Microsoft Windows 2000 – Active Directory Design: Directory Services Security

This course is included in our On-demand training solution.


To provide an overview of Active Directory security features and describe the different security management strategies available

Target Audience

Students preparing for Microsoft exam 70-219; personnel in medium to very large computing environments that use the Windows 2000 network operating system


Experience in designing network infrastructures in environments that support 200-26,000+ users and 5-150+ physical locations using typical network services and applications including file and print, database, messaging, proxy server or firewall, dial-in server, desktop management, and web hosting

Expected Duration

195 min.

Course Objectives

Microsoft Windows 2000 – Active Directory Design: Directory Services Security

  • recognize the authentication and authorization process for Windows 2000 security, define security policies and settings for group policy objects, and identify methods to secure your network to protect network resources.
  • recognize how to secure the Active Directory, identify methods of access control, and state functions and permission control as owner of an object.
  • define the characteristics of the explicit and inherited Active Directory permissions, and recognize how to modify inheritance rules for group policies and block inheritance.
  • define the different types of trust relationships, and identify the functions of external and shortcut explicit trusts.
  • identify the functions of different Windows 2000 security features.
  • recognize how to develop a delegation plan and strategy using either a location-based, organization-based, function-based, or hybrid strategy.
  • prioritize planning tasks and select the type of design that best meets the needs of particular organizations.
  • state how to develop a delegation strategy based on object-based and task-based ownership, identify the types of object-based and task-based permissions that you can apply, and recognize the different methods you can use to delegate authority.
  • identify the guidelines for monitoring the Domain Administrators group and determining the levels at which permissions should be set.
  • state the functions and benefits of Group Policy objects (GPOs), define the GPO settings, and identify the purpose of GPO containers and templates.
  • determine when to create a GPO for Active Directory sites, domains, and OUs, and identify the characteristics.
  • identify the components of a Group Policy plan, recognize how to plan the delegation of control of GPOs, and identify how to configure GPO settings and test the Group Policy plan in different situations.
  • plan Group Policy for multiple domains in a network and for the OUs in a domain.