Windows

Tech Tip: Learn the five FSMO roles in Active Directory

When deploying Active Directory, it's important to understand the various Flexible Single Master Operations (FSMO) roles that a domain controller can provide. Learn more about the five FSMO roles.

In another tip, we discussed some key differences between Active Directory and the NT 4 domain model as it pertains to server roles. When deploying Active Directory, it's important to understand the various Flexible Single Master Operations (FSMO) roles that a domain controller can provide.

While Active Directory is a distributed system, some servers only carry out specific roles. If something happens to this server or you need a more substantial server to handle a particular role, you must know which servers are handling each role.

There are five FSMO roles:

  • PDC emulator (one per domain): This role allows Windows Server 2003 to act as a Windows NT primary domain controller (PDC), and it provides replication support for Windows NT-based backup domain controllers (BDCs). In addition, this role assists with time and group policy synchronization.
  • Infrastructure master (one per domain): This role is responsible for updating the group-to-user references whenever the members of groups change or receive new names.
  • Relative ID (RID) master (one per domain): This role ensures that every object created has a unique identification number.
  • Schema master (one per forest): This role is responsible for maintaining and modifying the Active Directory schema.
  • Domain naming master (one per forest): This role is responsible for the addition and deletion of domains in a forest.

1 comments
jonathanlackman
jonathanlackman

Mnemonic for this is Poor Islands Raise Standard Dancers