In another tip, we discussed some key differences
between Active Directory and the NT 4 domain model as it pertains
to server roles. When deploying Active Directory, it's important to
understand the various Flexible Single Master Operations (FSMO)
roles that a domain controller can provide.
While Active Directory is a distributed system,
some servers only carry out specific roles. If something happens to
this server or you need a more substantial server to handle a
particular role, you must know which servers are handling each
There are five FSMO roles:
emulator (one per domain): This role allows Windows Server 2003
to act as a Windows NT primary domain controller (PDC), and it
provides replication support for Windows NT-based backup domain
controllers (BDCs). In addition, this role assists with time and
group policy synchronization.
Infrastructure master (one per
domain): This role is responsible for updating the
group-to-user references whenever the members of groups change or
receive new names.
Relative ID (RID) master (one
per domain): This role ensures that every object created has a
unique identification number.
master (one per forest): This role is responsible for
maintaining and modifying the Active Directory schema.
naming master (one per forest): This role is responsible for
the addition and deletion of domains in a forest.