Overview#PDC Emulator FSMO Role (PDC) PDC Emulator FSMO Role is a Flexible Single Master Operation and a single Domain Controller is necessary to synchronize time in an Microsoft Active Directory.
Windows includes the W32Time (Windows Time service) that is required by the Kerberos authentication protocol. All Windows-based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage.
PDC Emulator FSMO Role of a AD DOMAIN is authoritative for the domain. The PDC Emulator FSMO Role at the root of the AD Forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC Emulator FSMO Role holders follow the hierarchy of domains in the selection of their in-bound time partner.
In a AD DOMAIN, the PDC Emulator FSMO Role holder retains the following functions:
- Password Modify Operations performed by other Domain Controllers in the AD DOMAIN are replicated preferentially to the PDC Emulator FSMO Role.
- Authentication failures that occur at a given Domain Controller in a AD DOMAIN because of an incorrect password are forwarded to the PDC Emulator FSMO Role before a bad password failure message is reported to the user.
- Account Lockout is processed on the PDC Emulator FSMO Role.
- performs all of the functionality that a Microsoft Windows Server NT based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients.
PDC Emulator FSMO Role must still performs the other functions as described in a Windows Server 2000 environment.
More Information#There might be more information for this subject on one of the following:
- Flexible Single Master Operation
- LDAP policy in Active Directory
- Well-known Security Identifiers