Thursday, August 7, 2014

FSMO Roles

FSMO (Flexible Single Master Operations)

Their are basically two types of Master Roles:


  • Forest Wide Roles
  • Domain Wide Roles

Forest Roles:

1. Schema Master Role:  Schema Master role is responsible for any change in Schema. Schema change and Schema update is possible if this role is running. By default we cannot see this role. We need to register Schema Master first to use same.

Command to register Schema Master - regsvr32 schmmgmt.dll.

After this command go to Run - MMC - Add/Remove Snap - Active Directory Schema.

Now u can able to edit Schema.

2. Domain Naming Master: Domain Naming Master role is responsible for any update or change in domain names. When we create new Domains, this role should be their for creation of new Domains.


Domain Wide Roles:

1. RID Master Role (Relative Identifier): This role is responsible for generating SID (Security Identifiers). It provides sets of 500 SIDS to Domain Controller.

To check SID of user - Go to Run and Command Prompt and type Command

C:\> whoami /User (Username)

2. PDC Emulerator: This Role has multiple functions to do. It works as Central Time Synchronization server for Active Directory. Other Servers will look forward to this server for time update.

It works as Primary Domain Controller for any NT base domain.

It works as Password repository for Active Directory. Whenever we change password for any object that get updated to PDC. 

3. Infrastructure Master Role: This role is responsible for Group Membership chnage for any User, any Domain Membership change of user or any update related to infrastructure.

Note: We Should not have Global Catalog Server and Infrastructure Master Role on same Domain Controller.