WELCOME TO THE BEST LEARNING SITE FOR MICROSOFT 365 SERVICES

Windows Server & Active Directory Fundamentals

Mastering On-Premises Directory Services

2.1 Active Directory Deep Dive

**2.1.1 AD Forest Architecture**

Forest Root Domain: company.com├── Child Domain: na.company.com│ ├── OU: USA│ ├── OU: Canada│ └── OU: Mexico├── Child Domain: eu.company.com│ ├── OU: UK│ ├── OU: Germany│ └── OU: France└── Child Domain: apac.company.com ├── OU: Japan ├── OU: Australia └── OU: India

**2.1.2 FSMO Roles in Detail**

**Schema Master (Forest-wide)**- Controls all schema updates- Only one per forest- Required for Exchange/Lync installations**Domain Naming Master (Forest-wide)**- Controls domain additions/removals- Must be online to add new domains**RID Master (Domain-wide)**- Allocates RID pools to domain controllers- Prevents duplicate SIDs**PDC Emulator (Domain-wide)**- Password change master- Time synchronization source- Group Policy management**Infrastructure Master (Domain-wide)**- Updates cross-domain object references- Should not be on Global Catalog server (unless all DCs are GCs)

Lab 2.1: FSMO Role Management

Exercise 1: Identify current FSMO holdersExercise 2: Transfer RID Master roleExercise 3: Seize PDC Emulator (disaster scenario)Exercise 4: Verify replication after changes

2.2 Group Policy Management

**2.2.1 GPO Processing Order**1. Local Computer Policy2. Site Policies3. Domain Policies4. OU Policies (parent to child)

**2.2.2 Advanced GPO Techniques**

**Security Filtering****WMI Filtering****2.2.3 Common GPO Templates****Security Baseline GPO**

Computer Configuration:├── Windows Settings│ ├── Security Settings│ │ ├── Account Policies│ │ │ ├── Password Policy│ │ │ │ ├── Maximum password age: 90 days│ │ │ │ ├── Minimum password length: 14│ │ │ │ └── Password complexity: Enabled│ │ │ └── Account Lockout Policy│ │ │ ├── Lockout threshold: 5 attempts│ │ │ └── Lockout duration: 30 minutes│ │ └── Local Policies│ │ └── Security Options│ │ ├── Interactive logon: Require smart card│ │ └── Network security: LAN Manager level│ └── Administrative Templates│ ├── Windows Components│ │ ├── BitLocker: Require encryption│ │ └── Windows Update: Auto-download and schedule│ └── System│ └── Device Installation: Block USB storage
2.3 DNS & DHCP Integration
**2.3.1 DNS Zone Types**- **Primary Zone**: Read/write copy- **Secondary Zone**: Read-only copy- **Stub Zone**: Contains only NS records- **Active Directory Integrated**: Stored in AD, multi-master replication
**2.3.2 DNS Scavenging Configuration**
**2.3.3 DHCP Failover Configuration**

Page updated

Google Sites

Report abuse