Build Your Skills: Studying for Microsoft's 70-217 directory services exam

Tips for individuals preparing to take Microsofts 70-217 directory services exam

One of the core exams that Windows 2000 MCSE candidates must pass is 70-217, Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure. As an IT instructor, I find this one to be my favorite Microsoft exam, due in part to the fact that I truly enjoy working with the Active Directory—the core subject matter of the exam.

To help you get a handle on what exam 70-217 encompasses, I'll focus on these areas:
  • Audience and prerequisites
  • Exam details
  • Summary of what you need to know
  • Recommended study plan

Audience and prerequisites
According to Microsoft, this exam is designed for the individual who is operating in a medium-to-large network that's running Windows 2000 as its network operating system (presumably with Active Directory implemented). Ideally, you should have at least one year of experience in networking, specifically in the areas of administering similar network operating systems (e.g., Novell NetWare or Windows NT 4.0).

The prerequisites for this exam include a solid understanding of TCP/IP, including subnetting, CIDR, and other TCP/IP-related concepts. Familiarity with the Windows 2000 interface (such as knowing where to locate the DNS suffix of a Windows 2000 system) is extremely beneficial, as well. Perhaps the most essential skill set to hone when studying for this exam involves DNS.

Because DNS is the most important companion service in the Active Directory, Windows 2000 administrators must be acutely aware of its intricacies. Active Directory heavily relies upon DNS, and this exam assumes you know some key aspects of Windows 2000’s flavor of DNS.

Exam details
Of the four core exams you must take, 70-217 is considered to be one of the easier ones. According to, this exam ranks a 2 out of 5 on the difficulty scale (where 5 is really tough and 1 is a walk in the park). As someone who has taken this exam, I tend to agree with that assessment. This exam is not too hard—providing you prepare appropriately for it.

Table A summarizes some of the exam details.

Table A
Time Limit: 110 minutes
Number of Questions: Approximately 45
Passing Score: 665
Exam Format: Form

Summary of what you need to know
All right, here is the stuff you have been waiting for. Of course, I can't tell you exactly what is on the exam. For one thing, I agreed not to divulge the questions I was tested with. And for another, telling you would be unethical.

What I can pass on, however, are the areas you need to study to be successful. The Microsoft Web site offers a listing of the areas that are tested and the skill sets you need to pass this exam. I have summarized this information below.

Installing and configuring the Active Directory
  • Install forests, trees, and domains; automate domain controller installation
  • Create organizational unit (OU) structures
  • Create sites, subnets, site links, and connection objects; configure server objects
  • Understand, manage, and transfer Flexible Single Master Operation’s roles (FSMOs)
  • Troubleshoot Active Directory installation

Installing, configuring, managing, monitoring, and troubleshooting DNS for Active Directory
  • Install and configure DNS with regard to the Active Directory; integrate the new Active Directory Integrated DNS zones with existing DNS infrastructure (e.g., make BIND and Windows 2000 DNS work together)
  • Configure zones for dynamic updates and secure dynamic updates; create and configure various types of DNS records
  • Manage, monitor, and troubleshoot a Windows 2000 DNS Server

Configuring, managing, monitoring, optimizing, and troubleshooting change and configuration management
One of largest portions of the Active Directory involves Group Policies, and you'll have to know the ins and outs ofGroup Policy Objects (GPOs).
  • Implement and troubleshoot Group Policy, create and modify a Group Policy Object (GPO), link/unlink an existing GPO, and delegate administrative control of Group Policy
  • Configure the various Group Policy options, understand filtering, modify Group Policy priorities, and troubleshoot GPOs
  • Install, configure, manage, and troubleshoot software by using Group Policy
  • Configure GPOs to support Remote Installation Services (RIS)

Managing, monitoring, and optimizing the components of Active Directory
  • Manage the many Active Directory objects, including moving them, renaming them, locating them, publishing them, managing permissions, and delegating administrative control of objects in Active Directory
  • Monitor, optimize, and troubleshoot the performance of the Active Directory; understand replication
  • Back up and restore Active Directory
  • Restore from backup; know the steps required to perform an authoritative and a nonauthoritative restore of Active Directory, recover from a system failure, and seize flexible single master operations roles

Configuring, managing, monitoring, and troubleshooting security in a directory services infrastructure
  • Apply security policies by using Group Policy, which entails the creation, analysis, and modification of security configurations by using the Security Configuration and Analysis snap-in and the Security Templates snap-in (both components of the MMC)
  • Implement an audit policy and monitor and analyze security events

Recommended study plan
If you ask several people the best way to prepare for the exam, you'll probably get a variety of answers. Some will tell you that you need to attend a class. Some will tell you not to waste your money on a class and to just pick up some books and self-study. Others will tell you to learn by trial and error with the product. And with the Internet as capable as it is now, you may be advised to take a course online. Obviously, individuals learn in different ways, and you will need to find the method that works best for you.

As a technical trainer, I am partial to the classroom environment. I think that people can learn much better if they have an experienced individual effectively facilitating their learning of the product.

One way you can prepare for the 70-217 exam is to attend Microsoft Official Curriculum (MOC) classes at a Microsoft Certified Technical Education Center (CTEC). The MOC class that corresponds best to this exam is 2154, which includes a lot of lab time, as well as some great lectures.

But I don't think classroom experience is enough. A proactive student might try to get a hold of materials before taking a class and begin to develop some knowledge of the product. I also recommend that after attending a class, my students purchase a book that is specifically geared toward passing the exam—preferably one not written by Microsoft. (Not that I have anything against the company; I just think that it is important to get an outside opinion.) Sometimes, I will even advise my students to purchase some sort of practice test software, such as Transcender or TestOut.

Regardless of what you decide to do, keep in mind that being successful at an exam involves a combination of factors. Often, the most important is actual experience with the product. Unfortunately, this is often overlooked. Do yourself a favor and try to get as much experience as possible working with Active Directory before you take the exam.

The Windows 2000 MCSE is definitely a lot of work, and this particular exam is no exception. In my opinion, this exam covers some of the coolest concepts in the industry today. Generally speaking, Active Directory is new to most people, so they're experiencing what I like to call the “gee-whiz” factor, or the new car smell. AD is a fun subject, and it involves software that can be used to solve business problems, which I find to be the most appealing aspect.

About Jeremy Smith

Jeremy L. Smith, CISSP, is a cybersecurity and public safety professional who has worked with a variety of agencies to improve the security of their call centers and execute their public safety initiatives more effectively, including 911 call taking,...

Editor's Picks

Free Newsletters, In your Inbox