IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

6.5.1 Identify Flexible Single-Master Operation Master Roles FSMO – WS 2012 ADUC ADDT MMC ADS

Hello administrators, I'm sure that you now can implement Sites, promote/demote Domain Controller without a glitch with the help of my episodes about: "Manage Sites and Active Directory Replication"

You know that AD successes come from its decentralized model, which offers: availability, latency reductions, single-point failures, splitting management (as one consistent entity through syncs).

Furthermore, we just worked with Sites, a clever way to divide objects into administration zones so that maximum communication effects can be achieved.

Today, this part about "Transfer Operation Master Roles" will mention another dimension of the Active Directory model: single-master rather than multi-master operations.

You may assume that a Domain Controller (master DC) is a solid machine that handles all operations of the domain/forest.

However, a DC, my master DC WS 2012 (root domain forest SnoOpy.com) for example, will be "divided" into smaller components (5 Active Directory Flexible Single-Master roles), one handles a particular kind of jobs: Schema Master, Domain Naming Master, Primary Domain Controller, RID, Infrastructure Master.

[00:17] FSMO placement and optimization on Active Directory domain controllers"


http://bit.ly/FSMO-place-opti-AD-dc-MS

Although these roles should reside on a single master DC as the spirit, you still can re-allocate them into different partners to achieve some special purposes, like:

– networks are not fully routed, move role(s) into edges so that computers that need access to a given role.

– the PDC should be placed on your best hardware in a reliable hub site that contains replica domain controllers in the same Active Directory site and domain.

– that DC is going to be decommissioned, or a hardware failure brings it down.

– an AD catastrophic problems suspend these major DCs servicing.

The Active Directory Installation Wizard performs the initial placement of roles on domain controllers. This placement is frequently correct for directories that have just a few domain controllers. In a directory that has many domain controllers, the default placement may not be the best match for your network.

So we will execute the multi-master model at a smaller scale.

Fortunately, my virtual lab only has 3 DCs, 1 master (root forest domain) WS 2012 SnoOpy.com, two minor DCs 2012 and 2008 R2.

Windows Server 2012 Clone is the minor one that was used in the previous part about Create an ADC with IFM.

We will assume that this additional DC relies on a server which has better performance, in the central of your Site topologies.

Therefore, we designate this server to act as a host of PDC and Infrastructure Master roles of the domain.

[00:44] Hang on a minute, I want to show you how to identify which servers own these roles currently.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

At the domain level, this master DC has 3 out of 5 OMRs as design.

Open the Operation Master dialog of a domain node SnoOpy.com in the Active Directory Users and Computers console to see about that.

[00:58] RID – The operations master manages the allocation of RID pools to other Domain Controller. Only one server in the domain performs this role.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Of course, this DC is holding this role.

[01:05] PDC – The OMs emulates the functions of a Primary Domain Controller (PDC) for pre-Windows 2000 clients.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Only 1 server in the domain performs this role.

Infrastructure – The infrastructure master ensures consistency of objects for inter-domain operations.

No matter how big your domain networks are, only one server in the domain performs this role.

That's why this model is called "single-master."

At a further scale, Enterprise/Forest-wide, there are other 2 roles to rule the whole of the forest.

Firstly, the Domain Naming, we must explore it in the Active Directory Domains and Trusts console.

[01:17]
[01:28] Open the Operation Master dialog of a domain node SnoOpy.com (remember that, it is also a root forest domain).

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[01:35] The domain naming operations master ensures that domain names are unique.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Only one Active Directory Domain Controller in the enterprise performs this role.

[01:42] And the leftover is Schema Master.

Unfortunately, Microsoft hides it in the Active Directory Schema console, which requires you to process extra steps.

[01:51] 1. Enable the Active Directory Schema snap-in by registering its dll library:

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

regsvr32 schmmgmt.dll

[02:04] 2. Add it as a snap-in in the Microsoft Management Console.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[02:21] From there, the node about ADS of this DC will be presented as default, though you can connect to another later.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

[02:28] 3. Again, open the Operation Master dialog of that node.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Remember that this DC is the master/first Domain Controller of the root forest domain SnoOpy.com

So, apparently, it is holding all the FSMO roles.

[02:34] The schema master manages modifications to the schema.

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

Only one server in the enterprise performs this role.

So far so good, I'm confident that you now have an overview that: FSMOs are specialized domain controller (DC) tasks, used where standard data transfer and update methods are inadequate.

[02:41] Active Directory FSMO Roles"

6 5 1 Identify Flexible Single Master Operation Master Roles FSMO WS 2012 ADUC ADDT MMC ADS | IADDSWSE - Implementing AD Domain Services on a Windows Server Environment

https://www.ucs.cam.ac.uk/support/windows-support/winsuptech/activedir/fsmoroles

As its spirit is "single-master," we should maintain this property by leave domain/forest FSMO roles in one DC/one unit of servers.

If you face conditions as situations were mentioned, or simply, your network characteristics require a slight modification of this model, follow the next video to see how to "Transfer operation master roles" in action!

[SHAZAM]


http://shazam.marvel-it.icu/s=c3bedcb8&f=qAv820Fj

[YOUTUBE]

6.5.1 Identify Flexible Single-Master Operation Master Roles FSMO – WS 2012 ADUC ADDT MMC ADS

Tags

Related Articles

Back to top button