FSMO Roles

 

 

 

 

 

 

 

What is FSMO Role?

FSMO Role stands for flexible single  master operation

Schema Master 

Domain name Master 

PDC Emulator

RID Master (Relative ID)

Infrastructure Master 

 Schema Master 

The Schema Master is an enterprise-level role; there is only one Schema Master in an Active Directory forest.  

schema master controls all updates and modification to the schema.

once the schema update completed it is replicated from the schema master to all other DC's in the directory.

Note : This includes activities such as raising the functional level of the forest and upgrading the operating system of a domain controller to a higher version than currently exists in the forest

 Domain name Master 

The Domain Naming Master is an enterprise-level role; there is only one Domain Naming Master in an Active Directory forest. 

Domain name Master controls add or remove domains or application partitions in the forest.

PDC Emulator: Primary domain controller emulator 

PDC Emulator is a domain-level role; there is one PDCE in each domain in an Active Directory forest.

PDC Emulator controls Time Synchronization,Password Update Processing,Group Policy Updates.

Note :

The PDCE in every other domain within the forest synchronizes its clock to the forest root PDCE, non-PDCE domain controllers synchronize their clocks to their domain’s PDCE, and domain-joined hosts synchronize their cloc    ks to their preferred domain controller.    

 When computer and user passwords are changed or reset by a non-PDCE domain controller, the committed update is immediately replicated to the domain’s PDCE.

All Group Policy Object (“GPO”) updates are committed to the domain PDCE  

 

RID Master (Relative ID)

 The Relative Identifier Master (“RID Master”) is a domain-level role; there is one RID Master in each domain in an Active Directory forest. 

RID master attach unique security ID(SID) to security principle objects.       

                                       

Note : RID master responsible for creates a security principle objects such as a (user, group and computer). Its attach unique security ID(SID) to that objects.     

RIDs are used during object creation to generate the new object’s unique Security Identifier (“SID”). The RID Master is also responsible for moving objects from one domain to another within a forest.

 Infrastructure Master 

The Infrastructure Master is a domain-level role; there is one Infrastructure Master in each domain in an Active Directory forest. 

Infrastructure Master controls Distinguished Names or DNs,Security Identifiers or SIDs,Globally Unique Identifiers or GUIDs; between domain controller roles.

 The infrastructure master role responsible to updating an object's SID and distinguished name  in a cross-domain object.