|
Home > Archive > 70-217 > June 2002 > Yet another link request
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Yet another link request
|
|
| Sexy Lexy 2002-06-06, 3:53 pm |
| In the pursuit of knowledge, does anyone have a link that describes in depth what function each flexible single master role performs?
My thanks again in advance
 | |
| KScheler 2002-06-06, 4:30 pm |
| http://support.microsoft.com/defaul...b;EN-US;q197132
Schema master - 1 per forest
Domain Naming master - 1 per forest
RID master - 1 per domain
PDC emulator - 1 per domain
Infrastructure master - 1 per domain
Hey Lexy! I finally finished my W2k MCSE! After you take 217, go for 219. It covers the same principles, only easier. Good Luck! | |
| Sexy Lexy 2002-06-06, 4:43 pm |
| It's not the number of rolls that are allowed in active directory but the functions that the rolls perform. One of the posts said that you have to transfer or sieze rolls in a few of the questions so I want to know exactly what functions the rolls perform (Apart from knowing that you can't have an infrastructure master on the same server as a global catalogue server etc.)
Congratulations, on passing your MCSE and thank you once again for the advice. So 219 is easier than 217? What did you use to revise for 219 if you don't mind me asking.
What are you going on to now? Are you having a deserved rest or pursuing another certification?
Don't say your leaving as you have been very helpful (So have others and you know who you are!!!)
Let me know!
| |
| Sexy Lexy 2002-06-06, 4:44 pm |
| Very informative!
Hey, KScheler what's happened to your avatar? | |
|
| hope this help:
Email to get more: anhquy@gmx.net
Forest-Wide Operations Master Roles
Every Active Directory forest must have the following roles:
Schema master
Domain naming master
These roles must be unique in the forest. This means that throughout the entire forest there can be only one schema master and one domain naming master.
Schema Master Role
The schema master domain controller controls all updates and modifications to the schema. To update the schema of a forest, you must have access to the schema master. At any time, there can be only one schema master in the entire forest.
Domain Naming Master Role
The domain controller holding the domain naming master role controls the addition or removal of domains in the forest. There can be only one domain naming master in the entire forest at any time.
Domain-Wide Operations Master Roles
Every domain in the forest must have the following roles:
Relative ID master
Primary domain controller (PDC) emulator
Infrastructure master
These roles must be unique in each domain. This means that each domain in the forest can have only one relative ID master, PDC emulator, and infrastructure master.
Relative ID Master Role
The relative ID master allocates sequences of relative IDs to each of the various domain controllers in its domain. At any time, there can be only one domain controller acting as the relative ID master in each domain in the forest.
Whenever a domain controller creates a user, group, or computer object, it assigns the object a unique security ID. The security ID consists of a domain security ID (which is the same for all security IDs created in the domain), and a relative ID that is unique for each security ID created in the domain.
To move an object between domains (using MOVETREE.EXE: Active Directory Object Manager), you must initiate the move on the domain controller acting as the relative ID master of the domain that currently contains the object.
PDC Emulator Role
If the domain contains computers operating without Windows 2000 client software or if it contains Windows NT backup domain controllers (BDCs), the PDC emulator acts as a Windows NT primary domain controller. It processes password changes from clients and replicates updates to the BDCs. At any time, there can be only one domain controller acting as the PDC emulator in each domain in the forest.
Even after all systems are upgraded to Windows 2000, and the Windows 2000 domain is operating in native mode, the PDC emulator receives preferential replication of password changes performed by other domain controllers in the domain. If a password was recently changed, that change takes time to replicate to every domain controller in the domain. If a logon authentication fails at another domain controller due to a bad password, that domain controller will forward the authentication request to the PDC emulator before rejecting the logon attempt.
Infrastructure Master Role
The infrastructure master is responsible for updating the group-to-user references whenever the members of groups are renamed or changed. At any time, there can be only one domain controller acting as the infrastructure master in each domain.
When you rename or move a member of a group (and that member resides in a different domain from the group), the group may temporarily appear not to contain that member. The infrastructure master of the group's domain is responsible for updating the group so it knows the new name or location of the member. The infrastructure master distributes the update via multimaster replication.
There is no compromise to security during the time between the member rename and the group update. Only an administrator looking at that particular group membership would notice the temporary inconsistency. | |
| KScheler 2002-06-07, 3:01 pm |
| Lexy:
I'm working on 218 now so I can add MCSA to the list. As far as prep material for 219, I downloaded the demo from Transcender and a few others I found,(jeff_j_black can give you some good links. I don' have them handy.) just to understand how the case studys are presented. I also used the chapter on AD from the resource kit, very informative, plus what I learned from 217. Example: In one case study they mentioned that each of the company's 2 major sites needed different password policies. Then one of the questions asked what would be a major reason for this company to create 2 seperate domains. It had 3 stupid answers and 1 answer of "because they need seperate password policies", duh! I had 4 case studies and 44 questions. One I'm sure I missed, had 8 choices for answers and they wanted 5 answers picked. Also there are some drag-n-drop questions so try to find some demos that have that. Most were placing things in correct order or whether it pertained to forest, domain, or OU structure. ALL in all, if understand all of the concepts from 217 and read the chapter from the RK you should do fine. The FSMOs are asked about on 219 too.
My avatar? Never had one  | |
| jeff_j_black 2002-06-08, 12:09 pm |
| Lex, just give a shout if you need more help! Good luck! | |
| Sexy Lexy 2002-06-08, 12:13 pm |
| Hi Jeff,
Here's the shout. Do you have any links, advice or information regarding 219 as KScheler pointed out?
Thanks in advance.
What are you doing with yourself these days, Jeff? |
|
|
|
|