SlideShare a Scribd company logo

Active Directory FSMO Roles in Windows Server

M
mrat hein kyaw

Studying FSMO Role (Flexible Single Master Operation Role)

Education
1 of 9
Download to read offline
Summary Applies to multiple products This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy. Active Directory is the central repository in which all objects in an enterprise and their respective attributes are stored. It is a hierarchical, multi-master enabled database, capable of storing millions of objects. Because it is multi-master, changes to the database can be Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 1 of 9 11/10/2017, 12:30 PM
More Information processed at any given domain controller (DC) in the enterprise regardless of whether the DC is connected or disconnected from the network. Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 2 of 9 11/10/2017, 12:30 PM
Multi-Master Model A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, "the last writer wins"), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the "last writer wins" approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact. For certain types of changes, Windows incorporates methods to prevent conflicting Active Directory updates from occurring. Single-Master Model To prevent conflicting updates in Windows, the Active Directory performs updates to certain objects in a single-master fashion. In a single- master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 3.51 and 4.0), in which the PDC is responsible for processing all updates Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 3 of 9 11/10/2017, 12:30 PM
in a given domain. Active Directory extends the single- master model found in earlier versions of Windows to include multiple roles, and the ability to transfer roles to any domain controller (DC) in the enterprise. Because an Active Directory role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows there are five FSMO roles: Schema master Domain naming master RID master PDC emulator Infrastructure master Schema Master FSMO Role The schema master FSMO role holder is the DC responsible for performing updates to the directory schema (that is, the schema naming context or LDAP://cn=schema,cn=configuration, dc=<domain>). This DC is the only one that can process updates to the directory schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. There is only one schema master per directory. Domain Naming Master FSMO Role The domain naming master FSMO role holder is the DC responsible for Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 4 of 9 11/10/2017, 12:30 PM
making changes to the forest-wide domain name space of the directory (that is, the PartitionsConfiguration naming context or LDAP://CN=Partitions, CN=Configuration, DC=<domain>). This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. RID Master FSMO Role The RID master FSMO role holder is the single DC responsible for processing RID Pool requests from all DCs within a given domain. It is also responsible for removing an object from its domain and putting it in another domain during an object move. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each Windows DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 5 of 9 11/10/2017, 12:30 PM
pool of the requesting DC. There is one RID master per domain in a directory. PDC Emulator FSMO Role The PDC emulator is necessary to synchronize time in an enterprise. Windows includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows- based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage. The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner. In a Windows domain, the PDC emulator role holder retains the following functions: Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator. Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 6 of 9 11/10/2017, 12:30 PM
reported to the user. Account lockout is processed on the PDC emulator. The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients. This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000. The PDC emulator still performs the other functions as described in a Windows 2000 environment. The following information describes the changes that occur during the upgrade process: Windows clients (workstations and member servers) and down-level clients that have installed the distributed services client package do not perform directory writes (such as password changes) preferentially at the DC that has advertised itself as the PDC; they use any DC for the domain. Once backup domain controllers (BDCs) in down-level domains are upgraded to Windows 2000, the PDC emulator receives no down- level replica requests. Windows clients (workstations and member servers) and down-level clients that have installed the distributed services Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 7 of 9 11/10/2017, 12:30 PM
client package use the Active Directory to locate network resources. They do not require the Windows NT Browser service. Infrastructure FSMO Role When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. NOTE: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross- domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role. When the Recycle Bin optional feature is enabled, every DC is responsible to Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 8 of 9 11/10/2017, 12:30 PM
update its cross-domain object references when the referenced object is moved, renamed, or deleted. In this case, there are no tasks associated with the Infrastructure FSMO role, and it is not important which domain controller owns the Infrastructure Master role. For more information, see 6.1.5.5 Infrastructure FSMO Role at http://msdn.microsoft.com/en- us/library/cc223753.aspx Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 9 of 9 11/10/2017, 12:30 PM

Recommended

32 Most Commonly Asked Windows Server Administrator Interview Questions (With...
32 Most Commonly Asked Windows Server Administrator Interview Questions (With...32 Most Commonly Asked Windows Server Administrator Interview Questions (With...
32 Most Commonly Asked Windows Server Administrator Interview Questions (With...Temok IT Services
 
I/O System and Case study
I/O System and Case studyI/O System and Case study
I/O System and Case studyLavanya G
 
Introduction to storage technologies
Introduction to storage technologiesIntroduction to storage technologies
Introduction to storage technologiesNuno Alves
 
Active directory domain administration tools
Active directory domain administration toolsActive directory domain administration tools
Active directory domain administration toolsImran Khan
 
70 271 Stu Chap03
70 271 Stu Chap0370 271 Stu Chap03
70 271 Stu Chap03Gene Carboni
 
Wk6a
Wk6aWk6a
Wk6adanielm
 
Windows server
Windows serverWindows server
Windows serverHideo Amezawa
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesRaja Waseem Akhtar
 

Recommended

32 Most Commonly Asked Windows Server Administrator Interview Questions (With...
32 Most Commonly Asked Windows Server Administrator Interview Questions (With...32 Most Commonly Asked Windows Server Administrator Interview Questions (With...
32 Most Commonly Asked Windows Server Administrator Interview Questions (With...Temok IT Services
 
I/O System and Case study
I/O System and Case studyI/O System and Case study
I/O System and Case studyLavanya G
 
Introduction to storage technologies
Introduction to storage technologiesIntroduction to storage technologies
Introduction to storage technologiesNuno Alves
 
Active directory domain administration tools
Active directory domain administration toolsActive directory domain administration tools
Active directory domain administration toolsImran Khan
 
70 271 Stu Chap03
70 271 Stu Chap0370 271 Stu Chap03
70 271 Stu Chap03Gene Carboni
 
Wk6a
Wk6aWk6a
Wk6adanielm
 
Windows server
Windows serverWindows server
Windows serverHideo Amezawa
 
Chapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesChapter02 Managing Hardware Devices
Chapter02 Managing Hardware DevicesRaja Waseem Akhtar
 
Xd planning guide - storage best practices
Xd planning guide - storage best practicesXd planning guide - storage best practices
Xd planning guide - storage best practicesNuno Alves
 
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2Amit Gatenyo
 
Windows Server 2003 Administration
Windows Server 2003 AdministrationWindows Server 2003 Administration
Windows Server 2003 AdministrationLearnItFirst.com
 
Mcts chapter 5
Mcts chapter 5Mcts chapter 5
Mcts chapter 5Sadegh Nakhjavani
 
DOS Operating System
DOS Operating SystemDOS Operating System
DOS Operating SystemAnjan Mahanta
 
Active directory job_interview_preparation_guide
Active directory job_interview_preparation_guideActive directory job_interview_preparation_guide
Active directory job_interview_preparation_guideabdulkalamattari
 
70 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 04100970 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 041009Coffeyville Community College
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Tuan Yang
 
2337610
23376102337610
2337610hantfhan
 
Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Tuan Yang
 
70 640 Lesson02 Ppt 041009
70 640 Lesson02 Ppt 04100970 640 Lesson02 Ppt 041009
70 640 Lesson02 Ppt 041009Coffeyville Community College
 
Clustering overview2
Clustering overview2Clustering overview2
Clustering overview2Vinod Hanumantharayappa
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentationwebhostingguy
 
70 640 Lesson03 Ppt 041009
70 640 Lesson03 Ppt 04100970 640 Lesson03 Ppt 041009
70 640 Lesson03 Ppt 041009Coffeyville Community College
 
70 640 Lesson04 Ppt 041009
70 640 Lesson04 Ppt 04100970 640 Lesson04 Ppt 041009
70 640 Lesson04 Ppt 041009Coffeyville Community College
 
Mcts chapter 6
Mcts chapter 6Mcts chapter 6
Mcts chapter 6Sadegh Nakhjavani
 
Fsmo roles
Fsmo rolesFsmo roles
Fsmo rolesChinmoy Jena
 
windows-active-directory-fsmo-roles
windows-active-directory-fsmo-roleswindows-active-directory-fsmo-roles
windows-active-directory-fsmo-rolesSanjay Pather
 
Active Directory
Active DirectoryActive Directory
Active DirectoryJessica Henderson
 
Windows server Interview question and answers
Windows server Interview question and answersWindows server Interview question and answers
Windows server Interview question and answersAvaility Fore Support Services pvt ltd
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 pptRaj Solanki
 
Active directory installation windows 2003 1
Active directory installation windows 2003 1Active directory installation windows 2003 1
Active directory installation windows 2003 1tameemyousaf
 

More Related Content

What's hot

Xd planning guide - storage best practices
Xd planning guide - storage best practicesXd planning guide - storage best practices
Xd planning guide - storage best practicesNuno Alves
 
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2Amit Gatenyo
 
Windows Server 2003 Administration
Windows Server 2003 AdministrationWindows Server 2003 Administration
Windows Server 2003 AdministrationLearnItFirst.com
 
DOS Operating System
DOS Operating SystemDOS Operating System
DOS Operating SystemAnjan Mahanta
 
Active directory job_interview_preparation_guide
Active directory job_interview_preparation_guideActive directory job_interview_preparation_guide
Active directory job_interview_preparation_guideabdulkalamattari
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Tuan Yang
 
Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Tuan Yang
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentationwebhostingguy
 

What's hot (16)

Xd planning guide - storage best practices
Xd planning guide - storage best practicesXd planning guide - storage best practices
Xd planning guide - storage best practices
 
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
Upgrading AD from Windows Server 2003 to Windows Server 2008 R2
 
Windows Server 2003 Administration
Windows Server 2003 AdministrationWindows Server 2003 Administration
Windows Server 2003 Administration
 
Mcts chapter 5
Mcts chapter 5Mcts chapter 5
Mcts chapter 5
 
DOS Operating System
DOS Operating SystemDOS Operating System
DOS Operating System
 
Active directory job_interview_preparation_guide
Active directory job_interview_preparation_guideActive directory job_interview_preparation_guide
Active directory job_interview_preparation_guide
 
70 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 04100970 640 Lesson01 Ppt 041009
70 640 Lesson01 Ppt 041009
 
Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)Understanding the Windows Server Administration Fundamentals (Part-1)
Understanding the Windows Server Administration Fundamentals (Part-1)
 
2337610
23376102337610
2337610
 
Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)Understanding the Windows Server Administration Fundamentals (Part-2)
Understanding the Windows Server Administration Fundamentals (Part-2)
 
70 640 Lesson02 Ppt 041009
70 640 Lesson02 Ppt 04100970 640 Lesson02 Ppt 041009
70 640 Lesson02 Ppt 041009
 
Clustering overview2
Clustering overview2Clustering overview2
Clustering overview2
 
PowerPoint Presentation
PowerPoint PresentationPowerPoint Presentation
PowerPoint Presentation
 
70 640 Lesson03 Ppt 041009
70 640 Lesson03 Ppt 04100970 640 Lesson03 Ppt 041009
70 640 Lesson03 Ppt 041009
 
70 640 Lesson04 Ppt 041009
70 640 Lesson04 Ppt 04100970 640 Lesson04 Ppt 041009
70 640 Lesson04 Ppt 041009
 
Mcts chapter 6
Mcts chapter 6Mcts chapter 6
Mcts chapter 6
 

Similar to Active Directory FSMO Roles in Windows Server

windows-active-directory-fsmo-roles
windows-active-directory-fsmo-roleswindows-active-directory-fsmo-roles
windows-active-directory-fsmo-rolesSanjay Pather
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 pptRaj Solanki
 
Active directory installation windows 2003 1
Active directory installation windows 2003 1Active directory installation windows 2003 1
Active directory installation windows 2003 1tameemyousaf
 
Ctive directory interview question and answers
Ctive directory interview question and answersCtive directory interview question and answers
Ctive directory interview question and answerssankar palla
 
29041329 interview-questions-for-server-2003
29041329 interview-questions-for-server-200329041329 interview-questions-for-server-2003
29041329 interview-questions-for-server-2003rafiq123
 
Operation Masters
Operation MastersOperation Masters
Operation MastersShilpi Goel
 
Windows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory ComponentsWindows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory ComponentsAndré Braga
 
PowerPoint PresentationThis section will include an online pre.docx
PowerPoint PresentationThis section will include an online pre.docxPowerPoint PresentationThis section will include an online pre.docx
PowerPoint PresentationThis section will include an online pre.docxChantellPantoja184
 
Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDSHarsh Sethi
 
IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET Journal
 
Server interview[1]
Server interview[1]Server interview[1]
Server interview[1]sourav nanda
 
XenDesktop 7 Blueprint
XenDesktop 7 BlueprintXenDesktop 7 Blueprint
XenDesktop 7 BlueprintNuno Alves
 
Top 10 Active Directory Interview Questions & Answers
Top 10 Active Directory Interview Questions & AnswersTop 10 Active Directory Interview Questions & Answers
Top 10 Active Directory Interview Questions & AnswersVignesh kumar
 
Active Directory Ii
Active Directory IiActive Directory Ii
Active Directory Iideshvikas
 
Active directory ii
Active directory iiActive directory ii
Active directory iideshvikas
 

Similar to Active Directory FSMO Roles in Windows Server (20)

Fsmo roles
Fsmo rolesFsmo roles
Fsmo roles
 
windows-active-directory-fsmo-roles
windows-active-directory-fsmo-roleswindows-active-directory-fsmo-roles
windows-active-directory-fsmo-roles
 
Active Directory
Active DirectoryActive Directory
Active Directory
 
Windows server Interview question and answers
Windows server Interview question and answersWindows server Interview question and answers
Windows server Interview question and answers
 
Server 2008 r2 ppt
Server 2008 r2 pptServer 2008 r2 ppt
Server 2008 r2 ppt
 
Active directory installation windows 2003 1
Active directory installation windows 2003 1Active directory installation windows 2003 1
Active directory installation windows 2003 1
 
Ctive directory interview question and answers
Ctive directory interview question and answersCtive directory interview question and answers
Ctive directory interview question and answers
 
29041329 interview-questions-for-server-2003
29041329 interview-questions-for-server-200329041329 interview-questions-for-server-2003
29041329 interview-questions-for-server-2003
 
Operation Masters
Operation MastersOperation Masters
Operation Masters
 
Windows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory ComponentsWindows Server 2008 - Active Directory Components
Windows Server 2008 - Active Directory Components
 
PowerPoint PresentationThis section will include an online pre.docx
PowerPoint PresentationThis section will include an online pre.docxPowerPoint PresentationThis section will include an online pre.docx
PowerPoint PresentationThis section will include an online pre.docx
 
Introduction_of_ADDS
Introduction_of_ADDSIntroduction_of_ADDS
Introduction_of_ADDS
 
Ad ds rodc
Ad ds rodcAd ds rodc
Ad ds rodc
 
IRJET- Research Paper on Active Directory
IRJET- Research Paper on Active DirectoryIRJET- Research Paper on Active Directory
IRJET- Research Paper on Active Directory
 
Server interview[1]
Server interview[1]Server interview[1]
Server interview[1]
 
XenDesktop 7 Blueprint
XenDesktop 7 BlueprintXenDesktop 7 Blueprint
XenDesktop 7 Blueprint
 
Top 10 Active Directory Interview Questions & Answers
Top 10 Active Directory Interview Questions & AnswersTop 10 Active Directory Interview Questions & Answers
Top 10 Active Directory Interview Questions & Answers
 
Active Directory Ii
Active Directory IiActive Directory Ii
Active Directory Ii
 
Active directory ii
Active directory iiActive directory ii
Active directory ii
 
Linking in MS-Dos System
Linking in MS-Dos SystemLinking in MS-Dos System
Linking in MS-Dos System
 

Recently uploaded

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...RKavithamani
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 

Recently uploaded (20)

Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
Privatization and Disinvestment - Meaning, Objectives, Advantages and Disadva...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 

Active Directory FSMO Roles in Windows Server

  • 1. Summary Applies to multiple products This article applies to Windows 2000. Support for Windows 2000 ends on July 13, 2010. The Windows 2000 End-of-Support Solution Center is a starting point for planning your migration strategy from Windows 2000. For more information see the Microsoft Support Lifecycle Policy. Active Directory is the central repository in which all objects in an enterprise and their respective attributes are stored. It is a hierarchical, multi-master enabled database, capable of storing millions of objects. Because it is multi-master, changes to the database can be Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 1 of 9 11/10/2017, 12:30 PM
  • 2. More Information processed at any given domain controller (DC) in the enterprise regardless of whether the DC is connected or disconnected from the network. Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 2 of 9 11/10/2017, 12:30 PM
  • 3. Multi-Master Model A multi-master enabled database, such as the Active Directory, provides the flexibility of allowing changes to occur at any DC in the enterprise, but it also introduces the possibility of conflicts that can potentially lead to problems once the data is replicated to the rest of the enterprise. One way Windows deals with conflicting updates is by having a conflict resolution algorithm handle discrepancies in values by resolving to the DC to which changes were written last (that is, "the last writer wins"), while discarding the changes in all other DCs. Although this resolution method may be acceptable in some cases, there are times when conflicts are just too difficult to resolve using the "last writer wins" approach. In such cases, it is best to prevent the conflict from occurring rather than to try to resolve it after the fact. For certain types of changes, Windows incorporates methods to prevent conflicting Active Directory updates from occurring. Single-Master Model To prevent conflicting updates in Windows, the Active Directory performs updates to certain objects in a single-master fashion. In a single- master model, only one DC in the entire directory is allowed to process updates. This is similar to the role given to a primary domain controller (PDC) in earlier versions of Windows (such as Microsoft Windows NT 3.51 and 4.0), in which the PDC is responsible for processing all updates Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 3 of 9 11/10/2017, 12:30 PM
  • 4. in a given domain. Active Directory extends the single- master model found in earlier versions of Windows to include multiple roles, and the ability to transfer roles to any domain controller (DC) in the enterprise. Because an Active Directory role is not bound to a single DC, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows there are five FSMO roles: Schema master Domain naming master RID master PDC emulator Infrastructure master Schema Master FSMO Role The schema master FSMO role holder is the DC responsible for performing updates to the directory schema (that is, the schema naming context or LDAP://cn=schema,cn=configuration, dc=<domain>). This DC is the only one that can process updates to the directory schema. Once the Schema update is complete, it is replicated from the schema master to all other DCs in the directory. There is only one schema master per directory. Domain Naming Master FSMO Role The domain naming master FSMO role holder is the DC responsible for Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 4 of 9 11/10/2017, 12:30 PM
  • 5. making changes to the forest-wide domain name space of the directory (that is, the PartitionsConfiguration naming context or LDAP://CN=Partitions, CN=Configuration, DC=<domain>). This DC is the only one that can add or remove a domain from the directory. It can also add or remove cross references to domains in external directories. RID Master FSMO Role The RID master FSMO role holder is the single DC responsible for processing RID Pool requests from all DCs within a given domain. It is also responsible for removing an object from its domain and putting it in another domain during an object move. When a DC creates a security principal object such as a user or group, it attaches a unique Security ID (SID) to the object. This SID consists of a domain SID (the same for all SIDs created in a domain), and a relative ID (RID) that is unique for each security principal SID created in a domain. Each Windows DC in a domain is allocated a pool of RIDs that it is allowed to assign to the security principals it creates. When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID master. The domain RID master responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 5 of 9 11/10/2017, 12:30 PM
  • 6. pool of the requesting DC. There is one RID master per domain in a directory. PDC Emulator FSMO Role The PDC emulator is necessary to synchronize time in an enterprise. Windows includes the W32Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows- based computers within an enterprise use a common time. The purpose of the time service is to ensure that the Windows Time service uses a hierarchical relationship that controls authority and does not permit loops to ensure appropriate common time usage. The PDC emulator of a domain is authoritative for the domain. The PDC emulator at the root of the forest becomes authoritative for the enterprise, and should be configured to gather the time from an external source. All PDC FSMO role holders follow the hierarchy of domains in the selection of their in-bound time partner. In a Windows domain, the PDC emulator role holder retains the following functions: Password changes performed by other DCs in the domain are replicated preferentially to the PDC emulator. Authentication failures that occur at a given DC in a domain because of an incorrect password are forwarded to the PDC emulator before a bad password failure message is Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 6 of 9 11/10/2017, 12:30 PM
  • 7. reported to the user. Account lockout is processed on the PDC emulator. The PDC emulator performs all of the functionality that a Microsoft Windows NT 4.0 Server-based PDC or earlier PDC performs for Windows NT 4.0-based or earlier clients. This part of the PDC emulator role becomes unnecessary when all workstations, member servers, and domain controllers that are running Windows NT 4.0 or earlier are all upgraded to Windows 2000. The PDC emulator still performs the other functions as described in a Windows 2000 environment. The following information describes the changes that occur during the upgrade process: Windows clients (workstations and member servers) and down-level clients that have installed the distributed services client package do not perform directory writes (such as password changes) preferentially at the DC that has advertised itself as the PDC; they use any DC for the domain. Once backup domain controllers (BDCs) in down-level domains are upgraded to Windows 2000, the PDC emulator receives no down- level replica requests. Windows clients (workstations and member servers) and down-level clients that have installed the distributed services Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 7 of 9 11/10/2017, 12:30 PM
  • 8. client package use the Active Directory to locate network resources. They do not require the Windows NT Browser service. Infrastructure FSMO Role When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object's SID and distinguished name in a cross-domain object reference. NOTE: The Infrastructure Master (IM) role should be held by a domain controller that is not a Global Catalog server(GC). If the Infrastructure Master runs on a Global Catalog server it will stop updating object information because it does not contain any references to objects that it does not hold. This is because a Global Catalog server holds a partial replica of every object in the forest. As a result, cross- domain object references in that domain will not be updated and a warning to that effect will be logged on that DC's event log. If all the domain controllers in a domain also host the global catalog, all the domain controllers have the current data, and it is not important which domain controller holds the infrastructure master role. When the Recycle Bin optional feature is enabled, every DC is responsible to Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 8 of 9 11/10/2017, 12:30 PM
  • 9. update its cross-domain object references when the referenced object is moved, renamed, or deleted. In this case, there are no tasks associated with the Infrastructure FSMO role, and it is not important which domain controller owns the Infrastructure Master role. For more information, see 6.1.5.5 Infrastructure FSMO Role at http://msdn.microsoft.com/en- us/library/cc223753.aspx Active Directory FSMO roles in Windows https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-r... 9 of 9 11/10/2017, 12:30 PM