Active Directory is based on a Single Master Operations Roles. These roles can be hosted on different Windows Domain Controllers or a single Domain Controller can also hold all the roles.
There are in-total 5 FSMO Roles. 2 are Forest-Wide Roles and 3 are Domain-Wide Roles.
i.e 2 roles are held by Domain Controller for entire Forest whereas Domain Roles are held by Domain Controllers in the Domain.
Forest Wide Roles:
Schema Master Role
Active Directory uses attributes to define various objects like Users and Computers. These attributes are used by various applications which depend on Active Directory like Exchange, Lync and many others. This role is responsible for updating any changes to the attributes to the Schema of the forest. These changes are irreversible and these changes are then replicated to other Domain Controllers in the Forest.
Domain Naming Master Role
This Role helps in validating the Domain Name Space in the Partitions container. This role helps in adding or removing a domain from the forest. It cross verifies a Domain name before adding it to the Forest. This role helps in writing in the Partitions container.
Domain Wide Roles:
PDC Emulator Operation Role
All the FSMO roles are equally important but PDC Emulator is considered to be the one which needs to be online and available at most times as it helps in Password sync and Time Synchronization within the Domain. This role helps in syncing the password for objects with it and replicates to the other Domain Controllers.
PDC Emulator also plays a vital role in Time Sync where there is Domain Hierarchy configuration is set. It syncs up with the external Time Source and other domain members syncs up with the PDC Emulator.
RID Master Role
This Role is responsible for providing SID Pools for the Domains which is needed for creating different AD objects like users and computers. This SID contains a Domain SID [which is common for all objects in the domain] plus RID [Relative ID] which is assigned to individual Objects
Infrastructure Master Role
The Infrastructure FSMO role owner is the DC responsible for updating a cross-domain object reference in the event that the referenced object is moved, renamed, or deleted. In this case, the Infrastructure Master role should be held by a domain controller that is not a GC server. If the Infrastructure Master runs on a GC server, it will not update object information, because it does not contain any references to objects that it does not hold. This is because a GC server holds a partial replica of every object in the forest. When an object in one domain is referenced by another object in another domain, it represents the reference as a dsname. If all the domain controllers in a domain also host the GC, then all the domain controllers have the current data, and it is not important which domain controller owns the Infrastructure Master (IM) role
0 comments: