This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
PDC Emulator FSMO Role
PDC Emulator FSMO Role

Version management

Difference between version and

At line 1 added 319 lines
!!! Overview
[{$pagename}] ([PDC]) [{$pagename}] is a [Flexible Single Master Operation] and a single [Domain Controller] is necessary to synchronize [time] in an [Microsoft Active Directory].
Windows includes the [W32Time] ([Windows Time service]) that is required by the [Kerberos] [authentication] protocol. All Windows-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the [Windows Time service] uses a [hierarchical] [relationship] that controls authority and does not permit loops to ensure appropriate common time usage.
[{$pagename}] of a [AD DOMAIN] is authoritative for the domain. The [{$pagename}] at the root of the [AD Forest] becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All [{$pagename}] holders follow the hierarchy of domains in the selection of their in-bound time partner.
In a [AD DOMAIN], the [{$pagename}] holder retains the following functions:
* [Password Modify Operations] performed by other [Domain Controllers] in the [AD DOMAIN] are replicated preferentially to the [{$pagename}].
* [Authentication] failures that occur at a given [Domain Controller] in a [AD DOMAIN] because of an incorrect [password] are forwarded to the [{$pagename}] before a bad [password] failure message is reported to the user.
* [Account Lockout] is processed on the [{$pagename}].
* performs all of the functionality that a [Microsoft] [Windows Server NT] based PDC or earlier PDC performs for [Windows NT|Windows NT 3.1] 4.0-based or earlier clients.
This part of the [{$pagename}] becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to [Windows Server 2000].
[{$pagename}] must still performs the other functions as described in a [Windows Server 2000] environment.
There is only one [{$pagename}] per [AD DOMAIN] within a [AD Forest]
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Active Directory FSMO roles in Windows|https://support.microsoft.com/en-us/help/197132/active-directory-fsmo-roles-in-windows|target='_blank'] - based on information obtained 2018-07-10-
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop