A blog by Jose Barreto, a member of the File Server team at Microsoft.
All messages posted to this blog are provided "AS IS" with no warranties, and confer no rights.
Information on unreleased products are subject to change without notice.
Dates related to unreleased products are estimates and are subject to change without notice.
The content of this site are personal opinions and might not represent the Microsoft Corporation view.
The information contained in this blog represents my view on the issues discussed as of the date of publication.
You should not consider older, out-of-date posts to reflect my current thoughts and opinions.
© Copyright 2004-2012 by Jose Barreto. All rights reserved.
Follow @josebarreto on Twitter for updates on new blog posts.
As I mentioned in a previous blog post, I am delivering a private, newsgroup-based, Microsoft-sponsored training for Microsoft MVPs. We are reaching the end of the third of five parts of this training, covering Course 6044: Windows Server 2008 Directory Identities and Access (see course description). At the end of each course I pose some questions to the students for discussion. Here are the questions for Course 6044:
01) Describe two scenarios where AD LDS is a better solution than the full AD DS.02) What are to two main methods used to programmatically access an AD LDS instance?03) What change to an AD LDS configuration is required to support the more secure LDAP over SSL?04) If you have a configuration with three AD LDS servers storing the same directory partition, how many of them can accept updates?05) If you have three application directory partitions that need to be available in two different locations (even when they get disconnected), what is the minimum number of AD LDS servers you need?06) If you need to store LDAP-accessible application data with a custom schema but you also need to leverage corporate security, would you use AD DS or AD LDS?07) What schema changes are required in AD DS to support an application using AD LDS with a custom application partition?08) If you have an extranet application that provides access to customers and partners using AD LDS, what kind of trust is required with the internal AD DS?09) If your company’s employees access a partner ordering system using ADFS, how do you establish the trust between the two company’s AD DS domains?10) Name the WS-* protocols that are leveraged by Windows Server 2008’s ADFS.11) Assuming you have already implemented DNS, Domain Services and Certificate Services, what additional services are required for ADFS?12) What Windows Server roles and features are required to implement an ADFS Web Agent?13) In an ADFS implementation, what is the role of the Security Assertion Markup Language (SAML)?14) You have an application that uses Windows-integrated authentication today. What changes to the application are required, if any, to start using ADFS instead.15) If you need your company’s employees to access a partner website via ADFS without providing the specific employee identity to the partner, how would you do it?16) Company employees access a partner-based system using ADFS. To block access to a terminated employee, what actions are required from the company and the partner?17) If you implement an AD RMS and a user forwards a rights-protected e-mail to an external unauthorized party, what does that party see in the e-mail?18) What are requirements for running the AD RMS Server on a Windows Server 2008 server?19) What versions of Microsoft Windows Client and Microsoft Office support AD RMS as a client?20) If an authorized user receives a rights-protected document via e-mail while outside the firewall (with no VPN), can that user access the content?
If I have time, I will post answers in September, after the training is completed.