Flexible Single Master Operation (FSMO) Roles Overview
Instructions
Q&A (0)
Notes (0)
Resources (0)
Saving Progress...
Resources
There are no resources for this lesson.
Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.
In this lecture we’re going to learn about FSMO roles. This becomes relevant when you have more than one Domain Controller within your active directory domain.
FSMO (commonly referred to as “fis-mo”) stands for Flexible Single Master Operation. These roles can be assigned to different Domain Controllers and prevent multiple domain controllers from simultaneously making changes to the same resources.
The five FSMO roles are as follows:
- Schema Master – one per forest
- Domain Naming Master – one per forest
- Relative ID (RID) Master – one per domain
- Primary Domain Controller (PDC) Emulator – one per domain
- Infrastructure Master – one per domain
Schema Master
This role determines what server is responsible for managing the Active Directory Schema for your Active Directory forest.
Domain Naming Master
This role is responsible for the directory partitions within your forest. One example of when you use the Domain Naming Master role is when you create or remove an active directory domain within a forest.
RID (Relative ID) Master
This role is responsible for assigning blocks of SIDs (security Identifiers) to your Domain Controller so they can assign them to newly created Active Directory objects.
PDC (Primary Domain Controller) Emulator
Generally you would expect DC01 to hold the PDC Emulator role. This is the primary DC in your domain. It’s responsible for authentication requests, password changes, GPOs (group policy objects), and the time server for your domain.
Infrastructure Master
The infrastructure master translates GUIDs (Globally Unique Identifiers), SIDs (Security Identifiers), and DNs (Distinguished Names) between the domains in your forest. If this role is not properly working then sometimes you will see an objectSid in instead of a name in an ACL (access control list)
i think this topic needs to be broken down in simpler terms so the foundation can be understood. At the moment your explanation of these roles is geared towards a more intermediate-advanced audience.
This is the stuff I have been curios about. Thank you for the overview. Now, when I read this material in books I have a visual (and hands-on, thank you) reference to look back on. Thanks, Paul for a great course. I am anxious to get to automating these steps with PowerShell!
Im working on the lab that you transfer the FSMO and when I go to change it to second server I notice it says its unavailable and not sure why I have do this lab multiple times and it does the same thing ever time. Please help
Hi
Kody Anderson
Check the network IP settings to match the SADC1 server except with the IP which should be 10.1.0.11. I. I have seen other issue that it need to be on the FSMO holder which is SADC1 where we need to register the dll and perform the change. If it still appear multiple times then I’ll check on the lab and get back to you.
Ricardo