Presentation is loading. Please wait.

Presentation is loading. Please wait.

Global Catalog and Flexible Single Master Operations (FSMO) Roles

Published byΚαλλιόπη Βλαστός Modified over 5 years ago

Similar presentations

Presentation on theme: "Global Catalog and Flexible Single Master Operations (FSMO) Roles"— Presentation transcript:

1 Global Catalog and Flexible Single Master Operations (FSMO) Roles
Lesson 4

2 Skills Matrix Technology Skill Objective Domain Objective #
Configuring Additional Global Catalog Servers Configure the global catalog 2.5 Placing FSMO Role Holders Configure operations masters 2.6 Skills Matrix

3 Understanding the Functions of the Global Catalog
Facilitating searches for objects in the forest Resolving user principal names (UPNs) Maintaining universal group membership information Maintaining a copy of all objects in the domain Lesson 4

4 Enabling Universal Group Membership Caching
Open Active Directory Sites and Services. Select the site from the console tree for which you want to enable universal group membership caching. In the details window, right-click NTDS Site Settings, and select Properties. Lesson 4

5 Enabling Universal Group Membership Caching (cont.)
Select the Enable Universal Group Membership Caching checkbox. In the Refresh Cache From field, select a site that you wish this site to receive updates from, or leave it at <Default> to refresh from the nearest site that contains a global catalog server. Lesson 4 5

6 Configuring an Additional Global Catalog Server
On the domain controller where you want the new global catalog, open Active Directory Sites and Services from the Administrative Tools folder. In the console tree, double-click Sites, and then double-click the site name that contains the domain controller for which you wish to add the global catalog. Lesson 4 6

7 Configuring an Additional Global Catalog Server (cont.)
Double-click the Servers folder, and select your domain controller. Right-click NTDS Settings, and select Properties. On the General tab, select the Global Catalog checkbox to assign the role of global catalog to this server. Click OK. Lesson 4 7

8 Flexible Single Master Operations (FSMO) Roles
Relative Identifier Master Infrastructure Master Primary Domain Controller (PDC) Emulator Domain Naming Master Schema Master Lesson 4

9 Managing FSMO Roles Role transfer Role seizure Lesson 4

10 Viewing Domain-Wide FSMO Role Holders
Open the Active Directory Users and Computers MMC snap-in. Right-click the Active Directory Users and Computers node, click All Tasks, and select Operations Masters. In the Operations Master dialog box, select the tab that represents the FSMO that you wish to view. The name of the server holding your chosen role is displayed. Lesson 4

11 Viewing the Domain Naming Master FSMO Role Holder
In Active Directory Domains and Trusts, right- click the Active Directory Domains and Trusts node, and select Change Operations Master. In the Change Operations Master dialog box, the name of the current Domain Naming Master will be displayed. Close the Change Operations Master dialog box. Lesson 4 11

12 Viewing the Schema Master FSMO Role Holder
Open the Active Directory Schema snap-in. Right-click Active Directory Schema from the console tree, and select Change Operations Master. The name of the current Schema Master role holder is displayed in the Current Schema Master (Online) box. Close the Change Schema Master dialog box. Lesson 4

13 Transferring the Forest-Level FSMO Roles
Open the Active Directory Users and Computers MMC snap-in. Right-click the Active Directory Users and Computers node, and select Connect To Domain. In the Connect To Domain dialog box, key the domain name, or click Browse to select the domain from the list. Click OK. Lesson 4 13

14 Transferring the Forest-Level FSMO Roles (cont.)
In the console tree, right-click the Active Directory Users and Computers node, and select Connect To Domain Controller. Complete this dialog box by selecting the name of the domain controller that you want to become the new role holder from the dropdown list, and click OK. Lesson 4 14

15 Transferring the Forest-Level FSMO Roles (cont.)
In the console tree, right-click the Active Directory Users and Computers node, point to All Tasks, and select Operations Masters. Select the tab that reflects the role you are transferring, and click Change. PDC Emulator RID Master Infrastructure Master Lesson 4 15

16 Transferring the Forest-Level FSMO Roles (cont.)
In the confirmation message box, click Yes to confirm the change in roles. In the next message box, click OK. Close the Operations Master dialog box. Lesson 4 16

17 Transferring the Domain Naming Master FSMO Role
Open the Active Directory Domains and Trusts snap-in. Right-click the Active Directory Domains and Trusts node, and select Connect To Domain Controller. Complete this dialog box by selecting the name of the domain controller that you wish to become the new Domain Naming Master from the dropdown list, and click OK. Lesson 4 17

18 Transferring the Domain Naming Master FSMO Role (cont.)
In the console tree, right-click the Active Directory Domains and Trusts node, and select Operations Master. In the Change Operations Master dialog box, click Change. Click Close to close the Change Operations Master dialog box. Lesson 4 18

19 Transferring the Schema Master FSMO Role
Open the Active Directory Schema snap-in. Right-click Active Directory Schema, and select Change Domain Controller. In the Change Domain Controller dialog box, choose one of the options listed. Click OK. Lesson 4 19

20 Transferring the Schema Master FSMO Role (cont.)
In the console tree, right-click Active Directory Schema, and select Operations Master. In the Change Schema Master dialog box, click Change. Click OK to close the Change Schema Master dialog box. Lesson 4 20

21 Seizing a FSMO Role Lesson 4 Click Start. Key cmd, and press Enter.
From the Command Prompt, key ntdsutil, and press Enter. At the ntdsutil prompt, key roles, and press Enter. Lesson 4

22 Seizing a FSMO Role (cont.)
At the fsmo maintenance prompt, key connections, and press Enter. At the server connections prompt, key connect to server followed by the fully qualified domain name of the desired role holder, and press Enter. At the server connections prompt, key quit, and press Enter. Lesson 4 22

23 Seizing a FSMO Role (cont.)
At the fsmo maintenance prompt, key one of the options listed, and press Enter. If an "Are you sure?" dialog box is displayed, click Yes to continue. At the fsmo maintenance prompt, key quit, and press Enter. At the ntdsutil prompt, key quit, and press Enter. Lesson 4 23

24 You Learned The global catalog server acts as a central repository for Active Directory by holding a complete copy of all objects within its local domain and a partial copy of all objects from other domains within the same forest. The global catalog has three main functions: the facilitation of searches for objects in the forest, resolution of UPN names, and provision of universal group membership information. Summary

25 You Learned (cont.) Summary
A global catalog should be placed in each site when possible. As an alternate solution when a site is across an unreliable WAN link, universal group membership caching can be enabled for the site to facilitate logon requests. Summary

26 You Learned (cont.) Summary
Global catalog placement considerations include the speed and reliability of the WAN link, the amount of traffic that will be generated by replication, the size of the global catalog database, and the applications that might require use of port 3268 for resolution. Operations master roles are assigned to domain controllers to perform single-master operations. Summary

27 You Learned (cont.) Summary
The Schema Master and Domain Naming Master roles are forest-wide. Every forest must have one and only one of each of these roles. The RID Master, PDC Emulator, and Infrastructure Master roles are domain-wide. Every domain must have only one of each of these roles. Summary 27

28 You Learned (cont.) Summary
The default placement of FSMO roles is sufficient for a single-site environment. However, as your network expands, these roles should be divided to increase performance and reliability. Table 4-2 provides detailed guidelines. Summary 28

29 You Learned (cont.) Summary
FSMO roles can be managed in two ways: role transfer and role seizure. Transfer a FSMO role to other domain controllers in the domain or forest to balance the load among domain controllers or to accommodate domain controller maintenance and hardware upgrades. Seize a FSMO role assignment when a server holding the role fails and you do not intend to restore it. Seizing a FSMO role is a drastic step that should be considered only if the current FSMO role holder will never be available again. Summary 29

30 You Learned (cont.) Summary
Use repadmin to check the status of the update sequence numbers (USNs) when seizing the FSMO role from the current role holder. Use ntdsutil to actually perform a seizure of the FSMO role. Summary 30

Download ppt "Global Catalog and Flexible Single Master Operations (FSMO) Roles"

Similar presentations

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.

UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 6 Managing and Administering DNS in Windows Server 2008.
Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.

Lecture 8 Active Directory Structure. Domains Domains group network objects and OUs into a unit with a security boundary. By default, security policies.
Lesson 16: Configuring Domain Controllers

Lesson 16: Configuring Domain Controllers
Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.

Windows Server ® 2008 Active Directory ® Domain Services Infrastructure Planning and Design Series Published: February 2008 Updated: July 2009.
Chapter 6 Introducing Active Directory

Chapter 6 Introducing Active Directory
7.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

7.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
8.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.

8.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.

Lesson 19 – ADMINISTERING WINDOWS 2000 SERVER : THE BASICS.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.
3.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.

3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Domain Name Server © N. Ganesan, Ph.D.. Reference.

Domain Name Server © N. Ganesan, Ph.D.. Reference.
Ch 9 Managing Active Directory User Accounts. Objectives Create Organizational Unit Creating User Accounts in Active Directory Disabling, Enabling, and.

Ch 9 Managing Active Directory User Accounts. Objectives Create Organizational Unit Creating User Accounts in Active Directory Disabling, Enabling, and.
Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.

Installing a New Windows Server 2008 Domain Controller in a New Windows Server 2008 R2.
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Configuring Active Directory Certificate Services Lesson 13.

Configuring Active Directory Certificate Services Lesson 13.
ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS

ADVANCED MICROSOFT ACTIVE DIRECTORY CONCEPTS
Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.

Working with Drivers and Printers Lesson 6. Skills Matrix Technology SkillObjective DomainObjective # Understanding Drivers and Devices Install and configure.
11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

11 REVIEWING MICROSOFT ACTIVE DIRECTORY CONCEPTS Chapter 1.

Similar presentations

Ads by Google