AD FSMO Role Research
Christian Hall
NT1330
Unit 5 Exercise 1
AD FSMO Role Management Research
Active Directory is a multimaster database which means that updates can be made by any writeable DC. Some sensitive operations need to be controlled more stringently than others, such as schema management and adding or removing additional domains from an AD forest. These specified roles are called Flexible Single Master Operations (FSMO). This means only one DC in the replica ring can provide a particular operation.
To find which roles a DC currently hold you can use the ntdsutil. From the start menu, key roles and press enter, key connections press enter, key connect to server and server name and domain press enter, key quit and press enter, key select operation target press enter, key list roles for connected server and press enter and quit.
There are other ways to find which roles a DC currently holds, such as:
* You must know the default settings. By default the first domain controller installed in the forest root domain is designated as a global catalog server.
* Schema snap-in
* AD Domains and Trusts snap-in
* And for RID, PDC emulator and Infrastructure use AD users and configuration snap-in.
You will need to develop a plan in the event that a role holder fails. Here are some suggestions.
* The Primary Domain Controller (PDC) and the Relative Identifier Master (RID) should be on the same DC if possible. The PDC role is mostly used of all FSMO roles and has the widest range of functions.
* The Schema Master and Domain Naming Master should be on the same DC.
* To provide fault tolerance there should be at least 2 DCs available within each domain of the forest.
* The Infrastructure Master Role and the Global Catalog should not be serviced by the same Domain Controller, as the combination of these two roles on the same host will cause unexpected, potentially damaging behavior in a multi-domain environment.
You can also use Domain Controller Diagnostic Tool (dcdiag) to analyze
NT1330
Unit 5 Exercise 1
AD FSMO Role Management Research
Active Directory is a multimaster database which means that updates can be made by any writeable DC. Some sensitive operations need to be controlled more stringently than others, such as schema management and adding or removing additional domains from an AD forest. These specified roles are called Flexible Single Master Operations (FSMO). This means only one DC in the replica ring can provide a particular operation.
To find which roles a DC currently hold you can use the ntdsutil. From the start menu, key roles and press enter, key connections press enter, key connect to server and server name and domain press enter, key quit and press enter, key select operation target press enter, key list roles for connected server and press enter and quit.
There are other ways to find which roles a DC currently holds, such as:
* You must know the default settings. By default the first domain controller installed in the forest root domain is designated as a global catalog server.
* Schema snap-in
* AD Domains and Trusts snap-in
* And for RID, PDC emulator and Infrastructure use AD users and configuration snap-in.
You will need to develop a plan in the event that a role holder fails. Here are some suggestions.
* The Primary Domain Controller (PDC) and the Relative Identifier Master (RID) should be on the same DC if possible. The PDC role is mostly used of all FSMO roles and has the widest range of functions.
* The Schema Master and Domain Naming Master should be on the same DC.
* To provide fault tolerance there should be at least 2 DCs available within each domain of the forest.
* The Infrastructure Master Role and the Global Catalog should not be serviced by the same Domain Controller, as the combination of these two roles on the same host will cause unexpected, potentially damaging behavior in a multi-domain environment.
You can also use Domain Controller Diagnostic Tool (dcdiag) to analyze