When you add or remove a domain from a forest, the change is recorded in Active Directory.
Roles performed by the domain naming master
domain naming master
controls the addition or removal of domains in the forest. There is onlyone domain naming master per forest. When you add a new domain to the forest, only the domaincontroller that holds the domain naming master role can add the new domain. The domain namingmaster prevents multiple domains with the same domain name from joining the forest. When you usethe Active Directory Installation wizard to create a child domain, it contacts the domain namingmaster and requests the addition or deletion.
The effect of the domain naming master being unavailable
Like the schema master, temporary loss of the domain naming master is not visible to network usersor to network administrators unless the administrator is trying to add a domain to the forest or removea domain from the forest. If the domain naming master is unavailable, you cannot add or removedomains. If the domain naming master will be unavailable for an unacceptable length of time, you canseize the role from the standby operations master. To
a role is to move it
the cooperationof its current owner. It is best to avoid seizing roles.
acts as a Microsoft
Primary Domain Controller (PDC) to supportany backup domain controllers (BDCs) running Windows NT in a mixed-mode domain. When youcreate a domain, the PDC emulator role is assigned to the first domain controller in the new domain.
Roles performed by the PDC emulator
The PDC emulator performs the following roles:
Acts as the PDC for any existing BDCs
. If a domain contains any BDCs or client computersthat are running Windows NT 4.0 and earlier, the PDC emulator functions as a Windows NTPDC. The PDC emulator services client computers and replicates directory changes to anyBDCs running Windows NT.
Manages password changes from computers running Windows NT, Microsoft Windows
95or Windows 98
. You must write password changes directly to the PDC.
Minimizes replication latency for password changes
is the time neededfor a change made on one domain controller to be received by another domain controller.When the password of a client computer running Windows 2000 or later is changed on adomain controller, that domain controller immediately forwards the change to the PDCemulator. If a password was recently changed, that change takes time to replicate to everydomain controller in the domain. If a logon authentication fails at another domain controller because of a bad password, that domain controller will forward the authentication request tothe PDC emulator before rejecting the logon attempt.
relative identifier (RID) master
allocates blocks of RIDs to each domain controller in the domain.Whenever a domain controller creates a new security principal, such as a user, group, or computer object, it assigns the object a unique security identifier (SID). This SID consists of a domain SID,