September 10, 2012 by Ravindra Kulkarni
1. Domain Naming Master — Forest Wide Roles
2. Schema Master — Forest Wide Roles
3. RID Master (Relative ID Master) — Domain Wide Roles
4. PDC Emulator — Domain Wide Roles
5. Infrastructure Master — Domain Wide Roles
Details about the Roles:
Relative ID (RID) Master: — it assigns RID and SID to the newly created object like Users and computers. If RID master is down (u can create security objects up to RID pools are available in DCs) else u can’t create any object one its down. The RID master is responsible for processing RID pool requests from all domain controllers in a particular domain. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object.
PDC emulator: It works as a PDC to any NT Bdcs in your environment
It works as Time Server (to maintain same time in your network)
It works to change the passwords, lockout etc. The PDC emulator is necessary to synchronize time in an enterprise. Windows 2000/2003 includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows 2000/2003-based computers within an enterprise use a common time
- Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is reported to the user.
- Account lockout is processed on the PDC emulator.
- Editing or creation of Group Policy Objects (GPO) is always done from the GPO copy found in the PDC Emulator’s SYSVOL share, unless configured not to do so by the administrator.
At any one time, there can be only one domain controller acting as the PDC emulator master in each domain in the forest.
Infrastructure Master: This works when we are renaming any group member ship object this role takes care. When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. At any one time, there can be only one domain controller acting as the infrastructure master in each domain.
Domain Naming Master: Adding / changing / deleting any Domain in a forest it takes care,. This DC is the only one that can add or remove a domain from the directory. There can be only one domain naming master in the whole forest.
Schema Master: It maintains structure of the Active Directory in a forest. The schema master domain controller controls all updates and modifications to the schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. There can be only one schema master in the whole forest.