5 Active Directory FSMO Roles in Windows Server

In this article, we are going to learn 5 Active Directory FSMO Roles in Windows Server. Flexible Single Master Operations, or just single master operation or operations master, is a feature of Microsoft’s Active Directory. As of 2005, the term FSMO has been deprecated in favour of operations masters. FSMO is a specialized domain controller (DC) set of tasks, used where standard data transfer and update methods are inadequate. AD normally relies on multiple peer DCs, each with a copy of the AD database, being synchronized by multi-master replication. The tasks which are not suited to multi-master replication and are viable only with a single-master database are the FSMOs.

5 Active Directory FSMO Roles in Windows Server
5 Active Directory FSMO Roles in Windows Server

What are the FSMO Roles?

Multi-Master Model:-

Multiple multi-master enabled databases such as Active Directory provide the flexibility to make changes to any of the DCs of the enterprise, but it also includes the possibility of conflicts that may occur once the data is replicated to the rest of the copy. The solution is to resolve a conflict of windows with conflicting updates by resolving the DCs by discarding the changes to all other DCs. Although this resolution method may be acceptable in some cases, it is sometimes difficult to resolve conflicts using the “last author wins” approach. In such cases, it is better to prevent conflicts from occurring than to try to resolve them after the fact. For certain types of changes, Windows has included methods to prevent controversial Active Directory updates from occurring.

Single-Master Model:-

To prevent controversial updates in Windows, Active Directory updates specific items in a single-master fashion. In the single-master model, only one DC update is allowed to be processed throughout the directory. In earlier versions of Windows (such as Microsoft Windows NT 3.51 and 4.0) the role assigned to the primary domain controller (PDC) is the same, in which the PDC is responsible for processing all updates to a given domain. Active Directory has expanded the ability to transfer multiple roles to single-master models found in earlier versions of Windows and to any domain controller (DC) in the enterprise to include multiple roles. Direct The role of the directory is not bound to a single DC, hence it is referred to as a Flexible Single Master Operation (FSMO) role. There are currently five FSMO roles in Windows:

  1. Schema master
  2. Domain naming master
  3. RID master
  4. PDC emulator
  5. Infrastructure master

The following commands can be used to identify FSMO role owners. Command Prompt:

C:\Users\Administrator>netdom query fsmo
Schema master               DC1.msdhulap.com
Domain naming master        DC1.msdhulap.com
PDC                         DC1.msdhulap.com
RID pool manager            DC1.msdhulap.com
Infrastructure master       DC1.msdhulap.com
The command completed successfully.

PowerShell:-

(Get-ADForest).Domains | `
ForEach-Object{ Get-ADDomainController -Server $_ -Filter {OperationMasterRoles -like "*"}} | `
Select-Object Domain, HostName, OperationMasterRoles

Follow the below Article for 5 Active Directory FSMO Roles in Windows Server:

Schema Master FSMO Role:-

The schema master FSMO role holder is the DC responsible for performing updates to the directory schema. This DC is the only one that can process updates on the directory schema. Once the schema update is complete it will be rebuilt from the schema master to all other DCs in the directory. There is only one schema master per directory.

Now to open the Schema Master FSMO Role just type the command regsvr32 schmmgmt.dll on the RUN window. Refer to the command below.

regsvr32 schmmgmt.dll
5 Active Directory FSMO Roles in Windows Server
regsvr32 schmmgmt.dll

You should receive a message that registration succeeded.

5 Active Directory FSMO Roles in Windows Server
regsvr32 schmmgmt.dll registration succeeded

Now you should be able to add the snap-in using these steps:

  1. Hold the Windows Key and press “R” to bring up the Run box.
  2. Type “MMC“, then press “Enter“. The Microsoft Management Console opens.
  3. Select “File” > “Add/Remove Snap-In“.
  4. lect “Active Directory Schema“, then select “Add“.
  5. Select “OK“.
5 Active Directory FSMO Roles in Windows Server
Active Directory Schema

Now you’ll be able to access the snap-in through the MMC Console. This option is available when you right click the Active Directory Schema folder and open Operation Master.

5 Active Directory FSMO Roles in Windows Server
Open Active Directory Schema

As you can see above we have successfully opened the Schema Master FSMO Role. To confirm the same reference to the below snap and check the same.

5 Active Directory FSMO Roles in Windows Server
Schema Master FSMO Role

Domain Naming Master FSMO Role:

The DC is responsible for making changes to the Forest-wide domain namespace of the domain naming master FSMO role holder directory (that is, partitions \ configuration naming contexts or LDAP: // cn = partitions, cn = configuration, dc = <domain>). This DC is the only one that can add or remove domains from the directory. It can add or remove cross-references to domains in external directories.

  1. Open Active Directory Domains and Trusts
  2. Right-click Active Directory Domains and Trusts, and select Operations Master from the context menu.
  3. You’ll see the name of the machine that holds the domain name operations Flexible Single-Master Operation (FSMO) role, as the Screen shows.
5 Active Directory FSMO Roles in Windows Server
Domain Naming Master FSMO Role

RID Master FSMO Role:-

The RID Master FSMO Roll Holder is a single DC that is responsible for processing all DC to RID pool requests within a given domain. It is also responsible for removing an object from its domain and placing it in another domain during the object’s move.

  1. Open Active Directory Users and Computers
  2. Right-click Active Directory Users and Computers, and select Operations Master from the context menu.
  3. You’ll see the name of the machine that holds the RID Master FSMO Role, as the Screen shows.
5 Active Directory FSMO Roles in Windows Server
RID Master FSMO Role

PDC Emulator FSMO Role:-

A PDC emulator is required to synchronize time across the enterprise. Windows includes the W32 Time (Windows Time) time service that is required by the Kerberos authentication protocol. All Windows-based computers in the enterprise use normal time. The purpose of the time service is to use a hierarchical relationship of the Windows time service that governs rights and does not allow looping to ensure proper normal time usage.

  1. Open Active Directory Users and Computers
  2. Right-click Active Directory Users and Computers, and select Operations Master from the context menu.
  3. You’ll see the name of the machine that holds the PDC Emulator FSMO Role as the Screen shows.
5 Active Directory FSMO Roles in Windows Server
PDC Emulator FSMO Role

Infrastructure FSMO Role:-

When an object in one domain is referenced by another object in another domain, it refers to the GID, SID (in relation to security principals) and the DN of the object. Infrastructure FSMO role holders are the DC responsible for updating the object’s SID and specific name in a cross-domain object context.

  1. Open Active Directory Users and Computers
  2. Right-click Active Directory Users and Computers, and select Operations Master from the context menu.
  3. You’ll see the name of the machine that holds the Infrastructure FSMO Role as the Screen shows.
5 Active Directory FSMO Roles in Windows Server
Infrastructure FSMO Role

Also Read – How to Installing and Configuring Active directory in windows server 2016

That’s all, In this article, we have explained 5 Active Directory FSMO Roles in Windows Server. I hope you enjoy this article. If you like this article, then just share it. If you have any questions about this article, please comment.

Share this:
WhatsApp Channel Join Now
Telegram Channel Join Now
Instagram Channel Join Now

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.