Every domain in an Active Directory forest must contain one of each of the following FSMO roles:
* The Relative ID Master allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains.
* The Infrastructure Master maintains security identifiers, GUIDs, and DNS for objects referenced across domains. Most commonly it updates user and group links.This is another domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single
| Attributes | Values |
|---|
| rdfs:label
| - Flexible single master operation
|
| rdfs:comment
| - Every domain in an Active Directory forest must contain one of each of the following FSMO roles:
* The Relative ID Master allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains.
* The Infrastructure Master maintains security identifiers, GUIDs, and DNS for objects referenced across domains. Most commonly it updates user and group links.This is another domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single
|
| sameAs
| |
| dcterms:subject
| |
| dbkwik:babyish/pro...iPageUsesTemplate
| |
| abstract
| - Every domain in an Active Directory forest must contain one of each of the following FSMO roles:
* The Relative ID Master allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains.
* The Infrastructure Master maintains security identifiers, GUIDs, and DNS for objects referenced across domains. Most commonly it updates user and group links.This is another domain-specific role and its purpose is to ensure that cross-domain object references are correctly handled. For example, if you add a user from one domain to a security group from a different domain, the Infrastructure Master makes sure this is done properly. As you can guess however, if your Active Directory deployment has only a single domain, then the Infrastructure Master role does no work at all, and even in a multi-domain environment it is rarely used except when complex user administration tasks are performed, so the machine holding this role doesn't need to have much horsepower at all.
* The PDC Emulator operations master role processes all password changes in the domain. Failed authentication attempts due to a bad password at other domain controllers are forwarded to the PDC Emulator before rejection. This ensures that a user can immediately login following a password change from any domain controller, without having to wait several minutes for the change to be replicated. The PDC Emulator Operations Master role must be carefully sited in a location to best handle all password reset and failed-authentication forwarding traffic for the domain.
|
![[RDF Data]](/fct/images/sw-rdf-blue.png)