Term
|
Definition
1.Facilitating searches for objects in the forest
2.Resolving User Principal Names (UPNs).
3.Maintaining universal group membership information
4. Maintaining a copy of all objects in the domain |
|
|
Term
| Global Catalog port number |
|
Definition
|
|
Term
|
Definition
| Domain Specific - Responsible for assigning relative identifiers to domain controllers in the domain. Relative identifiers are variable-length numbers assigned by a domain controller when a new object is created. |
|
|
Term
|
Definition
| Domain Specific - Responsible for reference updates from its domain objects to other domains. This assists in tracking which domains own which objects. |
|
|
Term
| Primary Domain Controller (PDC) Emulator |
|
Definition
Domain Specific - Provides backward compatibility with Microsoft Windows NT 4.0 domains and other down-level clients. Password changes, account lockouts, and time synchronization for the domain will also be managed by the PDC Emulator. The domain controller that initiates a password change will send the change to the PDC Emulator, which in turn updates the global catalog server and provides immediate replication to other domain controllers in the domain.
The domain controller that is assigned the RID Master role in a domain is responsible for generating a pool of identifiers that are used when new accounts, groups, and computers are created. These identifiers are called relative identifiers (RID) because they are related to the domain in which they are created. The RID is a variable-length number that is assigned to objects at creation and becomes part of the object's security identifier (SID). A SID is used to uniquely identify an object throughout the Active Directory domain. Part of the SID identifies the domain to which the object belongs, and the other part is the RID. |
|
|
Term
|
Definition
| Forest Wide - Has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest. When any of these is created, the Domain Naming Master ensures that the name assigned is unique to the forest. |
|
|
Term
|
Definition
| Forest Wide - Is responsible for managing changes to the Active Directory schema. |
|
|
Term
|
Definition
·
The global catalog server acts as a central repository for Active Directory by holding a complete copy of all objects within its local domain and a partial copy of all objects from other domains within the same forest. The global catalog has three main functions: the facilitation of searches for objects in the forest, resolution of UPN names, and provision of universal group membership information.
·
A global catalog should be placed in each site when possible. As an alternate solution when a site is across an unreliable WAN link, universal group membership caching can be enabled for the site to facilitate logon requests.
·
Global catalog placement considerations include the speed and reliability of the WAN link, the amount of traffic that will be generated by replication, the size of the global catalog database, and the applications that might require use of port 3268 for resolution.
·
Operations master roles are assigned to domain controllers to perform single-master operations.
·
The Schema Master and Domain Naming Master roles are forest-wide. Every forest must have one and only one of each of these roles.
·
The RID Master, PDC Emulator, and Infrastructure Master roles are domain-wide. Every domain must have only one of each of these roles.
·
The default placement of FSMO roles is sufficient for a single-site environment. However, as your network expands, these roles should be divided to increase performance and reliability. Table 4-2 provides detailed guidelines.
·
FSMO roles can be managed in two ways: role transfer and role seizure. Transfer a FSMO role to other domain controllers in the domain or forest to balance the load among domain controllers or to accommodate domain controller maintenance and hardware upgrades. Seize a FSMO role assignment when a server holding the role fails and you do not intend to restore it. Seizing a FSMO role is a drastic step that should be considered only if the current FSMO role holder will never be available again.
·
Use repadmin to check the status of the update sequence numbers (USNs) when seizing the FSMO role from the current role holder. Use ntdsutil to actually perform a seizure of the FSMO role. |
|
|
