Share via

AD DS: The domain controller must be able to connect to the PDC emulator master in this domain

Updated: August 31, 2012

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Active Directory Domain Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (

Operating System

Windows Server 2008 R2

Windows Server 2012


Active Directory Domain Services (AD DS)






The domain controller cannot connect to the primary domain controller (PDC) emulator master in this domain.


The PDC emulator processes password changes from earlier-version clients and other domain controllers on a best-effort basis; handles password authentication requests involving passwords that have recently changed and not yet been replicated throughout the domain; and, by default, synchronizes time. If this domain controller cannot connect to the PDC emulator, this domain controller cannot process authentication requests, it may not be able to synchronize time, and password updates cannot be replicated to it.


Make sure that this domain controller is connected to the PDC emulator master in this domain.

Troubleshoot the domain controller that cannot connect to the PDC emulator master in this domain. If issue is not identified and resolved, troubleshoot the domain controller that holds the PDC emulator operations master (also known as flexible single master operations or FSMO) role. For more information, see Responding to operations master failures (

Additional references

For more information, see Operations master roles (