Active Directory FSMO Roles Explained

-

|

Introduction

This article offers a simplified explanation of the 5 Active Directory FSMO (pronounced “FisMO”) roles.

Active Directory FSMO Roles

Active Directory (AD) operates a multi-master database model. Meaning that all Domain Controllers (DC) have writable copies of the AD Database. Though AD is multi-master database, there are some roles that has to be single-master roles.

Single-master roles means that one DC performs the operation and replicates to other DCs. These single-master operations roles are called FSMO (Flexible Single-Master Operations) roles.

The FSMO roles are sensitive roles that if performed by more than one DC will cause conflict. After going through this article you will have a better understanding of the 5 Active Directory FSMO roles.

The 5 Active Directory FSMO roles are:

  • RID Master
  • Schema Master
  • Domain Naming Master
  • Infrastructure Master and
  • PDS Emulator Master
When a DC assigned one of these roles performs an operation, the DC replicates the modified data to other DCs in the forest.

1
RID Master Active Directory FSMO Role

Domain Controllers create security principals like users, computers and so on. Every time a security principal is created the DC assigns the object a unique Security ID (SID). The SID has two components – Domain SID and a Relative ID (RID). Every object created in a domain has the same Domain SID. But the Relative ID (RID) is unique for each security principal created.

For a domain controller to assign RIDs, it has to have a pool of RIDs. The assignment of RID pools to DCs is a single master operations role. This operation is performed by the DC asigned the RID Master Flexible Single-Master Operations (FSMO) role.

2
Schema Master Active Directory FSMO Role

Transfer Schema Master Role

Active Directory Schema is a definition of object classes and their attributes. An example of an object class is Users. A user attribute is the User Name, Job title, etc.

Sometimes, an administrator may need to extend the Active Directory Schema. To extend a schema is to define a new object and its attributes. Schema extension operation is handled by one DC. The DC that handles addition and deletion of objects in the schema is called the Schema Master.

3
Domain Naming Master Active Directory FSMO Role

In an Active Directory forest, domains may be added or deleted. To avoid conflict, the addition and deletion of domains is a single-master operations role. The DC assigned the Domain Naming Master FSMO role handles domain addition and deletion in the AD forest.

The Domain Naming Master DC is also responsible for adding or removing cross references to domains in external directories.

4
Infrastructure Master Active Directory FSMO Role

In an AD forest with multiple domains, objects are cross-referenced from one domain to the other. The Domain Controller holding the Infrastructure Master FSMO role is responsible for keeping cross-domain object references up to date.

As an example, say an object in Domain-A is referenced by another object in Domain-B. When the referenced object is modified, the Infrastructure Master is responsible for updating the references.

A simple explanation of object referencing is when an object is accessed. For example, a user in Domain-A accesses a shared folder in Domain-B. When that shared folder changes, the Infrastructure Master FSMO role DC stores the updated object reference and replicates it to other DCs.

5
PDS Emulator Master Active Directory FSMO Role

The PDC Emulator FSMO Domain Controller handles user authentication, password change and time synchronization. The DC assigned the PDC Emulator role also handles account lockouts and forwards authentication failures (triggered by incorrect passwords) to other DCs.

Conclusion

The Active Directory multi-master model means that any Domain Controller (DC) can update the AD database. But there ate 5 operations reserved for one DC. These are called Flexible Single-Master Operations (FSMO) roles.

I hope this guide simplified the explanation of these 5 Active Directory FSMO roles.

If you have any question or comment about Active Directory FSMO roles use the “Leave a Reply” form at the end of the page. Alternatively, you can share your experience transferring or seizing Active Directory FSMO roles.

Other Helpful Guides

Additional Resources and References

  • Was this post Helpful?
  • YesNo

LEAVE A REPLY

Please enter your comment!
Please enter your name here

ADVERTISEMENTS

FEATURED POSTS

Best Christian Movies on Netflix

The 10 Best Christian Movies on Netflix

This Itechguide reviews the 10 best christian movies on Netflix. The movies are listed in reverse order – with the 10th movie...
How to Change Orientation in Google Docs

How to Change Orientation in Google Docs

This Itechguide teaches you how to change orientation in Google Docs. The guide covers steps to change orientation in Google Docs from...
How to Delete Google Photos

How to Delete Google Photos

This Itechguide teaches you how to delete Google Photos. The guide offers steps to delete Google Photos from the Google Photos App...
How to Install Windows 10 1909 Update Manually

How to Install Windows 10 1909 Update Manually

This Itechguide teaches you how to install Windows 10 1909 update manually. Windows 10 1909 (otherwise known as Windows 10 November update)...
How to Create a Poll on Facebook

How to Create a Poll on Facebook

This Itechguide teaches you how to create a poll on Facebook. You can create a poll on Facebook from a Facebook page...

AMAZON DEALS

TRENDING POSTS

Remote Desktop Connection

Remote Desktop Connection an Internal Error Has Occurred [Fixed]

Introduction I recently received the error message "Remote Desktop Connection an Internal Error Has Occurred". It was strange because...

Find My Samsung: Register and Use Samsung Find my Mobile

Introduction Ever wondered how you could find your Samsung phone if you lost it? Find my Samsung or Samsung...
What is the Difference Between PowerShell and CMD?

Windows Powershell vs CMD: Differences and Similarities

Introduction This short guide compares Windows PowerShell vs CMD (Windows command prompt). I will cover the history and nature...
Spotify No Longer Supports this Version of Microsoft Edge

Spotify No Longer Supports this Version of Microsoft Edge [Fixed]

Introduction When you open Spotify web player on Microsoft Edge, you may receive the error message "Spotify No Longer...
Windows 10 Won't Boot

Windows 10 Won’t Boot With Black Screen? 3 Ways to Fix It

Why Won't Windows 10 Boot Up? If your Windows 10 stops with a black screen, the first question in...

ADVERTISEMENTS

BEST OF ITECHGUIDES

join windows insider program

How to Join Windows 10 Insider Program

Introduction When you join Windows Insider Program, you have the opportunity "to help shape the next evolution of Windows...
Best Thrillers on Netflix

The 10 Best Thrillers on Netflix

The thrillers on Netflix is quite a large number of movies. Knowing the best thrillers to watch can be a challenge.
How-to-Join-Facebook

How to Join Facebook for the First Time from the App or Facebook.com

Introduction You are reading this because you want to join Facebook for the first time! You are in the...
Microsoft Edge is not in group policy

How to to Make Microsoft Edge Policy Available in Group Policy

Introduction When I was writing How to Set Homepage in Microsoft Edge I realized that Microsoft Edge is not...

How to Add in Excel (Excel Sum) with Examples

Introduction There are different ways to add numbers in Excel. You could simply select the cells containing the data....

RECENT POSTS

How to Change Facebook Page Name

How to Change Facebook Page Name

This Itechguide teaches you how to change Facebook page name. The guide covers steps to change Facebook page name from a PC...
How to Change YouTube Channel Name

How to Change YouTube Channel Name

This Itechguide teaches you how to change YouTube channel name. The guide covers steps to change YouTube channel name from a PC.
How to Bold Text on Facebook Post

How to Bold Text on Facebook Post

This Itechguide teaches you how to bold text on Facebook post. The guide covers steps to bold text on Facebook post from...
Best Crime Documentaries on Netflix

The 10 Best Crime Documentaries on Netflix

This Itechguide reviews the 10 best crime documentaries on Netflix. The documentaries are listed in reverse order – with the 10th documentary...
Best Netflix Series

The 10 Best Netflix Series

This Itechguide reviews the 10 best Netflix series. The series are listed in reverse order – with the 10th series on top....

AMAZON DEALS

MUST READ

inaccessible boot device server 2016 fix

How to Fix Inaccessible Boot Device Error in Windows Server 2016

Introduction Some Windows admins have reported receiving "inaccessible boot device" error in Server 2016 after a Windows update. If...
How to Tag a Page on Facebook

How to Tag a Page on Facebook

This Itechguide teaches you how to tag a page on Facebook. This guide offers steps to tag a page on Facebook App...
powershell where

Powershell Where (Where-Object) Cmdlet: Syntax, Alias, Examples

Introduction PowerShell Where (Where-Object) selects objects from a collection based on specified property values. The full name of PowerShell...
Windows defender blocked by Group Policy

Windows Defender Blocked by Group Policy [Fixed]

Introduction If you receive the error message Windows Defender is blocked by group policy, your computer may have been...
How to Add Admin to Facebook Group

How to Add Admin to Facebook Group (From PC or Mobile App)

Introduction This guide demos how to add admin to Facebook group. After creating a Facebook group, you may need...

AMAZON DEALS

By using this website you agree to accept our Privacy Policy and Terms & Conditions