Microsoft KB Archive/228776

From BetaArchive Wiki

Article ID: 228776

Article Last Modified on 2/23/2007


APPLIES TO

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server


This article was previously published under Q228776

SUMMARY

User rights for designating Flexible Single Master Operation (FSMO) roles can be set for groups or users in an enterprise. This functionality gives administrators the ability to limit or add to the group of default users that can change FSMO role owners in an enterprise or domain.

MORE INFORMATION

Schema Master

By default, the only group of users with privileges to change the Schema Master FSMO role is the Schema Administrators group. This right can be changed in one of the following two places:

  • Open the Schema Manager snap-in, right-click Active Directory Schema Manager, and then click Permissions. Use the Change Schema Master permission to designate rights.
  • Using the Adsiedit tool from the Windows 2000 Support Tools, you can change the rights by right-clicking Schema Naming Context and then clicking Properties. Use the Change Schema Master permission to designate rights.

Domain Naming Master

By default, the only group of users with privileges to change the Domain Naming Master is the Enterprise Administrators group. This right can be changed by using the Adsiedit tool from the Windows 2000 Support Tools. Change the rights by right-clicking CN=Partitions under Configuratin Context and then clicking Properties. Use the Change Domain Master permission to designate rights.

PDC Emulator

By default, the only group of users with privileges to change the primary domain controller (PDC) Emulator is the Domain Administrators group. This right can be changed by using the Adsiedit tool from the Windows 2000 Support Tools. Change the rights by right-clicking DC=north,DC=microsoft,DC=com (for north.microsoft.com) under the Domain context and then clicking Properties. Use the Change PDC permission to designate rights.

Infrastructure Master

By default, the only group of users with privileges to change the Infrastructure Master is the Domain Administrators group. This right can be changed by using the Adsiedit tool from the Windows 2000 Support Tools. Change the rights by right-clicking CN=Infrastructure for the folder under the Domain context and then clicking Properties. Use the Change Infrastructure Master permission to designate rights.

RID Master

By default, the only group of users with privileges to change the RID Master is the Domain Administrators group. This right can be changed by using the Adsiedit tool from the Windows 2000 Support Tools. Change the rights by right-clicking CN=RID Manager$ in the CN=System folder under the Domain context, and then clicking Properties. Use the Change RID Master permission to designate rights.

You can also change the RID Master, PDC Emulator, and Infrastructure Master in the Active Directory Users and Computers snap-in by right-clicking the domain item, and then clicking Operations Master.

LDAP Representations

The following items are Lightweight Directory Access Protocol (LDAP) representations indicating where the permissions reside in Active Directory:

  • Primary Domain Controller (PDC) FSMO:

    LDAP://DC=MICROSOFT,DC=COM

  • RID Master FSMO:

    LDAP://CN=Rid Manager$,CN=System,DC=MICROSOFT,DC=COM

  • Schema Master FSMO:

    LDAP://CN=Schema,CN=Configuration,DC=MICROSOFT,DC=COM

  • Infrastructure Master FSMO:

    LDAP://CN=Infrastructure,DC=MICROSOFT,DC=COM

  • Domain Naming Master FSMO:

    LDAP://CN=Partitions,CN=Configuration,DC=MICROSOFT,DC=COM


Keywords: kbenv kbinfo KB228776



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/228776&oldid=125786
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki