*Little future planning to prevent Major problems.
*What are Operations Masters?
Right now we only have 2 DC’s both of which are Global catalogs. What if your DC1 blows off?
*If DC1 goes down, we will have major problems due to the fact that we have all of our operation masters attached to it.
Here we can easily reduce the risk of SPOF (Single point of Failure) issues by giving DC2 an additional job or two.
What are OPERATIONS MASTERS?
Operations
Masters (Used to be called FSMO’s – Flexible Single Operations Masters)
are specific jobs that a DC can do apart from all the regular
day-to-day stuff (any DC can do stuff like authenticating/logging on,
adding users, etc.. these are special).
The Forest Level Operations Masters
-DOMAIN NAMING –
Responsible for adding and removing domains from inside your forest.
Sits back and drinks coffee most of the time until you need to add or
remove domain.
-Schema –
Handles all the database definitions.Also on Coffee break until you or
an application you install needs to change the AD schema.
These two can and should go on the same DC!
The Domain Level Operations Masters
*PDC Emulator –
This is the big one. PDC stands for Primary domain controller. It
handles password updates, group policy updates, times updates, and acts
as the master browser.
-Make all your group policy changes on the server that has the PDC role for best performance!
*Relative Identifier (RID) –
Provides security Identifiers (Also known as SIDS) for new users,
computers, and anything else that gets added to your AD. If the servers
with this role goes down, you may not be able to add any uses or
computers to the domain.
-SID – A unique identifier for an object in AD.
*Infrastructure Master – Keeps track of who’s in what Group. Extremely vital if you have multiple domains your forest.
-The
Infrastructure master should be on a server that is not a Global
Catalog, unless every single domain controller is also a Global catalog.
Now where to find all the operation Role in DC?
- RID, PDC, Infrastructure masters can be found in AD users and computers.
* Right Click on your Domain xxx.com > Select Operation Masters > Now you can see all your three Domains.
- Operation Master with Domain Naming can be found in AD domain and trusts.
- By default Schema master is not registered so we need register by going into command prompt in AD.
-Now type regsvr schmmgmt.dll
Now to find it go to MMC > File > Add or Remove Snap-ins > AD Schema
Now to move the roles from DC1 to DC2
Open AD users and computers > Right click > Operations Masters >
*Select RID, click on change. You will be prompted are you sure you want to transfer this role to DC2, click OK.
* Now Select PDC, click on change. You will be prompted are you sure you want to transfer this role to DC2, click OK.
*Now leave infrastructure master like that. Because we will move it to another member server Ex : DC3
Now
we will add member server in existing forest, while installation of AD
services, you will be prompted you would like to transfer Infrastructure
master to this member server. Please click on it.
So
now we need to insert that DVD in member server (DC3) and select the
DVD drive from location so it can install AD of DC1 from IFM backed up
folder.
When
you click on Next, you will be prompted to Select the DC1 or DC2 so
this new DC3 can replicate the changes from. Here we will select DC2 for
load balancing.
Now continue with the installation.
Once the process gets complete. Go to AD users and computers in DC3, you will find all the groups, users, OU's within it.
To sync the changes from DC1 or DC2, type repadmin / syncall in cmd.
Now here we have :
DC1 has Domaing Naming, Schema master Roles
DC2 has PDC emulator, RID master Role.
DC3 has Infrastructure master.
No comments:
Post a Comment