What are FSMO Roles? List them
Answer Posted / pradeep kumar
FSMO - Stands for Flexible Single Master Operation.
The purpose of this FSMO is to avoid the conflicts through
out the forest . Conflicts will be like domain names,
Objects, Fields ..etc.
Usually FSMO broadly divided into 5 Roles.
1. Schma Master Role
2. Domain Naming Master Role
3. RID - Relative Identifier.
4. PDC Emulator.
5. Infrastructure.
You can easily differentiate the first one and two will be
Forest wide and the rest 3,4 and 5 will be domain wide.
Schma Master :- Operations that involve expanding user
properties e.g. Exchange 2003 / forestprep which adds
mailbox properties to users. Rather like the Domain naming
master, changing the schema is a rare event. However if you
have a team of Schema Administrators all experimenting with
object properties, you would not want there to be a mistake
which crippled your forest. So its a case of Microsoft know
best, the Schema Master should be a Single Master Operation
and thus a FSMO role.
Domain Naming Master - Ensures that each child domain has a
unique name. How often do child domains get added to the
forest? Not very often I suggest, so the fact that this is
a FSMO does not impact on normal domain activity. My point
is it's worth the price to confine joining and leaving the
domain operations to one machine, and save the tiny risk of
getting duplicate names or orphaned domains.
# PDC Emulator - Most famous for backwards compatibility
with NT 4.0 BDC's. However, there are two other FSMO roles
which operate even in Windows 2003 Native Domains,
synchronizing the W32Time service and creating group
policies. I admit that it is confusing that these two jobs
have little to do with PDCs and BDCs.
RID Master - Each object must have a globally unique number
(GUID). The RID master makes sure each domain controller
issues unique numbers when you create objects such as users
or computers. For example DC one is given RIDs 1-4999 and
DC two is given RIDs 5000 - 9999.
Infrastructure Master - Responsible for checking objects in
other other domains. Universal group membership is the most
important example. To me, it seems as though the operating
system is paranoid that, a) You are a member of a Universal
Group in another domain and b) that group has been assigned
Deny permissions. So if the Infrastructure master could not
check your Universal Groups there could be a security breach.
Is This Answer Correct ? | 32 Yes | 7 No |
Post New Answer View All Answers
How do I repair a corrupted exe file?
How do I view the blue screen log?
What is wer folder?
What is downloading from the internet?
How do I fix inaccessible boot device?
What is the full form of WindowsNT ?
Why deleted files can be recovered?
Does disk cleanup delete files?
How much faster is a ssd than a hdd?
What do you mean by a file path?
How do I open markup files in windows?
What does diff mean in slang?
How do you fix an incorrect parameter?
Where is the quick access toolbar?
Can you get a virus from a png file?