Synology SA3400 Synology Directory Server Administrator s Guide for DSM 7.1 - Page 14

Chapter 3: Manage the Domain Get FSMO Roles The PDC is the holder of the following FSMO roles by default: PDC Emulator, RID Master, Infrastructure Master, Domain Naming Master, and Schema Master. However, the SDC that acts as a RWDC can get the FSMO roles from the PDC. The PDC can also get the roles back from the SDC. 1. On a RWDC, go to Domain > Domain Controller. 2. Click on the RWDC that is going to get a FSMO role, and select Get FSMO Role. 3. Select one of the following modes from the Role-getting mode drop-down menu. • Transfer role: Transfer a role from the other RWDC to the current one. • Seize role: Take the role of the other RWDC by force. Seizing roles may cause synchronization problems between RWDCs. We suggest using this mode only when the original FSMO role owner is unexpectedly and permanently offline. 4. Select the role to take from the Role drop-down menu. 5. Enter the administrator account and password of your domain. 6. Click Submit to get the role from the other RWDC. Add Password Replication Policies Password replication policy allows you to determine which user account passwords can be replicated to a RODC. Once a password replication policy is added and a user account is in the allowed list of the password replication policy, the user account password is replicated to the RODC. A RODC that is permitted to replicate a user account password authenticates the user's logins, without forwarding authentication requests to a RWDC (i.e., a PDC or SDC). However, a RODC that is denied from replicating a user account will forward the authentication request to a RWDC. 11