Hey, all. Just seeking some advice regarding certification exam prep, specifically for MCSA/MCSE; I've been struggling on the 70-410 exam (Installing and Configuring Server 2012) for the last few months.
For study I've mostly been going over the Server 2012 training guide and Exam Ref books, with practice tests from both MeasureUp and Transcender, and some light experimentation on a demo version installed on a VM. While this all has helped me understand the software, sadly it hasn't been enough to pass the test. Despite being able to score 100% on both practice exams (in certification mode, twice, without consulting notes, as recommended) the actual exam has proven far more challenging.
Some questions were merely variations of the practice exams, and I didn't fail by much, but enough items were not covered in any material I've seen to make me wonder if I was taking the right exam. I'm wondering if there are any other study aids or resources to consult, perhaps something more comprehensive or closer to what the exam actually covers. I've heard good things about CBT Nuggets videos, and Microsoft also appears to offer a short training course on the software.
Are there any general or particular recommendations for preparing for a retake? Anything in particular that worked for those who've passed the exam? From what I understand the 70-410 is notoriously difficult, so any practical suggestions would be very welcome.
kstolls on Twitch, streaming weekends at 9pm CST!
Now playing:
Teardown and
Baldur's Gate 3 (co-op)
Sunday Spotlight:
Horror Tales: The Wine
Posts
I've done study guides (cheat sheets as it were) before and you may be able to pass by memorizing answers but it doesn't get you anywhere w/r/to learning to apply the stuff.
Actually, not to put you off doing the exams, but 410, 411 and 412 are a lot easier than 413 and 414. In general I recommend some practical experience before attempting them. Sandbox is good to brush up on the Best Practice, but really you need to work with these for about six months to get to grips with them.
Nusquam Findi Factionis
My Digital Pin Lanyard
To cite one example, a question presented a test environment where a server (2012 R2) was being installed as a domain controller. The question stated the domain itself hadn't been set up yet, and possible answers included PowerShell commands for installing the DC, installing the domain, or installing the forest. It's my understanding the domain (and thus the containing forest) must exist first, but it's possible the question was literally just asking 'which of these commands installs the domain controller?' and I read it wrong. Several questions were posed similarly, with seemingly unrelated details before asking something fairly basic, like general IPv6 formatting.
All that said, you guys are probably right, and I think some hands-on experience is in order. I'm just not sure where to start getting it.
Now playing: Teardown and Baldur's Gate 3 (co-op)
Sunday Spotlight: Horror Tales: The Wine
http://www.techexams.net/forums/mcsa-mcse-windows-2012-general/88247-70-410-resources.html
Also:
http://mcsa-70-410.blogspot.com/2013/07/powershell-commands-for-mcsa-70-410.html
If you haven't already get Windows 8 and play with Hyper-V client. Or you can setup Hyper-V Server Core on your machine and just run in a VM. Hyper-V Server core is free so it's totally doable. Having the experience of setting things up in Core is invaluable.
The Sybex books are fantastic resources as well. Really well written.
http://www.amazon.com/Mastering-Windows-Server-2012-R2/dp/1118289420/ref=sr_1_2?ie=UTF8&qid=1401323601&sr=8-2&keywords=sybex+windows+server+2012
If I remember that question correctly, the installation has been started and they are asking how to do the next step. With 2012 and R2, new installations seem to go partway through and then disappear if you don't know where to look. (Adding the role to the server is just part 1. Configuring the DC is part 2, and I think that is what they were looking for.)
AD questions usually look at Groups (Security or Distribution; Domain Local, Global or Universal) and GPO. GPO they usually want you to know two things, the processing order and the Enforced/Block Inheritance rules.
Nusquam Findi Factionis
My Digital Pin Lanyard
Yeah, I had a sneaking suspicion that question was actually straightforward and I was overthinking it. AD groups and GPOs seem more or less linked, in that learning one helps understand the other, so it wouldn't hurt for me to review that in particular. I confess to some confusion as to how groups are different from organizational units, in terms of policy deployment; seems like there's some overlap in function, with the two just providing different ways of distributing access/restrictions.
Interesting, I hadn't considered a server core installation. These links look useful too: a PowerShell reference sheet will be handy for server core, and that book looks pretty well recommended. Thanks!
Now playing: Teardown and Baldur's Gate 3 (co-op)
Sunday Spotlight: Horror Tales: The Wine
The type of Groups that you use depends on what you are doing. Typically you will only be using Domain Local and Global if you are in a single Domain. Take those 50 people from earlier, say they are the Accounting department. It makes sense that people doing the same job will for most of the time require access to the same resources. So you throw them all into a Global group call Accounting-G. Now because the person who set up the file shares was unimaginative, there is a folder called Accounting. If you wanted to grant access you could simply add the Accounting-G group to the ACL. But suppose you also have Auditors, Board of Directors, etc. The Best Practice way is to use a Domain Local group for assigning permissions to a resource, and then putting the Global groups inside them. So the Accounting folder would have a Domain Local group Accounting-DL, which contains Accounting-G (and Auditors-G and BoardOfDirectors-G).
The reason to do it this way is down to how the underlying database for Active Directory works, and if you dig into that, it makes a lot more sense. But really, Global groups should be used to organise Users into manageable collections, whilst Domain Local groups should be used for assigning permissions.
GPOs don't get assigned to Groups. They are assigned to OUs. Now, Groups can be put in OUs, so in that way GPOs affect Groups. But GPOs are more about how people can do certain things. For example, when can someone log on? Can they log on using this specific machine? Can they install software, are they barred from running certain software?
I'd suggest you spin up some DCs and just start making fake company structures. Write out the scenarios in a real world way: Business A has n departments, with needs to access the following resources {resource1, resource2...}. Do this for 5 companies, and then start attempting mergers and split-offs.
Nusquam Findi Factionis
My Digital Pin Lanyard
This clarifies a lot. Thanks for the explanation, I think I've got a better grasp on it now.
Understood. Seems like the best idea is to start setting up dummy servers, VMs, and groups, though I'll also make use of the stuff you linked earlier.
Thanks all for the advice! I plan to take my time before the retake, so we'll see how it goes.
Now playing: Teardown and Baldur's Gate 3 (co-op)
Sunday Spotlight: Horror Tales: The Wine