Training MCSA 2016 20742a ENU trainerhandbook
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (49.85 MB, 688 trang )
M I C R O S O F T
20742A
L E A R N I N G
P R O D U C T
Identity with Windows Server 2016
MCT USE ONLY. STUDENT USE PROHIBITED
O F F I C I A L
Identity with Windows Server 2016
MCT USE ONLY. STUDENT USE PROHIBITED
ii
Information in this document, including URLs and other Internet website references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
email addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, email address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
©2016 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at />/Trademarks/EN-US.aspx are trademarks of the Microsoft group of companies. All other trademarks are
property of their respective owners.
Product Number: 20742A
Part Number: X21-15013
Released: 08/2016
MCT USE ONLY. STUDENT USE PROHIBITED
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1.
DEFINITIONS.
a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.
b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c.
“Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f.
“Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.
g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy
Program.
i.
“Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.
j.
“MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.
k. “MPN Member” means an active Microsoft Partner Network program member in good standing.
MCT USE ONLY. STUDENT USE PROHIBITED
l.
“Personal Device” means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.
m. “Private Training Session” means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Prerelease course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2.
USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.
2.1
Below are five separate sets of use rights. Only one set of rights apply to you.
a. If you are a Microsoft IT Academy Program Member:
i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User who is enrolled in the Authorized Training Session, and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware being provided, or
2. provide one (1) End User with the unique redemption code and instructions on how they can
access one (1) digital version of the Microsoft Instructor-Led Courseware, or
3. provide one (1) Trainer with the unique redemption code and instructions on how they can
access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training
Session,
v. you will ensure that each End User provided with the hard-copy version of the Microsoft InstructorLed Courseware will be presented with a copy of this agreement and each End User will agree that
their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement
prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required
to denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
MCT USE ONLY. STUDENT USE PROHIBITED
vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the
Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for
all your Authorized Training Sessions,
viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training
Session that uses a MOC title, and
ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources
for the Microsoft Instructor-Led Courseware.
b. If you are a Microsoft Learning Competency Member:
i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Authorized Training Session and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique redemption
code and instructions on how they can access one (1) digital version of the Microsoft InstructorLed Courseware, or
3. you will provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Authorized Training Session has their own valid
licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized
Training Session,
v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training
Sessions,
viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is
the subject of the MOC title being taught for all your Authorized Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
MCT USE ONLY. STUDENT USE PROHIBITED
c.
If you are a MPN Member:
i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User attending the Private Training Session, and only immediately prior to the commencement
of the Private Training Session that is the subject matter of the Microsoft Instructor-Led
Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique
redemption code and instructions on how they can access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure that each End User attending an Private Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session,
v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed
copy of the Trainer Content that is the subject of the Private Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training
Sessions,
viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the
subject of the MOC title being taught for all your Private Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
d. If you are an End User:
For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your
personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the
Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the
training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to
three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.
e. If you are a Trainer.
i.
For each license you acquire, you may install and use one (1) copy of the Trainer Content in the
form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized
Training Session or Private Training Session, and install one (1) additional copy on another Personal
Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not
install or use a copy of the Trainer Content on a device you do not own or control. You may also
print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training
Session or Private Training Session.
MCT USE ONLY. STUDENT USE PROHIBITED
ii.
You may customize the written portions of the Trainer Content that are logically associated with
instruction of a training session in accordance with the most recent version of the MCT agreement.
If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private Training
Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of
“customize” refers only to changing the order of slides and content, and/or not using all the slides or
content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
3.
LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject
matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the
other provisions in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c.
Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
MCT USE ONLY. STUDENT USE PROHIBITED
4.
SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
•
access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
•
alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
•
modify or create a derivative work of any Licensed Content,
•
publicly display, or make the Licensed Content available for others to access or use,
•
copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
•
work around any technical limitations in the Licensed Content, or
•
reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6.
EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.
7.
SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.
8.
TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.
9.
LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
10.
ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
11.
APPLICABLE LAW.
a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.
MCT USE ONLY. STUDENT USE PROHIBITED
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
12.
LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
13.
DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14.
LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to
o
anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
o
claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie
expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES
DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres
dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
Cette limitation concerne:
• tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
• les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité
stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
MCT USE ONLY. STUDENT USE PROHIBITED
Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si
votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires
ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre
égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre
pays si celles-ci ne le permettent pas.
Revised July 2013
MCT USE ONLY. STUDENT USE PROHIBITED
xi
Identity with Windows Server 2016
Acknowledgments
MCT USE ONLY. STUDENT USE PROHIBITED
xii Identity with Windows Server 2016
Microsoft Learning would like to acknowledge and thank the following individuals for their contribution
towards developing this title. Their effort at various stages in the development has ensured that you have
a good classroom experience.
Jason Hershey - Content Developer
Jason Hershey is the owner of Tellus Consulting and Tellus Project Management, located in Western
Washington. He is a Microsoft Certified Professional (MCP), Project Management Professional (PMP), and
Certified Scrum Master. He also holds an MBA in finance. Prior to starting his own company, Jason worked
for almost 20 years at Microsoft in nearly every product team, including Microsoft Official Curriculum
(MOC), Windows client and Windows Server, SQL Server, and the Office product team. With these teams,
Jason worked at designing, developing, and deploying solutions using Microsoft SharePoint, from
SharePoint 2007 to SharePoint 2013, and the full stack of Microsoft technologies.
Gary Dunlop - Content Developer
Gary Dunlop is based in Winnipeg, Canada, and is a technical consultant and trainer for Broadview
Networks. He has authored a number of Microsoft Learning titles and has been a Microsoft Certified
Trainer (MCT) since 1997.
Jamie Nelson - Content Developer
Jamie Nelson is a Subject Matter Expert with more than 15 years of experience in various IT engineering
and leadership roles. Jamie has extensive experience consulting on Active Directory, Group Policy,
Exchange Server, System Center Configuration Manager, identity management, and virtualization.
However, his passion lies in harnessing the capabilities of Windows PowerShell for enterprise automation,
and for sharing his enthusiasm on the subject with others whenever and however the opportunity
presents itself. Jamie's clients include public- and private-sector organizations in the energy and
healthcare industries, and the United States Air Force. Jamie has served as adjunct faculty, teaching
Windows Server and networking courses, and he holds several industry certifications, in addition to a
Master's degree in Business Administration.
Jason Kellington - Content Developer
Jason Kellington (MCT, MCSE, and MCITP) is a consultant, trainer, and author. He has experience working
with a wide range of Microsoft technologies, focusing on enterprise network infrastructure. Jason works in
several capacities with Microsoft. He is a content developer for Microsoft Learning courseware titles, a
senior technical writer for Microsoft IT Showcase, and an author for Microsoft Press.
Claus Jacob Wordenskjold - Content Developer
Claus Jacob Wordenskjold is an independent consultant and trainer based in Denmark. He founded his
company, Chinchilla Data, in 1995, and he has more than 25 years of experience in IT. Claus has been an
MCT since 2002, and he has delivered training throughout Europe. He specializes in Windows Client and
Windows Server courses, but conducts occasional training in Microsoft SharePoint. Claus holds
certifications in every Windows operating system since Windows 2000, and provides consulting services
on Windows Server, Active Directory Domain Services (AD DS), and Group Policy. Claus has been a
speaker at local Danish Microsoft events, and has authored several Windows-related courses.
MCT USE ONLY. STUDENT USE PROHIBITED
Identity with Windows Server 2016
Damir Dizdarevic - Content Developer
xiii
Damir Dizdarevic is an MCSE, MCTS, MCITP and MCT. He is the Executive Director for Services at Logosoft
d.o.o., in Sarajevo, Bosnia, Herzegovina. Occasionally, he also works as a consultant for enterprise clients.
Damir has more than 20 years of experience on Microsoft platforms, and he specializes in Windows
Server, Exchange Server, and cloud and mobility solutions. He has worked as a designer, Subject Matter
Expert, and technical reviewer on many Microsoft Official Courses on Windows Server, Exchange Server,
Office 365 and Microsoft Azure topics, and has published more than 400 articles in various IT magazines,
such as Windows ITPro and INFO Magazine. He is also a frequent and highly rated speaker at most
Microsoft conferences in Eastern Europe. Additionally, Damir has been a Microsoft MVP for Cloud and
Datacenter Management for nine years in a row. His technical blog is available at:
/>
Clifton Leonard - Content Developer
Clifton Leonard is a content developer and Subject Matter Expert with more than 25 years of experience
in the IT industry as an engineer, architect, consultant, trainer, and author. Clifton has extensive
experience consulting on Active Directory, Exchange Server, Lync Server, identity management, and Office
365. His clients include large energy corporations, K–12 schools, universities, technology manufacturers,
financial institutions, the United States Air Force, and the United States Department of Defense. Clifton
has been a Subject Matter Expert for multiple courses on Windows Desktop, Windows Server, Exchange
Server, Microsoft SharePoint Server, Hyper-V, identity management, and Office 365.
Andrew Warren - Technical Reviewer
Andrew Warren has more than 25 years of experience in the IT ) industry, many of which he has spent
teaching and writing. He has been involved as a Subject Matter Expert for many of the Windows Server
2012 courses, and as the technical lead on many Windows 8 courses. He also has been involved in
developing TechNet sessions on Microsoft Exchange Server. Based in the United Kingdom, Andrew runs
his own IT training and education consultancy.
Contents
Module 1: Implementing and configuring domain controllers
Module Overview
1-1
Lesson 1: Overview of AD DS
1-2
Lesson 2: Overview of AD DS domain controllers
1-14
Lesson 3: Deploying a domain controller
1-23
Lab: Deploying and administering AD DS
1-34
Module Review and Takeaways
1-39
Module 2: Managing objects in AD DS
Module Overview
2-1
Lesson 1: Managing user accounts
2-2
Lesson 2: Managing groups in AD DS
2-11
Lesson 3: Managing computer objects in AD DS
2-21
Lab A: Managing AD DS objects
2-28
Lesson 4: Using Windows PowerShell for AD DS administration
2-33
Lesson 5: Implementing and managing OUs
2-48
Lab B: Administering AD DS
2-56
Module Review and Takeaways
2-61
Module 3: Advanced AD DS infrastructure management
Module Overview
3-1
Lesson 1: Overview of advanced AD DS deployments
3-2
Lesson 2: Deploying a distributed AD DS environment
3-10
Lesson 3: Configuring AD DS trusts
3-24
Lab: Domain and trust management in AD DS
3-30
Module Review and Takeaways
3-34
Module 4: Implementing and administering AD DS sites and replication
Module Overview
4-1
Lesson 1: Overview of AD DS replication
4-2
Lesson 2: Configuring AD DS sites
4-10
Lesson 3: Configuring and monitoring AD DS replication
4-18
Lab: Implementing AD DS sites and replication
4-25
Module Review and Takeaways
4-31
MCT USE ONLY. STUDENT USE PROHIBITED
xiv Identity with Windows Server 2016
MCT USE ONLY. STUDENT USE PROHIBITED
Identity with Windows Server 2016
Module 5: Implementing Group Policy
Module Overview
5-1
Lesson 1: Introducing Group Policy
5-2
Lesson 2: Implementing and administering GPOs
5-13
Lesson 3: Group Policy scope and Group Policy processing
5-21
Lab A: Implementing a Group Policy infrastructure
5-36
Lesson 4: Troubleshooting the application of GPOs
5-40
Lab B: Troubleshooting Group Policy infrastructure
5-48
Module Review and Takeaways
5-53
Module 6: Managing user settings with Group Policy
Module Overview
6-1
Lesson 1: Implementing administrative templates
6-2
Lesson 2: Configuring Folder Redirection, Software Installation, and Scripts
6-12
Lesson 3: Configuring Group Policy preferences
6-22
Lab: Managing user settings with Group Policy
6-29
Module Review and Takeaways
6-38
Module 7: Securing Active Directory Domain Services
Module Overview
7-1
Lesson 1: Securing domain controllers
7-2
Lesson 2: Implementing account security
7-15
Lesson 3: Implementing audit authentication
7-34
Lesson 4: Configuring managed service accounts
7-38
Lab: Securing AD DS
7-45
Module Review and Takeaways
7-55
Module 8: Deploying and managing AD CS
Module Overview
8-1
Lesson 1: Deploying CAs
8-2
Lesson 2: Administering CAs
8-11
Lesson 3: Troubleshooting and maintaining CAs
8-21
Lab: Deploying and configuring a two-tier CA hierarchy
8-28
Module Review and Takeaways
8-32
xv
Module 9: Deploying and managing certificates
Module Overview
9-1
Lesson 1: Deploying and managing certificate templates
9-2
Lesson 2: Managing certificate deployment, revocation, and recovery
9-8
Lesson 3: Using certificates in a business environment
9-18
Lesson 4: Implementing and managing smart cards
9-27
Lab: Deploying and using certificates
9-33
Module Review and Takeaways
9-40
Module 10: Deploying and administering AD FS
Module Overview
10-1
Lesson 1: Overview of AD FS
10-2
Lesson 2: AD FS requirements and planning
10-11
Lesson 3: Deploying and configuring AD FS
10-23
Lesson 4: Web Application Proxy overview
10-38
Lab: Implementing AD FS
10-49
Module Review and Takeaways
10-60
Module 11: Implementing and administering AD RMS
Module Overview
11-1
Lesson 1: Overview of AD RMS
11-2
Lesson 2: Deploying and managing an AD RMS infrastructure
11-10
Lesson 3: Configuring AD RMS content protection
11-18
Lab: Implementing an AD RMS infrastructure
11-23
Module Review and Takeaways
11-28
Module 12: Implementing AD DS synchronization with Microsoft Azure AD
Module Overview
12-1
Lesson 1: Planning and preparing for directory synchronization
12-2
Lesson 2: Implementing directory synchronization by using
Azure AD Connect
12-13
Lesson 3: Managing identities with directory synchronization
12-23
Lab: Configuring directory synchronization
12-37
Module Review and Takeaways
12-43
MCT USE ONLY. STUDENT USE PROHIBITED
xvi Identity with Windows Server 2016
MCT USE ONLY. STUDENT USE PROHIBITED
Identity with Windows Server 2016
Module 13: Monitoring, managing, and recovering AD DS
Module Overview
13-1
Lesson 1: Monitoring AD DS
13-2
Lesson 2: Managing the Active Directory database
13-11
Lesson 3: Active Directory backup and recovery options for AD DS and other
identity and access solutions
13-18
Lab: Recovering Objects in AD DS
13-27
Module Review and Takeaways
13-32
Lab Answer Keys
Module 1 Lab: Deploying and administering AD DS
L1-1
Module 2 Lab A: Managing AD DS objects
L2-7
Module 2 Lab B: Administering AD DS
L2-11
Module 3 Lab: Domain and trust management in AD DS
L3-17
Module 4 Lab: Implementing AD DS sites and replication
L4-23
Module 5 Lab A: Implementing a Group Policy infrastructure
L5-31
Module 5 Lab B: Troubleshooting Group Policy infrastructure
L5-35
Module 6 Lab: Managing user settings with Group Policy
L6-41
Module 7 Lab: Securing AD DS
L7-51
Module 8 Lab: Deploying and configuring a two-tier CA hierarchy
L8-65
Module 9 Lab: Deploying and using certificates
L9-71
Module 10 Lab: Implementing AD FS
L10-79
Module 11 Lab: Implementing an AD RMS infrastructure
L11-91
Module 12 Lab: Configuring directory synchronization
L12-99
Module 13 Lab: Recovering objects in AD DS
L13-105
xvii
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course
About This Course
This section provides a brief description of the course, audience, suggested prerequisites, and course
objectives.
Course Description
Note: This first release (‘A’) MOC version of course 20742A has been developed Windows
Server 2016 Technical Preview 5. Microsoft Learning will release a ‘B’ version of this course with
enhanced PowerPoint slides, and Course Companion content on Microsoft Learning site.
xix
This five-day instructor-led course teaches IT professionals how to deploy and configure Active Directory
Domain Services (AD DS) in a distributed environment, how to implement Group Policy, how to perform
backup and restore, and how to monitor and troubleshoot Active Directory–related issues with Windows
Server 2016. Additionally, this course teaches students how to deploy other Active Directory server roles,
such as Active Directory Federation Services (AD FS) and Active Directory Certificate Services (AD CS).
Audience
This course is primarily intended for working IT professionals who have some AD DS knowledge and
experience, and who aim to develop knowledge about identity and access technologies in Windows
Server 2016. This audience would typically include:
•
AD DS administrators who want to train in identity and access technologies with Windows Server
2016.
•
System or infrastructure administrators with general AD DS experience and knowledge who want to
cross train in core and advanced identity and access technologies in Windows Server 2016.
The secondary audience for this course includes IT professionals who want to consolidate their knowledge
about AD DS and related technologies, in addition to IT professionals who want to prepare for the 70-742
exam.
Student Prerequisites
This course requires that you meet the following prerequisites:
•
Some exposure to and experience with AD DS concepts and technologies in Windows Server 2012 or
Windows Server 2016.
•
Experience working with and configuring Windows Server 2012 or Windows Server 2016.
•
Experience and an understanding of core networking technologies such as IP addressing, name
resolution, and Dynamic Host Configuration Protocol (DHCP).
•
Experience working with, and an understanding of Microsoft Hyper-V and basic server virtualization
concepts.
•
An awareness of basic security best practices.
•
Hands-on working experience with Windows client operating systems such as Windows 7, Windows 8,
Windows 8.1, or Windows 10.
•
Basic experience with the Windows PowerShell command-line interface.
About This Course
Course Objectives
After completing this course, students will be able to:
•
Install and configure domain controllers.
•
Manage objects in AD DS by using graphical tools and Windows PowerShell.
•
Implement AD DS in complex environments.
•
Implement AD DS sites, and configure and manage replication.
•
Implement and manage Group Policy Objects (GPOs).
•
Manage user settings by using GPOs.
•
Secure AD DS and user accounts.
•
Implement and manage a certificate authority (CA) hierarchy with AD CS.
•
Deploy and manage certificates.
•
Implement and administer AD FS.
•
Implement and administer Active Directory Rights Management Services (AD RMS).
•
Implement synchronization between AD DS and Azure AD.
•
Monitor, troubleshoot, and establish business continuity for AD DS services.
Course Outline
The course outline is as follows:
MCT USE ONLY. STUDENT USE PROHIBITED
xx
Module 1, “Installing and configuring domain controllers,” describes features of AD DS and how to install
domain controllers (DCs). It also covers the considerations for deploying DCs.
Module 2, “Managing objects in AD DS,” describes how to use various techniques to manage objects in
AD DS. This includes creating and configuring users, groups, and computer objects.
Module 3, “Advanced AD DS infrastructure management,” describes how to plan and implement an AD
DS deployment that includes multiple domains and forests. The module provides an overview of the
components in an advanced AD DS deployment, the process of implementing a distributed AD DS
environment, and the procedure for configuring AD DS trusts.
Module 4, “Implementing and administering AD DS sites and replication,” describes how to plan and
implement an AD DS deployment that includes multiple locations. The module explains how replication
works in a Windows Server 2016 AD DS environment.
Module 5, “Implementing Group Policy,” describes how to implement a GPO infrastructure. The module
provides an overview of the components and technologies that constitute the Group Policy framework.
Module 6, “Managing user settings with Group Policy,” describes how to configure Group Policy settings
and Group Policy preferences. This includes implementing administrative templates, configuring folder
redirection and scripts, and configuring Group Policy preferences.
Module 7, “Securing Active Directory Domain Services,” describes how to configure domain controller
security, account security, password security, and Group Managed Service Accounts.
Module 8, “Deploying and managing AD CS,” describes how to implement an AD CS deployment. This
includes deploying, administering, and troubleshooting CAs.
Module 9, “Deploying and managing certificates,” describes how to deploy and manage certificates in an
AD DS environment. This involves deploying and managing certificate templates, managing certificate
revocation and recovery, using certificates in a business environment, and implementing smart cards.
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course
Module 10, “Deploying and administering AD FS,” describes AD FS and how to configure AD FS in a
single-organization scenario and in a partner-organization scenario.
xxi
Module 11, “Implementing and administering AD RMS,” describes how to implement an AD RMS
deployment. The module provides an overview of AD RMS, explains how to deploy and manage an AD
RMS infrastructure, and explains how to configure AD RMS content protection.
Module 12, “Implementing AD DS synchronization with Microsoft Azure AD,” describes how to plan and
configure directory syncing between Microsoft Azure Active Directory (Azure AD) and on-premises AD DS.
The module describes various sync scenarios, such as Azure AD sync, AD FS and Azure AD, and Azure AD
Connect.
Module 13, “Monitoring, managing, and recovering AD DS,” describes how to monitor, manage, and
maintain AD DS to help achieve high availability of AD DS.
Course Materials
The following materials are included with your kit:
•
Course Handbook: a succinct classroom learning guide that provides the critical technical
information in a crisp, tightly-focused format, which is essential for an effective in-class learning
experience.
MCT USE ONLY. STUDENT USE PROHIBITED
xxii About This Course
o
Lessons: guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
o
Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
o
Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge
and skills retention.
o
Lab Answer Keys: provide step-by-step lab solution guidance.
Additional Reading: Course Companion Content on the
/learning/en/us/companion-moc.aspx Site: searchable, easy-to-browse digital content with
integrated premium online resources that supplement the Course Handbook.
•
Modules: include companion content, such as questions and answers, detailed demonstration steps,
and additional reading links, for each lesson. Additionally, they include Lab Review questions and
answers and Module Reviews and Takeaways sections, which contain the review questions and
answers, best practices, common issues and troubleshooting tips with answers, and real-world issues
and scenarios with answers.
•
Resources: include well-categorized additional resources that give you immediate access to the most
current premium content on TechNet, MSDN, or Microsoft Press.
•
Course evaluation: at the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
o
To provide additional comments or feedback on the course, to To
inquire about the Microsoft Certification Program, send an email to
Virtual Machine Environment
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course
xxiii
This section provides the information for setting up the classroom environment to support the business
scenario of the course.
Virtual Machine Configuration
In this course, you will use Hyper-V to perform the labs.
Note: At the end of each lab, you must revert the virtual machines to a snapshot. You can
find the instructions for this procedure at the end of each lab.
The following table shows the role of each virtual machine that is used in this course:
Virtual machine
Role
20742A-LON-DC1
Domain controller in the Adatum.com domain
20742A-LON-DC2
Domain controller in the Adatum.com domain
20742A-TOR-DC1
Domain controller in the Adatum.com domain (in
another site)
20742A-TREY-DC1
Domain controller in Treyresearch.com domain
20742A-LON-SVR1
Member server in the Adatum.com domain
20742A-LON-SVR2
Member server in the Adatum.com domain with
Web server role
20742A-CA-SRV1
Server not joined to the domain to be used as
offline root CA
20742A-LON-CL1
Windows 10 client with Microsoft Office 2016
installed
20742A-LON-CL2
Windows 10 client with Office 2016 installed
Software Configuration
The following software is installed on each virtual machine:
•
Windows Server 2016 TP5
•
Windows 10 Enterprise
•
Microsoft Office Professional 2016
•
Microsoft Active Directory Replication Status tool
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way.
Course Hardware Level
To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment
configuration for trainer and student computers in all Microsoft Certified Partner for Learning Solutions
(CPLS) classrooms in which Official Microsoft Learning Product courseware is taught.
•
Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD-V) processor
•
Hard Disk: Dual 500 gigabyte (GB) hard disks 7200 RPM SATA labeled C drive and D drive
•
16 GB of random access memory (RAM)
•
DVD drive
•
Network adapter
•
Super VGA (SVGA) 17-inch monitor
•
Microsoft mouse or compatible pointing device
•
Sound card with amplified speakers
Additionally, the instructor’s computer must be connected to a projection display device that supports
SVGA 1024×768 pixels, 16-bit colors.
MCT USE ONLY. STUDENT USE PROHIBITED
xxiv About This Course
MCT USE ONLY. STUDENT USE PROHIBITED
1-1
Module 1
Installing and configuring domain controllers
Contents:
Module Overview
1-1
Lesson 1: Overview of AD DS
1-2
Lesson 2: Overview of AD DS domain controllers
1-14
Lesson 3: Deploying a domain controller
1-23
Lab: Deploying and administering AD DS
1-34
Module Review and Takeaways
1-39
Module Overview
Active Directory Domain Services (AD DS) and its related services form the foundation for enterprise
networks that run Windows operating systems. The AD DS database is the central store of all the domain
objects, such as user accounts, computer accounts, and groups. AD DS provides a searchable, hierarchical
directory and a method for applying configuration and security settings for objects in the enterprise. This
module covers the structure of AD DS and its various components, such as forests, domains, and
organizational units (OUs).
With an increasing focus on cloud and hybrid environments, Windows Server 2016 includes several new
AD DS features that make it easier to manage these environments. This module covers the features and
choices available in Windows Server 2016 for installing AD DS on a server along with an overview of
domain controllers.
Objectives
After completing this module, you will be able to:
•
Describe AD DS and its main components.
•
Describe the purpose of domain controllers and their roles.
•
Describe the considerations for deploying domain controllers.
•
Deploy a domain controller.
