Jahan University

Vice Chancellor office

computer science faculty
Network Department

Network Administration
Semester: 2nd

Lecture: 4th

Prepare by: year: 1402

1
Previous lecture

• Network Architecture Overview

• Intro to Active Directory Domain Services
• Understanding Server Roles & Features
• Installing Active Directory Domain Services
• Introduction to Domain Controllers

2
 Chapter4
Backup Domain Controllers & FSMO Role

3
Lecture Outline
• Installing Read Only Domain Controller
• Installing Additional Domain Controller
• Managing Flexible Single Master Operations

4
Backup Domain Controllers
In order to have fault tolerance and high availability its recommended to have at
least two domain controllers in your environment.
A PDC (Primary Domain Controller) and a BDC (Backup Domain Controller). You
must install a PDC before any other domain server.
Primary Domain Controller maintains the master copy of the directory database and
validates users.
Backup Domain Controller contains a copy of the directory database and can
validate users. If the PDC fails then the BDC can be promoted to a PDC.

5
Backup Domain Controllers

6
Server Roles & Features
A domain can have multiple Backup Domain Controllers. Having at least one BDC
in a domain is crucial, if the PDC fails, you can keep the domain functioning by
promoting the Backup Domain Controller to Primary Domain Controller.
Each BDC in a domain can maintains a read-only or editable copy of the PDC’s
master directory database.

7
Types of Backup Domain Controllers
ADC
• Stands for Additional Domain Controller.
• Store writable / editable copy of primary or
master domain controller.
• On ADC we can add, delete and update any
kind of object.
• Remote uses can authenticate locally.
• Good when we have higher security.
RODC
• Stands for Read Only Domain Controller.
• Store a read only copy of primary or master domain
controller.
• On RODC we can’t add, delete and update any kind of
object.
• Remote users can authenticate locally.
• Good when we have lower security.
8
Types of Backup Domain Controllers (con….)

How to configure a machine as ADC and RODC?

Step1: configure IP address and join machine on domain
Step2: install AD DS role from server manager
Step3: promote server as ADC / RODC
Step4: verify ADC & RODC

9
FSMO Role (Flexible Single Master Operator)

Active directory has five special roles which are vital for the smooth running
of AD and we are able to transfer these roles to any domain controller. The
obvious advantage here is to transfer these role automatically to another
working DC if any particular DC goes down.
Because an active directory role is not bound to a single DC, it is referred to
as a Flexible Single Master Operation (FSMO) role.
To check: DCs --- Cmd:\> netdom query fsmo

10
Domain Controllers
FSMO role is broadly divided into five roles and they are:
1) Schema Master
2) Domain Naming Master
3) RID Master
4) Infrastructure Master
5) PDC Emulator

11
FSMO Role
Structure (Flexible
of AD Single Master
DS - Components of Operator)
AD DS

1.Schema Master
This role is use to control updates on schema, we use this whenever we want
to change schema. By default schema master role doesn’t exist on tools menu
to bring AD schema:
C:\> regsvr32 schmmgmt.dll
Run: mmc --- file --- add/remove snap-in --- select AD Schema --- add ---
OK
2.Domain Naming Master
Is responsible for adding, removing, editing domain to forest network, when a
new domain is added to the forest the name must be unique within the forest.
Active Directory Domains & Trusts --- R/C AD Domain and Trust ---
Operation Master

12
FSMO Role
Structure (Flexible
of AD Single MasterofOperator)
DS - Components AD DS
3.RID (Relative Identity) Master
Allocates relative identity to DCs within a domain, is responsible to assign
unique ID to every newly created object such as: user, group, or computer.
4.Infrastructure Master
Infrastructure master role define user to group membership.
5.PDC (Primary Domain Controller) Emulator
Is responsible for policy update, time synchronization within a domain, and
password update.
To check these three roles: Active Directory Users & Computers --- R/C
Domain Name --- Operation Master

13
Summary
• Intro to Backup Domain Controllers
• Types of Backup Domain Controllers
• Promoting to Backup Domain Controllers
•
\
Flexible Single Master Operations Role

14
 Home work
Write complete note about what is backup
domain controller and how install backup
domain controller.

15
End
Any question

16