Domain Controller responsibilities are split into 5roles. Each role plays a very important role and together form Active Directory
Domain Naming Master
Schema Master
RID Master
PDC Emulator
Infrastructure Master
Domain Naming Master:
Responsible for naming of Domains, forest naming. No issue is role goes offline role will not sync but it’s not a problem.
Domain Naming Master fails: Role holder is lost, domains won't be able to be added or removed from the Active Directory forest. DCPROMO is also affected, meaning that servers can neither be promoted nor demoted
Scope: Forest wide. 1 per forest.
Schema Master:
Is the logical Structure of AD. Allows to read & write copy of Active Directory. regsrv32 mgmtscehma.dll to open Schema in Console port to edit.
Schema Master goes down: there won't be any effect on the users. The administrators will be affected by the failure only if they try to modify the schema or install an application that needs to modify the schema
Scope: Forest wide. 1 per forest.
RID Master:
The RID Master is responsible for allocating active and standby Relative Identifier (“RID”) pools to domain controllers in its domain. it consists of a unique, contiguous range of RIDs. These RIDs are used during object creation to generate the new object’s unique Security Identifier (“SID”). The RID Master is also responsible for moving objects from one domain to another within a forest.
RID master fails: will eventually prevent domain controllers from creating new SIDs and, therefore, will prevent you from creating new accounts for users, groups, or computer.
Scope: Domain wide. 1 per Domain
PDC Emulator:
Responsible for responding to authentication requests, changing passwords or sync passwords changed on by other Domain Controller, manages Group Policy Objects and locks account on incorrect password entry.
PDC Emulator fails: certain domain functions, security functions, can stop functioning. ... Pre-Windows 2000 Computers are unable to change their passwords
Scope: Domain wide. 1 per Domain
Infrastructure Master:
translates Globally Unique Identifiers (GUID), SIDs, and Distinguished Names (DN) between domains. If you have multiple domains in your forest, the Infrastructure Master is the Babelfish that lives between them. If the Infrastructure Master doesn’t do its job correctly you will see SIDs in place of resolved names in your Access Control Lists (ACL).
Infrastructure Master fails: Is not visible to network users, visible to network administrators either, unless they have recently moved or renamed a large number of accounts. You will start seeing errors in your AD environment like authentication and groups memberships, etc.
Scope: Domain wide. 1 per Domain
Comments