Hello Friends,
Here are the FSMO roles (Forest wide and Domain wide)
Operations Master Roles
When a change is made to a domain, the change is replicated across all of the domain controllers in the domain. Some changes, such as those made to the schema, are replicated across all of the domains in the forest. This replication is called multimaster replication.
During multimaster replication, a replication conflict can occur if originating updates are performed concurrently on the same object attribute on two domain controllers. To avoid replication conflicts, Active Directory uses single master replication, which designates one domain controller as the only domain controller on which certain directory changes can be made. This way, changes cannot occur at different places in the network at the same time. Active Directory uses single master replication for important changes, such as the addition of a new domain or a change to the forest-wide schema.
Operations that use single-master replication are arranged together in specific roles in a forest or domain. These roles are called operations master roles. For each operations master role, only the domain controller that holds that role can make the associated directory changes. The domain controller that is responsible for a particular role is called an operations master for that role. Active Directory stores information about which domain controller holds a specific role.
Forest-wide Roles
Forest-wide roles are unique to a forest, forest-wide roles are:
● Schema master Controls all updates to the schema. The schema contains the master list of object classes and attributes that are used to create all Active Directory objects, such as users, computers, and printers.
● Domain naming master Controls the addition or removal of domains in the forest. When you add a new domain to the forest, only the domain controller that holds the domain naming master role can add the new domain.
There is only one schema master and one domain naming master in the entire forest.
Domain-wide Roles
Domain-wide roles are unique to each domain in a forest, the domain-wide roles are: 2
● Primary domain controller emulator (PDC) Acts as a Windows NT PDC to support any backup domain controllers (BDCs) running Microsoft Windows® NT within a mixed-mode domain. This type of domain has domain controllers that run Windows NT 4.0. The PDC emulator is the first domain controller that you create in a new domain.
● Relative identifier master (RID) When a new object is created, the domain controller creates a new security principal that represents the object and assigns the object a unique security identifier (SID). This SID consists of a domain SID, which is the same for all security principals created in the domain, and a RID, which is unique for each security principal created in the domain. The RID master allocates blocks of RIDs to each domain controller in the domain. The domain controller then assigns a RID to objects that are created from its allocated block of RIDs.
● Infrastructure master when objects are moved from one domain to another, the infrastructure master updates object references in its domain that point to the object in the other domain. The object reference contains the object’s globally unique identifier (GUID), distinguished name, and a SID. Active Directory periodically updates the distinguished name and the SID on the object reference to reflect changes made to the actual object, such as moves within and between domains and the deletion of the object.
Thank you!
No comments:
Post a Comment