Good preparation and correct planning are essential for Active Directory AD installation. Although it’s impossible to predict installation glitches precisely, you can at least minimize the possibility of AD installation problems if you carefully plan the procedure. Here’s what you need to know before you work on Active Directory installation.
FSMO Roles: In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:
Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
PDC: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
It is good to have more then one domain controller in same forest. It is always good to designate different FSMO roles to different domain controller. You can do that after installation of DC in your forest.
Global catalog (GC): The Global Catalog server stores and replicates AD information, including the domain forest schema data and configuration data. It can also be seen as a data repository and engine for rapid object searches. The GC lists all the objects within a domain tree or forest. To see your GC server in your domain you must logon to your domain controller. Click start, click administrative tools, click Active Directory sites and services, expand Default First first site name, expand any server.
Expand any domain controller, right click on NTDS settings, click on property.
Here are some sample command line help and tools you use to check FSMO. You must install windows XP support tools and windows resource kit in your/administrator workstation or in your server to test and manage FSMO roles. You can download support tools from MS web site or support\tools folder inside windows XP cd.
To see which domain controller holds which roles click Start, click Run, type CMD in the Open box, and then click OK. In the Command Prompt window, type netdom query /domain:<domain> fsmo (where <domain> is the name of YOUR domain).
On the command prompt type replmon.exe AD replication monitor will pop up.
Right click on monitored servers. Click on search the directory for the server to add, click next and expand default first site name.
Select domain controller and click finish.
Right click on your domain click. Click properties. Click on FMSO roles. Click query to see whether it is working or not.
I did not take all the screenshot. I reckon you can workout with this hints. You can transfer these roles from one DC to another DC. To do that go to command prompt in your admin workstation. You must logon as an administrator/domain admin.
Type ntdsutil.exe in command prompt. Follow the command.
Here drwho is the name of the server whom I wanted to transfer roles from another server. This was working environment. So I did not transfer those roles. However you can type following in fsmo maintenance: prompt.
Transfer domain naming master
Transfer infrastructure master
Transfer PDC
Transfer RID master
Transfer schema master
This will transfer roles all five roles to your desired server.
FSMO Roles: In a forest, there are five FSMO roles that are assigned to one or more domain controllers. The five FSMO roles are:
Schema Master: The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. There can be only one schema master in the whole forest.
Domain naming master: The domain naming master domain controller controls the addition or removal of domains in the forest. There can be only one domain naming master in the whole forest.
Infrastructure Master: The infrastructure is responsible for updating references from objects in its domain to objects in other domains. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Relative ID (RID) Master: The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. At any one time, there can be only one domain controller acting as the RID master in the domain.
PDC: The PDC emulator is a domain controller that advertises itself as the primary domain controller (PDC) to workstations, member servers, and domain controllers that are running earlier versions of Windows. For example, if the domain contains computers that are not running Microsoft Windows XP Professional or Microsoft Windows 2000 client software, or if it contains Microsoft Windows NT backup domain controllers, the PDC emulator master acts as a Windows NT PDC. It is also the Domain Master Browser, and it handles password discrepancies. At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
It is good to have more then one domain controller in same forest. It is always good to designate different FSMO roles to different domain controller. You can do that after installation of DC in your forest.
Global catalog (GC): The Global Catalog server stores and replicates AD information, including the domain forest schema data and configuration data. It can also be seen as a data repository and engine for rapid object searches. The GC lists all the objects within a domain tree or forest. To see your GC server in your domain you must logon to your domain controller. Click start, click administrative tools, click Active Directory sites and services, expand Default First first site name, expand any server.
Expand any domain controller, right click on NTDS settings, click on property.
Here are some sample command line help and tools you use to check FSMO. You must install windows XP support tools and windows resource kit in your/administrator workstation or in your server to test and manage FSMO roles. You can download support tools from MS web site or support\tools folder inside windows XP cd.
To see which domain controller holds which roles click Start, click Run, type CMD in the Open box, and then click OK. In the Command Prompt window, type netdom query /domain:<domain> fsmo (where <domain> is the name of YOUR domain).
On the command prompt type replmon.exe AD replication monitor will pop up.
Right click on monitored servers. Click on search the directory for the server to add, click next and expand default first site name.
Select domain controller and click finish.
Right click on your domain click. Click properties. Click on FMSO roles. Click query to see whether it is working or not.
I did not take all the screenshot. I reckon you can workout with this hints. You can transfer these roles from one DC to another DC. To do that go to command prompt in your admin workstation. You must logon as an administrator/domain admin.
Type ntdsutil.exe in command prompt. Follow the command.
Here drwho is the name of the server whom I wanted to transfer roles from another server. This was working environment. So I did not transfer those roles. However you can type following in fsmo maintenance: prompt.
Transfer domain naming master
Transfer infrastructure master
Transfer PDC
Transfer RID master
Transfer schema master
This will transfer roles all five roles to your desired server.
No comments:
Post a Comment