FSMO Roles¶
Where there is more than one domain controller in the enterprise directory, there are roles that can be delegated to controllers that are responsible for getting some work done in both domain and forest environments. These are called FSMO (Flexible Single Master Operation). Some of these roles operate at the domain level and some at the forest level. There are seven FSMO roles with different tasks in the enterprise directory.
Role Name |
Level |
|---|---|
PDC Emulator |
Domain |
RID Master |
Domain |
Schema Master |
Forest |
Domain Naming Master |
Forest |
Infrastructure Master |
Domain |
Domain DNS Zone Master Role |
Domain |
Forest DNS Zone Master Role |
Forest |
Note
PDC Emulator: Takes on tasks such as password changes in domain, account lockouts, time settings, group policy changes.
RID Master: Each object in the domain has a unique number. This is called SID (Security Identifier). This SID consists of the domain SID and a unique ID, RID (Relative IDs). The RID Master is responsible for processing RID requests from controllers in the domain. In addition, the RID Master’s duties include dropping or moving objects from the domain.
Schema Master: It is responsible for the structure in which the data in the enterprise directory is located and organized. Schema update can only be done on this domain controller.
Domain Naming Master: The role is responsible for adding/removing a new tree to the forest.
Infrastructure Master: Maintains reference information and SID and DN of objects across domains at forest level. Also responsible for renaming objects and cross-domain changes.
Domain DNS Zone Master Role: This role is responsible for adding or deleting domain controller DNS servers and integrated zones on domain controllers.
Forest DNS Zone Master Role: The role is responsible for adding/deleting forest-wide Global Catalog (GC) records on DNS servers.
After seeing the active operation of the SambaBox system on the main screen (Administration Panel), proceed to the stage of taking the roles on the current running enterprise directory. You can request roles on the screen under Directory Management > FSMO Roles.
If the previous role owner is not in the enterprise directory, it is possible to forcibly take the roles onto the SambaBox with the [Seize] button. Forcibly take over a role from an online domain controller can cause more problems in the enterprise directory. If the former role owner is online, the role can be transferred to the SambaBox with the [Transfer] button. Transfer process works unilaterally.