Domains and Forests

Windows Active Directory Domain Services (AD DS) is a leading identity management solution for organizations of all sizes. At the core of Windows AD DS is the domain controller. The domain controller provides login services, group policies, domain naming services (DNS), and other identity management services for users and computers in a domain along with other enterprise management services.

In this lesson, we start by reviewing the Windows AD DS environment including forests and domains. Then we review considerations for deploying domain controllers in a virtualized environment, on-premises, and in Azure. Next, we look at use cases for deploying read-only domain controllers at locations where physical security cannot be guaranteed. Lastly, we examine flexible single master operations roles and how to locate and move them to support troubleshooting efforts.

Learning Objectives

• Deploy and manage domain controllers on-premises
• Deploy and manage domain controllers in Azure
• Deploy read-only domain controllers (RODCs)
• View, manage, and troubleshoot flexible single master operations (FSMO) roles

Intended Audience

• System administrators with responsibilities for managing hybrid identities
• Subject matter experts in configuring and managing Active Directory workload on-premises and in Azure
• Anyone preparing for the Azure AZ-800 Administering Windows Server Hybrid Core Infrastructure exam

Prerequisites

• A basic understanding of deploying and managing Microsoft Windows servers
• Windows Server installation media and an environment to run Windows Server (trial available at https://www.microsoft.com/en-us/evalcenter/evaluate-windows-server-2022)