The operator is operating normally by performing a specific task, and these tasks are universal executed by other domain controllers. Since the operation host is critical to the long-term performance of the directory, it must be available relative to all domain controllers and desktop clients that require their services. Be careful when adding more domains and sites to build forests.
To perform these functions, you must enable the domain controller of these operating hosts to be available and placed them in areas with higher network reliability.
Role Transfer is the preferred method of moving the operator role from a certain domain controller to another domain controller. During the role transmission, the two domain controllers are copied to ensure that no information is lost. After the transfer is completed, the previous role holder will re-configure it, so that this role holder no longer tries to be an operational host when the new domile controller is responsible. This prevents the phenomenon of two operational hosts in the network, which may cause corruption.
purpose
There are three operating host roles in each domain:
* Main Dome Controller (PDC) emulator. The PDC emulator processes all replication requests from the Microsoft Windows NT 4.0 backup domain controller. It also handles all password updates available with Active Directory client software for client processing, and any other directory write operation.
* Relative Identifier (RID) host. The RID host assigns the RID pool to all domain controllers to ensure that new security mains can be created using a single identifier.
* Infrastructure host. Give the domain infrastructure host maintains a list of security hosts for any link value properties.
In addition to these three domain operating host roles, there are two operating host roles in each forest:
* Manage all architectural changes architecture hosts.
* Add and delete domains and application partitions to copy to forests (and copy from Lin to the domain) domain name host.
Guidelines
For the design rules and best operations of the initial operating host role assignment, see the Windows Server 2003 Deployment Kit: Plan, Test, and Test Projects. When creating a first domain controller in a specified domain, the host role holder is automatically placed. Assign these three domain characters to the first domain controller created in the domain. Assign both forest-level roles to the first domain controller in the forest.
The cause of the mobile operating host role (one or more) includes: the domain controller service performance of the hosting host role is not sufficient, faulty or cancellation, or the service is configured by an administrator.
Insufficient service level
The PDC emulator is the main role of the host of the domain controller performance. For clients that do not run Active Directory client software, the PDC emulator handles password changes, replication, and requests for user authentication. When serving these clients, this domain controller continues its regular service, such as authentication, using Active Directory client identity. With the growth of the network, the number of client requests may increase the workload of the domain controller of the managed PDC emulator role and reduce its performance. To resolve this issue, you can transfer all or some host operation roles to a more powerful domain controller. In addition, you can choose to transfer this role to another domain controller, upgrade the hardware on the original domain controller, and then return this role.
Host operation role holder failure
In case the host operator holder failure, you must decide if you need to reset the operator role to another domain controller, or wait for the domain controller to return to the service status. The role and expected fault time of the domain controller are determined.
Cancel this domain controller
The role of any of the operating hosts held by this domain controller is transmitted to another domain controller before permanently enabling the domain controller.
Configuration changes
The configuration changes to domain controllers or network topologies require transmission host operation roles. In addition to the infrastructure host, the operator role can be assigned to any domain controller, regardless of any other tasks performed by this domain controller. Do not host the infrastructure host role on the domain controller, this controller is also used as a global catalog server unless all domain controllers in this domain are global catalog servers, or there is only one domain in this forest. If the domain controller of the hostage host role is configured as a global catalog server, this infrastructure host role must be transmitted to another domain controller. Change to a network topology requires transferring operation host roles, which is to make these operating host characters in a particular site. The operator role can be redistributed by transmitting or occupying (final methods).
To transfer a role to a new domain controller, make sure the destination domain controller is a direct replication partner of the previous role holder, and the replication between them is the latest and running normal. This will reduce the time required to complete the role transmission. If the copy does have expired, then the transfer takes some time, but will eventually be completed.
Important: If you must take up an operation host role, you must not reappear the previous role holders to the network without performing the relevant steps in this guide. Erroidly reassure the previous character holder to the network may result in invalid data and data corruption in this directory.
Role place guidelines
Since the host role holder is incorrectly placed, the client may prevent the client from changing its password or add domains and new objects, such as users and groups. The architecture can also be changed. In addition, the name change may not be displayed correctly in the group member identity displayed in the user interface.
Due to environmental changes, you must avoid issues related to the error holder holder holder. Finally, you may need to redistribute these characters to other domain controllers.
While the role of forest-level and domain-level operation host characters can be assigned to any domain controller in the forest or domain, the wrong placement of the base structure host role can cause it to operate normally. Other unsuitable configurations may increase management costs.
Infrastructure host placement requirements
Do not place the infrastructure host on the domain controller of the global catalog server.
The infrastructure host can update the security principal name of the naming link properties. For example, if the user in a certain domain is a member identity in the second group, and the user name in the first domain has changed, then the second domain must be notified in the group member identity list. Update. Since the domain controller in a domain does not copy the security body to the domain controller in another domain, the second domain will not know this changes at all. The infrastructure host always monitors the group member identity and finds the security main body from other domains. If found, you will confirm that this information is updated with the security principal domain. If the information has expired, the infrastructure host performs an update operation and then copies the change to other domain controllers in this domain.
This rule has two exceptions. First, if all domain controllers are global catalog servers, the domain controller of the hosting base host role is not critical, because the global catalog replication has been updated, and it is related to the domain owned. Second, if the forest has only one domain, there is no need to manage the domain controller of the infrastructure host role, which is because there is no security main body in other domains.
Role placement suggestion
Although the operation host role can be assigned to any domain controller, the management fee can be minimized according to the following guidelines, and ensure the performance of Active Directory. If the domain controller of the host is hosted, the recovery process can be simplified according to the following guidelines. Role Place Guidance Guidelines include:
* Place the two forest-level characters on the domain controller in this forest domain.
* Place these three domain characters on the same domain controller.
* Do not place the domain-level role on the global catalog server.
* Place the domain role on a domain controller with a higher performance.
* Adjust the workload of the operator's role holder if necessary.
* Select the extra domain controller, use it as the standby operator of the forest-level role, and select the extra domain controller to do it as a standby of the domain-level role.
The forest-level role in the forest root domain puts the structural host and the domain name host role to the first domain controller created in the forest. To facilitate management, backup, and restore processes, place these roles on the original forest root domain controller. Moving these roles to other domain controllers does not enhance their performance. Separating these roles will produce additional management costs, at this time, you must determine the time of the standby operator and implement the backup and restore policy.
Unlike the PDC emulator role, the forest-level role rarely places a large amount of load on the domain controller. Place these characters together to provide convenient and predictable management.
Place of forest-level role on global catalog server
In addition to the hosted architecture host and domain name host role, the first domain controller in the forest is also hosted for this global catalog.
Domain-level role on the same domain controller
Assign these three domain characters to the first domain controller created in a new domain. These characters are placed in this position except for the forest root domain. These characters are placed together unless the workload on the operator is flat to separately support the extra management load separated by these characters.
Since all clients before Active Directory will be updated to the PDC emulator, the domain controller hosting this role uses more quantity RIDs. Place the PDC emulator and the RID host role on the same domain controller so that the two roles can interact more effectively.
If you have to separate these characters, you can still use a single standby operator host for all three characters. However, it is important to ensure that this spare is a replication partner of all three role holders.
If these roles are separated, the backup and restore process have become more complicated. It is particularly careful when the domain controller of the restore host host character. By hosted these roles on a single computer, the steps of the restore role holder can be minimized.
Lack of domain characteristics on the global catalog server
Do not host the infrastructure host on the domain controller for global catalog servers. Since it is best to keep three domain characters together, this can avoid placing any of the global catalog servers.
Domain-level role on higher performance domain controllers
The PDC emulator role is hosted on a powerful and reliable domain controller to ensure that it can be used and can handle the workload. In all operational host characters, the PDC emulator generates most of the management costs on the server hosting this role. It has the daily interaction that is mainly made to other systems in the network. The PDC emulator is most likely affecting the daily operation of the directory.
Operating the workload adjustment of the host role holder
Domain controllers may be overloaded when trying to provide services to clients on the network, manage their own resources and handle dedicated tasks (such as performing multiple operations host roles). This happens in the domain controller of the hosted PDC emulator role. In addition, the PDC runs on the domain controller of Windows NT 4.0 and the client before Active Directory more than the Active Directory client and Windows 2000 Server domain controllers. If the network environment has a client and domain controller before Active Directory, it may be necessary to reduce the workload of the PDC emulator.
If a domain controller begins to indicate its overload, and its performance is affected, the environment can be reconfigured so that other domain controllers (less useful domain controllers) perform some tasks. This domain controller can be configured by adjusting the burden of domain controllers in the DNS environment, so that they receive fewer client requests than other domain controllers in the network. This domain controller priority can also be adjusted in a DNS environment to process client requests only when other DNS servers cannot be used. Since the DNS client to be processed is small, this domain controller can use more resources to perform the operating host services in this domain.
Task: To operate the host role, the domain controller
When you create a new domain, the Active Directory installation wizard will automatically assign all domain operating host roles to the first domain controller created in this domain. When creating a new forest, the wizard also assigns these two forest-level operating host roles to the first domain controller. After this domain is created and run, you can transfer a variety of operating host roles to different domain controllers to optimize its performance and simplify management. Perform a forest-level and domain operating host role transfer operation when needed, and place the operating host role guidelines to manage it. Before transferring the operator role, use of repadmin.exe with / showreps option to ensure replication between the current role holders and the domain controllers that undertake this role have been updated.
In addition, it is necessary to determine whether the domain controller attempt to assume the operating host role is a global catalog server. However, the infrastructure host in each domain must not host this global catalog.
Unless IT Management Authorization This change, do not change the global catalog configuration attempt to assume the operating host role domain controller. Changing Global Catalog Configuration may result in some changes, these changes can be completed a few days, and this domain controller may not be available during the change. Instead, the operator role can be transmitted to different domain controllers that have been properly configured.
The following steps are explained in the following steps in the topic of the link.
Step 1: Confirm successful copy to domain controller
This step http://www.microsoft.com/technet/itsolutions/techguide/msm/winsrvmg/adpog/adpog5.mspx.
Step 2: Determine if the domain controller is a global catalog server
This step http://www.microsoft.com/technet/itsolutions/techguide/msm/winsrvmg/adpog/adpog5.mspx.
Step 3: Transport the forest-level operation host role
This step http://www.microsoft.com/technet/itsolutions/techguide/msm/winsrvmg/adpog/adpog5.mspx.
Step 4: Transport Domain Operating Host Roles
This step http://www.microsoft.com/technet/itsolutions/techguide/msm/winsrvmg/adpog/adpog5.mspx.
