A Brief Introduction to FSMO And 5 FSMO Roles

2020-12-05
4.8
(5)
Summary: This article aims to briefly introduce Flexible Single Master Operations (FSMO), and 5 FSMO roles in Active Directory.

What Is FSMO?

FSMO, short for Flexible Single Master Operations, is a feature of the Microsoft Activity Directory (AD). But the term FSMO had been deprecated as of 2005 in favour of the operations masters. FSMO is a dedicated domain controller (DC) tasks set used when standard data transfer and update methods are not enough.

Activity Directory typically relies on multiple equivalent DCs. Each has a copy of the AD database, synchronized via multi-master replication. FSMO does not suit for multi-master replication and only uses a single-master database.

Five FSMO Roles

There are five FSMO roles of Active Directory, two are enterprise-level (that is, one per Forest) and three are domain-level (that is, one per domain).

Per-Forest Roles

The two roles are unique at the forest level, and both of them locate in the forest root domain.

Schema Master

This role enables schema changes to be replicated to all other domain controllers in the Forest. However, the Schema Master role rarely does any work because the schema of the Active Directory rarely changes.

This role typically participates in deploying Exchange Server and Skype for Business Server, and domain controllers from one version to another, because all of these involve changes to the active directory schema.

Domain Naming Master

The Domain Naming Master role handles all changes to the namespace. If this role fails to function correctly, it may prevent the addition of new sub-domains or new domain trees.

The availability of this role is also necessary to delete existing domains and application partitions from the Forest.

Per-domain roles

PDC Emulator

Among all FSMO roles, this role is the most used one. It has the most extensive functionality. The PDC Emulator role simulates the capabilities of Windows NT 4.0 PDC, so in a hybrid environment where Windows NT 4.0 BDC still exists, domain controllers with PDC emulator roles are critical.

The PDC Emulator role owner is responsible for several vital operations: Backward Compatibility, Time Synchronization, Password Update Processing, Group Policy Updates, and Distributed File System.

RID Master

This role owner is the single DC that is responsible for processing RID Pool requests from all DCs in a given domain. The RID pools are made up of a unique continuous RIDs, which are used to generate a unique Security Identifier (SID) for new objects during object creation. It also takes responsibility for moving items from one domain to another in the Forest.

Infrastructure Master

The Infrastructure Master role owner, which is the domain controller in each domain, hold responsible for managing phantom objects.

The Infrastructure Master aims to ensure that cross-domain object references are handled correctly. This role ensures whether a user of one domain is correctly added to a security group from another domain. However, suppose there is only one domain in the Active Directory deployment. In that case, the Infrastructure Master role doesn’t work at all and is rarely used even in a multi-domain environment unless complex user management tasks are performed.

Moving FSMO Roles

By default, Active Directory assigns all operations master roles to the first DC that is created in the Forest. To offer fault tolerance, multiple domain controllers should be available in each domain in the Forest. If a new domain is made in the Forest, the first DC in the new domain retains the FSMO role for all domain scopes.

It is not a good location if the domain has a large number of domain controllers. Microsoft recommends dividing the FSMO roles carefully and preparing to back up DC to take over each role. If possible, the PDC simulator and RID Master need to be on the same DC. Domain Naming Master and Schema Master should also be in the same DC.

Hope you will learn more about FSMO by reading the above contents.

 

How useful was this post?

Click on a star to rate it!

Average rating 4.8 / 5. Vote count: 5

No votes so far! Be the first to rate this post.

Previous Article

What Is a Dongle? Look Here For All Information About It Summary: This article aims to briefly introduce Flexible Single Master Operations (FSMO), and 5 FSMO roles in Active Directory. What...

Next Article

Check Whether A Program Is 64-bit Or 32-bit In Windows 10 Summary: This article aims to briefly introduce Flexible Single Master Operations (FSMO), and 5 FSMO roles in Active Directory. What...

About Bitwar Data Recovery

3 Steps to get back 500+ kinds of deleted, formatted or lost documents, photos, videos, audios, archive files from various data loss scenarios.

Learn More

Hot Articles

    Related Articles