What is FSMO Role | Flexible Single Master Operation

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi guys welcome to i network 365 and in this video i will explain what is fsr roles okay so before i explain fsmo i need to explain something called multi-master replication okay so here you can see there are two side one is site one and one is site two so site one is in usa and psi two is in uk now in between them they are connected through internet which is called cycling you can see here there is something called site link okay so just will assume that dc1 the administrator in dc1 he has created a user account called user1 so what will happen immediately this user one will be synchronized to dc2 and dc3 as well and same thing applies to dc2 if i create anything here it will be synchronized to dc3 and dc1 as well so this is called intra site replication so same thing applies in uk as well so if you create a user over here it will be replicated to dc5 and dc6 now the problem comes when the same user account is created in both side for example we'll say that here the administrator he has created user called user 2 and the administrator in site one he also has created a use account called user two so now what will happen is since there are two same accounts in different location at the time when they are synchronizing the active directory database will have conflict because there are two duplicate names created so to prevent this problem what microsoft has done they have introduced fsmo so in fsmo there is five roles so each roles has its own duty for example if you take a school in school you might have maths teacher science teacher so each teacher they have their own duty so same thing applies in fsmo okay fsmo stands for flexible single master operation so under fleximo there are two levels one is forest level and another one is domain level under forest level you will find schema master domain naming master and under domain level you will find rib master pdc emulator and infrastructure master so next i will explain what is this each rolls are used for okay so next one is schema master so schema master is a collection of class and its attributes such as employee name phone number login name so class means uh in schema is like it's a common word used for uh accounts such as user account computer account group accounts so these things comes under class and attributes means in user account you can add uh like employee name department their phone number same line and computer account also you can add some details so these things are known as attributes so let me show you in the server the schema master and the attributes okay i will go to the active directory okay so in here uh if i want to explain uh regarding a class it can be user account group account and also computer account and attributes means if i open user account you can see here there are some additional informations which i can fill uh the address account details profile telephone number so these all the things are known as attributes so same thing applies to the group account as well and computer account so if it doubles the computer account here you can see there are some additional informations which i can fill so these are known as attributes and also if you want to view schema master uh there is one command which you can execute so please know that by default the schema master is hidden so to unhide the schema master you have to go to run and you have to execute this command okay so this command i will list in my description on how to unhide the schema master so after typing this command click ok so now you can see there's a message which is displaying that it succeeded so now the schema master is unhidden so what i will do again i'll go to run and type mmc and i'll click ok so from this window i'll click file at remote snap in then i'll expand this and here you can see schema master so i will click add and okay so now when i double click schema master you can see there is classes and attributes so if you go to classes we can see a group account then you can see computer account and also you can see user account so there are more things which is coming under class so these are the three main things which i have showed you and the other thing you can see the attributes as well like you user account expiry date uh and password changes so these things all you can see in the schema master normally in a most of the companies they don't do any changes for the schema master but yeah there are some places where they do these changes so if they do any changes over here it will reflect in your forest so this is all about the schema master okay next one is domain naming master which is responsible to promote and demod domain controllers and also it is responsible to create and and prevent duplicate name created in the forest so for example like you can see uh there is two diagram here so the first diagram you can see that there are duplicate names and on the second diagram you can see there is no any duplicate names existing so in this case the first diagram is invalid and the second diagram is valid okay so next one is readmaster readmaster stands for relative id master which is responsible to assign unique identification to the objects which is called security identification so objects means computer group account user account so these things comes under objects and also to give you a clear understanding about security identification we will take that in a real-world scenario you might have driving license or as passport or as national identity card so if you take national identity card in your national identity card you might have a unique id which is only assigned to you this id number you will not find in another person's id card so same thing applies in grid master if you create a user account he will have a seed number so this seed number will not be duplicated to a different user account and example if you create a account called jonathan and he might have a sid number which have given example of how seed number looks like so if that account is deleted and if i create again a same account called jonathan he will have this time a different seed number so whatever permissions you are given to the previous account will not be reflecting to his new account so always keep keep in mind the permission and rights are associated to his sid number not his username so always keep in mind if anyone resigns from your company or if they are terminated make sure that you have not deleted their user account in case if you delete their user account you will not be able to decrypt certain data which he has encrypted and also read master provides read pool for every domain controller so for example you can see a diagram in dc1 there is red master and in other dc there is red 2 created for them one is from 1 to 100 and the dc2 they have formed 101 to 200. so what it means that in dc2 they can cr they can assign seed number between 1 to 100 and same thing applies to dc3 they can assign seed number to their user account between 101 to 200. so that means whenever they create an account so sid number will be assigned based on these numbers in case if these numbers are finished the domain controller will will request from this reit master to extend their trade pool limit so these things will be done by redmaster so if you want to see your domain controllers red pool i will show you that one okay so in the domain controller type command cmd and type the command dc diag forward slash test double column and type grid manager again space forward slash v so here i'll scroll up and here you can see my red pool for this domain which is starting from 200 to this number so this is the command which you can use to view your report okay next one is pdc emulator which stands for primary domain controller this is responsible to synchronize time across the forest for example if you connect any domain controllers to your root domain you will see that your time will be changed according to the road domain same thing applies to the client computers when you're connecting your client computers to the domain automatically the time will be changed according to the root domains time so these things are done by pdc emulator and also pdc emulator replicates password immediately if the password is changed for a user account so these things are handled by pdc emulator okay so next one is infrastructure master infrastructure master is responsible to update user account information when it is moved from a different domain or cross domain it is also important when there is multiple forest or single large forest also it should not be placed in a domain controller which holds global catalog so if any information or any changes made to a user account attributes this information will be replicated to the other domain controllers in the network so for example i will show you the diagram here okay here you can see a diagram which i am going to explain about infrastructure master so here there are two different forest one is hdd.local and another one is i network 365.local so in between them they have something called truss relationship enabled so in that case the http.local can access i network 365 resources and same thing applies to i network as well they can access http.locals resources so here the administrator what he's going to do he's going to create a account called user1 and he's going to assign this user one permission to access i network 365 resources so this information will be passed to global catalog server so global catalog is like a address book in active directory it has all the information about the user account so what will happen the global catalog will update this user one in its database so after updating the use the information in its database a phantom record will be sent to none global catalog domain controllers so here you can see dc2 and dc3 doesn't have global catalog so in that case a phantom record will be sent to their domain controllers so here the dc2 will receive that phantom record and it will request all the details of this user account so this information will be passed to infrastructure master and when the user when he's trying to login to dc3 so the dc3 will request from infrastructure master if this information or else if this user is a valid user account so since infrastructure now has all the information about this user one so it will reply saying yes he can login to the account in dc3 so then only dc3 will allow user one to login to their system or access their shared resources in case if the infrastructure's master is not working so then the user account will not be able to look into their domain controller so this is the main responsibility of infrastructure master so before i end this video i need to show you infrastructure master rig master in the active directory so what i'm going to do i'm going to login to the active directory okay so if i right click on my domain name over here you can see there is something called change operation master so if i click this one you can see i can change rate master pdc emulator and infrastructure master so that means i can change them to a different location also please keep in mind all these five rows are already installed in the root domain controller so if you want to change you can change them from here okay so guys that's all about this video and i hope that you guys understood uh about this ffsmr rose so on my next video i will show you how to seize this f4 summer rolls to a different domain controller so until then please subscribe share and like my video

Info

Channel: iNetwork365

Views: 13,334

Rating: undefined out of 5

Keywords: FSMO, FSMO Roles, fsmo roles in active directory, schema master, domain naming master, PDC emulator, RID Master, Infrastructure Master, fsmo roles and their uses, what is fsmo roles in active directory, inetwork 365, inetwork365, active directory, operation master roles, how to check fsmo roles, fsmo roles in active directory 2019, fsmo roles in active directory 2016, fsmo roles in active directory 2012, check fsmo roles, fsmo roles explained, Understand FSMO roles

Id: YLlDOelu2gg

Channel Id: undefined

Length: 15min 59sec (959 seconds)

Published: Sat Sep 26 2020