About this Course

Tech Type Specialist
Code M6436
Duration 5 Days
Special Notices

This course may be available for you to purchase through the Microsoft Software Assurance voucher scheme. To book courses using vouchers please call our sales team on 0345 757 3888. Or for more information on claiming vouchers you can speak to our dedicated Software Assurance administration team on 01753 898 351.

During this five-day course, delegates will learn how to design an Active Directory infrastructure in the Windows Server 2008 and Windows Server 2008 R2 operating systems. Delegates will learn how to design Active Directory forests, domain infrastructure, sites and replication, administrative structures, Group Policy, and Public Key Infrastructures (PKIs). Delegates will also learn how to design for security, high availability, disaster recovery, and migrations.

Target Audience:

The primary audience for this course is IT professionals, including administrators of Windows 2000 Server and Windows Server 2003 Enterprise who want to become administrators of Windows Server 2008 Enterprise.
Skill Level: 300

This course is intended for IT professionals who want to gain professional job role skills to help them design the infrastructure for Active Directoryfor Windows Server 2008 and Windows Server 2008 R2 as an Enterprise Administrator. This course is also intended for IT professionals who have been working as Enterprise Administrators on previous versions of Windows Server and who want to update their skills to Windows Server 2008. Students might already be, or have been, Server Administrators who make planning and design decisions at a server level and who want to gain the skills and knowledge they need to transition to enterprise-level design decisions.

Those intending to take the 70-647: PRO: Windows Server 2008, Enterprise Administrator exam will also benefit from attendance at this course.

Product and Technology Experience

At least three to five years of experience in medium-to-large enterprise organizations, supporting and implementing Active Directory.

What's Included

QA offers more benefits. Here is what's included with this course:

Microsoft SA Vouchers accepted


Delegates can meet the prerequisites by attending the following courses or by obtaining equivalent knowledge and skills:

  • M6425: Configuring and Troubleshooting Windows Server 2008 Active Directory Domain Services
  • M6426: Configuring and Troubleshooting Identity and Access Solutions with Windows Server 2008 Active Directory
  • M6433: Planning and Implementing Windows Server 2008 Servers

If the above courses have not been attended, delegates who attend this training should already have a minimum of the following technical knowledge:

  • System administrator-level working knowledge.
  • Up to one year of experience implementing server plans.

Knowledge of client operating system equivalent to the following certifications is beneficial:

  • Exam 70-680: TS: Windows 7, Configuration or
  • Exam 70-620: TS: Windows Vista, Configuring

Delegates will learn how to

At the end of this course you will be able to:

  • Provide an overview of the lab scenario.
  • Create a design for the Active Directory Domain Services (AD DS) forest and forest trust deployment.
  • Design an AD DS domain and Domain Name Service (DNS) integration design.
  • Design AD DS sites and AD DS replication.
  • Create an AD DS domain controller deployment plan.
  • Create an AD DS domain administration design and partially implement the design.
  • Create an AD DS Group Policy design and implement some components of that design.
  • Design and implement AD DS security policies that meet security requirements.
  • Design and implement a PKI deployment by using Active Directory Certificate Services (AD CS).
  • Design an Active Directory Rights Management Services (AD RMS) solution and deploy RMS for internal users.
  • Create and implement an Active Directory Lightweight Directory Services (AD LDS) design.
  • Review and validate a Federated Web single sign-on (SSO) deployment.
  • Design and implement a domain restructure.


Module 1: Overview of Active Directory Design

For most organizations, the Active Directory deployment may be the single most important component in the IT infrastructure. When organizations deploy AD DS or any of the other Active Directory services within Windows Server 2008, they are deploying a central authentication and authorization service that provides SSO access to many other network services in the organization. AD DS provides the primary security mechanism within most organizations, and it enables policy-based management for user and computer accounts. You can use the other Active Directory services to extend some of this functionality to users who are external to the organization.

The critical functionality that the Active Directory services provide means that you should design your Active Directory infrastructure to meet your organization's unique requirements. This module provides an overview of the information that you must gather to prepare for an Active Directory deployment, and it provides an overview of the steps that you use as you create an Active Directory design.


  • Preparing For Active Directory Design
  • Designing the Internal AD DS Infrastructure
  • Extending the Active Directory Design

Lab : Exploring the Lab Scenario

  • Exploring the Contoso Ltd. Scenario
  • Exploring Additional Scenarios for Active Directory Designs

Module 2: Designing an AD DS Forest Infrastructure

To design the infrastructure of an AD DS forest for your organization, first you must collect organizational and administrative requirements, and then you must decide which design to use. There are several possible designs, and each one requires some trade-offs. Based on the requirements of your organization, you must determine the type of AD DS forest and forest root domain. You also must plan for trusts between forests, determine whether your organization requires multiple forests, and determine which modifications, if any, you must make to the AD DS schema. In addition, you must design for the time synchronization of all computer clocks in your organization by using the Windows Time service (Win32Time).

In this module, you will learn about forest design concepts as well as about forest trusts, the AD DS schema, and the Windows Time Service.


  • Designing an AD DS Forest
  • Designing AD DS Forest Trusts
  • Planning for AD DS Schema Changes
  • Designing a Windows Time Service Deployment

Lab : Designing an AD DS Forest Infrastructure

  • Design an AD DS Forest
  • Create and Implement Forest Trusts

Module 3: Designing an AD DS Domain Infrastructure

After designing the infrastructure for the AD DS forest as described in Module 1, you need to design the AD DS domain infrastructure. To do this, you first need to decide on the AD DS domain design model and the placement and deployment of domain controllers, based on your organization's needs. After designing the AD DS domain, you then integrate the internal and external DNS namespaces with the AD DS domain by using DNS servers. If your design consists of multiple domains, you can create domain trusts to enable easy and reliable communication from one domain to another. You need to choose the right type of domain trust, based on your organization's needs.

In this module, you will learn about designing AD DS domains, DNS, and domain trusts.


  • Designing AD DS Domains
  • Designing DNS Namespaces in an AD DS Environment
  • Designing AD DS Domain Trusts

Lab : Designing an AD DS Domain Infrastructure

  • Designing and Implementing AD DS Domains
  • Designing and Implementing DNS Integration
  • Designing and Implementing Domain Trusts

Module 4: Designing AD DS Sites and Replication

You should design the site topology for the network after you design the logical structure of the AD DS infrastructure in your organization. The site topology is a logical representation of the physical network. You use the site topology to manage replication and logon network traffic, among other things. When you create the site design, include information about the location of the AD DS sites, the AD DS domain controllers within each site, and the site links and site-link bridges that support AD DS replication between sites. Windows Server 2008 uses site information for many purposes, including routing replication, client affinity, system volume (SYSVOL) replication, Distributed File System (DFS) namespaces, and service locations.

In this module, you will learn how to design a distributed directory service that supports domain controllers that are in portions of your network that are separated by expensive, slow, or unreliable links.


  • Designing AD DS Sites
  • Designing AD DS Replication

Lab : Designing AD DS Sites and Replication

  • Designing and Implementing AD DS Sites
  • Designing and Implementing AD DS Replication

Module 5: Designing AD DS Domain Controllers

This module explains how to design an AD DS domain controller.


  • Designing Domain Controllers and Domain Controller Placement
  • Designing RODC Deployments
  • Designing Domain Controllers As Virtual Machines
  • Designing Domain Controller Availability

Lab : Designing AD DS Domain Controllers

  • Designing an AD DS Controller Deployment
  • Designing and Implementing an RODC Deployment

Module 6: Designing AD DS Domain Administration

You can use an AD DS domain to simplify the administration of your IT resources by creating a manageable structure that underlies a network infrastructure based on the Windows operating system.

To design the effective administration of an AD DS domain, you need to first assess the state of the configuration and administration of the AD DS environment. To determine the best design for your AD DS domain administration, first collect information about how your organization needs to administer the various resources in your AD DS domain environment. This information provides the basis on which you can design and build the AD DS domain structures that will enable the most effective AD DS domain administrative methods for your organization, such as organizational units (OUs), AD DS groups, and user and computer account objects.


  • Planning the Delegation of AD DS Administration
  • Designing the Structure of OUs
  • Designing an AD DS Group Strategy
  • Planning to Manage User and Computer Accounts

Lab : Designing AD DS Domain Administration

  • Creating and Implementing an OU Design
  • Creating and Implementing an AD DS Group Design
  • Automating User and Group Management

Module 7: Designing AD DS Group Policy

The AD DS Group Policy environment is the principal vehicle for configuration management in Windows Server 2008. An effective Group Policy design means a more standardized and easy-to-manage environment in which to perform all other administrative tasks.

This module introduces the key concepts for designing Group Policy as they relate to planning, implementing. and managing Group Policy in AD DS.


  • Preparing for Group Policy Design
  • Designing Group Policy Objects
  • Designing Group Policy Processing
  • Planning for Group Policy Management

Lab : Designing AD DS Group Policy

  • Designing and Implementing Group Policy Objects
  • Designing and Implementing Group Policy Application

Module 8: Designing AD DS Security

One of the primary reasons to deploy a directory service like AD DS is to provide security for the organization's network. Managing secure access to network resources is critical to ensuring that only authorized users can access the data and that only authorized administrators can make changes to the environment.

By ensuring that the AD DS deployment is secure, you can help ensure system stability and reliability, and you can minimize the number of successful attempts to jeopardize system security and integrity.


  • Preparing to Design AD DS Security
  • Designing AD DS Account and Password Policies
  • Designing AD DS Domain Controller Security
  • Designing AD DS Administrator Security

Lab : Designing and Implementing AD DS Security

  • Designing and Implementing Security Policies for Accounts and Passwords
  • Designing and Implementing Administrative Security Policies

Module 9: Designing a Public Key Infrastructure

This module explains how to design a PKI deployment by using Windows Server 2008 AD CS.


  • Overview of PKI and AD CS
  • Designing a Certification Authority Deployment
  • Designing Certificate Templates
  • Designing Certificate Distribution and Revocation

Lab : Designing and Implementing a PKI Deployment

  • Designing and Implementing a CA Hierarchy
  • Designing and Implementing AD CS Certificate Templates

Module 10: Designing and Deploying AD RMS

This module explains how to design and implement a rights protection infrastructure by using AD RMS.


  • AD RMS Overview
  • Designing an AD RMS Deployment
  • Extending the AD RMS Deployment Outside an Organization

Lab : Designing and Deploying AD RMS

  • Designing an AD RMS Deployment
  • Implementing an Internal AD RMS Deployment
  • Verifying the AD RMS Deployment

Module 11: Designing an AD LDS Infrastructure

This module explains how to design and implement an AD LDS deployment.


  • AD LDS Deployment Scenarios
  • Designing an AD LDS Server Deployment
  • Designing AD LDS Replication
  • Integrating AD LDS with AD DS

Lab : Designing and Implementing an AD LDS Infrastructure

  • Designing AD LDS Replication for Internal Applications
  • Designing AD LDS Replication for External Applications
  • Designing Highly Available LDAP Services for Multiple Applications
  • Implementing an AD LDS Solution

Module 12: Designing an AD FS Infrastructure

This module explains how to design an implementation of Active Directory Federation Services (AD FS).


  • Overview of an AD FS Design
  • Designing an AD FS Deployment
  • Designing AD FS Claims and Applications

Lab : Integrating AD FS and AD RMS

  • Configuring AD FS in the Account Partner
  • Configuring AD FS in the Resource Forest
  • Adding Resource and Account Partners
  • Configuring AD RMS to Work with AD FS
  • Configuring the AD FS Client
  • Verifying AD RMS and AD FS Functionality

Module 13: Designing AD DS Transitions

This module explains how to design and implement AD DS upgrades and migrations.


  • Choosing an AD DS Transition Strategy
  • Designing a Domain-Upgrade Strategy
  • Designing a Domain-Restructure Strategy
  • Designing AD DS Domain Renaming

Lab : Designing and Implementing an AD DS Domain Restructure

  • Designing an AD DS Domain Restructure
  • Implementing an AD DS Domain Restructure

Leads to examination

  • 70-647 PRO Windows Server 2008 Enterprise Administrator
Specialist Course

5 Days

Microsoft Windows Server
Delivery Method

Delivery method

Classroom / Attend from Anywhere

Receive classroom training at one of our nationwide training centres, or attend remotely via web access from anywhere.

Find dates and prices

Online booking is currently not available for this course, to find out more please call us on 0113 220 7150 or email us at info@qa.com to discuss how we can help.

Trusted, awarded and accredited

Fully accredited to ensure we provide the highest possible standards in learning

All third party trademark rights acknowledged.