Managing Operations Master Roles
Operations master roles are also known as flexible single master operations or FSMO. Here, the term flexible refers to the fact that, an administrator can choose which domain controller will perform each restricted single master operation.
There are five different types of FSMOs, of which two are forest-wide and three are domain-wide.
Forest-Wide vs. Domain-Wide FSMOs
(i) Schema Master Role (Forest-Wide)
The Schema Master is the only domain controller that can make changes to the schema. When we as an administrator use an application to change the schema, we don’t necessarily need to sit down at the schema master to run this application, nor do we need to know which computer is functioning as the schema master.
Because the schema is identical throughout the forest, there can be only one schema master in the entire forest.
(ii) Domain Naming Master (Forest-Wide)
The domain naming master is the only domain controller that can add or remove domains to or from the forest.
The primary reason for isolating these tasks is to ensure that when a domain is created, its name should be unique within the forest.
(iii) Relative ID master (Domain-Wide)
The Relative ID master (sometimes called the RID master) is the domain controller in the domain that assigns a range of relative IDs to each domain controllers in the domain for use in creating SIDs(security identifiers).
Because of this assignment, the potential for domain controllers duplicate SIDs is eliminated. There can be only one relative ID master in each domain in a forest.
(iv) PDC Emulator Role (Domain-Wide)
The PDC Emulator is the domain controller that acts like a Windows NT PDC (primary domain controller) for Windows NT computers, whenever the active directory works in a mixed mode.
Here, mixed mode refers to the situation, where the Active Directory is configured to interact with computers that don’t have Windows 2000 Directory Service client software.
(v) Infrastructure Master (Domain-Wide)
The Infrastructure Master is the domain controller in the domain that updates the group membership information when groups members (who are users from other domains) are renamed or moved.
There can be only one infrastructure master in each domain in a forest.
No comments:
Post a Comment