Exam 70-412 – Configuring Advanced Windows 2012 R2 Services

70-412 Study Guide


Introduction to the 70-412 Exam

70-412 is the third and final exam that completes the MCSA Server 2012 certification. As the certification title suggests, it has a strong focus on configuring advanced Windows Services in 2012 R2. Not only does it build on previous exams, it covers a wide range of objectives that most IT professionals will have little no experience with. This includes AD FS, AD RMS, AD CS and IPAM. Although many of the objectives will be new and challenging, it is widely accepted that the 70-412 is easier than the 70-411 as there are no challenging network objectives this time around.

Like the previous exams, there are a large number of resources that can be utilized to help prepare for the 70-412. As stated in our previous guides, many of these resources are extremely beneficial and when used together can be quite powerful. However, the resources on their own (exam books, CBT nuggets, practice exams, etc.) do not cover enough material and do not go in-depth enough to give adequate preparation to get certified. We strongly urge you to utilize Microsoft’s Technet Library as it is the absolute best resource for this certification and is completely free. IT covers all of the objectives, is written by Microsoft, and goes into the level of detail that you are required to know to pass the tests.

As Technet is a large resource, it can be difficult to locate the information that is relevant to the exam you are preparing for. Our study guide below breaks down each objective and gives relevant links to the exact information you need for each objective. The majority of objectives are covered by Technet links, however, we also reference whitepapers, popular blogs, and powerful videos to help give you the best understanding as possible.

Keep in mind that many of the objectives have been extensively covered in previous versions of windows. Microsoft does not release new documentation unless the technology is new or has been greatly overhauled. Therefor, some of the links in this study guide may be referencing Server 2003 or 2008 information. The information provided is still valid for Server 2012 services and features.


What to Focus On – Difficult Objectives for the 70-412

Implement DAC – Dynamic access control is an objective that many of you will have little no no experience with. Since the implementation of NTFS, we have all been managing our permissions in the same manner. DAC completely changes the way we look at access controls. You are expected to configure device claim types, perform Access denied remediation, configure file classification, and implement policy changes.

Deploy and Manage IPAM – Unless you work for an organization that uses IPAM, it is likely that you have had next to no experience with it. This exam expects you to manage IPAM collections, delegate IPAM administration, Migrate to IPAM, Create and Manage IP blocks, Configure using GPOs and Configure server discovery

Configure Trusts – Although this is a small section on the exam, the concepts can be challenging to learn. Configure external trusts, shortcut trusts, forest trusts and realm trusts. Configure trust authentication, SID filtering and name suffix routing.

Active Directory Federation Services (AD FS) –  Implement claims-based authentication including Relying Party Trusts; configure Claims Provider Trust rules; configure attribute stores including Active Directory Lightweight Directory Services (AD LDS); manage AD FS certificates; configure AD FS proxy; integrate with Cloud Services; configure Claims Provider Trust rules; configure attribute stores including Active Directory Lightweight Directory

Working With Certificates – Manage certificates Manage certificate templates; implement and manage certificate deployment, validation, and revocation; manage certificate renewal; manage certificate enrollment and renewal to computers and users using Group Policies; configure and manage key archival and recovery

Active Directory Rights Management Services (ADRMS) – Install and configure Active Directory Rights Management Services Install a licensing or certificate AD RMS server; manage AD RMS Service Connection Point (SCP); manage AD RMS client deployment; manage Trusted User Domains; manage Trusted Publishing Domains; manage Federated Identity support; manage RMS templates; configure Exclusion Policies

Active Directory Certificate Services (ADCS) –  Install and configure Active Directory Certificate Services (AD CS) Install an Enterprise Certificate Authority (CA); configure , CRL distribution points; install and configure Online Responder; implement administrative role separation; configure CA backup and recovery

Objective Breakdown

Exam Breakdown

The 70-412 exam consists of 6 main objectives:

– Configure and Manage High Availability   (15-20%)

– Configure Network Load Balancing (NLB)
– Configure failover clustering
– Manage failover clustering roles
– Manage VM movement

– Configure File and Storage Solutions (15-20%)

– Configure advanced file services
– Implement Dynamic Access Control (DAC)
– Configure and optimize storage

– Implement Business Continuity and Disaster Recover (15-20%)

– Configure and manage backups
– Recover servers
– Configure site-level fault tolerance

– Configure Network Services (15-20%)

– Implement an advanced Dynamic Host Configuration Protocol (DHCP) solution
– Implement an advanced DNS solution
– Deploy and manage IP Address Management (IPAM)

Configure Active Directory Infrastructure (15-20%)

– Configure a forest or a domain
– Configure trusts
– Configure sites
– Manage Active Directory and SYSVOL replication

Configure Identity and Access Solution (15-20%)

– Implement Active Directory Federation Services (AD FS)
– Install and configure Active Directory Certificate Services (AD CS)
– Manage certificates
– Install and configure Active Directory Rights Management Services (AD RMS)

70-412 Exam Breakdown

Objective 1: Configure and Manage High Availability

Configure and Manage High Availability (15-20%)


Sub Objective: Configure Network Load Balancing (NLB)

Install NLB nodes:
NLB Architecture – NLB’s role in IP based applications
NLB Deployment – Overview of Deployment process
NLB Best Practices – NLB functionality and recommendations

Configure NLB Pre-reqs – What is required for NLB installation
Configure affinity– What is affinity and how to implement it
Configure port rules– Creating and managing NLB port rules
Configure cluster operation mode– Configure operation mode and parameters
Upgrade an NLB cluster – Preparing and upgrading cluster


Sub Objective: Configure servers

Configure cluster networking:
Failover Clustering Overview – Basics of failover clustering
Cluster networks Best Practices – Best practices and recommendations for clustering

Restore single node or cluster configuration – Backup and Recovery basics for Failover Clusters
Configure cluster storage – Setting up shared storage
Implement Cluster Aware Updating – Overview and features of implementing CUA

Upgrade a cluster:
In Place Migration – Migrating a two node cluster
Migration Paths – Paths to upgrade to a failover cluster


Sub Objective: Manage Failover Cluster Roles


Sub Objective: Manage Virtual Machine Movement

Objective 2: File and Storage Solution

Configure File and Storage Solutions (15-20%)

Sub Objective: Configure Advanced File Services

Configure NFS data store– NFS step-by-step guide
Configure BranchCache – Overview and configuration of Branch Cache

File Classification Infrastructure:
Whats new in FSRM 2012 R2 – New features of File Server Resource Manager
Working with File Classification – Overview and configuration of classification

Configure file access auditing– Configuration and understanding of auditing


Sub Objective: Implement Dynamic Access Control

Configure user and device claim types:
Dynamic Access Control Overview – Great video explaining DAC
Plan for Access Policy Deployment – plan and implement Access policu

Implement policy changes and staging:
DAC and authorization Policies – Another great video explaining DAC for AD and central auth policies
Configure central access policies – using different options to configure access policies
Deploy a Central Access Policy – Demonstration sets to configuring Central access policy

Perform access-denied remediation – Configure Access Denied Assistance
Configure file classification – Overview and configuration using a scenario


Sub Objective: Configure and optimize storage

Configure iSCSI Target and Initiator:
ISCSI Target in Server 2012 : Configuring and overview of ISCSI Targets
ISCSI Software Target 3.3 – updates and overview
Installing and Configuring ISCSI Initiator – Steps to install and set up ISCSI targets

Configure Internet Storage Name server (iSNS)
– ISNS server overview

Implement thin provisioning and trim:
Thin provisioning and trim storage – Overview and general understanding of Thin provisioning and trim
High Level understanding – Further and deeper understanding of thin provisioning

Manage server free space using Features on Demand:
Configure Features on Demand – Introduction and basic configuration of Features on demand
High Level understanding – Using powershell and commandline for features on demand

Objective 3: Business Continuity and Disaster Recovery

Implement Business Continuity and Disaster Recovery (15-20%)

Sub Objective: Configure and Manage Backups

Configure Windows Server backups – feature overview
Configure Windows Online backups– Integrating Windows Azure
Configure role-specific backups – An understanding of the benefits of role specific backups
Manage VSS settings using VSSAdmin– Using VSSadmin

Create System Restore snapshots:
Restore Points do not exist in 2012 – Forum post supporting argument
Powershell for restore point in Windows 7+8– Powershell for reference


Sub Objective: Recover Servers

Restore from Backups – how to restore from windows backup
Perform bare metal restore – how to perform bare metal restore

Recover servers using Windows Recovery Environment (Win RE) and safe mode:
Recover the Operating System – Steps to recover a crashed OS
Windows Recovery explained – Recovery environment explanation
Windows Recovery Technical Reference – How RE works, what it is, RE scripts

Apply System Restore snapshots – Managing restore points with powershell
Configure the Boot Configuration Data (BCD) store – Modify BCD store and using BCDedi


Sub Objective: Configure site level fault tolerance

Configure Hyper-V Replica including Hyper-V Replica Broker and VMs:
Deploy Hyper-V Replica – How to config and deploy Hyper-V replica
Virtualization Overview – Small course on Server 2012 virtualization
Authorization Entries – Authorization table configuration
Replica certificate based deployments – pre-reqs for certificate deployments

Configure multi-site clustering including network settings, Quorum, and failover settings – requirements and recommendations

Objective 4: Configure Network Services

Configure Network Services (15-20%)

Sub Objective: Implement a DHCP Solution

Create and configure superscopes and multicast scopes:
Configure DHCP Superscope – basic configration of DHCP superscopes
Configure DHCP multicast scope – basic configration of DHCP multiscopes

Implement DHCP v6:
DHCPv6 Stateless mode – overview of stateless mode for dhcpv6
DHCP IPv6 Lab – test lab for working with DHCPv6

Configure high availability for DHCP including DHCP failover and split scopes:
DHCP failover – step-by-step configuring DHCP failover
Configuring Split Scope – Simple configuration for split scope
DHCP split scope exercise 1– step-by-step configuring split scope in a lab environment
DHCP split scope exercise 2 – another walk through guide for split scope

DHCP Name Protection – Configuration and overview of DHCP name protection


Sub Objective: Implement an Advanced DNS Solution

Configure security for DNS including DNSSEC, DNS Socket Pool, and cache locking:
Understanding DNSSec in Windows – concepts and basic understanding of DNSSec
Configure DNSSec – Step-by-Step DNS-Sec configuration lab
DNS Socket Pool – Configuring Port Randomization
DNS Cache Locking – What is cache locking

Configure DNS logging – Set up DNS Logging in Server 2012 R2
Configure delegated administration – Allow DNS delegation
Configure DNS Recursion – enable and disable recursion on DNS server
Configure netmask ordering – Set up DNS netmask ordering options

configure a GlobalNames zones :
Single Label DNS Resolution – What is single label resolution
Create GlobalName zones – creating and configuring Global name zones
Deploy GlolalName Zones – how to deploy and create


Sub Objective: Deploy and Manage IPAM

Configure IPAM manually or by using Group Policy:
IPAM in Server 2012 – Walk through demonstration of IPAM
IPAM Deploy Checklist – Checklist for deploying IPAM server
Get Started with IPAM – How to start the configuration process
IPAM in depth – Great video that goes into great detail about IPAM in Server 2012

Configure Server Discovery – Basic configuration for discovery
Create and Manage IP Blocks – IP address management
Monitor utilization of IP address space – manage and monitor IP spaces
Delegate IPAM administration – Forum post explaining IPAM delegation

Objective 5: Configure Active Directory Infrastructure

Configure Active Directory Infrastructure (15-20%)

Sub Objective: Configure a Forest or Domain

Implement multi-domain environment – Deploying ADDS
Upgrade existing domains– Raising domain functional levels
Configure multiple user principal name (UPN) suffixes – Add user principal name suffixes


Sub Objective: Configure Trusts

Configure external, forest, shortcut, and realm trusts – How domain and forest trusts work
Configure trust authentication – Authentication Referral processing
Configure SID filtering – Securing External Trusts
Configure name suffix routing – Enable and disable name suffix routing


Sub Objective: Configure Sites

Configure Sites and Subnets:
Active Directory Sites and Services – overview and concepts
Active Directory Replication Topology – windows powershell and managing replication
Understanding Sites, subnets and Site links – Overview and concepts of sites, subnets and site links
Creating a Site – configuration for creating a site
Creating a subnet –  configuration for creating a subnet

Create and configure site links – Overview of creating site links
Move domain controllers between sites – How to move DCs to different sites
Managing Site Coverage – A great blog entry that discusses site coverage concepts


Sub Objective: Manage Active Directory and Sysvol Replication

Configure replication to Read-Only Domain Controllers  – RODC planning and deploying
Configure Password Replication Policy– Password replication policy overview and config
Monitor and manage replication– Complete overview and understanding of replication topology
Upgrade SYSVOL replication to Distributed File System Replication – Sysvol replication migration guide

Objective 6: Configure Identity and Access Solutions

Configure Active Directory Infrastructure (15-20%)

Sub Objective: Implement Active Directory Federation Services

Implement claims-based authentication:
ADFS Deployment Guide – overview and concepts of ADFS
Relaying Party Trusts – monitoring, identifiers, signatures, encryption etc

Configure Claims Provider Trust rules – Creating claims rules for claims provider trusts

Configure attribute stores:
Attribute stores– overview and concepts of attribute stores
Roles of attribute stores – How attribute stores fit in with AD FS

Manage AD FS certificates – Understanding certificates in AD FS
Put ADFS in the cloud – Scenarios and overview of ADFS in azure

Configure ADFS Proxy:
Configure Federation Server Proxy – how to configure the proxy
Planning a proxy – Pre-reqs and requirements for a proxy


Sub Objective: Install and Configure Active Directory Certificate Services

Install and Enterprise Cert Authority:
Active Directory Cert Service Overview – understand what ADCS are used for
Cert Authority Guidelines – planning for PKI and cert authorities

Configure CRL distribution points  – how to configure CRL distro points
Install and configure Online Responder– Cert Services step by step guide including online responder
Implement administrative role separation – How to configure role seperation
Configure CA backup and recovery– Migrating and recovering the CA


Sub Objective: Manage Certificates

Manage certificate templates – Managing, deleting, upgradng and configuring templates

Implement and manage certificate deployment, validation, and revocation:
Cert Authority Web Enrollment – Guidelines to configuring and deploying web enrollment
Configuring Certificate Revocation – overview and configuration of revocation

Manage certificate renewal – How to renew a certificate
Manage certificate enrollment using GPO – procedures and applications to manage cert enrollment
Configure and manage key archival and recovery – Best practices for key archive and recovery


Sub Objective: Install and configure Active Directory Rights Management Services

Install a licensing or certificate AD RMS server:
Rights management  – step-by-step guide and overview of AD RMS
AD RMS best practices – guidelines and recommendations for AD RMS configuration

Manage AD RMS Service Connection Point (SCP) – Understanding service connection points
Manage AD RMS client deployment – Test lab to deploy AD RMS

Manage Trusted User Domains:
Trusted User Domains – Overview of Trusted User Domains
Adding Trusted User Domain – Guide to adding a trusted user domain

Manage Trusted Publishing Domains:
Trusted Publishing Domains – Overview of Trusted Publishing Domains
Adding Publishing User Domain – Guide to adding a trusted Publishing domain

Manage Federated Identity support  – Configure federated identity support settings
Manage RMS templates  – AD RMS policy templates
Configure Exclusion Policies – Understanding AD RMS exclusion policies

Virtual Labs

Virtual Labs


All labs below are offered for free from Microsoft and relate to the 70-412 exam. They are online virtual machines and don’t require any special configuration on your end. Simply BROWSE HERE, select windows server from the side and then the correct operating system based on what lab you want to do below. Microsoft offers the more virtual labs for the 70-412 than any other exam in the MCSE Server 2012 certification path. Many of the topics that are difficult to configure in your home lab (such as ADFS, Claims, replication troubleshooting, PKI etc) are available in the online labs.

Server 2012 R2 Labs

Introduction to failover clustering
o Install failover clustering, configure network storage, deploy a cluster and create vms

Understanding Workplace Join
o Overview and understanding of device registration

Implementing Basic PKI
o Implement PKI for services that rely on certificates

Network Automation using IPAM
o Discover the management capabilities of IPAM

Troubleshoot AD Replication Errors
o Troubleshoot and analyze typical AD replication issues

How to Deploy Two Tier PKI
o Configure and deploy a two tier PKI

Access and Information Protection
o Configure and Deploy access information

Windows Server 2012 AD FS
o Configure web application proxy, customize AD FS sign in and enable user password change

Storage Infrastructure
o Create a Storage optimized file server

Implement Workplace Join
o Configure workplace join to allow customers to register with AD DS

Implement Claims-Aware Applications
o Configure simple claims based authentication with AD FS

Server 2012 Labs

Configure a highly available ISCSI target
o Build clusters using shared storage and ISCSI high availability

Configuring Hyper-V over highly available SMB Storage
o Configure a server cluster to support Hyper-V from SMB shares

Implementing BranchCache
o Install and configure branchcache for hosted cache

Manage your Network Infrastructure with IP Address Management
o Introduction to IPAM

Using Dynamic Access Control
o Create central access policies, discover access denied remediation and use auditting

Getting insight and Managing Data using File Classification
o Use new file management tasks and automatically classify files

Highy Availability File Server
o Monitor traffic on highly available file servers

Domain Controller Deployment and Dynamic Access Control
o Deploy a DC with powershell and manage DAC

Server 2008 R2 Labs

Create a Windows Server 2008 R2 MSDTC Cluster
o Install application server role, configure HA services, provide HA services to applications

Branch Caching
o Introduction to Branch Cache

Implementing Branch Cache
o Configure distributed cache, hosted cache and SMB share cache

Video Tutorials

Visit our 70-412 Technical Tutorials to view videos of the most challenging objectives of the 70-412. If you need some further knowledge or a better grasp on the concepts below, I recommend checking out these videos!

– Configure ADFS
– Advanced ADFS
– Configure AD RMS
– Configure ADCS
– Whats new in ADCS
– Configure Certificate Authority
– Dynamic Access Control
– Disaster Recover
– Configure NLB
– Advanced File Services
– VM High Availability
– Making DHCP Highly Available
– AD Architecture Review
– Denied Access Assistance
– IPAM Basics

Practice Tests

Practice Tests

Below is a list of reputable and valuable practice tests for the 70-412. Unfortunately, neither of them are free, but they offer great knowledge validation prior to writing the test. Both exams also do a great job at explaining the correct and incorrect answers which is invaluable in your studying.

Transcender – free review
o Our top rated payed practice exam. Covers all of the MCSA exams including thr 70-412 (each exam sold separately unfortunately)

Measureup– free review
o Another great practice test. Is known to be easier than the Transcender practice test.

Online eLearning Modules

I highly recommend heading over to our review section to look at paid online learning modules to help assist your studies for the 70-412 exam. Below are a few of the popular online resources:

CBTNuggets – free review
o Our top rated online learning module. Gives an excellent overview of the 70-412 concepts if you are unfamiliar with them. (especially valuable for sub objectives such as AD FS, AD RMS etc)

Pluralsight – free review
o Another great online series that ranks 2nd on our list of eLearning modules. It approaches objectives in a more “to the point” approach than CBTnuggets.

Transcender eLearning –free review
o Not as complete as CBTnuggets or pluralsight but offers a decent overview of some objectives

Available Books

We recommend viewing our book review section to check out the available books for the 70-412.

Mastering Server 2012 R2– free review
o An in-depth book that covers all objectives in great detail including the 70-412 exam objectives

Exam Ref 70-412 free review
o A solid explanation of concepts and objectives

MCSA Complete Study Guide free review
o Covers all objectives for Server 2012 R2 MCSA exams. Does not go into the same amount of detail as Mastering Server 2012 R2 but is a great book for providing an “overview” of objectives.