Domain Controller Roles

  • Artigo

A domain controller is a server that is running a version of the Microsoft Windows Server 2003 or Windows 2000 Server operating system and has the Active Directory directory service installed.

Note

  • Implementations of the Microsoft Windows NT 3.51 and Microsoft Windows NT 4.0 operating systems also have domain controllers, but they do not support Active Directory.

When you install Windows Server 2003 or Windows 2000 Server on a computer, you can choose to configure a specific server role for that computer. When you want to create a new forest, a new domain, or an additional domain controller in an existing domain, you configure the server with the role of domain controller by installing Active Directory.

By default, a domain controller stores one domain directory partition consisting of information about the domain in which it is located, plus the schema and configuration directory partitions for the entire forest. A Windows Server 2003 domain controller can also store one or more application directory partitions. There are also specialized domain controller roles that perform specific functions in an Active Directory environment. These specialized roles include global catalog servers and operations masters.

Global Catalog Servers

Every domain controller stores the objects for the domain in which it is installed. However, a domain controller designated as a global catalog server stores the objects from all domains in the forest. For each object that is not in the domain for which the global catalog server is authoritative as a domain controller, a limited set of attributes is stored in a partial replica of the domain. Therefore, a global catalog server stores its own full, writable domain replica (all objects and all attributes) plus a partial, read-only replica of every other domain in the forest. The global catalog is built and updated automatically by the Active Directory replication system. The object attributes that are replicated to global catalog servers are the attributes that are most likely to be used to search for the object in Active Directory. The attributes that are replicated to the global catalog are identified in the schema as the partial attribute set (PAS) and are defined by Microsoft. However, to optimize searching, you can edit the schema by adding or removing attributes that are stored in the global catalog.

The global catalog makes it possible for clients to search Active Directory without having to be referred from server to server until a domain controller that has the domain directory partition storing the requested object is found. By default, Active Directory searches are directed to global catalog servers.

The first domain controller in a forest is automatically created as a global catalog server. Thereafter, you can designate other domain controllers to be global catalog servers if they are needed.

Operations Masters

Domain controllers that hold operations master roles are designated to perform specific tasks to ensure consistency and to eliminate the potential for conflicting entries in the Active Directory database. Active Directory defines five operations master roles: the schema master, domain naming master, relative identifier (RID) master, primary domain controller (PDC) emulator, and infrastructure master.

The following operations masters perform operations that must occur on only one domain controller in the forest:

  • Schema master
  • Domain naming master

The following operations masters perform operations that must occur on only one domain controller in the domain:

  • Primary Domain Controller (PDC) emulator
  • Infrastructure master
  • Relative ID (RID) master