Role that has the authority to manage the creation and deletion of domains, domain trees, and application data partitions in the forest. Upon creation of any of these, the Domain Naming Master ensures that the name assigned is unique to the forest.

Global catalog service that listens on port 3268 to respond to requests to search for an object in Active Directory.

Domain-specific role that is responsible for reference updates from its domain objects to other domains. This assists in tracking which domains own which objects.

Partial copy of all objects from other domains within the same forest. This partial copy of forest-wide data includes a subset of each object’s attributes.

Role that provides backward compatibility with Microsoft Windows NT 4.0 domains and other down-level clients.

Variable-length number that is assigned to objects at creation and becomes part of the object’s security identifier (SID).

Role that is responsible for assigning relative identifiers to domain controllers in the domain. Relative identifiers are variable-length numbers assigned by a domain controller when a new object is created.

Active Directory role that has forest-wide authority to manage changes to the Active Directory schema.

Forced, ungraceful transfer of a role. This procedure is used only in the event of a catastrophic failure of a domain controller that holds a FSMO role.

Memberships stored in the global catalog. A universal group can contain users, groups, and computers from any domain in the forest. In addition, universal groups, through their membership in domain local groups, can receive permissions for any resource anywhere in the forest.

Stores universal group memberships on a local domain controller that can be used for logon to the domain, eliminating the need for frequent access to a global catalog server.