There are five FSMO roles:Schema Master
Domain Naming Master
- Function: Manages changes and updates to the Active Directory schema. The schema defines the structure and attributes of objects in the directory.
- Location: There is only one Schema Master in the entire forest.
Relative ID (RID) Master
- Function: Controls the addition or removal of domains in a forest.
- Location: There is only one Domain Naming Master in the entire forest.
Primary Domain Controller (PDC) Emulator
- Function: Allocates unique RIDs to each domain controller to ensure that each security principal (user, group, computer) has a globally unique identifier.
- Location: There is one RID Master per domain.
- Function: Provides backward compatibility for older Windows NT-based systems. It also serves as the authoritative time server for the domain.
- Location: There is one PDC Emulator per domain.
- Function: Maintains references to objects in other domains. It ensures that cross-domain object references are kept up-to-date.
- Location: There is one Infrastructure Master per domain.
It's important to note the following considerations:
- Single Domain Environment: In a single domain environment, all FSMO roles are held by a single domain controller, and it's typically not necessary to move or transfer these roles.
- Multi-Domain Environment:
- Single Forest, Multiple Domains: In this scenario, each domain has its own set of FSMO roles. The roles are usually distributed among different domain controllers.
- Multiple Forests: If you have multiple forests, each forest has its own set of FSMO roles, including Schema Master and Domain Naming Master. However, the other three roles (RID Master, PDC Emulator, Infrastructure Master) exist within each domain.
Properly managing FSMO roles is crucial for the stability and functionality of an Active Directory environment. They ensure that essential operations are performed correctly and efficiently.