Flexible Single Master Operations (FSMO) Roles in Active Directory Service (ADS) - Windows Server 2003 / 2003 R2 / 2008 / 2008 R2 / 2012 / 2012 R2 / 2016 


What are FSMO Roles available in ADS?

The operations master roles, also known as flexible single master operations (FSMO) roles, perform specific tasks within a domain. The five FSMO roles are:
  • Schema Master - ( Per Forest)
  • Domain naming Master - ( Per Forest)
  • Infrastructure Master -  ( Per Domain)
  • Relative ID (RID) Master - ( Per Domain)
  • PDC Emulator -  ( Per Domain)
Schema Master (Per Forest)

Any update or modification done to the schema must go via the schema master domain controller. To make such updates / modification to the schema of a forest, an access has be established with the schema master. There can be only one schema master in the entire forest.

Domain naming Master - (Per Forest)

The domain controller holding the domain naming master role exclusively controls the addition or removal of domains in the forest. There can be only one domain naming master in the entire forest.

Relative ID (RID) Master - (Per Domain)

It is the task of RID master to allot sequences of relative IDs to each of the (numerous) domain controllers in its domain. When a domain controller creates a user, group, or computer object, a unique security ID (SID) is assigned to the object. The SID contains two elements:
·         One is the domain SID (which is the same name for all SIDs that’s created in a domain) And the other is an RID, which is unique for each SID created in the domain.

PDC Emulator - (Per Domain)

In order to ensure consistency, password changes from client computers must be replicated and updated to all domain controllers throughout the domain. And the PDC emulator can be configured to synchronize with an external time source.

Infrastructure Master - (Per Domain)

Tasks such as updating references from objects in its domain to objects in other domains are under the purview of the infrastructure master. The infrastructure master compares its data with that of a global catalog, which receives regular updates for objects in all domains through replication, thus making the global catalog data up to date. 
Find FSMO Role holders in Domain Controller.

Running below command on domain controller command prompt, we can get information about FSMO Role holder in particular domain.

Command : Netdom query fsmo





Comments

Post a Comment