Microsoft Windows Server logo

  • Published:
    March 6, 2008
  • Languages:
    English, German, Japanese
  • Audiences:
    IT professionals
  • Technology:
    Windows Server 2008
  • Credit toward certification:

Windows Server 2008 Active Directory, Configuring

This exam has been retired

For currently available options, please see the Microsoft Certification exam list.

Skills measured

This exam measures your ability to accomplish the technical tasks listed below. The percentages indicate the relative weight of each major topic area on the exam. The higher the percentage, the more questions you are likely to see on that content area on the exam. View video tutorials about the variety of question types on Microsoft exams.

Please note that the questions may test on, but will not be limited to, the topics described in the bulleted text.

Do you have feedback about the relevance of the skills measured on this exam? Please send Microsoft your comments. All feedback will be reviewed and incorporated as appropriate while still maintaining the validity and reliability of the certification process. Note that Microsoft will not respond directly to your feedback. We appreciate your input in ensuring the quality of the Microsoft Certification program.

If you have concerns about specific questions on this exam, please submit an exam challenge.

If you have other questions or feedback about Microsoft Certification exams or about the certification program, registration, or promotions, please contact your Regional Service Center.

Configuring Domain Name System (DNS) for Active Directory (18%)
  • Configure zones
    • Dynamic DNS (DDNS), Non-dynamic DNS (NDDNS), and Secure Dynamic DNS (SDDNS); Time to Live (TTL); GlobalNames; Primary, Secondary, Active Directory Integrated, Stub; SOA; zone scavenging; forward lookup; reverse lookup
  • Configure DNS server settings
    • Forwarding; root hints; configure zone delegation; round robin; disable recursion; debug logging; server scavenging
  • Configure zone transfers and replication
    • Configure replication scope (forestDNSzone; domainDNSzone); incremental zone transfers; DNS Notify; secure zone transfers; configure name servers; application directory partitions

Preparation resources

Configuring the Active Directory infrastructure (17%)
  • Configure a forest or a domain
    • Remove a domain; perform an unattended installation; Active Directory Migration Tool (ADMT); change forest and domain functional levels; interoperability with previous versions of Active Directory; multiple user principal name (UPN) suffixes; forestprep; domainprep
  • Configure trusts
    • Forest trust; selective authentication vs. forest-wide authentication; transitive trust; external trust; shortcut trust; SID filtering
  • Configure sites
    • Create Active Directory subnets; configure site links; configure site link costing; configure sites infrastructure
  • Configure Active Directory replication
    • DFSR; one-way replication; Bridgehead server; replication scheduling; configure replication protocols; force intersite replication
  • Configure the global catalog
    • Universal Group Membership Caching (UGMC); partial attribute set; promote to global catalog
  • Configure operations masters
    • Seize and transfer; backup operations master; operations master placement; Schema Master; extending the schema; time service

Preparation resources

Configuring Active Directory roles and services (14%)
  • Configure Active Directory Lightweight Directory Service (AD LDS)
    • Migration to AD LDS; configure data within AD LDS; configure an authentication server; Server Core installation
  • Configure Active Directory Rights Management Service (AD RMS)
    • Certificate request and installation; self-enrollments; delegation; create RMS templates; RMS administrative roles; RM add-on for IE
  • Configure the read-only domain controller (RODC)
    • Replication; Administrator role separation; read-only DNS; BitLocker; credential caching; password replication; syskey; read-only SYSVOL; staged install
  • Configure Active Directory Federation Services (AD FSv2)
    • Install AD FS server role; exchange certificate with AD FS agents; configure trust policies; configure user and group claim mapping; import and export trust policies

Preparation resources

Creating and maintaining Active Directory objects (18%)
  • Automate creation of Active Directory accounts
    • Bulk import; configure the UPN; create computer, user, and group accounts (scripts, import, migration); template accounts; contacts; distribution lists; offline domain join
  • Maintain Active Directory accounts
    • Manage computer accounts; configure group membership; account resets; delegation; AGDLP/AGGUDLP; deny domain local group; local vs. domain; Protected Admin; disabling accounts vs. deleting accounts; deprovisioning; contacts; creating organizational units (OUs); delegation of control; protecting AD objects from deletion; managed service accounts
  • Create and apply Group Policy objects (GPOs)
    • Enforce, OU hierarchy, block inheritance, and enabling user objects; group policy processing priority; WMI; group policy filtering; group policy loopback; Group Policy Preferences (GPP)
  • Configure GPO templates
    • User rights; ADMX Central Store; administrative templates; security templates; restricted groups; security options; starter GPOs; shell access policies
  • Deploy and manage software by using GPOs
    • Publishing to users; assigning software to users; assigning to computers; software removal; software restriction policies; AppLocker
  • Configure account policies
    • Domain password policy; account lockout policy; fine-grain password policies
  • Configure audit policy by using GPOs
    • Audit logon events; audit account logon events; audit policy change; audit access privilege use; audit directory service access; audit object access; advanced audit policies; global object access auditing; “Reason for Access” reporting

Preparation resources

Maintaining the Active Directory environment (18%)
  • Configure backup and recovery
    • Using Windows Server Backup; back up files and system state data to media; backup and restore by using removable media; perform an authoritative or non-authoritative restores; linked value replication; Directory Services Recovery Mode (DSRM); backup and restore GPOs; configure AD recycle bin
  • Perform offline maintenance
    • Offline defragmentation and compaction; Restartable Active Directory; Active Directory database mounting tool
  • Monitor Active Directory
    • Event viewer subscriptions; data collector sets; real-time monitoring; analyzing logs; WMI queries; PowerShell

Preparation resources

Configuring Active Directory Certificate Services (15%)
  • Install Active Directory Certificate Services
    • Certificate authority (CA) types, including standalone, enterprise, root, and subordinate; role services; prepare for multiple-forest deployments
  • Configure CA server settings
    • Key archival; certificate database backup and restore; assigning administration roles; high-volume CAs; auditing
  • Manage certificate templates
    • Certificate template types; securing template permissions; managing different certificate template versions; key recovery agent
  • Manage enrollments
    • Network device enrollment service (NDES); auto enrollment; Web enrollment; extranet enrollment; smart card enrollment; authentication mechanism assurance; creating enrollment agents; deploying multiple-forest certificates; x.509 certificate mapping
  • Manage certificate revocations
    • Configure Online Responders; Certificate Revocation List (CRL); CRL Distribution Point (CDP); Authority Information Access (AIA)

Preparation resources

Preparation options

Instructor-led training
Practice test

MCTS Self-Paced Training Kit (Exam 70-640): Configuring Windows Server 2008 Active Directory (2nd Edition)
Published: June 15, 2011

Fully updated for Windows Server 2008 R2! Ace your preparation for the skills measured by Exam 70-640—and on the job. Work at your own pace through a series of lessons and reviews that fully cover each exam objective. Then, reinforce and apply your knowledge to real-world case scenarios and practice exercises. This kit also includes a 15% exam discount from Microsoft.

Buy this book at the Microsoft Press Store

Who should take this exam?

The Microsoft Certified Technology Specialist (MCTS) on Windows Server 2008 credentials are intended for information technology (IT) professionals who work in the complex computing environment of medium to large companies. The MCTS candidate should have at least one year of experience implementing and administering Windows Server 2008 R2 in an environment that has the following characteristics:

  • 250 to 5,000 or more users
  • multiple physical locations, multiple domain controllers
  • network services and resources such as messaging, databases, file and print, firewalls, Internet access, an intranet, Public Key Infrastructure, remote access, remote desktop, virtualization, and client computer management
  • connectivity requirements such as connecting branch offices and individual users in remote locations to corporate resources, and connecting corporate networks

More information about exams

Preparing for an exam

We recommend that you review this exam preparation guide in its entirety and familiarize yourself with the resources on this website before you schedule your exam. See the Microsoft Certification exam overview for information about registration, videos of typical exam question formats, and other preparation resources. For information on exam policies and scoring, see the Microsoft Certification exam policies and FAQs.


This preparation guide is subject to change at any time without prior notice and at the sole discretion of Microsoft. Microsoft exams might include adaptive testing technology and simulation items. Microsoft does not identify the format in which exams are presented. Please use this preparation guide to prepare for the exam, regardless of its format. To help you prepare for this exam, Microsoft recommends that you have hands-on experience with the product and that you use the specified training resources. These training resources do not necessarily cover all topics listed in the "Skills measured" section.