10) FSMO Roles in Server

FSMO Roles
__________________________________________________________________
The 5 FSMO roles are:
  1. Schema Master – one per forest
  2. Domain Naming Master – one per forest
  3. Relative ID (RID) Master – one per domain
  4. Primary Domain Controller (PDC) Emulator – one per domain
  5. Infrastructure Master – one per domain




                             Forest-wide FSMO Roles
  • Schema Master Role (SM)
     The Schema Master role manages the read-write copy of your Active Directory schema. The AD Schema defines all the attributes – things like employee ID, phone number, email address, and login name – that you can apply to an object in your AD database.
  • Domain Naming Master Role (DNM)
     The Domain Naming Master makes sure that you don’t create a second domain in the same forest with the same name as another. It is the master of your domain names. Creating new domains isn’t something that happens often, so of all the roles, this one is most likely to live on the same DC with another role. 

                                           Domain-wide FSMO roles are
  • PDC Emulator Role
     The DC with the Primary Domain Controller Emulator role is the authoritative DC in the domain. The PDC Emulator responds to authentication requests, changes passwords, and manages Group Policy Objects. And the PDC Emulator tells everyone else what time it is! It’s good to be the PDC.
  • RID Master Role
The Relative ID Master assigns blocks of Security Identifiers (SID) to different DCs they can use for newly created objects. Each object in AD has an SID, and the last few digits of the SID are the Relative portion. In order to keep multiple objects from having the same SID, the RID Master grants each DC the privilege of assigning certain SIDs.
  • Infrastructure Master Role
The Infrastructure Master role translates Globally Unique Identifiers (GUID), SIDs, and Distinguished Names (DN) between domains. If you have multiple domains in your forest, the Infrastructure Master is the Babelfish that lives between them. If the Infrastructure Master doesn’t do its job correctly you will see SIDs in place of resolved names in your Access Control Lists (ACL). 
Trasfer FSMO roles through command prompt in Windows Server 2012 R2
  • Consider a scenario of two DCs. Here, we have two Domain Controller i.e. DC01 and DC02 in a forest. In this post, we are transferring FSMO roles from DC01 to DC02 using command prompt.
     Check FSMO roles command – netdom ɸ query ɸ fsmo  To transfer FSMO roles either on DC01 or DC02 

     open command prompt as an Administrator 

 Type ntdsutil ↵ 
roles↵ 
connections↵
connect to server DC02↵q↵  transfer rid master↵  yes The transfer of RID is successful or not. Again type “netdom query fsmo“, now we can see that RID is successfully moved to DC02. How to transfer FSMO roles through GUI in Windows Server 2012 R2 We will transfer FSMO roles from DC01 to DC02 through GUI.  open AD users and computers of DC02.  right click on AD Users and Computers[DC01.ITIngredients.com]  Click on “Change Domain Controller”.  Change Directory Server  select the DC  selected DC02.ITIngredients.com  Click on ok
43
3. Right click on Domain (ITIngredients.com) 4. Click on Operation Masters
44
 Yes The transfer of RID is successful or not. Again type “netdom query fsmo“, now we can see that RID is successfully moved to DC02. Transfer Domain naming master and Schema master through GUI in Windows Server 2012 R2  Click on Start and then down arrow to open Active Directory Domain and Trusts.  Right click on “Active Directory Domain and Trusts [DC01.ITIngredients.com]”  Click on Operation Masters  click “Operations Master console“,
45
 To change Schema Master from GUI, we have to open MMC console by typing “MMC” on the run.  Click on File then “Add/Remove Snap-in” to add console of schema master.  On Add/Remove Snap-ins console, we will not be able to see the Active Directory Schema in Available Snap-in. Cancel the snap-in.  Open Run and type regsvr32 schmmgmt.dll it will register the “Schmmgmt.dll” file and add the Active Directory Schema in Add/Remove Snap-ins option of the MMC console.
46
 A dialog box appears regarding the success of regsvr32 schmmgmt.dll.  Now again open MMC console and click on the file then Add\remove snap-in. Select “Active Directory Schema” and click on Add. Click on OK.  Right click on Active Directory Schema [DC01.ITIngredients.com]  Click on Change Active Directory Domain Controller to open the console of DC02.ITIngredients.com.  On Change Directory Server console select DC02.ITIngredients.com
47
 Click on OK  Right click on “Active Directory Schema [dc02.itingredients.com]”  Click on Operations Master  On “Change Schema Master“, How to Seize FSMO Roles  Open command prompt  type “ntdsutil”  “roles  Connections  connect to server DC02  q  seize ɸ PDC
48
 Click on YES  We’ll run “netdom query fsmo” command on command prompt to verify the success of the sieze of PDC FSMO role. It clearly shows that seize of PDC is successfully completed.  File Screening File Screening is a service of FSRM role that provided block service for file format in shared folder. Active screening service blocked permanent File Format but Passive screening not blocked File Format and generated a massage for block file format and save it.
49
 Folder quota( Hard quota & soft quota) Folder quota is a service of FSRM role that provided block service for storage in shared folder. Hard Quota service blocked permanent storage and Soft Quota service not blocked storage but generated a massage over the block storage limit.  Write about NLB. The Network Load Balancing (NLB) feature distributes traffic across several servers by using the TCP/IP networking protocol. By combining two or more computers that are running applications into a single virtual cluster, NLB provides reliability and performance for web servers and other mission-critical servers.
50

Comments

Post a Comment