Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 1

Trainer Preparation Guide for Course 20742B: Identity

with Windows Server 2016
Design of the Course
This course is for existing IT professionals who have some Active Directory Domain Services (AD DS)
knowledge and experience, and who want to learn about identity and access technologies in Windows
Server 2016. This would typically include:

• AD DS administrators who want to train in identity and access technologies with Windows
Server 2016.

• System or infrastructure administrators with general AD DS experience and knowledge who want to
cross train in core and advanced identity and access technologies in Windows Server 2016.

The secondary audience for this course includes IT professionals who are would like to consolidate
their knowledge of AD DS and related technologies, and IT professionals who want to prepare for the
70-742 exam.

When you teach this 13-module course, you are likely to have students with a wide range of experience.
Try to gauge their experience level early in the course. You then can use this information to tailor your
course delivery to meet their needs.
This course describes how to configure and maintain identity services in a Windows Server 2016 enterprise
environment:
• Module 1 describes the features of AD DS and how to install domain controllers. It also covers the
considerations for deploying domain controllers.

• Module 2 describes how to use various techniques to manage objects in AD DS. This includes creating
and configuring user, group, and computer objects.
• Module 3 describes how to plan and implement an AD DS deployment that includes multiple
domains and forests. The module provides an overview of the components in an advanced AD DS
deployment, the process of implementing a distributed AD DS environment, and the procedure for
configuring AD DS trusts.

• Module 4 describes how to plan and implement an AD DS deployment that includes multiple
locations. The module explains how replication works in a Windows Server 2016 AD DS environment.

• Module 5 describes how to implement a Group Policy object infrastructure. The module provides an
overview of the components and technologies that constitute the Group Policy framework.

• Module 6 describes how to configure Group Policy settings and Group Policy preferences. This
includes implementing administrative templates, configuring folder redirection and scripts, and
configuring Group Policy preferences.

• Module 7 describes how to configure domain controller security, account security, password security,
and Group Managed Service Accounts.

• Module 8 describes how to implement an Active Directory Certification Services (AD CS) deployment.
This includes deploying, administering, and troubleshooting certificate authorities (CAs).
• Module 9 describes how to deploy and manage certificates in an AD DS environment. This involves
deploying and managing certificate templates, managing certificate revocation and recovery, using
certificates in a business environment, and implementing smart cards.
 Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 2

• Module 10 describes Active Directory Federation Services (AD FS) and how to configure AD FS in a
single-organization scenario and in a partner-organization scenario.
• Module 11 describes how to implement an Active Directory Rights Management Services (AD RMS)
deployment. The module provides an overview of AD RMS, explains how to deploy and manage an
AD RMS infrastructure, and explains how to configure AD RMS content protection.
• Module 12 describes how to plan and configure directory syncing between Microsoft Azure Active
Directory (Azure AD) and on-premises AD DS. The module describes various sync scenarios, such as
Azure AD sync, AD FS and Azure AD, and Azure AD Connect.
• Module 13 describes how to monitor, manage, and maintain AD DS to help achieve high availability
of AD DS.

Required Materials to Teach This Course

To teach this course, you need the following materials:

• Course Handbook
• Course Companion Content from the http://www.microsoft.com/learning/companionmoc/ website

• Microsoft PowerPoint files

• OneNote Trainer Pack on MCT Download Center at https://learningdownloadcenter.microsoft.com

• Microsoft Hyper-V Classroom Setup Guide

• Course virtual machines

Prerequisite Knowledge to Teach This Course

To present this course, you must have the following knowledge and skills:
• At least two years of experience working with Windows Server operating systems, including
Windows, and some exposure to and experience with AD DS concepts and technologies in
Windows Server 2012 or Windows Server 2016.

• In-depth knowledge of AD DS in Windows Server 2012 or Windows Server 2016.

• In-depth knowledge of AD CS.

• In-depth knowledge of AD FS.

• In-depth knowledge of AD RMS.

• Good understanding of concepts such as Identity Management, Bring Your Own Device, and high
availability.

• Basic experience with the Windows PowerShell command-line interface.

 Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 3

Preparation Tasks
Complete the following tasks or activities to prepare for this course.

Courses or Workshops
We highly recommend that you audit the latest version of the following courses:

• Course 20740B: Installation, Storage, and Compute with Windows Server 2016

• Course 20741B: Networking with Windows Server 2016

• Course 20743B: Upgrading Your Skills to Windows Server 2016 MCSA

• Course 20744B: Securing Windows Server 2016

Exams
To identify your technical proficiency with the content of this course, we highly recommend that you pass
the following exams:

• Exam 70-742: Identity with Windows Server 2016

Technical Preparation Activities

We highly recommend that you complete the following technical preparation activities:

• Read the additional readings and references included in the Course Companion Content at
http://www.microsoft.com/learning/companionmoc.

• Use the OneNote Trainer Pack (OTP) on the Microsoft Learning Download Center
https://learningdownloadcenter.microsoft.com to prepare for delivering the course:
o The OTP includes the following content on each page (and in this order):
 Slides
 Instructor Notes
 Student Handbook Content
o Each module also includes the Lab Answer Keys (LAKs).

• If you are using on-premises labs, become familiar with the course’s virtual machines and how you set
up and configure them. This includes understanding the base images, mid-tier files, and activation
states. Practice setting up the classroom by following the instructions in the Microsoft Hyper-V
Classroom Setup Guide.
• If you are using third-party hosted labs for Microsoft Courseware, become familiar with how you
configure and access the labs. Ensure that you are ready to demonstrate their use to students and
work with the lab hoster who provides trainer access for course preparation. You can purchase third-
party hosted labs for Microsoft Courseware for use during course delivery at the same time you order
the course materials.
Important If you are intending to use third-party hosted labs for Microsoft
Courseware, you need to ensure that full lab coverage is available before use. This is
because of the presence of Boot-to-VHD labs in some courses and the modifications to
some lab steps that are required to facilitate a hosted lab platform. There are no Boot-
to-VHD or native boot scenarios in the labs in this course.
 Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 4

• If you are using Digital Microsoft Official Courses (MOC) via the Arvato Skillpipe reader, become
familiar with how the digital content is accessed and configured to ensure smooth setup and access
for students. You should also ensure that everything is in place for students to have a smooth
experience when signing in for the first time and accessing their content.
Digital MOC can be purchased for use during course delivery at the same time you order the course
materials.
• This course requires access to Microsoft Azure to be able to complete the demonstrations and labs.
As such, you need to request Microsoft Learning Azure Passes for you and your students. Students
then need to register and activate their pass prior to the class starting. The requesting of Microsoft
Learning Azure Passes should be done at least two weeks before the class is due to start to allow
sufficient time for this.

Details of how to acquire Microsoft Azure Passes for your class are available here:
http://aka.ms/mocazurepass

Once students receive their Azure Pass codes, they should then activate their Microsoft Learning
Azure Passes prior to the start of class by going to the following site and following the steps outlined:
http://www.microsoftazurepass.com

The use of the publicly available trial subscriptions or other types of passes, such as MSDN, is possible
with the course labs. However, the labs have not been tested with every available pass type, so
variations in functionality, while unlikely, are possible due to potential Azure subscription limitations.
The scripts used in the labs will also delete any existing services or components present in Microsoft
Azure under the subscription that you use. As such, the use of the Microsoft Learning Azure Pass will
provide a level of standardization as well as helping prevent any inadvertent removal or interference
with existing Microsoft Azure infrastructure.

You should also remind students to follow the best practices for Microsoft Learning Azure Pass usage
to ensure the pass does not expire during the class. General best practices are explained on the
Microsoft Learning Azure Pass slide in the Module 0 PowerPoint deck.

• Review the learning product error log, which is available on the Microsoft Learning Download Center:
https://learningdownloadcenter.microsoft.com

• Review the course change log, also available on the MCT Download Center, if you have taught a
previous version of this course.

• Practice using the Microsoft products and tools associated with this learning product.

Instructional Preparation Activities

We highly recommend that you complete the following instructional preparation activities:

• Read the About This Course section at the beginning of the course handbook for the learning
product.

• Walk through the Introduction slide deck for the learning product.
• Walk through each module presentation slide deck, and read the corresponding Instructor Notes
(located in the notes view of the presentation slide deck) for the module. Note that additional hidden
slides are used in each slide deck to accommodate the amount of Instructor Notes information for a
given topic.
 Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 5

• Familiarize yourself with the Course Handbook and the Course Companion Content at
http://www.microsoft.com/learning/companionmoc. Make note of when to direct students' attention
to the Course Companion Content for further learning support. More information pertaining to the
course components is present in the Introduction slide deck.

• Practice presenting each module:

o Identify the key points and must-know information for each topic.

o Perform each demonstration and hands-on lab.

o Anticipate the questions that students might have.

o Identify examples, analogies, impromptu demonstrations, and additional delivery tips that will
help to clarify module content and provide a more meaningful learning experience for your
specific audience.

o Note any problems that you might encounter during a demonstration or a lab exercise, and
determine a course of action for how you will resolve the problems in the classroom. To access
the lab answer keys, refer to the appendix in the Course Handbook.

o Work through the Module Review and Takeaways section at the end of each module, and
determine how you will use this section to reinforce student learning and promote knowledge
transfer to on-the-job performance.

o Customize and enhance your instructor notes.

• Consult the Born To Learn forums for additional tips and strategies—posted by your fellow Microsoft
Certified Trainers (MCTs)—for teaching the learning product.
• Review the updated information about the Microsoft Certification Program on the Microsoft Learning
Certifications website.

Instructor Computer Setup

Set up the instructor computer by following the setup instructions in the Microsoft Hyper-V Classroom
Setup Guide. This document provides hardware requirements for the instructor computer, in addition to
detailed setup instructions.

Your setup will differ depending on whether you use on-premises labs or hosted MLOs.

Course Timing
The following schedule is an estimate of the course timing. Your timing might vary. Every student might
not finish every lab. Use your judgment to set a reasonable time before moving on to the next module.

This schedule has been developed to provide about six hours of training per day. Each day starts
at 9:00 A.M., ends between 4:30 and 5:00 P.M., and includes two 15-minute breaks and one hour for
lunch. Each day also includes time to review the previous day's topics and to answer questions from
students. Be realistic about your timings.
 Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 6

Day 1
Start End Module
9:00 9:30 Introduction

9:30 10:15 Module 1: Installing and configuring domain controllers

10:15 10:30 Break

10:30 11:00 Module 1: Installing and configuring domain controllers (continued)

11:00 12:00 Lab: Deploying and administering AD DS

12:00 1:00 Lunch

1:00 2:00 Module 2: Managing objects in AD DS

2:00 2:45 Lab A: Managing AD DS objects

2:45 3:00 Break

3:00 4:15 Module 2: Managing objects in AD DS (continued)

4:15 5:00 Lab B: Administering AD DS

Day 2
Start End Module
9:00 9:15 Day 1 review

9:15 10:15 Module 3: Advanced AD DS infrastructure management

10:15 10:30 Break

10:30 11:10 Lab: Domain and trust management in AD DS

11:10 12:30 Module 4: Implementing and administering AD DS sites and replication

12:30 1:30 Lunch

1:30 2:15 Lab: Implementing AD DS sites and replication

2:15 3:00 Module 5: Implementing Group Policy

3:00 3:15 Break

3:15 3:55 Lab A: Implementing a Group Policy infrastructure

3:55 4:40 Module 5: Implementing Group Policy (continued)

4:40 5:20 Lab B: Troubleshooting Group Policy infrastructure

 Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 7

Day 3
Start End Module
9:00 9:15 Day 2 Review

9:15 10:15 Module 6: Managing user settings with Group Policy

10:15 10:30 Break

10:30 11:30 Lab: Managing user settings with Group Policy

11:30 12:30 Module 7: Securing Active Directory Domain Services

12:30 1:30 Lunch

1:30 2:00 Module 7: Securing Active Directory Domain Services (continued)

2:00 2:15 Break

2:15 3:15 Lab: Securing AD DS

3:15 4:35 Module 8: Deploying and managing AD CS

Day 4
Start End Module
9:00 9:15 Day 3 Review

9:15 10:15 Lab: Deploying and configuring a two-tier CA hierarchy

10:15 10:30 Break

10:30 12:00 Module 9: Deploying and managing certificates

12:00 1:00 Lunch

1:00 2:00 Lab: Deploying and using certificates

2:00 3:30 Module 10: Deploying and administering AD FS

3:30 3:45 Break

3:45 5:15 Lab: Implementing AD FS

 Trainer Preparation Guide for Course 20742B: Identity with Windows Server 2016 8

Day 5
Start End Module
9:00 9:15 Day 4 Review

9:15 10:15 Module 11: Implementing and administering AD RMS

10:15 10:30 Break

10:30 11:30 Lab: Implementing an AD RMS infrastructure

11:30 12:30 Module 12: Implementing AD DS synchronization with Microsoft Azure AD

12:30 1:30 Lunch

1:30 2:30 Lab: Configuring directory synchronization

2:30 2:45 Break

2:45 3:45 Module 13: Monitoring, managing, and recovering AD DS

3:45 4:45 Lab: Recovering objects in AD DS