Flexible Single Master Operation (FSMO)

To prevent conflicting updates in Windows, Active Directory performs updates to certain objects in a single-master fashion. In a single-master model, only one DC in the entire directory is allowed to process updates, it is referred to as a Flexible Single Master Operation (FSMO) role. Currently in Windows there are five FSMO roles:

Schema master: responsible for performing updates to the directory schema (that is, the schema naming context or LDAP://cn=schema,cn=configuration,dc=<domain>).

Domain naming master: responsible for making changes to the forest-wide domain name space of the directory (that is, the Partitions\Configuration naming context or LDAP://CN=Partitions, CN=Configuration, DC=<domain>).

RID master: each DC is assigned a pool of RIDs from the global RID pool by the domain controller that holds the RID master role. The RID master (also known as the RID pool manager, RID manager, or RID operations master) is responsible for issuing a unique RID pool to each domain controller in its domain.

Each security principals (Users, computers, and groups) is assigned a unique alphanumeric string called a SID. The SID includes a domain prefix identifier that uniquely identifies the domain and a relative identifier (RID) that uniquely identifies the security principal within the domain.

PDC emulator: it is also responsible for time synchronizing within a domain. It is also the password master for a domain. Any password change is replicated to the PDC emulator as soon as is practical.

Infrastructure master: When an object in one domain is referenced by another object in another domain, it represents the reference by the GUID, the SID (for references to security principals), and the DN of the object being referenced. The infrastructure FSMO role holder is the DC responsible for updating an object’s SID and distinguished name in a cross-domain object reference. There is one Infrastructure FSMO role per domain and application NC in a directory.