Windows 2000 brought Active Directory to life, and Windows Server 2003 gives it legs to stand on. Microsoft has invested heavily in this technology—the building block of all Microsoft networks to come—and, accordingly, expects those supporting it to know how it works. In the Windows Server 2003 track, exam 70-294, which is entitled Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure, is the equivalent to exam 70-217, Implementing and Administering a Microsoft Windows 2000 Directory Services Infrastructure in the Windows 2000 certification track.
Exam 70-294 is a requirement for Microsoft Certified System Engineer (MCSE) certification. (It’s not required for MCSA.) You can find a complete list of the objectives for this exam at Microsoft’s Certification Web site. The objectives are divided into five major categories:
- Planning and Implementing an Active Directory Infrastructure
- Managing and Maintaining an Active Directory Infrastructure
- Planning and Implementing User, Computer, and Group Strategies
- Planning and Implementing Group Policy
- Managing and Maintaining Group Policy
In this article, I won’t examine each objective, but rather focus on seven of the most important things to know in order to be prepared for this exam.
Tip #1: You’ll never pass on theory alone
A lot of certification exams have ridiculous prerequisite recommendations that could not possibly be met—things like three years of experience with an operating system that will be on the market for only six months. Those recommendations are good for a laugh only and stop very few from taking the test.
In this case, however, the recommendations are very accurate. They suggest one-year systems administration experience in a network that includes:
- More than 250 users.
- At least three physical locations.
- At least three domain controllers.
They also suggest that the test-taker have at least a year of experience with:
- Implementing and administering the desktop.
- Designing a network infrastructure.
While it’s important to know Windows Server 2003 to pass the exam, notice that it’s not singled out in the lists above. If you have a year of experience with Windows 2000 and know the differences between it and the latest rendering of the network operating system, you’ll be able to work through the problems on the exam and pass. Without the experience, and with only theoretical knowledge of these topics, your odds of passing this exam are slim indeed.
Tip #2: Interpret “Network Infrastructure” as 70-293
One of the recommended prerequisites for this exam is experience with designing a network infrastructure. To know if you have the appropriate level of skills in this area, you should first take and pass exam 70-293, Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure.
If you can’t pass 70-293, you shouldn’t attempt the Active Directory exam. If you do pass 70-293, you have a firm enough grasp of the network to focus on the Active Directory components and pass 70-294.
Tip #3: Know how to access resources
The interaction between Active Directory domains and all that implies (trust relationships, authentication, etc.) is a focal point of exam material. Make sure you know how to configure user and group access on an intranet, establish trusts with NT-based domains, and create external trusts. You should also know how to access resources across domains and across forests.
Tip #4: Know DCPromo and other utilities
DCPromo is a ubiquitous utility held in very high esteem. It’s imperative that you know what this tool can and can’t be used for. Equally important is to know the command line utilities that can be used with Active Directory.
During study, pay particular attention to Ntdsutil, an interactive utility used to transfer operations master roles. In Windows Server 2003, it works much like a Swiss Army Knife in that it can also be used to move, dump, repair, and compact directory database files. Additionally, it’s the tool to use to do an authoritative restore.
Tip #5: Know the changes to DNS
The power of DNS (Domain Name Service) continues to expand, and as Active Directory is reliant upon it, you must know all you can about it. Key to preparing for this exam is knowing the differences between what DNS was capable of doing under Windows 2000 and what it can now do under Windows Server 2003. The overview of changes can be found here, and you should follow that up with a focus on stub zones and conditional forwarding.
Tip #6: Know all you can about Group Policy
Start studying with an overview of the management console and then look at administering it. Follow that with a study of how to migrate GPOs. New to Group Policy is RSoP (Resultant Set of Policy). This tool shows how permissions and policies overlap by factoring in inheritance and other things. This solves a great many problems that existed earlier and shows precisely what the resulting policy will be for the user or computer in an Active Directory tree. A command line utility that can perform the same function as RSoP is also included with Windows Server 2003: Gpresult.
Tip #7: Know those server roles
Expect to see questions on this exam about server roles—questions similar to those on 70-293. The “role” that a server can perform can be Active Directory-related (domain controllers) or purely service-oriented (Web server, database server, etc.). Within those that are Active Directory-related are five FSMOs (Flexible Single Master Operations) roles:
- PDC (Primary Domain Controller) emulator—used for backward compatibility
- RID (Relative ID) Master—holds the pool of ID numbers to be used
- Infrastructure Master—handles updates and name changes
- Domain Naming Master—by default the first domain controller in a forest
- Schema Master—oversees all schema operations
The PDC performing one of these roles is known as the role master. Microsoft recommends that the PDC emulator and RID Master be kept on the same domain controller, and that the Domain Naming Master be stored on a Global Catalog server. Global Catalog Servers respond to queries, and increasing the number of these to include one in each large office can decrease response time. You can find generic information about server roles, and which version is good for each, at this Web site.
The 70-294 exam is a requirement that must be taken for new MCSEs to become certified on Windows Server 2003. The exam requires you to think through a number of scenarios in order to find the right solution. You’ll be at a great disadvantage when taking this exam if you don’t have experience with network design. If you do have that experience, however, you’ll appreciate the focus of this exam and its resemblance to its 70-217 counterpart in the Windows 2000 track.