What is FSMO (Flexible Single Master Operations) Roles.

Importance of FSMO Roles

What is FSMO Roles? One of the favorite interview question that is being asked
in almost all the interviews. Some of my friends have asked the same question
to me. In this blog I am explaining all the FSMO roles and their function. This
would be high level information, feel free to contact me if additional information
is required.
FSMO is Flexible Single Master Operations Role. In total we have five roles
defined. First Domain Controller in a forest has all the five roles on it. Depending
on our environment roles can be transferred to another Domain Controller. Ill
explain transfer of roles in another post.
Distributions of roles are given below:
1.

2.

Forest Wide Roles

a.

Schema Master Role

b.

Domain Naming Master

Domain Wide Roles

a.

Primary Domain Controller (PDC) Role

b.

Relative Identifier (RID) Role

c.

Infrastructure Role

Importance of Roles
Every role is important, lets evaluate their importance and function.
Schema Master Role
Schema Master Role is a forest wide role. A forest can have only one Schema
master role. It contains information of all the classes and attributes of a forest. It
is not advisable to modify schema until unless its essential. This role is required
while making any changes in Schema.
Domain Naming Master

Domain Naming Master is essential while adding a new Domain in the forest or
while removing a domain from the Forest. Domain Controller that has Domain
Naming Master role should be online while performing addition or domain or
while performing removal of domain.
Some people tend to get confused with the difference of Domain and Domain
Controller, it is required while adding or removing domain and not while
promoting or demoting a Domain Controller.
PDC (Primary Domain Controller)
As specified earlier, all the roles are important but PDC is a core and most
important role for any domain. Domain Controller that has PDC role should be
available 24x7x365.
PDC is used to sync time between Domain Controllers and between Domain
Controllers and other Computers.
It is used to keep track of wrong password entered by user. It piles up count of
wrong password. In addition to that, it also receives an update of user and
computer password changed on another Domain Controller.
Relative Identifier
RID is a unique ID that is assigned to the objects created. Domain Controller that
has RID Master role distributes pool of RIDs to all other Domain Controllers.
Domain Controller will not renew RID pool if RID Pool Master Domain Controller is
not available.
Infrastructure Role
Infrastructure Master Role is responsible for updating group membership
updates and other references of objects from one domain to another domain. It
is required for multi domain environment and not for single domain
environment.

It is not recommended to have Global Catalogue and Infrastructure role on the

same Domain Controller in Multi Domain Controller, which is an exception if all
the Domain Controllers are Global Catalogue. Global Catalogue has partial
information of all the objects of other domain therefore it does not allow updates
of cross domain.