Decide that a practice lab is optional; you can learn from the course and practice on simulations available 24/7, or set up a time-consuming lab for hands-on work.

Download the Windows Server 2022 ISO from the provided link, use save link as to download, and save the ISO to your desktop for setup.

Learn to install and enable Hyper-V on Windows, including turning on Hyper-V platform and tools, verifying hardware virtualization, rebooting, and launching Hyper-V manager to create virtual machines.

Create an external virtual switch in Hyper-V to connect virtual machines and provide internet access, using Hyper-V manager and the virtual switch manager.

Disable large send offload version 2 on the Hyper-V virtual Ethernet adapter to fix slow or lost internet. Open device manager, locate the Hyper-V adapter, and disable setting in advanced.

Set up a Windows Server 2022 virtual machine with Hyper-V, allocating 4 GB RAM, a 127 GB dynamic drive, and installing the desktop experience from an ISO.

Create and configure a second Windows Server 2022 virtual machine in Hyper-V, including memory, dynamic disk, external switch, ISO installation, and join to a workgroup with a custom name.

Set up a personal lab with Microsoft 365 and Azure, sign up for a free Office 365 E5 trial, and learn to activate Microsoft 365 E5 while navigating regional availability.

Create and manage a free Microsoft 365 trial account to explore Microsoft 365 and Azure services, verify with a phone number, and learn licensing, activation, and cancellation steps.

Discover how to add an Azure subscription by starting a free trial, obtaining $200 credit for 30 days, and accessing subscriptions to run Azure virtual machines for hands-on activities.

Master PowerShell fundamentals for server administration, including the verb-noun command model, IntelliSense, core cmdlets like Get-Service and Stop-Service, and basics of piping, formatting, and modules.

Explore how domains, trees, and forests organize Active Directory, from single-domain setups to multi-domain structures with trust relationships and global catalog sharing.

Understand how Active Directory partitions drive replication across domain controllers and forests, including config, schema, domain, and application partitions, plus the global catalog for cross-domain object lookup.

In the next video, I will create a domain controller for the domain exam lab practice.com and advise choosing a unique domain name to prevent cloud conflicts.

Install Active Directory Domain Services on Windows Server 2022 and promote it to a domain controller for a new forest, configuring DNS and using Active Directory users and computers.

Join NYC server one to the exam lab practice domain by configuring DNS to the domain controller, changing the computer name, and using domain credentials, then verify in Active Directory.

Log in to Azure and deploy a Windows Server 2022 VM as a domain controller. Install Active Directory and promote it to a new forest named exam lab practice azure.com.

Discover how a read-only domain controller enables local password caching, pass-through authentication from remote offices, and optional dns use while avoiding writeable replication.

Learn how to pre-stage a read-only domain controller (RODC) and deploy RODCs using remote or local installation, configure password replication, DNS, and global catalog settings.

Promote NYC server one to an additional domain controller by installing Active Directory Domain Services, adding it to the existing domain, enabling global catalog, and verifying two domain controllers.

Master PowerShell remoting with WinRM by ensuring the service runs, opening ports 5985/5986, and authenticating for remote sessions using Get-Process, Invoke-Command, and Enter-PSSession.

PowerShell is its own scripting environment. Learn variables, get-variable, and read-host prompts, and use the integrated scripting environment (ISE) to write, run, format, and save server administration scripts.

Explore five fsmo roles in Active Directory: forest level domain naming and schema masters, domain level rid master, infrastructure master, and pdc emulator master, with writeable and read-only copies.

Learn how to identify and manage FSMO operation master roles across domain controllers using Active Directory tools, transfer roles with the graphical tool or PowerShell, and seize roles when needed.

Learn how to quickly redo simulations after completing an assignment by accessing the summary, returning to the assignment, and opening the instructions to access the simulation link.

Learn how domain and forest trusts enable cross-domain resource sharing and authentication, including two-way transitive trusts, one-way directional trusts, shortcut trusts, realm trusts, and forest trusts.

Configure and manage forest and domain trusts using Active Directory, ensure domain controller connectivity and DNS resolution via conditional forwarders, and set outgoing and incoming trusts, transitive or not.

Discover how Active Directory uses sites and site links to manage intra-site and inter-site replication across multiple locations, and how the knowledge consistency checker and bridgehead servers support redundancy.

Configure Active Directory sites, subnets, and site links to optimize replication and DNS mapping across New York, Dallas, and Birmingham.

Test and monitor AD DS replication between domain controllers using Active Directory Sites and Services; verify replication with rep admin and Dxdiag, and ensure DNS points correctly for seamless replication.

Enable a global catalog server to replicate a subset of the domain partition across every domain in your forest to support search. Ensure global catalog servers are domain controllers.

Explore how active directory domain services use user accounts as identities and organizational units to containerize and organize objects by site or department, with GPOs applying down the OU tree.

Learn to create organizational units and users in Active Directory using ADUC and ADAC, manage accounts, and delegate OU permissions, including UPN and pre-Windows 2000 logon names.

Explore AD DS groups by type and scope, including distribution vs security groups and global, domain local, and universal scopes, and how they grant permissions.

Create and manage security groups in Active Directory across multi-domain forests, using global, domain local, and universal groups to streamline permissions.

Enable universal group membership caching on a site to cache the universal group membership list on local domain controllers. This speeds authentication when global catalogs are remote.

Learn to manage Active Directory with PowerShell by creating organizational units, users, and groups, using get-command and online docs, prompting for passwords, and validating changes in Active Directory.

Learn how group managed service accounts (gMSA) let Active Directory reset passwords for services across multiple servers, using Kerberos and a KDS root key with PowerShell to create and deploy.

Explore hosting on-premises and cloud Active Directory with Azure AD Domain Services, create a managed ad ds instance, configure a virtual network, and enable synchronization from Azure AD.

Create a Windows Server VM, join it to Azure AD DS, configure DNS, enable RDP, and complete a password reset to log in with domain credentials.

Grant admin rights by adding a user to the AAD DC administrators group in Azure AD DS. Use portal.azure.com to add yourself as a member, then refresh to confirm.

Configure on-premises Active Directory with Azure AD for seamless SSO by adding additional UPNs, managing DNS records, and ensuring an internet-facing DNS server for cloud verification.

Add and verify a domain in the Microsoft 365 admin center by creating a text or MX DNS record, using GoDaddy credentials to link on-premises Active Directory with the cloud.

Set a verified domain as the default primary domain in the Microsoft 365 admin center so new users, accounts, and emails use that domain.

Update user principal names to the new domain in Microsoft 365 and Azure environment, and automate bulk changes with PowerShell to update Exchange Online emails and licenses.

Configure on-premise dns to support Microsoft 365, Exchange, and SharePoint hybrid integration via Azure AD Connect and Intune MDM, creating internal and external dns records such as cname, MX, TXT.

Assess and compare synchronization options for hybrid identity, including password hash synchronization, pass-through authentication, and federated authentication, aligning on-premises directory needs with cloud Azure AD and Microsoft 365.

Evaluate identity management requirements by aligning on-premise Active Directory with Azure AD via Azure AD Connect, clean up stale objects, and plan failover with a clear source anchor.

Explore how to evaluate authentication requirements in a hybrid environment using Azure AD Connect, comparing password hash synchronization, pass-through authentication, and federation via ADFS, with seamless SSO and compliance considerations.

Start with a pilot group from your on-premises domain for Azure AD Connect, and expand to full domain; create a cloud admins group and use include, exclude, and group-based synchronization.

Explore the three hybrid directory designs for Azure AD Connect: password hash synchronization, pass-through authentication, and federation, with their flows, redundancy, and security considerations.

Clean up on-premises Active Directory before installing Azure AD Connect by using the IDFix tool to remove spaces and other invalid characters that block synchronization.

Discover how to download and install Azure AD Connect, customize the setup, and enable password hash synchronization with single sign-on, while selecting domain, forest account, and admin credentials.

Use domain and OU filtering in Azure AD Connect to pilot the synchronization of the IT department, noting that mailbox sync isn’t enabled initially and requires the exchange migration tool.

Configure Azure AD Connect to enable hybrid deployment, enable password hash sync and directory extension attribute sync, and apply Azure AD app attribute filtering for cloud and on-prem apps.

Verify synchronization health with Azure AD Connect Health to ensure on-premises AD syncs with Azure AD, while monitoring health analytics and troubleshooting any errors.

Configure AD DS password policies on a domain controller using the default domain policy in the Group Policy Management Console; set history, age, length, complexity, and lockout rules.

Learn how group policy objects (GPOs) in Active Directory deploy settings and software, manage security, and flow from site to domain to OU levels, with inheritance and enforced policies.

Learn to create and link GPOs in Active Directory using the Group Policy Management Console, apply domain and OU policies, and use starter GPOs, scope, and filtering.

Deploy defaults with group policy preferences, including power options and printers, while allowing user changes; use item level targeting to apply these only on eligible machines.

Demonstrates installing the group policy management console in Azure AD DS and reviewing GPOs for computers and users. Shows that Azure AD DS policy concepts mirror on-premises Active Directory.

Learn to remove Active Directory from a domain controller by demoting it, then install Windows Admin Center and convert the server to a member server joined to the domain.

Deploy a Windows Admin Center gateway server to manage on-premises and cloud resources from a central gateway. Learn installation steps, port and certificate configurations, and initial web access.

Connect to Windows Admin Center, add and manage target servers and Azure virtual machines via browser, leveraging hybrid connectivity for centralized administration.

Learn to connect to remote Windows servers via Windows Admin Center and PowerShell remoting, configure winrm on port 5985 or 5986, and run remote commands like get-process and get-service.

Understand the second hop remoting problem in PowerShell and how CredSSP caches credentials on an intermediate server. Compare Kerberos delegation, which avoids cached credentials and supports cross-domain use.

Configure JEA for PowerShell by creating role capabilities and a restricted session configuration to control visible commands, external commands, and transcripts.

Discover how Azure Arc provides a single pane of glass to manage on-premise and Azure Windows servers from the portal, including onboarding with a script and agent.

Deploy Azure Arc guest policies to on-premise and Azure servers by assigning a policy or initiative, enabling remediation, and enforcing secure communication on Windows web servers with a system-assigned identity.

Learn to deploy Azure Arc extensions on on-prem servers with the custom script extension, adding Log Analytics and SQL Server agents, via a storage account.