If you’re a Windows NT veteran, you know that updates to the security accounts manager (SAM) are made only to the primary domain controller. When the primary domain controller receives updates it alerts all of the backup domain controllers, which then request a copy of the updates.
In contrast, Windows 2000 works much differently. Instead of using the PDC/BDC model, Windows 2000 uses the multimaster model of directory replication. Basically, this means that Active Directory updates can be made to any domain controller and then passed to all other domain controllers. In a multimaster environment, there are five different roles that domain controllers could potentially play. In this article, I’ll discuss these five roles.
|"Instead of using the PDC/BDC model, Windows 2000 uses the multimaster
model of directory replication. Basically, this means that Active
Directory updates can be made to any domain controller and then
passed to all other domain controllers."
The schema master is responsible for accepting updates to the Active Directory schema. There can be only a single schema master in the entire forest structure. This is one of the few places in which the multimaster model doesn’t apply to the Active Directory, since schema updates must be made directly to the schema master. Needless to say, this means that you must have access to the schema master to make any schema updates. Every forest must have a schema master.
Domain Naming Master
As with the schema master, every Active Directory forest must have a domain naming master. Likewise, there can be only one domain naming master in the entire forest. The domain naming master is responsible for supporting the addition and the removal of domains within the forest.
Domain Specific Roles
Just as each forest requires a schema master and a domain naming master, there are also domain specific roles. Each domain requires a relative ID master, a PDC emulator, and an infrastructure master. As with the forest specific roles that I discussed earlier, each domain can have only one instance of each of the roles that I discussed.
Relative ID Master
A relative ID master is the machine that keeps track of the numerical ID number associated with various domain objects. For example, if you create a user account, Windows 2000 creates a number that’s associated with the account. Part of the number designates the domain that the object belongs to. Each object in the domain contains the same domain-related portion of the number. The rest of the number is unique for each object.
Windows 2000 runs one server in each domain in PDC emulator mode. This server is responsible for replicating account information to any Windows NT backup domain controllers that may be present on the network. If the network is running entirely in native Active Directory mode, the role of the PDC emulator is that it’s usually the first PC in each domain to receive replication information.
The infrastructure master server is responsible for managing group security. Any time that you add or remove users to or from a group the change is made through this server. It is this server’s responsibility to keep track of group memberships and pass that information along to other domain controllers. //
Brien M. Posey is an MCSE who works as a freelance writer. His past experience includes working as the director of information systems for a national chain of health care facilities and as a network engineer for the Department of Defense. Because of the extremely high volume of e-mail that Brien receives, it’s impossible for him to respond to every message, although he does read them all.