Forest-wide Roles
Forest-wide
roles are unique to a forest, forest-wide roles are:
●
Schema master:
Controls all updates to the schema. The schema contains the master list of object classes and attributes that are used to create all Active Directory objects, such as users, computers, and printers.
Controls all updates to the schema. The schema contains the master list of object classes and attributes that are used to create all Active Directory objects, such as users, computers, and printers.
●
Domain naming master:
Controls the addition or removal of domains in the forest. When you add a new domain to the forest, only the domain controller that holds the domain naming master role can add the new domain.
Controls the addition or removal of domains in the forest. When you add a new domain to the forest, only the domain controller that holds the domain naming master role can add the new domain.
There
is only one schema master and one domain naming master in the entire forest.