Windows Active Directory

Operations Master Roles

Operations Master Roles

Forest Wide and Domain Wide Schema master Domain naming master Relative ID master Primary domain controller (PDC) emulator Infrastructure master

Operations Master Roles

Important Notes Schema master Domain naming master Relative ID master After the master role has been seized, they must never not be brought back online without first reformatting the drive and reloading Windows.

Schema Master
Forest role Only one in a forest Controls updates and modifications to schema Failure
Invisible to users Invisible to administrators Known only when trying to update schema Seize only when schema failure is permanent Server must never be brought back online without first reformatting and reloading Windows

Domain Naming Master

Forest role - Only one in a forest Controls adding and removing domains Failure
Invisible to users Invisible to administrators Known only when trying to add/remove domain Seize only when failure is permanent Server must never be brought back online without first reformatting and reloading Windows

Primary Domain Controller (PDC) Emulator

Domain role Only one in the domain PDC to Windows NT Backup Domain Controller Native mode, preferential password replication Failure
Affect network users Users cannot logon Seize so users can logon Bring back to service when available

Infrastructure Master
Domain role Only one in the domain Control update the group-to-user references Native mode, preferential password replication Failure
Invisible to users Invisible to administrators Known only when move/rename large number of accounts Seize to a DC thats not a global catalog Bring back to service when available

Operations Master Roles

Schema and Domain Naming are usually remain with the first domain controller First domain controller in child domain are assigned
Relative identifier master Primary domain controller emulator Infrastructure master

Operations Master Roles Planning

One domain controller Two domain controllers
Choose two well connected domain controller Assign them as direct replication partners Make one a stand-by

Relative ID master and PDC emulator should be on the same domain controller

Operations Master Roles Planning

Separate Infrastructure master and Global catalog Infrastructure master and Global catalog domain controller should be well connected