There are 5 types of FSMO roles that each serve specific purposes in Active Directory: the Schema Master updates the directory schema; the Domain Naming Master manages domain names; the RID Master assigns SIDs to new objects; the PDC Emulator synchronizes time and processes password changes; and the Infrastructure Master updates object references across domains. These roles can be seized by another domain controller if the current owner becomes permanently unavailable using the Ntdsutil tool.

1. FSMO Roles
Submitted by:
Chinmoy Jena

2. Stands for Flexible Single Master Operation
There are 5 types of FSMO roles :
 Schema master
Forest Wide role
 Domain Naming master
 RID master
 PDC emulator Domain Wide Role
 Infrastructure master

3.  The schema master FSMO role holder is the DC responsible for performing
updates to the directory schema .
 This DC is the only one that can process updates to the directory schema.
 Once the Schema update is complete, it is replicated from the schema master
to all other DCs in the directory.
 There is only one schema master per forest.

4.  The domain naming master FSMO role holder is the DC responsible for
making changes to the forest-wide domain name space of the directory.
 This DC is the only one that can add or remove a domain from the directory.
 It can also add or remove cross references to domains in external directories.

5.  The RID master FSMO role holder is the single DC responsible for processing
RID Pool requests from all DCs within a given domain.
 It is also responsible for removing an object from its domain and putting it in
another domain during an object move.
 It attaches a unique Security ID (SID) to the object. and a relative ID (RID) that
is unique for each security principal SID created in a domain.
 Each Windows DC in a domain is allocated a pool of RIDs that it is allowed to
assign to the security principals it creates. When a DC's allocated RID pool
falls below a threshold, that DC issues a request for additional RIDs to the
domain's RID master.
 There is one RID master per domain in a forest.

6.  The PDC emulator is necessary to synchronize time in an enterprise.
 Responsible for Password changes performed by other DCs in the domain .
 Account lockout is processed on the PDC emulator.

7.  When an object in one domain is referenced by another object in another
domain, it represents the reference by the GUID
 The infrastructure FSMO role holder is the DC responsible for updating an
object's SID and distinguished name in a cross-domain object reference.
 The Infrastructure Master (IM) role should be held by a domain controller that
is not a Global Catalog server(GC).
 If the Infrastructure Master runs on a Global Catalog server it will stop updating
object information because it does not contain any references to objects that it
does not hold.

8.  Schema master Active Directory Schema
 Domain Naming master Active Directory Domain and trust
 RID master
 PDC emulator Active Directory Users and computer
 Infrastructure master

9.  If a DC that holds FSMO roles becomes permanently unavailable, then we can
seize the roles to another domain controller.
 Seize is done when DC becomes permanently unavailable.
 Ntdsutil is the tool used to seize the FSMO roles
FSMO Role Administrator must be a member of
Schema Schema Admins
Domain Naming
Enterprise Admins
RID
Domain AdminsPDC Emulator
Infrastructure