MCITP 70-640: Operation Master Roles

Показать описание

Schema Master 01:32
Domain Naming Master 03:01
RID Master 03:53
PDC Emulator 07:06
Infrastructure Master 11:03

Schema Master (Forest Wide)
The Schema Master determines the structure and thus what can be stored in Active Directory. It contains details of every object that can be created and the attributes for that object. For example, if you want to add an attribute to every user in the forest (such as a field with the user's pay grade in it), you would add an attribute to the schema to accommodate this change. It is important to think carefully before making changes to the schema as changes to the schema can't be reversed but they can be disabled. If you want to test changes to the schema, create a new forest and make your changes there so the production environment is not affected.

Domain Naming Master (Forest Wide)
The Domain Naming Master is responsible for ensuring that two domains in the forest do not have the same name.

Relative ID Master (RID Master)
This master role allocates RID pools. A RID is a sequential number that is added to the end of a SID. A SID, or security identifier, is required for every Active Directory object. An example of a SID is shown here:

S-1-5-21-1345645567-543223678-2053447642-1340.

The RID is the last part of the SID, in this case 1340. The RID Master allocates a pool or block of RIDs to a Domain Controller. The Domain Controller uses the RID pool when Active Directory objects are created. The Domain Controller will request a new RID pool before it runs out. However, keep in mind that if you create a lot of Active Directory objects at once, the RID Master will need to be online to allocate new RID pools. If the Domain Controller runs out of RIDs and can't contact the RID Master, no objects in Active Directory can be created on that Domain Controller.

PDC (Primary Domain Controller) Emulator
Originally the PDC Emulator provided a bridge between Windows NT4 Domain Controllers and Windows Server 2000 Domain Controllers. Even if you do not have any NT4 Domain Controllers on your network, it still provides some services.

The PDC Emulator forms the root of the time sync hierarchy in your domain. All other Domain Controllers will sync their time from this Domain Controller. Your clients and servers will in turn sync their time from their local Domain Controller. You should configure the PDC to sync its time from an external time source to ensure that it is accurate.

When a user enters in a wrong password, the PDC Emulator may be contacted to find out if this password is in fact an updated password. Password changes are replicated to the PDC Emulator first and thus it is considered the final authority on correct and incorrect passwords.
The PDC Emulator is contacted when changes to DFS (Distributed File System) are made. This can be switched off if the load on the PDC Emulator becomes too great.

Infrastructure Master
The Infrastructure Master is responsible for ensuring that objects that use multiple domain references are kept up to date and consistent. When you are in a single domain you don't need to worry about this. In a multiple domain environment with Windows Server 2000/2003 Domain Controllers, you must ensure that the Domain Controller that is holding the Infrastructure Master role is not a Global Catalog Server or all of the Domain Controllers will be Global Catalog Servers. If the Domain Controller is a Global Catalog Server this can cause objects in the domain not to update correctly. If you only have Windows Server 2008 Domain Controllers, you don't need to worry about whether the Infrastructure Master is on a Global Catalog Server or not.

Рекомендации по теме

Комментарии

It is seven years since this video was made, and we students are still swinging by to improve our understanding. Thank you for this!

chelseaziemer

Still relevant in 2021. This YouTube channel is gold for people learning about AD.

danielschiffers

in 2024 your videos made my job, Thank you very much.

mahammadthouheed

This series of videos are THE BEST ones I have ever seen for learning about these Windows topics. Keep it up! Been watching these back to back for hours.

IceAeon

Good ness, even after so long, this series so damn good.
Couldnt stop from writing this.

abhijeetnegi

Thanks a lot for these videos. I've been wanting to study for these exams for so long but get intimidated thinking that I'm not going to manage them. But these videos helped me a lot breaking down topics and stages. I'm studying one video every other day and doing practices with free trial versions of the OS so I can get a good grasp. Now I see the exams dates on the horizon. I appreciate it a lot.

allenge

These video's are short, to the point and full of rich data, that would have taken hours to understand from a CBT or reading training books. Thank you for your excellent videos, will watch out for more, Thanks

calistabolaaji

I love this videos. I understand them more than the actual book.

AdaEstherGJ

Thank you so much for these vidz!! I am starting a new job and I have not worked with Active Directory for years. These videos are perfect for helping me get re-acquainted with AD and I am also picking up things I never knew. KUDOS.

MrRossfparker

Everything becomes so easy with your videos, thank you so much! I can understand everything easily 😊

mohammedal-hammadi

Thanks very much. Glad to hear you like the videos.

itfreetraining

Thanks for posting this video. Now that I have a better grasp of what each of the roles do, I think I understand more about which tasks have to be performed on servers with those roles and why some tasks cannot be performed unless a certain role is available. Your video provides a good foundation for further study of FSMO roles.

ITBroom

Thanks a lot for these AD Videos series !! Everything becomes so easy with your videos, i love this.Could you start Azure training series!!

vijayingale

This is an amazing explanation !! Thank you very much for your donations

roidelalune

Best lectures on Windows Server components ever! Hopefully you can complete the series, it would be a shame.

mixmastermorris

All the DC's sync of the DC with the PDC operational master role. The clients sync off the DC's. So you need to ensure the PDC is the correct time.

itfreetraining

Thank you so much Team, ... In your all MCITP training videos really helpfull and supported me in my carreer life...

prasadsankar

Thanks very much. Glad you like the videos.

itfreetraining

We are working on it, sorry for the delays.

itfreetraining

To do this, open Active Directory Users and computers. Right click the domain and select operations master.

You can do this from the command line by running the following.
netdom query fsmo

itfreetraining

MCITP 70-640: Operation Master Roles

MCITP 70-640: Operation Master Roles

MCITP 70-640: Moving Operation Master Roles

MCITP 70 640 Moving Operation Master Roles

MCITP 70 640 Operation Master Roles

MCITP 70-640: Operators Master Role Placement Global catalog

1 10 MCITP 70 640 Moving Operation Master Roles

MCITP 70-640: Upgrading Active Directory

MCITP 70-640: Seizing roles

MCITP 70-640: Operators Master Role Placement Global catalog

MCITP 70-640: Uninstalling Active Directory

MCITP 70-640: Installing Active Directory

MCITP 70-640: Active Directory Under The Hood

MCITP 70-640: Group Policy Optimization

MCITP 70-640: Active Directory Command Line Tools

MCITP 70-640: Active Directory Domain Functional Levels

MCITP 70-640 Lecture 13

How to Seize 5 FSMO roles in Windows Server 2012 R2

MCITP 70-640: Installing Active Directory on Server Core

MCITP 70-640: Active Directory Forest Functional Levels

MCITP 70-640: Active Directory adding a child domain

MCTS Exam 70-640 - Server 2008 Active Directory Training - Understanding Domains, Trees, and Forests

MCITP 70 640 Active Directory different group types available

MCITP 70-640: Group Policy Introduction

MCITP 70-640: Introduction To Active Directory