F04 Physical Structure Flashcards
Define Domain Controller
- A server in an AD Forest that is running Window Server 2003 or better network operating system and actively providing directory services is known as a domain controller.
- A DC has a complete copy of every object in the domain.
Flexible Single Operations Master
- FSMO
- Each domain controller can have multiple roles.
Schema Master
- First DC in the forest
- Controls the master list of objects and attributes in the AD Structure.
- AD Schema cannot be modified unless SM is available.
- Forest level role
Domain Naming Master
- Forest level role
- The DNM records the additions and deletions of domains in the forest.
- Domain cannot be added/deleted if DNM is not available.
RID Master
- Objects have unique Security Identifier (SID)
- 1st Part: domain specific 2nd Part: uniquetoobject
- RID master creates SID blocks and assigned them to Dc.
- DC uses block of RID to complete SID object.
- If RID master is not available then object cannot be added to domain if all RID are used.
- Domain Level Role
Primary Domain Controller (PDC) Emulator (1st function)
- Process password changes IOT ensure all DC know of PW changes.
- All PW changes get recorded on PDC first.
- this ensure users can lon on to domain if replication has not occured between DC.
- If different DC have different user password then PDC emulator resolves this issues.
Primary Domain Controller (PDC) Emulator (2nd function)
-Manage group policy updates within a domain.
Primary Domain Controller (PDC) Emulator (3rd function)
- Provides a master time source for the domain.
- PDC in the forest root domain is the time master for the entire forest.
- Important because because AD relies on time stamps to manage objects.
Infrastructure Master
- The IM master is the master catalog of all objects in the domain.
- All changes are reported first to the IM and then replicated out to the other DC.
- Domain level role.
- Without IM object cannot be added to the domain.
3 DC partition
- Schema Partition
- Configuration Partition
- Domain Partition
DC Schema Partition
-Has a copy of the schema of the forest
DC Configuration Partition
- Defines the physical sturucture of AD.
- The Servers and the roels that they play
DC Domain Partition
-Domain partition is where they keep a copy of all of the objects in the domain.
IP Bridgehead
- IP bridgehead control replication into and out of the site.
- DC replicate freel within a site.
- All changes are sent to the IPB and then sent over the WAN.
Replication connections
- Replication connections across the WAN are configured between sites and contain costs and interval.
- Cost is the available bandwidth and delay.
- Replication interval is set by adminitrator.
Knowledge Consistency Checker
- Replication topology is controlled by the KCC.
- KCC is a service in AD and determined how AD replicates both inter and intra site
KCC replication interval
KCC service repliactes this topology to all DC every 15 minutes.
KCC protocol
Directory Service Remote Procedure Call (DS-RPC)
-Inter-site messaging Simple Mail Transfer Protocol Call (ISM-SMTP)
DS-RPC
Intra-site replication utilizes DS-RPC and is the default protocol in DC runing W2K8R2
-DS-RPC is not dispicted in the diagram.
ISM-SMTP
- Can be used for inter-site replication.
- USMC uses DS-RPC because its easier
DNS Configuration
- Primary Zone
- Secondary Zone
- Active Directory Integrated
- Stub DNS Zone
DNS Primary Zone
-as
