FSMO ROLES
OR
OPERATION MASTERS
(FSMO = Flexible Single Operation Masters)
In a domain network, there can be more than one DC. The
entire DCs act as Masters and any change can be made in the Active Directory
Database of any DC and that change is replicated to all other DCs. Many tasks
can be performed by all the DCs at the same time. But there are some tasks or
roles which can be performed by only one DC at a time. Such roles are called
FSMO roles. Any DC having such FSMO role(s) is called Operation Master.
entire DCs act as Masters and any change can be made in the Active Directory
Database of any DC and that change is replicated to all other DCs. Many tasks
can be performed by all the DCs at the same time. But there are some tasks or
roles which can be performed by only one DC at a time. Such roles are called
FSMO roles. Any DC having such FSMO role(s) is called Operation Master.
There are five FSMO roles. All these roles are present in the First DC but
these can be transferred to other DCs.
FSMO Roles are:
1. Schema Master
Role
Role
2. Domain Naming
Master Role
Master Role
3. RID (Relative
ID) Master Role
ID) Master Role
4. Infrastructure
Master Role
Master Role
5. PDC (Primary DC)
Emulator Master Role
Emulator Master Role
SCHEMA MASTER ROLE
Schema refers to the logical layout of Active Directory.
Active Directory Schema is made up of classes and attributes. A class refers to
objects (users, groups, computers etc.,) in the Active Directory. Attribute
refers to the properties of a class or object. For example, fist name, last
name, address etc. refers to the attributes of a user object.
Active Directory Schema is made up of classes and attributes. A class refers to
objects (users, groups, computers etc.,) in the Active Directory. Attribute
refers to the properties of a class or object. For example, fist name, last
name, address etc. refers to the attributes of a user object.
DC having schema master role helps in making changes in the
schema. There can be only one DC having this role in the entire forest. This
role is present only in the root (parent) domain.
schema. There can be only one DC having this role in the entire forest. This
role is present only in the root (parent) domain.
DOMAIN NAMING MASTER ROLE
DC having this role is contacted whenever you remove or add
a new domain in the forest. There can be only one DC having this role in the
entire forest. This role is present only in the root (parent) domain.
a new domain in the forest. There can be only one DC having this role in the
entire forest. This role is present only in the root (parent) domain.
RID MASTER ROLE
DC having this role helps in creating Relative IDs or Security IDs whenever you
create any new object (user, group etc) in the Active Directory. A SID
(Security Identifier) is created for the new object. There must be one DC having
this role in every domain network. Only a single DC can have this role in any
domain.
INFRASTRUCTURE MASTER ROLE
DC having this role is contacted whenever you remove or add members to a group
and this role helps in updating group membership. There must be one DC having
this role in every domain network.
Only a single DC
can have this role in any domain.
can have this role in any domain.
PDC EMULATOR ROLE
DC having this role acts as Time Server in the domain network and synchronizes
time on every PC in the domain. DC having this role also acts as Primary DC for
a Windows NT Backup domain controller. There must be one DC having this role in
every domain network.
Only a single DC
can have this role in any domain.
can have this role in any domain.
HOW TO FIND
ROLES?
ROLES?
- If you want to know which DC is having a specific role(s) in a
domain network, then open Active Directory Users and Computers. - Right-click on domain-name > Operation Masters.
- You can find RID, PDC and Infrastructure Roles.
- To find Domain Naming Master role, open Active Directory Domains
and Trusts. - Right-click on Active Directory Domains and Trusts >
Operation Master. - To find Schema Master Role, at first install Active Directory
Schema snap-in. - To install this snap-in, in the RUN, type:Mmc
- Click O.K. and open File > add/remove snap-in > Add.
- Select ‘Active Directory Schema’ > Add > Close
> O.K. - Select File > Save.
- If you can’t find ‘Active Directory Schema’, then in the
RUN, type Regsvr32 schmmgmt.dll - Click O.K.
- Again type in the RUN Mmc
- Click O.K. .
- Now open Active Directory Schema and you can find the DC having
this Role.
HOW TO TRANSFER
ROLES?
ROLES?
1. By default, all the five roles are present in the First DC. But if
your network has many DCs, you can also transfer these roles to other DCs in
order to ensure some sort of fault-tolerance and load-balancing for the roles.
your network has many DCs, you can also transfer these roles to other DCs in
order to ensure some sort of fault-tolerance and load-balancing for the roles.
2. Open Active Directory Users and Computers.
3. Right-click on the domain-name > connect to domain
controller.
controller.
4. Highlight the name of DC to which you want to transfer a role.
5. Click O.K.
6. Now right-click on the Active Directory Users and Computers
> Operation Masters.
> Operation Masters.
7. Select a role (RID, PDC or Infrastructure) which you want to
transfer and click on Change.
transfer and click on Change.
