0/1 Lessons

Course Introduction

• 1min

0 / 1 lessons complete

Getting Started with Active Directory Domain Services

• 52min

0 / 6 lessons complete

Introduction to Active Directory Users & Computers

• 1hr 27min

0 / 10 lessons complete

Adding a Second Domain Controller

• 1hr 31min

0 / 7 lessons complete

Active Directory Backups

• 1hr 24min

0 / 5 lessons complete

How to Administrate Active Directory with Windows PowerShell

• 1hr 58min

0 / 7 lessons complete

Administrating AD SS (Active Directory Sites and Services)

• 1hr 3min

0 / 5 lessons complete

Active Directory Trusts

• 54min

0 / 5 lessons complete

Modifying the Active Directory Schema

• 43min

0 / 3 lessons complete

Course Conclusion

• 2min

0 / 1 lessons complete


Q&A (0)

Notes (0)

Resources (0)

Saving Progress...


There are no resources for this lesson.

Notes can be saved and accessed anywhere in the course. They also double as bookmarks so you can quickly review important lesson material.

Create note

In this lecture we’re going to learn about FSMO roles. This becomes relevant when you have more than one Domain Controller within your active directory domain.

FSMO (commonly referred to as “fis-mo”) stands for Flexible Single Master Operation. These roles can be assigned to different Domain Controllers and prevent multiple domain controllers from simultaneously making changes to the same resources.

The five FSMO roles are as follows:

  • Schema Master – one per forest
  • Domain Naming Master – one per forest
  • Relative ID (RID) Master – one per domain
  • Primary Domain Controller (PDC) Emulator – one per domain
  • Infrastructure Master – one per domain

Schema Master

This role determines what server is responsible for managing the Active Directory Schema for your Active Directory forest.

Domain Naming Master

This role is responsible for the directory partitions within your forest. One example of when you use the Domain Naming Master role is when you create or remove an active directory domain within a forest.

RID (Relative ID) Master

This role is responsible for assigning blocks of SIDs (security Identifiers) to your Domain Controller so they can assign them to newly created Active Directory objects.

PDC (Primary Domain Controller) Emulator

Generally you would expect DC01 to hold the PDC Emulator role. This is the primary DC in your domain. It’s responsible for authentication requests, password changes, GPOs (group policy objects), and the time server for your domain.

Infrastructure Master

The infrastructure master translates GUIDs (Globally Unique Identifiers), SIDs (Security Identifiers), and DNs (Distinguished Names) between the domains in your forest. If this role is not properly working then sometimes you will see an objectSid in instead of a name in an ACL (access control list)

3 2 votes
Lesson Rating
Notify of
profile avatar
Newest Most Voted
Inline Feedbacks
View all comments

profile avatar
Beno Tsintsadze(@beno-tsintsadze)
1 year ago

i think this topic needs to be broken down in simpler terms so the foundation can be understood. At the moment your explanation of these roles is geared towards a more intermediate-advanced audience.

profile avatar
Larry L(@larryl2)
4 months ago

This is the stuff I have been curios about. Thank you for the overview. Now, when I read this material in books I have a visual (and hands-on, thank you) reference to look back on. Thanks, Paul for a great course. I am anxious to get to automating these steps with PowerShell!