These single master
roles are referred to as FSMO roles and are listed in Table 4-1. You can and should diversify
which servers hold each of these roles. If you have more than one domain controller
at your disposal, it is best and sometimes required to split up these roles.
Active Directory Sites
When planning for an Active Directory implementation, you will often be spending much
of your time planning how many domains you will need, how they will be structured,
how many domain controllers are required for each domain and where they will be located,
and how your Active Directory will be organized internally using OUs. Much of
Table 4-1. Active Directory FSMO Roles
FSMO Role Description
Schema Master Stores and manages changes to the Active Directory
schema. The first domain controller in the domain
is designated as the Schema Master by default.
Domain Naming Master Manages domains that are created, added, or
removed to and from the entire forest.
Relative ID (RID) Master Ensures that all security principles issued by Active
Directory (such as Security Identifiers [SIDs]) are
unique.
Primary Domain Controller
(PDC) Emulator
Synchronizes time within the domain, controls
account lockout states, and manages password
synchronization. When Group Policy objects
(GPOs) are edited, it is performed on the server
hosting the PDC Emulator role by default.
Infrastructure Master Manages group membership and ensures that
references to objects in this domain are updated for
objects in other domains.
Pages:
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146