Windows IT Pro
Connect With Us
Home > Systems Management > Active Directory & Group Policy > Active Directory > Masters of Your Domain

Masters of Your Domain

May 26, 2003 Ronald Stewart | Windows IT Pro

Let's review the five Flexible Single-Master Operation (FSMO) roles in an Active Directory (AD) domain. AD relies on FSMO to prevent conflicts.

Forest Masters

  • Schema master—You must make all changes to an AD schema on the schema master machine. The schema constitutes the design of the AD database, defining both objects (such as users and groups) and their attributes (e.g., phone numbers, group members). Because one schema exists for the entire forest, the schema master ensures that two different administrators don't make conflicting changes to the schema.
  • Domain naming master—Are you creating or deleting a domain? You'll be dealing with this machine, which ensures that you won't encounter name conflicts in the process.

Domain Masters

  • Infrastructure master—The domain controller (DC) with this job ensures the consistency of the infrastructure—the groups and their members, in particular. For example, if you rename a user account, the infrastructure master makes sure that any groups containing that user account reflect the change. The infrastructure master shouldn't be a Global Catalog (GC) server—but by default, in the root domain, it is. Change this default as soon as you have a second DC in the forest root by transferring this role to the other machine.
  • Relative ID master—The relative ID master generates unique numeric values in each domain; these values will be handed out to the DCs to be assigned to each domain object. The relative ID, combined with the domain SID, makes up the object's globally unique identifier (GUID), which is AD's version of the earlier Windows NT 4.0 SID. Having only one machine in each domain generating RIDs ensures that each domain object gets a unique identifier.
  • PDC emulator—This machine emulates an NT 4.0 PDC so that NT 4.0 BDCs can update their SAM databases (as long as you're in mixed mode). However, even if you switch to native mode, the PDC emulator performs several other important functions, such as resolving password discrepancies (e.g., a user changes a password on one DC, but the same user is authenticated by a DC that hasn't received that change). Group Policy changes also occur on the PDC emulator to avoid conflicts. The PDC emulator also functions as a master time server for its domain. Basically, any odd AD job requiring a master server got tossed to the PDC emulator. If the DC with this job fails, you'll miss it, and soon.

Discuss this Article 2

Tariq Azad (not verified)
on May 17, 2004
Excellent Article! I like the details about PDC Emulator. I didn't know that PDC Emulator works as a master browser and is responsible to manage changes about Group Policies.

Please or Register to post comments.

Related Articles
IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• The Microsoft
Technology Roadmap
• Office 365 Implementation
• Hyper-V Optimizing
• Windows 8 Deployment
and much more!

Come See Paul Thurrott & Rod Trent in Person!

Early Registration Now Open

Upcoming Training

Mastering SharePoint 2013: Succeeding, Not Just Surviving

Building on the success of the “Mastering SharePoint 2010” seminars, the presenters have updated the content to cover the latest and greatest SharePoint product: SharePoint 2013. While SharePoint 2013 is relatively new on the marketplace, the presenters have been working with SharePoint 2013 for well over a year, and have implemented it with a number of clients in production environments.

Register Now

Current Issue

May 2013 - The NameTranslate object is useful when you need to translate Active Directory object names between different formats, but it's awkward to use from PowerShell. Here's a PowerShell script that eliminates the awkwardness.

CURRENT ISSUE / ARCHIVE / SUBSCRIBE

Windows Forums

Get answers to questions, share tips, and engage with the Windows Community in our Forums.

Featured Products
Windows 8 Tips
Windows 8 Tips

You’ve been told that Microsoft has somehow compromised the beloved desktop environment and ruined it with Metro...

VIP - Premium Membership
For the IT Professional that needs access to training, premium content, discounts, and more, joining our VIP group just...
Testing with Visual Studio 2012

June 25th
Presented by: Brian Minisi

EARLY BIRD DISCOUNT -...

View CatalogView Shopping Cart

WindowsITPro.com
Related Sites
Copyright © 2013 Penton Media, Inc