Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Windows Interview FSMO

Windows Interview FSMO

Ratings: (0)|Views: 281|Likes:
Published by Ansar Shaik
FSMO Roles
FSMO Roles

More info:

Published by: Ansar Shaik on Jun 10, 2010
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





FSMO- Flexible Single Master Operations.
What are Operation Masters ?
When a change is made to a domain, the change is replicated among all domain controllers in thedomain. Some changes, such as changes made to the schema, are replicated across all the domains inthe forest. This replication is known as multi-master replication. During multi-master replication, areplication conflict can occur if concurrent originating updates are performed on the same data on twodifferent domain controllers. To avoid replication conflicts for some of the most important changes inActive Directory, for example the addition of a new domain or a change to the forest-wide schema,some operations are performed in
 single master 
fashion so that they are not allowed to occur atdifferent places in the network at the same time. With single master replication, you designate specificdomain controllers as the only domain controller on which certain directory changes can be made.Operations that are performed in a single-master fashion are grouped together into specific roleswithin the forest or within a domain. These roles are called
operations master roles
For each operations master role, only the domain controller that holds that role can make theassociated directory changes. The domain controller responsible for a particular role is called an
operations master 
for that role. Active Directory stores information about which domain controller holds a specific role.
Operations master roles :
The five operations master roles are:1.Schema Master2. Domain Naming master3. PDC Emulator4. RID Master5. Infrastructure Master.
These Operations master roles are either forest-wide or domain-wide.
Forest-Wide Roles:
Forest-wide roles
are unique for a forest. The schema master and the domain naming master are forest-wide roles. This means that there is only one schema master and one domainnaming master in the entire forest.
Schema master
The schema master controls all updates to the schema. The schema containsthe master list of object classes and attributes that are used to create all Active Directoryobjects, such as computers, users, and printers.
Domain naming master
The domain naming master controls the addition or removal of domains in the forest. There is only one domain naming master for each forest. There is onlythe domain controller that holds domain naming master role has the right to add the newdomain to the forest.
Domain-Wide Roles :
Domain-wide roles
are unique for each domain in a forest. The PDC emulator, the RIDmaster, and the infrastructure master are domain-wide roles. This means that each domain in aforest has its own PDC emulator, RID master, and infrastructure master.
Primary domain controller emulator
The primary domain controller (PDC) emulator actsas a Windows NT PDC to support any backup domain controllers (BDCs) running Windows NT within a mixed-mode domain. A
mixed-mode domain
is a domain that has domaincontrollers that run Windows NT 4.0. The PDC emulator is the first domain controller that iscreated in a new domain.
Relative identifier master
When a new object, such as a user, group, or computer, is createdthe domain controller creates a new security principal that represents the object, and assignsthe object a unique security identifier (SID). This SID consists of a domain SID, which is thesame for all security principals created in the domain, and a relative identifier (RID), which isunique for each security principal created in the domain. The RID master allocates blocks of RIDs to each domain controller in the domain, and these are then assigned to objects that arecreated.
Infrastructure master
Active Directory allows objects, such as users, to be moved from onedomain to another. When objects are moved, the infrastructure master is used to update objectreferences in its domain that point to the object in another domain. The object referencecontains the object.s globally identifier (GUID), distinguished name, and a SID. Thedistinguished name and SID on the object reference are periodically updated to reflectchanges made to the actual object. These changes include moves within domains as well asthe deletion of the object.
Operations Master Roles by Individual
Active Directory defines five operations master roles: the schema master, domain naming master, primary domain controller (PDC) emulator, relative identifier (RID) master, and the infrastructuremaster. This lesson explains the purpose of each of these operations master roles.
Schema Master
An Active Directory s
defines the kinds of objects.and the types of information about thoseobjects.that you can store in Active Directory. The definitions are stored as objects so that ActiveDirectory can manage the schema objects with the object management operations that its uses tomanage other objects in the directory.
Roles performed by the schema master
 schema master 
 performs the following roles:1.Controls all originating updates to the schema.2.Contains the master list of object classes and attributes that are used to create all ActiveDirectory objects.3.Replicates updates to the Active Directory schema to all domain controllers in the forest byusing standard replication of the schema partition.4.Allows only the members of the schema Admin group to make modifications to the schema.Having only one schema master per forest prevents any conflicts that would result if two or more domain controllers attempt to simultaneously update the schema.
The effect of the schema master being unavailable
Temporary loss of the schema master is not visible to network users or to network administratorsunless they are trying to modify the schema or install an application that modifies the schema duringinstallation. If the schema master is unavailable and you need to make a change to the schema, youcan seize the role to a standby operations master.
Domain Naming Master
When you add or remove a domain from a forest, the change is recorded in Active Directory.
Roles performed by the domain naming master
domain naming master 
controls the addition or removal of domains in the forest. There is onlyone domain naming master per forest. When you add a new domain to the forest, only the domaincontroller that holds the domain naming master role can add the new domain. The domain namingmaster prevents multiple domains with the same domain name from joining the forest. When you usethe Active Directory Installation wizard to create a child domain, it contacts the domain namingmaster and requests the addition or deletion.
The effect of the domain naming master being unavailable
Like the schema master, temporary loss of the domain naming master is not visible to network usersor to network administrators unless the administrator is trying to add a domain to the forest or removea domain from the forest. If the domain naming master is unavailable, you cannot add or removedomains. If the domain naming master will be unavailable for an unacceptable length of time, you canseize the role from the standby operations master. To
a role is to move it
the cooperationof its current owner. It is best to avoid seizing roles.
PDC Emulator
 PDC emulator 
acts as a Microsoft
Windows NT
Primary Domain Controller (PDC) to supportany backup domain controllers (BDCs) running Windows NT in a mixed-mode domain. When youcreate a domain, the PDC emulator role is assigned to the first domain controller in the new domain.
Roles performed by the PDC emulator
The PDC emulator performs the following roles:
 Acts as the PDC for any existing BDCs
. If a domain contains any BDCs or client computersthat are running Windows NT 4.0 and earlier, the PDC emulator functions as a Windows NTPDC. The PDC emulator services client computers and replicates directory changes to anyBDCs running Windows NT.
Manages password changes from computers running Windows NT, Microsoft Windows
95or Windows 98
. You must write password changes directly to the PDC.
Minimizes replication latency for password changes
 Replication latency
is the time neededfor a change made on one domain controller to be received by another domain controller.When the password of a client computer running Windows 2000 or later is changed on adomain controller, that domain controller immediately forwards the change to the PDCemulator. If a password was recently changed, that change takes time to replicate to everydomain controller in the domain. If a logon authentication fails at another domain controller  because of a bad password, that domain controller will forward the authentication request tothe PDC emulator before rejecting the logon attempt.
RID Master
relative identifier (RID) master 
allocates blocks of RIDs to each domain controller in the domain.Whenever a domain controller creates a new security principal, such as a user, group, or computer object, it assigns the object a unique security identifier (SID). This SID consists of a domain SID,

Activity (37)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Ashish Mankar liked this
majid0808 liked this
rajusathya liked this
urseversai liked this
pravinkavitha liked this
sureshcsm liked this
Devendra Kumar liked this
Devendra Kumar liked this

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->