Course description
This course looks at security and security on domain controllers and the Active Direction infrastructure both physically and the network. It will cover options for increasing security and branch office looking at complex Active Directory domain structures including multi-domain, multi-site, and multiple forests.
Prerequisites
This is part 3 of the course
Learning Paths
This course will help you prepare for the following certification and exam:
MCSA: Windows Server 2016
70-742: Identity with Windows Server 2016
This course is part of the following LearnNowOnline SuccessPaths™:
Windows Server 2016
Meet the expert
Patrick Loner has certifications for MCSA, MCSE, MCITP, A+, Network+, Security+, and more. He has been working as a Microsoft Certified Trainer, network administrator, and network consultant for over ten years. He has over a decade of experience working with and teaching about Windows networks with client and server operating systems. He has guided many students toward Microsoft and CompTIA certifications. Most recently, he has worked as a freelance trainer and network consultant specializing in Windows Server 2008 and Microsoft Exchange 2007 and Exchange 2010 implementations, design, and upgrades. Patrick continues to branch out now working with and training on Windows Server 2012, Windows 8, Exchange 2013, and System Center Configuration Manager 2012.
Course outline
Domain Controller Security
Secure Domain Controllers (35:42)
- Introduction (00:19)
- Understanding Security Risks (04:13)
- Using Group Policy (01:46)
- Group Policy Security Settings (02:14)
- Securing the Authentication Process (03:48)
- Physical Access Security (03:05)
- Branch Office Domain Controllers (02:06)
- RODC Features (03:29)
- RODC Limitations and Considerations (01:56)
- Deploying RODCs (02:17)
- Demo: Install an RODC (05:01)
- Demo: Advanced Password Replication Policy (03:11)
- Password Replication Policies (02:02)
- Summary (00:08)
Implementing Account Security (34:50)
- Introduction (00:17)
- Account Security in Windows Server 2016 (03:40)
- Password Policies (02:38)
- Account Lockout Policies (03:17)
- Configuring Domain Password and Lockout Policies (01:23)
- Demo: Account Policies (05:45)
- Fine-Grained Password Policies (05:38)
- Demo: Fine-Grained Password Policies (04:54)
- Demo: Password Policies in PowerShell (03:07)
- Demo: Resultant Policy (03:58)
- Summary (00:08)
Auditing and Service Accounts
Group Security and Authentication (13:29)
- Introduction (00:08)
- Restricted Groups (02:03)
- Protected Users Security Groups (02:45)
- Authentication Policies (02:58)
- Authentication Silos (01:12)
- Enhancing Password Authorization (04:13)
- Summary (00:08)
Auditing Active Directory (26:21)
- Introduction (00:12)
- Utilizing Auditing (01:41)
- The Purpose of Auditing (01:36)
- Types of Events (04:04)
- Auditing Goals (01:05)
- Auditing File and Object Access (02:27)
- Advanced Auditing (02:07)
- Demo: Auditing Configuration (04:57)
- Demo: Advanced Auditing (04:00)
- Demo: Access Auditing (04:00)
- Summary (00:08)
Configure Managed Service Accounts (13:58)
- Introduction (00:14)
- Overview of Service Accounts (02:36)
- Challenges to Managing Service Accounts (01:40)
- Managed Service Accounts (01:08)
- Group MSAs (01:01)
- Demo: Configure Group MSA (05:28)
- Demo: Using MSA (01:39)
- Summary (00:08)
Distributed AD DS Deployments
Overview of Advanced AD DS Deployments (20:37)
- Introduction (00:14)
- Domain Boundaries (03:28)
- Forest Boundaries (01:32)
- Reasons for Implementing Multiple Domains (03:22)
- Reasons for Implementing Multiple Forests (02:39)
- Deploying Domain Controllers in Azure (06:25)
- Managing Objects (02:46)
- Summary (00:08)
Deploy Distributed AD Environment (18:34)
- Introduction (00:14)
- Domain Functional Levels (02:36)
- Forest Functional Levels (01:08)
- Deploying AD DS Domains (01:40)
- DNS Considerations (04:52)
- UPN Considerations (01:59)
- Demo: Deploy Child Domain (05:55)
- Summary (00:08)
Trust Relationships (26:29)
- Introduction (00:08)
- Understanding Trust Relationships (03:05)
- Types of Trusts (03:23)
- How Trusts Work (02:43)
- Forest Trusts (01:52)
- Advanced Trust Settings (03:49)
- Demo: Create a Forest Trust (05:15)
- Demo: New Trust Wizard (06:03)
- Summary (00:08)
Active Directory Replication and Sites
Overview of AD Replication (11:55)
- Introduction (00:21)
- AD DS Partitions (01:34)
- AD DS Replication (03:31)
- Types or Replication (02:47)
- Resolving Replication Conflicts (03:32)
- Summary (00:08)
Configure AD Sites (38:00)
- Introduction (00:24)
- Reasons for Sites (04:48)
- Overview of Sites and Subnets (01:49)
- Moving Domain Controller Accounts (04:32)
- Demo: Create a Site (05:07)
- Demo: Using PowerShell (02:52)
- Controlling Inter-Site Replication (01:46)
- Defining Site Links (01:15)
- Site Links (01:29)
- Site Link Properties (02:13)
- Demo: Site Link (06:46)
- Bridgehead Servers (01:25)
- Bridging Site Links (01:47)
- Monitor and Manage Replication (01:32)
- Summary (00:08)