7/16/2018 Active Directory Functions

Previous Page | Next Page

Home
Operating Systems
Active Directory Functions
Windows

1. Introduction Flexible Single Master Operations (FSMO)

2. Windows 2000
Professional
Windows 2000 Domains work using a multiple master design with
restricted master operations on a master domain controller. This was done
3. Windows 2000
to distribute the load on domain controllers but there are some operations
Server
that can only be done on a single or "master" controller.
4. Windows 2000
Advanced There are a set of Flexible Single Master Operations (FSMO) which can
Server only be done on a single controller. An administrator determines which
5. Windows 2000 operations must be done on the master controller. These operations are all
Datacenter set up on the master controller by default and can be transferred later.
Server
FSMO operations types include:
6. Application
Schema Master - Makes changes to the database schema.
Support Applications may remotely connect to the schema master.
7. System Domain Naming Master - Adds or removes domains to or from the
Operation forest.
8. Disks and PDC Emulator - When Active Directory is in mixed mode, the
Volumes computer Active Directory is on acts as a Windows NT PDC. The first
9. Filesystems server that becomes a Windows 2000 domain controller takes the
10. Configuration
role of PDC emulator by default. Functions pewrformed by the PDC
emulator:
Files
User account changes and password changes.
11. Security
SAM directory replication requests.
12. Network Domain master browser requests.
Support Authentication requests.
13. Access The NTLM protocol is used by the PDC emulator to contact non-
Management Windows 2000 clients and servers for exchange of authentication
14. Processes information. When contacting Windows 2000 servers , the Windows
15. AD Structure 2000 protocol is used.
16. AD Objects
Relative ID Master (RID Master) - All objects have a Security
Identifier (SID) and a domain SID. The RID assigns relative IDs to
17. AD Object
each domain controller.
Naming
Infrastructure Master - Updates group membership information
18. AD Schema when users from other domains are moved or renamed. If you
19. AD Sites transfer this function, it should not be transferred to the domain
20. Domains controller that is the global catalog server. If this is done, the
21. AD Functions Infrastructure Master will not function.
22. AD Replication
23. DNS
24. AD Security
An Operation Master performs one or more of the flexible single master
operations listed above.
25. AD Installation

http://www.comptechdoc.org/os/windows/win2k/win2kadfunctions.html 1/3
7/16/2018 Active Directory Functions

26. AD Windows 2000 client Authentication

Configuration
27. AD When operating in mixed mode, the PDC emulator will allow non Windows
Performance 2000 clients to use NTLM authentication protocol rather than Kerberos. If a
28. Installation Windows 2000 client cannot find a Windows 2000 domain controller for
29. Installation logon purposes, it will attempt to contact a Windows NT PDC using the
Options
NTLM protocol. If the Windows 2000 client successfully logs on using an NT
server, group policy objects cannot be loaded.
30. Unattended
Installation
Global Catalog Server
31. Software
Distribution
The Global Catalog Server (GCS) maintains an Active Directory global
32. Remote catalog with information about all objects the forest along with universal
Installation groups and group members. It has a copy of all objects in its domain and
Service some objects in other domains. It has a copy of domain local and global
33. Language groups, but not members of those groups. It provides universal group
34. Accessibility membership information and allows users to find resources. It is used to
35. File Attributes search for objects in the forest.
36. Shares
Normally the first domain controller is a global catalog server. The "Active
37. Distributed File
Directory Sites and Services tool: in "Administrative Tools" is used to move
System the global catalog server or create another one.
38. Control Panel
39. Active A global catalog server must be available or the user cannot logon to the
Directory Tools domain unless the user is in the group "Domain Admins".
40. Computer
Management
A Universal group may contain users and groups from any domain in a
forest.
Console Tools
41. MMC Tools Adding more global catalog servers will make searching the forest faster, but
42. Network Tools more network bandwidth will be required for replication between global
43. Network catalog servers.
Monitor
44. System AGDLP rule
Performance
Monitoring AD File Storage
45. Tools
46. Managing
Database file - Stored in SystemRoot\NTDS\ntds.dit, it holds all AD
objects and attributes. Contains these tables:
Services
Object table - Has a row for each object in AD.
47. Connections Link table - Stores inter object relationship information.
48. TCP/IP Schema table - Has a list of all objects and their attributes.
49. DHCP Log file - The following files are stored in the System Rootdirectory in
50. Printing the NTDS folder.
51. Routing Checkpoint log files - Holds pointers to transaction logs that have
52. IPSec been committed to the AD database. The file name is edb.chk.
53. ICS Transaction log files - Stores transactions that are either
54. Fault
commited or are about to be committed to the AD database. The
file name is edb.log. If more than one log file is used the log file
Tolerance
name is edbhhhhhh.log where "hhhhhh" is a hexadecimal based
55. Backup number.
56. System Failure Patch files - Manages data while backups are done. These files
57. Services have the file extension ".pat".

http://www.comptechdoc.org/os/windows/win2k/win2kadfunctions.html 2/3
7/16/2018 Active Directory Functions

58. Remote Reserve log files - Reserves hard drive space for transaction log
Access files. The files names are res1.log and res2.log.
59. WINS
60. IIS Garbage collection
61. Certificate
Server Active Directory performs garbage collection. Deleted AD objects are are
62. Terminal
tagged with a tombstone rather than being immediately removed. The
toumbstone lifetime attribute (default of 60 days) defines how long the
Services
tombstoned object will remain in the database until it is deleted.
63. Web Services
64. Authentication
65. Accounts
66. Permissions
67. Groups
68. User Rights
and Auditing
69. Auditing
70. User Profiles
71. Policies
72. Group Policies
73. Miscellaneous
74. Terms
75. Credits

Windows
Operating Systems
Home

http://www.comptechdoc.org/os/windows/win2k/win2kadfunctions.html 3/3