Index
A
Account Policies, 165
accounts (user)
built-in user accounts, 101
copying, 115
creating, 106–107
deleting, 114
disabling/enabling, 115
domain user accounts, 100
local user accounts, 100
passwords
password policies, 115–118
resetting, 113
renaming, 114
smartcard authentication, 118–119
configuring, 119–121
unlocking, 114
Active Directory Schema management console, 255
Active Directory Users and Computers tool, 105–106
Active Directory Will Not Allow the Package to Be Deployed error message, 208
AD (Active Directory), 38, 197, 272
Active Directory Users and Computers tool, 105–106
AD Installation Wizard, 40, 49–50
domain installation, 42–47
starting, 41
ADAM, 31
ADFS, 27
application data partitions, 65–67
backups
recommendations, 278
system state data, 275–277
data files
edb*.log, 274
edb.chk, 274
ntds.dit, 273
res1.log, 274
res2.log, 274
defragmentation, 283–286
directory service command line tools, 112–113
DNS, 22–23
domain controllers, 25
domains
components of, 23
defining, 23
domain trees, 24
relationship with sites, 218
trusts, 26
event logs, 54
file verification, 53
forests, 24
FRS (File Replication Service), 237
garbage collection, 274–275
global catalog, 31
groups
comparison of, 124
defined, 100–101
distribution groups, 123
exam prep questions, 128–134
global groups, 124
local groups, 124
nesting, 123–124
recommendations, 127
recommended reading, 134
scope, 123
security group strategies, 125–126
security groups, 123
universal groups, 124–126
installing
AD Installation Wizard, 40–50
troubleshooting, 52–53
unattended installation, 56–60
integrated zones, 61
ISTG (Intersite Topology Generator), 225, 228
KCC (Knowledge Consistency Checker), 225, 228
LDAP, 29
maintenance overview, 272–273
maintenance-related exam prep questions, 290–294
monitoring, 286
Event Viewer, 287
Repadmin, 288
Replmon, 289
moving, 282–283
objects, defining, 28
operations masters, 26
operations masters, recommended reading, 269
OU (Organizational Units), 30, 82
administrative requirements, 83–84
assigning permissions, 87–89
creating, 84
deleting control of, 87–89
exam prep questions, 93–98
inheritance, 92
moving objects to, 84
permissions, 89
planning, 90–91
recommended reading, 98
viewing contents of, 87
recommended reading, 35
removing, 55–56
replication
FRS (File Replication Service), 237
replication between sites, 235–236
replication within sites, 235–236
RPC (Remote Procedure Call), 236
SMTP (Simple Mail Transfer Protocol), 236–237
restoring
ASR (Automated System Recovery), 278
authoritative restore, 280–281
normal restores, 279–280
primary restores, 281
tombstone lifetime, 282
Schema MMC snap-in, 253
schemas, 28
advantages, 219–220
bridgehead servers, 228–229
connection objects, 225, 232–234
creating, 221–222
domain controllers, 220–223
exam prep questions, 238, 241–242
recommended reading, 242
relationship with domains, 218
replication, 235–237
site link bridges, 229–232
site links, 225–232
Sites and Services snap-in, 221–222
system requirements, 39–40
SYSVOL folder, 54
users
administration tasks, 105–106
built-in user accounts, 101
copying, 115
creating, 106–107
deleting, 114
disabling/enabling, 115
domain user accounts, 100
exam prep questions, 128–134
local user accounts, 100
logon names, 101–104
recommendations, 127
recommended reading, 134
renaming, 114
single sign-on, 100
smartcard authentication, 118–121
unlocking, 114
website (Windows Server 2003), 381
ADAM (Active Directory Application Mode), 31, 35
Add Standalone Snap-In dialog, 254
Add/Remove Snap-In dialog, 254
ADFS (Active Directory Federation Services), 27
ADM files
adding/removing, 161–162
Computer Configuration container, 163
Control Panel, 163
Desktop, 163
Network, 162
Printers, 163
Shared Folders, 163
Start Menu & Taskbar, 163
System, 162
User Configuration container, 163
Windows Components, 162
administration
Group Policy, delegating administrative control of, 150–152
groups
comparison of, 124
defined, 100–101
distribution groups, 123
exam prep questions, 128–134
global groups, 124
local groups, 124
nesting, 123–124
recommendations, 127
recommended reading, 134
scope, 123
security group strategies, 125–126
security groups, 123
universal groups, 124–126
OU (Organizational Units), 83–84
users
administration tasks, 105–106
built-in user accounts, 101
copying, 115
creating, 106–107
deleting, 114
directory service command line tools, 112–113
disabling/enabling, 115
domain user accounts, 100
exam prep questions, 128–134
local user accounts, 100
logon names, 101–104
passwords, 113–118
recommendations, 127
recommended reading, 134
renaming, 114
single sign-on, 100
smartcard authentication, 118–121
unlocking, 114
administrative templates
adding/removing, 161–162
Computer Configuration container, 163
Control Panel, 163
Desktop, 163
Network, 162
Printers, 163
Shared Folders, 163
Start Menu & Taskbar, 163
System, 162
User Configuration container, 163
Windows Components, 162
Administrative Templates container (Group Policy Editor), 142
Advanced tab (Software Installation Properties dialog), 202
AGDLP strategy, 125–126
answer keys (practice exams), 321–337, 363–380
application data partitions, 65–67
applications. See software
ASR (Automated System Recovery), 278
assessments (self), 13
cramsession.com website, 20
educational background, 16
examcram2.com website, 20
hands-on experience, 17–18
ideal candidate, description of, 14
Microsoft Knowledge Base, 20
Microsoft Training and Certification website, 19
practice exams, 19
assigning
applications, 205–206
permissions, OU (Organizational Units), 87–89
scripts, 169–172
at sign (@), 102
attribute line (comma-delimited source files), 109
authentication, smartcards, 118–121
authoritative restore, 280–281
AutoConfigDNS key, 59
autoenrolling certificates, 175–176
Autoenrollment Settings Properties dialog, 176
Automated System Recovery (ASR), 278
B—C
backups
GPOs (Group Policy Objects), 178
recommendations, 278
system state data, 275–277
Block Policy Inheritance, 154
Bridge All Site Links feature, 230
bridgehead servers, 228–229
bridges (site link), 229–232
built-in user accounts, 101
bulk-import tools (user accounts)
csvde, 107–108
Csvde utility, 108–110
ldifde, 107
Ldifde utility, 110–111
CA (Certificate Authority), 118
caching, universal group membership, 260–261
Cannot Prepare the Package for Deployment error message, 208
Categories tab (Software Installation Properties dialog), 202
Certificate Authority (CA), 118
certificates, autoenrollment, 175–176
certification exams
format of, 6
Microsoft Test IDs, 6
pass/fail notifications, 6
preparation methods, 7–9
registering for, 5
retaking, 6
scheduling, 6
certtutor.net website, 383
Change and Configuration Management, 136
Change Operations Master dialog, 253
Change Schema Master dialog, 254
ChildName key, 59
classes
certification exam preparation methods, 9
InetOrgPerson, 63
Microsoft Training and Certification website, 19
Compatible security template, 167
COMPATWS.INF template, 168
Computer Configuration container
ADM files, 163
Group Policy Editor, 142
configuring
bridgehead servers, 229
DNS (Domain Name Service), 48–49
package properties, 204–205
smartcard authentication, 119–121
Software Installation, 201–202
trust relationships, 71–75
connections
connection objects, 225, 232–234
site links
configuring, 226–228
creating, 225–226
DefaultIPSiteLink, 225
defined, 225
overview225
properties, 226–228
site link bridges, 229–232
containers (Group Policy), 138, 286
Control Panel administrative templates, 163
controllers (domain)
domains, adding to, 50–51
fault-tolerant replicas, 50
sites, moving between, 223
overview, 220–221
convert command, 40
Copy Object-User Wizard, 115
copying
GPOs (Group Policy Objects), 178
user accounts, 115
Cost property (site links), 227
Cram Sheet, 11
cramsession.com website, 20
CreateOrJoin key, 59
cross-domain GPO links, 149–150
csvde (Comma-Separated Value Directory Exchange), 107–108
Csvde utility, 108–110
custom MMC consoles, creating, 254
D
DACL (discretionary access control list), 158
data files (AD)
edb*.log, 274
edb.chk, 274
ntds.dit, 273
res1.log, 274
res2.log, 274
data management, 196
DatabasePath key, 59
databases. See AD (Active Directory)
DC SECURITY.INF template, 168
DCFIRST.INF template, 168
DCInstall key, 58–60
dcpromo.exe application, 41
DCs. See domain controllers
DCUP5.INF template, 168
DefaultIPSiteLink, 225
DEFLTDC.INF template, 168
DEFLTSV.INF template, 168
defragmenting AD (Active Directory) database, 283
offline defragmentation, 284–285
online defragmentation, 284
recommendations, 286
delegating Group Policy administrative control, 150–152
Delegation of Control Wizard, 87–89, 151
deleting
application data partitions, 67
OU control, 87–89
user accounts, 114
deploy.cab file, 59
deploying software, 198–199
assigned versus published applications, 205–206
distribution phase, 206
distribution points, 203
installation phase, 207
new packages, 203
package properties, 204–205
pilot program phase, 207
preparation phase, 206
targeting phase, 207
to computers, 200
to users, 200
troubleshooting
Active Directory Will Not Allow the Package to Be Deployed error message, 208
Cannot Prepare the Package for Deployment error message, 208
general guidelines, 207
shortcuts, 209–210
The Feature You Are Trying to Install Cannot Be Found in the Source Directory error message, 209
uninstalled applications, 210
Deployment Kit website (Windows Server 2003), 382
Desktop administrative templates, 163
desktop settings management, 196
directory service command line tools, 112–113
disabling
GPOs (Group Policy Objects), 156
user accounts, 115
discretionary access control list (DACL), 158
distribution groups, 123
distribution phase (software deployment), 206
distribution points, 203
DN (distinguished names), 29
DNS (Domain Name Service), 38
configuring, 48–49
dynamic, 23
namespaces, 22
domain management command, 66
Domain Name System (DNS), 38
Domain Naming Masters, 247–248
domain user accounts, 100
DomainNetBiosName key, 59
domains. See also OU (Organizational Units)
components of, 23
defined, 38
defining, 23
DNS (Domain Name System), 38
domain controllers, 25
adding to domains, 50–51
fault-tolerant replicas, 50
moving between sites, 223
overview, 220–221
domain functional levels, 63
domain modes
Windows 2000 mixed mode, 61
Windows 2000 native mode, 62
Windows Server 2003 functional levels, 62–64
Windows Server 2003 interim mode, 62
domain SIDs (security identifiers), 249
domain-level operations master roles, 251
exam prep questions, 32, 34–35, 76–80
forest root domains, 39
installing, 42–47
parent domains, 23
root domains, 38
sites, 25
trust relationships
configuring, 71–75
defined, 67
external trusts, 69
forest trusts, 69
New Trust Wizard, 71–75
realm trusts, 70
shortcut trusts, 70–71
transitive trusts, 68
trusts, 26
domains. See also OU (Organizational Units)
dsadd command, 113
dsmove command, 113
dsquery command, 113
DSUP.INF template, 168
DSUPT.INF template, 168
duplicating. See copying
dynamic DNs, 23
E
edb*.log file, 274
edb.chk file, 274
editing GPOs (Group Policy Objects), 142–143, 152
enabling
universal group membership caching, 260–261
user accounts, 115
enrolling certificates, 175–176
Enterprise Edition (Windows Server 2003), 39
error messages
Active Directory Will Not Allow the Package to Be Deployed, 208
Cannot Prepare the Package for Deployment, 208
The Feature You Are Trying to Install Cannot Be Found in the Source Directory, 209
event logs, 54
Event Viewer, monitoring AD replication with, 287
Exam Alerts, 10
Exam Cram series study guides, 8
exams
certification
format of, 6
Microsoft Test IDs, 6
pass/fail notifications, 6
preparation methods, 7–9
registering for, 5
retaking, 6
scheduling, 6
exam prep questions
AD maintenance, 290–294
ADAM-related questions, 35
domain-related questions, 32–35, 76–80
global catalog-related questions, 32–34
Group Policy questions, 188–193
LDAP-related questions, 35
operation master questions, 264–269
operations masters-related questions, 32–34
OU-related questions, 93–98
schema-related questions, 35
security questions, 193
site-related questions, 35, 238, 241–242
Software Installation questions, 214–215
user/group-related questions, 128–134
practice, 19
format of, 9–10
self-assessment, 13
educational background, 16
hands-on experience, 17–18
ideal candidate description, 14
practice exams, 19
external trusts, 69
F
fault-tolerant replicas, 50
Feature You Are Trying to Install Cannot Be Found in the Source Directory error message, 209
File Extensions tab (Software Installation Properties dialog), 202
File Replication Service (FRS), 237
files
ADM files, 161–163
COMPATWS.INF, 168
DC SECURITY.INF, 168
DCFIRST.INF, 168
DCUP5.INF, 168
DEFLTDC.INF, 168
DEFLTSV.INF, 168
deploy.cab, 59
DSUP.INF, 168
DSUPT.INF, 168
edb*.log, 274
edb.chk, 274
event logs, 54
FRS (File Replication Service), 237
HISECDC.INF, 168
HISECWS.INF, 168
IESACLS.INF, 168
.msi files, 206
ntds.dit, 273
res1.log, 274
res2.log, 274
ROOTSEC.INF, 168
schmmgmt.dll file, 254
SECUREDC.INF, 168
SECUREWS.INF, 168
SETUP_SECURITY.INF, 168
unattend.doc, 59
verifying, 53
ZAP files, 206
filtering GPOs (Group Policy Objects), 158–159
folders
Folder Redirection, 172–175, 197
Offline Folders, 197
forest root domains, 39
forest-level operations master roles, 252–254
functional levels, 63
schemas, 28
trusts, 69
FRS (File Replication Service), 237
FSMO (Flexible Single Master Operations) roles, 244
determining, 251
Domain Naming Masters, 247–248
domain-level roles, 251
exam prep questions, 264–269
forest-level roles, 252–254
Infrastructure Masters, 250
PDC (Primary Domain Controller) Emulators, 248–249
permissions, 256
recommendations, 258
RID (relative identifier) Masters, 249–250
role dependencies, 245–246
Schema Masters, 246–247
scope, 245
seizing, 256–258
transferring between servers, 256–258
functional levels, 62–64
G
garbage collection, 274–275
GC (Global Catalog) servers
adding, 262
logon validation, 259–262
network traffic considerations, 260
universal group membership caching, 260–261
General tab (Software Installation Properties dialog), 201–202
global catalog
servers. See GC servers
global groups, 124
globally unique identifiers (GUIDs), 138
GPCs (Group Policy Containers), 138, 286
GPMC (Group Policy Management Console), 115–116, 147
GPOs (Group Policy Objects), 249
administrative control, delegating, 150–152
backups, 178
copying, 178
DACL (discretionary access control list), 158
defined, 137
disabling, 156
domain controllers, specifying, 153
filtering, 158–159
GPCs (Group Policy Containers), 138
Group Policy Editor, 142
Group Policy Templates, 138
GUIDs (globally unique identifiers), 138
inheritance, 137
Block Policy Inheritance, 154
No Override Inheritance, 155–156
local GPOs, 139
Local Policy, 137
loopback processing, 157–158
nonlocal GPOs, 138–139
overview, 136–137
refreshing
configuring refresh rates, 159–160
forcing refreshes, 161
restoring, 179–180
RSoP (Resultant Set of Policy)
exam prep questions, 188–193
logging mode, 183
planning mode, 182–183
troubleshooting, 181–186
updating, 144
viewing, 145
GPTs (Group Policy Templates), 138, 286
Group Policy, 196–197
Account Policies, 165
administrative templates, 161–163
certificate autoenrollment, 175–176
Folder Redirection, 172–175
GPC (Group Policy Container), 286
GPOs (Group Policy Objects). See GPOs
GPTs (Group Policy Templates), 138, 286
Intellimirror, 196–197
IP Security Policies on Local Computer, 166
Local Policies, 165
policy application scenarios, 163–165
Public Key Policies, 166
recommended reading, 215
Results Wizard, 184–186
scripts, assigning, 169–172
security templates, 166–168
security-related exam prep questions, 193
Software Installation, 197
exam prep questions, 214–215
JIT (Just-In-Time) technology, 198
patches, 198
properties, 201–202
requirements, 199
software deployment, 198–200, 203–207
software uninstallation, 198
troubleshooting, 207–210
upgrades, 198
Software Restriction Policies, 166
Group Policy Containers (GPCs), 138, 286
Group Policy Editor, 142
Group Policy Objects. See GPOs
groups
comparison of, 124
defined, 100–101
distribution groups, 123
exam prep questions, 128–134
global groups, 124
local groups, 124
nesting, 123–124
recommendations, 127
recommended reading, 134
scope, 123
security group strategies, 125–126
security groups, 123
universal groups, 124–126, 260–261
GUIDs (globally unique identifiers), 138
GuiRunOnce key, 57–58
H—I
High Secure security template, 167
HISECDC.INF template, 168
HISECWS.INF template, 168
hotlists, exam cram formats, 9
IDs
GUIDs (globally unique identifiers), 138
RIDs (relative identifiers), 249
SIDs (security identifiers), 249
IESACLS.INF template, 168
importing user accounts
csvde, 107–108
Csvde utility, 108–110
ldifde, 107
Ldifde utility, 110–111
InetOrgPerson class, 63
Infrastructure Masters, 250
inheritance, 137
GPOs (Group Policy Objects)
Block Policy Inheritance, 154
No Override Inheritance, 155–156
OU (Organizational Units), 92
installation phase (software deployment), 207
installing
AD (Active Directory)
AD Installation Wizard, 40–50
integrated zones, 61
system requirements, 39–40
troubleshooting, 52–53
unattended installation, 56–60
domains, 42–47
software. See Software Installation
integrated zones, 61
Intellimirror, 196–197. See also GPOs (Group Policy Objects)
interim mode (Windows Server 2003), 62
Intersite Topology Generator (ISTG), 225, 228
IP Security Policies on Local Computer, 166
ISTG (Intersite Topology Generator), 225, 228
J—K
JIT (Just-In-Time) technology, 198
JScript, 169
KCC (Knowledge Consistency Checker), 225, 228
keys
AutoConfigDNS, 59
ChildName, 59
CreateOrJoin, 59
DatabasePath, 59
DCInstall, 58–60
DomainNetBiosName, 59
GuiRunOnce, 57–58
LogPath, 59
NewDomainDNSName, 59
ReplicaDomainDNSName, 59
ReplicaOrNewDomain, 59
SysVolPath, 60
TreeOrChild, 60
Knowledge Base (Microsoft), 20
Knowledge Consistency Checker (KCC), 225, 228
L
LDAP (Lightweight Directory Access Protocol), 29, 35
LDIF (Lightweight Directory Access Protocol Interchange Format), 111
ldifde (Lightweight Directory Access Protocol Interchange Format Directory Exchange), 107
Ldifde utility, 110–111
Lightweight Directory Access Protocol Interchange Format (LDIF), 111
links
GPOs (Group Policy Objects), 139–140, 146–151
site links
configuring, 226–228
creating, 225–226
DefaultIPSiteLink, 225
defined, 225
overview, 225
properties, 226–228
site link bridges, 229–232
local GPOs (Group Policy Objects), 139
local groups, 124
local user accounts, 100
log files, event logs, 54
logging mode (RSoP), 183
logical structure, 218
login process
logon names, 101–104
single sign-on, 100
logoff, running scripts at, 169
logon names, 101
rules for, 103–104
user logon names, 102–103
user principal names, 102
logon validation, 262
suffixes, 103–104
logon validation
GC (Global Catalog) servers, 259–260
user principal names, 262
logon, running scripts at, 169
LogPath key, 59
loopback processing, GPOs, 157–158
M
maintenance (AD), 272–273
backups
recommendations, 278
system state data, 275–277
data files, 273
edb*.log, 274
edb.chk, 274
ntds.dit, 273
res1.log, 274
res2.log, 274
defragmentation, 283
offline defragmentation, 284–285
online defragmentation, 284
recommendations, 286
garbage collection, 274–275
moving AD database, 282–283
restoring AD, 278–279
ASR (Automated System Recovery), 278
authoritative restore, 280–281
normal restores, 279–280
primary restores, 281
tombstone lifetime, 282
masters. See operations masters
MCDBA (Microsoft Certified Database Administrator) program, overview of, 4
MCP (Microsoft Certified Professional) program, 2–7
MCSA (Microsoft Certified Systems Administrator) program, overview of, 3
MCSD (Microsoft Certified Solution Developer) program, overview of, 3
MCSE (Microsoft Certified Systems Engineer) program, overview of, 2–3
MCT (Microsoft Certified Trainer) program, overview of, 4
MeasureUp Practice Tests CD-ROM, 8–9
memory
garbage collection, 274–275
universal group membership caching, 260–261
messages (error)
Active Directory Will Not Allow the Package to Be Deployed, 208
Cannot Prepare the Package for Deployment, 208
The Feature You Are Trying to Install Cannot Be Found in the Source Directory, 209
Microsoft Knowledge Base, 20
Microsoft TechNet CD, 8
Microsoft Test IDs, 6
Microsoft Training and Certification website, 19
Microsoft Training and Services website, 8
Microsoft training kits website, 8
Microsoft Windows Server 2003. See Windows Server 2003
mixed mode (Windows 2000), 61
MMC console, creating custom MMC consoles, 254
modes
domain modes
Windows 2000 mixed mode, 61
Windows 2000 native mode, 62
Windows Server 2003 functional levels, 62–64
Windows Server 2003 interim mode, 62
RSoP
logging mode, 183
planning mode, 182–183
monitoring AD (Active Directory), 286
Event Viewer, 287
Repadmin, 288
Replmon, 289
moving
AD (Active Directory) database, 282–283
domain controllers between sites, 223
objects to OU (Organizational Units), 84
multihomed servers, 220
multimaster concept, 244
multiple GPOs (Group Policy Objects), linking, 149
N
Name property (site links), 226
names
application data partitions, 65
logon names, 101
rules for, 103–104
user logon names, 102–103
user principal names, 102
NetBIOS names, 44
user accounts, 114
user principal names, suffixes, 103–104
native mode (Windows 2000), 62
nesting groups, 123–124
NetBIOS names, 44
Network administrative templates, 162
New Object-Site dialog, 221
new package deployment, 203
New Trust Wizard, 71–75
NewDomainDNSName key, 59
No Override Inheritance, 155–156
nonauthoritative restores. See normal restores
nonlocal GPOs (Group Policy Objects), 138–139
nontransitive trusts, 69
normal restores, 279–280
NTDS Settings Properties dialog, 263
ntds.dit file, 273
Ntdsutil utility, seizing operations master roles, 257–258
O
objects
connection objects, 225
creating, 232
viewing, 233–234
defining, 28
GPOs (Group Policy Objects), 249
OU (Organizational Units), moving to, 84
schemas, 28
offline defragmentation, 284–285
Offline Folders, 197
online defragmentation, 284
opening hotlists, exam cram formats, 9
operations masters
determining roles, 251
Domain Naming Masters, 247–248
domain-level roles, 251
exam prep questions, 32–34, 264–269
forest-level roles, 252–254
Infrastructure Masters, 250
multimaster concept, 244
PDC (Primary Domain Controller) Emulators, 26, 248–249
permissions, 256
recommendations, 258
recommended reading, 269
RID (relative identifier) Masters, 249–250
role dependencies, 245–246
Schema Masters, 246–247
scope, 245
seizing roles, 256–258
transferring between servers, 256–258
OU (Organizational Units), 30, 82
administrative requirements, 83–84
creating, 84
deleting control of, 87–89
exam prep questions, 93–98
inheritance, 92
moving objects to, 84
permissions, 87–89
planning, 90–91
recommended reading, 98
viewing contents of, 87
P
packages
assigned packages, 205–206
deployment. See deploying software
properties, 204–205
published packages, 205–206
parent domains, 23
partitions (application data partitions), 65–67
pass/fail notifications (certification exams), 6
passwords
password policies, 115–118
resetting, 113
patches, 198
PDC (Primary Domain Controller) Emulators, 26, 248–249
permissions
operations masters, 256
OU (Organizational Units), 87–89
phases of software deployment, 206–207
physical layout, 218
pilot program phase (software deployment), 207
PKI (Public Key Infrastructure), 175
planning OU (Organizational Units), 90–91
planning mode (RSoP), 182–183
policies
GPOs (Group Policy Objects)
backups, 178
configuring refresh rates, 159–160
copying, 178
DACL (discretionary access control list), 158
defined, 137
delegating administrative control of, 150–152
disabling, 156
exam prep questions, 188–193
filtering, 158–159
forcing refreshes, 161
GPCs (Group Policy Containers), 138
Group Policy Editor, 142
Group Policy Templates, 138
GUIDs (globally unique identifiers), 138
local GPOs, 139
Local Policy, 137
loopback processing, 157–158
nonlocal GPOs, 138–139
overview, 136–137
restoring, 179–180
RSoP (Resultant Set of Policy), 181–183
specifying domain controllers, 153
troubleshooting, 181–186
updating, 144
viewing, 145
Group Policy
Account Policies, 165
administrative templates, 161–163
certificate autoenrollment, 175–176
Folder Redirection, 172–175
GPC (Group Policy Container), 286
GPOs (Group Policy Objects). See GPOs
GPTs (Group Policy Templates), 138, 286
Intellimirror, 196–197
IP Security Policies on Local Computer, 166
Local Policies, 165
policy application scenarios, 163–165
Public Key Policies, 166
recommended reading, 215
Results Wizard, 184–186
scripts, assigning, 169–172
security templates, 166–168
security-related exam prep questions, 193
Software Installation, 197–210, 214–215
Software Restriction Policies, 166
password policies, 115–116, 118
practice exams, 19
format of, 9–10
preparation methods (certification exams), overview of, 7–9
preparation phase (software deployment), 206
Primary Domain Controller (PDC) Emulators, 248–249
primary restores, 281
principal names, 102
Printers administrative templates, 163
profiles (roaming), 197
properties
packages, 204–205
site links, 226–228
Software Installation, 201–202
protocols
DNS (Domain Name Service), 38, 48–49
NetBIOS names, 44
RPC (Remote Procedure Call), 236
SMTP (Simple Mail Transfer Protocol), 236–237
Public Key Infrastructure (PKI), 175
Public Key Policies, 166
publishing applications, 205–206
Q—R
questions (practice exams), 10, 297–319, 339–361
R2
ADFs, 27
web resources, 382
RDN (relative distinguished names), 29
realm trusts, 70
records (line-separated source files), 111
recovery
AD, 278–279
ASR (Automated System Recovery), 278
authoritative restore, 280–281
normal restores, 279–280
primary restores, 281
tombstone lifetime, 282
redirection, Folder Redirection, 172–175
refresh rates, GPOs
configuring for, 159–160
forcing for, 161
registration, certification exams, 5
relationships (trust)
configuring, 71–75
defined, 67
external trusts, 69
forest trusts, 69
New Trust Wizard, 71–75
realm trusts, 70
shortcut trusts, 70–71
transitive trusts, 68
relative identifiers (RIDs), 249–250
remote access, smartcard authentication, 121
Remote Procedure Call (RPC), 236
renaming user accounts, 114
Repadmin (Replication Administrator), 288
ReplicaDomainDNSName key, 59
ReplicaOrNewDomain key, 59
replication
AD, monitoring, 286–289
fault-tolerant replicas, 50
FRS (File Replication Service), 237
latency, 248
replication between sites, 235–236
replication latency, 248
replication within sites, 235–236
RPC (Remote Procedure Call), 236
SMTP (Simple Mail Transfer Protocol), 236–237
Replication Administrator (Repadmin), 288
Replication Monitor (Replmon), 289
Replmon (Replication Monitor, 289
res1.log file, 274
res2.log file, 274
ResKit (Windows Server 2003), 382–383
Resource Kit (Windows Server 2003). See Reskit (Windows Server 2003)
restore subtree command, 281
restoring
AD, 278–279
ASR (Automated System Recovery), 278
authoritative restore, 280–281
normal restores, 279–280
primary restores, 281
tombstone lifetime, 282
GPOs (Group Policy Objects), 179–180
Resultant Set of Policy (RSoP), 181–183
retaking certification exams, 6
RIDs (relative identifiers), 249–250
roaming user profiles, 197
roles (operations masters), 244
determining, 251
Domain Naming Masters, 247–248
domain-level roles, 251
exam prep questions, 264–269
forest-level roles, 252–254
Infrastructure Masters, 250
PDC (Primary Domain Controller) Emulators, 248–249
permissions, 256
recommendations, 258
RID (relative identifier) Masters, 249–250
role dependencies, 245–246
Schema Masters, 246–247
scope, 245
seizing, 256–258
transferring between servers, 256–258
root domains, 38
ROOTSEC.INF template, 168
RPC (Remote Procedure Call), 236
RSoP (Resultant Set of Policy), 181–183
Run command (Start menu), 41
S
Schedule property (site links), 228
scheduling certification exams, 6
Schema Masters, 246–247
Schema MMC snap-in, 253
schemas, 28
attributes, deactiviating, 255
classes, deactiviating, 255
exam prep questions, 35
schmmgmt.dll file, 254
scope
groups, 123
operations masters, 245
scripts, assigning through Group Policy, 169–172
SDOU (site, domain, and Organizational Unit), 146
Secure security template, 167
SECUREDC.INF template, 168
SECUREWS.INF template, 168
security
Account Policies, 165
administrative templates, 161–163
CA (Certificate Authority), 118
certificates, autoenrollment, 175–176
exam prep questions, 193
Folder Redirection, 172–175
groups, 123–126
IP Security Policies on Local Computer, 166
Local Policies, 165
permissions, OU (Organizational Units), 89
policy application scenarios, 163–165
principals, 249
Public Key Policies, 166
scripts
assigning through Group Policy, 169–172
JScript, 169
running, 169
VBScript, 169
security templates, 166–168
SIDs (security identifiers), 249
Software Restriction Policies, 166
self-assessment, 13
educational background, 16
examcram2.com website, 20
hands-on experience, 17–18
ideal candidate, description of, 14
Microsoft Knowledge Base, 20
Microsoft Training and Certification website, 19
practice exams, 19
servers. See Windows Server 2003
bridgehead servers, 228–229
DNS (Domain Name Service), configuring, 48–49
GC (Global Catalog) servers, 259–262
multihomed servers, 220
services
FRS (File Replication Service), 237
KCC (Knowledge Consistency Checker), 225, 228
Setup Manager, 57
SETUP_SECURITY.INF template, 168
Shared Folders administrative templates, 163
shortcuts
troubleshooting, 209–210
trusts, 70–71
shutdown, running scripts at, 169
SIDs (security identifiers), 249
Simple Mail Transfer Protocol (SMTP), 236–237
single sign-on, 100
site links
bridges, 229–232
configuring, 226–228
creating, 225–226
DefaultIPSiteLink, 225
defined, 225
overview, 225
properties, 226–228
site link bridges, 229–232
advantages, 219–220
bridgehead servers, 228–229
connection objects, 225, 232–234
creating, 221–222
domain controllers
moving between sites, 223
overview, 220–221
exam prep questions, 35
relationship with domains, 218
replication
exam prep questions, 238, 241–242
FRS (File Replication Service), 237
recommended reading, 242
replication between sites, 235–236
replication within sites, 235–236
RPC (Remote Procedure Call), 236
SMTP (Simple Mail Transfer Protocol), 236–237
site links
bridges, 229–232
configuring, 226–228
creating, 225–226
DefaultIPSiteLink, 225
defined, 225
overview, 225
properties, 226–228
site link bridges, 229–230, 232
Sites and Services snap-in, 221–222
smartcard authentication, 118–121
SMTP (Simple Mail Transfer Protocol), 236–237
snap-ins
RSoP (Resultant Set of Policy), 181–183
Schema MMC snap-in, 253
Sites and Services snap-in, 221–222
software
deployment, 198–200
assigned versus published applications, 205–206
distribution phase, 206
distribution points, 203
installation phase, 207
new packages, 203
package properties, 204–205
pilot program phase, 207
preparation phase, 206
targeting phase, 207
to computers, 200
to users, 200
troubleshooting, 207–210
patches, 198
uninstallation, 198
upgrades, 198
Software Installation, 197
exam prep questions, 214–215
JIT (Just-In-Time) technology, 198
patches, 198
properties, 201–202
requirements, 199
software deployment, 198–200
assigned versus published applications, 205–206
distribution phase, 206
distribution points, 203
installation phase, 207
new packages, 203
package properties, 204–205
pilot program phase, 207
preparation phase, 206
targeting phase, 207
to computers, 200
to users, 200
troubleshooting, 207
software uninstallation, 198
troubleshooting
Active Directory Will Not Allow the Package to Be Deployed error message, 208
Cannot Prepare the Package for Deployment error message, 208
general guidelines, 207
shortcuts, 209–210
The Feature You Are Trying to Install Cannot be Found in the Source Directory error message, 209
uninstalled applications, 210
uninstalled exam prep questions, 214–215
upgrades, 198
Software Installation Properties dialog, 201–202
Software Restriction Policies, 166
Software Settings container (Group Policy Editor), 142
Standard Edition (Windows Server 2003), 39
Start Menu & Taskbar administrative templates, 163
Start menu commands, 41
startup, running scripts at, 169
study guides, 8
suffixes (UPN), 103–104
System administrative templates, 162
system state data, 275–277
SysVolPath key, 60
T
targeting phase (software deployment), 207
TechNet CD (Microsoft), 8
TechNet website, 381–382
templates
administrative templates, 161–163
GPTs (Group Policy Templates), 286
Group Policy Templates, 138
security templates, 166–168
tests
certification, 5–9
exam prep questions
AD maintenance, 290–294
ADAM-related questions, 35
domain-related questions, 32–35, 76–80
global catalog-related questions, 32–34
Group Policy questions, 188–193
LDAP-related questions, 35
operation master questions, 264–269
operations masters-related questions, 32–34
OU-related questions, 93–98
schema-related questions, 35
security questions, 193
site-related questions, 35, 238, 241–242
Software Installation questions, 214–215
user/group-related questions, 128–134
practice tests
self-assessment, 13
educational background, 16
hands-on experience, 17–18
ideal candidate description, 14
practice exams, 19
tombstone lifetime, 282
Training and Certification website (Microsoft), 19
Training and Services website (Microsoft), 8
Training Guide series study guides, 8
training kits website (Microsoft), 8
transitive trusts, 68
Transport property (site links), 227
TreeOrChild key, 60
trees (domain)
forests, 24
schemas, 28
troubleshooting
AD (Active Directory)
installations, 52–53
removal, 56
software deployment
Active Directory Will Not Allow the Package to Be Deployed error message, 208
Cannot Prepare the Package for Deployment error message, 208
general guidelines, 207
shortcuts, 209–210
The Feature You Are Trying to Install Cannot Be Found in the Source Directory error message, 209
uninstalled applications, 210
trust relationships
configuring, 71–75
defined, 67
external trusts, 69
forest trusts, 69
New Trust Wizard, 71–75
realm trusts, 70
shortcut trusts, 70–71
transitive trusts, 68
trusts, 26
tutorials, certtutor website, 383
U
unattend.doc file, 59
unattended AD (Active Directory) installation, 56
AutoConfigDNS key, 59
ChildName key, 59
CreateOrJoin key, 59
DatabasePath key, 59
DCInstall key, 58–60
DomainNetBiosName key, 59
GuiRunOnce key, 57–58
LogPath key, 59
NewDomainDNSName key, 59
ReplicaDomainDNSName key, 59
ReplicaOrNewDomain key, 59
SysVolPath key, 60
TreeOrChild key, 60
uninstalling
AD (Active Directory), 55–56
applications, troubleshooting, 210
software, 198
universal groups, 124–126, 260–261
unlocking user accounts, 114
updating GPOs (Group Policy Objects), 144
upgrades, 198
UPN Suffixes dialog, 104
UPNs. See user principle names
user accounts, bulk-import tools
csvde, 107–108
Csvde utility, 108–110
ldifde, 107
Ldifde utility, 110–111
User Configuration container
ADM files, 163
Group Policy Editor, 142
users, 100
administration
directory service command line tools, 112–113
tasks, 105–106
built-in user accounts, 101
copying, 115
creating, 106–107
deleting, 114
deployment software to, 200
disabling/enabling, 115
domain user accounts, 100
exam prep questions, 128–134
local user accounts, 100
logon names, 101–104
passwords
password policies, 115–118
resetting, 113
permissions, OU (Organizational Units), 89
principal names, 102
logon validation, 262
suffixes, 103–104
recommendations, 127
recommended reading, 134
renaming, 114
roaming profiles, 197
single sign-on, 100
smartcard authentication, 118–119
configuring, 119–121
remote access, 121
unlocking, 114
user principal names, suffixes, 103–104
utilities
Csvde, 108–110
Ldifde, 110–111
Ntdsutil, seizing operations master roles, 257–258
Setup Manager, 57
V—W
validating logons
GC (Global Catalog) servers, 259–260
user principal names, 262
VBScript, 169
web resources
certtutor.net website, 383
cramsession.com website, 20
measureup.com, 9
Microsoft Knowledge Base, 20
Microsoft TechNet website, 8
Microsoft Training and Certification website, 19
Microsoft Training and Services website, 8
Microsoft training kits website, 8
R2, 382
TechNet website, 381–382
Windows Server 2003 Active Directory website, 381
Windows Server 2003 Deployment Kit, 382
Windows 2000 mixed mode, 61
Windows 2000 native mode, 62
Windows Components administrative templates, 162
Windows Server 2003. See also Group Policy
Active Directory website, 381
AD (Active Directory), 38
AD Installation Wizard, 40–50
application data partitions, 65–67
event logs, 54
file verification, 53
integrated zones, 61
removing, 55–56
system requirements, 39–40
SYSVOL folder, 54
troubleshooting installation, 52–53
unattended installation, 56–60
Change and Configuration Management, 136
Deployment Kit website, 382
domains
defined, 38
DNS (Domain Name System), 38
domain modes, 61–64
exam prep questions, 76–80
forest root, 39
installing, 42–47
relationship with sites, 218
root domains, 38
trust relationships, 67–75
GC (Global Catalog) servers, 259–262
GPOs (Group Policy Objects)
backups, 178
configuring refresh rates, 159–160
copying, 178
DACL (discretionary access control list), 158
defined, 137
delegating administrative control of, 150–152
disabling, 156
exam prep questions, 188–193
filtering, 158–159
forcing refreshes, 161
GPCs (Group Policy Containers), 138
Group Policy Editor, 142
Group Policy Templates, 138
GUIDs (globally unique identifiers), 138
local GPOs, 139
Local Policy, 137
loopback processing, 157–158
nonlocal GPOs, 138–139
overview, 136–137
restoring, 179–180
RSoP (Resultant Set of Policy), 181–183
specifying domain controllers, 153
troubleshooting, 181–186
updating, 144
viewing, 145
groups
comparison of, 124
defined, 100–101
distribution groups, 123
exam prep questions, 128–134
global groups, 124
local groups, 124
nesting, 123–124
recommendations, 127
recommended reading, 134
scope, 123
security group strategies, 125–126
security groups, 123
operations masters
determining roles, 251
Domain Naming Masters, 247–248
domain-level roles, 251
exam prep questions, 264–269
forest-level roles, 252–254
Infrastructure Masters, 250
multimaster concept, 244
PDC (Primary Domain Controller) Emulators, 248–249
permissions, 256
recommendations, 258
recommended reading, 269
RID (relative identifier) Masters, 249–250
role dependencies, 245–246
Schema Masters, 246–247
scope, 245
seizing roles, 256–258
transferring between servers, 256–258
R2, web resources, 382
replication
FRS (File Replication Service), 237
replication between sites, 235–236
replication within sites, 235–236
RPC (Remote Procedure Call), 236
SMTP (Simple Mail Transfer Protocol), 236–237
ResKit, 382–383
sites, 218
advantages, 219–220
bridgehead servers, 228–229
connection objects, 225, 232–234
creating, 221–222
domain controllers, 220–223
exam prep questions, 238, 241–242
recommended reading, 242
relationships with domains, 218
replication, 235–237
site link bridges, 229–232
site links, 225–232
TechNet website, 381–382
users
administration tasks, 105–106
built-in user accounts, 101
copying, 115
creating, 106–107
deleting, 114
disabling/enabling, 115
domain user accounts, 100
exam prep questions, 128–134
local user accounts, 100
logon names, 101–104
passwords, 113–118
recommendations, 127
recommended reading, 134
renaming, 114
single sign-on, 100
smartcard authentication, 118–121
unlocking, 114
versions, 39
Windows Server 2003 functional levels, 62–64
Windows Server 2003 interim mode, 62
Windows Settings container (Group Policy Editor), 142
wizards
AD Installation Wizard, 40
domain installation, 42–47
starting, 41
Copy Object-User Wizard, 115
Delegation of Control Wizard, 87–89, 151
Group Policy Results Wizard, 184–186
New Trust Wizard, 71–75
RSoP (Resultant Set of Policy), 184
X—Y—Z
ZAP files, 206
zones (integrated), 61