FSMO ROLES:-

Active Directory has 5 operations master roles,It is otherwise called Flexible single master operation  role(FSMO Roles).This ensure that the Active directory database kept consistence.The five operation master roles are:-

 Forest Wide Role                                                                                            Domain wide Role

• Schema Master Role                                                                  .   RID(Relative ID) master role
• Domain Naming Master role                                                     . PDC Emulator

                                                                                                                . Infrastructure Master roles

 

 

Schema Master Roles:-

•   It is the basic layout of the forest or it defines the design or structure of Active Directory database.
• It is one per forest.
• If you do any change in schema then the change cann't be reversed.If you transfer or seize  the schema master role to another DC then that cann't be reversed back.
• To update(change) the schema of a forest,You must have acces to the schema master role.(For that you should be a member of schema admin group).Once the schema master is updated , it is automaticly replicated throughout forest .

 

 

Domain Naming Master Role:-

 

•  It is use when we adding or removing domains inside the forest.
• It is one per forest. Microsoft recomends both the roles must be stored in same server.
• No duplicacy of domain name cann't be done(The Domain Naming Master is responsible for ensuring that two domains in the forest do not have the same name.)

 

RID(Relative ID) master roles:-

 

• It is responsible for allocate RID pools.
• RID uses SID(Security identification).All the objects in AD are assigned with a unique no. called SID, That is associated with RID.
• If you seize the RID master role then it will not allow the AD to creat any object inside the AD or  If the Domain Controller runs out of RIDs and can’t contact the RID Master, no objects in Active Directory can be created on that Domain Controller.
• It is one per Domain.
 
 
PDC Emulator:-
 
• Originally the PDC Emulator provided a bridge between Windows NT4 Domain Controllers and Windows Server 2000 Domain Controllers. Even if you do not have any NT4 Domain Controllers on your network, it still provides some services.
• It keeps the time accurate inside the Domain.(Ex- Microsoft keeps Atomic Clock inside the domain to accurate the time inside the domain, Whether the domain is not in Internet.).
• When a user enters in a wrong password, the PDC Emulator may be contacted to find out if this password is in fact an updated password. Password changes are replicated to the PDC Emulator first and thus it is considered the final authority on correct and incorrect passwords.
• The PDC Emulator is contacted when changes to DFS (Distributed File System) are made. This can be switched off if the load on the PDC Emulator becomes too great.

  Infrastructure Master role:-

• The Infrastructure Master is responsible for ensuring that objects that use multiple domain references are kept up to date and consistent.
• In multi domain forest (Ex: server 2000 , server 2003 & server 2008), We cann't deploy the Infrastructure master role and Global catalog in a same server.

Please Read more about the fsmo role commands, transfer roles and seize the roles on the next post.