Windows 2000 – Active Directory Security and Management

This course is included in our On-demand training solution.


To provide an overview of the configuration of the Active Directory security

Target Audience

Students preparing for Microsoft exam 70-217; students working in a medium to very large computing environments that use the Windows 2000 network operating system


Experience in implementing and administering network operating systems

Expected Duration

240 min.

Course Objectives

Windows 2000 – Active Directory Security and Management

  • recognize how the Active Directory service implements access control for network objects, state the attributes of permission inheritance and object ownership, and modify standard and special permissions for a group.
  • assign a standard permission, special permission, and transfer ownership of an organizational unit (OU).
  • identify how to delegate control of Active Directory objects to users, groups, or organizational units (OUs), define common tasks that you can delegate within an OU, and delegate control of an OU to a user.
  • delegate control of a group and allow a permission.
  • define the functions of the types of administrative settings for Group Policy, and recognize the purpose of loopback processing for Group Policy objects.
  • configure a security template for a Group Policy object (GPO), import a security template, and apply it to an organizational unit (OU).
  • state problems that may arise when using Group Policy and identify the components of the Security Configuration and Analysis toolset used to manage security policy.
  • define the types of predefined security templates and their functions, recognize how to check for security policy discrepancies, and identify how to use log files and view and analyze their recorded security events.
  • define the types of operations master roles and their attributes, recognize the functions of the primary domain controller (PDC) emulator, relative identifier master (RID) , and infrastructure master when implemented at domain level, and identify how to use administrative tools to view operations masters for the domain level roles.
  • recognize situations that warrant changing the default assignment of operations master roles, state requirements for transferring roles, identify how to transfer master roles, and create a global catalog server.
  • transfer the infrastructure master role and create a global catalog server.
  • recognize the purpose of seizing an operations master role, and identify how to seize the primary domain controller (PDC) emulator role and the schema master role.
  • seize control of the primary domain controller (PDC) emulator role and the domain naming master role.
  • recognize how to maintain the Active Directory to prevent failure, define the different methods for backing up and restoring the Active Directory database, and identify the defragmentation functions of the garbage collection process.
  • build a backup strategy for the Active Directory that specifies the backup media to use, and the types and frequency of backups to perform, and identify the steps used to perform normal and incremental backups of the system state data.
  • define the methods used to troubleshoot computer booting problems, recognize the attributes of a system state data restore, and identify how to perform a nonauthoritative restore of the system state data and an authoritative restore of an organizational unit (OU).
  • back up and restore the system state data.
  • diagnose problems that can occur for the Active Directory, and identify the functions of different troubleshooting tools and utilities.