What is the replacement of extra domain in cloud computing? 04/27 Update SLTechnology News&Howtos

What is the replacement of extra domain in cloud computing?

2025-04-27 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Shulou(Shulou.com)05/31 Report--

This article shows you what the replacement of extra domain in cloud computing is like, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

An extra domain controller refers to the deployment of a second or more domain controllers in a domain, each with an Active Directory database. The use of extra domain controllers can avoid business stagnation caused by damage to the primary domain controller. if a domain controller is damaged, as long as one of the other domain controllers in the domain is working properly, domain users can continue to complete a series of tasks such as user login and access to network resources. In addition, the use of domain controllers can also play the role of load balancing. When the number of users is very large, there will be a certain delay in login at the same time, while multiple extra domain controllers can handle users' login requests and share access traffic. users don't have to wait that long. But the primary domain controller is broken, and the extra domain controller will not automatically take over the work, resulting in the domain user being unable to log in (if caching is disabled). To make the extra domain controller take over, you can only upgrade the extra domain to primary domain control by grabbing the FSMO and global catalog roles.

Briefly talk about the FSMO role. There are five kinds of FSMO operation host roles, which are PDC host, RID host, structure host, domain naming host and architecture host.

PDC is an abbreviation for primary domain controller. The role of a PDC host is at the domain level, and only one domain controller can act as a PDC host in a domain.

RID is a part of SID (Security Identifier). The role of the RID host is to provide an available RID pool for Active Directory (default 500s) and automatically replenish the pool when the RID in the pool is consumed to a certain extent. If the RID host fails, it will obviously cause trouble for us to create a large number of user accounts. Similar to PDC hosts, RID hosts function at the domain level.

The role of the structure host is to update the cross-domain object references. if a user in domain A joins a group in domain B, the structure host in domain B will be responsible for paying attention to whether the user in domain A has changed. for example, whether it has been deleted, the work of the structure host can ensure the maneuverability of inter-domain object references. If it is a single domain, there is basically no need for the structural host to do anything. If you are in a multi-domain forest environment, it is important to remember that the structural host should not be placed on the same domain controller as GC (global catalog), otherwise the structural host will not work properly. The role level of the structure host is also at the domain level.

Domain naming host, the role level of this operation host is forest level! The domain naming host is mainly responsible for controlling the addition or deletion of domains in the domain forest, that is to say, if a new domain is added in the domain forest, the domain naming host must judge that the domain name is legal before the operation can continue. If the domain naming host is not online, we will not be able to create a new domain in the domain forest.

Architecture host, the role level of this host is also forest level. The role of the schema host is very important, and if we want to modify the schema of the Active Directory, we can only operate from the schema host. Many of Microsoft's advanced server products need to modify the architecture of Active Directory, such as Exchange,Office Communications Server,SMS, when they are deployed. Take the most famous Exchange as an example, if we cannot contact the architecture host online when we deploy Exchange in the domain, then the deployment of Exchange cannot continue.

Grabbing roles requires the use of ntdsutil.exe tools (the transfer of roles can be done under the interface, and the transfer of the architecture should be done by regsvr32 schmmgmt.dll and then adding schema management items in mmc). The specific process of seizing a role is as follows:

C:\ > ntdsutil

Ntdsutil: roles (manage the owner token of the NTDS role)

Fsmo maintenance: Select operation target (select the target of the operation)

Select operation target: connections (connect to a specific domain controller)

Server connections: connect to domain lianxi.com (here connects to the extra domain)

After the connection is successful, press "Q" to exit to the upper menu

There are two methods: Seize and Transfer. If the owner of the original FSMO role is offline or cannot be started due to hardware damage, use Seize or Transfer if you are online. For example, if SERVER is offline and crashes, we will use "Seize".

Fsmo maintenance:Seize domain naming master