AD DS
From AlphaBook
Contents
Active Directory Domain Service Design
- Single forest single domain is preferred
- PDC acts as the time root in forest (w32tm /config /computer:BJDC01.alphabook.com.cn /manualpeerlist:time.windows.com /syncfromflags:manual /update)
- Implement multiple/backup domain controllers (all GCs)
- 2,150,000,000 objects per domain
- FQDN less than 64 characters
FSMO (Flexible single master operation)
5 FSMO roles
- Schema master / Forest level
- To make change Schema in forest (such as Exchange, Lync, SCCM)
- Domain naming master / Forest level
- To add/remove domain in forest
- PDC / Domain level
- Time root in forest
- Group policy central management
- Handle password change specially (the change will sync to PDC immediately)
- Handle user account lock specially
- RID pool master / Domain level
- Assign RIDs to DCs (500/time)
- Infrastucture master / Domain level
- Objects reference in different domains
To check the FSMO servers
- netdom query fsmo
To transfer / seize to FSMO roles
- Ntdsutil
- Roles
- Connections
- ?
- Connect to server BJDC01
- Quit
- Transfer schema master
- Transfer domain naming master
- Transfer PDC
- Transfer RID master
- Transfer infrastructure master
