Hot Posts

6/recent/ticker-posts

Active directory - FSMO roles

7Frames Tech July 13, 2022

Active Directory FSMO roles   (8&9)



FSMO stands for Flexible Single Master Operation

Mainly classified into two types

  1. Forest-wide role  (Multiple inter-connected domains form a forest)
  2. Domain-wide role
Forest wide role has two types
  1. Schema master
  2. Domain naming master
The domain-wide role has three types.
  1. PDC master
  2. RID master
  3. infrastructure master
Schema- Collection of class & attributes

        Schema master
  1. A schema master is a Domain controller who holds a schema role.
  2. Responsible for replicating, creating, deleting, modifying, and upgrading the AD schema in the AD forest.
  3. Root domain controller is schema master by default.
  4. Any Domain controller can be a schema master.
  5. Only one schema master in the entire forest.

        Domain naming master
  1. DNM is responsible for checking the uniquness of DN whenever a new domain is installed in the AD forest.
  2. Root domain is DNM by default
  3. Any Domain controller can be a DNM
  4. Only one DNM in the entire forest.
Command
    net dome query FSMO
  1. ntdsutil
  2. activate instance ntds
  3. roles
  4. connections
  5. connect to server s2.excel.com
  6. Quit
  7. Transfer schema master / Transfer naming master
  8. Quit
  9. Quit
    dsa.msc will open users and computers screen.


Primary Domain Controller master (PID master)
  1. It is responsible for forcibly updating the password to all other DCs in the domain.
  2. It is responsible for updating the GPO to all the DCs in the domain
  3. It will synchronize time to all DCs in the domain & DC will synchronize time to the client machine on the domain.
  4. It will update the account lockout policy to all other ADCs whenever a DC locked a user account.
Relative Identifier Master (RID master)
  1. It is responsible for allocating the RID range for DCs in the domain
  2. DCs are responsible for providing SID
        Security ID (SID): It's a unique id given to the object to identify the object.
        SID is a combination of RID and DID

Infrastructure master
  1. It's responsible for updating the group membership to users when users and groups belong to two different domains.
        G.C stans for Global Catalog server

Command
    net dome query FSMO
  1. ntdsutil
  2. activate instance ntds
  3. roles
  4. connections
  5. connect to server s2.excel.com
  6. Quit
  7. Transfer PDC / Transfer RID master / Transfer infrastructure master
  8. Quit
  9. Quit

regsvr32 schmmgmt.dll - To register schema master
mmc
file-) add or remove snapins -) Add AD schema -)ok


Schema seize:

Seize schema master - command

7Frames Tech

Posted by 7Frames Tech

Post a Comment

0 Comments