Back2Basics, Windows

[B2B] Active Directory FSMO Roles

In this Back2Basics posts we look at Active Directory Flexible Single Master Operations (FSMO) Roles one has to be aware of when implementing new Active Directory installations:

Role Functions
Schema Master
  • Performs updates to the AD schema such as ADPREP /FORESTPREP, Microsoft Exchange and other applicaitons that must modify the AD schema
  • Must be online when schema updates are performed
  • Generally placed on the forest root PDC
Domain Naming Master
  • Adds and removes domains and application partitions from the Active Directory forest
  • Must be online when domains and application partitions in a forest are added or removed
  • Generally placed on the forest root PDC
PDC Emulator
  • Manages password changes for computers and user accounts on replica domain controllers
  • Consulted by replica DCs where service authentication requests have mismatched passwords
  • Target DC for Group Policy updates
  • Target DC for legacy applications that perform writeable operations and for some admin tools
  • Must be online and accessible at all times
  • Generally placed on high-performance redundant hardware alongside other DCs
RID Master
  • Allocates active and standby Relative IDs (RID) pools to replica DCs in the same domain
  • Must be online for newly-promoted DCs to obtain a local RID pool or when existing DCs must update their current or standby RID pool allocation
  • Generally placed on the forest root PDC
Infrastructure Master
  • Updates cross-domain references and phantoms/tombstones from the Global Catalog
  • A separate infrastructure master is created for each application partition including the default forest-wide and domain-wide application partitions

Leave a Comment

Your email address will not be published. Required fields are marked *