Is there a “Primary Domain Controller” in Active Directory?

The Historical Answer

With Windows NT, prior to the advent of Active Directory, there was one Primary Domain Controller (DC) per domain, and every other DC was a Backup.

The Modern Answer

When Active Directory was introduced with Windows 2000, domain controllers became fully multi-master. There is no primary domain controller. However, there are two caveats that may confuse you.

FSMO Operations Masters

Though Active Directory is multi-master, certain operations must take place in a way that ensure consistency across the domain controllers. For this reason, one DC will be designated as the Operations Master for each role. This is not the same thing as a Primary Domain Controller, because there are currently 5 master roles, and a different DC could hold each role. To view the current Operations Masters, run the following at a Windows command prompt:
NetDOM /query FSMO

In Powershell, you have to run two commands:
Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator
Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

References:

  1. Active Directory Operations Masters
  2. Powershell commands to show Operations Masters

Emulated Primary Domain Controller

One reason people still think there is a primary domain controller is that Active Directory emulates a primary DC (PDC) for backwards compatibility with Windows NT. Here are two ways to see which DC is “primary”. Note that the designation of “primary” is meaningless for a “modern” domain.

The commands in the previous section show which DC is the emulated PDC. Here are two more ways to show the PDC:

At a Windows command prompt:

nltest /dclist:

In Powershell:

Get-ADDomainController -Discover -Service PrimaryDC

Reference: Which domain controller is primary?

Leave a Reply