Information Technology Reference
In-Depth Information
•
PDC emulator master
—This role provides backward compatibility with Windows NT
servers configured as Windows NT backup domain controllers or member servers. In addi-
tion, the PDC emulator master manages password changes to help ensure that user
authentication occurs without lengthy delays. When a user account password is changed,
the change is replicated to all domain controllers but can take several minutes. Meanwhile,
the user whose password was changed might be authenticated by a domain controller that
hasn't yet received the replication, so the authentication fails. To reduce this problem,
password changes are replicated immediately to the PDC emulator master, and if authenti-
cation fails at one domain controller, the attempt is retried on the PDC emulator master.
Active Directory uses a multimaster method for replicating Active Directory object data (such
as user and computer accounts), as discussed in the next section. However, because domain con-
trollers that manage FSMO role data are, by definition, single masters, special attention must be
paid to them. When removing domain controllers from a forest, make sure these roles aren't
removed from the network accidentally. Domain administrators should keep track of which server
holds each role and move the role to another domain controller if that machine is to be taken offline.
Activity 4-6: Viewing the Operations Master Roles
Time Required:
15 minutes
Objective:
Discover where operations master roles are configured.
Description:
You're a consultant called in to document the Active Directory configuration for a
company, in particular the operations master roles. You use Active Directory Users and Computers,
Active Directory Domains and Trusts, and Active Directory Schema to view these roles.
1. Log on to your server as Administrator, if necessary, and open Active Directory Users and
Computers.
2. Right-click
Active Directory Users and Computers [serverXX.w2k8adXX.com]
, point to
All
Tasks
, and click
Operations Masters
.
3. The RID tab shows which domain controller performs the RID master role. Click the
Change
button. The error message tells you that the DC you're connected to is the opera-
tions master, and you must first connect to the domain controller to which you want to
transfer the operations master role. Click
OK
.
4. Click the
PDC
tab to view the DC that's the PDC emulator master. Click the
Infrastructure
tab to view the DC that's the infrastructure master. These operations master roles are per-
formed by only one DC per domain. Click
Close
.
5. Right-click
Active Directory Users and Computers [serverXX.w2k8adXX.com]
and click
Change Domain Controller
. If your domain had more than one DC, you could connect to
any of them here, and then change the operations master role to the chosen DC. Click
Cancel
. Close Active Directory Users and Computers.
6. Click
Start
, point to
Administrative Tools
, and click
Active Directory Domains and Trusts
.
7. Right-click
Active Directory Domains and Trusts [serverXX.W2k8adXX.com]
and click
Operations Master
. Here's where you can find which DC is the domain naming master. Note
that only one DC in the forest performs this function. Click
Close
. Close Active Directory
Domains and Trusts.
8. To view the schema master, you must use a different process because this role isn't shown in
any of the standard MMCs. Click
Start
,
Run
, type
regsvr32 schmmgmt.dll
in the Open text
box, and click
OK
. In the message box stating that DllRegisterServer in schmmgmt.dll suc-
ceeded, click
OK
.
This command is necessary to register, or activate, certain commands that
aren't normally available in Windows—in this case, the Active Directory
Schema snap-in.
Search WWH ::
Custom Search