Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
The Microsoft Certified Solutions Master: Directory Services certification validates comprehensive
knowledge of the Windows Server Directory platform. This certification is designed to challenge the
limits of most candidates. The reading list below provides an overview of topics covered during training
and is not intended to be a conclusive set of reference material. You are encouraged to review the
topics below in preparation for the training courses.
AD Database
How the Data Store Works
o Data Store Architecture
o Data Store Protocols
o Data Store Interfaces
o Data Store Logical Structure
o Data Store Physical Structure
o Data Store Processes and Interactions
o Network Ports Used by the Data Store
o Related Information
Data Storage
o Directory Tree
o Storage Limits
o Directory Data Store
o Object-Based Security
o Growth Estimates for Active Directory Users and Organizational Units
o Data Characteristics
o Windows 2000 SAM Storage
o Data Model
o Container Objects and Leaf Objects
o Directory Partitions
Extensible Storage Engine Files
o Transaction Log Files
o Temporary Transaction Log Files
o Reserved Transaction Log Files
o Checkpoint Files
o Database Files
o Temporary Databases
Active Directory Domain Services Database Mounting Tool (Snapshot Viewer or Snapshot
Browser) Step-by-Step Guide
MCM: Active Directory Indexing For the Masses
ADFS
Overview of Active Directory Federation Services (ADFS) in Windows Server 2003 R2
Active Directory Federation Services (AD FS) Overview
ADFS Design Guide
o Understanding the ADFS Design Process
o Identifying Your ADFS Deployment Goals
o Mapping Your Deployment Goals to an ADFS Design
o Evaluating ADFS Design Examples
o Planning Partner Organization Deployments
o Designing a Federated Application Strategy
o Planning ADFS-Enabled Web Server Placement
o Planning Federation Server Placement
o Planning Federation Server Proxy Placement
o Planning for ADFS Capacity
o Finding Additional ADFS Resources
o Appendix A: Reviewing ADFS Requirements
o Appendix B: Reviewing Key ADFS Concepts
o Appendix C: Documenting Your ADFS Design
ADFS Deployment Guide
o Planning to Deploy ADFS
o Implementing Your ADFS Design Plan
o Checklist: Implementing a Web SSO Design
o Checklist: Implementing a Federated Web SSO Design
o Checklist: Implementing a Federated Web SSO with Forest Trust Design
o Deploying Partner Organizations
o Deploying Federated Applications
o Deploying ADFS-Enabled Web Servers
o Deploying Federation Servers
o Deploying Federation Server Proxies
o Finding Additional ADFS Resources
AD FS 2.0 Claims Rule Language Primer
o An Introduction to Claims
o Security Briefs: Exploring Claims-Based Identity
o AD FS 2.0 Content Map
o Understanding Claim Rule Language in AD FS 2.0
o When to Use a Custom Claim Rule
o The Role of the Claim Rule Language
o The Role of the Claims Engine
o The Role of the Claims Pipeline
AD FS 2.0 Claims Rule Language Part 2
AD FS 2.0: Using RegEx in the Claims Rule Language
AD FS 2.0 RelayState
Certificate Services
Best Practices for Implementing a Microsoft Windows Server 2003 Public Key Infrastructure
o About This Document (Best Practices for Implementing a Microsoft Windows Server
2003 Public Key Infrastructure)
o Overview of the PKI Design Process (Best Practices for Implementing a Microsoft
Windows Server 2003 Public Key Infrastructure)
o Integration Into Existing Environments (Best Practices for Implementing a Microsoft
Windows Server 2003 Public Key Infrastructure)
o Windows Server 2003 PKI and Dependencies (Best Practices for Implementing a
Microsoft Windows Server 2003 Public Key Infrastructure)
o Deployment Planning (Best Practices for Implementing a Microsoft Windows Server
2003 Public Key Infrastructure)
o Creating Certificate Policies and Certificate Practice Statements
o Example Scenario for Contoso
o Stand-alone Offline Intermediate CA (IntermediateCA1)
o Stand-alone Offline Intermediate CA (CorporateSub2CA)
o Online Enterprise Issuing CAs (CorporateEnt1CA)
o Certification Authority Maintenance
o Appendix A: Directory Objects
o Contents of \\Localhost\CertConfig and \\Localhost\CertEnroll
o Relationship of the Configuration Container and Certificate Store
o Default CA Certificate and CRL Storage
o Mapping Custom Object Identifiers to Friendly Names
o CAPolicy.inf Syntax
o CRL Distribution Point Replacement Token
o CRL Publishing Properties
o AIA Publishing Properties
o Sample Script to Configure CorporateRootCA
o Sample Script to Configure IntermediateCA
o Sample Script to Configure the EnterpriseSubCA
o Appendix B: Parameters for a Three-Tier CA Topology
o Appendix C: Additional Information
Best Practices for Certificate Management
Designing and Implementing a PKI: A 5 Part Article
o Designing and Implementing a PKI: Part I Design and Planning
o Designing and Implementing a PKI: Part II Implementation Phases and Certificate
Authority Installation
o Designing and Implementing a PKI: Part III Certificate Templates
o Designing and Implementing a PKI: Part IV Configuring SSL for Web Enrollment and
Enabling Key Archival
o Designing and Implementing a PKI: Part V Disaster Recovery
Windows XP: Certificate Status and Revocation Checking
Certificate Revocation Checking in Windows Vista and Windows Server 2008
o What’s New in Certificate Revocation in Windows Vista and Windows Server 2008
o How Certificate Revocation Works
o Pre-Fetching
o Support for Independent OCSP Signer and Custom OCSP URLs
o Optimizing the Revocation Experience
o Appendix A: Managing OCSP Settings with Group Policy
o Appendix B: Configuring ETag and Max-Age in IIS
o Appendix C: Certificate Revocation References
Public Key Infrastructure (PKI)
o CA Certificates Technical Reference
o Certificates Technical Reference
o Certificate Services Technical Reference
CA Certificates Technical Reference (similar to the next TR)
o What Are CA Certificates?
o How CA Certificates Work
o CA Certificates Tools and Settings
Certificate Service Technical Reference (similar to the previous TR)
o What Is Certificate Services?
o How Certificate Services Works
o Certificate Services Tools and Settings
Client Interaction
Locating Active Directory Servers
o Domain Controller Name Registration
o SRV Resource Records
o Domain Controller Location Process
o Finding a Domain Controller in the Closest Site
o Types of Locators
IP/DNS DC Locator Algorithm (This is also a great general DNS review, but review this specific
named section)
Domain Locator Across a Forest Trust
How Domain Controllers are Located Across Trusts
DsgetDCname – particularly the piece about the new stickiness feature
Deployment
How to use the Install from Media feature to promote Windows Server 2003-based domain
controllers
Installing an Additional Domain Controller by Using IFM
o Create Installation Media by Using Ntdsutil
o Install an Additional Domain Controller by Using Installation Media
Infrastructure Planning and Design (Windows Server 2008 Active Directory Domain Services)
Domain Migration
ADMT Guide: Migrating and Restructuring Active Directory Domains
o ADMT versions
o Best Practices for Active Directory Migration
o Interforest Active Directory Domain Restructure
o Intraforest Active Directory Domain Restructure
o Appendix: Advanced Procedures
o Troubleshooting ADMT
o Additional Resources
Group Policy
Core Group Policy Technical Reference
How Core Group Policy Works
o Core Group Policy Architecture
o Core Group Policy Physical Structure
o Core Group Policy Processes and Interactions
o Network Ports Used by Group Policy
o Related Information
What is Core Group Policy
o Change and Configuration Management
o Core Group Policy Infrastructure
o Core Group Policy Scenarios
o Core Group Policy Dependencies
o Related Information
Core Group Policy Tools and Settings
o Group Policy Tools
o Group Policy Settings
o Group Policy WMI Classes
o Related Information
Group Policy Components
Group Policy Preferences Overview Whitepaper (download)
(Vista) - Troubleshooting Group Policy Using Event Logs
Interpreting Userenv log files
Designing a Group Policy Infrastructure
o Overview of Group Policy
o Planning Your Group Policy Design
o Designing Your Group Policy Model
o Deploying Group Policy
o Maintaining Group Policy
o Additional Resources for Group Policy Infrastructure
Group Policy Management ConsolE Technical Reference
o What Is Group Policy Management Console?
o How Group Policy Management Console Works
o Group Policy Management Console Tools and Settings
Group Policy Object Editor
o What Is Group Policy Object Editor?
o How Group Policy Object Editor Works
o Group Policy Object Editor Tools and Settings
Group Policy Loopback processing
o Part 1: Circle Back to Loopback
o Part 2: Back to the Loopback: Troubleshooting Group Policy loopback processing
Replication
How Active Directory Replication Topology Works
o Active Directory KCC Architecture and Processes
o Replication Topology Physical Structure
o Performance Limits for Replication Topology Generation
o Goals of Replication Topology
o Topology-Related Objects in Active Directory
o Replication Transports
o Replication Between Sites
o KCC and Topology Generation
o Network Ports Used by Replication Topology
o Related Information
Active Directory Replication Model
o What Is the Active Directory Replication Model?
o How the Active Directory Replication Model Works
o Active Directory Replication Tools and Settings
Active Directory Replication Topology
o What Is Active Directory Replication Topology?
o How Active Directory Replication Topology Works
o Active Directory Replication Tools and Settings
AD Branch Office Guide (download)
Microsoft Active Directory Topology Diagrammer
The Role of the Inter-Site Topology Generator in Active Directory Replication
How to view and set LDAP policy in Active Directory by using Ntdsutil.exe
How to configure the Windows Time service against a large time offset
BridgeHead Server Selection
Active Directory Load Balancing Tool (ADLB)
Configuring Change Notification on a MANUALLY created Replication partner
• (Physical Security/Compromise)
KCC/ISTG
RID Protection
TechNet Article: Managing RID Issuance
ASKDS Blog Article: Managing RID Issuance in Windows Server 2012
Kerberos FAST
RFC6113 A Generalized Framework for Kerberos Pre-Authentication
What's New in Kerberos Authentication
Access Control and Authorization Overview – covers domain requirements for Kerberos
armoring and group policy settings.
Kerberos Proxy
Kerberos Authentication Overview
Enriched Remote Access experience in Windows Server 2012
Delegation of Authentication
[MS-KKDCP]: Kerberos Key Distribution Center (KDC) Proxy Protocol