There are five FSMO roles, two per forest, three in every Domain. The RID, PDC emulator and Infrastructure master roles can be viewed and transferred from . FSMO roles prevent conflicts in an Active Directory and provide the flexibility to handle different operations within the Active Directory. IT administrators have been working with and around Active Directory since the introduction of the technology in Windows Server.

Active Directory has five special roles which are vital for the smooth running of AD as a multimaster system.

Some functions of AD require there is an authoritative master to which all Domain Controllers can refer to. These roles are installed automatically and there fssmo normally very little reason to move them, however if you de-commission a DC and DCPROMO fails to run correctly or have a catastrophic failure of a DC you will need to know about these roles to recover or fwmo them to another DC.

The forest wide roles must appear once per forest, the domain wide roles must appear once per domain. A brief summary of the role is below. The schema is shared between every Tree and Domain in a forest and must be consistent between all rulex.

The fso master controls all updates and modifications to the schema. When a new Domain is added to a forest the name must be unique within the forest.

The Domain naming master must be available when adding or removing a Domain in a forest. When moving objects between domains you must start the move on the DC which is the RID master of the domain that currently holds the object. It is also the password master for want of a better term for a domain. Any password change is replicated to the PDC emulator as soon as is practical. If a logon request fails due to a bad password the logon request is passed to the PDC emulator to check the password before rejecting the login request.

The infrastructure master is fsjo for updating references from objects in its domain to objects in other domains. The global catalogue is used to compare data as it receives regular updates for all objects in all domains.

Any change to user-group references are updated by the infrastructure master. For example if you rename or move a group member and the member is in a different eules from the group the group will temporarily appear not csmo contain that member.

Unless there is only one DC in a domain the Infrastructure role should not be on the DC that is hosting the global catalogue. If they are on the same server the infrastructure master will not function, it will never find data that is out of date and so will never replicate changes to other DCs in a domain. If all DCs in a domain also host a global catalogue then it does not matter which DC has the infrastructure master role as all DCs will be up to date due to the global catalogue.

To view the schema you must first register the schema master dll with Windows. To do this enter the following in the RUN dialog of the start menu. Some of the operations master roles are essential for AD functionality, others can be unavailable for a ryles before their absence will be noticed.


Normally it is not the failure of the fssmo, but rather the failure of the DC eules which the role is running. If a DC fails which is a role holder you can seize the role on another DC, but you should always try and transfer the role rulees. Before seizing a role you need to asses the duration of the outage of the DC which is holding the role.

If it is likely to be a short outage due to a temporary power or network issue then you would probably want to wait rather than seize the role. In most cases the loss of the schema master will not affect network users and only affect Admins fsmi modifications to the schema are required.

What Are the 5 FSMO Roles in Active Directory

You should however only seize this role when the failure of the existing holder is considered permanent. Temporary loss of this role holder will not be noticeable to network users.

Domain Admins will only notice the loss if they try and add or remove a domain in the forest. Network users will notice the loss of the PDC emulator. If the DC with this role fails you may need to immediately seize this role. Administrators will not notice the role loss unless they are or have recently moved or renamed large numbers of accounts.

If you are required to seize the role do not seize it to a DC which is a global catalogue server unless all DCs are global catalogue servers.

FSMO Roles – In detail

