Flexible Single Master Operation(FSMO)
Active Directory Forest တိုင္းမွာ, က်ြန္ေတာ္တို႔နားလည္ဖို႔လိုတဲ႔ role 5 role ရွိတယ္. အဲ႔တာေတြက system administrators ေတြအမွန္တကယ္ထိေတြ႔ေနရတဲ႔ Operations Master roles ေတြပဲျဖစ္တယ္. Flexible single master operation (FSMO)လို႔လည္းေခၚပါတယ္
The operation master roles ေတြကိုင္ေဆာင္ထားတဲ႔ domain controller ေတြကေအာက္ပါ အလုပ္ေတြကိုလုပ္ေဆာင္ေပးတယ္
- Ensure consistency
- Eliminate conflicting entries in the Active Directory
Database
အဲ႔ဒီ 5 Operation Master roles ကေတာ႔:
Schema Master (SM)
An active directory တစ္ခုမွာ, Users, Organizational Units, Computers, စတဲ႔ active directory object ေတြရွိတယ္။Object တစ္ခုခ်င္းစီမွာ attributes ေတြရွိတယ္. Attributes မွာ Name, Security, Member of စတဲ႔ properties ေတြရိွတယ္. The Schema Master ဆိုတာကေတာ႔ a forest ထဲက အထက္ပါ active directory schema ရဲ updates အားလံုးကို control လုပ္ဖို႔ assigned လုပ္ထားတဲ ႔domain controller တစ္ခုပဲျဖစ္တယ္
An active directory တစ္ခုမွာ, Users, Organizational Units, Computers, စတဲ႔ active directory object ေတြရွိတယ္။Object တစ္ခုခ်င္းစီမွာ attributes ေတြရွိတယ္. Attributes မွာ Name, Security, Member of စတဲ႔ properties ေတြရိွတယ္. The Schema Master ဆိုတာကေတာ႔ a forest ထဲက အထက္ပါ active directory schema ရဲ updates အားလံုးကို control လုပ္ဖို႔ assigned လုပ္ထားတဲ ႔domain controller တစ္ခုပဲျဖစ္တယ္
Domain Naming Master (DNM)
The Domain Naming Master အေနနဲ႔ assigned လုပ္ထားတဲ႔ domain controller က namespace နဲ႔ပတ္သတ္တဲ႔ all changes ေတြကိုလုပ္ေဆာင္ေပးတယ္, ဥပမာ the child domain soccer.soccernet.com ကို the forest root domain soccernet.com ဆီကို Add လုပ္တဲ႔အခ်ိန္မွာ this role (Domain Naming Master) ကို accessible လုပ္ဖိုလိုတယ္.
The Domain Naming Master အေနနဲ႔ assigned လုပ္ထားတဲ႔ domain controller က namespace နဲ႔ပတ္သတ္တဲ႔ all changes ေတြကိုလုပ္ေဆာင္ေပးတယ္, ဥပမာ the child domain soccer.soccernet.com ကို the forest root domain soccernet.com ဆီကို Add လုပ္တဲ႔အခ်ိန္မွာ this role (Domain Naming Master) ကို accessible လုပ္ဖိုလိုတယ္.
NOTE: The SM and DNM are only found
in the forest root domain
Relative ID (RID) Master
The role ကို ကိုင္ေဆာင္ထားတဲ႔ Domain Controller က a domain မွာရိွတဲ Domain Controller တစ္ခုခ်င္းဆီကို a unique ID ကို Provide လုပ္ေပးဖို႔ပဲျဖစ္ပါတယ္. The numbers ေတြကေတာ႔ sequence အလိုက္သြားပါတယ္ . What is a RID? -> When domain controller create a new object, it is given a security ID. Security ID => Combination of a domain ID + RID. When looking for a SID of a domain, they are all the same. The RID is the UNIQUE part. So, if more than one Domain controller controls the RID for SID, they may derive same RID for different objects and result in inconsistency. Therefore, the RID MASTER is the one giving out the RID to the domain controllers. These domain controllers, in turn use the given RIDs to create new objects. Domain controllers request RID from the RID Master assigned by the System administrators.
The role ကို ကိုင္ေဆာင္ထားတဲ႔ Domain Controller က a domain မွာရိွတဲ Domain Controller တစ္ခုခ်င္းဆီကို a unique ID ကို Provide လုပ္ေပးဖို႔ပဲျဖစ္ပါတယ္. The numbers ေတြကေတာ႔ sequence အလိုက္သြားပါတယ္ . What is a RID? -> When domain controller create a new object, it is given a security ID. Security ID => Combination of a domain ID + RID. When looking for a SID of a domain, they are all the same. The RID is the UNIQUE part. So, if more than one Domain controller controls the RID for SID, they may derive same RID for different objects and result in inconsistency. Therefore, the RID MASTER is the one giving out the RID to the domain controllers. These domain controllers, in turn use the given RIDs to create new objects. Domain controllers request RID from the RID Master assigned by the System administrators.
PDC (Primary Domain Controller)
Emulator
Why this is important:
Why this is important:
- က်ြန္ေတာ္ိတုိ႔ a Group Policy Object(GPO) တစ္ခုကို modifyလုပ္တဲ႔ခ်ိန္မွာ,
the changes ေတြက PDC Emulater role ရွိတဲ႔ Domain Controller ေပၚမွာျဖစ္တယ္.
အဲ႔တာက administrators ေတြအတြက္ modified GPO ေတြကို other DC or
Domain-joined PC ေပၚမွာ တူညီေအာင္ ျပဳလုပ္ေပးတယ္.
- Keep time synchronized လုပ္ေပးတယ္
- Domain Controller တစ္ခုေပၚမွာ password changeလုပ္လိုက္ရင္,
အဲ႔တာက replication scheduled ေပၚမွာမူတည္ျပီး ခ်က္ခ်င္းပဲ အျခား Domain
Controller holding the PDC role ေတြဆီကို replicated လုပ္သြားတယ္.
Infrastructure Master
Basically,Infrastructure Master က the globally unique identifiers (GUID) နဲ႔ security identifiers (SID), အႀကားက interpreter ျဖစ္သလို names for foreign domain objects ေတြကို distinguished လုပ္ေပးတယ္.
Firstly, what is a GUID? GUIDs ကို objects ေတြ created တဲ႔အခ်ိန္မွာ အဲ႔ object ကို assigned ေပးထားတဲ႔ Number တစ္ခုပဲျဖစ္တယ္. သူတို႔မွာ unique numbers ေတြျဖစ္တယ္. ဥပမာက်ြန္ေတာ္တို႔ user A ေဆာက္လိုက္တဲ႔အခ်ိန္မွာ သူမွာ “d39429a2-41b1-4b93-ad3e-0717b7cab60a” ကသို႔ GUID တစ္ခုရွိလာမယ္။အဲ႔ဒီေနာက္ က်ြန္ေတာ္တို႔ကအဲ႔ account ကို delete လုပ္လိုက္မယ္ ေနာက္ထပ္ New account ကို same name ( A) ပဲေပးလိုက္မယ္ အဲ႔ဒီမွာ သူရဲ႔ GUID ကေျပာင္းသြားျပီ ဥပမာ “771efbe5-d009-4156-94cc-2eb9b82e9f43”ေပါ႔ . သူတို႔က 128 bit lengthရွိတယ္. A SID ကေတာ႔ a unique number that is linked to the objects typically users, groups and computers for access control ျဖစ္တယ္. Without matching SID, you cannot access a resource.
Basically,Infrastructure Master က the globally unique identifiers (GUID) နဲ႔ security identifiers (SID), အႀကားက interpreter ျဖစ္သလို names for foreign domain objects ေတြကို distinguished လုပ္ေပးတယ္.
Firstly, what is a GUID? GUIDs ကို objects ေတြ created တဲ႔အခ်ိန္မွာ အဲ႔ object ကို assigned ေပးထားတဲ႔ Number တစ္ခုပဲျဖစ္တယ္. သူတို႔မွာ unique numbers ေတြျဖစ္တယ္. ဥပမာက်ြန္ေတာ္တို႔ user A ေဆာက္လိုက္တဲ႔အခ်ိန္မွာ သူမွာ “d39429a2-41b1-4b93-ad3e-0717b7cab60a” ကသို႔ GUID တစ္ခုရွိလာမယ္။အဲ႔ဒီေနာက္ က်ြန္ေတာ္တို႔ကအဲ႔ account ကို delete လုပ္လိုက္မယ္ ေနာက္ထပ္ New account ကို same name ( A) ပဲေပးလိုက္မယ္ အဲ႔ဒီမွာ သူရဲ႔ GUID ကေျပာင္းသြားျပီ ဥပမာ “771efbe5-d009-4156-94cc-2eb9b82e9f43”ေပါ႔ . သူတို႔က 128 bit lengthရွိတယ္. A SID ကေတာ႔ a unique number that is linked to the objects typically users, groups and computers for access control ျဖစ္တယ္. Without matching SID, you cannot access a resource.
The most important role is actually
the PDC Emulator and needs to be online and contactable at all times.
Comments
Post a Comment