Course 3: MCSA Windows Server 2019 Active Directory

Download the GUI tool and data sheet, copy to the domain controller, import sample data into Active Directory, map fields to AD attributes, and create IT, HR, marketing groups.

Explore creating and promoting a second domain controller in Active Directory, cloning and demoting domain controllers, removing them from network, and assessing health, replication, and FSMO role impact with PowerShell.

Promote a second domain controller remotely using PowerShell by installing Active Directory Domain Services on a target server and configuring replication and global catalog settings.

Promote Victoria server1 to a second domain controller remotely using a single PowerShell command, set up replication, and verify with Active Directory tools, comparing GUI and command-line approaches.

Use command-line tools to verify domain controllers' health and connectivity, check dns status, and confirm healthy application connections between controllers, with results saved to a file.

Use the best practices analyzer in server manager to assess domain controllers, verify the PDC time synchronization, review warnings and backup status, and enable the Active Directory Administrative Center tools.

Clone a domain controller safely using a secondary DC and a DC clone config file, then export or import the VM, power it on, and verify IP and AD membership.

Demote the secondary domain controller, remove Active Directory Domain Services, and promote a single primary domain controller with the global catalog configured on the remaining server.

Use the Active Directory administrative center to manage user templates and copy accounts with data. Build nested groups with global, domain local, universal scopes and distribution, security types.

Learn how to reset a computer account and repair the trust relationship between a workstation and the domain controller, restoring the secure channel in an Active Directory environment.

Configure Active Directory domain controllers, networking adapters, and virtual switches to fix routing between two networks, then enable routing and remote access to verify connectivity and access to the internet.

Establish trusted relationships in Active Directory to enable secure authentication between domains and Unix systems. Learn about trust types, including parent-child, forest and external trusts, and how to grant permissions.

Learn how to set up cross-forest trust relationships in Active Directory, and configure conditional forwarders to enable cross-forest name resolution, with connectivity checks and firewall considerations.

Implement forest trusts between two Active Directory forests and configure two-way or one-way trusts. Enable selective authentication and cross-forest resource sharing.

Learn the differences between multi sites and multi domains in active directory, including replication, security implications, admin needs, and when to choose each based on scenario.

Learn to create a child domain in AD DS within a forest, promote a server to a domain controller, configure DNS delegation, and manage trust with the parent forest.

Create and manage Active Directory sites and subnets across Victoria and Sydney, promote domain controllers with DNS and global catalog, and configure site links and replication schedules.

Monitor site replication using powershell, recalculate topology, identify bridgehead servers, force replication between Victoria and Sydney domain controllers, and verify domain name system health across sites.

Design and deploy group policy objects (GPOs) across domains and OUs, linking and enforcing policies while avoiding conflicts; use separate GPOs per setting and disable by unlinking.

Deploy and block policies with GPOs using computer and user configurations, enforce changes via gpupdate, and learn to delegate exclusions such as the IT manager from policy application.

Deploy remote management tools through a domain-wide GPO, enabling Windows Management Instrumentation, remote event log management, and Windows Remote Management while configuring firewall rules to secure and centralize access.

Explain how policy precedence determines which group policy settings apply, showing how directly linked policies override inherited ones, with screensaver enable/disable examples on IT and transport units.

Explore how policy precedence governs control panel access by linking policies to the IT group, using allow and deny, enforce, block inheritance, and gpupdate /force to override inherited rules.

Configure loopback processing in group policy to apply user policies by computer. Enable merging of computer configuration settings, adjust the 30-second screensaver timer, and refresh policies.

Learn to use group policy results and policy modeling tools to verify and simulate which policies apply to a user or computer, generate reports, and troubleshoot policy deployment.

Create and apply WMI filters using Windows Management Instrumentation to deploy a Windows 10-specific Group Policy by building operating system queries with version and product conditions, using VBScript as needed.

Access the event viewer to inspect group policy operational logs, filter event IDs, and detect policy and security issues.

Import a third-party admx template for Google Chrome, copy policy definitions to the domain controller, and block Facebook using a GPO applied through computer configuration (overrides user configuration in conflicts).

Discover how to locate the right policy to block external devices by navigating policy settings, enabling keyword filters, and applying device installation restrictions in computer and user configurations.

Discover how to use group policy preferences to map a network drive to a shared folder on a domain controller and deploy it via a GPO.

Configure folder redirection to move user desktops and documents to a file server, apply group policy, test logon and logoff, manage offline files with caching to reduce bandwidth.

Configure group policy to secure active directory accounts with password policy and account lockout settings, including complexity, minimum length, max age, and a 30-minute lockout with five failed attempts.

Implement fine-grained password policies for valuable accounts using the password settings container, applying higher precedence than group policy to domain admins and configuring length, complexity, history, age, and lockout.

create an it group, move servers to a separate ou, and apply a restricted groups gpo to grant server operator and backup operator rights to group members.

Activate auditing via group policy to monitor directory service access and account management. Review Event Viewer logs to identify who changed directory services and related objects.

Explore the read-only domain controller (rodc) and its remote site deployment to protect the active directory, and learn how password caching and restricted help-desk access secure administration.

Learn how to deploy and configure a read-only domain controller (rodc), promote a second domain controller, set up password replication policies, and enable global catalog access for a remote site.

Explore the differences between services and processes in Windows, locating them in Task Manager and Computer Management, and understand how security levels, startup types, and service accounts shape their behavior.

Configure a managed service account in Active Directory to securely run server services, with system-managed passwords, automatic permissions, and service-only usage that cannot log on to devices.

Revert all lab machines to the initial domain state, then create two checkpoints—the initial state and after installing the certification authority—to enable future federation services.

Set up and configure domain controllers and certificate authorities across both forests, establish trusted certificates via group policy, and prepare lab snapshots for scalable Active Directory lab environments.

Install and configure AD CS in a lab, setting up an enterprise certification authority with online responder, generating a private key, and managing certificate templates to enable PKI-based deployment.

Install and configure a certification authority across two forests, export and import certificates, and publish them to trusted roots via group policy. Use snapshots to revert labs.

Install and configure an enterprise subordinate certificate authority with an online responder, connect to the parent CAA, and create a 4000-bit private key to issue and publish certificates.

Explore certificate revocation lists (CRLs) and how a subordinate CA replicates revocation data to subordinates and remote sites, ensuring revoked certificates cannot access resources.