Domain-Wide Operations Master Roles

Every domain in the forest must have the following roles:
Relative identifier (RID), or relative ID, master
Primary domain controller (PDC) emulator
Infrastructure master
These roles must be unique Microsoft exam 70-297 in each domain. This means that each domain in the forest can have only one RID master, PDC emulator master, and infrastructure master.

The domain controller assigned the RID master role allocates sequences of relative IDs to each of the various domain controllers in its domain. At any time, there can be only one domain controller acting as the RID master in each domain in the forest.
Whenever a domain controller creates a user, group, or computer object, it assigns the object a unique security ID. The security ID consists of a domain security ID (that is the same for all security IDs created in the domain) and a relative ID that is unique for each security ID created in the domain.
To move an object between domains (using Movetree.exe: Active Directory Object Manager), you must initiate the 70-297 practice test move on the domain controller acting as the RID master of the domain that currently contains the object.

If the domain contains computers operating without Windows Server 2003 client software or if it contains Windows NT backup domain controllers (BDCs), the domain controller assigned the PDC emulator role acts as a Windows NT PDC. It processes password changes from clients and replicates updates to the BDCs. At any time, there can be only one domain controller acting as the PDC emulator in each domain in the forest.
Even after all systems are upgraded to Windows Server 2003, and the Windows Server 2003 domain is operating at the Windows Server 2003 functional level, the PDC emulator receives preferential replication of password changes performed by other domain controllers in the domain. If a password was recently changed, that change takes time to replicate to every domain controller in the domain. If a logon authentication fails at another domain controller due to a bad password, that domain controller forwards the authentication request to the PDC emulator before rejecting the logon attempt.

If there is more than one domain controller in the domain, the infrastructure master role should not be assigned to any domain controller that is hosting the global catalog. For more free Microsoft practice tests information, refer to the "Planning Operations Master Locations" section of this chapter.