Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

ITT TECHNICAL INSTITUTE NT1330 Client

advertisement 
Unit 5
ITT TECHNICAL INSTITUTE
NT1330
Client-Server Networking II
Date: 1/13/2016
Instructor: Williams Obinkyereh
Class Agenda 1
• Learning Objectives
• Lesson Presentation and Discussions.
• Discussion on Assignments.
• Discussion on Lab Activities.
• Break Times. 10 Minutes break in every 1
Hour.
• Note: Submit all Assignment and labs due
today.
Class Agenda 2
• Theory : Unit 5:
• Global Catalog and Flexible Single Master
Operations (FSMO) Roles ( 6:00pm-8:00pm)
• Unit 5. Lab 1. Global Catalog and Flexible
• Single Master Operations (FSMO) Roles
• (8:15pm to 11:00pm)
Global Catalog and Flexible Single
Master Operations
(FSMO) Roles
Lesson 4
Skills Matrix
Technology Skill
Objective Domain
Objective #
Configuring Additional
Global Catalog Servers
Configure the global
catalog
2.5
Placing FSMO Role Holders Configure operations
masters
2.6
Global Catalog
• By default, the first domain controller
installed in the forest root domain is
designated as a global catalog server.
• Any or all domain controllers in a domain
can be designated as global catalog server.
Global Catalog
• Critical component of Active Directory.
• Acts as a central repository by holding:
– A complete copy of all objects from the host
server’s local domain.
– A partial copy of all objects from other
domains within the same forest
• Used for logon, object searches, and
universal group memberships.
Global Catalog
• Global catalog placement considerations include:
– The speed and reliability of the WAN link.
– The amount of traffic that will be generated by
replication.
– The size of the global catalog database.
• When a user initiates a search for an object in
Active Directory, the request is automatically sent
to TCP port 3268.
• Global catalogs are identified with DNS through the
SRV records (global catalog, or _gc, service).
Universal Group Membership Caching
• Site with no Global Catalog sever use a
feature called Universal Group Membership
Caching
• Enabled on a per-site basis.
• By default, cache is refreshed every eight
hours.
Universal Group Membership Caching
• Allows domain controllers to process a logon or resource
request without the presence of a global catalog server.
– Assuming a user has successfully logged on when a
global catalog server was available and universal
group membership caching was enabled.
Global Catalog and Universal Group Caching
• If universal group caching is not available to
record the user’s information into cache and
the global catalog server goes offline, the
logon attempt will fail.
Flexible Single Master Operations (FSMO)
Roles
• To keep a tight control on certain sensitive
or special operations, Active Directory uses
Flexible Single Master Operations (FSMO)
roles.
– Relative Identifier Master.
– Infrastructure Master.
– Primary Domain Controller (PDC) Emulator.
– Domain Naming Master.
– Schema Master.
Relative Identifier (RID) Master
• Domain specific (one per domain).
• Responsible for assigning relative identifiers
to domain controllers in the domain.
• Relative identifiers are variable-length
numbers assigned by a domain controller
when a new object is created.
Infrastructure Master
• Responsible for reference updates from its
domain objects to other domains.
– Assists in tracking which domains own which
objects.
Primary Domain Controller (PDC) Emulator
• Provides backward compatibility with Microsoft
Windows NT 4.0 domains and other down-level
clients.
• Manages account lockouts.
• Manages time synchronization for the domain.
• Managers password changes.
– When a password is changed, it provides immediate
replication to other domain controllers in the
domain.
• Managing edits to Group Policy Objects (GPOs)
Domain Naming Master
• Forest specific (one per forest).
• Has the authority to manage the creation
and deletion of domains, domain trees, and
application data partitions in the forest.
– When any of these is created, the Domain
Naming Master ensures that the name
assigned is unique to the forest.
Schema Master
• Forest specific (one per forest).
• Responsible for managing changes to the
Active Directory schema.
Flexible Single Master Operations (FSMO)
Roles
• When you install the first domain controller
in a new forest, that domain controller holds
both of the forest-wide FSMOs as well as the
three domain-wide FSMOs for the forest root
domain.
Managing FSMO Roles
• Role transfer - Used to move a FSMO role
gracefully from one domain controller to
another.
• Role seizure - Used only when you have
experienced a failure of a domain controller
that holds a FSMO role and you forced an
ungraceful transfer.
Viewing or Transferring the Schema Master
FSMO Role Holder
• Open the Active Directory Schema snap-in.
• Right-click Active Directory Schema from the
console tree and select Change Operations
Master.
• Remember that before you can access the
Active Directory Schema snap-in, you need
to register the schmmgmt.dll DLL file using
the following syntax:
regsvr32 schmmgmt.dll
Seizing a FSMO Role
• Use the ntdsutil command to access the
fmso maintenance prompt and use the seize
command.
Summary
• The global catalog server acts as a central
repository for Active Directory by holding a
complete copy of all objects within its local
domain and a partial copy of all objects from
other domains within the same forest.
• The global catalog has three main functions:
the facilitation of searches for objects in the
forest, resolution of UPN names, and
provision of universal group membership
information.
Summary
• A global catalog should be placed in each
site when possible. As an alternate solution
when a site is across an unreliable WAN link,
universal group membership caching can be
enabled for the site to facilitate logon
requests.
Summary
• Global catalog placement considerations
include the speed and reliability of the WAN
link, the amount of traffic that will be
generated by replication, the size of the
global catalog database, and the
applications that might require use of port
3268 for resolution.
• Operations master roles are assigned to
domain controllers to perform single-master
operations.
Summary
• The Schema Master and Domain Naming
Master roles are forest-wide.
– Every forest must have one and only one of
each of these roles.
• The RID Master, PDC Emulator, and
Infrastructure Master roles are domain-wide.
– Every domain must have only one of each of
these roles.
Summary
• The default placement of FSMO roles is
sufficient for a single-site environment.
– However, as your network expands, these
roles should be divided to increase
performance and reliability.
Summary
• Use repadmin to check the status of the
update sequence numbers (USNs) when
seizing the FSMO role from the current role
holder.
• Use ntdsutil to actually perform a seizure of
the FSMO role.
Unit 5 Assignments and Labs
• Unit 5. Assignment 1. AD Design Scenario:
FSMO Role & GC Placement
• Unit 5. Exercise 1. AD FSMO Role
• Management Research: Alternate Methods
• Unit 5. Lab 1. Global Catalog and Flexible
Single Master Operations (FSMO) Roles
Related documents
Chapter 4
Chapter 4
ch04
ch04
A Course on Global Catalog And Flexible Single Master Operations
A Course on Global Catalog And Flexible Single Master Operations
seizing fsmo roles - Hucor Technologies
seizing fsmo roles - Hucor Technologies
Syllabus Checklist
Syllabus Checklist
C&C Group7 - WordPress.com
C&C Group7 - WordPress.com
MDC-1 - srs
MDC-1 - srs
Director of Marketing
Director of Marketing
Download
advertisement