Friday, August 19, 2011

Understanding of Flexible Single Master Operations (FSMO) Role / Server or Simply Operations Master for Windows 2003 and 2008 servers


What is FSMO Roles?

Microsoft designed Active Directory in such a fashion that you can perform most configuration activities from any domain controller. However, certain functions within the directory are restricted to specific domain controllers, which are known as Flexible Single Master Operations (FSMO) Role / Server or Simply Operations Master.

There are five roles in FSMO out which two roles are forest based and rest three are domain based roles.

Forest Based Roles

•Schema master

•Domain naming master

Domain Based Roles

•PDC emulator

•Infrastructure master

•RID master

In details below:-

Schema master—holds the only writable copy of the Active Directory Schema. This is a configuration database that describes all available object and function types in the Active Directory forest. Only one domain controller in the forest holds this role.

Domain naming master—ensures that any newly created domains are uniquely identified by names that adhere to the proper naming conventions for new trees or child domains in existing trees. Only one domain controller in the forest holds this role.

PDC emulator—Serves as a primary domain controller (PDC) for Windows NT 4.0 client computers authenticating to the domain and processes any changes to user properties on these clients, such as password changes. This server also acts as a time synchronization master to synchronize the time on the remaining domain controllers in the domain. One domain controller in each domain holds this role.

Infrastructure master—Updates references in its domain from objects such as domain group memberships to objects in other domains. This server processes any changes in objects in the forest received from global catalog servers and replicates these changes to other domain controllers in its domain. One domain controller in each domain holds this role.

RID master—Assigns security identifiers (SIDs) to objects created in its domain. A SID consists of a domain identifier common to all objects in its domain and a relative identifier (RID) that is unique to each object. This server ensures that no two objects have the same RID and hands out pools of RIDs to every domain controller in its domain. One domain controller in each domain holds this role.

No comments: