Lot of applications now-a-days use Active Directory.

If you associate your application

with username that is part of a domain environment, or the computer where you have
installed your application is the member of domain, it can be used for authentication or
for many other purposes. Hence, it's somewhere linked with your Windows AD. If you
are using Windows AD in your environment it's essential to understand FSMO roles that
maintains Active Directory health. So to understand the importance, in this article you
will learn what are the roles, its features, and how to seize them in case of any failures.
Flexibility Schema Operations Master (FSMO) Roles in 2008 Server
As we are all aware that certain tasks needs to be performed by single one, so as far
AD 2008 goes some tasks are performed by single domain controller and they jointly
called as FSMO roles.
There are five roles:
They are further classified in two
1. Forest Roles

Schema Master - As name suggests, the changes that are made while creation
of any object in AD or changes in attributes will be made by single domain
controller and then it will be replicated to another domain controllers that are
present in your environment. There is no corruption of AD schema if all the
domain controllers try to make changes. This is one of the very important roles in
FSMO roles infrastructure.

Domain Naming Master - This role is not used very often, only when you
add/remove any domain controllers. This role ensures that there is a unique
name of domain controllers in environment.

2. Domain Roles

Infrastructure Master - This role checks domain for changes to any objects. If
any changes are found then it will replicate to another domain controller.

RID Master - This role is responsible for making sure each security principle has
a different identifier.

PDC emulator - This role is responsible for Account policies such as client
password changes and time synchronization in the domain

Where these roles are configured?

1. Domain wide roles are configured in Active Directory users and computers. Right
click and select domain and here option is operations master.

2. Forest roles Domain Naming master is configured in active directory domain and
trust right click and select operations master. It will let you know the roles.
3. (c)Forest roles Schema Master is not accessible from any tool as they want to
prevent this. Editing schema can create serious problem in active directory
environment. To gain access you need to create snap-in and register dll file by
regsvr32 schmmgmt.dll.
Seizing of Roles
In case of failures of any server you need to seize the roles. This is how it can be done:
For Schema Master:
Go to cmd prompt and type ntdsutil
1. Ntdsutil: prompt type roles to enter fsmo maintenance.
2. Fsmo maintenance: prompt type connections to enter server connections.
3. Server connections: prompt, type connect to server domain controller, where
Domain controller is the name of the domain controller to which you are going to
transfer the role
4. Server connections: prompt, type quit to enter fsmo maintenance.
5. Fsmo maintenance: prompt, type seize schema master.
After you have Seize the role, type quit to exit NTDSUtil.
For Domain Naming Master:
Go to cmd prompt and type ntdsutil
1. Ntdsutil: prompt type roles to enter fsmo maintenance.
2. Fsmo maintenance: prompt type connections to enter server connections.
3. Server connections: prompt, type connect to server domain controller, where
Domain controller is the name of the domain controller to which you are going to
transfer the role
4. Server connections: prompt, type quit to enter fsmo maintenance.
5. Fsmo maintenance: prompt, type seize domain naming master.
After you have Seize the role, type quit to exit NTDSUtil.

For Infrastructure Master Role:

Go to cmd prompt and type ntdsutil
1. Ntdsutil: prompt type roles to enter fsmo maintenance.
2. Fsmo maintenance: prompt type connections to enter server connections.
3. Server connections: prompt, type connect to server domain controller, where
Domain controller is the name of the domain controller to which you are going to
transfer the role
4. Server connections: prompt, type quit to enter fsmo maintenance.
5. Fsmo maintenance: prompt, type seize infrastructure master.
After you have Seize the role, type quit to exit NTDSUtil.
For RID Master Role:
Go to cmd prompt and type ntdsutil
1. Ntdsutil: prompt type roles to enter fsmo maintenance.
2. Fsmo maintenance: prompt type connections to enter server connections.
3. Server connections: prompt, type connect to server domain controller, where
Domain controller is the name of the domain controller to which you are going to
transfer the role
4. Server connections: prompt, type quit to enter fsmo maintenance.
5. Fsmo maintenance: prompt, type seize RID master.
After you have Seize the role, type quit to exit NTDSUtil.

For PDC Emulator Role:

Go to cmd prompt and type ntdsutil
1. Ntdsutil: prompt type roles to enter fsmo maintenance.
2. Fsmo maintenance: prompt type connections to enter server connections.

3. Server connections: prompt, type connect to server domain controller, where

Domain controller is the name of the domain controller to which you are going to
transfer the role
4. Server connections: prompt, type quit to enter fsmo maintenance.
5. Fsmo maintenance: prompt, type seize PDC.
After you have Seize the role, type quit to exit NTDSUtil.