Post-Graduate AD Studies

Post-Graduate AD Studies

  • Comments 7
  • Likes

Hello world, Ned here again. I was out of the office late last week so there was no mail sack; Jonathan pretended like he was going to do one but he lied. He’ll try to claim that things got “busy” and there were “customers” who wanted “their issues fixed” or some other nonsense, but we all know it was due to him daydreaming about bubble baths.

Too weird?

Anyway, what with the hiring we’re doing now, a month ago I promised you some further reading around how you can amp up your Active Directory skills. Rather than burying it in another mail sack, I figured I’d lay it all out here in one spot. If you feel like you need to fill in the cracks on your directory service knowledge, here’s what we force feed our new hires:

Core Technology Reading

If you read nothing else, read these core pieces. While they are Win2003/XP specific, that’s still at least 75% of the business install base and highly relevant. For the most part things don’t change that much architecturally between versions either (ignoring GP and User Profiles). They give you the fundamentals to build on later.

Active Directory Collection
Active Directory Replication Model
Active Directory Replication Topology
Authentication
Authorization
DNS Technical Reference
Group Policy
Interactive Logon
Kerberos Authentication Technical Reference
Public Key Infrastructure (PKI)
TCP/IP Technical Reference
User Profiles

Post Graduate Technology Reading

Then we get to the more advanced subjects, the specific features added in later models, and the things that will take you into rarefied air. Much of this is Windows Server 2008 and later too, so if you haven’t started rolling out our later OS this will get you ready. If you can get through these, you’re ready to run AD in the environments with 100,000+ computers. And as I always tell people, if you know how something works, you can troubleshoot any kind of problem – even if the issue has never seen seen before.

Active Directory Domain Services in the Perimeter Network
Active Directory and Active Directory Domain Services Port Requirements
Active Directory Schema
ADMT Guide: Migrating and Restructuring Active Directory Domains
AppLocker
AD DS Design Guide
CA Certificates
Certificates
Certificate Services
Core Group Policy Technical Reference
Designing a Group Policy Infrastructure
DFSR
DFS Replication: Frequently Asked Questions (FAQ)
Distributed File System (DFS)
DNS Support for Active Directory
Domain and Forest Trusts Technical Reference
File Replication Service FRS
Global Catalog Technical Reference 
Group Policy Components
Group Policy Management Console
Group Policy Object Editor
Logon and Authentication Technologies
Managed Service Accounts
Managing Roaming User Data Deployment Guide
Operations Masters Technical Reference
Read-Only Domain Controller Planning and Deployment Guide
Running Domain Controllers in Hyper-V
Security Auditing
Security Compliance Manager
Security Identifiers Technical Reference
Security Descriptors and Access Control Lists Technical Reference
Security Principals Technical Reference
Staging Group Policy Deployments
SYSVOL Replication Migration Guide: FRS to DFS Replication
User Account Control Technical Reference
What's New in Active Directory Domain Services in Win2008
What's New in Active Directory Domain Services in Win2008 R2
Windows Smart Card Technical Reference
Windows Time Service Technical Reference
WINS Technical Reference

Lab Materials

You can use these free trial editions below in order to do live repros of all this, and repros are highly suggested. Especially with the use of Netmon 3.4 to see how things look on the wire and learn how we troubleshoot here – with network captures. Running these in Hyper-V, in Virtualbox, etc. will also make the materials more understandable.

http://www.microsoft.com/windowsserver2008/en/us/trial-software.aspx
http://technet.microsoft.com/en-us/evalcenter/cc442495.aspx

As an alternative, for a few hundred bucks you can get the amazingly packed TechNet or MSDN subscriptions that provide you with copies of so much MS software it’s ridiculous; way better than using trialware. Check those out here:

http://technet.microsoft.com/en-us/subscriptions/buy.aspx
http://msdn.microsoft.com/en-us/subscriptions/buy.aspx

Thanks to the Blue Devil Demon* who reminded me to do this. :-)

Ned “nutty professor” Pyle

* Apologies to Coach K and the ghost of Ray Meyer. I've been away from Chicago too long, it seems. Maybe I really am no longer a 'damyankee', as my wife puts it?

  • Thanks Ned and the Blue Devil. I hope you have more luck.

  • I failed at college mascoting - fixed. :-)

  • Great reading list Ned; just out of curiosity do people coming in for jobs with the AD team still miss the "what are the FSMO roles" question?

    Hopefully people coming in to work on your team know those roles cold but I see a lot of people missing that question in interviews where I am.  Hopefully you all have a better success rate.(about 50 percent miss it when we ask)

  • People generally know the roles and where they are located. Things get more interesting when they are asked what each role does - especially considering most of them do a variety of things.

    50% = ouch.

  • Here is a link to some nice virtual labs that might help people out as well.  technet.microsoft.com/.../bb512925.aspx

    Brian

  • Woah, going to take me a while to get through all that! Thanks for putting the list together though :)