Acts as the authority for changes to the Active Directory schema (the specification of the object types and properties stored in the Directory). One server per forest acts as the schema master.
Manages additions, deletions, and changes to the domains contained within the Active Directory forest. One server per forest acts as domain naming master.
Manages the identifiers used to associate objects with containers and allows objects to be moved between containers. One server per domain acts as relative ID master.
Emulates a Windows NT 4.0 PDC for compatibility with older systems. One server per domain acts as PDC emulator.
Manages associations between users and groups. One server per domain acts as infrastructure master.
|LM and NTLM|
If you are using Active Directory, this is the master CA. It issues the certificates for the enterprise subordinate CA servers, so its security must not be compromised. Otherwise, your whole certificate system can be compromised by hijacked or impersonated CA servers. The enterprise CA requires both Active Directory and Windows 2000 DNS.
If you’re not using Active Directory, this is the master CA. It issues the certificates for the standalone subordinate CA servers, so its security ...