MCM: So You Want to Be a Active Directory Master, eh?



AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at (hosted at Please bear with us while we are still under construction!

We will continue bringing you the same great content, from the same great contributors, on our new platform. Until then, you can access our new content on either as you do today, or at our new site Please feel free to update your bookmarks accordingly!

Why are we doing this? Simple really; we are looking to expand our team internally in order to provide you even more great content, as well as take on a more proactive role in the future with our readers (more to come on that later)! Since our team encompasses many more roles than Premier Field Engineers these days, we felt it was also time we reflected that initial expansion.

If you have never visited the TechCommunity site, it can be found at On the TechCommunity site, you will find numerous technical communities across many topics, which include discussion areas, along with blog content.

NOTE: In addition to the AskPFEPlat-to-Core Infrastructure and Security transformation, Premier Field Engineers from all technology areas will be working together to expand the TechCommunity site even further, joining together in the technology agnostic Premier Field Engineering TechCommunity (along with Core Infrastructure and Security), which can be found at!

As always, thank you for continuing to read the Core Infrastructure and Security (AskPFEPlat) blog, and we look forward to providing you more great content well into the future!


Back in February 2012, I was lucky enough to take part in the Windows 2008 R2 Directory Services Masters class and I promised that I would blog about my experience. Consequently, this will probably turn into another series as I wouldn’t do it any justice by only writing one entry about it.



For those unfamiliar with our Microsoft Certified Master’s program, think of it like the Cisco CCIE of the Microsoft world. Microsoft was looking for a way to distinguish the breadth of knowledge and experience of select Microsoft engineers beyond the MCSE and hatched a program about 5 years ago originally called the Ranger Program. It was first started for Exchange engineers and due to overwhelming demand branched out to encompass Active Directory, SQL, OCS/Lync, and Sharepoint. I originally heard about this “Ranger” accreditation through an Exchange engineer friend of mine. I heard it was a grueling three-week long class that would test your deepest technical abilities and the strength of your spirit. I immediately knew I had to do it. 🙂 I told my wife that I eventually wanted to be a Ranger, and she honestly thought I was changing careers to become a Forest Ranger, made sure to tell her friends about it, and occasionally made jokes about it. Here is more information about the program:

I contacted my manager and told her about my desire to get into the program and was told that there was a two year waiting list. I added my name to the list and waited almost 3 years and even then, it took the recommendation of another accredited Master to get my name into the conversation. Nonetheless, I was now a candidate for the class. This didn’t mean I would get in but I was one hurdle down, many more to go.

Once the excitement wore off, I then read the introduction email and quickly become discouraged as though I was applying for a new job or something.  To quickly give you some background on my experience, I’ve been working in IT for over 12 years ranging from web development to teaching MCSE classes to now being a PFE at Microsoft.  And with 8 years now in PFE and having delivered almost 200 ADRAP’s, I’ve felt like I’ve seen it all! But even after all of this, I worried whether it would be enough to successfully get through this class?



The prequisites for the Active Directory Masters class are:

  •  Five or more years of hands-on experience with Windows Active Directory: installing, designing, configuring, and troubleshooting
  • Thorough understanding of Windows Active Directory design and architecture 
  • 300-level understanding of site component topology, forest operations and topology, the Active Directory distributed file system, file replication services, security, client interactions, and Group Policy
  • Basic understanding of Active Directory Certificate Services, Rights Management Services, Active Directory Federated Services, and ADAM/Active Directory Lightweight Directory Services
  • Functional skills in basic protocol analysis, Hyper-V, scripting, PKI, and IP addressing and routing
  • Ability to speak, understand, and write fluent English

And then one of the following certifications:

  • Microsoft Certified Systems Engineer (MCSE) on Windows Server 2003
  • Microsoft Certified Systems Engineer (MCSE) on Microsoft Windows 2000 Server

And one of the following exams:

  • Exam 70-219 or Exam 70-297
  • Microsoft Certified IT Professional (MCITP): Enterprise Administrator


Once I had met these prerequisites, I then had to complete the following:

  1. Complete the brief application.
  2. Upload your resume or curriculum vitae (CV).
  3. Submit supporting documents including two write-ups on projects that I had been a part of that demonstrated my breadth and knowledge of Active Directory and Microsoft Technologies.
  4. If they can’t verify my experience, I will then be asked to go through a 30 to 60 minute interview.
  5. Register and then pay in full for the program.

It took me a few weeks to pull it all together but I submitted my application and all my supporting documents and waited patiently.  Later that week, I got the email that I had gotten in.


The Basics

The MCM class consists of two straight weeks of training in Redmond, WA. During those two weeks, you’ll get only 1 day off although you’ll probably be studying during all your free time. When it starts, it will be 8-10 hours a day Monday through Friday. On Saturday, you’ll have a 3 hour written exam testing you on topics from the previous week. Sunday is the one day off. Then Monday-Friday, classes again are 8-10 hours a day. On that next Saturday, you’ll have another 3 hour exam and the very next day, which is Sunday, you’ll have a very long, grueling 9 hour lab exam. It boils down to about 90 hours of class time, 6 hours of written exam time, and 9 hours of lab exam time. Add this to all the study time and it makes for a very long, exhausting two weeks.

The class covers each of the following topics in depth:

  1. Active Directory Internals
  2. Domain Name Resolutions (DNS)
  3. Client-Side Interactions
  4. AD Site Topology and Replication
  5. RODC
  6. Authentication
  7. Lightweight Directory Services (LDS)
  8. Group Policy
  9. AD Disaster Recovery
  10. PKI
  11. FRS
  12. DFS including DFS+N and DFS+R

Now remember, this class is not for someone that wants to learn about these topics. I really can’t stress this enough but this class is for those that have extensive experience and knowledge on these topics and want to take it to the next level. If you’re not intimately familiar with each of the above topics nor have the desire to learn the internals to each of the above topics, you probably won’t pass this class. I’m not trying to scare but you can’t just read some online brain dump and then pass this class.  I’m convinced that successfully getting through this class takes experience + desire + hard work, like most good things in life 🙂



As I began preparing for the MCM, I wasn’t sure exactly how to prepare because I didn’t really know what it would entail. Should I go back and read the Microsoft Resource Kits, Windows Internals, or review every ADRAP I had ever done? In between work, travel, and family, how would I have time?  As the MCM approached, I thought back to my college days and all those late nights before those big final exams. I would stay up all night cramming, walk into the classroom like a zombie, and walk out with a C+. But this wasn’t college anymore; this wasn’t a topic I had been studying for only 4 months. This was my career…Something I had been passionate about and worked on every week for almost 14 years; a culmination of my professional career. I decided that if this wasn’t enough, perhaps it just wasn’t meant to be and if this wasn’t enough, I was dying to know the Microsoft studs who wrote this class. Even though I wasn’t sure how to prepare for the class, over the course of the month before the MCM, I was passively going through various scenarios and/or topics in my head to help fill in any gaps.

The best advice I can give for preparation besides studying and knowing the above topics inside and out is to know all the differences and functionality availability based on OS version, domain functional level, and forest functional levels. Also, be familiar with Active Directory troubleshooting to the extent that you’re comfortable with all the built-in AD tools, support tools, and resource kits tools… For example, do you know why and what repadmin, klist, certutil, or dfsutil are used for? I don’t think that knowing these tools will necessarily help you get through the class but if your tool chest doesn’t comfortably include these, you’re probably not where you need to be for this class.

Over the course of this new series of mine, I’m continue to share my experience of going through the MCM class, the challenges, and mental breakdowns as we slowly start to unfold the mysteries of Active Directory. Stay Tuned!


Next – Part 2: MCM – Active Directory Internals