What are FSMO Roles in Active Directory

By
Naveen Kumar
-
1612
Advertisement

Active Directory is a directory service used to store information about the network resources across a domain. An Active Directory (AD) structure is a hierarchical framework of objects. The objects fall into three broad categories – resources (e.g. printers , services (e.g. e-mail ), and users (accounts, or users and groups). The AD provides information on the objects, organizes the objects, controls access, and sets security.

FSMO (Flexible Single Master Operation) Roles in Active Directory

Domain naming master. This domain controller manages the addition and removal of domains in the forest. A forest can have only one domain naming master, which can be transferred to another domain controller through the Active Directory Domains and Trusts snap-in.

Schema master. The schema master controls updates to the domain schema data. There is one schema master in the entire forest. It can be transferred to another domain controller through the Active Directory Schema Master snap-in.

PDC Emulator master. In a mixed Windows 2000 and Windows NT environment, the PDC Emulator master supports the BDCs. Thus, it manages user account and password changes, and forwards that information to the Windows NT BDC. In a native mode Windows 2000 environment, the PDC Emulator master receives preference in the replication of user account passwords. Before a logon fails, it is checked for updated information. This master role can be transferred to another domain controller through the Active Directory Users and Computers snap-in.

Relative ID master. A single relative ID master in each domain of a tree manages the allocation of sequential relative IDs (RIDs) to each of the domain controllers. This makes all security IDs (SIDs) created in a domain relative to the domain controller. This master role can be transferred to another domain controller through the Active Directory Users and Computers snap-in.

Infrastructure master. The infrastructure master is responsible for managing group and user references. Expect a delay in changes to user g when they are made across domains. Updates to other domains are made by the infrastructure master domain controller via a process called multimaster replication. This master role can be transferred to another domain controller through the Active Directory Users and Computers snap-in.

RELATED ARTICLESMORE FROM AUTHOR