What Are the 5 FSMO Roles in Active Directory

IT administrators have been working with and around Active Directory since the introduction of the technology in Windows 2000 Server. Windows 2000 Server was released on February 17, 2000 but many administrators began working with Active Directory in late 1999 when it was released to manufacturing (RTM) on December 15, 1999.

What Are the 5 FSMO Roles in Active Directory?

5 fsmo roles

The operations master roles, also known as flexible single master operations (FSMO) roles, perform specific tasks within a domain. The five FSMO roles are:

  • Schema Master
  • Domain naming Master
  • Infrastructure Master
  • Relative ID (RID) Master
  • PDC Emulator

In every forest, there is a single Schema and Domain naming Master which are discussed in the Forest section of the tutorial.

In each domain, there is 1 Infrastructure Master, 1 RID Master, and 1 PDC Emulator. At any given time, there can only be one DC performing the functions of each role.

Therefore, a single DC could be running all five FSMO roles, however, there can be no more than five servers in a single-domain environment that run the roles.

For additional domains, each domain will contain its own Infrastructure Master, RID Master, and PDC Emulator.

The RID Master provisions RIDs to each DC in a domain.

New objects in a domain, such as a user or computer object, receive a unique security identifier (SID). The SID includes a domain identifier, which is unique to each domain, and a specific RID for each object. Combining the two ensures that every object in the domain has a unique identifier, but contains both the domain SID and the RID.

The PDC Emulator controls authentication within a domain, whether Kerberos v5 or NTLM. When a user changes their password, the change is processed by the PDC Emulator.

Finally, the Infrastructure Master synchronizes objects with the global catalog servers.

The infrastructure Master will compare its data to a global catalog server’s data and receive the data not found in its database from the global catalog server. If all DCs in a domain are also global catalog servers, then all DCs will have up-to-date information, assuming that replication is functional. In such a scenario, the location of the Infrastructure Master role is irrelevant since it doesn’t have any real work to do.

More information about Active Directory basisc you will find in our AD tutorial for begginners.

Expert in Microsoft infrastructure and cloud-based solutions built around Windows, Active Directory, Azure, Microsoft Exchange, System Center, virtualization, and MDOP. In addition to authoring books, Brian writes training content, white papers, and is a technical reviewer on a large number of books and publications.