What are Operations Masters?
4 views
Skip to first unread message
kmohaan
Dec 17, 2008, 12:13:26 AM12/17/08
to Exchange User Group
Active Directory is a multimaster enabled database, which provides the
flexibility of allowing changes to occur at any domain controller in
the forest.
Active Directory defines five operations master roles: the schema
master, domain naming master, relative identifier (RID) master,
primary domain controller (PDC) emulator, and infrastructure master.,
which performs the replication between DCs & also designed to
automatically resolve replication conflict issues.
Operations Master Roles:-
The five operations master roles are assigned automatically when the
first domain controller in a given domain is created. Two forest-level
roles are assigned to the first domain controller created in a forest
and three domain-level roles are assigned to the first domain
controller created in a domain.
Forestwide Operations Master Roles:
The schema master and domain naming master are forestwide roles,
meaning that there is only one schema master and one domain naming
master in the entire forest.
Schema Master:
The schema master is responsible for performing updates to the Active
Directory schema. The schema master is the only domain controller that
can perform write operations to the directory schema. Those schema
updates are replicated from the schema master to all other domain
controllers in the forest. Having only one schema master for each
forest prevents any conflicts that would result if two or more domain
controllers attempt to concurrently update the schema.
Domain Naming Master:
The domain naming master manages the addition and removal of all
domains and directory partitions, regardless of domain, in the forest
hierarchy. The domain controller that has the domain naming master
role must be available in order to perform the following actions:
·Add new domains or application directory partitions to the forest.
·Remove existing domains or application directory partitions from the
forest.
·Add replicas of existing application directory partitions to
additional domain controllers.
·Add or remove cross-reference objects to or from external
directories.
·Prepare the forest for a domain rename operation.
Domainwide Operations Master Roles:
The other operations master roles are domainwide roles, meaning that
each domain in a forest has its own RID master, PDC emulator, and
infrastructure master.
RID Master:
The relative identifier (RID) operations master allocates blocks of
RIDs to each domain controller in the domain. Whenever a domain
controller creates a new security principal, such as a user, group, or
computer object, it assigns the object a unique security identifier
(SID). This SID consists of a domain SID, which is the same for all
security principals created in the domain, and a RID, which uniquely
identifies each security principal created in the domain.
PDC Emulator:
The PDC emulator operations master acts as a Windows NT PDC in domains
that contain client computers operating without Active Directory
client software or Windows NT backup domain controllers (BDC). In
addition, the PDC emulator processes password changes from clients and
replicates the updates to the Windows NT BDCs. Even after all domain
controllers are upgraded to Windows 2000 Server or Windows Server
2003, the PDC emulator receives preferential replication of password
changes performed by other domain controllers in the domain.
If a logon authentication fails at another domain controller due to a
bad password, that domain controller forwards the authentication
request to the PDC emulator before rejecting the logon attempt.
Infrastructure Master:
The infrastructure operations master is responsible for updating
object references in its domain that point to the object in another
domain. The infrastructure master updates object references locally
and uses replication to bring all other replicas of the domain up to
date. The object reference contains the object’s globally unique
identifier (GUID), distinguished name and possibly a SID. The
distinguished name and SID on the object reference are periodically
updated to reflect changes made to the actual object. These changes
include moves within and between domains as well as the deletion of
the object. If the infrastructure master is unavailable, updates to
object references are delayed until it comes back online.
Operations Master Roles and Functionality :-
Five operations master roles manage single-master operations in Active
Directory.
Two operations master roles exist in each forest:
·The schema master, which governs all changes to the schema.
·The domain naming master, which adds and removes domains to and from
the forest.
In addition to the two forestwide operations master roles, three
operations master roles exist in each domain:
·The primary domain controller (PDC) emulator. The PDC emulator
processes all replication requests from Microsoft Windows NT 4.0
backup domain controllers and processes all password updates for
clients that are not running Active Directory–enabled client software.
·The relative identifier (RID) master. The RID master allocates RIDs
to all domain controllers to ensure that all security principals have
a unique identifier.
·The infrastructure master. The infrastructure master for a given
domain maintains a list of the security principals from other domains
that are members of groups within its domain.
flexibility of allowing changes to occur at any domain controller in
the forest.
Active Directory defines five operations master roles: the schema
master, domain naming master, relative identifier (RID) master,
primary domain controller (PDC) emulator, and infrastructure master.,
which performs the replication between DCs & also designed to
automatically resolve replication conflict issues.
Operations Master Roles:-
The five operations master roles are assigned automatically when the
first domain controller in a given domain is created. Two forest-level
roles are assigned to the first domain controller created in a forest
and three domain-level roles are assigned to the first domain
controller created in a domain.
Forestwide Operations Master Roles:
The schema master and domain naming master are forestwide roles,
meaning that there is only one schema master and one domain naming
master in the entire forest.
Schema Master:
The schema master is responsible for performing updates to the Active
Directory schema. The schema master is the only domain controller that
can perform write operations to the directory schema. Those schema
updates are replicated from the schema master to all other domain
controllers in the forest. Having only one schema master for each
forest prevents any conflicts that would result if two or more domain
controllers attempt to concurrently update the schema.
Domain Naming Master:
The domain naming master manages the addition and removal of all
domains and directory partitions, regardless of domain, in the forest
hierarchy. The domain controller that has the domain naming master
role must be available in order to perform the following actions:
·Add new domains or application directory partitions to the forest.
·Remove existing domains or application directory partitions from the
forest.
·Add replicas of existing application directory partitions to
additional domain controllers.
·Add or remove cross-reference objects to or from external
directories.
·Prepare the forest for a domain rename operation.
Domainwide Operations Master Roles:
The other operations master roles are domainwide roles, meaning that
each domain in a forest has its own RID master, PDC emulator, and
infrastructure master.
RID Master:
The relative identifier (RID) operations master allocates blocks of
RIDs to each domain controller in the domain. Whenever a domain
controller creates a new security principal, such as a user, group, or
computer object, it assigns the object a unique security identifier
(SID). This SID consists of a domain SID, which is the same for all
security principals created in the domain, and a RID, which uniquely
identifies each security principal created in the domain.
PDC Emulator:
The PDC emulator operations master acts as a Windows NT PDC in domains
that contain client computers operating without Active Directory
client software or Windows NT backup domain controllers (BDC). In
addition, the PDC emulator processes password changes from clients and
replicates the updates to the Windows NT BDCs. Even after all domain
controllers are upgraded to Windows 2000 Server or Windows Server
2003, the PDC emulator receives preferential replication of password
changes performed by other domain controllers in the domain.
If a logon authentication fails at another domain controller due to a
bad password, that domain controller forwards the authentication
request to the PDC emulator before rejecting the logon attempt.
Infrastructure Master:
The infrastructure operations master is responsible for updating
object references in its domain that point to the object in another
domain. The infrastructure master updates object references locally
and uses replication to bring all other replicas of the domain up to
date. The object reference contains the object’s globally unique
identifier (GUID), distinguished name and possibly a SID. The
distinguished name and SID on the object reference are periodically
updated to reflect changes made to the actual object. These changes
include moves within and between domains as well as the deletion of
the object. If the infrastructure master is unavailable, updates to
object references are delayed until it comes back online.
Operations Master Roles and Functionality :-
Five operations master roles manage single-master operations in Active
Directory.
Two operations master roles exist in each forest:
·The schema master, which governs all changes to the schema.
·The domain naming master, which adds and removes domains to and from
the forest.
In addition to the two forestwide operations master roles, three
operations master roles exist in each domain:
·The primary domain controller (PDC) emulator. The PDC emulator
processes all replication requests from Microsoft Windows NT 4.0
backup domain controllers and processes all password updates for
clients that are not running Active Directory–enabled client software.
·The relative identifier (RID) master. The RID master allocates RIDs
to all domain controllers to ensure that all security principals have
a unique identifier.
·The infrastructure master. The infrastructure master for a given
domain maintains a list of the security principals from other domains
that are members of groups within its domain.
Reply all
Reply to author
Forward
0 new messages