FSMO Roles, otherwise known as Flexible Single Master Operation Roles are the mechanism by which a Domain Controllers carry out their operations. Domain Controller is the Server on which the Active Directory Service is installed, thus, it perform the task of identity management as well as ensuring security of objects, and also determine access to resources in our domain. Why is it necessary to understanding these roles?

The bulk of your job as MCITP Server Administrator/ Enterprise Administrator depends on your knowledge of these roles. Most times many companies experience unnecessary downtime relating to logon, accessing network resources, etc. Why? The Network Administrators do not understand how to leverage of the power of FSMO Roles.

FSMO roles are distinct 5 Roles which are categorized into two levels, namely;
  1. Forest Level
    1. Domain Naming Master: The mechanism that helps domain to ensure there is no duplication of Domain Name in the forest.
    2. Schema Master: This is the skeletal of Active Directory. All objects have same attributes because of the Schema master, though certain applications can change the Schema Structure of a forest. Example of such applications is Exchange Server.

  2. Domain Level

3 Infrastructure Master: It does the cross domain references of security group’s membership. 4 RID Master: This is the handler of Security Identifier (SID). Every user account has a unique SID. 5 PDC Emulator: Act as Password authority, synchronized GPOs, Master Browser, etc. By default, the first Domain Controller in the Forest has all these roles on it, but this is not safe, and it’s not the best practice.

So, what should you do? Split the Roles across two or more DCs. When you are considering an upgrade, you must Transfer the necessary role to another DC. What should you do, if for example the DC that hosts the PDC emulator caught fire without the role transferred? The solution is to seize the Roles on it, because it’s offline. How? I really can’t cover this in this forum, because it’s not about theory, but Hands-On. Join our next batch of MCITP and Private Cloud Computing Class.


Venue: 12 Unity Road, Ikeja, Lagos.

Adekugbe David
(mcse,mcsa,mcdba,mcts,mcitp,mcsa-private cloud, itil)