X
Tech
Home Tech Hardware

Familiarize yourself with Active Directory's five FSMO roles

While Active Directory is a distributed system, some servers only carry out specific roles, known as Flexible Single Master Operations (FSMO) roles. Scott Lowe introduces you to these five roles, and tells you how to determine which servers hold which roles.
Written by Scott Lowe, Contributor
Last time, we discussed some key differences between Active Directory and the NT 4 domain model as it pertains to server roles.

In addition to these differences, it's also important to understand the various Flexible Single Master Operations (FSMO) roles in Active Directory that a domain controller can hold.

While Active Directory is a distributed system, some servers only carry out specific roles. If something happens to this server or you need a more substantial server to handle a particular role, you must know which servers are handling each role.

There are five FSMO roles:

  • PDC emulator (one per domain): This role allows Windows Server 2003 to act as a Windows NT primary domain controller (PDC), and it provides replication support for Windows NT-based backup domain controllers (BDCs). In addition, this role assists with time and group policy synchronization.
  • Infrastructure master (one per domain): This role is responsible for updating the group-to-user references whenever the members of groups change or receive new names.
  • Relative ID (RID) master (one per domain): This role ensures that every object created has a unique identification number.
  • Schema master (one per forest): This role is responsible for maintaining and modifying the Active Directory schema.
  • Domain naming master (one per forest): This role is responsible for the addition and deletion of domains in a forest.

How can you determine which servers hold these roles in an Active Directory forest? To find the PDC emulator, the infrastructure master, and the RID master, follow these steps:

  1. Go to Start | Administrative Tools | Active Directory Users And Computers.
  2. Right-click the domain, and select Operations Master.

The resulting three tabs will show you which server holds each respective role.

To find the schema master, follow these steps:

  1. Go to Start | Run.
  2. Enter regsvr32 schmmgmt.dll in the Open text box, and click OK.
  3. Go to Start | Run.
  4. Enter mmc in the Open text box, and click OK.
  5. Go to File | Add/Remove Snap-In, and click Add.
  6. Click Active Directory Schema, click Add, click Close, and click OK.
  7. Right-click Active Directory Schema, and select Operations Master from the shortcut menu.

To find the domain naming master, follow these steps:

  1. Go to Start | Administrative Tools | Active Directory Domains And Trusts.
  2. Right-click Active Directory Domains And Trusts, and select Operations Master from the list.

Each option features a Change button, which allows you to move the role to another domain controller.

Editorial standards
Show Comments

Related

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

Bose QuietComfort Ultra case

Why I travel with Bose's QuietComfort Ultra headphones instead of the Sony XM5