70-640

AD DS
1. Install
2. Administration
  1. Snap-ins
  2. Objects
3. Users
  1. Creation
  2. Supporting
4. Groups
  1. Creation
  2. Managing
  3. Administration
5. Computers
  1. Creation
  2. Supporting
6. Group policies
  1. Infrastructure
    1. Implementation
    2. Manage scope
      1. Links
      2. Inheritance/precedence
      3. Security filtering
      4. WMI Filtering
      5. Node enabling
      6. Preference targeting
      7. Processing
      8. Loopback processing
    3. Supporting
  2. Settings
    1. Delegation
    2. Security
    3. Software distribution
    4. Auditing
7. Authentication
  1. Password policies
    1. Fine-grained (2008 domain)
      1. PSO (password settings objects)
      2. Precedence (1 highest)
      3. Resultant PSO
      4. Use ADSIEdit
      5. Applies to users and groups
    2. Default Domain Policy
      1. Applies to whole domain
  2. Lockout policies
  3. Auditing
    1. Events
      1. Account logon
      2. Logon
    2. GPO
  4. RODC
8. AD+DNS
  1. Concepts
    1. IP V4
    2. IP V6
    3. PNRP
    4. Split-brain
9. Domain Controllers
  1. Installation
  2. Operations Masters
    1. Schema master
    2. Domain naming master
    3. Pdc
    4. Rid master
    5. Infrastructure master
  3. DFS Replication
    1. Functional level 2008
    2. Dfsmig.exe
10. Sites & Replication
  1. Sites
  2. Subnets
  3. Global catalog
    1. Universal Group Membership Caching (UGMC)
  4. Application directory partitions
    1. Application partitions
    2. Directory partitions
      1. Schema
      2. Configuration
      3. Domain
  5. Replication
    1. Connection objects
      1. Pull technology
    2. Knowledge consistency checker (KCC)
11. Domains & forests
  1. Functional levels
  2. Domains & Trusts
12. Business continuity
  1. Proactive maintenance
  2. Datastore protection
  3. Proactive directory performance management
AD FS
1. Firewall
2. Concept
3. Authentication process
4. Designs
5. Deployments
6. Use + Manage
AD RMS
1. Components
  1. AD DS
    1. Authentication
  2. AD CS
    1. PKI
  3. AD FS
    1. External partners
  4. SQL Server
    1. Datastore
  5. AD RMS Enabled applications
2. Configure
  1. Creating rights policy templates
3. Implementation
  1. 1- internal use of intellectual property
  2. 2-sharing content with partners
  3. 3- outside network
4. Install
  1. Root cluster (Forest-wide)
    1. Certification requedts
    2. Licensing requests
  2. Licensing-only clusters
AD CS + PKI
1. Scenarios
  1. EFS- encrypt all data files
  2. SSTP- encrypt all remote communications
  3. S/MIME- secure email
  4. Secure logons
  5. Secure web sites
  6. NAP- secure servers
  7. Secure wireless communications
  8. AD RMS- protect data
2. Components
  1. CA- Certificates authorities
    1. Type
      1. Standalone
      2. Workgroup / no AD DS
      3. Internal root CA
      4. Take offline after use
      5. Manual certificate issuing/approval
      6. Standard template
      7. Enterprise
      8. AD DS integrated
      9. Issuing CA
      10. Always online
      11. Automatic issue & approve
      12. Encryption keys protected
      13. Only version enterprise / datacenter
  2. CA Web Enrollment
    1. Request cert thru web browser
    2. Smart card enrollment
    3. Obtain cert revocation list (CRL)
  3. Online Responder (OR)
    1. Respond to cert validation requests
  4. Network device enrolment service (NDES)
    1. Add network device to PKI
3. Planning
  1. CA Hierarchy
    1. Single tier
    2. 2 tier
    3. 3 tier
  2. Certificate enrolment support
    1. Request
    2. Validation
    3. Distribution
  3. Certificate renewal support
    1. Lifetimes
      1. Key pairs
      2. Public
      3. Private
  4. CPS (certificate practice statement)
    1. Policies
      1. Issuing
      2. Revocation
4. Installing
  1. Server version
  2. Standalone
5. Configure
  1. Revocation
    1. Specify CRL Distribution Point
      1. CA Console
    2. CRL and Delta CRL Overlap period
      1. Certutil.exe
    3. Schedule CRL publication
  2. Certificate template
    1. Enterprise
      1. Version2
      2. Version3
    2. Configure
      1. EFS
      2. Request handling
      3. Archive subject encryption private key
      4. Recovery agent template
      5. Wireless network
      6. Network policy server template
      7. IAS
      8. RAS
      9. Publish to AD
      10. Smart card logons
      11. Smartcard logon template
      12. Smartcard user template
      13. Smartcard enrollment
      14. Web server / DC
      15. Web server template
      16. DC Authentication template
    3. Deploy / issue
      1. AD CS
    4. AD CS Console
  3. Autoenrollment
    1. GPO
      1. Public key policies
      2. Computer
      3. User
  4. Online Responder
    1. OCSP Response signing certificate
    2. Authority information access extension
  5. Protection
    1. Backup
  6. NDES
  7. CertUtil.exe
6. Enterprise PKI
AD LDS
1. Create instance
2. Configuring
3. Scenarios
  1. Application LDAP
  2. Extension to AD DS schema
  3. Provide authentication on perimeter network
  4. Consolidate identity repository
  5. Support department app
  6. Distributed application
  7. Migrate legacy LDAP App
  8. Local development
  9. Prevent AD DS Schema modification