Previous lecture

• Network Architecture Overview

• Intro to Active Directory Domain Services
• Understanding Server Roles & Features
• Installing Active Directory Domain Services
• Introduction to Domain Controllers
CHAPTER 3
Backup Domain Controllers & FSMO Role
Lecture Outline

• Intro to Backup Domain Controllers

• Types of Backup Domain Controllers
• Promoting to Backup Domain Controllers
• Flexible Single Master Operations Role
Backup Domain Controllers

In order to have fault tolerance and high availability its recommended to have at
least two domain controllers in your environment.
A PDC (Primary Domain Controller) and a BDC (Backup Domain Controller). You
must install a PDC before any other domain server.
Primary Domain Controller maintains the master copy of the directory database
and validates users.
Backup Domain Controller contains a copy of the directory database and can
validate users. If the PDC fails then the BDC can be promoted to a PDC.
Server Roles & Features

A domain can have multiple Backup Domain Controllers. Having at least one BDC in
a domain is crucial, if the PDC fails, you can keep the domain functioning by
promoting the Backup Domain Controller to Primary Domain Controller.
Each BDC in a domain can maintains a read-only or editable copy of the PDC’s
master directory database.
Types of Backup Domain Controllers
ADC
• Stands for Additional Domain Controller.
• Store writable / editable copy of primary or
master domain controller.
• On ADC we can add, delete and update any
kind of object.
• Remote uses can authenticate locally.
• Good when we have higher security.
RODC
• Stands for Read Only Domain Controller.
• Store a read only copy of primary or master domain
controller.
• On RODC we can’t add, delete and update any kind of
object.
• Remote users can authenticate locally.
• Good when we have lower security.
Promoting to Backup Domain Controllers

How to configure a machine as ADC and RODC?

Step1: configure IP address and join machine on domain
Step2: install AD DS role from server manager
Step3: promote server as ADC / RODC
Step4: verify ADC & RODC
FSMO Role (Flexible Single Master Operator)

Active directory has five special roles which are vital for the smooth running of AD
and we are able to transfer these roles to any domain controller. The obvious
advantage here is to transfer these role automatically to another working DC if any
particular DC goes down.
Because an active directory role is not bound to a single DC, it is referred to as a
Flexible Single Master Operation (FSMO) role.
To check: DCs --- Cmd:\> netdom query fsmo
Domain Controllers
FSMO role is broadly divided into five roles and they are:
1) Schema Master
2) Domain Naming Master
3) RID Master
4) Infrastructure Master
5) PDC Emulator
FSMO Role (Flexible Single Master Operator)

1.Schema Master
This role is use to control updates on schema, we use this whenever we want
to change schema. By default schema master role doesn’t exist on tools
menu to bring AD schema:
C:\> regsvr32 schmmgmt.dll
Run: mmc --- file --- add/remove snap-in --- select AD Schema --- add --- OK
2.Domain Naming Master
Is responsible for adding, removing, editing domain to forest network, when
a new domain is added to the forest the name must be unique within the
forest.
Active Directory Domains & Trusts --- R/C AD Domain and Trust --- Operation Master
FSMO Role (Flexible Single Master Operator)

3.RID (Relative Identity) Master

Allocates relative identity to DCs within a domain, is responsible to assign
unique ID to every newly created object such as: user, group, or computer.
4.Infrastructure Master
Infrastructure master role define user to group membership.
5.PDC (Primary Domain Controller) Emulator
Is responsible for policy update, time synchronization within a domain, and
password update.
To check these three roles: Active Directory Users & Computers --- R/C Domain
Name --- Operation Master
Any Question ?
m.shoaibnoori@gmail.com
Summary

• Intro to Backup Domain Controllers

• Types of Backup Domain Controllers
• Promoting to Backup Domain Controllers
• Flexible Single Master Operations Role