1 / 30

Global Catalog and Flexible Single Master Operations (FSMO) Roles

Global Catalog and Flexible Single Master Operations (FSMO) Roles. Lesson 4. Skills Matrix. Understanding the Functions of the Global Catalog. Facilitating searches for objects in the forest Resolving user principal names (UPNs) Maintaining universal group membership information

arthurturner
Download Presentation

Global Catalog and Flexible Single Master Operations (FSMO) Roles

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Global Catalog and Flexible Single Master Operations (FSMO) Roles Lesson 4

  2. Skills Matrix

  3. Understanding the Functions of the Global Catalog • Facilitating searches for objects in the forest • Resolving user principal names (UPNs) • Maintaining universal group membership information • Maintaining a copy of all objects in the domain Lesson 4

  4. Enabling Universal Group Membership Caching • Open Active Directory Sites and Services. • Select the site from the console tree for which you want to enable universal group membership caching. • In the details window, right-click NTDS Site Settings, and select Properties. Lesson 4

  5. Enabling Universal Group Membership Caching (cont.) • Select the Enable Universal Group Membership Caching checkbox. • In the Refresh Cache From field, select a site that you wish this site to receive updates from, or leave it at <Default> to refresh from the nearest site that contains a global catalog server. Lesson 4

  6. Configuring an Additional Global Catalog Server • On the domain controller where you want the new global catalog, open Active Directory Sites and Services from the Administrative Tools folder. • In the console tree, double-click Sites, and then double-click the site name that contains the domain controller for which you wish to add the global catalog. Lesson 4

  7. Configuring an Additional Global Catalog Server (cont.) • Double-click the Servers folder, and select your domain controller. • Right-click NTDS Settings, and select Properties. • On the General tab, select the Global Catalog checkbox to assign the role of global catalog to this server. Click OK. Lesson 4

  8. Flexible Single Master Operations (FSMO) Roles • Relative Identifier Master • Infrastructure Master • Primary Domain Controller (PDC) Emulator • Domain Naming Master • Schema Master Lesson 4

  9. Managing FSMO Roles • Role transfer • Role seizure Lesson 4

  10. Viewing Domain-Wide FSMO Role Holders • Open the Active Directory Users and Computers MMC snap-in. • Right-click the Active Directory Users and Computers node, click All Tasks, and select Operations Masters. • In the Operations Master dialog box, select the tab that represents the FSMO that you wish to view. The name of the server holding your chosen role is displayed. Lesson 4

  11. Viewing the Domain Naming Master FSMO Role Holder • In Active Directory Domains and Trusts, right-click the Active Directory Domains and Trusts node, and select Change Operations Master. • In the Change Operations Master dialog box, the name of the current Domain Naming Master will be displayed. • Close the Change Operations Master dialog box. Lesson 4

  12. Viewing the Schema Master FSMO Role Holder • Open the Active Directory Schema snap-in. • Right-click Active Directory Schema from the console tree, and select Change Operations Master. • The name of the current Schema Master role holder is displayed in the Current Schema Master (Online) box. • Close the Change Schema Master dialog box. Lesson 4

  13. Transferring the Forest-Level FSMO Roles • Open the Active Directory Users and Computers MMC snap-in. • Right-click the Active Directory Users and Computers node, and select Connect To Domain. • In the Connect To Domain dialog box, key the domain name, or click Browse to select the domain from the list. Click OK. Lesson 4

  14. Transferring the Forest-Level FSMO Roles (cont.) • In the console tree, right-click the Active Directory Users and Computers node, and select Connect To Domain Controller. • Complete this dialog box by selecting the name of the domain controller that you want to become the new role holder from the dropdown list, and click OK. Lesson 4

  15. Transferring the Forest-Level FSMO Roles (cont.) • In the console tree, right-click the Active Directory Users and Computers node, point to All Tasks, and select Operations Masters. • Select the tab that reflects the role you are transferring, and click Change. • PDC Emulator • RID Master • Infrastructure Master Lesson 4

  16. Transferring the Forest-Level FSMO Roles (cont.) • In the confirmation message box, click Yes to confirm the change in roles. • In the next message box, click OK. • Close the Operations Master dialog box. Lesson 4

  17. Transferring the Domain Naming Master FSMO Role • Open the Active Directory Domains and Trusts snap-in. • Right-click the Active Directory Domains and Trusts node, and select Connect To Domain Controller. • Complete this dialog box by selecting the name of the domain controller that you wish to become the new Domain Naming Master from the dropdown list, and click OK. Lesson 4

  18. Transferring the Domain Naming Master FSMO Role (cont.) • In the console tree, right-click the Active Directory Domains and Trusts node, and select Operations Master. • In the Change Operations Master dialog box, click Change. • Click Close to close the Change Operations Master dialog box. Lesson 4

  19. Transferring the Schema Master FSMO Role • Open the Active Directory Schema snap-in. • Right-click Active Directory Schema, and select Change Domain Controller. • In the Change Domain Controller dialog box, choose one of the options listed. • Click OK. Lesson 4

  20. Transferring the Schema Master FSMO Role (cont.) • In the console tree, right-click Active Directory Schema, and select Operations Master. • In the Change Schema Master dialog box, click Change. • Click OK to close the Change Schema Master dialog box. Lesson 4

  21. Seizing a FSMO Role • Click Start. Key cmd, and press Enter. • From the Command Prompt, key ntdsutil, and press Enter. • At the ntdsutil prompt, key roles, and press Enter. Lesson 4

  22. Seizing a FSMO Role (cont.) • At the fsmo maintenance prompt, key connections, and press Enter. • At the server connections prompt, key connect to server followed by the fully qualified domain name of the desired role holder, and press Enter. • At the server connections prompt, key quit, and press Enter. Lesson 4

  23. Seizing a FSMO Role (cont.) • At the fsmo maintenance prompt, key one of the options listed, and press Enter. • If an "Are you sure?" dialog box is displayed, click Yes to continue. • At the fsmo maintenance prompt, key quit, and press Enter. • At the ntdsutil prompt, key quit, and press Enter. Lesson 4

  24. You Learned • The global catalog server acts as a central repository for Active Directory by holding a complete copy of all objects within its local domain and a partial copy of all objects from other domains within the same forest. The global catalog has three main functions: the facilitation of searches for objects in the forest, resolution of UPN names, and provision of universal group membership information. Summary

  25. You Learned (cont.) • A global catalog should be placed in each site when possible. As an alternate solution when a site is across an unreliable WAN link, universal group membership caching can be enabled for the site to facilitate logon requests. Summary

  26. You Learned (cont.) • Global catalog placement considerations include the speed and reliability of the WAN link, the amount of traffic that will be generated by replication, the size of the global catalog database, and the applications that might require use of port 3268 for resolution. • Operations master roles are assigned to domain controllers to perform single-master operations. Summary

  27. You Learned (cont.) • The Schema Master and Domain Naming Master roles are forest-wide. Every forest must have one and only one of each of these roles. • The RID Master, PDC Emulator, and Infrastructure Master roles are domain-wide. Every domain must have only one of each of these roles. Summary

  28. You Learned (cont.) • The default placement of FSMO roles is sufficient for a single-site environment. However, as your network expands, these roles should be divided to increase performance and reliability. Table 4-2 provides detailed guidelines. Summary

  29. You Learned (cont.) • FSMO roles can be managed in two ways: role transfer and role seizure. Transfer a FSMO role to other domain controllers in the domain or forest to balance the load among domain controllers or to accommodate domain controller maintenance and hardware upgrades. Seize a FSMO role assignment when a server holding the role fails and you do not intend to restore it. Seizing a FSMO role is a drastic step that should be considered only if the current FSMO role holder will never be available again. Summary

  30. You Learned (cont.) • Use repadmin to check the status of the update sequence numbers (USNs) when seizing the FSMO role from the current role holder. Use ntdsutil to actually perform a seizure of the FSMO role. Summary

More Related