Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Windows 2003 Active Directory Administration Essentials 6

Windows 2003 Active Directory Administration Essentials 6

Ratings: (0)|Views: 167|Likes:
Published by zeeshanopel

More info:

Published by: zeeshanopel on Jul 16, 2009
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Chapter 8:
Special Domain Operations
In the previous chapters of 
Windows 2003: Active Directory Administration Essentials 
, I’ve discussedmany of the Windows Server 2003 (Windows 2003) tasks you might perform regularly or periodically  – although not always daily. Those tasks include working withtrustsauthentication firewallssecurity controlEmergency Management Services (EMS)backup and restoreadvanced administration with support toolsIn this final chapter, I discuss administrative tasks that involve operations I hope you seldom – if ever – need to perform. These useful and occasionally necessary operations can be hazardous to theoverall health of Active Directory (AD) if they’re not handled perfectly. However, should you becalled upon, you’ll want to know how to perform these tasks. I recommend that you attempt theseoperations first in a test lab – before you’re called to active (directory) duty. Among the administrative tasks I cover are working with server roles, cleaning up the ADmetabase, renaming domain controllers (DCs), and renaming domains. Because the powerfuloperations you’ll use for these tasks involve specific dangers, you need to know how to perform theoperations safely.
FSMO Role Review and Troubleshooting
If you’re a current Windows 2000 administrator, you probably already know about Flexible SingleMaster Operation (FSMO, aka Operations Master) roles. FSMO roles control specific Windows 2003and Win2K domain capabilities, as I describe in the following text.Each of the five FSMO roles – two for the entire forest, three for each domain – must reside on aDC. Each role plays a key part in the proper operation of AD.Each domain role resides in a specific location and controls specific tasks:PDC Emulator – Each domain has one PDC Emulator. The PDC Emulator is the sole passwordchange location for downlevel clients, the central authority for time synchronization, and thedefault location for the creation of Group Policy Objects (GPOs).Relative Identifier (RID) Master – Each domain has one RID Master. The RID Master helps in thecreation of new accounts in each domain by providing a unique identification number for eachuser account. Each user’s SID has a RID. As you read in the previous chapter, Acctinfo.dll canshow you the user’s SID. The last portion of the user’s SID (the block of numbers that followsthe last dash – 1120 in the following screen shot) is the RID, which Figure 8.1 shows.
Brought to you by
Windows & .NET Magazine 

Activity (15)

You've already reviewed this. Edit your review.
1 hundred reads
Bharath Kumar liked this
devghani liked this
rnvprakash liked this
salimkottayil liked this
ranjeetmcsa liked this
devgi liked this
kannavgl liked this
chandrub2010 liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->