Active Directory FSMO Roles Explained




This article offers a simplified explanation of the 5 Active Directory FSMO (pronounced “FisMO”) roles.

Active Directory FSMO Roles

Active Directory (AD) operates a multi-master database model. Meaning that all Domain Controllers (DC) have writable copies of the AD Database. Though AD is multi-master database, there are some roles that has to be single-master roles.

Single-master roles means that one DC performs the operation and replicates to other DCs. These single-master operations roles are called FSMO (Flexible Single-Master Operations) roles.

The FSMO roles are sensitive roles that if performed by more than one DC will cause conflict. After going through this article you will have a better understanding of the 5 Active Directory FSMO roles.

The 5 Active Directory FSMO roles are:

  • RID Master
  • Schema Master
  • Domain Naming Master
  • Infrastructure Master and
  • PDS Emulator Master
Sponsored Content

When a DC assigned one of these roles performs an operation, the DC replicates the modified data to other DCs in the forest.

RID Master Active Directory FSMO Role

RID Master Active Directory FSMO Role

Domain Controllers create security principals like users, computers and so on. Every time a security principal is created the DC assigns the object a unique Security ID (SID). The SID has two components – Domain SID and a Relative ID (RID). Every object created in a domain has the same Domain SID. But the Relative ID (RID) is unique for each security principal created.

For a domain controller to assign RIDs, it has to have a pool of RIDs. The assignment of RID pools to DCs is a single master operations role. This operation is performed by the DC asigned the RID Master Flexible Single-Master Operations (FSMO) role.

Schema Master Active Directory FSMO Role

 Schema Master Active Directory FSMO Role

Active Directory Schema is a definition of object classes and their attributes. An example of an object class is Users. A user attribute is the User Name, Job title, etc.

Sometimes, an administrator may need to extend the Active Directory Schema. To extend a schema is to define a new object and its attributes. Schema extension operation is handled by one DC. The DC that handles addition and deletion of objects in the schema is called the Schema Master.

Domain Naming Master Active Directory FSMO Role

In an Active Directory forest, domains may be added or deleted. To avoid conflict, the addition and deletion of domains is a single-master operations role. The DC assigned the Domain Naming Master FSMO role handles domain addition and deletion in the AD forest.

The Domain Naming Master DC is also responsible for adding or removing cross references to domains in external directories.

Infrastructure Master Active Directory FSMO Role

Infrastructure Master Active Directory FSMO Role

In an AD forest with multiple domains, objects are cross-referenced from one domain to the other. The Domain Controller holding the Infrastructure Master FSMO role is responsible for keeping cross-domain object references up to date.

As an example, say an object in Domain-A is referenced by another object in Domain-B. When the referenced object is modified, the Infrastructure Master is responsible for updating the references.

A simple explanation of object referencing is when an object is accessed. For example, a user in Domain-A accesses a shared folder in Domain-B. When that shared folder changes, the Infrastructure Master FSMO role DC stores the updated object reference and replicates it to other DCs.

PDS Emulator Master Active Directory FSMO Role

PDS Emulator Master Active Directory FSMO Role

The PDC Emulator FSMO Domain Controller handles user authentication, password change and time synchronization. The DC assigned the PDC Emulator role also handles account lockouts and forwards authentication failures (triggered by incorrect passwords) to other DCs.

Sponsored Content


The Active Directory multi-master model means that any Domain Controller (DC) can update the AD database. But there ate 5 operations reserved for one DC. These are called Flexible Single-Master Operations (FSMO) roles.

I hope this guide simplified the explanation of these 5 Active Directory FSMO roles.

If you have any question or comment about Active Directory FSMO roles use the “Leave a Reply” form at the end of the page. Alternatively, you can share your experience transferring or seizing Active Directory FSMO roles.

Other Helpful Guides

Additional Resources and References


Please enter your comment!
Please enter your name here


network discovery keeps turning off server 2016

How to Fix Network Discovery If it Keeps Turning Off in Server 2016

Does network discovery keep turning off in your Windows server 2016? It is likely that one of its dependent services is not...
how to install windows 10 1903 update manually

How to Install Windows 10 1903 Update Manually

Windows 10 1903 Update was released in May, 2019. But some users are not yet offered the update via automatic update. The...
spotify web player not working

Spotify Web Player Not Working [Fixed]

Introduction Spotify Web Player may stop working for you with the following error messages: "Spotify Web Player an Error...
DISM.exe /Online /Cleanup-Image /Restorehealth

DISM.exe /Online /Cleanup-Image /Restorehealth Explained

What is DISM.EXE /Online /Cleanup-image /RestoreHealth? "DISM.exe /Online /Cleanup-Image /Restorehealth" is a DISM command that repairs issue with the...
DHCP Relay agent

DHCP Relay Agent: Configuration in Windows Server 2016

What is a DHCP Relay Agent? A DHCP Relay Agent allows DHCP clients in a different network subnet to...


Remote Desktop Connection

Remote Desktop Connection an Internal Error Has Occurred [Fixed]

Introduction I recently received the error message "Remote Desktop Connection an Internal Error Has Occurred". It was strange because...

Find My Samsung: Register and Use Samsung Find my Mobile

Introduction Ever wondered how you could find your Samsung phone if you lost it? Find my Samsung or Samsung...
What is the Difference Between PowerShell and CMD?

Windows Powershell vs CMD: Differences and Similarities

Introduction This short guide compares Windows PowerShell vs CMD (Windows command prompt). I will cover the history and nature...
Spotify No Longer Supports this Version of Microsoft Edge

Spotify No Longer Supports this Version of Microsoft Edge [Fixed]

Introduction When you open Spotify web player on Microsoft Edge, you may receive the error message "Spotify No Longer...
Windows 10 Won't Boot

Windows 10 Won’t Boot With Black Screen? 3 Ways to Fix It

Why Won't Windows 10 Boot Up? If your Windows 10 stops with a black screen, the first question in...


Remote Desktop Connection

Remote Desktop Connection an Internal Error Has Occurred [Fixed]

Introduction I recently received the error message "Remote Desktop Connection an Internal Error Has Occurred". It was strange because...
how to make Pivot Table

How to Make a Pivot Table in Excel

Introduction A Pivot Table allows you to analyze, summarize and calculate large data to help find relationships. With a...
Powershell Function

PowerShell Function: Syntax, Parameters, Examples

Introduction There are two types of PowerShell Functions, basic and advanced. A basic PowerShell Function is a list of...
dns server not responding featured image

“DNS Server Not Responding” Error [Fixed]

What Could Cause "DNS Server Not Responding" Error Message? The error messages "DNS Server Not Responding" or "DNS...

Get Help With File Explorer in Windows 10

Introduction Need to get help with the new file explorer in Windows 10? You are in the right place....


disable cortana windows 10 featured

How to Disable Cortana in Windows 10 (2 Methods)

Introduction Some Windows 10 users may not like Cortana. Solution? Disable Cortana. You are probably reading this because you...
bootrec /fixboot access is denied

How to Fix BootRec /FixBoot Access is Denied Error in Windows 10

Introduction BootRec /FixBoot Access is Denied Error in Windows 10? This error is likely caused by corrupt EFI directory.
Reset Windows 10

How to Reset Windows 10 (2 Methods)

Introduction If your Windows 10 is broken, one available way to fix it is to use Windows 10 reset....
system restore windows 10

How to Enable and Use System Restore in Windows 10

Introduction System restore in windows 10 is a very important tool that is probably ignored by most users. But...
windows has stopped this device code 43

How to Fix Windows Has Stopped this Device Code 43 Error

Introduction Sometimes you may receive "Windows has stopped this device code 43" error. This error is likely to come...
Windows could not automatically detect this network's proxy settings

How to Fix “Windows Could not Automatically Detect this Network’s Proxy Settings”

Introduction You suddenly lose the ability to connect to the internet. Then you run network troubleshooter and it returns...
printer offline

5 Ways to Restore Your Printer Online If Status is Offline

Introduction Is your printer offline? Setting it online is very simple but sometimes it is more than just setting...

How to Fix “BootMgr is Missing” Error in Windows 10

Introduction If you receive Fix "BootMgr is missing" Error in Windows 10, the default response is panic! But you...
windows 10 search featured

How to Fix Windows 10 Search If it Stops Working

Introduction Are you having troubles with Windows 10 search? Apparently, it is a fairly common problem with a number...
oooops, something went wrong. reload

How to Fix “Oooops something went wrong. reload” Spotify Error

Introduction If you receive "Oooops something went wrong. reload" Spotify error, do not panic. The fix is simpler than...


command prompt commands

20 Command Prompt Commands for Sys Admins

Introduction Here is my ultimate list of command prompt commands for very serious Windows Systems Administrators. For each command,...
Dynamic disks bs basic disks

Dynamic Disk vs Basic Disk: How to Convert to Dynamic Disk

Introduction Dynamic disk type was introduced by Microsoft with Windows 2000. Earlier versions of Windows Operating Systems used Basic...
we can t sign into your account

How to Fix “We Can’t Sign into Your Account” Error in Windows 10

Introduction You may receive "we can't sign into your account" error after upgrading to Windows 10. If this occurs...
powershell executionpolicy

PowerShell ExecutionPolicy Explained

What is PowerShell ExecutionPolicy? ExecutionPolicy in PowerShell is a security feature that controls how PowerShell loads configuration files and...

RAID 50 vs RAID 10: Benefits and Disadvantages Compared

What is RAID 50 vs RAID 10? RAID 50 stripes two RAID 5 arrays while RAID 10 stripes two...

By using this website you agree to accept our Privacy Policy and Terms & Conditions