Microsoft Training

Following are the course offered by ZCS

MCITP: Enterprise Administrator on Windows Server 2008 (5 Modules)

MCITP: Server Administrator on Windows Server 2008 (3 Modules)

MCITP: Enterprise Messaging Administrator on Exchange 2010 (2 Modules)

Microsoft Certifications not only recognize and validate your real-world skills, but they also provide you with access to unique resources and offer you a life-long career path for developing your IT skills. Choose a certification track that matches your current or desired job role.

Why get certified?

Earning a Microsoft Certification demonstrates your expertise with Microsoft products and platforms, your job-related experience, and your technical problem-solving skills. Microsoft Certifications are continually evaluated and updated to ensure their relevancy in the marketplace. As a result, earning a certification not only helps you stay up-to-speed on the latest Microsoft technologies and platforms, but showcases your skills and value on the job

Microsoft Certified Technology Specialist (MCTS)
The Microsoft Certified Technology Specialist (MCTS) certifications enable professionals to target specific technologies and to distinguish themselves by demonstrating in-depth knowledge and expertise in their specialized technologies. An MCTS is consistently capable of implementing, building, troubleshooting, and debugging a particular Microsoft technology.

Microsoft Certified IT professional (MCITP)
The Microsoft Certified IT Professional (MCITP) credential is the leading certification for Windows Server 2008. It provides widely recognized, objective validation of your ability to perform critical, current IT job roles by using Microsoft technologies to their best advantage.

The MCITP certification:

  • Focuses on a specific job role, allowing for in-depth validation of your skill set.
  • Allows you to earn more than one MCITP certification, demonstrating your abilities across multiple roles.
  • Builds on a combination of Microsoft Certified Technology Specialist (MCTS) prerequisites, helping you develop your technical resume with each step in your MCITP career path.

70–640 Windows Server 2008 Active Directory, Configuring
70-642 Windows Server 2008 Network Infrastructure, Configuring
70-643 Windows Server 2008 Application Infrastructure, Configuring
70-647 Windows Server 2008, Enterprise Administrator
70-680 Enterprise Desktop Support Technician on Windows 7

70-–640 Windows Server 2008 Active Directory, Configuring

Configuring Domain Name System (DNS) for Active Directory

Configure zones.
  • May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup
Configure DNS server settings.
  • May include but is not limited to: forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging
Configure zone transfers and replication.
  • May include but is not limited to: configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions

Configuring the Active Directory infrastructure

    Configure a forest or a domain.
    • May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep
    Configure trusts.
    • May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering
    Configure sites.
    • May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure
    Configure Active Directory replication.
    • May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication
    Configure the global catalog.
    • May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog
    Configure operations masters.
    • May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service

    Configuring Active Directory Roles and Services

    • Configure Active Directory Lightweight Directory Service (AD LDS).
      • May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation
    • Configure Active Directory Rights Management Service (AD RMS).
      • May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE
    • Configure the read-only domain controller (RODC).
      • May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install
    • Configure Active Directory Federation Services (AD FSv2).
      • May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies

    Creating and maintaining Active Directory objects

    Automate creation of Active Directory accounts.
    • May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join
    Maintain Active Directory accounts.
    • May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts
    Create and apply Group Policy objects (GPOs).
    • May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)
    Configure GPO templates.
    • May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies
    Deploy and manage software by using GPOs.
    • May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker
    Configure account policies.
    • May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies
    Configure audit policy by using GPOs.
    • May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting

Maintaining the Active Directory environment

    Configure backup and recovery.
    • May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin
    Perform offline maintenance.
    • May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool
    Monitor Active Directory.
    • May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell

Configuring Active Directory Certificate Services

    Install Active Directory Certificate Services.
    • May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments
    Configure CA server settings.
    • May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing
    Manage certificate templates.
    • May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent
    Manage enrollments.
    • May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping
    Manage certificate revocations.
    • May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)


    70-642 Windows Server 2008 Network Infrastructure, Configuring

    Configuring Addressing and Services

    Configure IPv4 and IPv6 addressing.
    • May include but is not limited to: configure IP address options; subnetting; supernetting; multi-homed; interoperability between IPv4 and IPv6
    Configure Dynamic Host Configuration Protocol (DHCP).
    • May include but is not limited to: DHCP options; creating new options; PXE boot; default user profiles; DHCP relay agents; exclusions; authorize server in Active Directory; scopes; DHCPv6
    Configure routing.
    • May include but is not limited to: static routing; persistent routing; Routing Internet Protocol (RIP); metrics; choosing a default gateway; maintaining a routing table; demand-dial routing; IGMP proxy
    Configure Windows Firewall with Advanced Security.
    • May include but is not limited to: inbound and outbound rules; custom rules; authorized users; authorized computers; configure firewall by using Group Policy; network location profiles; service groups; import/export policies; isolation policy; IPsec group policies; Connection Security Rules

Configuring Names Resolution

Configure a Domain Name System (DNS) server.
  • May include but is not limited to: conditional forwarding; external forwarders; root hints; cache-only; socket pooling; cache locking
Configure DNS zones.
  • May include but is not limited to: zone scavenging; zone types; Active Directory integration; Dynamic Domain Name System (DDNS); Secure DDNS; GlobalNames; zone delegation; DNS Security Extensions (DNSSEC); reverse lookup zones
Configure DNS records.
  • May include but is not limited to: record types; Time to live (TTL); weighting records; registering records; netmask ordering; DnsUpdateProxy group; round robin; DNS record security; auditing
Configure DNS replication.
  • May include but is not limited to: DNS secondary zones; DNS stub zones; Active Directory Integrated replication scopes; securing zone transfer; SOA refresh; auditing
Configure name resolution for client computers.
  • May include but is not limited to: configuring HOSTS file; Link-Local Multicast Name Resolution (LLMNR); broadcasting; resolver cache; DNS server list; Suffix Search order; DNS devolution

Configuring Network Access

Configure remote access.
  • May include but is not limited to: dial-up; Remote Access Policy; Network Address Translation (NAT); VPN protocols, such as Secure Socket Tunneling Protocol (SSTP) and IKEv2; Routing and Remote Access Services (RRAS); packet filters; Connection Manager; VPN reconnect; RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP
Configure Network Access Protection (NAP).
  • May include but is not limited to: network layer protection; DHCP enforcement; VPN enforcement; RDS enforcement; configure NAP health policies; IPsec enforcement; 802.1x enforcement; flexible host isolation; multi-configuration System Health Validator (SHV)
Configure DirectAccess.
  • May include but is not limited to: IPv6; IPsec; server requirements; client requirements; perimeter network; name resolution policy table
Configure Network Policy Server (NPS).
  • May include but is not limited to: IEEE 802.11 wireless; IEEE 802.3 wired; group policy for wireless; RADIUS accounting; Connection Request policies; RADIUS proxy; NPS templates

Configuring File and Print Services

Configure a file server.
  • May include but is not limited to: file share publishing; Offline Files; share permissions; NTFS permissions; encrypting file system (EFS); BitLocker; Access-Based Enumeration (ABE); branch cache; Share and Storage Management console
Configure Distributed File System (DFS).
  • May include but is not limited to: DFS namespace; DFS configuration and application; creating and configuring targets; DFS replication; read-only replicated folder; failover cluster support; health reporting
Configure backup and restore.
  • May include but is not limited to: backup types; backup schedules; managing remotely; restoring data; shadow copy services; volume snapshot services (VSS); bare metal restore; backup to remote file share
Manage file server resources.
  • May include but is not limited to: FSRM; quota by volume or quota by user; quota entries; quota templates; file classification; Storage Manager for SANs; file management tasks; file screening
Configure and monitor print services.
  • May include but is not limited to: printer share; publish printers to Active Directory; printer permissions; deploy printer connections; install printer drivers; export and import print queues and printer settings; add counters to Performance Monitor to monitor print servers; print pooling; print priority; print driver isolation; location-aware printing; print management delegation

Monitoring and Managing a Network Infrastructure

Configure Windows Server Update Services (WSUS) server settings.
  • May include but is not limited to: update type selection; client settings; Group Policy object (GPO); client targeting; software updates; test and approval; disconnected networks
Configure performance monitoring.
  • May include but is not limited to: Data Collector Sets; Performance Monitor; Reliability Monitor; monitoring System Stability Index; page files; analyze performance data
Configure event logs.
  • May include but is not limited to: custom views; application and services logs; subscriptions; attaching tasks to events find and filter
Gather network data.
  • May include but is not limited to: Simple Network Management Protocol (SNMP); Network Monitor; Connection Security Rules monitoring

70-643 Windows Server 2008 Application Infrastructure, Configuring

Deploying Servers

Deploy images by using Windows Deployment Services.
  • May include but is not limited to: Install from media (IFM); configure Windows Deployment Services; capture Windows Deployment Services images; deploy Windows Deployment Services images; dynamic driver provisioning; PXE provider; multicasting; VHD deployment
Configure Microsoft Windows activation.
  • May include but is not limited to: install a KMS server; create a DNS SRV record; replicate volume license data; Multiple Activation Key (MAK); managing activation
Configure Windows Server Hyper-V and virtual machines.
  • May include but is not limited to: Virtual networking; virtualization hardware requirements; Virtual Hard Disks; migration types; Integration Services; dynamic memory allocation; dynamic virtual machine storage; import/export; snapshot
Configure high availability.
  • May include but is not limited to: failover clustering; Network Load Balancing; geo-clustering support; cluster service migration; Cluster Shared Volumes (CSV)
Configure storage.
  • May include but is not limited to: RAID types; Virtual Disk Specification (VDS); iSCSI Initiator; Storage Area Networks (SANs); mount points; Multipath I/O (MPIO); VHD mounting; boot from VHD; N-Port Identification Virtualization (NPIV)

Configuring Remote Desktop Services

Configure RemoteApp and Remote Desktop Web Access.
  • May include but is not limited to: providing access to remote resources; per-user filtering; forms-based authentication; single sign-on
Configure Remote Desktop Gateway (RD Gateway).
  • May include but is not limited to: certificate configuration; Remote Desktop resource authorization policy (RD RAP); Remote Desktop connection authorization policy (RD CAP); Remote Desktop group policy
Configure Remote Desktop Connection Broker.
  • May include but is not limited to: redirection modes; DNS registration; set by using group policy
Configure and monitor Remote Desktop resources.
  • May include but is not limited to: allocate resources by using Windows Server Resource Manager; configure application logging; fair share CPU scheduling; viewing processes
Configure Remote Desktop licensing.
  • May include but is not limited to: deploy licensing server; connectivity between Remote Desktop Session Hosts (RD Session Hosts) and Remote Desktop Licensing (RD Licensing); recovering Remote Desktop Licensing server; managing Remote Desktop Services client access licenses (RDS CALs); revoking licensing
Configure Remote Desktop Session Host.
  • May include but is not limited to: session options; session permissions; display data prioritization; profiles and home folders; IP Virtualization; RemoteFX

Configuring a Web Services Infrastructure

Configure Web applications.
  • May include but is not limited to: directory-dependent; publishing; URL-specified configuration; Microsoft .NET components, for example, .NET and aspx; configure application pools; manage service accounts; server core
Manage Web sites.
  • May include but is not limited to: migrate sites and Web applications; publish IIS Web sites; configure virtual directories; xcopy deployment
Configure a File Transfer Protocol (FTP) server.
  • May include but is not limited to: configure for extranet users; configure permissions; configure File Transfer Protocol Secure (FTPS); WebDAV integration; user isolation
Configure Simple Mail Transfer Protocol (SMTP).
  • May include but is not limited to: setting up smart hosts; configuring size limitations; setting up security and authentication to the delivering server; creating proper service accounts; authentication; SMTP relay
Manage the Web Server (IIS) role.
  • May include but is not limited to: Web site content backup and restore; IIS configuration backup; monitor IIS; configuration logging and tracing; delegation of administrative rights
Configure SSL security.
  • May include but is not limited to: configure certificates; requesting SSL certificate; renewing SSL certificate; exporting and importing certificates
Configure Web site authentication and permissions.
  • May include but is not limited to: configure site permissions and authentication; configure application permissions; client certificate mappings; request filtering

Configuring Network Application Services

Manage the Streaming Media Services role.
  • May include but is not limited to: installation; on-demand replication; caching and proxy; multicast streaming; advertising; Web-based administration; Real-Time Streaming Protocol (RTSP)
Secure streaming media.
  • May include but is not limited to: encryption; sharing business rules; configuring license delivery; configuring policy templates; configure Windows Media Rights Manager; automatically acquire media usage rights; Microsoft DRM upgrade service
Configure SharePoint Foundation options.
  • May include but is not limited to: site permissions; backup; service accounts; rights management services (RMS); migration; audience targeting; claims-based authentication; SharePoint Timer jobs; usage and report logging
Configure SharePoint Foundation integration.
  • May include but is not limited to: configuring a document library to receive e-mail; configuring incoming vs. outgoing e-mail; support for Office Web Apps and SharePoint Workspaces

70-647 Windows Server 2008, Enterprise Administrator

Planning network and application services

  • Plan for name resolution and IP addressing. May include but is not limited to: internal and external naming strategy, naming resolution support for legacy clients, naming resolution for directory services, IP addressing scheme, TCP/IP version coexistence
  • Design for network access. May include but is not limited to: network access policies, remote access strategy, perimeter networks, server and domain isolation
  • Plan for application delivery. May include but is not limited to: application virtualization, presentation virtualization, locally installed software, Web-based applications
  • Plan for Remote Desktop Services. May include but is not limited to: Terminal Services licensing, Remote Desktop Services infrastructure

Designing core identity and access management components

  • Design Active Directory forests and domains. May include but is not limited to: forest structure, forest and domain functional levels, intra-organizational authorization and authentication, schema modifications
  • Design the Active Directory physical topology. May include but is not limited to: placement of servers, site and replication topology, printer location policies
  • Design the Active Directory administrative model. May include but is not limited to: delegation, group strategy, compliance auditing, group administration, organizational structure
  • Design the enterprise-level group policy strategy. May include but is not limited to: group policy hierarchy and scope filtering, control device installation, authentication and authorization

Designing support identity and access management components

  • Plan for domain or forest migration, upgrade, and restructuring. May include but is not limited to: cross-forest authentication, backward compatibility, object migration, migration planning, implementation planning, environment preparation
  • Design the branch office deployment. May include but is not limited to: authentication strategy, server security
  • Design and implement public key infrastructure. May include but is not limited to: certificate services, PKI operations and maintenance, certificate life cycle management
  • Plan for interoperability. May include but is not limited to: inter-organizational authorization and authentication, application authentication interoperability, cross-platform interoperability

Designing for business continuity and data availability

  • Plan for business continuity. May include but is not limited to: service availability, directory service recovery
  • Design for software updates and compliance management. May include but is not limited to: patch management and patch management compliance, Microsoft Update and Windows Update, security baselines, system health models
  • Design the operating system virtualization strategy. May include but is not limited to: server consolidation, application compatibility, virtualization management, placement of servers
  • Design for data management and data access. May include but is not limited to: data security, data accessibility and redundancy, data collaboration

70-680 Enterprise Desktop Support Technician on Windows 7

Installing, Upgrading, and Migrating to Windows 7

    Perform a clean installation.
    • This objective may include but is not limited to: identifying hardware requirements; setting up as the sole operating system; setting up as dual boot; installation methods; boot from the source of installation, preparing the installation source: USB, CD, network share, WDS
    Upgrade to Windows 7 from previous versions of Windows.
    • This objective may include but is not limited to: upgrading from Windows Vista; migrating from Windows XP; upgrading from one edition of Windows 7 to another edition of Windows 7
    Migrate user profiles.
    • This objective may include but is not limited to: migrating from one machine to another; migrating from previous versions of Windows; side-by-side vs. wipe and load

    Deploying Windows 7

      Capture a system image.
      • This objective may include but is not limited to: preparing system for capture; creating a WIM file; automated capture; manual capture
      Prepare a system image for deployment.
      • This objective may include but is not limited to: inserting an application into a system image; inserting a driver into a system image; inserting an update into a system image; configuring tasks to run after deployment
      Deploy a system image.
      • This objective may include but is not limited to: automated deployment methods; manually deploying a customized image
       Configure a VHD.
      • This objective may include but is not limited to: creating, deploying, booting, mounting, and updating VHDs; offline updates; offline servicing

      Configuring Hardware and Applications

      Configure devices.
      • This objective may include but is not limited to: updating, disabling, and uninstalling drivers; signed drivers; conflicts between drivers; configuring driver settings; resolving problem device driver
      Configure application compatibility.
      • This objective may include but is not limited to: setting compatibility mode; implementing shims; compatibility issues with Internet Explorer
      Configure application restrictions.
      • This objective may include but is not limited to: setting software restriction policies; setting application control policies; setting through group policy or local security policy
      Configure Internet Explorer.
      • This objective may include but is not limited to: configuring compatibility view; configuring security settings; configuring providers; managing add-ons; controlling InPrivate mode; certificates for secure Web sites

      Configuring Network Connectivity

      Configure IPv4 network settings.
      • This objective may include but is not limited to: connecting to a network; configuring name resolution; setting up a connection for a network; network locations; resolving connectivity issues; APIPA
      Configure IPv6 network settings.
      • This objective may include but is not limited to: configuring name resolution; connecting to a network; setting up a connection for a network; network locations; resolving connectivity issues; link local multicast name resolution
      Configure networking settings.
      • This objective may include but is not limited to: adding a physically connected (wired) or wireless device; connecting to a wireless network; configuring security settings on the client; set preferred wireless networks; configuring network adapters; configuring location-aware printing
      Configure Windows Firewall.
      • This objective may include but is not limited to: configuring rules for multiple profiles; allowing or denying an application; network-profile-specific rules; configuring notifications; configuring authenticated exceptions
      Configure remote management.
      • This objective may include but is not limited to: remote management methods; configuring remote management tools; executing PowerShell commands

    Configuring Access to Resources

    Configure shared resources.
    • This objective may include but is not limited to: folder virtualization; shared folder permissions; printers and queues; configuring HomeGroup settings
    Configure file and folder access.
    • This objective may include but is not limited to: encrypting files and folders by using EFS; configuring NTFS permissions; resolving effective permissions issues; copying files vs. moving files
    Configure user account control (UAC).
    • This objective may include but is not limited to: configuring local security policy; configuring admin vs. standard UAC prompt behaviors; configuring Secure Desktop
    Configure authentication and authorization.
    • This objective may include but is not limited to: resolving authentication issues; configuring rights; managing credentials; managing certificates; smart cards with PIV; elevating user privileges; multifactor authentication
    Configure BranchCache.
    • This objective may include but is not limited to: distributed cache mode vs. hosted mode; network infrastructure requirements; configuring settings; certificate management

    Configuring Mobile Computing

    Configure BitLocker and BitLocker To Go.
    • This objective may include but is not limited to: configuring BitLocker and BitLocker To Go policies; managing Trusted Platform Module (TPM) PINs; configuring startup key storage; data recovery agent support
    Configure DirectAccess.
    • This objective may include but is not limited to: configuring client side; configuring authentication; network infrastructure requirements
    Configure mobility options.
    • This objective may include but is not limited to: configuring offline file policies; transparent caching; creating and migrating power policy
    Configure remote connections.
    • This objective may include but is not limited to: establishing VPN connections and authentication; enabling a VPN reconnect; advanced security auditing; NAP quarantine remediation; dial-up connections; remote desktop; published apps

    Monitoring and Maintaining Systems that Run Windows 7

    Configure updates to Windows 7.
    • This objective may include but is not limited to: configuring update settings; determining source of updates; configuring Windows Update policies; reviewing update history; checking for new updates; rolling back updates
    Manage disks.
    • This objective may include but is not limited to: managing disk volumes; managing file system fragmentation; RAID; removable device policies
    Monitor systems.
    • This objective may include but is not limited to: configuring event logging; filtering event logs; event subscriptions; data collector sets; generating a system diagnostics report
    Configure performance settings.
    • This objective may include but is not limited to: configuring page files; configuring hard drive cache; updated drivers; configuring networking performance; configuring power plans; configuring processor scheduling; configuring desktop environment; configuring services and programs to resolve performance issues; mobile computing performance issues; configuring power

    Configuring Backup and Recovery Options

    Configure backup.
    • This objective may include but is not limited to: creating a system recovery disk; backing up files, folders, or full system; scheduling backups
    Configure system recovery options.
    • This objective may include but is not limited to: configuring system restore points; restoring system settings; last known good configuration; complete restore; driver rollback
    Configure file recovery options.
    • This objective may include but is not limited to: configuring file restore points; restoring previous versions of files and folders; restoring damaged or deleted files by using shadow copies; restore user profiles
    70–640 Windows Server 2008 Active Directory, Configuring
    70-642 Windows Server 2008 Network Infrastructure, Configuring
    70-646 Pro: Windows Server, 2008 Server Administrator


    70–640 Windows Server 2008 Active Directory, Configuring

    Configuring Domain Name System (DNS) for Active Directory




    Configure zones.
    • May include but is not limited to: Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup
    Configure DNS server settings.
    • May include but is not limited to: forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging
    Configure zone transfers and replication.
    • May include but is not limited to: configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions

    Configuring the Active Directory infrastructure

    Configure a forest or a domain.
    • May include but is not limited to: remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT) ; change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep
    Configure trusts.
    • May include but is not limited to: forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering
    Configure sites.
    • May include but is not limited to: create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure
    Configure Active Directory replication.
    • May include but is not limited to: DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication
    Configure the global catalog.
    • May include but is not limited to: Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog
    Configure operations masters.
    • May include but is not limited to: seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service

    Configuring Active Directory Roles and Services

    Configure Active Directory Lightweight Directory Service (AD LDS).
    • May include but is not limited to: migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core Installation
    Configure Active Directory Rights Management Service (AD RMS).
    • May include but is not limited to: certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM Add-on for IE
    Configure the read-only domain controller (RODC).
    • May include but is not limited to: replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install
    Configure Active Directory Federation Services (AD FSv2).
    • May include but is not limited to: install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies

    Creating and maintaining Active Directory objects

    Automate creation of Active Directory accounts.
    • May include but is not limited to: bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join
    Maintain Active Directory accounts.
    • May include but is not limited to: manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts
    Create and apply Group Policy objects (GPOs).
    • May include but is not limited to: enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)
    Configure GPO templates.
    • May include but is not limited to: user rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies
    Deploy and manage software by using GPOs.
    • May include but is not limited to: publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker
    Configure account policies.
    • May include but is not limited to: domain password policy; account lockout policy; fine-grain password policies
    Configure audit policy by using GPOs.
    • May include but is not limited to: audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting

    Maintaining the Active Directory environment

    Configure backup and recovery.
    • May include but is not limited to: using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin
    Perform offline maintenance.
    • May include but is not limited to: offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool
    Monitor Active Directory.
    • May include but is not limited to: event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell

    Configuring Active Directory Certificate Services

    Install Active Directory Certificate Services.
    • May include but is not limited to: certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments
    Configure CA server settings.
    • May include but is not limited to: key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing
    Manage certificate templates.
    • May include but is not limited to: certificate template types; securing template permissions; managing different certificate template versions; key recovery agent
    Manage enrollments.
    • May include but is not limited to: network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping
    Manage certificate revocations.
    • May include but is not limited to: configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)

    70-642 Windows Server 2008 Network Infrastructure, Configuring

    Configuring Addressing and Services

    Configure IPv4 and IPv6 addressing.
    • May include but is not limited to: configure IP address options; subnetting; supernetting; multi-homed; interoperability between IPv4 and IPv6
    Configure Dynamic Host Configuration Protocol (DHCP).
    • May include but is not limited to: DHCP options; creating new options; PXE boot; default user profiles; DHCP relay agents; exclusions; authorize server in Active Directory; scopes; DHCPv6
    Configure routing.
    • May include but is not limited to: static routing; persistent routing; Routing Internet Protocol (RIP); metrics; choosing a default gateway; maintaining a routing table; demand-dial routing; IGMP proxy
    Configure Windows Firewall with Advanced Security.
    • May include but is not limited to: inbound and outbound rules; custom rules; authorized users; authorized computers; configure firewall by using Group Policy; network location profiles; service groups; import/export policies; isolation policy; IPsec group policies; Connection Security Rules

    Configuring Names Resolution

    Configure a Domain Name System (DNS) server.
    • May include but is not limited to: conditional forwarding; external forwarders; root hints; cache-only; socket pooling; cache locking
    Configure DNS zones.
    • May include but is not limited to: zone scavenging; zone types; Active Directory integration; Dynamic Domain Name System (DDNS); Secure DDNS; GlobalNames; zone delegation; DNS Security Extensions (DNSSEC); reverse lookup zones
    Configure DNS records.
    • May include but is not limited to: record types; Time to live (TTL); weighting records; registering records; netmask ordering; DnsUpdateProxy group; round robin; DNS record security; auditing
    Configure DNS replication.
    • May include but is not limited to: DNS secondary zones; DNS stub zones; Active Directory Integrated replication scopes; securing zone transfer; SOA refresh; auditing
    Configure name resolution for client computers.
    • May include but is not limited to: configuring HOSTS file; Link-Local Multicast Name Resolution (LLMNR); broadcasting; resolver cache; DNS server list; Suffix Search order; DNS devolution

    Configuring Network Access

    Configure remote access.
    • May include but is not limited to: dial-up; Remote Access Policy; Network Address Translation (NAT); VPN protocols, such as Secure Socket Tunneling Protocol (SSTP) and IKEv2; Routing and Remote Access Services (RRAS); packet filters; Connection Manager; VPN reconnect; RAS authentication by using MS-CHAP, MS-CHAP v2, and EAP
    Configure Network Access Protection (NAP).
    • May include but is not limited to: network layer protection; DHCP enforcement; VPN enforcement; RDS enforcement; configure NAP health policies; IPsec enforcement; 802.1x enforcement; flexible host isolation; multi-configuration System Health Validator (SHV)
    Configure DirectAccess.
    • May include but is not limited to: IPv6; IPsec; server requirements; client requirements; perimeter network; name resolution policy table
    Configure Network Policy Server (NPS).
    • May include but is not limited to: IEEE 802.11 wireless; IEEE 802.3 wired; group policy for wireless; RADIUS accounting; Connection Request policies; RADIUS proxy; NPS templates

    Configuring File and Print Services

    Configure a file server.
    • May include but is not limited to: file share publishing; Offline Files; share permissions; NTFS permissions; encrypting file system (EFS); BitLocker; Access-Based Enumeration (ABE); branch cache; Share and Storage Management console
    Configure Distributed File System (DFS).
    • May include but is not limited to: DFS namespace; DFS configuration and application; creating and configuring targets; DFS replication; read-only replicated folder; failover cluster support; health reporting
    Configure backup and restore.
    • May include but is not limited to: backup types; backup schedules; managing remotely; restoring data; shadow copy services; volume snapshot services (VSS); bare metal restore; backup to remote file share
    Manage file server resources.
    • May include but is not limited to: FSRM; quota by volume or quota by user; quota entries; quota templates; file classification; Storage Manager for SANs; file management tasks; file screening
    Configure and monitor print services.
    • May include but is not limited to: printer share; publish printers to Active Directory; printer permissions; deploy printer connections; install printer drivers; export and import print queues and printer settings; add counters to Performance Monitor to monitor print servers; print pooling; print priority; print driver isolation; location-aware printing; print management delegation

    Monitoring and Managing a Network Infrastructure

    Configure Windows Server Update Services (WSUS) server settings.
    • May include but is not limited to: update type selection; client settings; Group Policy object (GPO); client targeting; software updates; test and approval; disconnected networks
    Configure performance monitoring.
    • May include but is not limited to: Data Collector Sets; Performance Monitor; Reliability Monitor; monitoring System Stability Index; page files; analyze performance data
    Configure event logs.
    • May include but is not limited to: custom views; application and services logs; subscriptions; attaching tasks to events find and filter
    Gather network data.
    • May include but is not limited to: Simple Network Management Protocol (SNMP); Network Monitor; Connection Security Rules monitoring

    70-646 Pro: Windows Server, 2008 Server Administrator

    Planning for Server Deployment

  • Plan server installations and upgrades. May include but is not limited to: Windows Server 2008 edition selection, rollback planning, Bitlocker implementation requirements
  • Plan for automated server deployment. May include but is not limited to: standard server image, automation and scheduling of server deployments
  • Plan infrastructure services server roles. May include but is not limited to: address assignment, name resolution, network access control, directory services, application services, certificate services
  • Plan application servers and services. May include but is not limited to: virtualization server planning, availability, resilience, and accessibility
  • Plan file and print server roles. May include but is not limited to: access permissions, storage quotas, replication, indexing, file storage policy, availability, printer publishing

Planning for Server Management

  • Plan server management strategies. May include but is not limited to: remote administration, remote desktop, server management technologies, Server Manager and ServerManagerCMD, delegation policies and procedures
  • Plan for delegated administration. May include but is not limited to: delegate authority, delegate Active Directory objects, application management
  • Plan and implement group policy strategy. May include but is not limited to: GPO management, GPO backup and recovery, group policy troubleshooting, group policy planning

Monitoring and Maintaining Servers

  • Implement patch management strategy. May include but is not limited to: operating system patch level maintenance, Windows Server Update Services (WSUS), application patch level maintenance
  • Monitor servers for performance evaluation and optimization. May include but is not limited to: server and service monitoring, optimization, event management, trending and baseline analysis
  • Monitor and maintain security and policies. May include but is not limited to: remote access, monitor and maintain NPAS, network access, server security, firewall rules and policies, authentication and authorization, data security, auditing

Planning Application and Data Provisioning

  • Provision applications. May include but is not limited to: presentation virtualization, terminal server infrastructure, resource allocation, application virtualization alternatives, application deployment, System Center Configuration Manager
  • Provision data. May include but is not limited to: shared resources, offline data access

Planning for Business Continuity and High Availability

  • Plan storage. May include but is not limited to: storage solutions, storage management
  • Plan high availability. May include but is not limited to: service redundancy, service availability
  • Plan for backup and recovery. May include but is not limited to: data recovery strategy, server recovery strategy, directory service recovery strategy, object level recovery

70-662 Microsoft Exchange Server 2010, Configuring
70-663 Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010


70-662 Microsoft Exchange Server 2010, Configuring

Installing and Configuring Exchange Servers
  • Prepare the infrastructure for Exchange.
    • This objective may include but is not limited to: prepare schema; prepare domain; prepare Active Directory; ensure the domain functionality level is correct; domain controller service packs; Exchange readiness check; coexistence; migration from 2003 or 2007; disable LinkState; Exchange Server Service Pack level; remove unsupported legacy components; configuring DNS to support the Exchange deployment
    Install Exchange prerequisites.
    • This objective may include but is not limited to: install MMC 3.0, Windows PowerShell 2.0; Microsoft .NET 3.5, WinRM 2.0, IIS, Windows roles and features, use ServerManagerCMD, use Exchange prerequisite scripts
    • Install Exchange roles.
    • This objective may include but is not limited to: from the command line and the GUI; adding and modifying roles; add server roles to existing Exchange 2003 or 2007 organizations; verify Exchange installation; Security Configuration wizard (SCW); Windows Firewall, including port requirements; installing Exchange Server using standard and custom installation; installing Exchange Server using the command line; provisioning an Exchange Server and delegating server installation; troubleshooting a failed installation; adding Exchange Server roles after an initial installation
    Create and configure databases.
    • This objective may include but is not limited to: set database limits; set retention limits; set role-based access control (RBAC) permissions for database creation; naming conventions; create and use GUI and Windows PowerShell; create and manage public folder databases; set default public folder database; maintenance; mount and dismount databases; create new mailbox databases; configure mailbox database settings; move the mailbox database and transaction log locations; configure public folder database settings; mount and dismount databases
    Create and configure address lists.
    • This objective may include but is not limited to: update legacy address lists; configure offline address lists; publish address lists; filterable properties; creating and configuring e-mail address policies; creating and configuring address lists; creating and configuring offline address books

    Configuring Exchange Recipients and Public Folders

    Create and configure mailboxes.
    • This objective may include but is not limited to: deleted items; deleted mailbox; mailbox quota; message size; warning thresholds; move from and to previous Exchange versions; online and offline moves; intra-orgs and cross-orgs; create proxy addresses; create mailboxes; configure client access protocols; configure spam confidence level (SCL) and phishing confidence level (PCL); send as permissions; delegation; forwarding; mailbox permissions; create and configure linked mailboxes
    Configure RBAC.
    • This objective may include but is not limited to: create and assign RBAC roles; define RBAC scopes; configure RBAC for specific roles, such as help desk and address list administrator
    Create and configure resource mailboxes and shared mailboxes.
    • This objective may include but is not limited to: equipment; room; permissions; set mailbox calendaring options; autoaccept; custom resource types
    Create and configure recipients and distribution groups.
    • This objective may include but is not limited to: create and modify; security enabled; configure moderation, including Exchange Control Panel (ECP) options; dynamic distribution groups; create proxy addresses; configure mail-enabled users; contacts; send as permissions; forwarding
    Create and configure public folders.
    • This objective may include but is not limited to: mail-enabled public folders; configure public folder permissions; deleted items; message size; item age; public folder size; create public folders in Enterprise Content Management (EMC) and Microsoft Outlook, and OWA; configure public folder permissions; configure public folder limits

    Configuring Client Access

    Configure POP, IMAP, and Microsoft ActiveSync.
    • This objective may include but is not limited to: enable, configure, and secure POP and IMAP; manage certificates; configure mobile device policies; autodiscover; authentication; configure the Exchange ActiveSync virtual directory; configure the external name for Exchange ActiveSync; configure client access settings for Exchange ActiveSync, including Windows SharePoint Services and Windows File Share integration; Direct Push; configure Exchange ActiveSync mailbox policies; configure autodiscover for Exchange ActiveSync
    Configure Outlook Anywhere and RPC Client Access.
    • This objective may include but is not limited to: autodiscover; MAPI; create client access arrays; certificates; subject alternative name (SAN); configure virtual directories; enable and configure Outlook Anywhere on the CAS; troubleshoot Outlook Anywhere connectivity
    Configure federated sharing.
    • This objective may include but is not limited to: certificates; enrollment; DNS; calendar and free/busy; subject alternative name (SAN); assign policies; create and configure a federated trust; create and configure a federated organization identifier; create and configure a sharing relationship; create and configure a sharing policy; assign sharing policies to user accounts
    Configure Outlook Web App (OWA).
    • This objective may include but is not limited to: customize the OWA interface; certificates; file share and SharePoint access; public folders; verify multi-browser support; ECP; SAN; configure virtual directories; coexistence scenarios; authentication; configure the external name for OWA; configure client access settings for OWA, including Windows SharePoint Services and Windows File Share integration; segmentation settings; configure OWA mailbox policies

    Configuring Message Transport

    Create and configure transport rules.
    • This objective may include but is not limited to: enable and configure; disclaimers; moderated transport; install the Windows Rights Management Services (RMS) pre-licensing agent; configure rights protection by using transport rules
    Configure hub transport.
    • This objective may include but is not limited to: configure transport dumpster; accepted domains; remote domains; authoritative domains; e-mail address policies
    Configure Edge transport.
    • This objective may include but is not limited to: create, configure, and test Edge Sync; configure Edge Transport server cloning; install the Edge Transport server role; configure Edge Transport server settings; configure Edge synchronization
    Configure message routing.
    • This objective may include but is not limited to: internal and external DNS; configure routing based on sites and costs; enable, configure, and secure send and receive connectors; certificates; relay connectors; authentication; message size limits; MTLS; routing group connector for coexistence; configure accepted and remote domains; configure SMTP send and receive connectors; configure message delivery limits; configure TLS security for message delivery

    Monitoring and Reporting

    Monitor databases.
    • This objective may include but is not limited to: public folder statistics; mailbox databases statistics; database status; DAG replication
    Monitor mail flow.
    • This objective may include but is not limited to: perform message tracking; DNS; manage message queues; view, retry, and delete; backpressure thresholds; resolve NDRs
    Monitor connectivity.
    • This objective may include but is not limited to: SMTP client to server; SMTP server to server; Outlook RPC/MAPI; Outlook Anywhere; Outlook Exchange Web Services (EWS); POP; IMAP; ActiveSync
    Generate reports.
    • This objective may include but is not limited to: mailbox folder statistics; mailbox statistics; mailflow statistics; formatted list and formatted table; ExBPA
    Configure logging.
    • This objective may include but is not limited to: protocol logging; store logging; configure logging levels; agent logs; message tracking logs; event logs; analysis of logging results

    Implementing High Availability and Recovery

    Create and configure the Database Availability Group (DAG).
    • This objective may include but is not limited to: create and configure DAG; file share witness (FSW); replication latency; configure lag; add or remove database copies; configure failover priority; add or remove server members; configure mailbox database copies; manage continuous replication
    Perform backup and restore of data.
    • This objective may include but is not limited to: recovery database; dialtone restores; deleted mailbox retention; deleted item retention; mailbox merge; disconnected mailbox; backing up Exchange servers; creating a backup schedule
    Configure public folders for high availability.
    • This objective may include but is not limited to: add or remove replicas; schedules; message tracking; back up and restore public folder database and data
    Configure high availability for non-mailbox servers.
    • This objective may include but is not limited to: affinity; DNS round robin; MX records; NLB; configuring high availability for Client Access servers; configuring high availability for Hub Transport servers; configuring high availability for Edge Transport servers
    Back up and recover server roles.
    • This objective may include but is not limited to: hub; CAS IIS; Edge; Edge server clone configuration; setup /recoverserver; setup /recoverCMS; mailbox server; restoring Exchange Servers after server failure; configuring messaging services during a server failure; back up Server roles

    Configuring Message Compliance and Security (13 percent)

    Configure records management.
    • This objective may include but is not limited to: custom and default managed folders; retention policy; configure and apply retention policies and retention policy tags; configure managed folders, including default and custom managed folders; configure content settings; configure managed folder mailbox policies
    Configure compliance.
    • This objective may include but is not limited to: configure RMS; configure alternate mailboxes; configure journaling; enable message classification; configure mail tips; auditing; transport rules
    Configure message integrity.
    • This objective may include but is not limited to: S/MIME; MTLS; certificates; RMS federation; transport rules
    Configure anti-virus and anti-spam.
    • This objective may include but is not limited to: file and process exclusions; transport rules; SCL; PCL; sender ID; safe sender/block sender; Realtime Block List (RBL); Sender Policy Framework (SPF) records; sender reputation list (SRL); configuring anti-spam agents; managing the quarantine mailbox; managing updates for content filters

    70-663 Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010

    Planning the Exchange Server 2010 Infrastructure

  • Design the Exchange Server 2010 installation.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: define Exchange server locations; Exchange DNS requirements; plan for common and/or shared namespaces; SLA requirements; Active Directory site topologies; network topology; Exchange federation; directory synchronization with the cloud; multi-domain; multi-forest; resource forest; Exchange Deployment Assistant
    • Design message routing.
    • This objective may include but is not limited to: inter- and intra-site hub routing; connectors; plan connectivity between Exchange and other messaging applications; design and deploy hub mail flow (on-premise and/or cloud-based services); design and deploy Edge connectors/scoping; design message transport; reverse zone (PTR records); scale hub transport server performance; transport storage requirements including transport dumpster, message queues, and shadow redundancy; multi-domain; multi-forest; resource forest; accepted domains; remote domains; send connector configuration
    Design the mailbox server role.
    • This objective may include but is not limited to: plan database sizing; storage performance requirements such as I/O and disk latency requirements; multi-domain; multi-forest; resource forest; public folders; design recipient, distribution group, and mailbox provisioning and deprovisioning policies (on-premise and/or cloud-based services)
    Design client access.
    • This objective may include but is not limited to: local vs. remote access; mobile access policies; identify and plan for supported messaging clients or protocols such as IMAP, POP, and Exchange ActiveSync; Outlook Anywhere; Web services; OWA; MAPI (RPC Client Access); RPC CAS Kerberos Authentication; scale CAS server performance; storage requirements; multi-domain; multi-forest; resource forest; plan the location and configuration of Client Access servers; plan the AutoDiscover implementation; plan for Federated Delegation; CAS proxy and redirection
    Plan for transition and coexistence.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: plan and investigate consolidation of Exchange servers; plan intra- and inter-org migration; decommission legacy environment; free/busy; inter-org message routing; how to preserve the ability to reply to a message (x500, SMTP, and legacyExchangeDN); public folders (free/busy lookup, replication); identify when to use a transition rather than a migration; coexistence with third-party messaging systems

    Deploying the Exchange Server 2010 Infrastructure

    Prepare the infrastructure for Exchange Server 2010 deployment.
    • This objective may include but is not limited to: requirements to prepare schema, prepare domain, and prepare Active Directory; legacy permissions; prepare forest; forest functional level; domain controller versions, roles (excluding RODC/ROGC), and placement); prepare network services including directory synchronization, SMTP, federation, and DNS for on-premise and/or cloud-based services
    Deploy Edge transport server role.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: validate Exchange deployment; EdgeSync; configure transport agents; replace perimeter e-mail gateway; configure address rewriting
    Deploy client access server role.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: deploy CAS hardware and protocols; deploy mobile messaging services and connectivity; validate client connectivity; validate client functionality; autodiscover; multi-site/domain/forest
    Deploy hub transport server role.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: validate Exchange deployment; multi-site/domain/forest; configure transport rules; accepted domains; remote domains; send and receive connectors; message and recipient limits; deploy e-mail relay; validate message transport
    Deploy mailbox server role.
    • This objective may include but is not limited to: database configuration and placement quota enforcement policies; deploy the Mailbox server and storage; deploy the mailbox database; deploy address lists and offline address books; validate Mailbox server performance; validate Mailbox server access; deploy public folders; configure public folder replication; configure client access to public folders; configure public folder permissions
    Deploy server roles for coexistence and migration.
    • This objective may include but is not limited to: coexistence with and/or migration from Exchange 2003, 2007, 2010, cloud-based services, and third-party messaging systems; coexistence with namespaces; validate Exchange deployment; server transition process; transport rule coexistence; conversion from LDAP to OPATH filtering; routing group connector (RGC) configuration

    Designing and Deploying Security for the Exchange Organization

    Design and deploy messaging security.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: secure relaying; signing and/or encrypting with S/MIME; certificates; MTLS; Information Rights Management (IRM); ActiveSync with IRM; Federation with IRM; define message security requirements; planning SMTP connector security; planning secure routing between organizations; planning client-based message security; planning Outlook Protection Rules
    Design and deploy Exchange permissions model.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: role-based access control (RBAC) assignments, scopes, and roles; Exchange Control Panel (ECP); modification of default RBAC roles; creation of custom RBAC roles; planning administrative permissions using the built-in management roles; planning administrative permissions using custom management roles; planning remote administration of Exchange servers; database scope split; split permission model
    Design and deploy message hygiene.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: design and deploy Edge security; identify, plan, and design anti-spam and anti-virus solutions for the messaging deployment; SPA/sender ID; define connection, attachment, recipient, sender, and content filtering rules; safe list aggregation; block lists; phishing confidence level (PCL); spam confidence level (SCL); sender reputation level (SRL)
    Design and deploy client access security.
    • This objective may include but is not limited to: design and deploy ActiveSync policies; plan certificates for Exchange CAS; alternate authentication (smart cards, client certificates, and time-based two-factor authentication tokens); authentication protocols (plain text, NTLM, forms based, Kerberos); OWA segmentation
    Design and deploy Exchange object permissions.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: design and deploy public folder security; mailbox (send as, full access, delegation, mail flow); resource security; distribution groups; design and deploy client access for POP, IMAP, ActiveSync, OWA, and MAPI per mailbox

    Designing and Deploying Exchange Server 2010 Availability and Recovery

    Design and deploy high availability and disaster recovery for Exchange dependencies.
    • This objective may include but is not limited to: directory, network, DNS, storage, site, and datacenter resiliency; plan for updates and change management
    Design and deploy high availability and disaster recovery for CAS role.
    • This objective may include but is not limited to: backup and recovery; designing and deploying CAS array; multi-site CAS deployment; DNS updates for client access during site failover; network load balancing
    Design and deploy high availability and disaster recovery for mailbox server role.
    • This objective may include but is not limited to: design and deploy database scoping; design DAG; design and deploy public folder replication; backup and recovery; DNS record TTL; file share witness resiliency; activation preference and auto-activation; lag copies; designing and deploying continuous replication; designing and deploying DAGs distributed across multiple locations; Datacenter Activation Coordination (DAC); database repair
    Design and deploy high availability and disaster recovery for hub transport role.
    • This objective may include but is not limited to: backup and recovery; receive connector resiliency; send connector scoping; design and deploy single and multi-site redundant Hub Transport services; network load balancing
    Design and deploy high availability and disaster recovery for Edge transport server role.
    • This objective may include but is not limited to: backup and recovery; server placement; DNS load balancing; MX records; namespace changes; designing and deploying single and multi-site redundant Edge Transport services

    Designing and Deploying Messaging Compliance, System Monitoring, and Reporting

    Design and deploy auditing and discovery.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: mailbox and admin audit logging; permissions auditing; message tracking; protocol logging; IRM logging; RBAC (compliance role and scope); identify requirements for discovery or auditing; plan journaling or message record management (MRM) for discovery; plan access permissions for discovery searches
    Design and deploy message archival.
    • This objective applies to on-premise and/or cloud-based services and may include but is not limited to: dumpster 2.0; legal hold; retention policies (MRM); retention tags; convert managed folders to retention policies; design and deploy alternate mailboxes; plan for managing messages in default Outlook folders; plan a retention policy implementation; plan an Auto Tagging implementation; personal archives and the impact on database design
    Design and deploy transport rules for message compliance.
    • This objective may include but is not limited to: ethical firewall; message journaling; disclaimers; Mail Tips such as notification for external recipients and recipient limits; transport-based signing and/or encryption (S/MIME, MTLS, IRM)
    Design and deploy for monitoring and reporting.
    • This objective may include but is not limited to: design and deploy message flow monitoring; client accessibility; SLA requirements; analyze client usage, number of messages, and message size; monitoring client access services; troubleshooting client access services; mailbox access reporting