Mastering Active Directory

Lifelong learning for working professionals

Course Summary

Learn how to design, deploy and maintain Active Directory (AD).
Three jam-packed, fast-paced days that go into the depths of Active Directory Domain Services (ADDS) and the most tightly integrated peripheral components.
We go through what you as an IT professional and administrator should consider when designing and implementing AD, automated installation, security aspects (how to protect your AD and infrastructure), delegation, migration and upgrades.
We lab with tools for configuring and troubleshooting ADDS, learn GPO design, DNS, Forest and Domain topologies, Trusts, FSMO roles, Sites & Services, disaster/recovery, Backup & Restore, Kerberos, KDC, NTDS.DIT and time management.
The theory in each section is blended with the instructor’s real-world experience, providing access to a reality that cannot be read about in standard courseware, TechNet or KB articles.
Learn how to manage the small AD environment, how to scale it up to larger environments across multiple countries and how to make the best use of AD!

Course Objective

The labs will teach you how to design, deploy and maintain Active Directory. You will learn about all the components and security mechanisms involved in the service and gain the skills to troubleshoot, restructure and upgrade your Active Directory. You will become proactive and be able to make decisions about AD changes without the need for consulting.

Target Audience

Administrators of Active Directory, IT professionals who wish to immerse themselves in Active Directory

Prerequisites

As the course is fast-paced and assumes a certain level of knowledge, participants should have completed a basic course in Active Directory or have gained equivalent knowledge through working with Active Directory and Windows Server in an operational environment.

Certification

This course has no certification

Trainer

Daniel Ulrichs is a senior IT security consultant working in a Directory Services Expert team at Trusted Solutions Group Sweden as an architect in identity and security in enterprise environments.

With a passion for Active Directory security and the Windows platform, Daniel performs security audits, health checks, design of large Active Directory environments, Active Directory migrations and consolidations, and builds high-security environments.

With his deep understanding, Daniel has helped Swedish government agencies, banks and organizations in other industries and countries improve the security and infrastructure of their core Active Directory.

Course Details

Course content

Active Directory Design – Forest, domain and OU

Forest and domain topology design (how to do it right from the start)
Function, location and configuration of the domain controller
Automation and standardization of installation
Management of Forest and Domain Trusts
OU design (how less becomes more)

Active Directory Design – Namespace and DNS integration

Namespace selection considerations (options and conditions)
The integration between AD and DNS
Methods for DNS replication, Dynamic Updates and forwarding

Active Directory Design – Replication and site management

How to set up, maintain and troubleshoot AD replication
Directory partitions (features and differences)
Subnets in Active Directory (why they play a huge role)
How can Sites and Services help me?
How KCC works and how to optimize replication

Active Directory Design – Components and Roles

Everything you need to know about FSMO roles to survive
The purpose of Global Catalogs
Time synchronization in the domain (that’s how important it is, here’s how to make it work)
De-dramatization of Active Directory Schema

Active Directory Operations – How you should work with groups and rights

Understand the difference between global, domain-local and universal groups
Naming standards that last
Cleanups
Dynamic Access Control

Active Directory Operations – Disaster recovery and high availability

Active Directory backup and restore (the technology and the challenge)
The DC crashed, what do I do now?
Tombstone lifetime
Virtual domain controllers (The good, the bad and the ugly)

Active Directory Operations – How you should work with Group Policy

How are policies applied and how to troubleshoot them in the best way?
Consolidate or not, that is the question
Linking and filtering (old and new school)
Group Policy Preferences (death of the login script?)
SYSVOL replication
AGPMC

Active Directory – Security

What is the security model in AD
How accounts and data are protected in AD
AdminSDHolder what is it?
Confidentiality data bit, when is it used?
Read Only Domain Controllers
FAS
Fine-Grained Password Policies
Authentication Mechanism Assurance
Authentication Policies and Policy Silos

Active Directory – Kerberos

How does Cerberus actually work?
KDCn and its services
Claims based Authentication
About Trusts

Active Directory – Hosting

Resurs Forest/Domain
List object mode
UPN Suffix

Active Directory – Migrations

ADMT
Sid History
AD Migration / Upgrade

Active Directory Maintenance – Upgrades and changes

Upgrading Active Directory and forest/domain functional level
How to handle migration scenarios (e.g. acquisition of companies or adaptation to MSKD for municipalities)

Active Directory Maintenance – Overview of the new technology

Various Tools for troubleshooting
Introduction to AD management via Powershell
Introduction to Azure AD Premium
What’s coming in the next version of Active Directory

Course Overview

25 990 kr

3 days

Classroom, Remote

Advanced

Swedish

Can’t find a (suitable) date, but are interested in the course? Send in an expression of interest and we will do what we can to find a suitable opportunity.

Customized Courses

The course can be adapted from several perspectives:

Content and focus area
Extent and scope
Delivery approach

In interaction with the course leader, we ensure that the course meets your needs.