Flexible Single Master Operation (FSMO) Roles Overview

In this lecture we’re going to learn about FSMO roles. This becomes relevant when you have more than one Domain Controller within your active directory domain.

FSMO (commonly referred to as “fis-mo”) stands for Flexible Single Master Operation. These roles can be assigned to different Domain Controllers and prevent multiple domain controllers from simultaneously making changes to the same resources.

The five FSMO roles are as follows:

• Schema Master – one per forest
• Domain Naming Master – one per forest
• Relative ID (RID) Master – one per domain
• Primary Domain Controller (PDC) Emulator – one per domain
• Infrastructure Master – one per domain

Schema Master

This role determines what server is responsible for managing the Active Directory Schema for your Active Directory forest.

Domain Naming Master

This role is responsible for the directory partitions within your forest. One example of when you use the Domain Naming Master role is when you create or remove an active directory domain within a forest.

RID (Relative ID) Master

This role is responsible for assigning blocks of SIDs (security Identifiers) to your Domain Controller so they can assign them to newly created Active Directory objects.

PDC (Primary Domain Controller) Emulator

Generally you would expect DC01 to hold the PDC Emulator role. This is the primary DC in your domain. It’s responsible for authentication requests, password changes, GPOs (group policy objects), and the time server for your domain.

Infrastructure Master

The infrastructure master translates GUIDs (Globally Unique Identifiers), SIDs (Security Identifiers), and DNs (Distinguished Names) between the domains in your forest. If this role is not properly working then sometimes you will see an objectSid in instead of a name in an ACL (access control list)

![](ht…