Installing Active Directory on Windows 8 without dcpromo.

dcpromo gives way to a new wizard… I ended up having to figure out how to use the new Server Manager to install the Active Directory services, then clicked around and I finally found a way to configure the first domain controller. The new wizard looks different from what I am used to for a decade plus years of installing Active Directory, but it seems to be a nice upgrade…

For more details and step by step configuration guide, click here … Installing Active Directory on Windows 8

Advertisements

Getting details of FSMO roles placement and General recommendation for FSMO placement

When the Active Directory Installation Wizard (Dcpromo.exe) creates the first domain in a new forest, the wizard adds five FSMO roles. A forest with one domain has five roles. The Active Directory Installation Wizard adds three domain-wide roles on the first domain controller in each additional domain in the forest. In addition, infrastructure master roles exist for each application partition. This includes the default domain and the forest-wide DNS application partitions that are created on Windows Server 2003 and on later domain controllers.

Run the following command from command prompt

netdom query /domain:<parent domain name> fsmo

The operations masters and their scope are shown in the following table.

FSMO Role

Scope

Function and   availability requirements

Schema Master Enterprise
  •   Used to introduce   manual and programmatic schema updates, and this includes those updates that   are added by Windows ADPREP /FORESTPREP, by Microsoft Exchange, and by other   applications that use Active Directory Domain Services (AD DS).
  •   Must be online when   schema updates are performed.
Domain Naming Master Enterprise
  •   Used to add and to   remove domains and application partitions to and from the forest.
  •   Must be online when   domains and application partitions in a forest are added or removed.
Primary Domain Controller Domain
  •   Receives password   updates when passwords are changed for the computer and for user accounts   that are on replica domain controllers.
  •   Consulted by replica   domain controllers that service authentication requests that have mismatched   passwords.
  •   Default target domain   controller for Group Policy updates.
  •   Target domain   controller for legacy applications that perform writable operations and for   some admin tools.
  •   Must be online and   accessible 24 hours a day, seven days a week.
RID Domain
  •   Allocates active and   standby RID pools to replica domain controllers in the same domain.
  •   Must be online for   newly promoted domain controllers to obtain a local RID pool that is required   to advertise or when existing domain controllers have to update their current   or standby RID pool allocation.
Infrastructure Master DomainApplication partition
  •   Updates cross-domain   references and phantoms from the global catalog.
  •   A separate   infrastructure master is created for each application partition including the   default forest-wide and domain-wide application partitions created by Windows   Server 2003 and later domain controllers.
  •   The Windows Server   2008 R2 ADPREP /RODCPREP command targets the infrastructure master role for   default DNS application in the forest root domain.

General recommendations for FSMO placement

  1. Place the schema master on the PDC of the forest root domain.
  2. Place the domain naming master on the forest root PDC.
  3. Place the PDC on your best hardware in a reliable hub site that contains replica domain controllers in the same Active Directory site and domain.
  4. Place the RID master on the domain PDC in the same domain.

Legacy guidance suggests placing the infrastructure master on a non-global catalog server. There are two rules to consider:

  1. Single domain forest:
    In a forest that contains a single Active Directory domain, the infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
  2. Multidomain forest:
    If every domain controller in a given domain that is located in a multidomain forest does not host the global catalog, the infrastructure master must be placed on a domain controller that does not host the global catalog.

 Where these roles are configured in 2008 Server?

  1. Domain wide roles are configured      in Active Directory users and computers. Right click and select domain and      here option is operations master.
  2. Forest roles Domain Naming master      is configured in active directory domain and trust right click and select      operations master. It will let you know the roles.
  3. (c)Forest roles Schema Master is      not accessible from any tool as they want to prevent this. Editing schema      can create serious problem in active directory environment. To gain access      you need to create snap-in and register dll file by regsvr32 schmmgmt.dll.

Seizing of Roles

In case of failures of any server you need to seize the roles. This is how it can be done:

Go to cmd prompt and type ntdsutil

  1. Ntdsutil: prompt type roles to enter fsmo maintenance.
  2. Fsmo maintenance: prompt type connections to enter      server connections.
  3. Server connections: prompt, type      connect to server domain controller, where
    Domain controller is the name of the domain controller to which you are      going to transfer the role
  4. Server connections: prompt, type quit to enter fsmo      maintenance.
  5. Fsmo maintenance: prompt, type seize <name of the role>

After you have Seize the role, type quit to exit NTDSUtil.

%d bloggers like this: