操作主機(Operation Master)或 FSMO(Flexible Single Master Operation)Role
樹系等級(Forest Level)
- Schema Master(架構主機),最好與 Domain Naming Master 在同一台 DC 上。
- Domain Naming Master(網域命名主機),必須同時是 GC,最好與 Schema Master 在同一台 DC 上。
網域等級(Domain Level)
- PDC Emulator(主網域控制站(PDC)競爭者),最好與 RID Master 在同一台 DC 上。
- RID Master(相對 ID 主機),最好與 PDC Emulator 在同一台 DC 上。
- Infrastructure Master(基礎建設主機),不可同時是 GC,除非:
* Single Domain Forest
* Multidomain Forest where every DC holds the GC
* Infrastructure Master has no work to do
辨別 DC 扮演那些操作主機角色
- GUI Tools
AD Users and Computers:PDC Emulator, RID Master, Infrastructure Master。
AD Domains and Trusts:Domain Naming Master。
AD Schema:Schema Master。- NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server ServerName
server connections: quit
domain management: select operation target
select operation target: list roles for connected server- DCdiag Command-Line Tool
DCdiag /test:Knowsofroleholders /v- NETDOM query FSMO Command-Line Tool
- Dumpfsmos.cmd,file of Windows 2000 Server Resource Kits。
- AD Replication Monitor
Monitored Servers \ SiteName \ ServerName \ Properties \ FSMO Roles- Script files,Using ADSI and WSH,參見 KB235617。
操作主機角色的轉移(Transferring an Operation Master Role)
- GUI Tools
AD Users and Computers:PDC Emulator, RID Master, Infrastructure Master。
AD Domains and Trusts:Domain Naming Master。
AD Schema:Schema Master。- NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server ServerName
server connections: quit
FSMO maintenance:
Transfer RID master
Transfer PDC
Transfer infrastructure master
Transfer domain naming master
Transfer schema master
FSMO maintenance: quit
ntdsutil: quit- Script file,Using VB script or WSH。
操作主機角色的奪取(Seizing an Operation Master role)
- NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server ServerName
server connections: quit
FSMO maintenance:
Seize RID master
Seize PDC
Seize infrastructure master
Seize domain naming master
Seize schema master
FSMO maintenance: quit
ntdsutil: quit
參考資料
- KB197132 - Windows 2000 Active Directory FSMO Roles
- KB223346 - FSMO Placement and Optimization on Windows 2000 Domain Controllers
- KB223787 - Flexible Single Master Operation Transfer and Seizure Process
- KB228776 - Setting User Rights for Designating FSMO Roles in an Enterprise
- KB234790 - HOW TO: Find Servers That Hold Flexible Single Master Operations Roles
- KB235617 - How to Find the FSMO Role Owners Using ADSI and WSH
- KB255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller
- KB255690 - HOW TO: View and Transfer FSMO Roles in the Graphical User Interface
- KB283595 - HOW TO: Change the Role Owner of the Operations Master After a Successful Seizure
- KB316201 - RID Pool Allocation and Sizing Changes in Windows 2000 SP4
- KB324801 - HOW TO: View and Transfer FSMO Roles in the Windows .NET Server Family
- KB216970 - Global Catalog Server Requirement for User and Computer Logon
- KB241789 - How to Disable the Requirement that a Global Catalog Server Be Available to Validate User Logons
- KB246303 - XGEN: Global Catalog Searches and Related TCP Ports
- KB248717 - How to Modify Attributes That Replicate to the Global Catalog
- KB252490 - HOWTO: Use ADSI to Query the Global Catalog for a UPN
- KB256287 - Unable to Change Password with User Principal Name When a Global Catalog Server Is Unavailable
- KB256938 - Default Global Catalog Attributes in Windows 2000 Active Directory Schema
- KB313994 - HOW TO: Create or Move a Global Catalog in Windows 2000
- KB315850 - Dcpromo.exe Does Not Work if the Domain Naming Master Is Not a Global Catalog
 |
書籤