FSMO (Flexible Single Master Operations) refers to specialized roles held by domain controllers within an Active Directory (AD) environment. These roles are assigned to ensure proper functioning and prevent conflicts in specific tasks. There are five FSMO roles:
1. Schema Master: This role is responsible for controlling updates and modifications to the AD schema. The schema defines object classes, attributes, and their relationships in AD. There can be only one Schema Master within an entire AD forest.
2. Domain Naming Master: This role manages the addition and removal of domains within an AD forest. It ensures that each domain has a unique name and prevents the creation of duplicate domains. There can be only one Domain Naming Master within an entire AD forest.
3. PDC Emulator (Primary Domain Controller Emulator): This role emulates the primary domain controller for legacy systems and handles time synchronization, password changes, and account lockouts. The PDC Emulator is also the authoritative source for password updates. There can be one PDC Emulator per domain.
4. RID Master (Relative ID Master): This role is responsible for assigning unique relative identifiers (RIDs) to domain controllers for creating new security principals (e.g., users, groups, and computers). Each security principal must have a unique SID (Security Identifier), which includes the RID. There can be one RID Master per domain.
5. Infrastructure Master: This role maintains cross-domain references and ensures consistency when moving or renaming objects between domains. The Infrastructure Master updates references to objects in other domains and is particularly important in a multi-domain environment. There can be one Infrastructure Master per domain.
Комментариев нет:
Отправить комментарий