Windows Server 2003 Flexible Single Master Operations Part III
- 0
- Add a Comment
- Windows Server 2003 Flexible Single Master Operations Part II
- Windows Server 2003 Flexible Single Master Operations Part I
- Use Group Policy To Deploy Applications In Windows Server 2003 Part II
- Use Group Policy To Deploy Applications In Windows Server 2003 Part I
- Group Policy Processing In Windows Server 2003 Part VI
In the previous installment of this article, you learned about the two forest-wide FSMO roles. The remaining three roles are the Relative ID (RID) Master, Primary Domain Controller (PDC) Emulator and the Infrastructure Master. These roles are domain-wide.
The RID master is responsible for assigning strings of relative IDs to domain controllers within a domain. Each time a new object is created within Active Directory it is assigned a security ID that consists of a domain ID identifying the domain and a relative ID that uniquely identifies the object. When a domain controller runs out of relative IDs it must contact the RID Master before creating any new objects. Also, when you attempt to move objects between domains using the MOVETREE command, the command must be initiated on the RID Master in the domain where the object exists. If the RID Master is unavailable, both operations will fail.
The PDC Emulator acts as a Windows NT Primary Domain Controllers (PDC) for those legacy clients not running Windows Server 2003 and for any Windows NT Backup Domain Controllers (BDC) that may still exist on the network. The PDC Emulator is responsible for processing password changes and replicating then to any BDCs on the network.
Once a domain has been fully migrated to Windows Server 2003 and the functional level has been raised, the PDC Emulator still receives preferential replication of any password changes made on other domain controllers in the domain. When a password is changed, it is replicated throughout the domain but can take time to propagate to all domain controllers. If a user is unable to log on due to an incorrect password, the authentication request will be forwarded to the PDC Emulator before the authentication request is denied.
The Infrastructure Master is responsible for any group-to-user references when members of a group are renamed or changed. When a group contains user accounts from another domain and a user account is renamed, it will take time to propagate the changes to other domain controllers. This means that when a user account is renamed it may take a while before the user account’s new name is displayed. The Infrastructure Master is responsible for updating any user to group membership changes. It makes the update locally then replicates the change to all other domain controllers within the domain. If the Infrastructure Master is unavailable, it will take longer for these changes to appear.
The first server to have active directory installed to automatically assumes all three roles. To assign one of the domain wide the roles to another server, use the Active Directory User and Computers snap-in.