0
If you only have one domain in your forest, nothing will be wrong. If you do however have multiple domains in you forest, and you put your GC and infrastructure master on the same machine, things can go horribly wrong. This is because GC and Infrastructure Master use the same NTDS.dit file, changes will be changed by GC and Infrastructure Master checks the NTDS.dit and doesn't see any change, because GC already changed the NTDS.dit Only way you can run GC and infrastructure Master on the same machine in a multiple domain forest is to enable GC on all domain controllers... greets
What else can I help you with?
When you are the administrator of an active directory forest that contains a forest root domain with three child domain how many of each FSMO does this forest contain?
1 Domain Naming Master, 1 Schema Master, 1 PDC Emulator, 1 Infrastructure Master, 1 RID Master
What can you transfer from one domain controller to another using the Active Directory Domains and Trusts MMC snap-in?
Domain Naming Master
What needs to be accessible to add or remove an application directory partition from active directory?
Domain Naming Master, pg 87 in your ITT server 2008 R2 handbook, Mr. ITT student.
What are FMSO Servers?
Flexible Single Master Operations servers. They are servers that every Active Directory needs that serve a single purpose. Here are the FSMO servers: Schema Master Domain Naming Master Infrastructure Master Relative ID Master PDC Emulator Those are the five FSMO server rolls that get assigned to 1 or more domain controllers in each domain. Schema and Domain Naming Master will have only 1 server per AD Forest.
What are several of the largest advantages of using active directory integrated zones as a type for a larger organization?
The main zone types used in Windows Server 2003 DNS environments are primary zones and Active Directory-integrated zones. Both primary zones and secondary zones are standard DNS zones that use zone files. The main difference between primary zones and secondary zones is that primary zones can be updated. Secondary zones contain read-only copies of zone data.An Active Directory-integrated zone can be defined as an improved version of a primary DNS zone because it can use multi-master replication and the security features of Active Directory. The zone data of Active Directory-integrated zones are stored in Active Directory.Active Directory-integrated zones are authoritative primary zones.A few advantages that Active Directory-integrated zone implementations have over standard primary zone implementations are:Active Directory replication is faster, which means that the time needed to transfer zone data between zones is far less.The Active Directory replication topology is used for Active Directory replication, and for Active Directory-integrated zone replication. There is no longer a need for DNS replication when DNS and Active Directory are integrated.Active Directory-integrated zones can enjoy the security features of Active Directory.The need to manage your Active Directory domains and DNS namespaces as separate entities is eliminated. This in turn reduces administrative overhead.When DNS and Active Directory are integrated; the Active Directory-integrated zones are replicated, and stored on any new domain controllers automatically. Synchronization takes place automatically when new domain controllers are deployed
How many active directory schemas can you have in a single Microsoft Windows server 2003 forest?
Only one Schema Master are user in Forest
What fsmo can you transfer from one domain controller to another using the active directory domains and trust mmc snap-in?
Domain Naming Master
What two fsmo roles should not reside on the same server?
Infrastructure Master & RID which consists unique ID to SID of all objects in a directory for all domain's in a forest.
What is multiple-master replication?
Single-master replication can make it difficult for administrators to manage Active Directory objects, especially if they are located in remote offices and must work over a slow wide area network (WAN) link. To address this problem, Active Directory uses multiple-master replication, in which it is possible to make changes to domain objects on any domain controller, which replicates those changes to all of the other domain controllers.
What zones are stored in active directory?
Primary zone: This is the only zone type that can be edited or updated because the data in the zone is the original source of the data for all domains in the zone. Updates made to the primary zone are made by the DNS server that is authoritative for the specific primary zone. You can also back up data from a primary zone to a secondary zone.Secondary zone: A secondary zone is a read-only copy of the zone that was copied from the master server during zone transfer.Active Directory-integrated zone: An Active Directory-integrated zone is a zone that stores its zone data in Active Directory. DNS zone files are not needed. This type of zone is an authoritative primary zone. Zone data of an Active Directory-integrated zone is replicated during the Active Directory replication process. Active Directory-integrated zones also enjoy the security features of Active Directory.Stub zone: A stub zone is a new Windows Server 2003 feature. Stub zones only contain those resource records necessary to identify the authoritative DNS servers for the master zone.as well underscore zone _msdcs
Which commands can be used to configure active directory permissions from the command line?
The following command-line tools can be used to manage Active Directory CSVDE Import and export Active Directory data using comma-separated format. Dsadd Add users, groups, computers, contacts, and organizational units to Active Directory. Dsmod Modify an existing object of a specific type in the directory. The types of objects that can be modified are: users, groups, computers, servers, contacts, and organizational units. Dsrm Remove objects of the specified type from Active Directory. Dsmove Rename an object without moving it in the directory tree, or move an object from its current location in the directory to a new location within a single domain controller. (For cross-domain moves, use the Movetree command-line tool.) Dsquery Query and find a list of objects in the directory using specified search criteria. Use in a generic mode to query for any type of object or in a specialized mode to query for for selected object types. The specific types of objects that can be queried through this command are: computers, contacts, subnets, groups, organizational units, sites, servers and users. Dsget Display selected attributes of specific object types in Active Directory. Attributes of the following object types can be viewed: computers, contacts, subnets, groups, organizational units, servers, sites, and users. LDIFDE Ceate, modify, and delete directory objects. This tool can also be used to extend the schema, export Active Directory user and group information to other applications or services, and populate Active Directory with data from other directory services. Ntdsutil General purpose Active Directory management tool. Use Ntdsutil to perform database maintenance of Active Directory, to manage single master operations, and remove metadata left behind by domain controllers that were removed from the network without being properly uninstalled.
What FSMO placement considerations do you know of?
Windows 2000/2003 Active Directory domains utilize a Single Operation Master method called FSMO (Flexible Single Master Operation), as described in Understanding FSMO Roles in Active Directory. In most cases an administrator can keep the FSMO role holders (all 5 of them) in the same spot (or actually, on the same DC) as has been configured by the Active Directory installation process. However, there are scenarios where an administrator would want to move one or more of the FSMO roles from the default holder DC to a different DC. Windows Server 2003 Active Directory is a bit different than the Windows 2000 version when dealing with FSMO placement. In this article I will only deal with Windows Server 2003 Active Directory, but you should bear in mind that most considerations are also true when planning Windows 2000 AD FSMO roles
