Roles of the Active Directory Domain Controllers
Active Directory uses a multiple-master model, and usually, domain controllers (DCs) are equal with each other in reading and writing directory information. However, certain roles cannot be distributed across all the DCs, meaning that changes can’t take place on more than one domain controller at a time. Some domain controllers, therefore, do assume a single-master operations role — known as operations masters in Active Directory.
The five categories of operations master roles are:
- Schema master(one per forest): Maintains the master copy of the schema.
- PDC emulator(one per domain): Emulates a primary domain controller for backward compatibility with Windows NT.
- Domain naming master(one per forest): Tracks object names throughout a forest to ensure that they’re unique. Also tracks cross-references to objects in other directories.
- Infrastructure master(one per domain): Tracks object references among domains and maintains a list of deleted child objects.
- Relative identifier (RID) master(one per domain): Tracks the assignment of SIDs (security identifiers) throughout the domain.
Usually, the first domain controller that you create in the first domain assumes the operations master roles. You can assign these roles to other domain controllers in the domain or forest, but only one domain controller at a time can hold each operation’s master role.