Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and corp.contoso.com.
The forest contains four domain controllers.
The domain controllers are configured as shown in the following table.
All domain controllers are DNS servers.
In the corp.contoso.com domain, you plan to deploy a new domain controller named DC5.
You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully
to a domain controller. Which domain controller should you identify?
initial answer : DC3 => false
my first answer was RID too.
as a DC requires a RID Master to get an account-identifier pool so he can create accounts in AD.
but as we have only one choice and the the Domain Naming Master is explicitly designated as being required
when promoting a DC i change the answer to DC2.
Managing RID Pool Depletion
Anytime you create a writable DC, it gets 500 new RIDs from the RID Master.
Domain Naming Master
Active Directory stores pointers to other domains in a CrossRef object located in a Partitions container
in the Configuration naming context. This object contains attributes that describe thedistinguished name,
DNS name, the flat name and the name of the Domain naming context, along with the kind of trust relationship
that binds the domain to the forest.
When you create a new domain in an existing forest,the new domain represents a separate naming
context and a new CrossRef object must be created in a Partitions container. Only one domain controller
in a forest, the Domain Naming Master, is allowed make changes to the Partitions container. This
prevents two administrators from creating new domains with identical names during the same
By default, the Domain Naming Master is the first domain controller in a forest, but the role can be transferred
to any domain controller through the Active Directory Domains and Trusts snap-in. The Domain Naming Master
should always reside in the root domain.
FSMO Roles in Active Directory in Windows 2008 Server
1. Forest Roles
Schema Master – As name suggests, the changes that are made while creation of any object in AD or
changes in attributes will be made by single domaincontroller and then it will be replicated to another domain
controllers that are present in your environment. There is no corruption of AD schema if all the domain
controllers try to make changes. This is one of thevery important roles in FSMO roles infrastructure.
Domain Naming Master – This role is not used very often, only when you add/remove any domain
controllers. This role ensures that there is a unique name of domain controllers in environment.
2. Domain Roles
Infrastructure Master – This role checks domainfor changes to any objects. If any changes are found then it
will replicate to another domain controller.
RID Master – This role is responsible for making sure each security principle has a different identifier.
PDC emulator – This role is responsible for Account policies such as client password changes and time
synchronization in the domain