About this ExamThis
Technology Specialist (TS) exam, Exam 70-640: TS: Windows Server 2008
Active Directory, Configuring, became available in March 2008. This exam
is available in English, Brazilian Portuguese, Chinese [Simplified],
French, Japanese, Korean, Russian, and Spanish. |
|
Audience Profile
The Microsoft Certified Technology Specialist (MCTS) on Windows
Server 2008 credentials are intended for information technology (IT)
professionals who work in the complex computing environment of
medium to large companies. The MCTS candidate should have at least
one year of experience implementing and administering Windows Server
2008 R2 in an environment that has the following characteristics:
- 250 to 5,000
or more users
- multiple
physical locations, multiple domain controllers
- network
services and resources such as messaging, databases, file and
print, firewalls, Internet access, an intranet, Public Key
Infrastructure, remote access, remote desktop, virtualization,
and client computer management
- connectivity
requirements such as connecting branch offices and individual
users in remote locations to corporate resources, and connecting
corporate networks
|
Credit Toward CertificationWhen
you pass Exam 70-640: TS: Windows Server 2008 Active Directory,
Configuring, you complete the requirements for the following
certification(s):
Exam 70-640: TS: Windows Server 2008 Active Directory, Configuring:
counts as credit toward the following certification(s):
|
Note This
preparation guide is subject to change at any time without prior notice
and at the sole discretion of Microsoft. Microsoft exams might include
adaptive testing technology and simulation items. Microsoft does not
identify the format in which exams are presented. Please use this
preparation guide to prepare for the exam, regardless of its format. |
Skills Being MeasuredThis
exam measures your ability to accomplish the technical tasks listed
below.The
percentages indicate the relative weight of each major topic area on the
exam. |
1. Configuring Domain Name System (DNS) for Active Directory (17%)
-
Configure zones.
-
May include but is not limited to:
Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic
DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary,
Secondary, Active Directory Integrated, Stub; SOA; zone
scavenging; forward lookup; reverse lookup
-
Configure DNS server settings.
-
May include but is not limited to:
forwarding; root hints; configure zone delegation; round robin;
disable recursion; debug logging; server scavenging
-
Configure zone transfers and replication.
-
May include but is not limited to:
configure replication scope (forestDNSzone; domainDNSzone);
incremental zone transfers; DNS Notify; secure zone transfers;
configure name servers; application directory partitions
Configuring the Active Directory infrastructure (17 percent)
-
Configure a forest or a domain.
-
May include but is not limited to:
remove a domain; perform an unattended installation; Active
Directory Migration Tool (ADMT) ; change forest and domain
functional levels; interoperability with previous versions of
Active Directory; multiple user principal name (UPN) suffixes;
forestprep; domainprep
-
Configure trusts.
-
May include but is not limited to:
forest trust; selective authentication vs. forest-wide
authentication; transitive trust; external trust; shortcut
trust; SID filtering
-
Configure sites.
-
May include but is not limited to:
create Active Directory subnets; configure site links; configure
site link costing; configure sites infrastructure
-
Configure Active Directory replication.
-
May include but is not limited to:
DFSR; one-way replication; Bridgehead server; replication
scheduling; configure replication protocols; force intersite
replication
-
Configure the global catalog.
-
May include but is not limited to:
Universal Group Membership Caching (UGMC); partial attribute
set; promote to global catalog
-
Configure operations masters.
-
May include but is not limited to:
seize and transfer; backup operations master; operations master
placement; Schema Master; extending the schema; time service
Configuring Active Directory Roles and Services (14 percent)
-
Configure Active Directory Lightweight Directory Service (AD
LDS).
-
May include but is not limited to:
migration to AD LDS; configure data within AD LDS; configure an
authentication server; Server Core Installation
-
Configure Active Directory Rights Management Service (AD RMS).
-
May include but is not limited to:
certificate request and installation; self-enrollments;
delegation; create RMS templates; RMS administrative roles; RM
Add-on for IE
-
Configure the read-only domain controller (RODC).
-
May include but is not limited to:
replication; Administrator role separation; read-only DNS;
BitLocker; credential caching; password replication; syskey;
read-only SYSVOL; staged install
-
Configure Active Directory Federation Services (AD FSv2).
-
May include but is not limited to:
install AD FS server role; exchange certificate with AD FS
agents; configure trust policies; configure user and group claim
mapping; import and export trust policies
Creating and maintaining Active Directory objects (18 percent)
-
Automate creation of Active Directory accounts.
-
May include but is not limited to:
bulk import; configure the UPN; create computer, user, and group
accounts (scripts, import, migration); template accounts;
contacts; distribution lists; offline domain join
-
Maintain Active Directory accounts.
-
May include but is not limited to:
manage computer accounts; configure group membership; account
resets; delegation; AGDLP/AGGUDLP; deny domain local group;
local vs. domain; Protected Admin; disabling accounts vs.
deleting accounts; deprovisioning; contacts; creating
organizational units (OUs); delegation of control; protecting AD
objects from deletion; managed service accounts
-
Create and apply Group Policy objects (GPOs).
-
May include but is not limited to:
enforce, OU hierarchy, block inheritance, and enabling user
objects; group policy processing priority; WMI; group policy
filtering; group policy loopback; Group Policy Preferences (GPP)
-
Configure GPO templates.
-
May include but is not limited to:
user rights; ADMX Central Store; administrative templates;
security templates; restricted groups; security options; starter
GPOs; shell access policies
-
Deploy and manage software by using
GPOs.
-
May include but is not limited to:
publishing to users; assigning software to users; assigning to
computers; software removal; software restriction policies;
AppLocker
-
Configure account policies.
-
May include but is not limited to:
domain password policy; account lockout policy; fine-grain
password policies
-
Configure audit policy by using GPOs.
-
May include but is not limited to:
audit logon events; audit account logon events; audit policy
change; audit access privilege use; audit directory service
access; audit object access; advanced audit policies; global
object access auditing; “Reason for Access” reporting
Maintaining the Active Directory environment (18 percent)
-
Configure backup and recovery.
-
May include but is not limited to:
using Windows Server Backup; back up files and system state data
to media; backup and restore by using removable media; perform
an authoritative or non-authoritative restores; linked value
replication; Directory Services Recovery Mode (DSRM); backup and
restore GPOs; configure AD recycle bin
-
Perform offline maintenance.
-
May include but is not limited to:
offline defragmentation and compaction; Restartable Active
Directory; Active Directory database mounting tool
-
Monitor Active Directory.
-
May include but is not limited to:
event viewer subscriptions; data collector sets; real-time
monitoring; analyzing logs; WMI queries; PowerShell
Configuring Active Directory Certificate Services (15 percent)
-
Install Active Directory Certificate Services.
-
May include but is not limited to:
certificate authority (CA) types, including standalone,
enterprise, root, and subordinate; role services; prepare for
multiple-forest deployments
-
Configure CA server settings.
-
May include but is not limited to:
key archival; certificate database backup and restore; assigning
administration roles; high-volume CAs; auditing
-
Manage certificate templates.
-
May include but is not limited to:
certificate template types; securing template permissions;
managing different certificate template versions; key recovery
agent
-
Manage enrollments.
-
May include but is not limited to:
network device enrollment service (NDES); auto enrollment; Web
enrollment; extranet enrollment; smart card enrollment;
authentication mechanism assurance; creating enrollment agents;
deploying multiple-forest certificates; x.509 certificate
mapping
-
Manage certificate revocations.
-
May include but is not limited to:
configure Online Responders; Certificate Revocation List (CRL);
CRL Distribution Point (CDP); Authority Information Access (AIA)
|
Preparation Tools and ResourcesTo
help you prepare for this exam, Microsoft Learning recommends that you
have hands-on experience with the product and that you use the following
training resources. These training resources do not necessarily cover
all of the topics listed in the "Skills Measured" tab. |
|
|
|
-
MeasureUp(Measureup.com)
-
Self Test Software(Selftestsoftware.com)
|
|
|
Microsoft Online Resources
-
Learning Plan: Get started with a step-by-step study guide that
is based on recommended resources for this exam.
-
Windows Server 2008 – Learning Portal: Find special offers and
information on training and certification.
-
Product information: Visit the Windows Server 2008 Web site for
detailed product information.
-
TechNet: Designed for IT professionals, this site includes
how-to instructions, best practices, downloads, technical resources,
newsgroups, and chats.
-
MSDN: Designed for developers, the Microsoft Developer Network
(MSDN) features code samples, technical articles, downloads,
newsgroups, and chats.
-
Microsoft Learning Community: Join newsgroups and visit
community forums to connect with your peers for suggestions on
training resources and advice on your certification path and
studies.
|