1 / 18

CN1276 Server

CN1276 Server. Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+. Agenda. Chapter 4: Global Catalog and Flexible Single Master Operations (FSMO) Roles Quiz Exercise. Global Catalog (GC). Four main functions: Facilitating searches for objects in the forest

thao
Download Presentation

CN1276 Server

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

  2. Agenda • Chapter 4: Global Catalog and Flexible Single Master Operations (FSMO) Roles • Quiz • Exercise

  3. Global Catalog (GC) • Four main functions: • Facilitating searches for objects in the forest • Resolving User Principal Names (UPNs) • Maintaining universal group membership information • Maintaining a copy of all objects in the domain

  4. Global Catalog (Cont.) • Universal group membership caching • Store universal group memberships on a local DC • In Win 2k3 and 2k8, A user must have successfully logged on when a GC server was available and universal group membership caching was enabled • Enabled on a per-site basis. • By default, cache is refreshed every eight hours.

  5. Additional GC servers • Each site should contain a GC server to facilitate user logons • When placing a GC at a remote site, you should consider the amount of bandwidth needed

  6. Flexible Single Master Operations (FSMO) Roles • Provides a critical task such as schema update to be assigned by a single DC in each domain or in a forest • Five roles: • Domain specific (one per domain) • Relative Identifier Master • Infrastructure Master • Primary Domain Controller (PDC) Emulator • Forest-wide authoriy • Domain Naming Master • Schema Master

  7. Relative Identifier (RID) Master • Responsible for assigning relative identifiers to domain controllers in the domain • Relative identifiers are assigned by a domain controller when a new object is created • If RID Master is unavailable • unable to create new objects • Unable to move objects between domains

  8. Infrastructure Master • Responsible for reference updates from its domain objects to other domains • Assists in tracking which domains own which objects

  9. Primary Domain Controller (PDC) Emulator • Provides backward compatibility • Manages time synchronization for the domain • Manages password changes and account lockouts • it provides immediate replication to other domain controllers in the domain. • Managing edits to Group Policy Objects (GPOs)

  10. Domain Naming Master • Has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest. • When any of these is created, the Domain Naming Master ensures that the name assigned is unique to the forest.

  11. Schema Master • Responsible for managing changes to the Active Directory schema.

  12. Placing FSMO Role Holders • When you install the first domain controller in a new forest, that domain controller holds all five of FSMO Roles • Number of domains that are or will be part of the forest • The physical structure of the network • The number of DCs in each domain

  13. Managing FSMO Roles • Role transfer • Used to move a FSMO role gracefully from one domain controller to another • Role seizure • Used only when you have experienced a failure of a domain controller that holds a FSMO role and you forced an ungraceful transfer • After the seize, the original holder must be removed from AD before being returned to the network • See Table 4-3 on Page 91

  14. Viewing or transferring Domain-Wide FSMO Role Holders • Open the AD Users and Computers • Right-click the AD Users and Computers node -> All Tasks -> Operations Masters

  15. Viewing or Transferring the Domain Naming Master FSMO Role Holder • In AD Domains and Trusts • Right-click the AD Domains and Trusts -> Change Operations Master

  16. Viewing or Transferring the Schema Master FSMO Role Holder • Open the AD Schema • Right-click AD Schema -> Change Operations Master • You need to register the schmmgmt.dll DLL file using the following syntax: regsvr32 schmmgmt.dll

  17. Seizing a FSMO Role • Use the ntdsutil command to access the fmso maintenance prompt and use the seize command. • *See full step on Page 96 or Lab 4

  18. Assignment • Fill in the blank • 1-10 • Multiple Choice • 1-10 • Online Lab 4

More Related