Textbook Mcsa Guide To Identity With Windows Server 2016 Exam 70 742 1St Edition Greg Tomsho Ebook All Chapter PDF

MCSA Guide to Identity with Windows
Server 2016 Exam 70 742 1st Edition

Greg Tomsho
Visit to download the full and correct content document:
https://textbookfull.com/product/mcsa-guide-to-identity-with-windows-server-2016-exa
m-70-742-1st-edition-greg-tomsho/
More products digital (pdf, epub, mobi) instant
download maybe you interests ...
MCSA Guide to Identity with Windows Server 2016 Exam 70

742 1st Edition Greg Tomsho
https://textbookfull.com/product/mcsa-guide-to-identity-with-
windows-server-2016-exam-70-742-1st-edition-greg-tomsho/
MCSA windows server 2016 study guide exam 70 742 Panek
https://textbookfull.com/product/mcsa-windows-server-2016-study-
guide-exam-70-742-panek/
MCSA Windows Server 2016 Complete Study Guide: Exam

70-740, Exam 70-741, Exam 70-742, and Exam 70-743 Panek
https://textbookfull.com/product/mcsa-windows-
server-2016-complete-study-guide-
exam-70-740-exam-70-741-exam-70-742-and-exam-70-743-panek/
McSa Guide to Installation, Storage, and Compute with

Microsoft Windows Server2016, Exam 70-740 Greg Tomsho
https://textbookfull.com/product/mcsa-guide-to-installation-
storage-and-compute-with-microsoft-windows-
server2016-exam-70-740-greg-tomsho/
MCSA Windows Server 2016 Study Guide Exam 70-741 Panek
guide-exam-70-741-panek/
MCSA Windows Server 2016 Study Guide Exam 70 740 2nd

Edition William Panek
guide-exam-70-740-2nd-edition-william-panek/
MCSA 70 741 Cert Guide Networking with Windows Server

2016 1st Edition Michael S. Schulz
https://textbookfull.com/product/mcsa-70-741-cert-guide-
networking-with-windows-server-2016-1st-edition-michael-s-schulz/
MCSA 70-740 Cert Guide: Installation, Storage, and

Compute with Windows Server 2016 1st Edition Anthony
Sequeira
https://textbookfull.com/product/mcsa-70-740-cert-guide-
installation-storage-and-compute-with-windows-server-2016-1st-
edition-anthony-sequeira/
MCSA Windows 10 Study Guide Exam 70 698 1st Edition

William Panek
https://textbookfull.com/product/mcsa-windows-10-study-guide-
exam-70-698-1st-edition-william-panek/
NETWORKING
MCSA Guide to
ldenti� with
®
Windows Server 2016
MCSE/MCSA
Exam #70-742
--
.,
,, � CENGAGE�
r
L .@.w.fj
,.
Pil.•...
. C!f' . .- ~
FQC00AABN10412
.
J
I
Microsoft Certification Exam Objectives
Exam #70-742: Identity with Windows Server 2016

Objective Chapter
Install and configure domain controllers 1, 6, 7

Create and manage Active Directory users and comp _2,4
Create and manage Active Directory groups and o
Manage and maintain AD DS (15-20%)
Configure service authentication and account pol
Maintain Active Directory
Configure Active Directory in a complex enterprl
Create and manage Group Policy (25-30%)
Create and manage Group Policy Objects (GPO
Configure Group Policy processing
Configure Group Policy settings
Configure Group Policy preferences
Implement Active Directory Certificate Se
Install and configure AD CS
Manage certificates
Implement identity federation and access
Install and configure Active Directory Federati
Implement Web Application Proxy (WAP)
Install and configure Active Directory Rights M
I•
NETW ORI{ I NG
MCSA Guide to
Identify with · .
Windows Server® 2016
MCSE/MCSA
. ~'
~~ •~ CENGAGE
.
·-
Australia • Bra zil • Mexico • Singapore • United Kingdom • United States
·-
~.,, '~ CENGAGE
MCSA Guide to Identity with Windows © 2018 Cengage Learning, Inc.

Server 2016, Exam 70-742 Unless otherwise noted, all content is© Cengage.
GregTomsho
ALL RIGHTS RESERVED. No part of this work covered by the copyright herein
may be reproduced or distributed in any form or by any means, except as
SVP, GM Skills: Jonathan Lau permitted by U.S. copyright law, without the prior written permission of the
copyright owner.
Product Director: Lauren Murphy
Some of the product names and company names used in this book have been
Product Team Manager: Kristin McNary used for identification purposes only and may be trademarks or registered trade-
marks of their respective manufacturers and sellers.
Associate Product Manager: Amy Savino
Windows® is a registered trademark of Microsoft Corporation. Microsoft® is a regis-
Executive Director of Development: Ma rah tered trademark of Microsoft Corporation in the United States and/or other countries.
Bellegarde Cengage is an independent entity from Microsoft Corporation and not affiliated
with Microsoft in any manner.
Senior Product Development Manager:
Leigh Hefferon
For product information and technology assistance, contact us at
Content Development Manager: Jill Gallagher Cengage Customer & Sales Support, 1-800-354-9706
Senior Content Developer: Michelle Ruelas

For permission to use material from this text or product, submit all
Cannistraci
requests on line at www.cengage.com/permissions.
Further permissions questions can be e-mailed to
Product Assistant: Jake Toth
permissionrequest@cengage.com
Marketing Director: Michele McTighe
Production Director: Patty Stephan

Library of Congress Control Number: 2017953117
Senior Content Project Manager: Brooke
Student Edition ISBN: 978-1-337-40089-3
Greenhouse
Loose-leaf Edition ISBN: 978-1-337-68570-2
Senior Designer: Diana Graham Cengage
20 Channel Center Street
Cover image: iStockPhoto.com/loops7
Boston, MA 02210
Production Service/Composition: SPi Global USA
(engage is a leading provider of customized learning solutions with

employees residing in nearly 40 different countries and sales in more than
125 countries around the world. Find your local representative at
www.cengage.com.
Cengage products are represented in Canada by Nelson Education, Ltd.
To learn more about Cengage platforms and services, visit www.cengage.com
Purchase any of our products at your local college store or at our preferred
on line store www.cengagebrain.com
Notice to the Reader

Publisher does not warrant or guarantee any of the products described herein or perform any independent analysis in connection with
any of the product information contained herein. Publisher does not assume, and expressly disclaims, any obligation to obtain and include
information other than that provided to it by the manufacturer. The reader is expressly warned to consider and adopt all safety precautions
t~at might be indicated by the activities described herein and to avoid all potential hazards. By following the instructions contained herein,
the reader willingly assumes all risks in connection with such instructions. The publisher makes no representations or warranties of any kind,
including but not limited to, the warranties of fitness for particular purpose or merchantability, nor are any such representations implied with
respect to the material set forth herein, and the publisher takes no responsibility with respect to such material. The publisher shall.not be liable
for any special, consequential, or exerriplar1 damages resulting, in whole or part, from the readers' use of, or reliance upon, this material.
-
Printed in the United States of America
Print Number: 01 Print Year: 2017
Brief Contents
INTRODUCTION ................................................................................................... xi
ii=t4:idll
Introducing Active Directory .............................................................................. 1
ii=hi:id;fj
Managing OUs and Active Directory Accounts ............................................... 53
dlhi:iH;II
User and Service Account Configuration ...................................................... 109
ii:6i:id;I•
Configuring Group Policies ............................................................................. 135
G=t4:iHSi
Managing Group Policies ................................................................................ 189
G:t4i:iHOOi
Domain Controller and Active Directory Management .............................. 225
G=t4:id;iJ
Configuring Advanced Active Directory ........................................................ 267
Glt4:id;i:i
Implementing Active Directory Certificate Services ........... ~ ........................ 321
G=t4:iH;I•
Implementing Identity Solutions ................................................................... 359
fii4AHMf!f41
MCSA Exam 70-742 Objectives ....................................................................... 401
GLOSSARY ......................................................................................................... 407
INDEX ................................................................................................................ 417
-
Table of Contents
INTROD UCTI ON ........................................................ ... ............. .............................................xi
G:t4U•H;ii
Introducing Active Directory ............... ...... .... ... ....... ...... ... .............. ..... ...... ..... .. .1
The Role of a Directory Service ..........................................................................................................2
Windows Active Directory .......................................... ............. ............................................................. 2
Overview of the Active Directory Structure .................................................................................... 3
Installing Active Directory ......... ............ ...............................................................................................7
Installing Additional Domain Controllers in a Domain .............................................................. 9
Installing a New Domain in an Existing Forest.. .......... .. ........................ .. ................................... .11
Installing Active Directory in Server Core .. .................................................................................... 12
Installing a DC with Install from Media .......................................................................................... 13
What's Inside Active Directory? ...................................................................................................... 16
The Active Directory Schema ............................. ,,...................... ,..... ,..... ,........................... ............... 18
Active Directory Container Objects ............. ,..... ,...... ....................... ,.. ... ,.... .,................................... . 19
Active Directory Leaf Objects .. ........................... ... ........................... ..... ... ......................................... 20
Recovering Objects with the Active Directory Recycle Bin ....................................................... 22
Locating Active Directory Objects ......................... ......... ................. .................................................. 22
Working with Forests, Trees, and Domains ... ... .... ..................................... ................................. 30
Active Directory Terminology ............ ...... ................. ,....................... ,... ........ ,.................................... 31
The Role of Forests ...................... ................ ... ............... ......................... ........... ............ ....... ..... ........... 34
Understanding Domains and Trees ....................................... ........... ............................ ,.................. 36
Introducing Group Policies ............................................................................................................... 40
The Computer Configuration Node ................................................................................................. 42
The User Configuration Node .............. ........... ... .............. ..................... :............................................ 42
How Group Policies Are Applied ................. ..... ...... .......... .. .......... ............. .............. ..... ... .... ............. 43
Chapter Summary ................................................................................................................................ 48
Key Terms ...... .. ........................ ................................................... :............................................................ SO
Review Questions ....................................................................... .......... ................................................ 50
Managing OUs and Active Directory Accounts ................ .. ..................... 53

Working with Organizational Units ............................................................................................... 54
OU Delegation of Control .................................................................................................................... 57
Active Directory Object Permissions ................................................... ............................................ 57
Managing User Accounts ....... ......................................... ........... ............................... ........................ 62
Creating and Modifying User Accounts ......................................................................................... 64
Understanding Account Properties .......... ........................................................................ ...... ......... 68
Using Contacts and Distribution Groups .................................... ................................................... 73
-
- Table of Contents
Managing Group Accounts .... ...... ........... ........................................ .... ......... .... .. ........ ..... .. .. ... .... ... .... 79
Group Types .. .. ... ...... ...... .. ... ... ........ ...... ............ ... .... ....... ...... .. .... .... .......... ............... ..... ... .. ..... ........ ........ 79
Group Scope ............. ....... ....... ...... ....... ...... ..... ......... ...... .... .. .. .. .... .. ... ..... ....... .......... ... .... .. .. ..... ....... .. ... ... 80
Nesting Groups ... ... ..... ..... ........ ... ........ ... .... .. ......... ..... .. .. ... .. ... .... ..... .... .... ... ... ....... ..... ...... ............... ........ 84
Converting Group Scope .... ........................... ........... ... .. ... ..... ...... .,..... ....... ..... ... ..... .. ..... .,.... ... ...... ... .... 85
Default Groups in a Windows Domain .. ....... ... .... ..... ... ... .. .. ... ...... ..... ... .. .... .. ....... .... .. .. ...... .. ...... ..... 85
Working with Computer Accounts .. .. .... .... .. ....... .. ....... ... .... ........ ... .. .. ... .... .. ..... .. ... ...... ... .. .............. 90
Creating Computer Accounts ... ... ..... .. .... .. ..... ......... ..... .... ... .. ...... ... .. ..,... ... ... .. ..... .. .... .. ... .. .. ... .. ....... .... 90
Automating Account Management .. .. ....... .......... ... ... .. .. .... .. .. ... ... ......... ...... ... ......................... ...... . 96
Command-Line Tools for Managing Active Directory Objects ... .. .......... ... .. .. .. .................. .. ... 96
Bulk Import and Export with csvde and ldifde .. .. .. ................................... .. .... .... .... .. .. 98
Creating Users with ldifde ....... .. .. .. ... .. ....... ... .. ............... ... .. ...... .. .. ...... .. .. .................. ...... 100
Managing Accounts with PowerShell ... .. ....... .... ... .. ... .. ... .. .... ... ....... .. .. .. .. .... ..... .. ..... ..... .... ... ......... 100
Chapter Summary ............... ........ .. ..... ... .... .. ... ... .. .. ..... .. ...... ...... ..... .. ..... ... .......... ...... ..... ... .......... .. ... .... 104
Key Terms ...................... ............ .. ................ .................. ... .. ................... .... .......... ..... ......... .............. .... .. 105
Review Quest ions...... ..... ..... .......... .. .... .... ....... ..... ......... ... ..... .... .. ... .. .... ..... .. .. ............ .. ........................ 105
U#ttiAH#I
User and Service Account Configuration ... ... .... ...................... ............. ... 109
Overview of User Accounts and Group Policies .. .. ... ....... .. .. .. .. .... .... .............. ...... ...... .... .. .... ... 11O
Creating and Configuring Group Policies ........ .... .. ..... .. .. ... .. ......... .. ... .. ... .. .. ..... .. .. .. .. ... .......... .. ...... 110
Configu ring Ac count Policies .. ..... .... ................ .... ..................................... ..... .... .. .. ........... .. ........ ... 111
Delegating Password Settings Management ......... ..... ... .. ...... .... .. .. ...... .... ...... .,..... ... .,, .. ..,....... .. .... 114
Local Account Policies ..... ...... .... ................ ......... .. .... ..... .. .......... .. .............. .................... .... .. ...... ......... 115
Kerberos Policy Settings ...... ........... ......... .. ... .... .. .......... ... .. ..... ....... ... ....... ..... .... ... .... .. ........ .. ... ........ .... 115
Configuring Passw ord Settings Objects ... ... .. .... ... ...... ... .. ... ... ... ........... .. ...... .... ... ..... ..... .......... .... 122
Creating and Configuring a PSO ......... .... .... .................... .............................. .................. .. ......... ... .. 122
M anaging Service Accounts .................. ...... .. .. ........ ...... ...... .. ................ .. .... .... .. ...... ... .... .............. .. 124
Working with Service Accounts .. ........ ... .... ...... ... ....... ..... ... .. ... ....... ..... .. ... ........ .. .. ... ... .. ... .. ... ... ..... ... 125
Working with Managed Service Accounts ... .............. ............................. ..... .... ... .. ........ .. ......... .... .127
Kerberos Delegation ................... .................... ... .. ................. ...... ........ .. ... ....... .... .. ... .,.. ... ..... .. ... ... .. ..... 129
Cha pter Summary .. ..... .... ... ...... ..... .... ... .......... ... ... .. .. .. .. ....... .. .... ................. ... .. .. ............ ........... ... ... .... 130
Key Terms ... ...... .... ... .. .... .... ... ...... ... .. ......... .. ... .. ... ..... .... .. ... .. ...... .... .. ...... .... ... ... ..... ... .... ......... ... ...... ......... 131
Review Quest ions......... ....... ........ ........ ..... .... ...... .... .. ... .... ............. ...... .. ..... ... .... ... .... .... ................ ....... 131
l•#tuAHil•
Configuring Group Policies ............. ............................................................... 135
Group Policy Obj ect s... ........... .. ...... ... ..... .. ... ........... ... ............................... .......... ........ ...... .. ..... ..... ..... 136
Local and Domain Group Policy Objects ...... .... .. ...... ...... .................. ...... ... .. ... .. ..... ........ ....... .. ... ... .137
Group Policy Replication ............... ,.......... ...... ... ..... .... ......................... .. ..... .. .... ... ................ ............ ..141
Creating and Linking GPOs ........ .... .. .................. ... .... ... .. ..... .... .. ... ... .... .. ....... ... ... .. ... ..... .. .............. ... ..141
Group Policy Sett ings.. ...... ..... .......................... ........ ............. ... ....... .. ... ............ .... ......... ...... ... .......... . 152
Software Installation Policies ....... ,.. ... ,..... ,....... ....... ........ ,.... ...... .. .......... .. ..... .... .. ............................ .153
Deploying Scripts ..... .... .... ,.. ...,..... .. ... .. ........ ... ... ... .... .. ... ... .... ...... ,... .,.. ... ..... ,..... ,.. ... .. ........... .. .... ..... ... .. 156
Folder Redirection .. .. .. .................. .. ...... .. .... ....... .. ............ ...... ... ... ... .... ... ... .. ... ....... ... ...... ... ... .... ... ......... .157
Security Settings ...... .... ........ ........ .... ... .. .... ..... .. ..... ... ... .... ... .. .... ...... .... ........... ........ ... .. ... .... ..... ·.·.. ... ... .. .160
Local Policies: Audit Policy ............. ... ...... ...... .. .................... .. .... .. ...... ..... ......... ........ ... ... .. ............... .. .161
TableofContents . .
Working with Administrative Templates ........................ ... ...... ..... .... ...................... .. ... .............. 167
Computer Configuration Settings ..... .... ... .... ... ....... ..... .... .. .... .... .. ...... ........ ....... ... .. .. .. .. .... .. .. ............ 167
User Configuration Settings .... .... ... .......... .. ..... ... ................ .. ...................... .................. ........... ......... 169
The ADMX Central Store ..... ... ...... ............ ... .............. ....... ..... ... ..... .. .. .. ...... .. ... ..... ...... .................. ...... 169
Working with Filters ............ ..... ......... .... .. .... ......... ..... ............ ............... ... .. ... .............. ... ...... .............. 170
Using Custom Administrative Templates .. .. .................... .. ............... .. ....... ..... .. ...................... ...... 171
Migrating Administrative Templates ............ ..... ... ........ .... ... ............................... .... ..... ..... .. ..... ..... .172
Working with Security Templates .. ........................................ .. .................. .... ... .. ................... .. .... 175
The Security Templates Snap-in .. .............. .. .............. ..... .... .. ... .... .............. .. ............... ... .... ............ .175
The Security Configuration and Analysis Snap-in ........ ......... .............. ...... .. ............. ............... 176
Configuring Group Policy Preferences .. .. .. ................................ .. .. ........ ...... ......... ... .. .. ............... 176
How Group Policy Preferences Are Applied ............................ .. ............... .. ......... ..... ........ .. .......... 177
Creating Group Policy Preferences .... ... ...... .. ..... .................. ....... ... ............ .. .... .. .... .. ....................... 178
Chap~er Summary ...... ... .. .. .... .................... ... .. .... ... .. .... ... ..... ..... .... ......................... .... ....... ..... .. ........ .. . 183
Key Terms .. .. ................ ........................ ......... .... .... .. .. ...... ...... ... ...... ................ .. ....... ............................... 184
Review Questions .... ........................ .. .. .. .... .. ... ..... ..... .. ...... ...... ..... ... .......... .... .. ............ ... .. ............ .. ..... 185
h#t4i:1Uh4i
Managing Group Policies .............................................................. .................. 189
Configuring Group Policy Processing ............................................................................... ......... .. 190
GPO Scope and Precedence ....... .......... .. .. ... .. ............ ..................... .. .... ... ........ .... .... ......... ..... ... .. ...... .190
Group Policy Inheritance ... ...... .... .. ... ............... .. .. .... ........ ... ................. ..... ... ........ .... .. ........... .... .. ...... .191
Managing GPO Status and Link Status ..... .................. .... .. .....:........ ... .......... .... .... ...... ................... 193
GPO Filtering ... ... ......... .. ... .. ... ..... ........... .. .... ... ................. ..... ... .. ....... .......... .......................................... 194
Loop back Policy Processing ........ ... ..... ........... :···· ............... ............... ..... ............ ... ... .. ...... .. ... .. ...... ...198
Configuring Group Policy Client Processing ...................................... .. .... ....... ............ ...... .. ..... .203
Configuring Slow Link Processing .... ............... .............. ......................................... .................... .. 203
Changing Background Processing ..... ..,.... ,,,.... ....,, .. .. ... ... ,,.,,. ,...... ,..... ....,.,.... ,.,, .. ... ,, .,,., .. ,,, .. ,,., .. ,.. 205
Processing Unchanged Policies ............................ .. ... ... .. .. ........... ... ... .. ... .... ...... ...... ... .. ..... ... .. ......... .207
Synchronous and Asynchronous Processing .................... .... ... .... ................... ,.. .. .. ................... 208
Group Policy Caching .................................................. ........................ ... .. ...... ....... .......... ............... ... 208
Forcing Group Policy Updates .. ..... .. ..... ... ......... ... ........ ... ............. .. ................. .... .. ...... .. .......... .. ...... 209
Group Policy Results and Modeling ...... ... ..................................... ................................ ........ ...... 212
Managing GPOs ....... ........ ....... .. .................... .. .... .... ............ .. .......... ... .. ...................... ... ............ .. ... ..... .215
GPO Backup and Restore ....................... .. ... .,......... ... .. ... ..... .......... ........ ... ... .... .. .... .... .... ........... ,... .... .. 215
GPO Migration .... .... ... ... .. ... ...... ...... .... ..... ...... ... .. .... ....................... ......... .... .... .. ... ... .......... ............... ...... 217
GPO Management Delegation ..... ....... ...... .................... ... .. ......... .......... ............. .... ..... .. ............. ... ... 218
PowerShell Cmdlets for Managing GPOs ........... .. ......... .... .. .. .... ........... ........... .. ... .......... ... ........... 219
Chapter Summary ........ ... ................ .. .... ... .... ... ... ...... .... ... ... ............. .. ... .. .......................... .................. 221
Key Terms ......... ....... ... .. .. ......... ...... ........ ....... ...... .. ..... .. ..... ... ... ........... ... .. .. ..... ........ .. ........... ............. ...... 221
Review Questions .. .... .......... ........ ... ...... .................. ..... ........... .... ...... ... ........... .. .... .. ............... ..... ... ..... 222
l•#t4i:IH;d
Domain Controller and Active Directory Management.. .... .............. 225
Active Directory Review ......................................... ...... .... ........ ................. ...... ... .... ...... .................... 226
Cloning a Virtual Domain Controller ....... ....... .. .................. .. ...... .... ........ ................. .......... .... ...... 227
Domain Controller Cloning Prerequisites ..... ... ... .. .. .. ... ........... .... .. .. .... ..... .. ... ...... ...... ... ..... ......... .. 227
Steps for Cloning a Domain Controller.. ...................... .... ......... ......... ..... ..... ...... .. .. ....................... 227
- TableofContents
Configuring Read Only Domain Controllers ........................................ ..................................... 229

RODC Installation .................................. ......................................... .................................................... 229
Staged RODC Installation ................................................................................................................... 231
RODC Replication ............. ............... ... ... ,.... ....... ... ...... ..... ..... ............ ........... .. ... .. .. ..... .. .... ...... .. ....... ..... 234
Read Only DNS ...................... ... ........................................................................... ................................ 235
Understanding and Configuring Sites .... .................................................................................... 238
Site Components ....... .... .... ........ .. .. ........ ......... ........... .. ............. .. ....... ................... .,, ......... ,................ ..239
The Global Catalog and Universal Group Membership Caching ..... ......... ....... ... .. .... ..... .... .... 242
Working with Operations Master Roles ............................. ... ................. ..... .............. ... .. ........ .... 244
Operations Master Best Practices ......................... ........ ...... ..................... ....... ... .. ........ .. ...... .... ...... .245
Schema Master .. ......... ................ ... ....................... ,.... .... ..... ......... ,........ ............................................... 245
Managing Operations Master Roles ...... .. .... ........... .. ..... ........ ,............................................ ,......... .246
Maintaining Active Directory ......... ..... ......... ......................... .. ............................... .... ........ .... ........ 249
Active Directory Backup ........ .... .. ............... ......... ...... ........... ...... ......... ..................................... .... .... 250
System State Backup .... ... .................. .. ..... ........ ................ ,.... ... ........... .. .............. .. ............ ..... ..... ...... 250
Active Directory Restorations .. .... .... ..... ....... .. .... ...... ..... ........... ............. ... .... ..................... ... .. ....... .... 251
Recovering Deleted Objects from the Recycle Bin ......... .... ................................ ....... ................. 252
Active Directory Defragmentation ..... .... ... .......... .... .. ..... ... ..... ............................ .. ..... ........ ........ ..... 253
Active Directory Metadata Cleanup .............................................. ,................................................ 254
Working with Active Directory Snapshots .......... .... .. .... .. ..... ... ............. ... .. ... ......... ... .... ... .. .. ........ 254
Chapter Summary ... .............. ........ .... .. ................................... .... .. .. .......... ............ .... .......................... 260
Key Terms ..... ............... ...... ...... ...... .... ...... .......... .. .................................... ......................... .... ... ....... ... .... 261
Review Questions ... ..... ......... ...... .......... ..... ....... ...... .................. ... .. ... .... ........ ......... ...... .. ........ .. ........... 262
P=MiHM
Configuring Advanced Active Directory ........................................ ........... 267
Configuring Multidomain Environments ................................................................ .. ... ....... ..... .268
Reasons for a Single-Domain Environment .. ... ,..... ,..... ...... ..... ........... ,.. .. ..... .. ... ....... .... ... ... ..... ,.. 268
Reasons for a Multidomain Environment ... ..... ....... .... .................................................. ............. 269
Adding a Subdomain ........ .... ..... .............. .. ........ .. .... ...... .... ...... ..... ...... .. ,... ... ........................ ...... ...... ..270
Adding a Tree to an Existing Forest. ... ..... .......... .... ..... ,..... ... ... ,........ .. ....................... .. .................. .270
Configuring an Alternative UPN Suffix ..... ... ....... ...... .......... .. ..... ..,..... ... ... .... .... .. ....... ............ ........ .271
Configuring M ultiforest Environments ......... ... ..... ......................... .... .. ......... .. .. .. .. .... .... ,..... ... .... 276
Active Directory Trusts ..... .. ..... ......... .... ... ...... ...... .... ...... ................ ...... .. ...................... ..... ................ 278
One-Way and Two-Way Trusts ............................... .. ..... .. ........ ....................... ... .. ............... ..... .. .... 279
Transitive Trusts ....... .... .... ..... ... ,................ .... .......................... ,.. .. .. ... .. .... ......... .. .... ... .. ..... .............. .... 279
Shortcut Trusts ... ..... ... ....... ... ... ................... ... .............. .... .... ,... ...... ..... .. .. .. ........... ,.. ..... ... ,.. ... .....,.. .... .. 280
Forest Trusts .. ............ ...... ... ..... .. .. .. .......... ,..... ,.... :,.......... ....... ....... ... ........ ... ,........ .. ........... ... .. ............... 281
External Trusts and Realm Trusts ..... ...... ...... ..... ..... .,.. ... ,....,..... ,........... ... ... ... ,.... ,.... ,.. ..... ...... ..... ... 282
Configuring Active Directory Trusts .............. .. ................. ... .. ..................... .. ........... .... ............. ... 282
Configuring Shortcut Trusts .... .... .... ...... ... ....................... .,... ...... ..,.. .. ,.. .. ,.......... ,......... ... ........ ,......... 283
Configuring Forest Trusts ................ ..... .... ........ ,... .......... ... ..... ...... ...... ,..... .. ............. ,... .... ......... ,........ 284
Configuring External and Realm Trusts ... ............... .. .... ,.... .. ...... ... ,....................... .... ............. ...... 286
Configuring Trust Properties .......... ,................ ,......... .,. ................ ,.... ,..,, ... ..,, ......... ,... ....... ... ....... .... 286
The Authentication Tab ................... ..... .. ..... ,..... .. .. ..... .. ......... .. ,..... ,......... ... .................. ,.. .... .. ... .. ...... 288
Upgrading Domains and Forests ....... ...................... ... .............. .. ............ .. ........... .. .................... ... 291
Forest Functional Levels ... ... .......... .... ...... ..... .. .. .... ... ........... ............... ... ..................... ... ....... ..... ... ..... 291
Domain Functional Levels .. .... ....... .............. ................ .... .. .. ... .... ...... ..... ... .... .... .. ....... ... .. ... ... ........... 293
TableofContents -
Raising Domain and Forest Functional Levels ... .......... ... ... ... ......... ................... ............. .... ........ 295
Adding Domain Controllers to an Existing Domain ................................................................ 296
Configuring Sites ................................................................. ................ .... ................ ...... ..................... 297
Registering SRV Records .................................................................................................. 297
Working with Automatic Site Coverage .......................... ...... .... .... ........ ......... ........... .. ....... ... .. ..... 298
Moving DCs between Sites ................. .. ,..... .............................. ........... ,.. .......... .. ........ .... ... ,... ... ... ..... 298
Active Directory Replication .. ................................. ... .. ...... ..... .... ... ..... .. .. ...... ... .......... ........ .. ........... 300
Active Directory Intrasite Replication .... ................................................................................... .. .300
Active Directory Intersite Replication ............................................... ,........ ................................. . 305
SYSVOL Replication ....... ................. ..... ........... ... ............. ..... .. .................................... ,....................... .307
Managing Replication ... .................................................. ,............................................... ,........ .... ... ... 310
Monitoring Replication ... .......... ...... .... ..... ... ...... ..... ...... ............................................................ .......... 311
Chapter Sum ma ry ............................................................................................ .. ..... ... ... ....... .............. 315
Key Terms .............. .................................................... ....................................... .. ............ .. .............. ....... 316
Review Questions .................................................. .............. ..... .... ... ... .......... .. ........... ... .................... .. 316
Implementing Active Directory Certificate Services ... ....................... 321

Introducing Active Directory Certificate Services .................................................................. 322
Public Key Infrastructure Overview ...... .. .. .................................. .... .......................................... ... .322
PKI Terminology ... .......... ..... ...... ........ .. .... ......... ............... ,................. ............ ...................................... 323
AD CS Terminology ............. ........................................ ....... .............. .... .. .. ................. ..... ,,....... ,.......... 325
Deploying the Active Directory Certificate Services Role ................................................... 326
Standalone and Enterprise CAs ..... .... ...... ... ......... .. .. ................ .. ................ ...... ... ...... ...... ... ... .... ...... 326
Online and Oflline CAs ..................... ...... ................ ,..... ..................................... ....... ...... ...... ............. 327
CA Hierarchy ............................................... .. ....................................................................... .......... ...... 327
Certificate Practice Statements ..... ...... ............................................................... .... .. ... ..... .......... .... ..328
Installing the AD CS Role ...... ....... .. ................................................................................................... 329
Configuring a Certification Authority ...... .. ........................................................... ...................... 334
Configuring Certificate Templates ........... .... ..... ....... ..... .... ... ............. ............... .............. ....... .... ..... .334
Configuring Certificate Enrollment Options .... .. .. ....... .............. ................ ................ .. ................ 336
Configuring the Online Responder ..................................... ...... ... ....... ......... .... ........ ...... ... ... ... ....... 341
Creating a Revocation Configuration .. ............................................ .............................. .... ......... ,.. 341
Maintaining and Managing a PKI .................................................................. ......... .. .......... ...... .. .. 349
CA Backup and Restore ...... ,,.......................................................... ,... ,........... ............................ ...... 350
Key and Certificate Archival and Recovery ... ... ....................... ..,........ ....... ........... ... ,... ..... .......... . 350
Using Windows PowerShell to Manage AD CS ................ ... ....... ........ .................. ... .................... 352
Chapter Summary .... .. ............................................ ...... ...................................................................... 354
Key Terms ... ...... .... ...... .. .............. .. ......... ..... .. .... ... .......... ............ ... ...... ... ..... ..... .. .... ,..... .. .... .. ............ ...... 355
Review Questions ..... ..... .. .................................................................... ............... .. ... ........... ... .. ........... 355
IH#t-iiHM
Implementing Identity Solutions .................... ............................................ 359
Active Directory Federation Services ...... ..... .......................................................................... ..... 360
AD PS Overview ............ .... ... .. ....................... ............. ...... ................................. ....... ............... .... .. ..... . 360
AD PS Components .. ........................................................... ........... ,..... ,.... ,........................ .. .............. 362
AD PS Design Concepts ................... ... .. ..... .. ........................... ........ ......... ................. ..... .................... 362
- Table of Contents
Preparing to Deploy AD FS ....................................................... ... ....... .. ............. .......... ......... ........ .. .. 365
Configuring a Relying Party Trust ..... ... ... ..... ..... ............................................................... ... .... ....... 366
Configuring a Claims Provider Trust ............... .......... ... ... ........................ .. ............ .............. .. ...... .. 367
Configuring Authentication Policies .... .. ...... ....... .... .... ...... ... ................. ...... ............ .... ... .. ......... .... 369
Device Registration ..................................................................................................... .... .. ................. .370
Upgrading AD FS to Windows Server 2016 ......... .. .... ..... .......... ................... ......... ... ..... ........ ....... ..371
Integrating AD FS with Additional Services .............................................................................. 374
Integrating AD FS with Microsoft Passport .. ............ ....... .............. ..... .. .... ... .... .......... ...... ............ 374
Integrating AD FS with Microsoft Azure and Office 365 .......... ..... ..... ........................ .............. 375
Configuring AD FS to Work with LDAP Directories .. .. ........ ..................... ..... ............ .. .. .. ........... 375
Active Directory Rights Management Service ................................................. ... ......... ... ......... 377
AD RMS Key Features ................... .... ... ................. ...... ... ...... ........ ......... ............................................ . 377
AD RMS Components ........................................................................................................................ 378
AD RMS Deployment ....................................................................................... .. .. .... .... .. ......... .. ... ... ... 379
AD RMS Certificate Types .. ..................................................... ,..... .. .. .. ... ......... ...... .... .. .......... .... ... ..... 381
AD RMS License Types ...... ..... ....... .. .... .. .... ........................ .. ........... ... ........... ..................................... 381
Configuring the AD RMS Service Connection Point.. ........... .. ... ... .... ......... ..... ... ......... .. ....... ... ... 382
Working with Rights Policy Templates .............. ... ....... .... .... .. ... ........ ....... .... ....... .. ... ... ..... ...... ....... 383
Configuring Exclusion Policies ... ...... ....... .... ........ .... ........... ...... .... .... .. ........................... ................. 385
Working with Trust Policies ... ............ ......... ......... ... ..... .......... ..... ...... ... ...... ... ..................... .............. 386
Backing Up and Restoring AD RMS ... .... ..................................... ..... .............................................. 388
Implementing Web Application Proxy .. .......... .... ........ ...... ................... ...... ................. ... .. ....... .... 392
Publishing Web Apps with WAP ................... .............................................................................. .. .. 393
Publishing Remote Desktop Gateway Applications .................................................... ..... ......... 394
Chapter Summary ......... .. ........ .... ... .............. ......... .... ...... .... ....... ..... ..... ............ ... .. .................. ..... ... ... 395
Key Terms ... .. ..... ... ......... ... ........ ....................................................... ............... ..................... .......... .... .... 396
Review Questions ......... ........... ..... .. .... .. ......... ........... .. ..... .... ............. .... .. .. ....... .... ..... ............ .... .......... 397
MCSA Exam 70-742 Objectives .......................................................... ..... ...... .401
GLOSSARY ............................................................................................................................ 407

IND EX ................ ..... .... .... .. ....... ................ .. ....... ................................... .. .................. ...... ...... ... 417
Introduction
MCSA Guide to Identity with Windows Server® 2016, Exam 70-742, gives you in-depth
coverage of the 70-742 certification exam objectives and focuses on the skills you
need to configure identity services such as Active Directory, user and computer
accounts, Group Policy, and Certificate Services with Windows Server 2016. With
doze1:s of hands -on activities and skill-reinforcing case projects, you'll be well
prepared for the certification exam and learn valuable skills to perform on the job.
After you finish this book, you'll have an in -depth knowledge of Windows Server
2016 identity management, including Active Directory OUs and accounts, Group Policy
and preferences, domain controller and Active Directory management, Certificate
Services, and advanced identity solutions such as Active Directory Federation Services
(AD FS} and Active Directory Rights Management Services (AD RMS}.
This book is written from a teaching and learning point of view, not simply as
an exam study guide. The chapters guide readers through the technologies they need
to master to perform on the job, not just to pass an exam.
Intended Audience
MCSA Guide to Identity with Windows Server® 2016, Exam 70-742, is intended for
people who want to learn how to implement Windows Server 2016 identity solutions
and earn the Microsoft Certified Solutions Associate (MCSA) certification. This book
covers in full the objectives of Exam 70-742, one of three required for the MCSA:
Windows Server 2016 certification. Exam 70-742 is also one of four exams needed
for the MCSE: Cloud Platform and Infrastructure certification. This book serves as an
excellent tool for classroom teaching, but self-paced learners will also find that the
clear explanations, challenging activities, and case projects serve them equally well.
For those readers who start their study of Windows Server 2016 with this book
(instead of the 70-740 book), Chapter 1 of the 70-740 book, which serves as an
introduction to Windows Server 2016, is available as a free download from the Cengage
website. That chapter introduces you to Windows Server 2016 core technologies such
as Active Directory and the file system and provides a brief overview of new features
found in Windows Server 2016 compared to earlier server versions.
What This Book Includes

• A lab setup guide is included in the "Before You Begin" section of this
Introduction to help you configure a physical or virtual (recommended} lab
environment for doing the hands-on activities.
• Step-by-step hands-on activities walk you through tasks ranging from
installing Active Directory and configuring Group Policy to working with
Active Directory Certificate Services. All activities have been tested by a
technical editor.
-
Introduction
• Extensive review and end-of-chapter materials reinforce your learning.

• Critical thinking case projects require you to apply the concepts and technologies learned
throughout the book.
• Abundant screen captures and diagrams visually reinforce the text and hands-on activities.
• A list of 70-742 exam objectives is cross-referenced with chapters and sections that cover each
objective (inside cover and Appendix A).
This text does not include Windows Server 2016 software. However, 180-day evaluation versions of Windows
Server 2016 are available at no cost from https:llwww.microsoft.com/en-uslevalcenterlevaluate-windows-server-2016.
More specific instruction can be found in "Using an Evaluation Version of Windows Server 2016" in the "Before
You Begin" section of this Introduction.
About Microsoft Certification: MCSA

This book prepares you to take one of three exams in the Microsoft Certified Solutions Associate (MCSA}
Windows Server 2016 certification. The MCSA Windows Server 2016 certification is made up of three
exams, which can be taken in any order:
• Exam 70-740: Installation, Storage, and Compute with Windows Server 2016
• Exam 70-741: Networking with Windows Server 2016
• Exam 70-742: Identity with Windows Server 2016
This text focuses on Exam 70-742. Companion texts focus on Exam 740 and Exam 741, respectively: MCSA Guide
to Installation, Storage, and Compute with Windows Server 207 6 (Cengage, 2018) and MCSA Guide to Networking with
Windows Server 2016 (Cengage, 2018).
Microsoft Certified Solutions Expert {MCSE): The Next Step

After achieving the MCSA Windows Server 2016 certification, you can move on to the MCSE certification.
For the MCSE: Cloud Platform and Infrastructure certification, the MCSA Windows Server 2016 certification
is a prerequisite. You then have the option of taking one of ten exams to complete the MCSE. To see
the list of exams you can take to complete the MCSE, see https://www.microsojt.com/en-us/learning/
mcse-cloud-platforin-infrastructure.aspx.
Chapter Descriptions
This book is organized to cover the 70-742 exam objectives in a pedagogical sequence, not in the sequence
presented by the list of 70-742 exam objectives. Chapter 1 starts you off with an introduction to Active
Directory and Group Policy, the cornerstones of identity management on Windows Server 2016. It wraps
up by discussing advanced identity solutions found in Windows Server 2016. The 70-742 exam objectives
are covered throughout the book, and you can find a map of objectives and the chapters in which
they're covered on the inside front cover with a more detailed mapping in Appendix A. The fol~owing list
describes this book's chapters:
Introduction
Chapter 1 of the 70-740 book MCSA Guide to Installation, Storage, and Compute with Windows Server® 2016
(Cengage, 2018) is available as a PDF for free download by students and instructors from the (engage website. If
you start studying Windows Server 2016 with this book, you might want to read Chapter 1 of the 70-740 book first
because it provides an introduction to Windows Server 2016 and describes some of the core technologies you
may need to understand while studying this book.
• Chapter 1, "Introducing Active Directory," begins by discussing the role of a directory service in
a network followed by details on installing Active Directory. Next, it explains Active Directory
components, such as the schema and Active Directory objects. You will also learn about the
Active Directory structure using forests, trees, and domains followed by an introduction to
Group Policy.
• Chapter 2 "Managing OUs and Active Directory Accounts," discusses GUI and command-line
1
tools for creating and managing all aspects of Active Directory accounts. You also examine the use
of several user account properties. Next, you learn about group account types and group scopes,
including how to use groups to maintain secure access to resources. In addition, you learn the
purpose of computer accounts and how to work with them. Finally, you explore some command-
line tools that are useful for automating account management.
• Chapter 3, "User and Service Account Configuration," reviews user accounts and group policies
so that you have a fresh context for learning how to configure account policies in a domain
environment and on a local computer. Account policies help you maintain a secure authentication
environment for your domain, but you need to find a balance between security and a system that
works for all your users. You learn how to make exceptions in account policies so that you can
designate more stringent or more lenient policies for groups of users as needed. This chapter also
discusses how you can configure service authentication with a variety of methods, allowing you to
choose which method fits each service you install.
• Chapter 4, "Configuring Group Policies," covers the architecture of group policies so that you can
understand what a Group Policy Object (GPO) is and how and where it can be applied to your
Active Directory structure. In addition, you learn about the myriad security settings and user and
computer environment settings that can be configured through group policies. You also examine
how to apply standard security settings throughout your network and work with Group Policy
Preferences.
• Chapter s, "Managing Group Policies," discusses GPO scope, precedence, and inheritance so that
you can make sure that the appropriate objects are configured with the appropriate settings. In
this chapter, you learn about these topics and see how to change the default group policy client
processing.
• Chapter 6, "Domain Controller and Active Directory Management," discusses domain controllers
(DCs), the main physical component of Active Directory. You learn how to deploy multiple
DCs in both single-site and multi- site environments. You will also learn how to optimally
deploy operations' master roles on your DCs and how to best configure your DCs for optimal
replication.
• Chapter 7, "Configuring Advanced Active Directory," reviews the major components and
operation of Active Directory and then describes when you might need to configure a multi-
domain or multiforest network. You also learn how to configure trust relationships between
domains and forests for efficient operation of Active Directory and to make using these complex
environments easier for users. Finally, you learn about domain functional levels, the features that
are supported in the different functional levels, and how to upgrade domains and forests to the
latest functional level.
Introduction
• Chapter 8, "Implementing Active Directory Certificate Services," describes how Microsoft Active
Directory Certificate Services provides the infrastructure for issuing and validating digital
certificates in a corporate environment. With digital certificates, users can provide proof of their
identities to corporate resources and confirm the identity of resources that they can access. Active
Directory Certificate Services is Microsoft's implementation of a public key infrastructure (PKI),
which secures information transfer and identity management and verification. This chapter
describes how a PKI works and defines the terms used to discuss a PKI and Active Directory
Certificate Services. You learn how to install and configure the Active Directory Certificate Services
role and how to configure and manage key elements of this role, such as certification authorities
and certificate enrollments and revocations.
• Chapter 9, "Implementing Identity Solutions," discusses three server roles: Active Directory
Federation Services, Active Directory Rights Management Services, and Web Application Proxy.
These roles use or integrate with AD DS technology to give users flexible, secure access to
applications and network resources.
• Appendix A, "MCSA 70:.--742 Exam Objectives," maps each 70-742 exam objective to the chapter and
section where you can find information regarding that objective.
Features
This book includes the following learning features to help you master the topics in this book and
the 70-742 exam objectives:
Chapter objectives-Each chapter begins with a detailed list of the concepts to be mastered. This list
is a quick reference to the chapter's contents and a useful study aid.
Hands-on activities-Several dozen hands-on activities are incorporated into this book,
giving you practice in setting up, configuring, and managing Windows Server 2016 identity
solutions. Much of the learning about Windows Server 2016 comes from completing the
hands-on activities, and much effort has been devoted to making the activities relevant and
challenging.
Requirements for hands-on activities-A table at the beginning of each chapter lists the hands-on
activities and what you need for each activity.
• Screen captures, illustrations, and tables-Numerous screen captures and illustrations of concepts
help you visualize theories and concepts and see how to use tools and desktop features. In
addition, tables often are used to give you details and comparisons of practical and theoretical
information and can be used for a quick review.
• Chapter summary-Each chapter ends with a summary of the concepts introduced in the
chapter. These summaries provide a helpful way to recap and revisit the material covered in
the chapter.
• Key terms-All terms in the chapter introduced in bold text are gathered together in the Key Terms
list at the end of the chapter. This list gives you a way to check your understanding of all important
terms. All key term definitions are listed in the Glossary at the end of the book.
• Review questions-The end-of-chapter assessment begins with review questions that reinforce the
concepts and techniques covered in each chapter. Answering these questions helps to ensure that
you have mastered important topics.
• Critical thinking-Each chapter closes with one or more case projects to provide critical thinking
exercises. Many of the case projects build on one another.
• Exam objectives-Major sections in each chapter show the exam objective or objectives cov-
ered in that section, making it easier to find the material you need when studying for the
MCSAexam.
Introd uction -
Text and Graphics Conventions

Additional information and exercises have been added to this book to help you better understand what's
being discussed in the chapter. Icons throughout the book alert you to these additional materials:
Tips offer extra information on resources, how to solve problems, and time-saving shortcuts.
Notes present additional h~lpful material related to the subject being discussed.
The Caution icon identifies important information about potential mistakes or hazards.
Each hands-on activity in this book is preceded by the Activity icon.
Critical Thinking icons mark the end-of-chapter case projects, which are scenario-based assignments that ask you
to apply what you have learned in the chapter.
• Certification icons under chapter headings list exam objectives covered in that section.
Instructor Companion Site

Everything you need for your course in one place! This collection of book-specific lecture and class tools
is available online'Via www.cengage.com/login. Access and download PowerPoint presentations, images,
the Instructor's Manual, and more.
• Electronic Instructor's Manual-The Instructor's Manual that accompanies this book includes
additional instructional material to assist in class preparation, including suggestions for classroom
activities, discussion topics, and additional quiz questions.
• Solutions Manual-The instructor's resources include solutions to all end-of-chapter material,
including review questions and case projects.
• Cengage Testing Powered by Cognero-This flexible, online system allows you to do the following:
• Author, edit, and manage test bank content from multiple Cengage solutions.
• Create multiple test versions in an instant.
• Deliver tests from your LMS, your classroom, or anywhere you want.
Introduction
• PowerPoint presentations-This book comes with Microsoft PowerPoint slides for each chapter.
They're included as a teaching aid for classroom presentation, to make available to students on the
network for chapter review, or to be printed for classroom distribution. Instructors, please feel free
to add your own slides for additional topics that you introduce to the class.
• Figure.files-All the figures and tables in the book are reproduced in bitmap format. Similar to the
PowerPoint presentations, they're included as a teaching aid for classroom presentation, to make
available to students for review, or to be printed for classroom distribution.
Mindlap
MindTap for Tomsho / MCSA Guide to Identity with Windows Server 2016, Exam 70-742, is a personalized,
fully online digital learning platform of content, assignments, and services that engages students
and encourages them to think critically while allowing you to easily set your course through simple
customization options.
MindTap is designed to help students master the skills they need in today's workforce. Research
shows that employers need critical thinkers, troubleshooters, and creative problem solvers to stay
relevant in our fast-paced, technology-driven world. MindTap helps you achieve this with assignments
and activities that provide hands-on practice, real-life relevance, and certification test prep. Students are
guided through assignments that help them master basic knowledge and understanding before moving
on to more challenging problems.
The live virtual machine labs provide real-life application and practice. Based on the textbook's
Hands-On Activities, the live virtual machine labs provide more advanced learning. Students work in a
live environment via the Cloud with real servers and networks that they can explore. The IQ certification
test prep engine allows students to quiz themselves on specific exam domains, and the pre- and post-
course assessments are mock exams that measure exactly how much they have learned. Readings,
labs, and whiteboard videos support lectures, and "In the News" assignments encourage students to
stay current.
MindTap is designed around learning objectives and provides the analytics and reporting to easily
see where the class stands in terms of progress, engagement, and completion rates. Use the content and
learning path as is or pick and choose how our materials will wrap around yours. You control what the
students see and when they see it.
Students can access eBook content in the MindTap Reader, which offers highlighting, note-taking,
search, and audio (students can listen to text), as well as mobile access. Learn more at
http://www.cengage.com/mindtap/.
Instant Access Code: 9781337400916
Printed Access Code: 9781337400923
Acknowledgments
I would like to thank Cengage Product Team Manager Kristin McNary and Associate Product Manager
Amy Savino for their confidence in asking me to undertake this challenging project. In addition, thanks
go out to Michelle Ruelas Cannistraci, Senior Content Developer, who assembled an outstanding team to
support this project. A special word of gratitude goes to Deb Kaufmann, Development Editor, who took
an unrefined product and turned it into a polished manuscript. Danielle Shaw, Technical Editor, tested
chapter activities diligently to ensure that labs work as they were intended, and for that, I am grateful.
I also want to include a shout-out to a former student, Shaun Stallard, who was instrumental in the
creation of the end-of-chapter material including Chapter Summary, Key Terms, and Review Questions.
Finally, my family: my beautiful wife, Julie, lovely daughters Camille and Sophia, and son, Michael,
deserve special thanks and praise for going husbandless and fatherless 7 days a week, 14 hours a day, for
the better part of a year. Without their patience and understanding and happy greetings when I did make
an appearance, I could not have accomplished this.
Introduction . .
About the Author

Greg Tomsho has more than 30 years of computer and networking experience and has earned the CCNA,
MCTS, MCSA, Network+, A+, Security+, and Linux+ certifications. Greg is the director of the Computer
Networking Technology Department and Cisco Academy at Yavapai College in Prescott, Arizona. His other
books include MCSA Guide to Installation, Storage, and Compute with Windows Server 2016; Exam 70-740,
MCSA Guide to Networking with Windows Server 2016; Exam 70-741, Guide to Operating Systems; MCSA
Guide to Installing and Configuring Windows Server 2012/R2; Exam 70-410, MCSA Guide to Administering
Windows Server 2012/R2; Exam 70-411, MCSA Guide to Configuring Advanced Windows Server 2012/R2
Services; Exam 70-412, MCTS Guide to Microsoft Windows Server 2008 Active Directory Configuration; MCTS
Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration; Guide to Networking
Essentials; Guide to Network Support and Troubleshooting; and A+ CoursePrep ExamGuide.
Contact the Author

I would like to hear from you. Please email me at w2k16@tomsho.com with any problems, questions,
suggestions, or corrections. I even accept compliments! Your comments and suggestions are invaluable
for shaping the content of future books. You can also submit errata, lab suggestions, and comments via
email. I have set up a website to support my books at http://books.tomsho.com where you'll find lab notes,
errata, web links, and helpful hints for using my books. If you're an instructor, you can register on the site
to contribute articles and comment on articles.
Before rou Begin

Windows Server has become more complex as Microsoft strives to satisfy the needs of enterprise networks.
In years past, you could learn what you needed to manage a Windows Server-based network and pass the
Microsoft certification exams with a single server, some good lab instructions, and a network connection.
Today, as you work with advanced technologies-such as highly available DHCP, IPAM, and RADIUS, just
to name a few-your lab environment must be more complex, requiring several servers. Setting up this
lab environment can be challenging, and this section was written to help you meet this challenge. Using
virtual machines in Hyper-Von Windows 10 or Windows Server 2016 is highly recommended; other virtual
environments work, too, but you'll want to choose one that allows nested virtualization, which means
running a virtual machine within a virtual machine so you can do some of the Hyper-V activities that require
it. Using virtual machines is also highly recommended because it allows you to easily change the storage and
network configuration of your servers and allows you to revert your lab to its original state for each chapter.
The MindTap digital on line learning platform for this text includes access to live virtual machine labs based on the
textbook's hands-on activities without the need to set up your own lab environment.
Lab Setup Guide
If you can't set up a lab environment exactly as described in this section, you might be able to configure a partial
lab with just one Windows Server 2016 server and still do many of the hands-on activities. Having two servers is
even better, and having three enables you to do the majority of the book's activities. If you can't do an activity, it's
important to read the activity steps to learn important information about Windows Se!ver 2016.
- Introduction
Because of the flexibility and availability of using a virtual environment, the lab setup guide is
designed with the assumption that virtualization is used, whether Hyper-V, VMware, VirtualBox, or
some other product. The lab environment is designed so that the initial configuration of the virtual
machines will take you through any chapter. Each chapter starts with an activity that instructs the
reader to revert the virtual machines used in the chapter to the initial configuration using a saved
snapshot/checkpoint.
A total of four virtual machines (VMs) with Windows Server 2016 installed are used throughout the
book. However, they are not all used at the same time; some activities use as many as three VMs while
some require only one or two. No client OS is used. This decision was made primarily on the basis that
many readers will be using evaluation versions of Windows on their VMs and the evaluation period for
Windows client OSs such as Windows 10 is very short compared to Windows Server 2016's evaluation
period. In addition, Windows 10 is continually being upgraded and the upgrades may affect the outcome
of some of the activities. Therefore, any activities that require a client will use a VM that has Windows
Server 2016 installed. Readers should see little to no difference between using Windows Server 2016 as a
client OS and using Windows 10.
The activities use four VMs running Windows Server 2016 in which one server is a domain controller
(DC) and two servers are domain members. The fourth server is configured as a stand-alone server that
is operating in workgroup mode. Some activities require your VMs to access the Internet. An easy way
to accommodate this is to install the Remote Access role on your Hyper-V host (if you're using Hyper-V
and Windows Server 2016 for your host computer) and configure NAT so your Hyper-V host can route
packets to the physical network and the Internet. After installing the Remote Access role with the Routing
role service, configure NAT and select the interface connected to the physical network as the public
interface and the interface connected to the Hyper-V internal switch as the private interface. The interface
connected to the Hyper-V internal switch should be configured with address 192.168.0.250/24. Figure 1
shows a diagram of this network.
Virtual machines
ServerDC1
ServerDC1
192.168.0.1/24
Physical network Gateway: 192 .168.0.250
DNS: 127.0.0.1
Se rverDM1
192 .168.0.2/24
Internet Gateway: 192.168.0.250
Internal Private
DNS : 192.168.0.1
virtual switch virtual switch
192.168.0.0/24 192.168.1.0/24
ServerDM2
192 .168.0.3/24
Hyper-V Host Gateway: 192.168.0.250
running RRAS with NAT DNS: 192.168.0.1
One interface connected to the physical
network; the Hyper-V Internal interface ServerSA1
configured with address 192.168.0.250 192 .168.0.4/24
Gateway: 192.168.0.250
DNS: 192.168.0.1
Figure 1 A diagram of the lab configuration used in this book

Introduction -
A few words about this diagram:

• The router address is an example; you can use a different address. You can complete most activities
without a router to the Internet except those that require Internet access.
• ServerDC1 is a domain controller for domain MCSA2016.local and has both the Active Directory
Domain Services (AD DS} and DNS server roles installed.
• Specific installation requirements for each server are explained in the following sections.
Host Computer Configuration

The following are recommendations for the host computer when you're using virtualization:
• Dual-core or quad-core CPU with Intel-VT-x/EPT support. You can see a list of supported Intel
processors at http://ark.intel.com/Search/Advanced; click Processors and then select the "Intel-VT-x
with Extended Page Tables (EPT)" filter.
Most activities can be done without a CPU that supports EPT, but you can't install Hyper-Von a VM if the host
doesn't support EPT for Intel CPUs.
• 8 GB RAM; more is better.

• 200 GB free disk space.
• Windows Server 2016 or Windows 10 if you're using Hyper-V.
• Windows 10 or Windows 8.1 if you're using VMware Workstation or VirtualBox.
Server Configuration Details

ServerDC1
This virtual machine should be configured as follows:
• Windows Server 2016 Datacenter-Desktop Experience
• Server name: ServerDC1
• Administrator password: Password01
• Memory: 2 GB or more
• Hard disk 1: 60 GB or more
• Ethernet connection-Connected to Internal Virtual Switch
• IP address: 192.168.0.1/24
• Default gateway: 192.168.0.250 (or an address supplied by the instructor)
·• DNS: 127.0.0.1
• Ethernet 2 connection-connected to Private Virtual Switch
• IP address: 192.168.1.1/24
• Default gateway: Not configured
• DNS: Not configured
• Active Directory Domain Services and DNS installed:
• Domain Name: MCSA2016.local
• Create the following users in the Users folder: domusen and domuser2 with Passwordo1;
password does not expire. These two users are only members of the Domain Users group. Also
create domadmim and domadmin2 with Password01; password does not expire. These two users
are members of the Domain Admins group.
• Windows Update: Configured with most recent updates
Introduction
• Power Setting: Never turn off display

• Internet Explorer Enhanced Security Configuration: Turned off for Administrator
• User Account Control: Lowest setting
• After Server DC1 is fully configured, create a checkpoint/snapshot named InitialConfig that will be
applied at the beginning of each chapter's activities where this VM is used. Turn off the VM before
you create a checkpoint/snapshot.
ServerDM1
• Windows Server 2016 Datacenter-Desktop Experience
• Server name: ServerDM1
• Administrator password: Passwordo1
• Hard disk 2: 20 GB
• Ethernet connection-connected to Internal Virtual Switch
• IP address: 192.168.0.2/24
• DNS: 192.168.0.1 (the address of ServerDC1)
• IP address: 192.168.1.2/24
• Member of domain: MCSA2016.local
• Create the following local users: adminusen with Passwordo1 and password doesn't expire. User
is a member of the local Administrators group. Regusen with Password01 and password doesn't
expire. User is only a member of the local Users group.
• After Server DM1 is fully configured, create a Checkpoint/Snapshot named InitialConfig that will be
applied at the beginning of each chapter's activities where this VM is used.
ServerDM2
• Windows Server 2016 Datacenter-Server Core
• Server name: ServerDM2
• IP address: 192.168.0.3/24
Introduction 11111
• IP address: 192.168.1.3/24
• Member of domain: MCSA2016.local
• After Server DM2 is fully configured, create a Checkpoint/Snapshot named InitialConfig that will be
ServerSA1
This virtual machine sh:ould be configured as follows:
• Windows Server i016 Datacenter-Desktop Experience
• Server name: ServerSA1
• IP address: 192.168.0.4/24
• IP address: 192.168.1.4/24
• Workgroup: MCSA2016 (The workgroup name doesn't matter)
• After Server SA1 is fully configured, create a checkpoint/snapshot named InitialConfig that will be
Using an Evaluation Version of Windows Server 2016

You can get a 180-day evaluation copy of Windows Server 2016 from the Microsoft Evaluation Center at
https://www.microsojt.com/en-us/evalcenter/evaluate-windows-server-2016/. You will need to sign in with
your Microsoft account or create a new account. You can download an ISO file that can then be attached
to your virtual machine's DVD drive to install Windows Server 2016.
If your evaluation version of Windows Server 2016 gets close to expiration, you can extend the
evaluation period (180 days) up to five times. To do so, follow these steps:
1. Open a command prompt window as Administrator.
2. Type slmgr -xpr and press Enter to see the current status of your license. It shows how many days
are left in the evaluation. If it says you're in notification mode, you need to rearm the evaluation
immediately.
Introduction
3. To extend the evaluation for another 180 days, type slmgr -rearm and press Enter. You see a mes-
sage telling you to restart the system for the changes to take effect. Click OK and restart the system.
4. After you have extended the evaluation period, you should take a new checkpoint/snapshot and
replace the InitialConfig checkpoint/snapshot.
Where to Go for Help

Configuring a lab and keeping everything running correctly can be challenging. Even small configuration
changes can prevent activities from running correctly. The author maintains a website that includes lab
notes, suggestions, errata, and help articles that might be useful if you're having trouble, and you can
contact the author at these addresses:
1. Website: htttp://books.tomsho.com
2. Email: w2k16@tomsho.com
.. ,..
•
CHAPTER 1
INTRODUCING
ACTIVE DIRECTORY
After :reading this chapter and completing the exercises, you will
be able to:
Describe the role of a directory service
Install Active Directory
Describe objects found in Active Directory
Work with forests, trees, and domains
Configure group policies
Active Directory is the core component in a Windows domain environment. The Active Directory
Domain Services role provides a single point of user identity and authentication, and client and server
administration. To understand Active Directory and its role in a network, you need to know what a
directory service is and how it's used to manage resources and access to resources on a network. Before
administrators can use Active Directory to manage users, desktops, and servers in a network, they need
a good understanding of Active Directory's structure and underlying components and objects, which are
covered in this chapter. You also learn how to install Active Directory and work with forests, trees, and
domains. Finally, you learn the basics of using the Group Policy tool to set consistent security, user, and
desktop standards throughout your organization.
-
- - CHAPTER 1 Introducing Active Directory
The Role of a Directory Service
• 70-742 - Install and configure Active Directory Domain Services (AD OS):
Install and configure domain controllers
Table 1-1 summarizes what you need for the hands-on activities in this chapter.
~ 'iiiflililM _J Activity requirements
Activity Requirements Notes·

Activity 1-1: Resetting Your Virtual Environment ServerSA1
Activity 1-2: Installing Active Directory Domain Services ServerSA1
Activity 1-3: Exploring Active Directory Container Objects ServerSA1
Activity 1-4: Viewing Default Leaf Objects ServerSA1
Activity 1-5: Creating Objects in Active Directory ServerSA1
Activity 1-6: Using the Command Line to Create Users ServerSA1
Activity 1-7: Locating Objects in Active Directory ServerSA1
Activity 1-8: Publishing a Shared Folder in Active Directory ServerSA1
Activity 1-9: Viewing the Operations Master Roles and Global Catalog Server ServerSA1
Activity 1-1 O: Exploring Default GPOs ServerSA1
Activity 1-11: Working with Group Policies ServerSA1
A network directory service, as the name suggests, stores information about a computer network
and offers features for retrieving and managing that information. Essentially, it's a database composed
of records or objects describing users and available network resources, such as servers, printers, and
applications. Like a database for managing a company's inventory, a directory service includes functions to
search for, add, modify, and delete information. Unlike an inventory database, a directory service can also
manage how its stored resources can be used and by whom. For example, a directory service can be used to
specify who has the right to sign in to a computer or restrict what software can be installed on a computer.
A directory service is often thought of as an administrator's tool, but users can use it, too. Users
might need the directory service to locate network resources, such as printers or shared folders, by
performing a search. They can even use the directory service as a phone book of sorts to look up
information about other users, such as phone numbers, office locations, and email addresses.
Whether an organization consists of a single facility or has multiple locations, a directory service
provides a centralized management tool for users and resources in all locations. This capability does add
a certain amount of complexity, so making sure the directory service is structured and designed correctly
before using it is critical.
Windows Active Directory

Active Directory is a directory service based on standards for defining, storing, and accessing directory
service objects. X.500, a suite of protocols developed by the International Telecommunications Union (ITU), is
the basis for its hierarchical structure and for how Active Directory objects are named and stored. Lightweight
Directory Access Protocol (LDAP), created by the Internet Engineering Task Force (IETF.), is based on
CHAPTER 1 Introducing Active Directory 1111
the X.500 Directory Access Protocol (DAP). DAP required the seldom-used, high-overhead Open Systems
Interconnection (OSI) protocol stack for accessing directory objects. LDAP became a streamlined version of
DAP, using the more efficient and widely used TCP/IP-hence the term "lightweight" in the protocol's name.
So why is knowledge of LDAP important? You run across references to LDAP periodically when reading
about Active Directory, and as an administrator, you'll be using tools such as ADSI Edit that incorporate
LDAP definitions and objects or running programs that use LDAP to integrate with Active Directory. In
addition, integrating other OSs, such as Linux, into an Active Directory network requires using LDAP. In
fact, you use a tool that incorporates LDAP terminology in this chapter when you run some command-line
tools for working with Active Directory. LDAP and its syntax are covered in more detail when you work with
command-line tools in Chapter 2. For now, you focus on Active Directory and its structure and features.
Windows Active Directory became part of the Windows family of server OSs starting with Windows
2000 Server. Before Windows 2000, Windows NT Server had a directory service that was little more than
a user manager; it included centralized logon and grouped users and computers into logical security
boundaries called dom~ins. The Windows NT domain system was a flat database of users and computers
with no way to organiz~ users or resources by department, function, or location. This single, unstructured
list made managing large numbers of users cumbersome.
Active Directory's hierarchical database enables administrators to organize users and network
resources to reflect the organization of the environment in which it's used. For example, if a company
identifies its users and resources mostly by department or location, Active Directory can be configured
to mirror this structure. You can structure Active Directory and organize the objects representing users
and resources in a way that makes the most sense. Active Directory offers the following features, among
others, that make it a highly flexible directory service:
• Hierarchical organization-This structure makes management of network resources and
administration of security policies easier.
• Centralized but distributed database-All network data is centrally located, but it can be distributed
among many servers for fast, easy access to information from any location. Automatic replication
of information also provides load balancing and fault tolerance. Active Directory replication is the
transfer of information among all domain controllers to make sure they have consistent and
up-to-date information.
• Scalability-Advanced indexing technology provides high-performance data access whether Active
Directory consists of a few dozen or a few million objects.
• Security-Fine-grained access controls enable administrators to control access to each directory
object and its properties. Active Directory also supports secure authentication protocols to
maximize compatibility with Internet applications and other systems.
• Flexibility-Active Directory is installed with some predefined objects, such as user accounts and groups,
but their properties can be modified, and new objects can be added for a customized solution.
• Policy-based administration-Administrators can define policies to ensure a secure and consistent
environment for users yet maintain the flexibility to apply different rules for departments,
locations, or user classes as needed.
Overview of the Active Directory Structure

As with most things, the best way to understand how Active Directory works is to install it and start
using it, but knowing the terms used to describe its structure is helpful. There are two aspects of Active
Directory's structure:
• Physical structure
• Logical structure
Active Directory's Physical Structure

The physical structure consists of sites and servers configured as domain controllers. An Active Directory
site is nothing more than a physical location in which domain controllers communicate and replicate
information periodically. Specifically, Microsoft defines a site as one or more IP subnets connected by
CHAPTER 1 Introducing Active Directory
high-speed LAN technology. A small business with no branch offices or other locations, for example,
consists of a single site. However, a business with a branch office in another part of the city connected
to the main office through a slow WAN link usually has two sites. Typically, each physical location with
a domain controller operating in a common domain connected by a WAN constitutes a site. The main
reasons for defining multiple sites are to control the frequency of Active Directory replication and to
assign policies based on physical location.
Another component of the physical structure is a server configured as a domain controller (DC),
which is a computer running Windows Server 2016 with the Active Directory Domain Services role
installed. Although an Active Directory domain can consist of many domain controllers, each domain
controller can service only one domain. Each DC contains a full replica of the objects that make up the
domain and is responsible for the following functions:
• Storing a copy of the domain data and replicating changes to that data to all other domain
controllers throughout the domain
• Providing data search and retrieval functions for users attempting to locate objects in the directory
• Providing authentication and authorization services for users who sign in to the domain and
attempt to access network resources
Active Directory's Logical Structure

The logical structure of Active Directory makes it possible to pattern the directory service's look and feel
after the organization in which it runs. There are four organizing components of Active Directory:
• Organizational units
• Domains
• Trees
• Forests
These four components can be thought of as containers and are listed from most specific to broadest
in terms of what they contain. To use a geographical analogy, an organizational unit represents a
neighborhood, a domain is the city, a tree is the state, and a forest is the country.
An organizational unit (OU) is an Active Directory container used to organize a network's users and
resources into logical administrative units. An OU contains Active Directory objects, such as user accounts,
groups, computer accounts, printers, shared folders, applications, servers, and domain controllers.
The OU structure often mimics a company's internal administrative structure, although this structure
isn't required. For example, a corporation might create an OU for each department, but an educational
0
Mkt-Group
• !~- 0 Sales-Group
0
Scott
.,------,:- r
,ymmrqpffiID)
--
Computer3
n Kerri •
,-- (
I~·
IJ
CiZ'"W?lfPI® --
0
Amy
•
,;----:- r -
f<'ll7mT&Jl51IDI
1:~-
--
Computer1
• I~· Computer2
~ ( D
~
--
°7--] Computer4
-
Mkt-Server1
Sales-Server1
Marketing OU Sales OU
Figure 1-1 Active Directory organizational units

CHAPTER 1 Introducing Active Directory -
institution might create separate OUs for students, faculty, and administration or for campus locations.
You can use a combination of structures, too, because OUs can be nested in as many levels as necessary.
Besides being an organizational tool, OUs can represent policy boundaries, in which different sets of
policies can be applied to objects in different OUs. Figure 1-1 shows OUs and the types of objects in them.
A domain is Active Directory's core structural unit. It contains OUs and represents administrative,
security, and policy boundaries (see Figure 1-2). A small to medium company usually has one domain
with a single IT administrative group. However, a large company or a company with several locations
might benefit from having multiple domains to separate IT administration or accommodate widely
differing network policies. For example, a company with major branches in the United States and the
United Kingdom might want to divide administrative responsibilities into domains based on location,
such as US.csmtech.local and UK.csmtech.local domains, each with a separate administrative group and
set of policies. This arrangement addresses possible language and cultural barriers and takes advantage of
the benefit of proximity.
Sales OU Marketing OU
csmtech.local domain
Figure 1-2 An Active Directory domain and OUs
An Active Directory tree is less a container than a grouping of domains that share a common
naming structure. A tree consists of a parent domain and possibly one or more child domains
(also called subdomains) that have the same second-level and top-level domain names as the parent
domain. For example, US.csmtech.local and UK.csmtech.local are both child domains of the parent
domain csmtech.local, and all three domains are part of the same tree. Furthermore, child domains
can have child domains, as in phoenix.US.csmtech.local. Figure 1-3 depicts domains in an Active
Directory tree.
An Active Directory forest is a collection of one or more trees. A forest can consist of a
single tree with a single domain, or it can contain several trees, each with a hierarchy of parent
and child domains. Each tree in a forest has a different naming structure, so although one tree
might have csmtech.local as the parent, another tree in the forest might have csmpub.local as its
parent domain. A forest's main purpose is to provide a common Active Directory environment in
which all domains in all trees can communicate with one another and share information yet allow
independent operation and administration of each domain. Figure 1-4 shows an Active Directory
forest and the trees and domains it contains. Every forest has a forest root domain, which is the first
domain created in a new forest. The forest root domain is discussed later in the section "The Role
of Forests."
This section has given you an overview of Active Directory components. You learn more about Active
Directory account objects in Chapter 2. To understand its features and structure, you install and work with
Active Directory in the next section.
Another random document with
no related content on Scribd:
Sie hatten nicht gleich im ersten Augenblick das „Du“ gefunden.
Und nun blieb’s beim „Sie“, das ein paar Meter Entfernung zwischen
sie legte.
Papa knabberte mit seinen sehr weißen Porzellanzähnen an dem
Gebäck und schlürfte den Tee mit leisem Vibrieren seiner feinen
Nasenflügel.
„Tja ... meine lieben Kinder ... Ihr wollt also das große Ereignis
hier in Berlin abwarten? Charmant, charmant. Ich hätte mich ja noch
gern ein Weilchen geduldet mit Großvaterfreuden, denn ... eine noch
unsichere Karriere gleich mit Elternsorgen zu beginnen, das ist ... na
ja ... Aber natürlich, lieber Schwiegersohn, will ich Ihrer Beurteilung
der Sachlage nicht vorgreifen. Meine gute Frau hätte ja am liebsten
ein Dutzend solch kleiner Schreihälse und Freßmäuler gehabt ... tja
... Da muß man eben den tauben Mann spielen. Im Interesse des
Hauses und ... tja ...“
Papas tenorale Stimme durchdrang den hellen Raum wie eine
Kindertrompete. Gleichzeitig klopfte er Karla liebevoll auf die Wange.
„Armes Kind! War es so pressant? ... Tja ... das Temperament ...
das verflixte Temperament! ... Das ist ein Erbteil ihrer Mutter. Ein
Vulkan war meine gute Frau — ein Vulkan! Hat uns kurz gehalten,
deine gute Mutter, wie?“
Er führte Karlas Fingerspitzen an seine Lippen und knabberte ein
neues Küchelchen an.
„Mein lieber Schwiegersohn, als meine gute Frau starb, da
blieben wir zurück — Karla und ich — wie zwei Vögel, die Jahre lang
im Dunkel gehalten — plötzlich freigegeben worden sind. Wir wagten
uns die ersten Tage kaum an den verschlossenen Schrank der
Kredenz ... nicht wahr, mein Kind? Erst ganz allmählich und
nachdem Karla mich verlassen hatte, erwachte ich aus der
Erstarrung, ergriff sozusagen Besitz von dem, was mir gehörte. Der
Umzug in diese helle freundliche Wohnung machte ein übriges. Tja
... und nun finde ich auch, daß das Leben recht erfreuliche Seiten
hat, wenn man ein bißchen an sich selbst denken darf.“
Altmann wollte einwerfen: Sie hatten aber noch ein Kind, und
dieses Kind darbte. Aber er fühlte, daß er dem alten Herrn damit
nicht kommen durfte. Vielleicht hätte er in der Jugend alles verpraßt,
wenn die Frau ihm sein bißchen Gut nicht mit erbarmungsloser
Strenge zusammengehalten hätte. Im Alter war er eben
selbstsüchtig und genüßlich geworden.
Karla führte die schöne Tasse mit heimlichem Herzklopfen zum
Mund. Wenn die Mutter sähe, wie so das feine Geschirr ...
Indem stieß sie mit Altmanns Hand zusammen, der ihr den Korb
mit Gebäck reichte, und in der Angst, ihr Schwarzseidenes könnte
einen Fleck abbekommen, lockerten sich ihre Finger, und die Tasse
fiel zu Boden.
„O Gott! ...“
Papa winkte mit der Hand.
„Macht nichts, macht ja nichts. Bist eben immer noch das kleine
Trampeltier. Aber Scherben bedeuten Glück — also nur kein Drama
... bitte, ja kein Drama!“
Er streckte die Hand aus und läutete mit einer silbernen Klingel.
(Die Klingel hatte früher in Karlas Kindheit das Christuskind
eingeläutet.) Gleich darauf, so rasch, als hätte sie hinter der Tür
gestanden, um zu lauschen, kam die Wirtschafterin herein.
„Bitte, Pauline, ein kleines Malheur ....“
Pauline kehrte gleich darauf mit Tuch und Schaufel zurück und
beugte sich über die Tasse. Dabei rauschte ihr gestärkter Unterrock,
und die goldene Uhrkette glitzerte auf ihrem Kleid aus gediegenem
braunen Wollstoff. Ein für ihre Gestalt fast allzu zierliches
Tändelschürzchen deutete ihren dienenden Stand nur flüchtig an.
„Gott, ist mir das unangenehm“, klagte Karla.
„Aber das macht doch nichts, gnädige Frau, das Dutzend ist
ohnedies nicht mehr vollständig. Da fehlt ein Henkel, dort ein
Eckchen ... Aber der Herr Papa will doch eben nur die guten Sachen
benutzen.“
Der Papa klopfte ungeduldig auf die Tischplatte.
„Sind Sie bald fertig, Pauline?“
„Gleich, Herr König, gleich ... ich will der jungen Frau nur noch
das Kleid ein bißchen abwaschen, das hat auch einen Spritzer
abgekriegt.“
Karla hielt unter den energischen Fingern von Pauline und den
mißbilligenden Blicken von ihrem Papa und ihrem Mann still. Es
würgte sie etwas am Halse.
Wo war der Papa? Ganz, ganz weit weg war er. Und sie glaubte
plötzlich nicht, daß es ein Ischiasanfall gewesen war, der ihn von
ihrer Hochzeit ferngehalten hatte. Dem Haar, dem Kleid der
Wirtschafterin entströmte der kräftige Duft einer gesunden,
gepflegten Frau. Ein hübscher Ring schmückte einen Finger ihrer
rechten Hand.
„Na also, Pauline ....“
„Bin schon fertig.“
Ein Lächeln lag um den energischen, aber hübschen Mund. Die
kleinen, grauen Augen blitzten lustig auf.
„Bin schon fertig.“
Sie eilte sich gar nicht. Und ihr Rock wippte über dem
krachenden Unterrock herausfordernd hin und her.
Es blieb eine Weile still im hellen Zimmer.
„Tja ... eigentlich eine Perle ...“, sagte endlich der Papa und gab
seiner weißen Krawatte einen kleinen Stüber. — „Wenn man so
verwöhnt war wie ich ... Karla tat ja auch ihr möglichstes ... aber so
ein junges Ding, nicht wahr? ... Tja ... da habe ich richtig das große
Los gezogen. Sie kam als Pflegerin zu mir, als mich ein scheußlicher
Gichtanfall befiel ... tja ... na, und dann blieb sie, Gott sei Dank.“
Er schenkte die Gläser voll.
„Also, alles Gute, meine lieben Kinder ... alles Gute!“
Seine Stimme klang zerstreut. Altmann sah auf die Uhr. „Es wird
Zeit!“
Da wurde er wieder lebhaft, wie um den letzten Eindruck zu
vertuschen.
„Nein, nein .... warum denn ... Interessieren Sie sich für Schach,
lieber Schwiegersohn?“
„Interessieren, ist zu viel gesagt. Ich spiele — als blühender
Dilettant.“
„So ... so ...“
„Papa ist ein großer Schachspieler“, fügte Karla ein.
Der Papa zupfte sie am Ohr.
„Großer? Ta ta ... Redensart. Aber vielleicht habe ich meinen
Beruf verfehlt — hätte Diplomat werden müssen statt Tänzer. Oder
gar Feldherr ... Ich habe da eben jetzt eine Variante der spanischen
Partie ausprobiert, ein Gambit im Nachzug ... sehr schade, daß
unsere großen Meister sich mit diesem Gambitzug nicht befreunden
wollen — sehr schade. Ich habe darüber eine eifrige Diskussion mit
Herrn von Bardeleben gehabt beim Kongreß in Breslau. Übrigens
habe ich jetzt eine Korrespondenz mit Leipzig — ein Gang — wir
sind gerade beim siebenten Zug .... Und wenn alles klappt, dann
rutsche ich nächsten Winter nach Wien rüber und messe mich mal
mit dem guten Weiß. Steinitz und Tschigorin wollen auch dort sein.
Die Baronin Kolisch hat Preise gestiftet. Erster Preis fünftausend
Mark! Das zieht auch!“
Er warf die weiße Locke zurück, die ihm immer wieder kokett in
die Stirn fiel, und seine Finger streckten sich unwillkürlich nach den
Schachfiguren.
Karla hatte gehofft, ihm vorsingen zu können.
„Gibst du noch Unterricht, Papa?“, fragte sie, seltsam
verschüchtert durch seine Art.
„Unterricht? ... Ja ... natürlich. Man muß doch leben. Ich habe
gerade ein paar recht talentvolle Kerlchen in Arbeit. Aber eigentlich
ist die große Zeit des Balletts vorüber. Es wird nichts mehr
geschrieben. Und das Verständnis für Technik kommt ebenso
abhanden wie für Grazie. Wenn einer nichts kann, nennt er sich
Charaktertänzer. Kann er noch weniger, wird er Pantomimist.
Traurig, traurig ... Na, und wie geht’s mit dem Gesang? Die Kleine
hatte eine hübsche Stimme ... Und ich las, sie singt jetzt Wagner ...
bravo, bravo ... Sehen Sie, lieber Schwiegersohn, hier erteile ich
Unterricht.“
Es war ein ziemlich großer, kahler Raum, in dem nur ein alter
Flügel stand, und an der Wand Stühle und Sessel von verschiedener
Form.
„Na, Karla ... kennst du deine Partner wieder? ...“
Sie nickte. Ganz weh wurde ihr zumute. So lustig war der
Unterricht gewesen, so ganz aufgehen hatte sie dürfen in allen
Leidenschaften! Und dann nach der Stunde waren sie beide in die
Küche gelaufen und hatten dort gleich ihr Abendbrot verzehrt, damit
sie nicht so viel Mühe hatte. Und den ganzen Abend über hatte Papa
mit sich allein Schach gespielt, während sie im Nebenzimmer übte,
oder sie waren zusammen ins Theater gegangen und dann ins Café,
wo an Schachbrettern bartlose, nervöse Jünglinge, vornehme
Aristokraten und bebrillte, klug aussehende Männer saßen.
Das Eintreten von Papa wurde lebhaft begrüßt von den
Kiebitzen. Er mußte von dem Stück erzählen, und sein Urteil galt
etwas. Er ließ sich aber nie selbst zu einer Partie nieder.
„Es ist spät, ich muß meine Kleine nach Hause bringen!“
Karla hatte wohl oft gemerkt, daß es ihm schwer wurde,
abzulehnen. Aber wenn sie ihn bat, er möchte sich von ihr nicht
abhalten lassen, dann klopfte er ihr die Wange.
„Ich denk’ nicht dran ... wer weiß, wie lange ich dich noch bei mir
habe.“
Nicht zum mindesten aus Rücksicht auf Papa hatte sie das erste
kleine Engagement angenommen. Bei der Abfahrt merkte sie es ihm
so recht an, wie froh er war, allein zu bleiben. Aber doch schrieb er
immer kurze, liebevolle Kärtchen, schickte auch ab und zu ein paar
Taler und wiederholte immer wieder:
„Mein Gefühl sagt mir, du wirst noch einmal eine große, berühmte
Künstlerin. Halte dich, mein liebes Kind ...“
Sie hatte ihn eigentlich nicht wiedersehen wollen, bevor sie nicht
„eine große Künstlerin“ geworden. Aber nun der Zufall es so gefügt,
da war sie voll Erwartung gewesen und hatte gemeint, daß der
innige Zusammenhang zwischen ihnen geblieben war wie einst.
Und nun war es anders, ganz anders. Dem Schach galt offenbar
sein größtes Interesse. Darüber hatte schon die Mutter geschimpft,
es aber geduldet, weil es von allen „Leidenschaften“ die wenigst
kostspielige war. Die veränderte Lebensweise ... die
röckerauschende Pauline mit der goldenen Uhrkette ... Und nun
fragte er nicht einmal nach ihrer Stimme, forderte sie nicht auf, ihm
vorzusingen!
Sie würgte wieder etwas herunter. Und als sie den Kopf hob, fiel
ihr Blick in den verstellbaren Schaftspiegel, der den Schülern zur
Überprüfung ihrer Stellungen diente. Da erschrak sie.
Ja ... so, wie sie jetzt aussah ...!
Sie hätte Papa lieber gar nicht besuchen sollen in diesem
Zustand.
„Gehen wir“, sagte sie leise und zupfte Altmann am Ärmel.
Der Papa hielt sie nicht mehr zurück.
„Ihr laßt’s mich gleich wissen, wenn alles vorbei ist“, sagte er und
küßte Karla in die Luft.
Es waren noch vier Monate bis dahin.
Aber Karla sagte eilig:
„Ja gewiß, Papa ... sofort ...“
Sie lief so schnell die Treppe hinunter, daß Altmann sie an ihrem
Umhang festhielt.
„Was machst du, Karla ... renn doch nicht so ...“
Die Tränen rollten ihr unaufhörlich über die Wangen.
„Was ist denn? Was hast du denn?“
„Nichts, Ernst ... lieber, guter Ernst?“
Altmann lächelte vor sich hin, mit tief herabgezogenen
Mundwinkeln.
Auf Papa war fürs erste nicht zu rechnen. Da blieben wirklich nur
seine Leute — — —
ie Sonne brütete.
In dem Berliner Zimmer der Culmstraße rasselte die
Nähmaschine unter Adelens energischem Tritt. Karla schlang mit
heißen, welken Fingern winzige Ösen. Der Faden verprudelte sich
alle Augenblicke, dann gab es Knoten.
„Pfui, wie schludrig“, sagte Adele und trennte alles wieder auf.
Karla starrte auf Adelens geschickte Finger, ohne zu sehen.
Ganz elend war ihr; wie gefoltert kam sie sich vor. Das ging nun so
tagaus, tagein: linken Ärmel nähen, rechten Ärmel nähen, Seitenteile
aneinanderfügen, säumen, Ösen schlingen, Spitzen annähen —
winzig schmale, die sich zwischen den Fingern
zusammenzwirbelten.
Ihr wurden die Lider schwer dabei. Sie zerstach sich die Finger,
und ihr Rücken schmerzte, als hätte man ihn mit dem spanischen
Rohr bearbeitet, das drohend in einer Ecke stand.
Gegen Abend kam Altmann, um sie abzuholen. Er trug jetzt
immer seine guten Sachen, denn er war täglich in der Stadt,
verhandelte mit Agenten, besuchte das Café, um die Blätter zu
lesen.
Die Schwestern hatten erklärt, er müßte unter allen Umständen
an derselben Bühne engagiert werden wie Karla.
„Willst du von dem leben, was sie verdient — oder willst du, daß
sie sich allein irgendwo herumtreibt? Das ist doch unmöglich!“
Es war so manches „unmöglich“ in den Augen der Schwestern.
Aber sie hatten den bürgerlichen Anstand für sich, den sie jedesmal
ins Treffen führten und vor dem er sich beugte.
So suchte er denn ein Doppelengagement. Das erschwerte die
Lage außerordentlich. Seine persönlichen Gagenansprüche durften
natürlich bei weitem nicht an die Gage heranreichen, die er für Karla
durchsetzen mußte. Es gab immer ein schreiendes Mißverhältnis,
und schließlich wurden beide Gagen noch gedrückt.
Er beherrschte sich, um den Geschwistern seine Verstimmung zu
verbergen. Und so trat er meist mit einem Scherzwort ein, einer
freundlichen Frage, einem staunenden Ausruf.
„Potz Donner ... das wird ja eine Ausstattung wie für einen
Prinzen! ...“
Karla ließ alles stehen und liegen und hing sich an seinen Hals.
„Was hast du gehört? Wie wird es? Sind Aussichten?“
Aber sie sah es seinen Augen an, die finster blieben, während
seine Lippen sich lächelnd verzerrten, daß sich noch nichts erfüllt
hatte. Die wundervollen Gastspielverträge hatten gelöst werden
müssen, und es war noch gar nicht abzusehen, wann sich wieder
ähnliche Gelegenheiten bieten würden.
Sie murmelte mit zitternden Lippen:
„Wenn doch das Kind nicht wäre ... das schreckliche Kind!“
Aber Adele, die es mit ihren scharfen Ohren aufgefangen, schrie
sie an:
„Versündige dich nicht! Schäm’ dich, so zu sprechen! Pfui! ... Das
arme Kind kann einem ja leid tun, daß es eine solche Mutter
bekommt!“
„Sie meint es ja gar nicht so schlimm“, verteidigte Altmann lau.
„Na, mach’ dich fertig, Karla ... wir gehen jetzt nach Hause.“
Altmann war hin- und hergezerrt von widerstreitenden Gefühlen.
Die Schwestern hatten recht, aber Karla hatte auch recht. Das Kind
war unter diesen Umständen wirklich eine „Katastrophe“.
Er wohnte jetzt mit Karla in einem möblierten Zimmer in der
Goebenstraße. Sie lebten aus den Körben und Koffern, die in der
leerstehenden Mädchenkammer ihrer Wirtin standen. Den
Frühstückskaffee brachte sie ihnen gleich in Tassen, aus denen er
überschwappte bei ihrem watschelnden Gang. Dazu je eine
dünnbestrichene Schrippe. Sie reichte das Tablett zur halboffenen
Tür herein, durch die Karla ihren noch bloßen Arm hindurchstreckte.
Karla setzte sich an eine Tischecke und verzehrte ihr Frühstück
mit gesunder Lust. Denn viel anders hatte sie all die fünf Jahre am
Theater vor ihrer Heirat nicht gefrühstückt. Aber Altmann litt. Ihn
ekelte vor dem Essen im unaufgeräumten Zimmer, zwischen
herumliegenden Kleidungsstücken, vor dem übervollen
Waschtischeimer.
Aber auch da bezwang er sich. Karla konnte schließlich nichts
dafür. Das Schicksal hatte es so entschieden, und er selbst war nicht
leichtsinnig genug, um augenblicklichem Behagen die letzten
Spargroschen zu opfern.
Während sich Karla heißes Wasser aus der Küche holte, um
Taschentücher und Strümpfe in der Waschschüssel zu waschen,
schrieb er seine Briefe. Er griff nach wie vor seine Lieblingsidee auf,
Karla in Amerika anfangen zu lassen, um dann mit dem erworbenen
Gelde die Karriere in Deutschland zu beginnen. Verschiedene
Operngesellschaften rüsteten sich zu einer großen
Gastspielrundreise über das Wasser. Wenn Karla jetzt hätte
auftreten können — sie wären aus allen Sorgen heraus! Aber vor
Mitte September war selbst im besten Falle nicht darauf zu
rechnen ....
Ja ... das Kind! Das schreckliche Kind!
Sie aßen in einem kleinen Gasthaus Mittag, für fünfundsiebzig
Pfennige, mit Kaffee oder Käse als Nachtisch. Karla wählte den
Käse und leerte den halben Brotkorb, Altmann nahm Kaffee, um den
Nachgeschmack der sehr mäßigen Gerichte herunterzuspülen.
Nur Sonntags speisten sie in der Culmstraße gegen einen
Beitrag von zwei Mark. Altmann rechnete es trotzdem Adele hoch
an, daß sie die vermehrte Arbeit so willig auf sich nahm. Und er war
ihr unendlich dankbar, daß sie Karla jeden Nachmittag bei sich
behielt, wobei doch wieder eine Tasse Kaffee und ein gestrichenes
Brötchen für sie abfiel.
Altmann mußte alles mitberechnen, um über die bösen Tage
hinwegzukommen. Luise Altmann, die durch den langjährigen
Aufenthalt bei der englischen Familie ein leidliches Englisch sprach,
erbot sich, Karla englischen Unterricht zu geben. Zweimal
wöchentlich betrat sie auf eine Stunde das Berliner Zimmer der
Culmstraße.
Vicki und Fritz Maurer brachten ihre englischen Hefte zur
Durchsicht. Dann kam Karla dran. Sie war, wie es sich herausstellte,
nicht unbegabt für Sprachen, aber wenn sie Fehler machte, lachte
Vicki sie aus. Vicki lachte überhaupt sehr viel, putzte sich gern und
hatte Freundinnen, bei denen sie, wie sie sagte, halbe Tage
zubrachte. Zu Hause gab es immer Streit zwischen ihr und Fritz. Er
beschwerte sich, daß sie ihm seine Bleistifte und Federn nähme,
Seiten aus seinen Heften herausrisse. Manchmal kriegten sie
einander bei den Haaren. Fritz bearbeitete dann ihren Rücken, sie
zerkratzte ihm das Gesicht. Dann griff Adele zum Rohrstock und
haute links und rechts um sich, wohin es gerade traf.
Es war nicht erzieherisch, aber wirksam.
„Ekelhaftes Frauenzimmer“, murrte Fritz und zeigte Vicki noch
einmal, aber diesmal aus der Entfernung, die Faust.
„Widerlicher Bengel“, schimpfte Vicki und heulte los.
Es war oft sehr lärmend in der Wohnung, und Karla dröhnte der
Kopf.
Auf dem Heimwege, während Altmann mit ihr einiges zum
Abendessen einkaufte, fragte er:
„Hast du geübt, Karla?“
Denn Adele hatte in der großmütigsten Weise erklärt, das Klavier
stünde Karla jederzeit zum Üben zur Verfügung.
Aber Karla hatte von dem Anerbieten bisher noch keinen
Gebrauch gemacht: das Lärmen der Kinder, das Rasseln der
Nähmaschine übertönten die Skalen. Und hatte sie zehn Minuten
Übungen gesungen, so kam gewiß Adele herein:
„Ach, sing’ doch was Nettes, Karla.“
Oder sie brachte ein Lätzchen, das sie eben fertiggenäht hatte,
oder ein Nachtröckchen, das Karla bewundern sollte. Dann hieß es
wohl auch:
„Bist du bald fertig, Karla, die Kinder müssen auch üben.“
Oder: „Alwin ist eben gekommen!“, was soviel sagen wollte wie:
Alwin will Ruhe haben! Denn Dr. Maurer war immer müde, wenn er
aus der Schule kam, und „vertrug keinen Lärm“!
Wenn er auch hereinguckte und murmelte: „Laß dich nicht
stören, Karla ...“, so sah sie doch den Stoß Hefte unter seinem Arm
und klappte hastig den Klavierdeckel zu.
Nein — zum Üben kam sie wirklich nicht. Aber da sie wußte, daß
ihr Mann keine Entschuldigungen gelten ließ, die seine Leute
belasteten, so schob sie es auf ihren Zustand. Sie war so matt,
fühlte sich so elend.
„Na ja ... mein liebes Kind, du hast einfach keine Energie. Auf die
Art wirst du nie etwas erreichen. Auf die Art gewiß nicht! ...“
Es gab immer unangenehme Auseinandersetzungen,
Verstimmungen. Karla schwieg und dachte sich ihr Teil. Sonntags,
am Familientisch, an dem auch Luise Altmann regelmäßig teilnahm,
wurde viel über Karlas Energielosigkeit gesprochen. Nur — der
Kinder wegen — sehr schonend in der Form.
Während des schwarzen Kaffees legte man sich keine Zügel
mehr an. Die Kinder waren ja auch nicht mehr da. Altmann blickte
unzufrieden und nervös drein.
„Ihr fehlt eben der Ernst.“
Und darüber waren sich alle einig, Karla hatte keinen Ernst.
Eines Sonntags mußte Vicki eine Mozartsche Sonate vorspielen,
mit der sie gerade „fertig“ geworden war bei ihrer Lehrerin.
„Nett, sehr nett“, sagte Luise Altmann.
Dr. Maurer zupfte Vicki an ihrem dicken blonden Zopf.
„Brav, Vicki ...“
Und dann gab er ihr einen Groschen.
Nun sollte auch Karla singen.
Karlas Augen wurden noch runder, als sie es für gewöhnlich
waren, und ihre kaum angedeuteten Brauen rutschten bis zur Mitte
der Stirn hinauf.
Ja, waren denn die alle ganz verrückt geworden? Jetzt
verlangten sie von ihr, sie sollte vorsingen, wie Vicki vorspielte ...
Von i h r verlangten sie das, der die Jugend einer ganzen Stadt
zugejubelt, von i h r , die mit Blumen überschüttet worden war, wenn
sie nach einer großen Partie sich wieder und immer wieder hatte vor
dem Vorhang zeigen müssen?
„Ich denke ja nicht daran, jetzt zu singen.“
Vicki lachte los:
„Du hast wohl alles vergessen, Tante, wie?“
„Du impertinenter Fratz, was fällt dir ein? ...“
Karla hatte wohl selbst nicht geahnt, daß ihr die Hand so locker
saß. Vicki brüllte los, empört, aufs tiefste entrüstet.
„Wie darfst du, Tante ... was unterstehst du dich? ...“
Karla stand hochaufgerichtet mitten im Zimmer.
„Eine Rotznase bist du, daß du’s nur weißt!“
Und hochrot im Gesicht, mit funkelnden Augen und bebendem
Unterkiefer schrie sie:
„Bin ich die Tante oder nicht? Hat sie Respekt zu haben vor mir
oder nicht? Den Popo hat man ihr versohlt, als ich schon Tausende
begeisterte! Schmutzig hat sie sich noch gemacht, als ich mir schon
mein Geld verdiente! Und das erlaubt sich ...“
„Oh, Gott nein, wie ordinär ... so ordinär ...“
Vicki schlug die Hände über dem Kopf zusammen und lief aus
dem Zimmer.
„Nun ist’s aber genug“, donnerte Altmann und riß Karla an der
Hand.
Aber sie war wie aus den Fugen.
„Ihr macht mich ja verrückt, alle ... Verrückt macht ihr mich!!. Ich
bin doch kein kleines Kind ... Aber so behandelt ihr mich ja vor den
Bälgern hier! Es fehlt nur noch, daß ihr mir Vicki als Vorbild hinstellt!
... Ja, ja ... ich weiß, was ich rede. Gestern sagte Luise: Vickis
englisches Heft ist viel sauberer als deines! Bin ich ein Schulmädel?
Ich habe den Kopf voll. Meine Stimme ist viel wichtiger als all die
dummen Jäckchen und Lätzchen und englischen Vokabeln. Und
wenn ich sie verliere, dann seid nur ihr schuld ... jawohl, nur ihr! ...“
Ihre letzten Worte waren kaum noch zu verstehen. Ein
krampfhaftes Schluchzen erschütterte ihren Körper. Irgend jemand
drückte sie in einen Sessel. Luise Altmann stand vor ihr, mit einer
Wasserschüssel, in der Eisstücke schwammen. Adele mühte sich,
ihr die Taille aufzuhaken.
„Ernst,“ schluchzte Karla, ... „Ernst ...“, und streckte den Arm aus.
Aber Dr. Maurer hatte den Schwager in sein Arbeitszimmer
gezogen, auf dessen Ledersofa Fritz nachts schlief.
„Laß nur ... meine Damen werden schon fertig mit ihr ... Ein
kleiner hysterischer Anfall. Kommt vor in dem Zustand. Dazu die
Hitze. Vicki ist ja auch wirklich frech gewesen und wird daher Karla
um Entschuldigung bitten ... Immer ruhig Blut! Vaterfreuden wollen
auch erkauft werden.“
„Ich habe mich wahrhaftig nie so gehen lassen“, sagte Adele zu
ihrem Mann, als sie allein geblieben waren. „Und furchtbar ordinär
war sie ... da hat Vicki nicht so unrecht. Das sind doch keine
Redensarten! ...“
„Paß du mal lieber auf das Mädel auf, statt auf Karla
herumzuhacken!“
Dr. Maurer schlug mit dem Handrücken unwirsch auf die
entfaltete Zeitung.
Vicki hatte gebockt und war nicht zu bewegen gewesen, sich vor
Karla zu entschuldigen.
Karla war es, die ihr als erste die Hand gereicht hatte:
„Na, wollen wir uns wieder vertragen, Vicki?“
Und dann hatte sie gesungen. Eigentlich zum erstenmal.
Als wollte sie ihren Mann aussöhnen und alle, die den häßlichen
Auftritt mit erlebt hatten.
Und Dr. Maurer hatte plötzlich das Schlagen seines Herzens
gefühlt. Die Zigarre war ihm ausgegangen, war seinen Fingern
entglitten und irgendwohin gefallen. Die quellende, jubelnde Stimme
schlug machtvoll an längst verschlossene Tore. Wie ein schwerer
Wein weckte sie sein träges, schläfriges Blut und brachte es zum
Rauschen.
„Sing noch etwas, Karla ...“
„Gern ...“
Aber es fand sich nichts Rechtes vor, und Altmann wollte auch
nicht, daß sich Karla anstrenge. Auch seine Augen leuchteten.
Karlas Stimme hatte bis jetzt noch nichts von ihrer Schönheit
eingebüßt, sie war klangvoller, heißer, jubelnder denn je ....
Er riß plötzlich ihre beiden Hände an seine Lippen, ohne der
Schwestern zu achten, die seine Art peinlich berührte. Aber was
wußten sie, was alles in ihm vorging, während Karla sang, und daß
der Klang dieser Stimme ihm wieder die Welt erschloß, die sich
hinter schwarzen Nebelwänden verborgen gehalten.
Was wußte auch Adele von dem, was in ihres Mannes Seele
vorgegangen war während Karlas Gesang .....
Viel wichtiger war es ihr, daß ihre Schwester Luise erstaunt die
grauen Augen aufriß und dann langsam, fast ungläubig meinte:
„Aber sie hat ja wirklich eine sehr schöne Stimme.“
Immerhin — fein war Karla nicht. Und von Alwin war es zum
mindesten sehr merkwürdig, daß er sich zu Karlas Anwalt aufwarf.
Am nächsten Tage erklärte er, daß es „mäuschenstill“ zu sein
hätte, wenn Karla übte. Oder er würde mit einem Donnerwetter
dreinfahren! Er hatte sie sogar gebeten, nicht eher mit dem Üben
anzufangen, als bis er nach Hause käme.
Als sich Karla ans Klavier setzte und den Mund öffnete, wurde
sie plötzlich weiß wie ihr schmaler Kragen.
Noch einmal setzte sie an. Aber nur ein heiserer, tonloser Laut
entrang sich ihren Lippen.
Da stand sie auf, schloß behutsam den Deckel und wartete eine
Weile. Wartete, bis das Zittern ihrer Knie nachließ und sie gehen
konnte.
Wie ein nasses Linnen legte sich die heiße Zimmerluft an ihre
bleichen Wangen. Dr. Maurer öffnete leise die Tür:
„Was ist dir, Karla, warum so still?“
Aber sie gab ihm keine Antwort, machte nur eine hilflose
Bewegung mit der Hand und wankte ins Berliner Zimmer hinein, wo
Adele zwischen einem Berg von Kinderwäsche über ihrem
Wirtschaftsbuch saß.
ndlos dehnten sich die Wochen hin. Immer mehr Zeit
brauchte Karla, um die kurze Strecke zurückzulegen, die ihre
Wohnung von der ihrer Verwandten trennte. Manchmal sagte
sie sich, es wäre das beste, sie bliebe den ganzen Tag im Bett
liegen. Aber sie wußte, daß ihr Mann dann auch nicht ausgehen
würde, und sie konnte nicht mehr sein nervöses, finsteres Gesicht
sehen, ohne Herzklopfen zu bekommen.
Eines Tages bekam er das Anerbieten, für einen plötzlich
erkrankten Fachkollegen im Liegnitzer Sommertheater
einzuspringen. Auf drei, vier Wochen höchstens. Er wollte Karla
mitnehmen. Aber die Schwestern gaben das nicht zu. Er konnte
Karla doch jetzt keine Reise zumuten! Sie mußte sich schonen,
pflegen — um des Kindes willen vor allem.
Der jähe Freudenfunke, der in Karlas Augen aufgeblitzt war,
erlosch. Aber sie widersprach nicht. Sie ließ wortlos über sich
verfügen; wäre nach China gefahren, wenn man sie dorthin
geschickt hätte, und würde sich nicht aus ihrem Zimmer gerührt
haben, wenn man es für nötig gefunden hätte, sie dort
einzuschließen.
Nur als sie Altmanns Kopf in dem Fensterrahmen des
abfahrenden Zuges erblickte, da überkam sie etwas wie
Verzweiflung. Sie mußte sich auf eine Bank setzen und schluchzte
eine ganze Weile still vor sich hin.
Es war abgemacht worden, daß sie nur das erste
Morgenfrühstück zu Hause einnehmen sollte, alle anderen
Mahlzeiten aber bei Adele. Adele hatte einen durchaus
angemessenen Preis bestimmt. Sie wollte sich um Gottes willen
nicht bereichern an dem Bruder.
„Seine Leute“ benahmen sich eben „großartig“. Das mußte Karla
immer wieder ihrem Manne zugeben. Er verlangte geradezu, daß sie
es betonte und es sich immer wieder ins Gedächtnis rief.
Es war nicht seine Schuld, wenn Karla schon beim ersten
Aufwachen die Verpflichtung, den Tag in der Culmstraße zu
verbringen, als eine drückende Last empfand.
Die Schwestern konnten es sich nicht erklären, warum Karla so
schlecht aussah. Sie litt doch wahrhaftig keine Not! Die Stimme? ...
Die kam schon wieder ... und wenn nicht — du lieber Gott — da war
sie eben keine Sängerin mehr, brauchte sich nicht an allen
möglichen Theatern herumzutreiben. Dann hatte sie ihr Kind ... und
vielleicht kam das zweite ... Ernst würde sich dann auch um etwas
anderes umsehen. Die große Versicherungsgesellschaft, bei der sie
versichert waren, hatte im vorigen Monat einen verkrachten
Theaterdirektor angestellt, mit vierhundert Mark monatlich ...
Hochfeine Stellung. Wenn Ernst die Fühler ein wenig ausstreckte,
wenn ...
„Aber mir wurden doch für nur zwei Gastspielabende vierhundert
Mark geboten!“
Sie schrie es förmlich heraus, als könnte sie damit den großen
Stein wegschieben, den die Schwestern ihr auf die Brust rollten.
Adele zuckte die Achseln.
„Ist ja Unsinn ... Zufall .... Aber nur keine Aufregung, Karla ... das
schadet dir.“
Dr. Alwin Maurer verbrachte jetzt fast jeden Abend außer dem
Hause.
Er fühlte sich nicht mehr behaglich in seiner Wohnung. Karlas
Lage weckte Erinnerungen in ihm aus seinem eigenen Leben.
Er schlief unruhig. Einmal träumte er, Adele und Luise stünden
mitten unter einem Schwarm seltener, buntschillernder Vögel. Sie
griffen in die Luft, fingen einen Vogel und beschnitten ihm mit einer
großen Schere beide Flügel. Dann griffen sie nach einem zweiten,
einem dritten und so fort.
Seitdem sah er sie immer wie in seinem Traum. Ihm hatten sie
die Flügel beschnitten, jetzt beschnitten sie sie Karla .... Er konnte
nicht helfen. Da ging er lieber fort.
Eines Nachmittags gab Karla vor, daß sie sich elend fühle und zu
Bett wolle. Adele gab ihr ein paar Stullen mit und allerlei gute
Ratschläge. Wenn „ihr etwas wäre“, solle sie gleich zu ihr
herüberschicken.
„Hörst du, mach’ ja keine Dummheiten.“
Es war so gut gemeint. Karla hätte sich selbst prügeln mögen, als
es ihr zum Bewußtsein kam, daß sie die Wohnung verließ wie ein
Gefängnis. Sie sah sich sogar auf der Straße um, ob ihr niemand
folgte; denn Adele hatte ihr Vicki mitgeben wollen. Aber nein — sie
stand allein auf der Bülowstraße.
Hatte sie diesen Entschluß schon in der Culmstraße gefaßt oder
war es plötzlich über sie gekommen wie eine Eingebung — sie hätte
es nicht zu sagen vermocht. Sie stieg in die erste Elektrische ein, die
gerade stehenblieb, und ließ sich mitnehmen.
Sie sah nicht die belebten Straßen vor sich, sondern ein stilles,
helles Zimmer mit seidenen Stühlen, einem Schachtisch vor dem
Fenster, einem Glasschrank, mit feinen Meißener Tassen und vielen
Schleifen an den Wänden.
Trotz der noch kaum abgekühlten Luft fror sie, und es war ihr, als
könnte ihr nur dort — in dieser hellen Stube mit den schönen
Sachen und den vielen Erinnerungen warm werden.
Ja, sogar Papas kalte, tenorale Stimme schreckte sie nicht ab.
Sie würde den Umhang nicht ablegen, und Papa würde ihr Tee
bringen und ganz feine Brotschnittchen. Er würde ihre Hand
tätscheln und fragen: „Na, Kleine, wie geht’s?“
Und diese wenigen Worte würden ihr viel, viel mehr bedeuten als
alles, was die Schwägerinnen ihr sagten. Denn sie würden sie
erinnern an tausend gleiche Fragen aus der Zeit ihrer Kindheit.
Diese Kindheit aber — so wenig freudvoll sie gewesen war —
jetzt sah sie sie in einem verklärten Lichte. Sie atmete den
Morgenkaffee ein, den die Mutter vor sie hingesetzt hatte, und den
Duft der Äpfel in der Ofenröhre. Mutter war hitzig und hatte eine
lockere Hand, aber Mutters Hand war auch weich, wenn sie Karlas
Haar bürstete oder ihr über die Wangen fuhr, wenn sie mit einer
guten Zensur nach Hause kam. Mutters Hand war auch geschickt
und willig, all die hundert Risse und Löcher zu stopfen in Schürzen,
Röckchen und Strümpfen. Mutters Hand war sparsam im Alltag, war
aber auch freigebig zu Weihnachten und an Karlas Geburtstag. Da
zählte sie nicht die Äpfel und Pfefferkuchen und geizte nicht mit
netten, nützlichen Sachen. Das Schönste freilich war immer von
Papa: ein glitzerndes Kettchen etwa, ein silberner Armreif, ein
blinkendes Kreuz oder seidenes Tüchelchen. Der Papa tänzelte
dann immer so drollig gespannt um den Gabentisch und winkte ab:
„Ta ta ta“, wenn sie ihm an den Hals flog.
Es war eigentlich nicht recht, daß sie sich so viel mehr über
Papas Kinkerlitzchen freute als über Mutters gediegene Sachen.
Aber daran war nun mal wieder nichts zu ändern, und Mutter konnte
nichts tun, als mit einem Donnerwetter dazwischenfahren, wenn sie
den Papa gar zu stürmisch umhalste und ihn nicht loslassen wollte.
Karla saß in der Elektrischen und merkte es gar nicht, daß ihr die
Augen schwer wurden von dicken Tränen. Sie hatte eine solche
Sehnsucht nach den paar Zimmern, die „ihr Zuhause“ umschlossen,
nach dem Papa, auf dessen Schoß sie einst gesessen, nach dem
„Ta ta ta“, mit dem er ihr vielleicht das Wort abschneiden würde,
wenn sie ihm ihre Sehnsucht gestand ...
Der Wagen hielt am Lützow-Platz. Sie mußte aussteigen. Sie
durchquerte den Platz und bog in die Schillstraße ein. Es war noch
hell, aber doch senkten sich schon bläuliche Schatten zwischen die
weißen Häuser.
Die Straße machte ihr auch heute einen neuen, lustigen,
friedlichen Eindruck. Einzelne Damen blieben mit den Blicken länger
an ihr haften, als es allgemein üblich war, und lächelten dann halb
gerührt, halb ermutigend.
Ja ... sie war wohl schon sehr stark ... Das Gehen wurde ihr auch
schwer, und das zweite Leben in ihr wurde oft ungebärdig.
Manchmal mußte sie stehen bleiben, weil sie meinte, es schnüre ihr
etwas den Atem ab. So war es eben jetzt ... Doch sie mußte lächeln
in all ihrer Not. Und sie murmelte vor sich hin:
„So ein Nichtsnutz ... so einer ...“

Textbook Mcsa Guide To Identity With Windows Server 2016 Exam 70 742 1St Edition Greg Tomsho Ebook All Chapter PDF

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Textbook Mcsa Guide To Identity With Windows Server 2016 Exam 70 742 1St Edition Greg Tomsho Ebook All Chapter PDF

Uploaded by

Copyright:

Available Formats

MCSA Guide to Identity with Windows

Server 2016 Exam 70 742 1st Edition

MCSA Guide to Identity with Windows Server 2016 Exam 70

MCSA windows server 2016 study guide exam 70 742 Panek

MCSA Windows Server 2016 Complete Study Guide: Exam

McSa Guide to Installation, Storage, and Compute with

MCSA Windows Server 2016 Study Guide Exam 70 740 2nd

MCSA 70 741 Cert Guide Networking with Windows Server

MCSA 70-740 Cert Guide: Installation, Storage, and

MCSA Windows 10 Study Guide Exam 70 698 1st Edition

Exam #70-742: Identity with Windows Server 2016

Install and configure domain controllers 1, 6, 7

MCSA Guide to Identity with Windows © 2018 Cengage Learning, Inc.

Senior Content Developer: Michelle Ruelas

Production Director: Patty Stephan

(engage is a leading provider of customized learning solutions with

Cengage products are represented in Canada by Nelson Education, Ltd.

To learn more about Cengage platforms and services, visit www.cengage.com

Notice to the Reader

GLOSSARY ......................................................................................................... 407

INDEX ................................................................................................................ 417

Managing OUs and Active Directory Accounts ................ .. ..................... 53

Configuring Read Only Domain Controllers ........................................ ..................................... 229

Implementing Active Directory Certificate Services ... ....................... 321

MCSA Exam 70-742 Objectives .......................................................... ..... ...... .401

GLOSSARY ............................................................................................................................ 407

What This Book Includes

• Extensive review and end-of-chapter materials reinforce your learning.

About Microsoft Certification: MCSA

Microsoft Certified Solutions Expert {MCSE): The Next Step

Text and Graphics Conventions

Each hands-on activity in this book is preceded by the Activity icon.

Instructor Companion Site

About the Author

Contact the Author

Before rou Begin

Lab Setup Guide

Figure 1 A diagram of the lab configuration used in this book

A few words about this diagram:

Host Computer Configuration

• 8 GB RAM; more is better.

Server Configuration Details

• Power Setting: Never turn off display

Using an Evaluation Version of Windows Server 2016

Where to Go for Help

Install Active Directory

Describe objects found in Active Directory

Work with forests, trees, and domains

Configure group policies

The Role of a Directory Service

~ 'iiiflililM _J Activity requirements

Activity Requirements Notes·

Windows Active Directory

Overview of the Active Directory Structure

Active Directory's Physical Structure

Active Directory's Logical Structure

Figure 1-1 Active Directory organizational units

Figure 1-2 An Active Directory domain and OUs

You might also like