What are FSMO Roles?

List them Page 1 of 10

Advertise your Business Here

Browse | Placement Papers | Company | Code Snippets | Certifications | Visa Questions

Post Question | Post Answer | My Panel | Search | Articles | Topics | ERRORS new

Refer this Site Login | Sign Up

Did you received any Funny E-Mails from your Friends and like to share with rest of our friends? Yeah!! you can
post that stuff HERE

Search

Categories >> Software >> Operating Systems >> Windows >> Windows AllOther

Are You a Fresher? NIITEducation.com/99days/Jobs

Join IT Diploma Programs & Get Job-Ready in
99 Days. Apply Now!

Domain Name www.RobTex.com

Get tons of information about any domain name

QA/QC Executive Jobs MonsterIndia.com

Hot Requirement in Top MNCs Submit CV to
Apply Now

SDK Question What are FSMO Roles? List them

Interview Question Submitted By :: Rajarr
Questions I also faced this Question!! Answer Posted
Rank
By

Windows
Threads Re: What are FSMO Roles? List them
Interview Answer 4 Rajarr
Questions # 1 Flexible Single-Master Operation (FSMO) roles,manage an
aspect of the domain or forest, to prevent conflicts

Windows 1.Domain Naming Master, If you want to add a domain to a

General forest, the domain?s name must be verifiably unique. The
Interview forest?s Domain Naming Master FSMOs authorize the domain
Questions name operation.

2.Infrastructure Master, When a user and group are in

Windows different domains, a lag can exist between changes to the
AllOther user (e.g., a name change) and the user?s display in the
Interview group. The Infrastructure Master of the group?s domain fixes
Questions the group-to-user reference to reflect the change. The
Infrastructure Master performs its fixes locally and relies
on replication to bring all other replicas of the domain up
to date.

3.PDC Emulator,For backward compatibility, one DC in each

Win2K domain must emulate a PDC for the benefit of Windows

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 2 of 10

NT 4.0 and NT 3.5 DCs and clients.

4.RID Master,The RID Master must be available for you to use

the Microsoft Windows 2000 Resource Kit?s Movetree utility
to move objects between domains.

5.Schema Master,At the heart of Active Directory (AD) is the

schema, which is like a blueprint of all objects and
containers. Because the schema must be the same throughout
the forest, only one machine can authorize schema modifications.

Is This Answer Correct ? 77 Yes 20 No

Re: What are FSMO Roles? List them

Answer FSMO ROLES MEANS FLIXIBLE SINGAL MASTER OPREATION. MEANS 0 Shaikh Inam
# 2 ALL THESE MASTER ROLE CAN BE SHIFTT OR CHANGE.THER ARE FIVE
ROLES.WHEN U INSTALLED THE FIRST DOMAIN IN THE FOREST THEY
ALL FIVE ROLES ARE INSTALLED ON THAT, BUT DUE TO EVERY
ROLES HAS ITS OWN RESPONSIBLEITIES SO THAT THER IS A RISK
TO SLOWE DOWN THE SERVER IN ALL THAT FIVE ROLES FIRST TWO
ROLES ARE CALLED FOREST WIDE ROLES THAT ARE 1. SCHEMA
MASTER ROLE. 2. IS DOMAIN NAMING MASTER ROLE. THESE ROLES
SHOULD BE ON THE FIRST DOMAIN OF THE FOREST.

1.SCHEMA MASTER ROLE: THIS ROLES HAS ALL THE SCHEMA

INFORMATION OF THE FOREST.

2. DOMAIN NAMING MASTER: THIS ROLES HAS THE INFORMATION OF

ALL THE DOMAIN IN THE FOREST. SO WHEN U INSTALL THE NEW
DOMAIN IN THE FOREST SO THAT IT FIRST CONTECT TO THE DOMAIN
NAMING MASTER TO AVOID THE CONFILECTS.

ANOTHER THREE ROLES KNOWN AS DOMAIN WIDE ROLES. 3.PDC

EMULATOR. 4.RID MASTER. 5. INFRASTRUTURE MASTER.
THESE ROLES ARE FIND IN EVERY DOMAIN IN THE FOREST.

3.PDC EMULATOR ROLE : THIS IS RESPONSIBLE FOR THE

AUTHENTICATION OF THE NT 4 CLIENTS.

4.RID MASTER: THIS ROLES GIVE THE RID'S TO THE DOMAINS AND
RESPOSIBLE TIME SYNCORNISATION WITH THE DOMAIN IN THE
FOREST.

5. INFRSTRUTURE MASTER: THIS ROLE REPLICATE ALL THE

INFORMATIONTO GLOBAL CATLOG TO MANAGE OBJECT FOR INTER
DOMAIN INTEROPRABILITY.

Is This Answer Correct ? 59 Yes 15 No

Re: What are FSMO Roles? List them

Answer 5 Saurabh
# 3 For certain types of changes, Windows 2000/2003 Agarwal
incorporates methods to prevent conflicting Active
Directory updates from occurring.

Windows 2000/2003 Single-Master Model

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 3 of 10

To prevent conflicting updates in Windows 2000/2003, the

Active Directory performs updates to certain objects in a
single-master fashion.

In a single-master model, only one DC in the entire

directory is allowed to process updates. This is similar to
the role given to a primary domain controller (PDC) in
earlier versions of Windows (such as Microsoft Windows NT
4.0), in which the PDC is responsible for processing all
updates in a given domain.

In a forest, there are five FSMO roles that are assigned to

one or more domain controllers. The five FSMO roles are:

Schema Master:

The schema master domain controller controls all updates

and modifications to the schema. Once the Schema update is
complete, it is replicated from the schema master to all
other DCs in the directory. To update the schema of a
forest, you must have access to the schema master. There
can be only one schema master in the whole forest.

Domain naming master:

The domain naming master domain controller controls the

addition or removal of domains in the forest. This DC is
the only one that can add or remove a domain from the
directory. It can also add or remove cross references to
domains in external directories. There can be only one
domain naming master in the whole forest.

Infrastructure Master:

When an object in one domain is referenced by another

object in another domain, it represents the reference by
the GUID, the SID (for references to security principals),
and the DN of the object being referenced. The
infrastructure FSMO role holder is the DC responsible for
updating an object's SID and distinguished name in a cross-
domain object reference. At any one time, there can be only
one domain controller acting as the infrastructure master
in each domain.

Note: The Infrastructure Master (IM) role should be held by

a domain controller that is not a Global Catalog server
(GC). If the Infrastructure Master runs on a Global Catalog
server it will stop updating object information because it
does not contain any references to objects that it does not
hold. This is because a Global Catalog server holds a
partial replica of every object in the forest. As a result,
cross-domain object references in that domain will not be
updated and a warning to that effect will be logged on that
DC's event log. If all the domain controllers in a domain
also host the global catalog, all the domain controllers
have the current data, and it is not important which domain
controller holds the infrastructure master role.

Relative ID (RID) Master:

The RID master is responsible for processing RID pool

requests from all domain controllers in a particular
domain. When a DC creates a security principal object such
as a user or group, it attaches a unique Security ID (SID)
to the object. This SID consists of a domain SID (the same
for all SIDs created in a domain), and a relative ID (RID)
that is unique for each security principal SID created in a
domain. Each DC in a domain is allocated a pool of RIDs

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 4 of 10

that it is allowed to assign to the security principals it

creates. When a DC's allocated RID pool falls below a
threshold, that DC issues a request for additional RIDs to
the domain's RID master. The domain RID master responds to
the request by retrieving RIDs from the domain's
unallocated RID pool and assigns them to the pool of the
requesting DC. At any one time, there can be only one
domain controller acting as the RID master in the domain.

PDC Emulator:

The PDC emulator is necessary to synchronize time in an

enterprise. Windows 2000/2003 includes the W32Time (Windows
Time) time service that is required by the Kerberos
authentication protocol. All Windows 2000/2003-based
computers within an enterprise use a common time. The
purpose of the time service is to ensure that the Windows
Time service uses a hierarchical relationship that controls
authority and does not permit loops to ensure appropriate
common time usage.

The PDC emulator of a domain is authoritative for the

domain. The PDC emulator at the root of the forest becomes
authoritative for the enterprise, and should be configured
to gather the time from an external source. All PDC FSMO
role holders follow the hierarchy of domains in the
selection of their in-bound time partner.

In a Windows 2000/2003 domain, the PDC emulator role holder

retains the following functions:

Password changes performed by other DCs in the domain are

replicated preferentially to the PDC emulator.

Authentication failures that occur at a given DC in a

domain because of an incorrect password are forwarded to
the PDC emulator before a bad password failure message is
reported to the user.

Account lockout is processed on the PDC emulator.

Editing or creation of Group Policy Objects (GPO) is always

done from the GPO copy found in the PDC Emulator's SYSVOL
share, unless configured not to do so by the administrator.

The PDC emulator performs all of the functionality that a

Microsoft Windows NT 4.0 Server-based PDC or earlier PDC
performs for Windows NT 4.0-based or earlier clients.

This part of the PDC emulator role becomes unnecessary when

all workstations, member servers, and domain controllers
that are running Windows NT 4.0 or earlier are all upgraded
to Windows 2000/2003. The PDC emulator still performs the
other functions as described in a Windows 2000/2003
environment.

At any one time, there can be only one domain controller

acting as the PDC emulator master in each domain in the
forest.

Is This Answer Correct ? 26 Yes 1 No

Re: What are FSMO Roles? List them

Answer FSMO - Stands for Flexible Single Master Operation. 0 Pradeep
#4 Kumar

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 5 of 10

The purpose of this FSMO is to avoid the conflicts through

out the forest . Conflicts will be like domain names,
Objects, Fields ..etc.

Usually FSMO broadly divided into 5 Roles.

1. Schma Master Role

2. Domain Naming Master Role

3. RID - Relative Identifier.

4. PDC Emulator.
5. Infrastructure.

You can easily differentiate the first one and two will be
Forest wide and the rest 3,4 and 5 will be domain wide.

Schma Master :- Operations that involve expanding user

properties e.g. Exchange 2003 / forestprep which adds
mailbox properties to users. Rather like the Domain naming
master, changing the schema is a rare event. However if you
have a team of Schema Administrators all experimenting with
object properties, you would not want there to be a mistake
which crippled your forest. So its a case of Microsoft know
best, the Schema Master should be a Single Master Operation
and thus a FSMO role.

Domain Naming Master - Ensures that each child domain has a

unique name. How often do child domains get added to the
forest? Not very often I suggest, so the fact that this is
a FSMO does not impact on normal domain activity. My point
is it's worth the price to confine joining and leaving the
domain operations to one machine, and save the tiny risk of
getting duplicate names or orphaned domains.

# PDC Emulator - Most famous for backwards compatibility

with NT 4.0 BDC's. However, there are two other FSMO roles
which operate even in Windows 2003 Native Domains,
synchronizing the W32Time service and creating group
policies. I admit that it is confusing that these two jobs
have little to do with PDCs and BDCs.

RID Master - Each object must have a globally unique number

(GUID). The RID master makes sure each domain controller
issues unique numbers when you create objects such as users
or computers. For example DC one is given RIDs 1-4999 and
DC two is given RIDs 5000 - 9999.
Infrastructure Master - Responsible for checking objects in
other other domains. Universal group membership is the most
important example. To me, it seems as though the operating
system is paranoid that, a) You are a member of a Universal
Group in another domain and b) that group has been assigned
Deny permissions. So if the Infrastructure master could not
check your Universal Groups there could be a security breach.

Is This Answer Correct ? 27 Yes 3 No

Re: What are FSMO Roles? List them

Answer 1. Schma Master Role 0 P.
# 5 2. Domain Naming Master Role Vinodkumar

3. RID - Relative Identifier.

4. PDC Emulator.
5. Infrastructure

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 6 of 10

Is This Answer Correct ? 19 Yes 5 No

Re: What are FSMO Roles? List them

Answer fsmo roles 0 Venkatramana
#6 Madineni
fsmo:FLIXIBLE SINGLE MASTER OPERATION

FSMO is manage domain or forest to prevent conflicts.

or
fsmo means all these master role can be shift or change.

In fsmo they all five roles

1.schema master role
2.domain naming master roles
3.pdc emulator roles
4.rid master
5.infrastructure

First 2 roles are called forest wide roles.

other 3 roles are called domain wide roles.

Is This Answer Correct ? 27 Yes 2 No

Re: What are FSMO Roles? List them

Answer 0 Deepak Dev
What are the FSMO Roles in Active Directory?
#7
Windows 2000/2003 Multi-Master Model

A multi-master enabled database, such as the Active

Directory, provides the flexibility of allowing changes to
occur at any DC in the enterprise, but it also introduces
the possibility of conflicts that can potentially lead to
problems once the data is replicated to the rest of the
enterprise. One way Windows 2000/2003 deals with conflicting
updates is by having a conflict resolution algorithm handle
discrepancies in values by resolving to the DC to which
changes were written last (that is, "the last writer wins"),
while discarding the changes in all other DCs. Although this
resolution method may be acceptable in some cases, there are
times when conflicts are just too difficult to resolve using
the "last writer wins" approach. In such cases, it is best
to prevent the conflict from occurring rather than to try to
resolve it after the fact.

For certain types of changes, Windows 2000/2003 incorporates

methods to prevent conflicting Active Directory updates from
occurring.

Windows 2000/2003 Single-Master Model

To prevent conflicting updates in Windows 2000/2003, the

Active Directory performs updates to certain objects in a
single-master fashion.

In a single-master model, only one DC in the entire

directory is allowed to process updates. This is similar to
the role given to a primary domain controller (PDC) in
earlier versions of Windows (such as Microsoft Windows NT
4.0), in which the PDC is responsible for processing all
updates in a given domain.

In a forest, there are five FSMO roles that are assigned to

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 7 of 10

one or more domain controllers. The five FSMO roles are:

Schema Master:

The schema master domain controller controls all updates and

modifications to the schema. Once the Schema update is
complete, it is replicated from the schema master to all
other DCs in the directory. To update the schema of a
forest, you must have access to the schema master. There can
be only one schema master in the whole forest.

Domain naming master:

The domain naming master domain controller controls the

addition or removal of domains in the forest. This DC is the
only one that can add or remove a domain from the directory.
It can also add or remove cross references to domains in
external directories. There can be only one domain naming
master in the whole forest.

Infrastructure Master:

When an object in one domain is referenced by another object

in another domain, it represents the reference by the GUID,
the SID (for references to security principals), and the DN
of the object being referenced. The infrastructure FSMO role
holder is the DC responsible for updating an object's SID
and distinguished name in a cross-domain object reference.
At any one time, there can be only one domain controller
acting as the infrastructure master in each domain.

Note: The Infrastructure Master (IM) role should be held by

a domain controller that is not a Global Catalog server
(GC). If the Infrastructure Master runs on a Global Catalog
server it will stop updating object information because it
does not contain any references to objects that it does not
hold. This is because a Global Catalog server holds a
partial replica of every object in the forest. As a result,
cross-domain object references in that domain will not be
updated and a warning to that effect will be logged on that
DC's event log. If all the domain controllers in a domain
also host the global catalog, all the domain controllers
have the current data, and it is not important which domain
controller holds the infrastructure master role.

Relative ID (RID) Master:

The RID master is responsible for processing RID pool

requests from all domain controllers in a particular domain.
When a DC creates a security principal object such as a user
or group, it attaches a unique Security ID (SID) to the
object. This SID consists of a domain SID (the same for all
SIDs created in a domain), and a relative ID (RID) that is
unique for each security principal SID created in a domain.
Each DC in a domain is allocated a pool of RIDs that it is
allowed to assign to the security principals it creates.
When a DC's allocated RID pool falls below a threshold, that
DC issues a request for additional RIDs to the domain's RID
master. The domain RID master responds to the request by
retrieving RIDs from the domain's unallocated RID pool and
assigns them to the pool of the requesting DC. At any one
time, there can be only one domain controller acting as the
RID master in the domain.

PDC Emulator:

The PDC emulator is necessary to synchronize time in an

enterprise. Windows 2000/2003 includes the W32Time (Windows

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 8 of 10

Time) time service that is required by the Kerberos

authentication protocol. All Windows 2000/2003-based
computers within an enterprise use a common time. The
purpose of the time service is to ensure that the Windows
Time service uses a hierarchical relationship that controls
authority and does not permit loops to ensure appropriate
common time usage.

The PDC emulator of a domain is authoritative for the

domain. The PDC emulator at the root of the forest becomes
authoritative for the enterprise, and should be configured
to gather the time from an external source. All PDC FSMO
role holders follow the hierarchy of domains in the
selection of their in-bound time partner.

In a Windows 2000/2003 domain, the PDC emulator role holder

retains the following functions:

* Password changes performed by other DCs in the domain

are replicated preferentially to the PDC emulator.
* Authentication failures that occur at a given DC in a
domain because of an incorrect password are forwarded to the
PDC emulator before a bad password failure message is
reported to the user.
* Account lockout is processed on the PDC emulator.
* Editing or creation of Group Policy Objects (GPO) is
always done from the GPO copy found in the PDC Emulator's
SYSVOL share, unless configured not to do so by the
administrator.
* The PDC emulator performs all of the functionality
that a Microsoft Windows NT 4.0 Server-based PDC or earlier
PDC performs for Windows NT 4.0-based or earlier clients.

This part of the PDC emulator role becomes unnecessary when

all workstations, member servers, and domain controllers
that are running Windows NT 4.0 or earlier are all upgraded
to Windows 2000/2003. The PDC emulator still performs the
other functions as described in a Windows 2000/2003 environment.

At any one time, there can be only one domain controller

acting as the PDC emulator master in each domain in the forest.

Is This Answer Correct ? 7 Yes 1 No

Re: What are FSMO Roles? List them

Answer fsmo means all these master role can be shift or change. 0 Upendra
#8 Kumar

In fsmo they all five roles

1.schema master role
2.domain naming master roles
3.pdc emulator roles
4.rid master
5.infrastructure

First 2 roles are called forest wide roles.

other 3 roles are called domain wide roles

Is This Answer Correct ? 7 Yes 0 No

Re: What are FSMO Roles? List them

Answer 0 Deepak Kotian
FSMO, sometimes pronounced "fizz-mo") roles are also known
#9
as operations master roles. Although the AD domain

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 9 of 10

controllers operate in a multi-master model, i.e. updates

can occur in multiple places at once, there are several
roles that are necessarily single instance:

1) Schema Master: 1 per forest: Controls and handles

updates/modifications to the Active Directory schema.

2) Domain Naming Master: 1 per forest: Controls the addition

and removal of domains from the forest if present in root
domain.

3) PDC Emulator: 1 per domain: Provides backwards

compatibility for NT4 clients for PDC operations (like
password changes). The PDCs also run domain specific
processes such as the Security Descriptor Propagator
(SDPROP), and is the master time server within the domain.
It also handles external trusts, the DFS consistency check,
holds the most current passwords and manages all GPOs as
default server.

4) RID Master: 1 per domain: Allocates pools of unique

identifier to domain controllers for use when creating objects.

5)Infrastructure Master: 1 per domain/partition:

Synchronizes cross-domain group membership changes. The
infrastructure master cannot run on a global catalog server
(GCS)(unless all DCs are also GCs.)

Is This Answer Correct ? 5 Yes 1 No

Other Windows AllOther Interview Questions

Question Asked @ Answers

What is IUnknown and what are its three parts? Microsoft 1

What is the DHCP role? TCS 8
there are 2 network printers,i have given print to one of the networkprinter,due
to some reason it's not print,and it's stored in printque but now i want to change Genpact 4
printque to another printer without deleting printque,
what do U mean by event driven ? Honeywell 1
what is the difference between dual core and core 2 duo? Wipro 4
what does find command do ? Cadence 3
Name few functions that create Kernel Objects? 1
What are the disadvantages of circular logging? 1

I AM MR SAGAR HAVING SUN SOLARIS 10, I AM NOT ABLE TO

BROWSE THE INTERNET... I AM NOT HAVING NETWORK DRIVER
WHICH SUPPORT SUN SOLARIS 10. I AM HAVING RTL 8111B GB
LAN .BUT I AM HAVING RT8111B GB LAN DRIVERS WHICH 2
SUPPORT XP,VISTA,UNIX,LINUX ...BUT IT NOT SUPPORTING FOR
SUN SOLARIS 10 ...PLEASE GIVE A DETAILS FOR HAVING DRIVER
AND HOW TO ACTIVATE THE NETWORK TO BROWSE THE

http://www.allinterview.com/showanswers/8638.html 3/19/2011
What are FSMO Roles? List them Page 10 of 10

INTERNET THROUGH SUN SOLARIS 10 THROUGH MOZILLA FIRE

FOX .
What is signaled and non signaled state? 1
in a multiprogramming and time-sharing environment,several user share the
system simultaneously. this situation can result in various security problems
ABC 3
a.discuss two such problems b.how can we ensure the same degree of security
in a time-share machine as in a dedicated machine?
What is the purpose of Process Handle Table? 1

For more Windows AllOther Interview Questions Click Here

Copyright Policy | Terms of Service | Help | Site Map 1 | Articles | Site Map | Site Map | Contact
Us |

Copyright © 2009 ALLInterview.com. All Rights Reserved.

ALLInterview.com :: Forum9.com :: KalAajKal.com

http://www.allinterview.com/showanswers/8638.html 3/19/2011