0/1 Lessons

Course Introduction

• 1min

0 / 1 lessons complete

Getting Started with Active Directory Domain Services

• 52min

0 / 6 lessons complete

Introduction to Active Directory Users & Computers

• 1hr 27min

0 / 10 lessons complete

Adding a Second Domain Controller

• 1hr 31min

0 / 7 lessons complete

Active Directory Backups

• 1hr 24min

0 / 5 lessons complete

How to Administrate Active Directory with Windows PowerShell

• 1hr 58min

0 / 7 lessons complete

Administrating AD SS (Active Directory Sites and Services)

• 1hr 3min

0 / 5 lessons complete

Active Directory Trusts

• 54min

0 / 5 lessons complete

Modifying the Active Directory Schema

• 43min

0 / 3 lessons complete

Course Conclusion

• 2min

0 / 1 lessons complete

Saving Progress...

In this lecture we’re going to learn about FSMO roles. This becomes relevant when you have more than one Domain Controller within your active directory domain.

FSMO (commonly referred to as “fis-mo”) stands for Flexible Single Master Operation. These roles can be assigned to different Domain Controllers and prevent multiple domain controllers from simultaneously making changes to the same resources.

The five FSMO roles are as follows:

  • Schema Master – one per forest
  • Domain Naming Master – one per forest
  • Relative ID (RID) Master – one per domain
  • Primary Domain Controller (PDC) Emulator – one per domain
  • Infrastructure Master – one per domain

Schema Master

This role determines what server is responsible for managing the Active Directory Schema for your Active Directory forest.

Domain Naming Master

This role is responsible for the directory partitions within your forest. One example of when you use the Domain Naming Master role is when you create or remove an active directory domain within a forest.

RID (Relative ID) Master

This role is responsible for assigning blocks of SIDs (security Identifiers) to your Domain Controller so they can assign them to newly created Active Directory objects.

PDC (Primary Domain Controller) Emulator

Generally you would expect DC01 to hold the PDC Emulator role. This is the primary DC in your domain. It’s responsible for authentication requests, password changes, GPOs (group policy objects), and the time server for your domain.

Infrastructure Master

The infrastructure master translates GUIDs (Globally Unique Identifiers), SIDs (Security Identifiers), and DNs (Distinguished Names) between the domains in your forest. If this role is not properly working then sometimes you will see an objectSid in instead of a name in an ACL (access control list)

3.6 5 votes
Lesson Rating
Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments

profile avatar
Beno Tsintsadze(@beno-tsintsadze)
5 months ago

i think this topic needs to be broken down in simpler terms so the foundation can be understood. At the moment your explanation of these roles is geared towards a more intermediate-advanced audience.