Schnaufer
2003-01-21, 05:10 AM
操作主機(Operation Master)或 FSMO(Flexible Single Master Operation)Role
樹系等級(Forest Level)
Schema Master(架構主機),最好與 Domain Naming Master 在同一台 DC 上。
Domain Naming Master(網域命名主機),必須同時是 GC,最好與 Schema Master 在同一台 DC 上。
網域等級(Domain Level)
PDC Emulator(主網域控制站(PDC)競爭者),最好與 RID Master 在同一台 DC 上。
RID Master(相對 ID 主機),最好與 PDC Emulator 在同一台 DC 上。
Infrastructure Master(基礎建設主機),不可同時是 GC,除非:
* Single Domain Forest
* Multidomain Forest where every DC holds the GC
* Infrastructure Master has no work to do
辨別 DC 扮演那些操作主機角色
GUI Tools
AD Users and Computers:PDC Emulator, RID Master, Infrastructure Master。
AD Domains and Trusts:Domain Naming Master。
AD Schema:Schema Master。
NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server ServerName
server connections: quit
domain management: select operation target
select operation target: list roles for connected server
DCdiag Command-Line Tool
DCdiag /test:Knowsofroleholders /v
NETDOM query FSMO Command-Line Tool
Dumpfsmos.cmd,file of Windows 2000 Server Resource Kits。
AD Replication Monitor
Monitored Servers \ SiteName \ ServerName \ Properties \ FSMO Roles
Script files,Using ADSI and WSH,參見 KB235617。
操作主機角色的轉移(Transferring an Operation Master Role)
GUI Tools
AD Users and Computers:PDC Emulator, RID Master, Infrastructure Master。
AD Domains and Trusts:Domain Naming Master。
AD Schema:Schema Master。
NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server ServerName
server connections: quit
FSMO maintenance:
Transfer RID master
Transfer PDC
Transfer infrastructure master
Transfer domain naming master
Transfer schema master
FSMO maintenance: quit
ntdsutil: quit
Script file,Using VB script or WSH。
操作主機角色的奪取(Seizing an Operation Master role)
NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server ServerName
server connections: quit
FSMO maintenance:
Seize RID master
Seize PDC
Seize infrastructure master
Seize domain naming master
Seize schema master
FSMO maintenance: quit
ntdsutil: quit
參考資料
KB197132 - Windows 2000 Active Directory FSMO Roles (http://support.microsoft.com/?scid=kb;en-us;197132)
KB223346 - FSMO Placement and Optimization on Windows 2000 Domain Controllers (http://support.microsoft.com/?scid=kb;en-us;223346)
KB223787 - Flexible Single Master Operation Transfer and Seizure Process (http://support.microsoft.com/?scid=kb;en-us;223787)
KB228776 - Setting User Rights for Designating FSMO Roles in an Enterprise (http://support.microsoft.com/?scid=kb;en-us;228776)
KB234790 - HOW TO: Find Servers That Hold Flexible Single Master Operations Roles (http://support.microsoft.com/?scid=kb;en-us;234790)
KB235617 - How to Find the FSMO Role Owners Using ADSI and WSH (http://support.microsoft.com/?scid=kb;en-us;235617)
KB255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller (http://support.microsoft.com/?scid=kb;en-us;255504)
KB255690 - HOW TO: View and Transfer FSMO Roles in the Graphical User Interface (http://support.microsoft.com/?scid=kb;en-us;255690)
KB283595 - HOW TO: Change the Role Owner of the Operations Master After a Successful Seizure (http://support.microsoft.com/?scid=kb;en-us;283595)
KB316201 - RID Pool Allocation and Sizing Changes in Windows 2000 SP4 (http://support.microsoft.com/?scid=kb;en-us;316201)
KB324801 - HOW TO: View and Transfer FSMO Roles in the Windows .NET Server Family (http://support.microsoft.com/?scid=kb;en-us;324801)
KB216970 - Global Catalog Server Requirement for User and Computer Logon (http://support.microsoft.com/?scid=kb;en-us;216970)
KB241789 - How to Disable the Requirement that a Global Catalog Server Be Available to Validate User Logons (http://support.microsoft.com/?scid=kb;en-us;241789)
KB246303 - XGEN: Global Catalog Searches and Related TCP Ports (http://support.microsoft.com/?scid=kb;en-us;246303)
KB248717 - How to Modify Attributes That Replicate to the Global Catalog (http://support.microsoft.com/?scid=kb;en-us;248717)
KB252490 - HOWTO: Use ADSI to Query the Global Catalog for a UPN (http://support.microsoft.com/?scid=kb;en-us;252490)
KB256287 - Unable to Change Password with User Principal Name When a Global Catalog Server Is Unavailable (http://support.microsoft.com/?scid=kb;en-us;256287)
KB256938 - Default Global Catalog Attributes in Windows 2000 Active Directory Schema (http://support.microsoft.com/?scid=kb;en-us;256938)
KB313994 - HOW TO: Create or Move a Global Catalog in Windows 2000 (http://support.microsoft.com/?scid=kb;en-us;313994)
KB315850 - Dcpromo.exe Does Not Work if the Domain Naming Master Is Not a Global Catalog (http://support.microsoft.com/?scid=kb;en-us;315850)
樹系等級(Forest Level)
Schema Master(架構主機),最好與 Domain Naming Master 在同一台 DC 上。
Domain Naming Master(網域命名主機),必須同時是 GC,最好與 Schema Master 在同一台 DC 上。
網域等級(Domain Level)
PDC Emulator(主網域控制站(PDC)競爭者),最好與 RID Master 在同一台 DC 上。
RID Master(相對 ID 主機),最好與 PDC Emulator 在同一台 DC 上。
Infrastructure Master(基礎建設主機),不可同時是 GC,除非:
* Single Domain Forest
* Multidomain Forest where every DC holds the GC
* Infrastructure Master has no work to do
辨別 DC 扮演那些操作主機角色
GUI Tools
AD Users and Computers:PDC Emulator, RID Master, Infrastructure Master。
AD Domains and Trusts:Domain Naming Master。
AD Schema:Schema Master。
NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: domain management
domain management: connections
server connections: connect to server ServerName
server connections: quit
domain management: select operation target
select operation target: list roles for connected server
DCdiag Command-Line Tool
DCdiag /test:Knowsofroleholders /v
NETDOM query FSMO Command-Line Tool
Dumpfsmos.cmd,file of Windows 2000 Server Resource Kits。
AD Replication Monitor
Monitored Servers \ SiteName \ ServerName \ Properties \ FSMO Roles
Script files,Using ADSI and WSH,參見 KB235617。
操作主機角色的轉移(Transferring an Operation Master Role)
GUI Tools
AD Users and Computers:PDC Emulator, RID Master, Infrastructure Master。
AD Domains and Trusts:Domain Naming Master。
AD Schema:Schema Master。
NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server ServerName
server connections: quit
FSMO maintenance:
Transfer RID master
Transfer PDC
Transfer infrastructure master
Transfer domain naming master
Transfer schema master
FSMO maintenance: quit
ntdsutil: quit
Script file,Using VB script or WSH。
操作主機角色的奪取(Seizing an Operation Master role)
NTDSUTIL Command-Line Tool
C:> ntdsutil
ntdsutil: roles
FSMO maintenance: connections
server connections: connect to server ServerName
server connections: quit
FSMO maintenance:
Seize RID master
Seize PDC
Seize infrastructure master
Seize domain naming master
Seize schema master
FSMO maintenance: quit
ntdsutil: quit
參考資料
KB197132 - Windows 2000 Active Directory FSMO Roles (http://support.microsoft.com/?scid=kb;en-us;197132)
KB223346 - FSMO Placement and Optimization on Windows 2000 Domain Controllers (http://support.microsoft.com/?scid=kb;en-us;223346)
KB223787 - Flexible Single Master Operation Transfer and Seizure Process (http://support.microsoft.com/?scid=kb;en-us;223787)
KB228776 - Setting User Rights for Designating FSMO Roles in an Enterprise (http://support.microsoft.com/?scid=kb;en-us;228776)
KB234790 - HOW TO: Find Servers That Hold Flexible Single Master Operations Roles (http://support.microsoft.com/?scid=kb;en-us;234790)
KB235617 - How to Find the FSMO Role Owners Using ADSI and WSH (http://support.microsoft.com/?scid=kb;en-us;235617)
KB255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller (http://support.microsoft.com/?scid=kb;en-us;255504)
KB255690 - HOW TO: View and Transfer FSMO Roles in the Graphical User Interface (http://support.microsoft.com/?scid=kb;en-us;255690)
KB283595 - HOW TO: Change the Role Owner of the Operations Master After a Successful Seizure (http://support.microsoft.com/?scid=kb;en-us;283595)
KB316201 - RID Pool Allocation and Sizing Changes in Windows 2000 SP4 (http://support.microsoft.com/?scid=kb;en-us;316201)
KB324801 - HOW TO: View and Transfer FSMO Roles in the Windows .NET Server Family (http://support.microsoft.com/?scid=kb;en-us;324801)
KB216970 - Global Catalog Server Requirement for User and Computer Logon (http://support.microsoft.com/?scid=kb;en-us;216970)
KB241789 - How to Disable the Requirement that a Global Catalog Server Be Available to Validate User Logons (http://support.microsoft.com/?scid=kb;en-us;241789)
KB246303 - XGEN: Global Catalog Searches and Related TCP Ports (http://support.microsoft.com/?scid=kb;en-us;246303)
KB248717 - How to Modify Attributes That Replicate to the Global Catalog (http://support.microsoft.com/?scid=kb;en-us;248717)
KB252490 - HOWTO: Use ADSI to Query the Global Catalog for a UPN (http://support.microsoft.com/?scid=kb;en-us;252490)
KB256287 - Unable to Change Password with User Principal Name When a Global Catalog Server Is Unavailable (http://support.microsoft.com/?scid=kb;en-us;256287)
KB256938 - Default Global Catalog Attributes in Windows 2000 Active Directory Schema (http://support.microsoft.com/?scid=kb;en-us;256938)
KB313994 - HOW TO: Create or Move a Global Catalog in Windows 2000 (http://support.microsoft.com/?scid=kb;en-us;313994)
KB315850 - Dcpromo.exe Does Not Work if the Domain Naming Master Is Not a Global Catalog (http://support.microsoft.com/?scid=kb;en-us;315850)