In this post let's talk about the FSMO Roles. As we all know Active Directory is a Multi Master Replication
Model. Means Clients can register their records in any available Active Directory Domain Controller as well as they can access resources within Active Directory NTDS.Dit Database. Before you learn how to transfer FSMO Roles you must have a better understating why do we use FSMO roles, the answer is to avoid Conflicts in Active Directory . In old day there was only single master Replication. Primary DNS used
to have a read and write copy of DNS Data, Means Client Must locate their DNS Server and register their
resources in order to locate all other resources in Active Directory Domain Infrastructure. The main Drawback of Single Master Replication was single point of failure. If in case the Primary DNS was not reachable Clients Could not Register it's records to other domain Controller. Primary zone is forward look up zone in AD. And it's highly recommended to have reverse look up zone in all size of Network because it contains host names and IP Mapping Information.
So the Main purpose of FSMO roles is to avoid conflicts in AD and if there is any changes and update in AD FSMO Roles will take of it accordingly. We have Five Roles in FSMO
1: Schema Master
2:Domain Naming Master
3:Infrastructure Master
4:RID(Relative ID) Master
5: PDC Emulator Master
1: Schema Master: This role is forest wide role and it is responsible for any update and medication or if there is any changes in Schema. Once the update is complete it will replicate these updates to other domain
controllers in the forest. There can be only one schema master in the whole forest.
2:Domain Naming Master: This is also a Forest wide Role. And it is responsible for if there is any addition and Removal of Domain in the Forest.When you create a new domain in an existing forest, the new domain represents a separate naming context and a new Cross-Ref object must be created in a Partitions container. As we know only one Domain Naming Master is allowed to make changes in Partition Container
in the forest . By default first Domain Controller in the forest would hold this role however you can transfer this to other domain Using Active Directory Domain and Trust in.
3:Infrastructure Master Role: This role is responsible for updating the objects SID and distinguish name in cross domain object references. as it is domain wide role there can be only one domain controller acting as the infrastructure master in each domain.
4:RID(Relative ID) : All object in Active Directory Domain have a Security Identifier (SID) which is a combination of Domain ID and sequential number called Relative ID which is supplied by Relative ID. It is a domain wide role. In Domains that are in Default in windows server 2000 mixed domain functional level only PDC Emulator create Security Principle. That's the reason RID and PDC Emulator are held by a domain controller so that it can ensure that SID is unique and sequential.
5:PDC Eumlator: PDC Emulator has a very unique Role. you might have seen in the offices when you Enter your user name and password which you have been provided by Administrator you are logged on , In some cases you might have seen you get an error message which says invalid user name and password. Have you ever thought how do you get that error message . when you enter the wrong user name and password domain controller checks for the password and for the confirmation it sends user's credential to the PDC Emulator. Because PDC Emulator contains the latest information about the objects credentials . if it finds that user has entered the wrong user name and password then user gets an error message on the screen invalid user name and password. when an Administrator change or reset the password those information are updated at the same time in PDC Emulator.
Apart from this PDC Emulator perform other task as well. I believe now you have the better knowledge of FSMO Roles now you will learn how to transfer the FSMO roles.
Model. Means Clients can register their records in any available Active Directory Domain Controller as well as they can access resources within Active Directory NTDS.Dit Database. Before you learn how to transfer FSMO Roles you must have a better understating why do we use FSMO roles, the answer is to avoid Conflicts in Active Directory . In old day there was only single master Replication. Primary DNS used
to have a read and write copy of DNS Data, Means Client Must locate their DNS Server and register their
resources in order to locate all other resources in Active Directory Domain Infrastructure. The main Drawback of Single Master Replication was single point of failure. If in case the Primary DNS was not reachable Clients Could not Register it's records to other domain Controller. Primary zone is forward look up zone in AD. And it's highly recommended to have reverse look up zone in all size of Network because it contains host names and IP Mapping Information.
So the Main purpose of FSMO roles is to avoid conflicts in AD and if there is any changes and update in AD FSMO Roles will take of it accordingly. We have Five Roles in FSMO
1: Schema Master
2:Domain Naming Master
3:Infrastructure Master
4:RID(Relative ID) Master
5: PDC Emulator Master
1: Schema Master: This role is forest wide role and it is responsible for any update and medication or if there is any changes in Schema. Once the update is complete it will replicate these updates to other domain
controllers in the forest. There can be only one schema master in the whole forest.
2:Domain Naming Master: This is also a Forest wide Role. And it is responsible for if there is any addition and Removal of Domain in the Forest.When you create a new domain in an existing forest, the new domain represents a separate naming context and a new Cross-Ref object must be created in a Partitions container. As we know only one Domain Naming Master is allowed to make changes in Partition Container
in the forest . By default first Domain Controller in the forest would hold this role however you can transfer this to other domain Using Active Directory Domain and Trust in.
3:Infrastructure Master Role: This role is responsible for updating the objects SID and distinguish name in cross domain object references. as it is domain wide role there can be only one domain controller acting as the infrastructure master in each domain.
4:RID(Relative ID) : All object in Active Directory Domain have a Security Identifier (SID) which is a combination of Domain ID and sequential number called Relative ID which is supplied by Relative ID. It is a domain wide role. In Domains that are in Default in windows server 2000 mixed domain functional level only PDC Emulator create Security Principle. That's the reason RID and PDC Emulator are held by a domain controller so that it can ensure that SID is unique and sequential.
5:PDC Eumlator: PDC Emulator has a very unique Role. you might have seen in the offices when you Enter your user name and password which you have been provided by Administrator you are logged on , In some cases you might have seen you get an error message which says invalid user name and password. Have you ever thought how do you get that error message . when you enter the wrong user name and password domain controller checks for the password and for the confirmation it sends user's credential to the PDC Emulator. Because PDC Emulator contains the latest information about the objects credentials . if it finds that user has entered the wrong user name and password then user gets an error message on the screen invalid user name and password. when an Administrator change or reset the password those information are updated at the same time in PDC Emulator.
Apart from this PDC Emulator perform other task as well. I believe now you have the better knowledge of FSMO Roles now you will learn how to transfer the FSMO roles.
0 comments:
Post a Comment