There is a good and free way to prepare for Microsoft exam 70-742: Identity with Windows Server 2016.
In the past years, I conducted webinars that can serve as a primer on Active Directory in terms of forests, domains, trusts, security and on Group Policy. They are not and were never intended as the sole sources of preparation for the exam. Instead, I hope you conceived my passion for the technologies and want to learn further. In this blogpost, I’ll talk about the areas in which you can use these resources for your preparations for the exam.
To access the resources below, the sponsors require you to register. This means you will provide your personal information to these organizations and you agree to get promotional messages from them.
Gaps in your Active Directory Domain Services knowledge
I recommend you watch the three recordings from the 75-minute webinars with Netwrix as a start, as these videos address 55% of the topics of the exam.
- Active Directory 101: Install and Configure AD Domain Services
- Active Directory 101: Manage and Maintain AD Domain Services
- Active Directory 101: Create and Manage Group Policy
A couple of areas of Active Directory Domain Services (AD DS) were not addressed during the webinars with Netwrix. Instead, in an earlier 3-part webinar series with Veeam, virtualizing, backing up and restoring Domain Controllers were discussed:
- Episode 1: Active Directory 101
- Episode 2: Active Directory and virtualization
- Episode 3: Active Directory and backup
I recommend to watch the recordings of the 2nd episode and 3rd episode of the Active Directory webinar series, sponsored by Veeam. (The first webinar has an overlap with the first two webinars in Netwrix’ series.) These two webinar provide the information you need on the significance of the VM-GenerationID and Event-ID 1109. It’ll get you through the questions on the exam on virtualization and disaster recovery with ease, that’s about another 10% of the exam.
Azure AD Connect and Azure Active Directory
You’ll want to watch the recording of the webinar titled Tracking changes in Hybrid Identity environments with both AD and Azure AD as I detail the inner workings of Azure AD Connect and Azure Active Directory.
At last year’s Hybrid Identity Protection Conference in New York, Roelf Zomerman from AzureInfra.com fame and I presented two 75-minute sessions on Azure AD Connect. The live recordings of these sessions are available for free on YouTube:
These two videos provide a deep dive on Azure AD Connect, its rules engine and the way the mS-DS-ConsistencyGUID helps with migrations. Understanding the topics in these two videos provides sufficient knowledge to pass the Azure AD and Azure AD Connect questions at the exam. They represent about 10% of the exam, too.
Active Directory Federation Services
Active Directory Federation Services (AD FS) is a Microsoft technology to extend the clunky old Active Directory Domain Services with hip new authentication protocols and markup languages like WS-FED, SAML, Oauth 2, Open ID Connect and SCIM,
Microsoft’s documentation on AD FS is the starting point to understanding AD FS, the roles of its key components, like the attribute store, configuration database, claims and URIs. Start here and churn through the topics in the left navigation menu, or download the PDF for offline access.
The topics are pretty high-over, but when you start building your first AD FS Farm, all the puzzle pieces will fall into place. (See Experience below)
Questions on AD FS constitute about 10% of the questions on exam 70-742.
Active Directory Certificate Services
Active Directory Certificate Services (AD CS) allows systems administrators to create Certification Authorities (CAs) to issue and revoke certificates for authentication, signing and other encryption purposes.
Learning AD CS is easy when you have money to spend on courses, but getting started for free is not that easy. The most recent AD CS information on Microsoft-owned web properties dates back a couple of years, but provides good information in Wiki-style. It’s a good read to get started.
Nordic Infrastructure Conference
After you’ve read on the benefits and roles of Certification Authorities, I recommend to view the recordings of a couple of sessions by Brian Komar. The annual Nordic Infrastructure Conference has a couple of recordings on Vimeo:
- Brian Komar: How to Not Screw Up Your PKI Environment
- Brian Komar: Issuing certificates for non- domain and non- windows computers
- Brian Komar: What’s New in Windows Server 2012 PKI
Questions on AD CS constitute about 10% of the questions on exam 70-742.
Active Directory Rights Management Services
Active Directory Rights Management Services (AD RMS) offers organization the ability to protect documents with intrinsic encryption. This way, no matter how the document is processed, transferred or handled, the permissions (like open, edit and print) are retained.
Again, the Microsoft documentation offers a good start, although it’s largely based on Windows Server 2012 and Windows Server 2012 R2.
Questions on AD CS constitute about 5% of the questions on exam 70-742. However, since adoption of AD RMS was slow and as the world is moving fast to Microsoft Information Protection, I would skip learning AD RMS for the exam. Practice exam questions (see Final preparations below) provide the answers to the 3 questions you might get during the exam
I highly recommend setting up a home lab with Windows Server 2016, and:
- Install an Active Directory Domain Controller and a replica Domain Controller. All the information for this setup is available in the recording of the Active Directory 101: Install and Configure AD Domain Services session.
- Play around with Group Policy to centrally manage settings and install a simple piece of software like the FrontMotion MSI for FireFox.
- Perform a simple Hybrid Identity implementation with AD FS on-premises. This will get you started with Active Directory Federation Services (AD FS) and Azure Active Directory.
- Setup an Active Directory Certificate Services (AD CS)-based Certification Authority, following the steps in my 4Sysops article Certificate Server in Server Core. It’ll get you started with AD CS on the command-line. While the article was written with Server Core installations of Windows Server 2012 in mind, the commands work on full installations of Windows Server 2016. The official Microsoft documentation on AD CS is quite good, too, if you want to go at it using the graphical user interface (GUI).
While setting up a lab environment may sound expensive, you might be able to pull it off using an Azure Infrastructure-as-a-Service (IaaS) trial subscription or student subscription.
Please don’t skip building your experience, because the last thing our industry needs are more paper tigers. We need people who can properly manage Active Directory to make the world a better place.
After you’ve sat down, read through the concepts and played with the technology in your own lab environment, there’s three more things that you can do to fully prepare for the exam:
- Watch the Microsoft Ignite 2017 Cert Exam Prep: Exam 70-742: Identity with Windows Server 2016 (BRK3176). It provides information on the topics, the number of questions, the time you get to answer the questions, the passing score and example practice questions.
- Try your hand at practice questions for exam 70-742 with questions in free downloadable PDF format. This will provide confidence to face the exam stress, in case you need it.
Again, Please don’t skip gathering your knowledge and building your experience, because the last thing our industry needs are more paper tigers. We need people who can properly manage Active Directory to make the world a better place. Be the better person. Be the better candidate.
I have thought long and hard on helping people gain the knowledge, experience and skills to pass Microsoft-based identity exams for a long time. Now, for the first time, I feel there is a good and free way to prepare for exam 70-742.
I wish you all the best in your exam endeavors and your careers.
The above list of resources is in no way complete. If you feel additional resources may benefit people preparing for Microsoft Exam 70-742: Identity with Windows Server 2016, please leave a comment below.