1 / 17

FSMO Roles and Global Catalog Servers

2.2. Plan Active Directory. TestOut Server Pro 2016: Identity. FSMO Roles and Global Catalog Servers. Section Skill Overview.

jbrian
Download Presentation

FSMO Roles and Global Catalog Servers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 2.2 Plan Active Directory TestOut Server Pro 2016: Identity FSMO Roles and Global Catalog Servers

  2. Section Skill Overview • Manage FSMO roles. Transfer RID and PDC masters. Transfer the Infrastructure master. Troubleshoot Operations masters. Manage Global Catalog Servers. Configure Global Catalog Servers. Enable Universal Group Membership Caching. TestOut Server Pro 2016: Identity

  3. Key Terms • Lightweight Directory Access Protocol (LDAP) User Datagram Protocol (UDP) Global Catalog (GC) Universal Group Membership Caching (UGMC) TestOut Server Pro 2016: Identity

  4. Key Definitions • Lightweight Directory Access Protocol (LDAP): The primary global catalog protocol that specifies directory communications. User Datagram Protocol (UDP): UDP is an alternative communications protocol to Transmission Control Protocol (TCP) used primarily for establishing low-latency and loss-tolerating connections between applications on the internet. TestOut Server Pro 2016: Identity

  5. Key Definitions • Global Catalog (GC): A database that contains a partial replica of every object from every domain within a forest. A server that holds a copy of the Global Catalog is a global catalog server. Universal Group Membership Caching (UGMC): Universal Group Membership Caching caches the group membership of universal groups. During logon, universal group membership is checked for the user. TestOut Server Pro 2016: Identity

  6. FSMO Roles • Flexible Single Master Operations TestOut Server Pro 2016: Identity

  7. FSMO Roles and Global Catalog Servers FSMO Roles Forest-Wide Domain-Wide Domain Naming Master InfrastructureMaster Schema Master RID Master PDC Emulator Only one of each per forest Only one of each per domain TestOut Server Pro 2016: Identity

  8. Schema Master • Only one per forest. • The only read/write copy. • A template for Active Directory. • Changes affect all existing and future Active Directory objects. • Can only be edited by members of the Schema Admins group. TestOut Server Pro 2016: Identity

  9. Domain Naming Master • Ensures each domain in the forest has a unique name. • Only one per forest. TestOut Server Pro 2016: Identity

  10. RID Master • Distributes RIDs to domain controllers. • RIDs: • Are unique numbers used to generate unique SIDs. • Are never re-used. • Are distributed in blocks of 500. • Must be running to promote a server. TestOut Server Pro 2016: Identity

  11. Infrastructure Master • Infrastructure Master updates the Global Catalog. • Do not install on Global Catalog server unless there is only one domain controller in the domain. TestOut Server Pro 2016: Identity

  12. PDC Emulator • Provides integration with Windows NT 4.0 domains • NT 4.0 domains are no longer supported. • Is preferred for security updates • Password resets • Account lockouts • Provides synchronization and consistency Such as: • Group Policy updates • Distributed file system (DFS) replication • Time synchronization TestOut Server Pro 2016: Identity

  13. Global Catalog Servers • Provides faster searching in forests. • Provides a searchable catalog of all objects in every domain. • Retrieves the Universal Group Membership from AD during logon. • Work best when there is one in each site. • Otherwise, enable Universal Group Membership Caching on the domain controllers at the site. • Eliminates the dependency on the availability of a global catalog server during logons. • Resolves logon requests locally from cached information. TestOut Server Pro 2016: Identity

  14. Summary • Forest Schema Master Domain Naming Maser Domain RID Master Infrastructure Master PDC Emulator Global Catalog Servers TestOut Server Pro 2016: Identity

  15. Operations Master Roles Management Facts TestOut Server Pro 2016: Identity

  16. In-Class Practice Do the following labs: • 2.2.5 Transfer RID and PDC Masters 2.2.6 Transfer the Infrastructure Master 2.2.7 Troubleshoot Operations Masters 2.2.10 Configure Global Catalog Servers 2.2.11 Enable Universal Group Membership Caching TestOut Server Pro 2016: Identity

  17. Class Discussion • What is the purpose of an operation master role server? What is the function of a PDC emulator? What does the infrastructure master do? Which operations master roles are located at the forest level? How many of these roles are there in a forest? How many domain operations masters are in a forest? You are installing a new domain controller in a new domain in an existing forest. How many operations master roles will that server hold? What might happen if the RID master becomes unavailable? Which role(s) should be placed on a global catalog server? Which roles should not? What is the difference between transferring a role and seizing a role? TestOut Server Pro 2016: Identity

More Related