Annex F04 Microsoft AD Physical Structure Flashcards
Create a name for a Microsoft Domain Controller
NIPR designator-NameN01C
SIPR designator-NameS01C
I.e. 1MEBN01C, 1MEBN02C
Domain Controller (DC)
Server in an AD forest that is running Windows Server 2003 or better (2008/2012) and is actively providing directory services known as a domain controller
Has a complete copy of every object in the domain
Relationship between Domain Controller (DC) and Flexible Single Master Operations (FSMO) Roles
5 FSMO roles, 2 unique to forest, 3 unique in each domain
Two unique forest roles
- Schema Master(SM) - Domain Naming Master (DM)
Three roles unique to domain
- Relative ID Master (RID master) - Primary Domain Controller Emulator (PDC emulator) - Infrastructure Master (IM)
Schema Master
Forest level FSMO Role
Usually found on the first DC in forest
Controls the master list of objects and attributes in the AD structure
Schema is how you describe objects (name, rank, etc)
Domain Naming Master
Forest level FSMO role
Records the addition and deletion of domains in the forest
New domains cannot be added or removed if the domain naming master is unavailable
Relative ID Master (RID)
Domain level FSMO role
Every objects has a unique Security ID (SID), the RID master assigns the second half of the SID
Primary DC Emulator
Domain level FSMO role
Processes password changes
Manages group policy updates within a domain
Provides a master time source for the domain
Acts as domain master browser
Infrastructure Master (IM)
Domain level FSMO role
Master catalog of all objects in the domain
All changes and additions are reported to the IM
Without IM, new objects cannot be added to the domain
Global Catalog (GC)
Maintains complete replica of every object in its own domain as well as the most commonly used objects from the entire forest
Two primary functions- authentication for all users in the forest and to allow users to locate objects within AD w/o adding overhead to the network
Site
Interface between the logical and physical structure of AD
Site in AD is defined as a group of servers connected by a fast, reliable, high speed connection
A domain can have any number of sites
Site in AD should exist where a LAN exists
Site Link
Mirror of WAN links
Site links control time and type of replication taking place across WAN links
Replication Process
Domain controllers will replicate freely to each other only if they are placed in the same site
IP bridgehead will consolidate all of the changes and then send them across the WAN links to other sites
IP bridgehead receives changes from the other sites and then replicate those changes to the domain partition of all the DCs in its site
Bridgehead Server
Controls replication into and out of site
Knowledge Consistency Checker (KCC)
Controls replication topology
Service that runs inside every AD DC
Detwermines how AD is going to replicate both inter and intra site
Replicates topology to all DCs every 15 minutes
Builds replication connectors between bridgehead serves in different sites when site links are created
Directory Service Remote Procedure Call (DS-RPC)
Intra site replication uses DS-RPC and is the default, preferred replication protocol in DC’s running Server 2008
