10/20/2014 FSMO Roles (Flexible Single Master Operations) | Server Management 24x7 !

ABOUT US IT OPERATIONS SERVER MANAGEMENT TECHNICAL SUPPORT WEB SERVICES CLOUD SOLUTIONS  2  1

      Search

Home » Windows Servers » FSMO Roles (Flexible Single Master Operations)

SERVER MANAGEMENT SOLUTIONS

FSMO Roles (Flexible Single Master Operations)
 April 9, 2012  by: jdavid  in: Windows Servers  No Comment
Click To Google Search !
Follow 40 people are following Juno David Antony K. Be the first of your friends. Send
Like Be the first of your friends to like this.

What is FSMO Roles?(Flexible Single Master Operations)

There are times when you may need to change the Domain Controller which holds one of the 5 FSMO roles. Either you could be facing a
disaster recovery, where you have lost the first Windows 2003 Domain Controller, or you are organized and want to get the most out of your
Active Directory Forest. Although you rarely need to deal with Microsoft’s FSMO, there is the feeling that knowledge of these Operation
Masters gives you power over your Windows 2003 Servers.

Background of Operations Masters

For most Active Directory operations, Windows 2003 uses the multiple master model. The benefit is you can add a computer, or change a
user’s password on any domain controller. For example, if you have three domain controllers, you can physically create a new computer
account in the NTDS.dit database on any of the three. Within five minutes (15 seconds in Windows 2003), the new computer object will be
replicated to the other two domain controllers.

Technically, the Microsoft multiple master model uses a change notification mechanism. Occasionally problems arise if two administrators
perform duplicate operations before the next replication cycle. For example, you created an OU called Accounts last week, today at the same
instant you create new users in that OU, another administrator on another DC, deletes that OU. Active Directory does it’s best to obey both
administrators. It deletes the OU and creates the Users, but as it cannot create the Users in the OU because it was deleted, the result is the
users are added to the orphaned objects in the ‘LostAndFound’ folder. You can troubleshoot what has happed by locating the ‘LostAndFound’
folder in Active Directory Users and Computers.

http://servermanagement24x7.com/fsmo-roles-flexible-single-master-operations.html 1/8
10/20/2014 FSMO Roles (Flexible Single Master Operations) | Server Management 24x7 !

From the View Menu in Active Directory Users and Computer, Find us on Facebook
click: Advanced Features.
Server Management 24x7
Like
It was worth investigating how Active Directory handles orphaned objects because the point of FSMO is that a few operations are so critical
that only one domain controller can carry out that process. Imagine what would happen if two administrators tried to make different changes
Server Management 24x7
to the same schema object – chaos. That is why administrators can only change the schema on one Domain Controller. Emulating a PDC is the
via Red Hat - APAC
most famous example of such a Single Master Operation; creating a new child domain would be another example.
October 26, 2013

The Five FSMO Roles

There are just five operations where the usual multiple master model breaks down, and the Active Directory task must only be carried out on
one Domain Controller. FSMO roles:

1. PDC Emulator - Most famous for backwards compatibility with NT 4.0 BDC’s. However, there are two other FSMO roles which operate even
in Windows 2003 Native Domains, synchronizing the W32Time service and creating group policies. I admit that it is confusing that these two
jobs have little to do with PDCs and BDCs.

2. RID Master – Each object must have a globally unique number (GUID). The RID master makes sure each domain controller issues unique
Red Hat partners
numbers when you create objects such as users or computers. For example DC one is given RIDs 1-4999 and DC two is given RIDs 5000 – Singapore govt to push
9999. open source data analytics
3. Infrastructure Master – Responsible for checking objects in other other domains. Universal group membership is the most important
| ZDNet
example. To me, it seems as though the operating system is paranoid that, a) You are a member of a Universal Group in another domain and
2,733 people like Server Management 24x7.
b) that group has been assigned Deny permissions. So if the Infrastructure master could not check your Universal Groups there could be a
security breach.
4. Domain Naming Master – Ensures that each child domain has a unique name. How often do child domains get added to the forest? Not
very often I suggest, so the fact that this is a FSMO does not impact on normal domain activity. My point is it’s worth the price to confine
joining and leaving the domain operations to one machine, and save the tiny risk of getting duplicate names or orphaned domains.
5. Schema Master – Operations that involve expanding user properties e.g. Exchange 2003 / forestprep which adds mailbox properties to
users. Rather like the Domain naming master, changing the schema is a rare event. However if you have a team of Schema Administrators all
experimenting with object properties, you would not want there to be a mistake which crippled your forest. So its a case of Microsoft know
best, the Schema Master should be a Single Master Operation and thus a FSMO role. Facebook social plugin

How many FSMO Domain controllers in your Forest?

Three of the FSMO roles (1. 2. and 3.) are held in each domain, whilst two (4. 5.) are unique to the entire forest. Thus, if you have three
domains there will be 3 PDC emulators, but only 1 Schema Master.
Juno David Ant…
Checking which DC holds which FSMO role
Follow
RID, PDC, Infrastructure (1. 2. and 3.)
You can discover which server holds the Operation Master by opening Active Directory Users and Computers, Right click your Domain and
select Properties, Operations Masters.
Server Manageme…
Domain Naming Master (4.)
Follow +1
To see the Domain Naming Master (4.), navigate to the little used, Active Directory Domains and Trusts, Right click your Domain and select
+ 27
Properties, Operations Masters.

Schema Master (5.)

http://servermanagement24x7.com/fsmo-roles-flexible-single-master-operations.html 2/8
10/20/2014 FSMO Roles (Flexible Single Master Operations) | Server Management 24x7 !

The Schema Master (5.) is the most difficult FSMO to find. The reason is the Schema snap-in is hidden by SUBSCRIBE TO OUR NEWSLETTER
default. Perhaps is this is Microsoft saying – don’t mess with the object definitions. However, you can
reveal the Schema and its FSMO settings thus: Email *

1) Register the Schema Snap with this command, RUN regsvr32 schmmgmt.dll

2) Run MMC, File menu, Add\Remove Snap-in, click the Add

button and select, Subscribe!
Active Directory Schema

3) Select Active Directory Schema, Right Click, Operations

Master.
Windows Server
Administration Interview
ShareThis Questions
Link to this post!
 In: Application Support, Interview Questions, Windows
8, Windows Servers 1
Windows admin interview questions Describe how
<a href="http://servermanagement24x7.com/fsmo-roles-flexible-single-master-operations.html">FSMO Roles (Flexible Single Master Operations)</a>
the DHCP lease is obtained. It’s a four-step process
consisting of (a) IP request, (b) IP offer, © IP selection
Like Be the first of your friends to like this. Send
and (d) acknowledgement. I can’t seem to access the
Follow 40 people are following Juno David Antony K. Be the first of your friends.
Internet, don’t have any access to the corporate
Like network and on ipconfig my address is 169.254.*.*.
Related Posts:
What happened? […]
You Might Also Like
1. Transferring FSMO Roles
Cloudstack Video Tutorials | Server
2. The Global Catalog Server Management 24x7 ! Linux and Unix System
5 people
3. Step by Step Domain Controller Configuration on a Windows 2003 Server like !this.
box
Administration Interview
4. How to configure a DNS server on Windows !
5. Step By Step Guide How to Install IIS 6.0 in Win Server 2003
List of companies that provide server
management
Questions
One person likes this.  In: Generic Solutions, Interview Questions, IT Security,
6. Installing Exchange Server 2010 (Beta) through command-line…
Linux, Mail Servers, Remote Monitoring, Server
7. Assigning Multiple IP Address in Vista/XP/2000/2003 Home
One person likes this. Management, Server Security, System Administration,
8. Exchange Server – Implementing Custom Recipient Policies
Technical Support 9
Chat
9. Changing the Display Order in the Exchange 2000 Address Listwith us Linux and Unix System Administration Interview

« Older Article Next Article » Questions 1) What is GRUB GNU GRUB is a

Multiboot boot loader. It was derived from GRUB, the
GRand Unified Bootloader, which was originally
      designed and implemented by Erich Stefan Boleyn.
Briefly, a boot loader is the first software program
that runs when a computer starts. It is […]

HyperV General access denied

error
http://servermanagement24x7.com/fsmo-roles-flexible-single-master-operations.html 3/8