70-742 Study Guide: Identity with Windows Server 2016

The 70-742: Identity with Windows Server 2016 exam is one of the three exams required to get your Microsoft Certified Solutions Associate (MCSA) Windows Server 2016 Certification. This 70-742 study guide was created to help you find materials to study, and ace the exam. I will share both free and paid options, whether books, video training or simply links to articles and blog posts. I will not share any dumps as those are against the Microsoft Terms of Service, and by using dumps, we decrease the value of our certifications.

Certification Path

Exam Name

Link to Exam on Microsoft Learning

Study Guide

70-740 Installation, Storage, and Compute with Windows Server 2016 Installation, Storage, and Compute with Windows Server 2016 70-740 Study Guide: Installation, Storage, and Compute with Windows Server 2016
70-741 Networking with Windows Server 2016 Networking with Windows Server 2016 70-741 Study Guide: Networking with Windows Server 2016
70-742 Identity with Windows Server 2016 Identity with Windows Server 2016 70-742 Study Guide: Identity with Windows Server 2016

Books that covers the whole exam

Exam Ref 70-742 Identity with Windows Server 2016
Prepare for Microsoft Exam 70-742–and help demonstrate your real-world mastery of Windows Server 2016 identity features and functionality. Designed for experienced IT professionals ready to advance their status, Exam Ref focuses on the critical-thinking and decision-making acumen needed for success at the MCSA level.Links:

 

Video Training for the exam

NOTE: Pluralsight is a paid resource unlike Channel9 and Microsoft Virtual Academy which are free. The quality they provide is also superior because of all the quality checks they go through, and the instructors are one of the best in the industry. The Pluralsight courses have a link to where you can get a free trial and decide for yourself if paying a subscription or not is worth it, but the 10-day free trial should allow you to view all those courses for free.

Cert Exam Prep: MCSA: Windows Server 2016: Exam 70-742: Identity with Windows Server 2016
This Certification Exam Prep session is designed for people experienced with Windows Server who are interested in taking the 70-742 exam or the 70-743 exam. These exams are required for the new MCSA: Windows Server 2016 certification. Attendees of this session can expect to review the topics covered in these exams in a fast-paced format, as well as receive some valuable test taking techniques. Attendees leave with an understanding of how Microsoft certification works, what are the key topics covered in the exams, and an exhaustive look at resources for finalizing getting ready for the exam. The session is led by a Microsoft Certified Trainer (MCT), experienced in delivering sessions on these topics.

Instructor-led training (Microsoft Official Courses)

Course 20742A: Identity with Windows Server 2016 (5 Days)
This five-day instructor-led course teaches IT Pros how to deploy and configure Active Directory Domain Services (AD DS) in a distributed environment, how to implement Group Policy, how to perform backup and restore, and how to monitor and troubleshoot Active Directory–related issues with Windows Server 2016. Additionally, this course teaches how to deploy other Active Directory server roles such as Active Directory Federation Services (AD FS) and Active Directory Certificate Services (AD CS).

Articles / Blog Posts per objective <In Progress>

Install and configure Active Directory Domain Services (AD DS) (20–25%)

  • Install and configure domain controllers
    • Install a new forest, add or remove a domain controller from a domain, upgrade a domain controller, install AD DS on a Server Core installation, install a domain controller from Install from Media (IFM), resolve DNS SRV record registration issues, configure a global catalog server, transfer and seize operations master roles, install and configure a read-only domain controller (RODC), configure domain controller cloning
  • Create and manage Active Directory users and computers
    • Automate the creation of Active Directory accounts; create, copy, configure, and delete users and computers; configure templates; perform bulk Active Directory operations; configure user rights; implement offline domain join; manage inactive and disabled accounts; automate unlocking of disabled accounts using Windows PowerShell; automate password resets using Windows PowerShell
  • Create and manage Active Directory groups and organizational units (OUs)
    • Configure group nesting; convert groups, including security, distribution, universal, domain local, and domain global; manage group membership using Group Policy; enumerate group membership; automate group membership management using Windows PowerShell; delegate the creation and management of Active Directory groups and OUs; manage default Active Directory containers; create, copy, configure, and delete groups and OUs

Manage and maintain AD DS (15–20%)

  • Configure service authentication and account policies
    • Create and configure Service Accounts, create and configure Group Managed Service Accounts (gMSAs), configure Kerberos Constrained Delegation (KCD), manage Service Principal Names (SPNs), configure virtual accounts, configure domain and local user password policy settings, configure and apply Password Settings Objects (PSOs), delegate password settings management, configure account lockout policy settings, configure Kerberos policy settings within Group Policy
  • Maintain Active Directory
    • Back up Active Directory and SYSVOL, manage Active Directory offline, perform offline defragmentation of an Active Directory database, clean up metadata, configure Active Directory snapshots, perform object- and container-level recovery, perform Active Directory restore, configure and restore objects by using the Active Directory Recycle Bin, configure replication to Read-Only Domain Controllers (RODCs), configure Password Replication Policy (PRP) for RODC, monitor and manage replication, upgrade SYSVOL replication to Distributed File System Replication (DFSR)
  • Configure Active Directory in a complex enterprise environment
    • Configure a multi-domain and multi-forest Active Directory infrastructure; deploy Windows Server 2016 domain controllers within a pre-existing Active Directory environment; upgrade existing domains and forests; configure domain and forest functional levels; configure multiple user principal name (UPN) suffixes; configure external, forest, shortcut, and realm trusts; configure trust authentication; configure SID filtering; configure name suffix routing; configure sites and subnets; create and configure site links; manage site coverage; manage registration of SRV records; move domain controllers between sites

Create and manage Group Policy (25–30%)

  • Create and manage Group Policy Objects (GPOs)
    • Configure a central store; manage starter GPOs; configure GPO links; configure multiple local Group Policies; back up, import, copy, and restore GPOs; create and configure a migration table; reset default GPOs; delegate Group Policy management; detect health issues using the Group Policy Infrastructure Status dashboard
  • Configure Group Policy processing
    • Configure processing order and precedence, configure blocking of inheritance, configure enforced policies, configure security filtering and Windows Management Instrumentation (WMI) filtering, configure loopback processing, configure and manage slow-link processing and Group Policy caching, configure client-side extension (CSE) behaviour, force a Group Policy update
  • Configure Group Policy settings
    • Configure software installation, configure folder redirection, configure scripts, configure administrative templates, import security templates, import a custom administrative template file, configure property filters for administrative templates
  • Configure Group Policy preferences
    • Configure printer preferences, define network drive mappings, configure power options, configure custom registry settings, configure Control Panel settings, configure Internet Explorer settings, configure file and folder deployment, configure shortcut deployment, configure item-level targeting

Implement Active Directory Certificate Services (AD CS) (10–15%)

  • Install and configure AD CS
    • Install Active Directory Integrated Enterprise Certificate Authority (CA), install offline root and subordinate CAs, install standalone CAs, configure Certificate Revocation List (CRL) distribution points, install and configure Online Responder, implement administrative role separation, configure CA backup and recovery
  • Manage certificates
    • Manage certificate templates; implement and manage certificate deployment, validation, and revocation; manage certificate renewal; manage certificate enrollment and renewal for computers and users using Group Policies; configure and manage key archival and recovery

Implement identity federation and access solutions (15–20%)

  • Install and configure Active Directory Federation Services (AD FS)
    • Upgrade and migrate previous AD FS workloads to Windows Server 2016; implement claims-based authentication, including Relying Party Trusts; configure authentication policies; configure multi-factor authentication; implement and configure device registration; integrate AD FS with Microsoft Passport; configure for use with Microsoft Azure and Office 365; configure AD FS to enable authentication of users stored in LDAP directories
  • Implement Web Application Proxy (WAP)
    • Install and configure WAP, implement WAP in pass-through mode, implement WAP as AD FS proxy, integrate WAP with AD FS, configure AD FS requirements, publish web apps via WAP, publish Remote Desktop Gateway applications, configure HTTP to HTTPS redirects, configure internal and external Fully Qualified Domain Names (FQDNs)
  • Install and configure Active Directory Rights Management Services (AD RMS)
    • Install a licensor certificate AD RMS server, manage AD RMS Service Connection Point (SCP), manage AD RMS templates, configure Exclusion Policies, backup and restore AD RMS

Additional Tips

I think the best thing that you can do after reading this, or even meanwhile, is to prepare some Virtual Machines either on your computer, or on a small server, and try to install Windows Server 2016, and play with those features, follow the tutorials and you shouldn’t have any problems with the exam!

Did I miss any cool links in this guide? Let me know in the comments!

Follow me on Social Media and Share this article with your friends!

Leave a comment and don’t forget to like the Absolute SharePoint Blog Page   on Facebook and to follow me on Twitter here  for the latest news and technical articles on SharePoint.  I am also a Pluralsight author, and you can view all the courses I created on my author page.
4.13/5 (8)

Please rate this