Microsoft Azure AZ-800 — Section 3: Deploy and manage AD DS domain controllers Part 7

30. Troubleshoot flexible single master operations (FSMO) roles

I now want to take a look at how we can see which machines are our physical roles, our flexible single master operation rules.

OK, so here I am on NYC DC one and you can see your physical roles in different places.

OK, so the first thing I’m going to have, I’m going to go to is I’m going to open up server manager. All right. I’m going to go to the tools menu. All right, and we will take a look at Active Directory users and computers. We’re going to go ahead and click on Active Directory users and computers. All right. We’re going to load that tool up, and you’re going to notice that all three of your domain level Phasma roles can be found by by right clicking exam lab practices .com. In other words, right click your domain object in actor, director users and computers, and you’ll see Operation Masters.

OK. From there, you can see Red PDC and Infrastructure Master.

So all three are can be located right through this graphical tool. All right.

Now, if we close out of that and we go to ols, Active Directory domains and trust. We right click right here, right click active director domains and trust once we get in there, we’ll click on Operations Master. You guys can see that this where the domain naming master is managed.

OK, now the last one is the schema master. There’s only one problem. We don’t actually have the schema tool to actually look at that one.

OK, so, If we want to see the schema master, none of these tools, as you can see here, are going to let us look at that. That’s because Microsoft has actually hidden the schema tool from you. They don’t actually want you to be able to jump right in and look at that. You actually have to register a deal file in order to do it.

So, if I actually go right here and I go right click the start button and I click run, I might say I’m going to type Reg. SVR thirty two. That’s RPG SVR three to hit the spacebar, and then I’m going to type C H M M GMT dot the L L, so that’s reg SVR space in MGMT.

OK, now before I run that, I want to show you something if I type emceed RTX. Does help if you don’t Typekit emceed RDX. That’s going to bring me into the Microsoft management console, I can hit the phone menu, admits snapping, and you guys can see that I do not have the scheme at all. The scheme at all is going to show up right here once I register it.

OK, so, I’m going to close out of that.

OK, let’s try it again.

So right click Start, hit run. And then I’m going to type Reg SVR 32 C-H img mtd yellow hit Enter k. You’re going to get a deal succeeded message.

Now I should be able to go into the MSI. Go to the farm and you add remove snap in and a look what shows up magically Active Directory schema so, I can add that tool.

OK. There’s the Active Directory schema, so here’s a look at the schema.

OK. Am I right click actor, director, schema, Operation Master? And there you have it.

OK, so NY CDK1 is the scheme is the master of all these roles. All right.

So what if you want to move a role? So, if a master, if your Operation Master are up and running and they haven’t gone down unexpectedly and you want to move a role, you can transfer it.

OK? You can transfer it graphically using this button here, or you can actually use PowerShell or there’s a command called in TDS util that’ll let you do it, which I’ll show you the commands in a minute. But notice that I’m not giving, I’m not even being given an option to transfer it to a different machine. That’s because you actually need to be on the machine that you want to transfer the role to.

OK.

So like, for example, let me jump over to NYC Server one, which is also a domain controller.

Now we’re going to go into server manager will go to ols and logo to Active Directory users computers. And let’s look at one of the let’s look at the three roles that are there, and we’ll transfer one of those roles.

OK. All right.

So here’s actor, director use computers. I’m going to right click his name, lab practice. I’m going to go to Operation Masters and then from there, I’m going to choose infrastructure, let’s say.

So let’s transfer the infrastructure master. You’ll notice that current infrastructure master is NYC DC one I want to transfer to server one. I can.

So, I’m just going to click change and says, Are you sure I’ll say yes? And the role is now being transferred.

OK, so, it does take a little time to replicate. But as you can see, it’s going to show up is NYC server one. Let’s jump back over to NYC DC one. Go to ols, Zach, director users and computers.

OK, So, we’re on deck one now, right click Operation Master K. We’ll look at infrastructure and notice the current role is NYC server one. All right.

So, it has officially been transferred. All right.

Now you can transfer roles. If they’re up and running, you’re going to use the graphical tool to do that to transfer roles. And then there’s also some command line tools.

Now the other thing you do when it comes to troubleshooting and dealing with Phasma roles is you may have to seize a role. Remember that all domain controllers have at least a read only copy of all five of these roles. Seizing a role occurs when one of the roles has gone down unexpectedly, and there’s no signs of it coming back up. You know, it’s not coming back up.

So as a last resort, you do what’s called seizing. Seizing is where you’re going to convert one of the read only copies of a roll to a readable copy.

OK, so how can we do that? All right. Well, first thing we can do. Is we can go to command prompt. All right.

So open up command prompt start seeing the, you know, go to command prompt like so and you can run this command in T the s utile needs you to. If you didn’t know Active Directory when they first created Active Directory, the original name for it was called in TBS New Technology Directory Services. That was in the late 90s when Active Directory was still kind of a beta. And then in the year 2000, everything got renamed to Active Directory.

So the original four letter acronym for Active for Active Directory was not AIDS, it was actually NTDs.

So this why you’ll occasionally see references to that older name or that older acronym.

So, I’m going to hit here, OK? And then I’m going to do a little question mark and you’ll see the commands that are available to me. All right.

So from there, you’ll see some different options, there’s an option called roles, so, I’m just going to type roles are alias, hit Enter and I’m a do question mark again. And there it is. This how you can seize. You could seize the role over to another domain controller. You can convert the read only copy to the right of all.

OK, so, I’m not going to do that right now, but you could try that out if you wanted to quit out of this.

OK. The other thing I want to show you is there is a PowerShell command that can be used as well.

So, if I right click Start, go to PowerShell. There is a command that’s called Move -80 Directory Server Operations Master also moved Ash A.D. Hold on. It’s catching up. I’m hitting the Tab key here. All right. There it is. That big, huge command right there. And then I could specify the identity of that I wanted to of the server.

So maybe I want to do N.Y.C, SVR one, for example, right? And then the next would be the Operation Master Roll that you want to transfer.

OK.

So actually, I’ll show you that there is a great idea with PowerShell. Always remember with PowerShell is there’s a health article that shows you how to use pretty much every command.

Now you can. You could type. Get help. All right. Get help. And then type the command. But I’m a bigger fan of the Help article, so, If you go out to the internet. And just type it into Google, for example.

So, we just go to Google, we’ll just paste it into Google. You’ll notice that Microsoft has a help article that will show you exactly how to use pretty much every PowerShell command in existence.

So there we go. Pull that up, and then from there, you’ll see examples on how to use it, so, If I wanted to move it, move the pizza, Emily Roll.

So, Identity the Operation Master, you want to move so very easy command to use. That’s another way that you can, you know, you could move or if you want to seize the role. Here’s an example of seizing. Same exact kind of thing. All right. They’re seizing seizing roles here, but you can see the PowerShell command to do that. All right.

OK. Hopefully, that gives you a much better understanding now of Operation Master rules how to move, how to seize the whole troubleshooting side of things and and you’re now ready to move on.

Related posts:

  1. 6 Easy Steps to Building a Successful IT Career in 2021
  2. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 10
  3. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 21
  4. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 32
  5. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 42
  6. Fortinet NSE4_FGT-7.2 — FortiGate Firewall — Section 1: FortiGate Firewall V6.4 1 Part 53
  7. IT Job Interview Questions: What Should You Know to Shine Like a Diamond in Front of Your Hiring Manager?
  8. List of Top IT Jobs and Related Certifications in 2020 to Rock the IT World
  9. Microsoft Azure AZ-800 — Section 3: Deploy and manage AD DS domain controllers
  10. Time to Succeed: Free IT Certification Training to Get Certified Easily