Which domain controller should you identify?

Your network contains an Active Directory forest.
The forest contains two domains named contoso.com and corp.contoso.com.
The forest contains four domain controllers.
The domain controllers are configured as shown in the following table.

All domain controllers are DNS servers.
In the corp.contoso.com domain, you plan to deploy a new domain controller named DC5.
You need to identify which domain controller must be online to ensure that DC5 can be promoted successfully
to a domain controller. Which domain controller should you identify?





initial answer : DC3 => false
my first answer was RID too.
as a DC requires a RID Master to get an account-identifier pool so he can create accounts in AD.
but as we have only one choice and the the Domain Naming Master is explicitly designated as being required
when promoting a DC i change the answer to DC2.
Managing RID Pool Depletion
Anytime you create a writable DC, it gets 500 new RIDs from the RID Master.
Domain Naming Master
Active Directory stores pointers to other domains in a CrossRef object located in a Partitions container
in the Configuration naming context. This object contains attributes that describe thedistinguished name,
DNS name, the flat name and the name of the Domain naming context, along with the kind of trust relationship
that binds the domain to the forest.
When you create a new domain in an existing forest,the new domain represents a separate naming
context and a new CrossRef object must be created in a Partitions container. Only one domain controller
in a forest, the Domain Naming Master, is allowed make changes to the Partitions container. This
prevents two administrators from creating new domains with identical names during the same
replication interval.
By default, the Domain Naming Master is the first domain controller in a forest, but the role can be transferred
to any domain controller through the Active Directory Domains and Trusts snap-in. The Domain Naming Master
should always reside in the root domain.
FSMO Roles in Active Directory in Windows 2008 Server
1. Forest Roles
Schema Master – As name suggests, the changes that are made while creation of any object in AD or
changes in attributes will be made by single domaincontroller and then it will be replicated to another domain
controllers that are present in your environment. There is no corruption of AD schema if all the domain
controllers try to make changes. This is one of thevery important roles in FSMO roles infrastructure.
Domain Naming Master – This role is not used very often, only when you add/remove any domain
controllers. This role ensures that there is a unique name of domain controllers in environment.
2. Domain Roles
Infrastructure Master – This role checks domainfor changes to any objects. If any changes are found then it
will replicate to another domain controller.
RID Master – This role is responsible for making sure each security principle has a different identifier.
PDC emulator – This role is responsible for Account policies such as client password changes and time
synchronization in the domain

7 Comments on “Which domain controller should you identify?

  1. Karl says:

    A DC3 is correct. In order to add a Domain Controller to corp.contoso.com, you need PDC and RID of that domain, not of the root domain. The Domain Naming Master is needed to add, remove and rename domains in the forest, i.e. not for individual Domain Controllers.

    1. B-Art says:


      Must be RID Master with PDC Emulator of Child domain.
      RID Pool is replicated to secondary DC (DC5).

      Remember there is NO NEW Domain created.

      DC3 must be on-line.

  2. Larry Coldiron says:

    According to Microsoft: http://support.microsoft.com/kb/223346

    RID Domain
    Allocates active and standby RID pools to replica domain controllers in
    the same domain.
    Must be online for newly promoted domain controllers to obtain a local
    RID pool that is required to advertise or when existing domain controllers
    have to update their current or standby RID pool allocation.

    This article also says PDC emulator must be online 24 hours per day 7 days per week.

  3. Djidji says:

    Non c’est le maitre RID qui doit etre en ligne pour pouvoir ajouter un nouveau controleur de domaine, j’ai fait le test

  4. Pirulo says:

    You will not be able to install a writable replica domain controller at this time because the RID master DC1.some_domain.com is offline
    This is the message you receive when you try to promote a server to DC and the RID master is not reachable (online).
    So answer is DC3 needs to be online/available

  5. Mansur says:

    “C. DC2” is 100% perfect answer.
    Without Domain Naming Master you can’t add or remove any Domain Controller in a forest. You can’t complete AD installation wizard without Domain Naming Master in your forest. Try if anyone don’t believe.

Leave a Reply

Your email address will not be published. Required fields are marked *