FSMO roles are classified into 2 types:
- Forest wide roles
- Domain wide roles
Forest Wide Roles
- The schema master DC controls all the updates, modifications to the schema.
- Once the schema update is complete, it is replicated to all other DCs from the schema master.
- There is only one schema master in the whole forest.
E.g. System administrator can modify AD schema by adding custom field like. Driving License, Favourite color etc.
- Domain master controls the addition and removal of the domains in the forest.
- It can also add or remove cross references to domain in external directories
- The main purpose of Domain Naming Master is to keep track of all the domains within an AD forest.
Domain Wide Roles
- RID stands for Relative ID. It is responsible for allotting sequence of Relative IDs (RID pool) to each of the DC in the domain.
- When a DC creats a user or group or any computer objects a unique SID (Security ID) is assigned to an objects.
This SID contains 2 elements:
- SID – which is unique for all the SIDs created in domain
- RID – which is unique for each SID
- PDC emulator is responsible for synchronizing the time in the organization on all user computers in the domain. All windows based system uses a common time.
- In order to ensure consistency, password changes, from the client computers must be replicated and updated to all DCs through the domain.
- All Windows base OS supports Kerberos V5 authentication protocol.
Tasks such as updating references from objects in its domain to objects in other domains are under the purview of infrastructure master role.