated duration – 30 minutes)

o        NSLOOKUP

o        PING

o        Server side logging

o        Network Monitor

o        Practical uses

o        LAB EXERCISE –

(Estimated duration – 30 minutes)

§         Specifying resource record types

§         Specifying query types

§         Querying critical records

§         Logging results

• Dynamic DNS –

(Estimated duration -  1 hour)

o        Configuring dynamic update

o        Requirements for dynamic update

o        Dynamic update against secondary zones

o        Secure dynamic update

o        Dynamic DNS (DDNS) and DHCP

§         DNSUpdateProxy group

§         Downlevel client registration

§         Configuring the security content of proxy registration

§         Implications for Domain Controllers

o        Time To Live (TTL)

o        Determining the need

o        LAB EXERCISE –

(Estimated duration – 1 hour)

§         Enabling dynamic update

§         Enabling secure dynamic update

§         Forcing registration of A and PTR records

§         Forcing registration of critical Domain Controller records

• Aging and Scavenging –

(Estimated duration – 30 minutes)

o        Aging and Scavenging defined

o        Server properties (default)

§         Enable scavenging on stale records

§         Scavenging interval

§         No Refresh interval (default setting for all zones)

§         Refresh interval (default setting for all zones)

o        Zone properties

§         Defined separately

§         Inheritance of default server settings

o        Compatibility issues with BIND servers

o        Determining the need

o        LAB EXERCISE –

(Estimated duration – 30 minutes)

§         Enabling and configuring aging and scavenging

§         Potential compatibility issues

• Zone delegation –

(Estimated duration – 1 hour)

o        Dividing the authority of a contiguous namespace

o        Importance of NS records

o        Controlling zone replication through delegation

o        Query process

o        Glue records

o        Determining the need

o        LAB EXERCISE –

(Estimated duration – 1 hour)

§         Creating delegation entries

• DNS and Active Directory sites –

(Estimated duration – 15 minutes)

o        Site specific queries

o        Client determination of local site

o        Benefits