We always want to know about FSMO Roles in Active Directory and it’s a common question in the Interview – So you must know About the Operational Master Roles of Windows Server 2012. What you have in your mind?

Throw Out the Question the Comment Section below – Okay?

What is FSMO Roles in Active Directory?

I assume that You Know about Active Directory if not then you can refer the below short Description about Active Directory.

Active Directory is the central repository in which all objects in an enterprise and their respective attributes are stored. It is a hierarchical, multi-master enabled database, capable of storing millions of objects. Because it is multi-master, changes to the database can be processed at any given domain controller (DC) in the enterprise regardless of whether the DC is connected or disconnected from the network.

Ok Now you have noticed that we have discussed about an important point which is multi – master enabled.

Multi-Master Model

A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any Domain Controller in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, “the last writer wins”), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the “last writer wins” approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact.

For certain types of changes, Windows incorporates methods to prevent conflicting Active Directory updates from occurring.

Single-Master Model (FSMO Roles in Active Directory)

To prevent conflicting updates in Windows, the Active Directory performs updates to certain objects in a single-master fashion. In a single-master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 3.51 and 4.0), in which the PDC is responsible for processing all updates in a given domain.

Active Directory extends the single-master model found in earlier versions of Windows to include multiple roles, and the ability to transfer roles to any domain controller (DC) in the enterprise. Because an Active Directory role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows there are five FSMO roles:

  • Schema master
  • Domain naming master
  • RID master
  • PDC emulator
  • Infrastructure master

Ok Now we need to be more Specific on FSMO roles in Active Directory in Windows Server 2012 – If see the FSMO roles Functions are same as they were in Windows Server 2008 which just need to understand the exact things About FSMO Roles – Let’s Move On and See

The FSMO Roles

There are five FSMO roles, two per forest, and three in every Domain. A brief summary of the role is below.

 

Forest Wide Roles:

Schema Master

The schema is shared between every Tree and Domain in a forest and must be consistent between all objects. The schema master controls all updates and modifications to the schema.

Domain Naming

When a new Domain is added to a forest the name must be unique within the forest. The Domain naming master must be available when adding or removing a Domain in a forest.

Domain Wide Roles:

Relative ID (RID) Master

Allocates RIDs to DCs within a Domain. When an object such as a user, group or computer is created in AD it is given a SID. The SID consists of a Domain SID (which is the same for all SIDs created in the domain) and a RID which is unique to the Domain.

When moving objects between domains you must start the move on the DC which is the RID master of the domain that currently holds the object.

 

PDC Emulator

The PDC emulator acts as a Windows NT PDC for backwards compatibility, it can process updates to a BDC.

It is also responsible for time synchronizing within a domain.

It is also the password master (for want of a better term) for a domain. Any password change is replicated to the PDC emulator as soon as is practical. If a logon request fails due to a bad password the logon request is passed to the PDC emulator to check the password before rejecting the login request.

Infrastructure Master

The infrastructure master is responsible for updating references from objects in its domain to objects in other domains. The global catalogue is used to compare data as it receives regular updates for all objects in all domains.

 

Any change to user-group references are updated by the infrastructure master. For example if you rename or move a group member and the member is in a different domain from the group the group will temporarily appear not to contain that member.

Important Note:

Unless there is only one DC in a domain the Infrastructure role should not be on the DC that is hosting the global catalogue. If they are on the same server the infrastructure master will not function, it will never find data that is out of date and so will never replicate changes to other DCs in a domain.

If all DCs in a domain also host a global catalogue then it does not matter which DC has the infrastructure master role as all DCs will be up to date due to the global catalogue.

 

P.S: Share Your Comments and Queries and Also Let us know if you need Training in Windows Server 2012 – Contact Us for further Details Online / Offline Classes are available.

newsletter-aik

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates from our team.

You have Successfully Subscribed!