Microsoft Windows 2003 Configuring Active Directory Services

Virtual Classroom e-Learning
Virtual Classroom e-Learning
Also available via

Who Needs to Attend

Enterprise network staff responsible for building, deploying, and maintaining Windows 2003 Active Directory services.



Our Microsoft Windows Server 2003 courses or equivalent knowledge is required before taking this course.


Follow-On Courses

There are no follow-ons for this course.


Certification Programs and Certificate Tracks

This course is part of the following programs or tracks:

This course will provide the essential technical details and skill set you need to successfully, plan, test, and deploy Windows 2003 Active Directory services. Using a test bed of virtual servers each student machine will host two domain controllers and an XP client image running on Microsoft Virtual Server allowing the full testing of the promotion and demotion of domain controllers, DNS Services, sites and site links, restoring the system state, and group policy.

Course Outline


1. Understanding Active Directory (AD) and Windows 2003

  • Active Directory Concepts
  • Active Directory Improvements with 2003 R2
  • Active Directory Aware Applications
  • Group Policy and the GPMC
  • Branch Office Control with the DFS Namespace
  • Using the Print Management MMC
  • Active Directory Services Interface
  • Active Directory Objects and Attributes
  • Active Directory Users and Computers Improvements
  • Application Directory Partitions: ADAM
  • Active Directory Federation Services
  • LDAP Client and Server Relationships
  • LDAP and Data Retrieval

2. Active Directory Architecture

  • Security Subsystem Architecture
  • Directory Service Architecture
  • Directory System Agent Functions
  • Physical and Logical Components
  • Logical Structure: Domains, Trees, Forests
    • Organizational Units
    • Delegation of Administration
    • The Schema Partition
  • Physical Structure: Domain Controllers, Two-way Kerberos Trusts 
    • Sites, Global Catalog Servers 
    • Replication of Directory Partitions 
    • Application Partitions: ADAM
  • Naming Conventions Used with Active Directory
    • Relative Distinguished Name, Distinguished Name,
    • User Principal Name, Domain Component Naming

3. DNS Concepts

  • DNS Naming Conventions: Domain and Computer Names
  • Resolver Operation
  • DNS Zone Types: Primary, Secondary, and ADI DNS
  • DNS Resource Records
  • Using Forwarders and Slaves
  • Scavenging
  • Conditional Forwarding
  • Stub Zones
  • Proper DNS Design: How Many DNS Servers?

4. Using Dcpromo

  • Promoting the Root Domain Controller
  • Decisions Before Promotion Begins
  • Operating System Compatibility Issues
  • Creating a Domain Tree or a Child Domain
  • Database and Log Locations
  • Setting Default Permissions for Users and Groups
  • Directory Services Restore Mode Password
  • Adding Domain Controllers to Existing Domains
  • Creating Multiple Forests
  • Performing an Unattended Installation
  • Additional Domain Controller Installed from Backup Media
  • The SYSVOL Folder
  • Demoting a Domain Controller
  • Removing Active Directory
  • Using ntdsutil for Metadata Cleanup

5. Group Policy Design

  • Using the GPMC
  • Backing up and Restoring GPOs
  • Copying GPOs
  • Predefined Group Policies
  • Creating Group Policy Objects
  • Creating Windows Installer Packages
  • Windows Settings for Computers
  • Windows Settings for Users
  • Group Policy Order of Deployment (LSDOU)
  • The Refresh Cycle of Group Policy
  • Exceptions to Group Policy Deployment: No Override, Blocking Policy Inheritance, Loopback Processing, Disabling GPOs
  • Using Security Group Filtering
  • Planning Group Policy By Department
  • Troubleshooting Group Policy

6. Designing Active Directory Topology

  • Documenting Network Infrastructure
  • Planning with Organizational Units
  • Creating OUs to Delegate Administration or for Group Policy
  • Designing Organizational Unit Structure
  • Planning for Domains
  • Multiple Domain Creation
  • Choosing the Forest Root Domain
  • Domain Administration Tasks
  • Planning for Single or Multiple Forests
  • Making Changes to the Forest
  • Active Directory and Exchange Integration
  • Exchange Directory Objects
  • Extending the Schema with Forestprep
  • Understanding the Active Directory Connector

7. Managing and Administrating Active Directory

  • Publishing Resources in Active Directory
  • Deploying Printers Using Group Policy
  • Using the Print Management MMC
  • Configuring an Authoritative Time Server in Windows
  • Dfs Namespace
  • Using ADUC to Manage Object Permissions
  • Access Based Enumeration
  • Delegating Administrative Control
  • Defining Custom Delegations
  • Defining an Audit Policy
  • Events Audited by Windows
  • Remote OS Installation: RIS
  • Installing RIS
  • Authorizing RIS Servers
  • Prestaging RIS Client Computers

8. Active Directory Security

  • Hardening Computer Account Security
  • Active Directory Security
  • Strengthening Domain Controller Policy Settings
  • The Secedit Database
  • INF Security Templates
  • The Security Template Console
  • Creating Custom Security Templates
  • Adding Security Settings
  • Using the Security Configuration and Analysis MMC
  • Creating a Test Security DB for Analysis
  • Analyzing System Security
  • Importing Security Templates to a Local Computer System and through Group Policy
  • Security Template Options
  • Account Lockout Policy
  • User Rights Assignments
  • Protecting the Service Administrator Accounts
  • Defining Object Ownership Quotas

9. Migrating to Active Directory

  • Migrating to Windows
  • Upgrading Domains
  • Migrating Users to a Parallel Windows Network
  • Understanding the Upgrade Process
  • Upgrading the Single and Master Domain Model
  • Upgrading the Multiple Master Domain Model
  • Active Directory Client Extensions
  • Restructuring Domains
  • Domain and Forest Functional Levels
  • Active Directory Migration Tools
  • Using ADMT Version 3
  • Using LDAP to Verify Migrated SIDs
  • Domain Rename

10. Domain Components

  • Domain Controller Functionality
  • Trust Relationships
  • Types of Trusts: Two-way Transitive Kerberos Trusts, Nontransitive Trusts, Shortcut Trusts, Forest Trusts
  • Operations Master Roles
  • Flexible Single Master Operation Maintenance
  • Schema Master, Domain Naming Master, RID Master, PDC Emulator, and Infrastructure Master
  • Maintaining FSMO Roles with ntdsutil
  • Using ntdsutil to Change FSMO Roles
  • Best Practice FSMO Rules
  • Managing User Accounts
  • Group Account Administration
  • Groups: Types and Scope
  • Domain Local, Global, and Universal Groups
  • Default Active Directory Security Groups
  • Well-known Security Principles
  • Built-in Local Groups
  • Changing Group Type
  • Planning for Universal Groups

11. Global Catalog Servers

  • Domain Tree Components
  • Forest Structure Review
  • GC Servers
  • Searching the Global Catalog
  • Designating Additional Global Catalog Servers
  • Global Catalog and Domain User Logons
  • Global Catalog Improvements
  • UPN and Global Catalog Support
  • Searches that Use the GC by Default
  • Global Catalog Group Policy Settings

12. Replication Fundamentals

  • Replication Fundamentals
  • Advanced Replication Concepts
  • Replication Components: USNs, High Watermark, and UptoDateness VectorUpdate Sequence Numbers
  • User Object Creation, Replication, and Modification
  • The Intra-site Replication Process
  • Conflict Resolution
  • Understanding Urgent Replication

13. Sites and Replication Administration

  • Creating a Site
  • Adding Subnets to Sites
  • Active Directory Replication Model
  • How Is Replication Topology Created?
  • Intra-Site Replication
  • Intra-Site Replication Traffic
  • Bridgehead Servers
  • Site Links and Site Link Bridges
  • Site Links Schedule
  • Disabling Transitive Site Links

14. Active Directory Maintenance

  • Database File Structure
  • Database Transaction Steps
  • Transaction Log Details
  • Backing up the System State
  • Active Directory Essentials to Backup
  • Performing a Non-authoritative Restore
  • Resetting the DSRM Password
  • Verifying a Non-authoritative Restore
  • Completing Authoritative Restore with ntdsutil
  • Cool Undelete AD Utilities
  • Sysinternals and AD Restore
  • Restoring a Domain Controller vs Reinstallation and Repromotion

15. Scripting and Active Directory

  • Windows Script Host
  • Using cscript and wscript
  • Enterprise Logon Scripts
  • When Logon Scripts Run
  • Creating ADSI Scripts
  • LDAP Data Interchange Format Directory Exchange
  • Using LDF Files for Administrative Tasks
  • Creating, Deleting, and Modifying Users

16. Modifying the Schema

  • Schema Components
  • Where Is the Schema Located?
  • Object Classes and Schema Objects
  • Single or Multivalue Attributes
  • Using ADSI to View the Schema
  • Modifying the Schema
  • Using ntdsutil to Change the Schema Master

17. Troubleshooting

  • Diagnosing an Active Directory Network
  • The Event Viewer
  • Filtering with the Event Viewer
  • Using the EventCombMT utility
  • Diagnostic Logging with Active Directory
  • Using Registry Settings for Active Directory Log Details
  • Testing Server Connectivity with netdiag
  • Testing Connectivity with dcdiag
  • Using the Recovery Console
  • Log Files Used with Active Directory
  • Monitoring ntdsdit with Performance Logs and Alerts



Lab 1:

  • Promote your stand-alone server into the local domain
  • Use Active Directory Users and Computers to search for objects
  • Setup, configure, and restrict functionality of the Microsoft Management Console

Lab 2:

  • Understand domain component naming
  • Use ADSI Edit to look at objects, distinguished names, and user principal names
  • Review active directory infrastructure using ADSI Edit
  • Use Ldp to examine the how LDAP works

Lab 3:

  • Deploy Routing and Remote Access Services using the OSPF protocol
  • Configure the DNS service

Lab 4:

  • Create a child domain in the local forest
  • Check for a successful promotion
  • Add additional domain controllers to your child domain

Lab 5:

  • Deploy OU and domain policy
  • Create policy for a mobile client
  • Create policy for a desktop client
  • Test block and force settings
  • Use group filtering
  • Troubleshoot the Group Policy that you have deployed

Lab 6:

  • Create OU infrastructure
  • Delegate administrative tasks using the Delegation wizard

Lab 7:

  • Setup DFS and replicated file shares
  • Install DFS Namespace
  • Push printers using Group Policy
  • Using the Printer Control console
  • Use Dsrevoke to manage permissions

Lab 8:

  • Use the Security Configuration and Analysis console to analyze domain security
  • Create security INF templates using the Security Templates console
  • Import security settings into Active Directory

Lab 9:

  • Use the ADMT utility to migrate users from your child domain to the.local domain
  • Use Ldp to check for the presence of the sIDHistory attribute

Lab 10:

  • Change the operating mode of your Windows Server 2003 domain
  • View the FSMO roles using the Active Directory administrative utilities
  • Change FSMO Roles using Ntdsutil
  • Create domain users and groups
  • Create objects using dstool2.exe

Lab 11:

  • Add global catalog duties to your domain controller
  • Add additional attributes to the global catalog

Lab 12:

  • Increase the reporting details in the directory service log
  • Use the Replication Monitor to analyze in-site replication
  • Use repadmin to determine replication partners
  • Use Spotlight on Active Directory

Lab 13:

  • Display the valid sites within the default classroom network
  • Create manual connection objects
  • Use Active Directory Sites and Services to create sites, subnets, and site links
  • Setup and configure site links

Lab 14:

  • Review where to set the tombstone lifetime and default garbage collection cycle using ADSI Edit
  • Backup the system state
  • Perform a non-authoritative restore of the system state
  • Authoritatively restore deleted objects using Ntdsutil
  • Perform an offline defragmentation
  • Use Quest Object Restore for Active Directory

Lab 15:

  • Use ADSI scripting to create an OU and user
  • Use the ldifde utility to create LDF scripts
  • Create a single user account with additional attributes

Lab 16:

  • Create and disable attributes using the Schema console

Lab 17:

  • Provide access to NTFS volumes using the Recovery Console for troubleshooting

To request a location or date, use our By Request service.

Course Code: 6315

Registration Information


5 Day Course

$2395 USD


Buy this course Buy this Course


By Request

Bring this course On-Site


Also Available

Online IT Library $399


PDF of this course