Microsoft Directory Services

Course Description

This course introduces students to the design, implementation, and administration of Microsoft Active Directory Domain Services (AD DS) within enterprise network environments. Students gain hands-on experience installing, configuring, managing, and troubleshooting directory services using current Microsoft Windows Server operating systems. Topics include domain infrastructure, user and group management, Group Policy, replication, federation services, and integration with cloud-based identity platforms such as Microsoft Entra ID (Azure Active Directory). This is a sophomore-level course in the Computer Engineering Technology (CET) program sequence.

Learning Outcomes

Required Learning Outcomes

Upon successful completion of this course, students will be able to:

• Install and configure Active Directory Domain Services (AD DS) on Windows Server.
• Create and manage domains, domain trees, and forests in a multi-site environment.
• Create, configure, and manage user accounts, computer accounts, groups, and Organizational Units (OUs).
• Implement and manage Group Policy Objects (GPOs) to enforce security settings and software deployments.
• Configure and manage Active Directory replication between domain controllers.
• Implement DNS integration with Active Directory for proper name resolution in a domain environment.
• Manage trusts between domains and forests.
• Perform backup, recovery, and maintenance of Active Directory infrastructure.
• Administer role-based access control (RBAC) and Active Directory permissions.
• Troubleshoot common Active Directory issues including authentication failures, replication errors, and policy application problems.

Optional Learning Outcomes

The following outcomes may be covered depending on institutional emphasis and course section:

• Configure Active Directory Federation Services (AD FS) for single sign-on (SSO) scenarios.
• Integrate on-premises Active Directory with Microsoft Entra ID (Azure AD) using Entra Connect (Azure AD Connect).
• Implement RADIUS infrastructure with Network Policy Server (NPS) for VPN and remote access authentication.
• Configure Active Directory Certificate Services (AD CS) and a Public Key Infrastructure (PKI).
• Use PowerShell for Active Directory automation and bulk administration tasks.
• Configure Active Directory Rights Management Services (AD RMS) for document-level access control.
• Implement fine-grained password policies and account lockout strategies.

Major Topics

Required Topics

• Active Directory Overview: Directory service concepts, LDAP, Kerberos authentication, and AD DS architecture.
• Windows Server Roles: Installing the AD DS role, promoting servers to domain controllers, and server management tools.
• Domain Infrastructure: Domains, domain trees, forests, sites, and site links; functional levels.
• DNS and Active Directory: DNS zones, SRV records, dynamic DNS, and the relationship between DNS and AD DS.
• User and Group Management: Local, domain, and built-in accounts; security and distribution groups; group scope (domain local, global, universal).
• Organizational Units (OUs) and Delegation: OU design, creating OUs, delegating administrative control.
• Group Policy: GPO creation, linking, inheritance, filtering, and troubleshooting; security settings and software deployment.
• Active Directory Replication: Replication topology, intra-site and inter-site replication, troubleshooting replication failures.
• Trust Relationships: Automatic trusts, shortcut trusts, external trusts, and forest trusts.
• AD DS Backup and Recovery: System state backups, authoritative and non-authoritative restores, AD Recycle Bin.
• Monitoring and Troubleshooting: Event Viewer, dcdiag, repadmin, and other diagnostic tools.

Optional Topics

• Active Directory Federation Services (AD FS): Claims-based identity, SSO configuration, relying party trusts.
• Microsoft Entra ID (Azure AD) Integration: Hybrid identity, directory synchronization with Entra Connect, password hash sync, pass-through authentication.
• RADIUS and Network Policy Server (NPS): Remote access authentication, VPN policy configuration, 802.1x wireless authentication.
• Active Directory Certificate Services (AD CS): PKI concepts, enterprise vs. standalone CA, certificate templates, enrollment.
• PowerShell for Active Directory: Active Directory module, automating user provisioning, bulk operations, and reporting scripts.
• Active Directory Rights Management Services (AD RMS): Information protection policies, RMS cluster configuration.
• Fine-Grained Password Policies: Password Settings Objects (PSOs), shadow groups.

Resources & Tools

• Microsoft Windows Server (current version) — primary lab platform for AD DS configuration and management.
• Microsoft Learn (learn.microsoft.com) — free official Microsoft training modules and documentation for Windows Server and Active Directory.
• Hyper-V or VMware Workstation — virtualization platforms used to build multi-server lab environments.
• Active Directory Users and Computers (ADUC), Active Directory Administrative Center (ADAC), and Group Policy Management Console (GPMC) — core administrative tools.
• Windows PowerShell / PowerShell ISE — scripting and automation environment for AD administration tasks.
• Wireshark — network protocol analyzer for observing Kerberos, LDAP, and DNS traffic in lab exercises.
• Textbook: A current Microsoft Press or comparable publisher title aligned to Windows Server administration and MCSA/MD-100/MD-101 exam objectives (edition per instructor selection).
• Microsoft Azure Free Tier — for optional hybrid identity and Entra ID lab exercises.

Career Pathways

Completion of this course supports preparation for careers in enterprise IT infrastructure and systems administration, including:

• Systems Administrator — managing on-premises Windows Server and Active Directory environments.
• Network Administrator — configuring directory-integrated DNS, DHCP, and network access control.
• Identity and Access Management (IAM) Specialist — administering user identities, roles, and permissions across hybrid environments.
• Cloud Engineer — working with hybrid Azure AD / Entra ID identity solutions.
• Security Analyst — auditing Active Directory for misconfigurations, privilege escalation risks, and policy compliance.
• Help Desk / IT Support Specialist (Tier 2–3) — troubleshooting authentication, Group Policy, and domain account issues.

Special Information

Certification Preparation

This course is part of a three-course Microsoft Windows Server sequence (CET 2792, CET 2793, CET 2794) offered at Florida colleges such as Palm Beach State College. The content of CET 2794 is specifically aligned to help prepare students for industry-recognized Microsoft Certifications, including:

• MCP (Microsoft Certified Professional) — foundational Microsoft credential.
• MCSA: Windows Server (legacy) / Microsoft Certified: Windows Server Hybrid Administrator Associate — current equivalent certification pathway covering Active Directory, hybrid identity, and server management.
• Exam AZ-800: Administering Windows Server Hybrid Core Infrastructure — current Microsoft exam covering AD DS, DNS, and hybrid identity topics aligned to this course.

Note: Students entering the program with existing Microsoft certifications should consult their department chair regarding prior learning credit, as there is no automatic reciprocity for certification-based course waivers at all institutions.