Microsoft KB Archive/326432

From BetaArchive Wiki

Article ID: 326432

Article Last Modified on 10/19/2006


APPLIES TO

  • Microsoft Windows Services for UNIX 2.0 Standard Edition
  • Microsoft Windows Services for UNIX 3.0 Standard Edition


This article was previously published under Q326432

SUMMARY

Before you can install Microsoft Services for UNIX on a child domain, you must have the Flexible Single Master Operations (FSMO) role as domain role owner. This role is also known as the domain naming master role.

Additionally, the user ID that you use to install Services for UNIX must be a member of the schema administrators group.

MORE INFORMATION

The following information (that was obtained from the Netdom.exe tool) is a sample default domain configuration for a parent and child domain.

Parent Domain - domain.com

  • Schema owner chronic.domain.com (parent domain)
  • Domain role owner chronic.domain.com (parent domain)
  • PDC role chronic.domain.com (parent domain)
  • RID pool manager chronic.domain.com (parent domain)
  • Infrastructure owner chronic.domain.com (parent domain)

Child Domain - child.domain.com

  • Schema owner chronic.domain.com (parent domain)
  • Domain role owner chronic.domain.com (parent domain)
  • PDC role profiteer.child.domain.com (child domain)
  • RID pool manager profiteer.child.domain.com (child domain)
  • Infrastructure owner profiteer.child.domain.com (child domain)

With this configuration, the installation of Network Information Service (NIS) on a child domain does not succeed because you must install NIS on the domain role owner.

Only one of these domain roles exists in each forest. You can transfer this role to any computer in the forest. One way to find this role is to use the netdom query fsmo command of Active Directory directory services from the support tools. You can then transfer the role.

Note It is generally safe to transfer FSMO roles. An exception to this would be if you are transferring the role from a domain controller that has crashed or is otherwise unavailable. This process is known as a role seizure and requires that you format the computer where the role is seized from to become the naming master again.
For additional information about how to transfer the domain role, click the following article number to view the article in the Microsoft Knowledge Base:

255690 How to view and transfer FSMO roles in the Graphical User Interface


For more information about how to seize the domain role, click the following article number to view the article in the Microsoft Knowledge Base:

255504 Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller


After you transfer the role, use Netdom.exe to query and to verify that the role has been transferred.

Child Domain - child.domain.com

  • Schema owner chronic.domain.com (parent domain)
  • Domain role owner profiteer.chronic.domain.com (child domain)
  • PDC role profiteer.child.domain.com (child domain)
  • RID pool manager profiteer.child.domain.com (child domain)
  • Infrastructure owner profiteer.child.domain.com (child domain)

Now you can install Services for UNIX on a child domain.

Microsoft also recommends that you run the Sfusch.exe program before you update any schema.

REFERENCES

For more information about how an administrator can use Netdom.exe to join a domain from a command line, see Windows NT 4.0 Resource Kit Supplement II.

Keywords: kbdswsfu2003swept kbhowto KB326432



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/326432&oldid=180616
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki