Briefly describe the contents of the Operation Master

Source: Internet
Author: User
Keywords Microsoft Windows Server 2008 R2

In previous articles and reports, we can know the secondary domain controller, the installation of his role is not to say that when the primary domain controller failure (such as suddenly when the machine), he is not able to complete the role of the domain controller, here is an operation of the concept of master, the following is a brief overview of the operation master:

Operations Master (FSMO), also known as the operations Master (OM), is one or more special DCs in AD that perform certain special functions (resource identifier SID allocation, schema modification, PDC selection, and so on).

1, the operation of the main control classification

Forest based operations master: (in each forest, the operation master for each forest appears only once)

Schema Master (schema master)

Domain naming master (field naming master)

Domain-wide Master: (occurs only once per domain in the forest)

PDC Emulator (PDC Emunlator)

RID Master (RID master)

Infrastructure master (Infrastructure master)

2, operation of the role of the main control

Schema Master (schema Master): It is primarily responsible for modifying the data source of the Active Directory. A DC with a schema master, with few extensions (but it needs to be modified by installation Exchange,lcs), is only guaranteed to be sexually available. At the same time, to expand the schema, users must have the permissions of the Schema Admins group.

Domain naming master (field naming master): primarily responsible for increasing or deleting forest domains. For hosts with domain naming masters, there is no need for high performance, but high availability is guaranteed.

PDC Emulator (PDC Emunlator): primarily responsible for handling password verification requirements, unified domain time, providing replication data sources to NT4 BDC in the domain, modifying Group Policy templates, and providing support for older versions (Windows 2000). Because the PDC emulator is the most onerous of the five master tasks, DCS with the PDC emulator must have high performance and high availability.

RID Master (RID master): The primary role is to assign RID pools to DCs within the domain and to prevent duplication of the SID of the security principal. Each time the DC creates a user, group, or computer to object, a unique security ID (SID) is generated for the object. The SID includes a domain SID and a RID. Performance is not too high for DCs running RID master, but must be guaranteed to be highly available.

Infrastructure master (Infrastructure Master): is responsible for updating references from objects in its domain to objects in other domains. In the Active Directory, it is possible for some users to move from one OU to another, so that the user's DNS name changes, and the reference to that user in other domains changes. This change is done by the infrastructure master. The infrastructure master will not work in the case of a single domain in a live forest or if all DCs in the forest are GC. For an infrastructure master DC, performance and high-availability requirements can be ignored.

3. FSMO Planning

If there is only one DC in the domain, the DC will contain all operations master

Place the RID operations master and PDC emulator on a single DC.

In general, the infrastructure master should be located on a non-GC DC.

At the forest level, the schema master and domain naming master should be placed on the same DC.

The PDC emulator recommends that you put it on a single DC.

We run this command on the secondary domain control, netdom the query FSMO, and see the following information:

Automatic transfer: When you drop a DC to a member server or stand-alone server, the FSMO is transferred to a parallel DC

Manual transfer: A single FSMO can be manually transferred to a parallel DC. The transfer is reversible.

Transfer using the Ntdsutil command line (this is transferable and can be forcibly transferred, and the force transfer can only be done at the command line)

Run ntdsutil on the command line state, enter? Display Help (if the normal transfer is on the master, force the secondary domain to run)

Enter Roles command return. (In the help of the figure below, the command starting with seize represents the master control of the grab operation, and the command that transmits begins represents the transfer operation master)

Input 50x15

Enter connect to server win-adserver2.gsradio.com first to the secondary domain controller

Input QUIT

Enter transmits Schema Master, carriage return. The confirmation dialog box appears, selecting to complete the operation

The operation master is thus migrated.

To change other role-related console actions:

No matter what role you change, be sure to change the connection first, or you will have the following prompts (for example, to change the operations master):

Original link: http://wugang2126.blog.51cto.com/329386/1330572

"Edit Recommendation"

Three questions Windows Server 2008 R2 Cloud Management Windows Server 2008 R2 Introduction "Responsible Editor: Wang Chengcheng TEL: (010) 68476606"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.