Scribd
Upload
37 views5 pages

FSMO N AD

windows admin knowledge for active directory role and management

Uploaded by

Ganesh Bhagat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
37 views5 pages

FSMO N AD

windows admin knowledge for active directory role and management

Uploaded by

Ganesh Bhagat
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

Schema master FSMO role

The schema master FSMO role holder is the DC responsible for performing updates to
the directory schema, that is, the schema naming context or LDAP. This DC is the only
one that can process updates to the directory schema. Once the Schema update is
complete, it's replicated from the schema master to all other DCs in the directory.
There's only one schema master per forest.

Domain naming master FSMO role

The domain naming master FSMO role holder is the DC responsible for making changes
to the forest-wide domain name space of the directory, that is, the Partitions\
Configuration naming context or LDAP://CN=Partitions, CN=Configuration,
DC=<domain>. This DC is the only one that can add or remove a domain from the
directory. It can also add or remove cross references to domains in external directories.

RID master FSMO role

The RID master FSMO role holder is the single DC responsible for processing RID Pool
requests from all DCs within a given domain. It's also responsible for removing an object
from its domain and putting it in another domain during an object move.

When a DC creates a security principal object, such as a user or group, it attaches a


unique Security ID (SID) to the object. This SID consists of:

 A domain SID that's the same for all SIDs created in a domain.
 A relative ID (RID) that's unique for each security principal SID created in a
domain.

Each Windows DC in a domain is allocated a pool of RIDs that it's allowed to assign to
the security principals it creates. When a DC's allocated RID pool falls below a threshold,
that DC issues a request for additional RIDs to the domain's RID master. The domain RID
master responds to the request by retrieving RIDs from the domain's unallocated RID
pool, and assigns them to the pool of the

PDC emulator FSMO role


The PDC emulator is necessary to synchronize time in an enterprise. Windows includes
the W32Time (Windows Time) time service that is required by the Kerberos
authentication protocol.

In a Windows domain, the PDC emulator role holder retains the following functions:

 Password changes done by other DCs in the domain are replicated


preferentially to the PDC emulator.
 When authentication failures occur at a given DC because of an incorrect
password, the failures are forwarded to the PDC emulator before a bad
password failure message is reported to the user.
 Account lockout is processed on the PDC emulator.
 The PDC emulator performs all of the functionality that a Windows NT 4.0
Server-based PDC or earlier PDC performs for Windows NT 4.0-based or
earlier clients.

Infrastructure master FSMO role

When an object in one domain is referenced by another object in another domain, it


represents the reference by:

 The GUID
 The SID (for references to security principals)
 The DN of the object being referenced

The infrastructure FSMO role holder is the DC responsible for updating an object's SID
and distinguished name in a cross-domain object reference.

5) Explain what is SYSVOL?


The SysVOL folder keeps the server’s copy of the domain’s public files. The
contents such as users, group policy, etc. of the sysvol folders are replicated to all
domain controllers in the domain.

7) Mention what system state data contains?


System state data contains
 Contains startup files
 Registry
 Com + Registration Database
 Memory page file
 System files
 AD information
 SYSVOL Folder
 Cluster service information

Explain where does the AD database is held? What other


folders are related to AD?
AD database is saved in %systemroot%/ntds. In the same folder, you can also see
other files; these are the main files controlling the AD structures they are

 dit
 log
 res [Link]
 log
 chk

0) Mention what is PDC emulator and how would one know


whether PDC emulator is working or not?
PDC Emulators: There is one PDC emulator per domain, and when there is a
failed authentication attempt, it is forwarded to PDC emulator. It acts as a “tie-
breaker” and it controls the time sync across the domain. These are the
parameters through which we can know whether PDC emulator is working
or not.

 Time is not syncing


 User’s accounts are not locked out
 Windows NT BDCs are not getting updates
 If pre-windows 2000 computers are unable to change their passwords

 11) Mention what are lingering objects?


 Lingering objects can exists if a domain controller does not replicate for an
interval of time that is longer than the tombstone lifetime (TSL).

 12) Mention what is TOMBSTONE lifetime?


 Tombstone lifetime in an Active Directory determines how long a deleted
object is retained in Active Directory. The deleted objects in Active
Directory is stored in a special object referred as TOMBSTONE. Usually,
windows will use a 60- day tombstone lifetime if time is not set in the
forest configuration.

13) Explain what is Active Directory Schema?


 Schema is an active directory component describes all the attributes and
objects that the directory service uses to store data

14) Explain what is a child DC?


CDC or child DC is a sub domain controller under root domain controller which
share name space

15) Explain what is RID Master?


RID master stands for Relative Identifier for assigning unique IDs to the object
created in AD.

16) Mention what are the components of AD?


Components of AD includes

 Logical Structure: Trees, Forest, Domains and OU


 Physical Structures: Domain controller and Sites

17) Explain what is Infrastructure Master?


Infrastructure Master is accountable for updating information about the user and
group and global catalogue. These interview questions will also help in your
viva(orals)

Question 11: What is Active Directory Schema


Answer: AD Schema defines object classes and their attributes. An
example of an object is User. The User object has First Name, Last
Name, Email, etc attributes.

You might also like