Windows Server - Kerberos and Authentication Troubleshooting

Understand the internal operation of various authentication methods availabe in Windows networks, such as Kerberos, NTLM and its older versions, PKINIT, Schannel and Basic and Simple Bind
Implement and troubleshoot complex authentication scenarios such as those requiring Kerberos delegation in environments based on Windows 2012 and application such as SharePoint, Exchange, UAG, System Center or SQL Server
Work in complex and secure environments comprising several Active Directory forests and domains with multiple trust relationships

Knowledge in extent of the courses which are listed in the bellow sections Previous Courses and Related Courses
Good understanding of Active Directory and Group Policy
Good understanding of TCP/IP and DNS technologies

Windows authentication and security subsystems, LSASS
Passwords, hashes, secret storage and protection with DPAPI, password caches, smart card logon
Principles of computer accounts, principals such as SYSTEM, Network Service, Local Service, NT SERVICE, IISAppPool and managed service accounts
LM, NTLM and NTLMv2 authentication internals and troubleshooting
Kerberos protocol operation and comparison with NTLM
Implementing AES for Kerberos
Service Principal Name (SPN) and its use with DNS aliases and service accounts
Time synchronization, role of Active Directory DCs and PDC, Kerberos reliance on time skew
Privilege Attribute Certificate (PAC), group membership and its limits and PAC validation
Kerberos Unconstrained Delegation, Constrained Delegation and Protocol Transition
Requirements and troubleshooting of Kerberos delegation
Implementing and troubleshooting delegation in complex environments with application such as SharePoint, Exchange, SQL Server, Reporting Services, UAG or System Center
Smart card and certificate (Schannel) logon
Certificate requirements and NTAuth CAs
Monitoring and auditing
Complex Kerberos and NTLM authentication scenarios in multiforest multidomain environments
Traffic and user experience optimization

Most Microsoft certification exams do not require students to attend an official MOC course in order to pass the exam. This applies to all certifications except for MCM
Official Microsoft MOC courses as well as our own GOC courses are good ways of preparation for Microsoft certifications such as MCP, MTA, MCSA, MCSE or MCM
This does not mean that official MOC courses would serve as the only necessary praparation. The primary goal of an MOC course is to provide for sufficient theoretical knowledge and practical experience to effectively work with the related product
MOC courses usually cover most of the topics required by their respective certification exams, but often do not give every topic the same amount of time and emphassis as may be required to completelly pass the exam

Previous courses

Windows Server - administering accounts and resources [GOC205]

Windows Server - implementing Active Directory services [GOC220]

Next courses

Windows Server - Active Directory SAE, Tiering and Red Forest [GOC159]

Windows Server - Enterprise PKI Deployment [GOC173]

Windows Server - Active Directory Internals and Troubleshooting [GOC171]