What is FSMO Roles and How to Transfer in Active Directory

 System administrator, Active Directory and Wintel Administration Questions Answers.

1. What is Active Directory (AD).
-> Active Directory is a database in active directory which stores information about objects in active directory such as Users,Computers , names, passwords, phone numbers, and so on.

2. What is Domain.
->Domain is a logical structure in Active Directory and it is a centralized system which manage and control of Active Directory objects ( such as -Active Directory users, computers, printers, shared folders, groups etc)

->What is child Domain.
 ->when we want to create a domain that shares a contiguous namespace with one or more domains and users,computers should be accessible and authenticated with each other domain then we use ti create Child domain and by default parents -child trust will be created ,so that resources will be shared across the domains. This means if we have our main domain controller then we can create child domain as as it sharing same name space (

3. What is Domain Controller (DC).
->When we install Active directory role or services on any of the server , it becomes Domain Controller.

4. What is Additional Domain controller(ADC).
->We use to create Additional domain controller or domain controller to balance load of Domain Controllers in AD, when an organization grows and we require to place another domain controller to manage the load of a domain controller to provide sooth and faster Authentication to users.

4. What is Schema in Active Directory.
->Active Directory schema is a component of Active Directory which provides the rules for object while creating the object in Active Directory forest. Active Directory schema will list all the Pre-defined objects and information about objects that are stored in Active Directory.
The schema will Create  blueprint of Active Directory and schema defines that will define which kinds of objects can exist in the Active Directory database and attributes of those objects.

5. What is object in Active directory.
->In Active Directory users, computers, printers, shared folders, groups etc are called object.

6. What is Attribute in Active Directory.
->Which describe properties of object as user name,email ID,Display name etc.

7. What is Forest in Active Directory.
-> Forest is a collection of Tree in active directory which contains domains, and child domains in a forest ,domain,sub-domains. forest can contain one or more domain container objects, all of which share a common logical structure, global catalog, directory schema, and directory configuration, as well as automatic two-way transitive trust relationships between domains. The first domain in the forest is called the forest root domain.
Active Directory Forest and Tree

8. What is Tree in Active Directory.
->It is a collection of one or more Domains which shares same name space in Active Directory. Example - if we have a domain - and we have created 2 more Child domain with name: and then all 3 domain will forma a tree in Active directory as shown in above figure.

9. What is Organizational Unit (OU).
-> It will group the object ( Objects -Users,Groups and Computers) in a single container to manage it effectively and efficiently .We can place Active directory objects to an OU and will be able to apply group policy to manage its using GPO.
Active Directory OU

10.What is FSMO role in Active Directory.
->Active Directory functions with Five FSMO (Flexible single master operation) role and have responsibility for performing a specific task and these Domain Controllers are called Operations Master.Below is the list of five FSMO Role.

    ->Schema Master (Forest Wide)
    ->Domain Naming Master (Forest Wide)
    ->RID Master (Domain Wide)
    ->PDC Emulator (Domain Wide)
    -> Infrastructure master (Domain Wide)

11.What is Forest Wide and Domain Wide FSMO Role in Active Directory.
->Forest Wide roles means, In a forest only 2 roles can exist(schema master,Domain Naming master), If we have 2 Forest then we will have 4 FSMO roles (2 schema master and 2 domain naming Master ).
->Domian Wide Role means,In a Domian only 3 roles can exist (RID,PDC,Infrastructure master), If We have 2 Domain then we will have 6 FSMO Roles (RID,PDC,Infrastructure master).

**TIPS** =>Now the question is if we have 3 Forest and 4 Domains then how many total FSMO roles will be there.
   ->Total 18 roles.

=>We can Split or separate or Transfer roles to different -different DCs.

12. What is Schema master Role.
 -> Active Directory schema defines what can exist within the Active directory. it controls all updates and modifications to the schema such as Objects, attributes. To update the schema of a forest, you must have access to the schema master.

  => If This role is Down or server that holding this role is down then we will be not able to modify Schema.

13.What is Domain Naming Master Role.
->Domain Naming Master ensures that new domains added to your Windows Server 2008 R2 /2012 forest have unique domain  names.It means if our domain is " " then we can not create another domain with same name.

14.What is PDC Emulator and why its most important roles.
->It Manages Password Change in a Domain.
->It manages Time sync in a Domain, child domain.
->PDC Emulator should be available when creating or modifying Group Policies.

=>If this roles goes down then all of the above will not work and if time sync is not working then users will be not able to login to system itself and user can not change the passwords and account lockout will not happen.

15.What is RID Master.
->It doesn't allow to create duplicate user account groups or we cannot add duplicate computer name to domain,so basically it doesn't allow to added duplicate userid ,groups, computer account to domain based on user or computer sid.

=>If this role is down then we cant create any user ,group or computer in AD.

16.What is Infrastructure Master role.
->It update the object changes to entire domain,if we change any members of user account  are changed or named then it has to be updated to entire domain,so this is done by infrastructure role.

17.What is Global Catalog.
->It is just listing of all the objects in a domain and partial listing of all the objects of other domain.

 =>it doesn't not update anything in domain, it just list the objects.

***Global catalog and Infrastructure role can not be on the same server/Domain controller.***

18.How to Transfer /split/separate FSMO role.
->Right click in domain name ->the click on operation masters->then we can see three roles on the screen then enter the domain controller to as highlighted in figure then click on change option.

Tansfer of FSMO Role

Transfer of FSMO Role

=>Above steps is for only 3 FSMO roles (RIP,PDC and Infrastructure Roles).

19.Now how to transfer schema and domain naming master roles 
->for schema master role,we need to register schema and then we can transfer it.
cmd->regsvr32 schmmgmt.dll
active directory learning -schema registration command

Then -Start>Run>mmc
once mmc windows has opened then got to file->add remove snaps->add->ok ,as shown in figure

active directory adding schema to mmc

Once we have added it then we can right click on Active Directory Schema->change schema master->enter name of domain controller and change it as shown in below figure

Active Directory interview question and answers-schema transfer

20.How to transfer Domain naming master Role.
->open Active Directory Domain and trust from ==>start->administrative tool->Active Directory Domain and trust->right click on active directory domain and trust ->operations master->change   as shown in below figure.
active directory interview questions and answers

21.What is Active Directory Database and location.
-> Database File Location: C:\windows\NTDS

=>DataBase File Name:

every interviewer ask this question

No comments:

Post a Comment

Quotes About Love