FSMO Roles

FSMO Roles

The acronym for Flexible Single Master Operations is FSMO.

Suppose that the organization set more domain controllers. Each found a copy of the Active Directory database copies are synchronized with each other via a data synchronization method of multi-master, in which data is stored in the group, and domain controllers where each controller can update this information. So, I repeat, this is way more main servers or in English Multi-Master Mode. The last entry in the DC base is one that is taken into account in checking the authenticity of the record – time is essential.

Operations which do not correspond to the description above, are thus so-called Single-Master Operation, which means that certain operations only supported on a single server, since data are essential for the operation of data infrastructure AD.

These operations are queried using the below-mentioned applications.

1. Master scheme

There can be only one scheme in the entire tree. The scheme is a component that defines all the objects and attributes to which the services “directory” or access control scheme and to store data. The illustration below shows an example of the building partially database AD or information about the data that will be stored in it.

Picture 1 – Building a data scheme of Active Directory

2. Domain Naming Master

Also in this case there is only one instance in the whole tree. In this capacity, they add or delete the domain, if they are present in the root part of the domain.

3. PDC emulator

There may be one in your domain and provides compatibility to communicate with older clients, such as changing passwords. This place specific security processes, acting as razmno┼żevalec descriptions and safety is the main time server in the domain. It has set up external authentic connections with other infrastructures tree or External Trusts.

Keep all current passwords and manage all group policy GPO. In this role are stored all traces of user passwords, for example, if the user has entered the wrong password, via the PDC emulator saves the data to the user at a specific time forgot and entered the wrong password.

4. RID Master

The domain found only one server that has this role. It specifies the area for disposing of unique identification keys that need domain controllers for use in the creation of AD objects. RID is the unique identification that is assigned to each object in AD, when it is created.

5. Infrastructure Master

One instance in the domain or. Partition cross-domain synchronizes changes in the membership of the group. It is not recommended that this application is running, where the main catalog, except in cases when the main catalog wherever and domain is only one.