Operation Masters Roles In Active Directory

Single operation roles, operation master role, operation token and Flexible single master operation (FSMO) are alike terms.

There are five FSMO roles are as follow:

  • Domain Naming Role
  • Schema Master Role
  • Infrastructure Master Role
  • RID Master Role
  • PDC Emulator

Domain Naming Operation Master Role in Active Directory:

This is a forest level FSMO that limit duplicate name of domain controller, if you enter the duplicate name during domain installation it will notify you that name already exist and change this name in order to continue the installation.

For example if I create a domain with name w7cloud.com on my network, and next day another administrator from my network install a domain with same name in same forest then this is a problem. Domain naming roles is responsible for limiting duplication naming of domains in same forest.

Schema Master Role In Active Directory:

Schema is used in active directory for storing different active directory objects. For example when you open a user from any OU in active directory, you have general tab, address tab, profile tab etc. all these are provide us with schema master role.

How to access Schema in Active Dorectory:

First you need to register the schema role. For this you need to run the command prompt as “run as administrator” by right clicking on it, and type and run the command “regsvr32  schmmgmt.dll ”.

It will show the message “DllRegisterServer in schmmgmt.dll succeeded”

Schema master role in AD

Now open the MMC by typing “mmc” in command prompt, click on add/remove snap-in and add the active directory schema. Now you will find there active directory schema and can explore all the objects of active directory.

Add Schema in MMC by snap-in

 Hide Schema in active directory

Infrastructure Master Role in Active Directory:

The purpose of this role is keep cross domain references straight when it come to user accounts from one domain being located inside of security group in a different domain.

RID Master Role in Active Directory:

In Active Directory whenever we create a new object for example when we create a user a unique ID has assigned to it by RID Master. This relate to SID, type whoami /user

SID in Active Directory

Above command is showing a user and a number which is known as SID this is unique number and no domain in world have same this number. RID Master is responsible for moving an object from one DC to other DC during an interdomain object shifting. RID Master role provide RIDs and SIDs to Domain Controller and increment whenever a new object is created. You can verify this increment by running this command is command prompt.

 Dcdiag /test:ridmanager /v

RID display in active directory

Here you can see the RID pool. 1101 to 1600 whenever we create a user this number is incremented.

 

PDC (Primary Domain Controller) Emulator in Active Directory:

  • PDC have the password authority, it have all the updates regarding password. Suppose you have a domain controller and PDC in your network, whenever user modify its password it is communicate to PDC via DC and in this case if DC is down or replaced by new DC user still able to login on domain because of PDC emulator.
  • GPO: PDC emulator is also central updated location network, all the modification are made in GPO is communicated and replicated to PDC.
  • Domain Master Browser:  When you click on network icon in my computer or from start menu, and if you enabled the network sharing you will see the all PCs, server and other devices there. This is because of Domain Master Browser which is providing you all systems in single browser.
  • Master Time Source: PDC emulator is responsible for updating and synchronizing time on all servers and other work-stations.

 

Leave a Comment