This article explains how to create a new global catalog server. This may be necessary if you need additional global catalog servers (e.g. to support an Exchange 2000 roll out) or if you want to move the global catalog server role to a different domain controller.
There may be occasions when it is necessary to create a new global catalog to replace an existing one, or to add a new global catalog. Microsoft recommends the following method:
- Create a new global catalog on a second domain controller.
- Wait for the account and the schema information to replicate to the new global catalog. For single domains, this is relatively straightforward. For multiple domain networks, full replication will take additional time, depending on the complexity of the network. The new global catalog will be created by normal Active Directory (AD) replication and depending on the structure of your AD forest, this replication could take considerable time.
- Remove the global catalog from the original domain controller (optional).
By default, Windows 2000 will only place a Global catalog on the first Domain Controller in each AD forest.
Continue reading ‘How to create or move a global catalog in Windows Server 2003, Windows 2000, or Small Business Server 2000’ »
This article describes how to use the Ntdsutil.exe utility to transfer or to seize Flexible Single Master Operations (FSMO) roles.
Certain domain and enterprise-wide operations that are not good for multi-master updates are performed by a single domain controller in an Active Directory domain or forest. The domain controllers that are assigned to perform these unique operations are called operations masters or FSMO role holders.
The following list describes the 5 unique FSMO roles in an Active Directory forest and the dependent operations that they perform:
- Schema master - The Schema master role is forest-wide and there is one for each forest. This role is required to extend the schema of an Active Directory forest or to run the adprep /domainprep command.
- Domain naming master - The Domain naming master role is forest-wide and there is one for each forest. This role is required to add or remove domains or application partitions to or from a forest.
- RID master - The RID master role is domain-wide and there is one for each domain. This role is required to allocate the RID pool so that new or existing domain controllers can create user accounts, computer accounts or security groups.
- Continue reading ‘Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller’ »
开启账户审计后，在域控制器事件查看器的安全性日志中会保存每个账户登录成功失败的记录，这是排除问题的基础。 Continue reading ‘域用户被锁定问题’ »