Your Ad Here
« How to Install a license on Citrix Presentation Server 4
How to Import a 2003 PST file into Outlook 2000 / XP /97 »

What are the Active Directory FSMO Roles in Windows 2003?

18th September 2006

 Overview

Domain Controllers in NT 4.0 used to be simple. You had one PDC (Primary Domain Controller) in a domain and all the others were equal BDCs(Backup Domain Controllers). In 2000 and 2003 with the introduction of alot more features domain controllers are very similair to each other in many respects. There are certain roles however that need to be performed on certain Domain Controllers. These are called FSMO roles (Flexible Single Master Operations) and will definately come up in the MCSe exams. Here I describe what they are and some best practices in setting them up and troubleshooting.

PDC Emulator

The PDC Emulator is a domain controller that advertises itself as the PDC (Primary Domain Contoller) to pre 2000 versions of Windows such as NT 4.0. In the days of NT4.0 users could get authenticated with any domain controller, however when they needed to change their password or various other functions only the PDC would do. Even with the newer windows versions it still handles password changes and account lockouts. It is also the Domain Master Browser and synchronises the time amongst the domains PCs. You need one PDC Emulator for every domain you have.

RID Master

Each object in Active Directory is assigned a Unique number (GUID). By objects I mean basically anything, such as users, computers etc. The RID (Relative ID) Master makes sure each domain controller has its own set of GUIDs to avoid any duplication.  As with the PDC Emulator there is one RID master for every domain in your forest.

Infrastructure Master

This Domain Controller is responsible for manging objects (Users, computers etc) in its domain to objects in other domains in the forest. Once again there is only one Infrastructure Master in each domain.

Domain Naming Master

This Domain Controller controls the adding and removal of additional domains. Unlike the above three there can only be one Domain Naming Master in the whole forest.

Schema Master

This domain controller manages any changes to the schema (Active directory thinks of most things as objects, these are held in a database which is called the schema). To make any changes to the schema you must have access to this domain controller. As with the domain naming master there can only be one of these in the whole forest. Without this you will not be able to install Exchange 2003.

This entry was posted on Monday, September 18th, 2006 at 7:57 pm and is filed under Windows, Active Directory. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply

You must be logged in to post a comment.

« How to Install a license on Citrix Presentation Server 4
How to Import a 2003 PST file into Outlook 2000 / XP /97 »