Microsoft Windows Server

1
Microsoft Windows Server
2
Operations Terms

• Single-Master Replication
• NT 4.0 replication method
• Only the primary domain controller could right to
  the SAM database
• Other domain controllers could only handle
  authentication
• Multi-master Replication
• Active Directory replication method
• Multiple DCs can write to NTDS

3
Operations Terms

• Flexible Single Master of Operations
• FSMO

4
NT 4.0 v. 2000/2003

• NT 4.0 maintains SAM on the PDC and only on the
  PDC.
• NT 4.0 only changes can be made on PDC.
• Windows Server accounts are managed through the
  directory through multimaster replication. This
  is only available in Native mode, not mixed mode,
  which supports Single-Master

5
Server 2003

• With Active Directory, all DCs are equal,
  although some are more equal than others. They
  maintain the FSMO roles
• FSMO pronounced PHIZZ-MO.
• Roles
• RID Master
• Schema Master
• Domain Master
• PDC Emulator
• Infrastructure Master
• First DC maintains all 5.

6
Schema

• Is the working structure of the AD database.
  (think Access database with many tables that have
  many fields)
• You can view the schema of AD by running mmc /a
  and Add/Remove Snap-in-gtActive Directory Schema.
• Things that change the schema
• Applications Exchange Server, SQL Server
• Adds additional fields to support apps

7
Domain Naming

• Modified with the AD Domains and Trusts
  Tool/Snap-in
• Handles Domain naming when additional domains are
  brought into the forest.

8
RID Master

• Relative ID
• Is generated when SIDS are created, it is the
  last 32 bits of the SID
• All sids start out with S-1-5 and then appends
  random numbers to the end a
• 1-b1-c1

9
Infrastructure and PDC

• Infrastructure
• Speeds up the process of reflecting changes
  across the domains.
• PDC
• Used for legacy (pre W2k) systems
• Knows the most up-to-date passwords
• When a password is changed, the DCs contact the
  PDC FSMO immediately
• Also used for account unlocks

10
Transferring Roles command line

• Command Prompt
• NTDSUTIL
• Connect to servername
• Quit
• Transfer fsmotype master
• Or
• Seize fsmotype master

11
Why is this important to know?

• Delegating the roles to other servers reduces the
  possibility of the network going down in the
  event of a failure on the first server.

12
Designing a Domain Model

• Your domain design is relative to the size of the
  network.
• A small business typically will maintain a single
  server/domain controller setup.
• Microsoft Small Business Server
• Domain Controller
• Exchange Server
• SQL Server
• ISA Server
• Intranet
• Maximum of 50 license

13
Designing a Domain Model

• Larger businesses (25 clients)
• Secondary Domain Controllers should be introduced
  for fault tolerance.
• FISMO roles should be delegated appropriately
• Larger Business with remote locations
• Active Directory Sites and Services
• Create site for remote location
• Domain Controllers can be placed at the remote
  locations to help with authentication.
• Replication decisions have to be made based on
  the connection speed between the sites.
• Must determine how dynamic the network is
• If the network does not change often, replication
  can be scheduled at off peak time.

14
Forcing/Scheduling Replication

• AD Sites and services
• Right mouse click and replicate now.
• Set replication based on cost
• Cost is connection link
• Give the ability to replicate using best path and
  scheduling

15
Domain Migrations/Upgrades

• Domain migration means transferring domain
  information from one domain to a new domain.
• ADMT Active Directory Migration Tool
• Migrates users, groups, and computers.
• XCOPY to migrate data and groups across the wire
• Robocopy-Resource kit tool that can copy
  files/folders and ACLS. The same as XCOPY but
  with fewer arguments and switches.

16
Domain Migrations/Upgrades

• Migration of computer accounts allows the user to
  maintain their profiles while switching
  domains.
• Profile settings such as Favorites, My Documents
  etc.
• Migration of objects includes generation of the
  SID within the new domain.

17
Domain Migration Concepts

• Always plan your migration thoroughly
• Assume things will go wrong
• Document variables that are not within your
  control
• Determine path of least resistance
• Small network v. large network?
• Small network
• May be easier to just create new users
• Manually copy data and re-assign permissions
• Copy mailboxes to pst files or wipe entirely
• Large network
• Develop a project timeline and cross one bridge
  at a time
• Develop timeline to include rollback deadline
• This is a deadline that allows you the time to
  revert back to the old system to live another
  day.
• Set proper expectations within the organization
• Validate the integrity of the data (users objects
  etc) being migrated. Is it good/consistent data?