Register now or log in to join your professional community.
I asked just similar question earlier but again i am asking you all that what makes PDC Emulator much differ from other AD Role. what it is most Important ?
The Role of PDC Emulator is most important because this role has lots of responsibilities like
[1]. Act as the central time sync authority within an AD forest (this only applies to the PDC FSMO in the forest root AD domain)
[2] Any password changes or account lockouts that occur on any DC are communicated to PDC securely.
[3] When your login attempted is failed because of incorrect password it will check the PDC for a new password
[4] Editing GPOs by default occur with the PDC FSMO
[5] When root scalability mode is not enabled (the default), DFS root servers get updates from the PDC FSMO. When root scalability is enabled, DFS root servers get updates from the closest DC instead
[6] The PDC FSMO is the only DC that applies the Password policy settings and the account lockout policy settings specified at domain level and writes the information to the domain NC
[7] If you have NT style applications that want/need to target the PDC, those apps will probably break as soon as the PDC is not available.
PDC Emulator Role is very important role in FSMO because you will not notice any change if other role holder server goes down and your AD infrastructure will continue to run. PDC Emulator role is reponsible for AD authentication, Group Policy changes, NTP and for Backward compatibility for Windows NT server. If PDC role holder goes down you will notice alot of users complaining about authentication and believe me this its very difficult to close so many tickets logged on to the Ticketing tool :) real pain for Service Desk team.
Some basics about time synchronization:
So what are the functions performed by PDC Emulator?
1. It acts a time synchronizer for all the domain controllers.
2. Password changes, Account Lockouts are always replicated to PDC Emulator from Domain controllers.
3. PDC Emulator should be available when creating or modifying Group Policies.
Primary Domain Controller Provides Valuable services in terms of User authentications,Account Lockouts and Time Synchronization. As soon as the User logon to domain the first service that comes into picture is PDC. any failed logon attempts are first forwarded to PDC emulator before returning a bad logon message to the User.