Upload File

fsmo roles

27
1 Company Confidential 1 A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles Prepared for: *Stars* New Horizons Certified Professional Course

Upload: asif-khan-mh

Post on 13-Feb-2016

7 views

Category:

Documents


0 download

Report

Tags:

DESCRIPTION

FSMO roles revealed server 2008 R2

TRANSCRIPT

Page 1: fsmo roles

1

Company Confidential

1

A Course on

Global Catalog And Flexible Single

Master Operations (Fsmo) RolesPrepared for: *Stars*

New Horizons Certified Professional

Course

Page 2: fsmo roles

2

UNDERSTANDING THE

GLOBAL CATALOG

• Central repository for forest-wide data.

• Subset of attributes from objects forest-

wide.

• First domain controller in the forest is

automatically configured as a global

catalog server.

• Other domain controllers can become

global catalog servers.

Page 3: fsmo roles

3

FUNCTIONS OF THE

GLOBAL CATALOG

• Facilitate searches for objects in the forest

• Resolve User Principal Names (UPNs)

• Provide universal group membership

information

– If the domain is in Microsoft Windows 2000

native functional level or later, global catalog

information is required in order for users to log

on.

Page 4: fsmo roles

4

UNIVERSAL GROUP

MEMBERSHIP CACHING

• New for Microsoft Windows Server 2003.

• When enabled, non-global catalog domain

controllers can process logons without contacting

a global catalog server.

• Refreshed on an eight-hour interval.

• Eliminates the need to place a global catalog

server in a remote site to facilitate logons.

• Provides better logon performance.

• Can be used to minimize wide area network

(WAN) link usage.

Page 5: fsmo roles

5

LOGON PROCESS AND

THE GLOBAL CATALOG

• Universal group membership is used in creation of

the access control list (ACL) when the user logs on.

• Global catalog is used to verify universal group

membership.

• Users might be denied logon if the global catalog is

not available and universal group membership

caching is not enabled.

• Built-in Administrator account can logon, regardless

of global catalog availability or the universal group

membership caching configuration.

Page 6: fsmo roles

6

ENABLE UNIVERSAL GROUP

MEMBERSHIP CACHING

Page 7: fsmo roles

7

PLANNING GLOBAL CATALOG

SERVER PLACEMENT CONSIDERATIONS

• There is additional global catalog replication traffic when a global catalog is configured.

• Consider placing a global catalog server in each site or configure universal group membership caching for that site.

• Consider placing a global catalog server in each site where applications need to make global catalog queries.

Page 8: fsmo roles

8

ENABLING A GLOBAL

CATALOG SERVER

Page 9: fsmo roles

9

UNDERSTANDING

FLEXIBLE SINGLE MASTER

OPERATIONS ROLES

• Flexible Single Master Operations (FSMO)

roles

– Assigned automatically to the first domain

controller in a domain

– Roles can be transferred to other domain

controllers

• Used to reduce conflict and facilitate

communication concerning replication

between domain controllers

Page 10: fsmo roles

10

FIVE FSMO ROLES

• Domain naming master

• Relative identifier (RID) master

• Infrastructure master

• Primary Domain Controller (PDC)

emulator

• Schema master

Page 11: fsmo roles

11

DOMAIN-SPECIFIC ROLES

• RID master—Assigns RIDs to other domain

controllers

• Infrastructure master—Allows security principals

to be tracked between domains

• PDC emulator

– Backward compatibility with Microsoft Windows NT

Server version 4.0 domains and later client computers

(Microsoft Windows 98 and Windows Me)

– Time synchronization

– User account password change replication

Page 12: fsmo roles

12

DOMAIN-WIDE

OPERATIONS MASTERS

Page 13: fsmo roles

13

RID MASTER

• Used when security principals are created

– RID makes the individual security principal

security identifier (SID) unique within a

domain

– Built-in RIDs are consistent between domains,

for example, Built-in Administrator has a RID

of 500

• RID master gives other domain controllers

RIDs to use when new objects are created

Page 14: fsmo roles

14

WHAT IF THE RID MASTER

ISN’T AVAILABLE?

• Doesn’t affect existing users

• Might cause a problem when creating new

objects, if the existing RID pool on the

domain controller is depleted

• Problems moving objects between

domains

Page 15: fsmo roles

15

INFRASTRUCTURE MASTER

• Manages user and group references for objects between

domains

• Updates ACLs and group memberships as required

• Queries the global catalog to ensure that references are

current

• Role should not be assigned to a global catalog server

– Exception 1: There is only a single domain in the forest

– Exception 2: All domain controllers are also global catalog

servers

Page 16: fsmo roles

16

PDC EMULATOR

• Provides backward compatibility for pre–

Windows 2000 client computers

• Acts as the PDC in Windows 2000 mixed

functional level for any Windows NT Server

version 4.0 backup domain controllers

(BDCs) that are present on the network

• Acts as a central manager for user password

changes, replication, and account lockouts

• Handles time synchronization

Page 17: fsmo roles

17

ALTERNATE TCP/IP ADDRESS

CONFIGURATION

• Domain naming master

• Schema master

• These roles are assigned to only one

domain controller in the entire forest

• Usually these roles are assigned to

domain controllers in the forest root

domain

Page 18: fsmo roles

18

DOMAIN NAMING MASTER

• Allows additions or removals of domains.

• Ensures domain names are unique in the

forest.

• Domains cannot be added or removed if

the domain naming master is not

available.

• Enterprise Admins level access is required

in order to add and remove domains.

Page 19: fsmo roles

19

SCHEMA MASTER

• Controls access to the schema.

• Ensures modifications are replicated to all

domain controllers in the forest.

• The schema cannot be modified if the

schema master is not available.

• Schema Admins level access is required

to modify the schema.

Page 20: fsmo roles

20

PLACING FSMO SERVERS

• In a multi-domain environment, you’ll likely

move some of the FSMO roles.

• Decisions on placing domain controllers

involve.

– Number of domains that are a part of the

forest

– Physical structure, including sites

– Number of domain controllers in each domain

Page 21: fsmo roles

21

DEFAULT FSMO ROLE

ASSIGNMENTS

Page 22: fsmo roles

22

ADJUSTING FSMO ROLES

IN FOREST ROOT

Page 23: fsmo roles

23

MANAGING FSMO ROLES

• What happens when a domain controller

holding a given FSMO role fails?

• Transferring roles.

• Seizing roles.

Page 24: fsmo roles

24

WHAT ARE THE

IMPLICATIONS OF FAILURE?

• Schema master

• Domain naming master

• PDC emulator

• RID master

• Infrastructure master

Page 25: fsmo roles

25

MANAGING ROLES

• Active Directory Users And Computers

– RID master

– Infrastructure master

– PDC emulator

• Active Directory Domains And Trusts—domain naming

master

• Microsoft Management Console (MMC) Schema snap-

in—schema master

• Repadmin

• NTDSUtil—All roles

Page 26: fsmo roles

26

SUMMARY

• Global catalog function

• Global catalog server placement

• Domain-wide operations masters

• Forest-wide operations masters

• Implications of FSMO failure

• Tools to manage FSMO roles

Page 27: fsmo roles

27


Transfer FSMO Roles Windows Server 2008, Windows Server ... · Transfer FSMO Roles Windows Server 2008, Windows Server 2008 R2 to Windows Server 2012 R2 Domain Controller Prepared

Global Catalog and Flexible Single Master Operations (FSMO) Roles BAI516

Real-Life Medical Roles vs. Dissection Roles

Chapter 9 The Roles, Roles and Relationships Concept

Windows Ad DNS Fsmo Gpo

download.microsoft.com/documents/hk/technet... · Transfer back all the FSMO roles 8. Apply any registry key / DC hardening keys that used before 9. Upgrade

| GOPAS a.s. | [email protected] | ......FSMO roles after restart must replicate at least one partner for the FSMO’s partition only Windows 2003 RTM and older only in-site automatically

11.1.1 Nature of Business - Roles of business - Roles

How to transfer FSMO (Flexible Single Master …outwardtruth.com/pdf/How to transfer FSMO (Flexible Single Master...How to transfer FSMO (Flexible Single Master Operations) Roles from

FIELD SAMPLING AND MEASUREMENT ORGANIZATION SECTOR …nelac-institute.org/docs/standards/2012/VDS-FAC/Posted-FSMO-VII-VDS... · accrediting field sampling and measurement organizations

FIELD SAMPLING AND MEASUREMENT ORGANIZATION …...accrediting field sampling and measurement organizations (FSMO). This Standard is intended as an application of ISO/IEC 17011-2004(E)

Portal Roles - Roles vs Arthorization

A Course on Global Catalog And Flexible Single Master Operations (Fsmo) Roles

FSMO Transfer Process

Full Detail Report - Integraconintegracon.com/wp-content/uploads/2016/06/Sample... · 3.2 ‐ FSMO Roles This section contains a listing of all FSMO (Flexible Single Master Operation)

Republic of Indonesia - forsvaret.dkforsvaret.dk/fak/documents/fak/fsmo/landestudier/04-05/landestudie...FORSVARSAKADEMIET Falkultet for Strategi og Militære Operationer VUT II/L-STK

The Scrum Roles - Scrum Master · The Scrum Roles 3 Scrum Team Roles plus 3 Organizational Roles 2009 Freitag, 29. Januar 2010. 3 plus 3 roles in Scrum ... controls the “inspect

Transferring FSMO Roles in

Securing ERPOracle Enterprise Resource Planning (Oracle ERP) Cloud defines these types of roles: • Job roles • Abstract roles • Duty roles • Aggregate privileges Let's look

DesigningJobDescriponsfor’ ’New’’Roles:’’ · DesigningJobDescriponsfor’ ’New’’Roles:’’ Integrang’Scholarly’Communicaons’ and’Informaon’Literacy’in’Liaison’

Task Detect Domain Controllers FSMO Role Analysis

Network Assessment Change Report...FSMO Role Analysis Enumerates FSMO roles at the site. Enumerate Organization Units and Security Groups Lists the Organizational units and Security

Fiscal Post Award Roles and Responsibilities...Detailed Roles and Responsibilities Analysis The roles and responsibilities matrix is a living document. Assigned roles and responsibilities

Military theory and the concept of Jointness - Forsvaretforsvaret.dk/fak/documents/fak/fsmo/specialer/03-04/military... · UNCLASSIFIED FORSVARSAKADEMIET Fakultet for Strategi og

Interview Based Question AD DNS FSMO GPO1

Roles Responsibilities of Neighborhood Council Board Members · Roles and Responsibilities of Neighborhood Council Board Members There are both general roles and specific roles for

Operativt civil-militært samarbejde - forsvaret.dkforsvaret.dk/fak/documents/fak/fsmo/specialer/06-07/operativt... · Fakultet for Strategi og Militære ... specialstyrker har båret

Co-op Intern Roles Internship roles in

Global Catalog and Flexible Single Master Operations (FSMO) Roles Lesson 4

Services Catalouge - Interact Technology Solutions · Standard Features: FSMO roles, DHCP, DNS, GPO, Organization Domain Structure design Multiple Geographical Locations via WAN:

Roles and Responsibilities PLAN IT!. Overview Roles and Responsibilities Break Down – Project Roles, Functional Roles, and Responsibilities Executive

MANAGEMENT ROLES - VIP Ski€¦ ·  · 2017-06-09the document to see Management Roles, Chalet roles, Hotel roles, ... Executive Chef / Staff Trainer – Val D’Isere, ... • Ensuring

Chapter Officers Roles Officer roles and additional recommended officer roles

Road Map Who am I? NEFAP – A History What is NEFAP? Why NEFAP? The Standard and the FDEP SOPs How does a FSMO get accredited? 2

Enrollment Roles and Responsibilities 1. EA Roles and