Davonte Brown

ITT Technical Institute

3825 West Cheyenne Avenue, Suite 600
North Las Veas, Neva!a 8"032
NT#330 Client$Server Net%or&in II
Wee& 5, 'nit 5 ( )lo*al Catalo an! +le,i*le Sinle -ater ./erations 0+S-.1 2oles
Exercise
+or this 3,ercise
Please evaluate the information provided and after reading in the lessons for this week, answer the scenario deliverables.
This exercise is due at the beginning of the next class meeting.
Unit 5. Exercise 1. AD FSMO Role Management Research: Alternate Methods
Course .*4ectives an! Learnin .utco5es
In this Exercise, ou will determine the best tools for determining !"#$ roles and develop a plan for the failure of a role
holder.
Assin5ent 2e6uire5ents
%eview to the following scenario&
' (unior IT administrator has been tasked with documenting current !"#$ %ole )olders and *+ "ervers, as well as
documenting procedures for responding to !"#$ %ole unavailabilit and sends the following email&
,,,
To& IT 'dmin
I need to determine which D+s currentl hold which roles and determine which D+s are *lobal +atalog "ervers. I also
need to develop a plan for failure of a role holder. I know there are multiple was to accomplish this task but I-m not sure
the best tools for an given scenario. /ould ou use ntdsutil or ##+ "nap,ins. /hat about dcdiag. 'n advice or
suggestions would be appreciated0
1unior 'dmin
,,,
%espond with practical steps and2or a recommended approach to the problem&
Su*5ission 2e6uire5ents
3,4 pages, #icrosoft /ord
Double,spaced
Times 5ew %oman, 34 pt. font
6tili7e 'P' 8 formatting
Ensure that ou include a cover page and reference page.
5T399: +lient,"erver 5etworking II Page 3 of 4 /eek ;, <:,8=: >esson 9
"teve Todd
Davonte Brown
Active Directory is a multimaster database which means that updates can be made by any writeable DC.
Some sensitive operations need to be controlled more stringently than others, such as schema
management and adding or removing additional domains from an AD forest. These specified roles are
called Flexible Single aster !perations "FS!#. This means only one DC in the replica ring can
provide a particular operation.
To find which roles a DC currently hold you can use the ntdsutil. From the start menu, $ey roles and
press enter, $ey connections press enter, $ey connect to server and server name and domain press enter,
$ey %uit and press enter, $ey select operation target press enter, $ey list roles for connected server and
press enter and %uit. There are other ways to find which roles a DC currently holds, such as&
'ou must $now the default settings.
(y default the first domain controller installed in the forest root domain is designated as a global catalog
server. Schema snap)in, AD Domains and Trusts snap)in, And for *+D, ,DC emulator and +nfrastructure
use AD users and configuration snap)in. 'ou will need to develop plan in the event that a role holder fails.
-ere are some suggestions.
The ,rimary Domain Controller ",DC# and the *elative +dentifier aster "*+D# should be on the same
DC if possible. The ,DC role is mostly used of all FS! roles and has the widest range of functions.
The Schema aster and Domain .aming aster should be on the same DC. -ope this helped you out
in doing the tas$ you needed to do than$ you and have a nice day.
5T399: +lient,"erver 5etworking II Page 4 of 4 /eek ;, <:,8=: >esson 9
"teve Todd