What is this?

FSMO stands for “Flexible Single Mater Operations”. The terminology FSMO was given in Windows 2000 by Microsoft, but in Windows 2003 it is called Operations Master, However the features and its functionality remain same in Windows 2003 and most people still call it FSMO.

Active Directory has five special roles which are vital for the smooth running of AD as a multi master system. Some functions of AD require there is an authoritative master to which all Domain Controllers can refer to. These roles are installed automatically and there is normally very little reason to move them, however if you de-commission a DC and DCPROMO fails to run correctly or have a catastrophic failure of a DC you will need to know about these roles to recover or transfer them to another DC.

The FSMO Roles:

FSMO role is divided into two categories:

o Forest Wide Role

o Domain Wide Role

Forest Wide Role is further divided into two categories:

– Schema Master

The schema is shared between every Tree and Domain in a forest and must be consistent between all objects. The schema master controls all updates and modifications to the schema. To make such updates / modification to the schema of a forest, an access has been established with the schema master.

 

– Domain Naming Master

When a new Domain is added to a forest the name must be unique within the forest. The Domain naming master must be available when adding or removing a Domain in a forest.  This is responsible to keep the records of all the Names in the network, which includes Domain names, users, printers and other objects in the Domain. It is used to get the information of the names in the forest.

Domain Wide Role is further divided into three categories:

– Relative ID (RID) Master

Allocate RIDs to DCs within a Domain. When an object such as a user, group or computer is created in AD it is given a SID. The SID consists of a Domain SID (which is the same for all SIDs created in the domain) and a RID which is unique to the Domain. When moving objects between domains you must start the move on the DC which is the RID master of the domain that currently holds the object.

– Infrastructural Master

The infrastructure master is responsible for updating references from objects in its domain to objects in other domains. The global catalogue is used to compare data as it receives regular updates for all objects in all domains. Any change to user-group references are updated by the infrastructure master. For example if you rename or move a group member and the member is in a different domain from the group the group will temporarily appear not to contain that member.

– PDC (Primary Domain Controller ) Emulator

The PDC emulator acts as a Windows NT PDC for backwards compatibility, it can process updates to a BDC. It is also responsible for time synchronizing within a domain. It is also the password master for a domain. Any password change is replicated to the PDC emulator as soon as is practical. If a logon request fails due to a bad password the logon request is passed to the PDC emulator to check the password before rejecting the login request.

Backward Compatibility: When in NT scenario Active Directory is introduced we will face the following issue: In NT there is a PDC (Primary Domain Controller) and the other entire server is BDC (Backup Domain Controller).

Time synchronization: This is responsible to keep a track on time settings of the entire server and other client machines in the network.

Password changes are updated on PDC Emulator: When there is a password change made in any of the machines it is first replicated to PDC Emulator which then reflects to other ADC as per scheduled.

Unless there is only one DC in a domain the Infrastructure role should not be on the DC that is hosting the global catalogue. If they are on the same server the infrastructure master will not function, it will never find data that is out of date and so will never replicate changes to other DCs in a domain. If all DCs in a domain also host a global catalogue then it does not matter which DC has the infrastructure master role as all DCs will be up to date due to the global catalogue.

This entry was posted on Tuesday, April 29th, 2014 at 10:00 am and is filed under Windows FTP. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.