1. 70-640: TS: Windows Server 2008 Active Directory, Configuring
Creating an Active Directory Domain
Active Directory Domain Services (AD DS) and its related services form the foundation for enterprise networks running
Microsoft Windows. Together, they act as tools that store information about the identities of users, computers, and
services; authenticate individual users or computers; and provide a mechanism with which a user or computer can access
resources in the enterprise.
Active Directory Domain Services (AD DS) provides the functionality of an identity and access (IDA) solution for enterprise
networks. In this lesson, you learn about AD DS and other Active Directory roles supported by Windows Server 2008. You
also explore Server Manager, the tool with which you can configure server roles, and the improved Active Directory
Domain Services Installation Wizard. This lesson also reviews key concepts of IDA and Active Directory.
Identity and access (IDA) infrastructure refers to the tools and core technologies used to integrate people, processes, and
technology in an organization. An effective IDA infrastructure ensures that the right people have access to the right
resources at the right time.

2. Kerberos Authentication in an Active Directory
Domain
• Access control
• Auditing
• Active Directory Domain Services (Identity)
• Active Directory Lightweight Directory Services (Applications)
• Active Directory Certificate Services (Trust)
• Active Directory Rights Management Services (Integrity)
• Active Directory Federation Services (Partnership)

3. Components of an Active Directory
Infrastructure
• Active Directory data store
• Domain controllers
• Domain
• Forest
• Tree
• Functional level
• Organizational units
• Sites

4. Preparing to Create a New Windows Server
2008 Forest
• Before you install the AD DS role on a server and promote it to act as a domain controller, plan your Active Directory infrastructure. Some of
the information you will need to create a domain controller includes the following:
• The domain’s name and DNS name. A domain must have a unique DNS name, such as contoso.com, as well as a short name, such as
CONTOSO, called a NetBIOS name. NetBIOS is a network protocol that has been used since the first versions of Microsoft Windows NT and is
still specified and used for backward compatibility. Whether the domain will need to support domain controllers running previous
• Versions of Windows. When you create a new Active Directory forest, you will configure the functional level. If the domain will include only
Windows Server 2008 R2 domain controllers, you can set the functional level accordingly to benefit from the enhanced features introduced
by this version of Windows. n Details for how DNS will be implemented to support Active Directory. It is a best practice to implement DNS
for your Windows domain zones by using Windows DNS Service, “Integrating Domain Name System with AD DS”; however, it is possible to
support a Windows domain on a third-party DNS service. n IP configuration for the domain controller. Domain controllers require static IP
addresses and subnet mask values. Additionally, the domain controller must be configured
• with a DNS server address to perform name resolution. If you are creating a new forest and will run Windows DNS Service on the domain
controller, you can configure the DNS address to point to the server’s own IP address. After DNS is installed, the server can look to itself to
resolve DNS names. The user name and password of an account in the server’s Administrators group. The account must have a assword—
the password cannot be blank. n The location in which the data store (including Ntds.dit) and system volume (SYSVOL) should be installed.
By default, these stores are created in %SystemRoot%; for example, C:Windows, in the NTDS and SYSVOL folders, respectively. When
creating a domain controller, you can redirect these stores to other drives.