Technology Tips and News
Dear team,
It is mentioned that once roles are seized only DC holding PDC emulator and IM can be brought back Online. Trying to understand why there would be no conflict when you rejoin the DC (with PDC emulator and IM) like it happens with other roles.
Thank you.
Regards,
Sagar
Table 1.14 Operations Master Role Functionality Risk Assessment
|
Operations Master Role |
Consequences if Role is Unavailable |
Risk of Improper Restoration |
Recommendation for Returning to Service After Seizure |
|
Schema master |
You cannot make changes to the schema. |
Conflicting changes can be introduced to the schema if both schema masters attempt to modify the schema at the same time. This can result in a fragmented schema. |
Not recommended. Can lead to a corrupted forest and require rebuilding the entire forest. |
|
Domain naming master |
You cannot add or remove domains from the forest. |
You cannot add or remove domains or clean-up metadata. Domains might appear as though they are still in the forest even though they are not. |
Not recommended. Can require rebuilding domains. |
|
PDC emulator |
You cannot change passwords on pre-Active Directory clients. No replication to Windows NT 4.0 backup domain controllers. |
Password validation can randomly pass or fail. Password changes take much longer to replicate throughout the domain. |
Allowed. User authentication can be erratic for a time, but no permanent damage occurs. |
|
Infrastructure master |
Delays displaying updated group membership lists in the user interface when you move users from one group to another. |
Displays incorrect user names in group membership lists in the user interface after you move users from one group to another. |
Allowed. May impact the performance of the domain controller hosting the role, but no damage occurs to the directory. |
|
RID master |
Eventually, domain controllers cannot create new directory objects as each of their individual RID pools is depleted. |
Duplicate RID pools can be allocated to domain controllers, resulting in data corruption in the directory. This can lead to security risks and unauthorized access. |
Not recommended. Can lead to data corruption that can require rebuilding the domain. |
Hi Sagar,
Thanks for you post.
With the PDC Emulator and Infrastructure roles, they're able to recover just fine from a seizure, and can be transferred and seized all over the place to the other.
With the rest (RID, Naming, and Schema), it's not that you can't transfer back. It's that the recommendation is to never turn a DC back on after the role has been seized from it. The risk is that the two DCs both think they own the role. And may have the conficts.
You could check the article for a reference.
http://www.ucs.cam.ac.uk/support/windows-support/winsuptech/activedir/fsmoroles
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Best Regards,
May Dong
Hello Sagar,
Hope your query is resolved?
Hello Sagar,
Kindly provide your inputs so that other can refer it for similar query.
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier