tailieunhanh - The Best Damn Windows Server 2003 Book Period- P10

The Best Damn Windows Server 2003 Book Period- P10:The latest incarnation of Microsoft’s server product,Windows Server 2003, brings many new features and improvements that make the network administrator’s job chapter will briefly summarize what’s new in 2003 and introduce you to the four members of the Windows Server 2003 family: the Web Edition, the Standard Edition, the Enterprise Edition, and the Datacenter Edition. | 56 Chapter 3 Planning Server Roles and Server Security In addition to the two forest-wide master roles there are three domain-wide master roles relative ID RID master primary domain controller PDC emulator and infrastructure roles are described in the following sections. Relative ID Master The relative ID master is responsible for allocating sequences of numbers called relative IDs or RIDs that are used in creating new security principles in the domain. Security principles are user group and computer accounts. These numbers are issued to all domain controllers in the domain. When an object is created a number that uniquely identifies the object is assigned to number consists of two parts a domain security ID or computer SID if a local user or group account is being created and an RID. Together the domain SID and RID combine to form the object s unique domain security ID is the same for all objects in that RID is unique to each object. Instead of using the name of a user computer or group Windows uses the SID to identify and reference security avoid potential conflicts of domain controllers issuing the same number to an object only one RID master exists in a domain. This controls the allocation of RID numbers to each domain controller. The domain controller can then assign the RIDs to objects when they are created. PDC Emulator The primary domain controller PDC emulator is designed to act like a Windows NT PDC when the domain is in Windows 2000 mixed is necessary if Windows NT backup domain controllers BDCs still exist on the network. Clients earlier than Windows 2000 also use the PDC emulator for processing password changes though installation of the AD client software on these systems enables them to change their password on any domain controller in the domain to which they authenticate. The PDC emulator also synchronizes the time on all domain controllers the domain. For replication accuracy it is .