FSMO Roles

FSMO Roles Explained:

   Within Active Directory not all Domain Controllers are equal some have certain roles assigned to them, these roles need to be performed by a single Domain Controller. These roles are called the FSMO roles (Flexible Single Master Operations). There are 5 roles 2 of which are forest wide and the other 3 are domain wide roles.

The 5 roles are as follows:

Schema master (forest wide):

   The Schema Master controls all updates to the Schema within the forest.

Domain Naming Master (forest wide):

   The Domain Naming Master role is responsible for the creation and deletion of domains in the forest.

PDC Emulator (domain wide):

   The PDC emulator role provides backwards compatability for Windows NT backup domain controllers (BDCs), the PDC emulator advertises itself as the primary domain controller for the domain. It also acts as the domain master browser and maintains the latest password for all users within the domain.

Infrastructure Master (domain wide):

   The Infrastructure Manager role is responsible for updating references from objects within its domain with objects in other domains.

RID Master (domain wide):

   The RID Master manages the Security Identifier (SID) for every object within the domain.

Identify FSMO Roles: You can easily identify the servers that hold the FSMO Roles using this free tool. Doverstones' "FSMO Roles" application is a Freeware. You can download it here: http://www.dovestones.com/downloads/FSMORoles.msi

More Info on FSMO Roles: http://techgurulive.com/2008/09/27/the-5-fsmo-server-roles-of-windows-domain-environment/