What is FSMO (Flexible Single Master Operations) Roles. Importance of FSMO Roles
What is FSMO Roles? One of the favorite interview question that is being asked in almost all the interviews. Some of my friends have asked the same question to me. In this blog I am explaining all the FSMO roles and their function. This would be high level information, feel free to contact me if additional information is required.
FSMO is Flexible Single Master Operations Role. In total we have five roles defined. First Domain Controller in a forest has all the five roles on it. Depending on our environment roles can be transferred to another Domain Controller. I’ll explain transfer of roles in another post.
Distributions of roles are given below:
1. Forest Wide Roles
b. Domain Naming Master
2. Domain Wide Roles
a. Primary Domain Controller (PDC) Role
b. Relative Identifier (RID) Role
c. Infrastructure Role
Every role is important, let’s evaluate their importance and function.
Schema Master Role
Schema Master Role is a forest wide role. A forest can have only one Schema master role. It contains information of all the classes and attributes of a forest. It is not advisable to modify schema until unless it’s essential. This role is required while making any changes in Schema.
Domain Naming Master
Domain Naming Master is essential while adding a new Domain in the forest or while removing a domain from the Forest. Domain Controller that has Domain Naming Master role should be online while performing addition or domain or while performing removal of domain.
Some people tend to get confused with the difference of Domain and Domain Controller, it is required while adding or removing domain and not while promoting or demoting a Domain Controller.
PDC (Primary Domain Controller)
As specified earlier, all the roles are important but PDC is a core and most important role for any domain. Domain Controller that has PDC role should be available 24x7x365.
PDC is used to sync time between Domain Controllers and between Domain Controllers and other Computers.
It is used to keep track of wrong password entered by user. It piles up count of wrong password. In addition to that, it also receives an update of user and computer password changed on another Domain Controller.
RID is a unique ID that is assigned to the objects created. Domain Controller that has RID Master role distributes pool of RIDs to all other Domain Controllers. Domain Controller will not renew RID pool if RID Pool Master Domain Controller is not available.
Infrastructure Master Role is responsible for updating group membership updates and other references of objects from one domain to another domain. It is required for multi domain environment and not for single domain environment.
It is not recommended to have Global Catalogue and Infrastructure role on the same Domain Controller in Multi Domain Controller, which is an exception if all the Domain Controllers are Global Catalogue. Global Catalogue has partial information of all the objects of other domain therefore it does not allow updates of cross domain.