Bayt.com

Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Why pdc emulator role of active directory is most important than other ?

I asked just similar question earlier but again i am asking you all that what makes PDC Emulator much differ from other AD Role. what it is most Important ?

Windows Server Windows Server 2003 Windows Server 2008 Active Directory
user-image
Question added by Syed Asgar Mahmood Zaidi , Senior System Engineer , Royal Hospital
Date Posted: 2013/10/07
Upvote (0) Views (40) Followers (0) Answers (4) Report Question
Write an Answer
Register now or log in to answer.
Syed Asgar Mahmood Zaidi
by Syed Asgar Mahmood Zaidi , Senior System Engineer , Royal Hospital

The Role of  PDC Emulator is most important because this role has lots of responsibilities like

 

 

[1]. Act as the central time sync authority within an AD forest (this only applies to the PDC FSMO in the forest root AD domain)

 

[2] Any password changes or account lockouts that occur on any DC are communicated to PDC securely.

 

[3] When your  login attempted is failed because of incorrect password it will check the PDC for a new password

 

[4]  Editing GPOs by default occur with the PDC FSMO

 

[5] When root scalability mode is not enabled (the default), DFS root servers get updates from the PDC FSMO. When root scalability is enabled, DFS root servers get updates from the closest DC instead

 

[6]  The PDC FSMO is the only DC that applies the Password policy settings and the account lockout policy settings specified at domain level and writes the information to the domain NC

 

[7] If you have NT style applications that want/need to target the PDC, those apps will probably break as soon as the PDC is not available.

 

Deleted user
by Deleted user

PDC Emulator Role is very important role in FSMO because you will not notice any change if other role holder server goes down and your AD infrastructure will continue to run. PDC Emulator role is reponsible for AD authentication, Group Policy changes, NTP and for Backward compatibility for Windows NT server. If PDC role holder goes down you will notice alot of users complaining about authentication and believe me this its very difficult to close so many tickets logged on to the Ticketing tool :) real pain for Service Desk team.

Ahmad Abualkishk
by Ahmad Abualkishk , Azure Stack Support Escalation Engineer , Microsof

Some basics about time synchronization:

  • Client machines get its time synchronized from its authenticating Domain Controller.
  • All Domain Controller gets its time synchronized from PDC Emulator in a domain.
  • PDC emulator in child domains gets its time synchronized from domain controller in the parent domain.
  • PDC Emulator is configured to an external time server to get its time configured correctly. If PDC emulator is not configured to external time server then whatever time is set on PDC emulator gets applied.

So what are the functions performed by PDC Emulator?

1. It acts a time synchronizer for all the domain controllers.

2. Password changes, Account Lockouts are always replicated to PDC Emulator from Domain controllers.

3. PDC Emulator should be available when creating or modifying Group Policies.

 

 

Mohammed Hayat Ahmed
by Mohammed Hayat Ahmed , Team Lead-IT DataCenter Operations , Confidential

Primary Domain Controller Provides Valuable services in terms of User authentications,Account Lockouts and Time Synchronization. As soon as the User logon to domain the first service that comes into picture is PDC. any failed logon attempts are first forwarded to  PDC emulator before returning a bad logon message to the User.

Write Your Answer
More Questions Like This