You are on page 1of 2

Explain in short about 5 FSMO roles.

How many domain and forest FSMO roles


are there?
Flexible Single Master Operation (FSMO)
Domain
RID master: is a DC which assigns or distributes RIDs to every DC in a
Domain.
PDC emulator: provides emulated PDC service for Windows NT BDCs in
mixed mode.
Infrastructure master: is responsible for updating references from objects in
its domain to objects in other domains.
Forest
Schema Master: is a domain controller that handles all active directory
schema related activities in a Forest.
Domain Naming Master: handles or controls the addition or removal of
domains in the forest.

What is PDC emulator role?


PDC emulator provides various services
In mixed mode
To act as PDC for Windows NT BDCs
Password changes performed by other DCs in the domain are replicated
preferentially to the PDC emulator.
Authentication failures that occur at a given DC in a domain because of an
incorrect password are forwarded to the PDC emulator before a bad password
failure message is reported to the user.
Account lockout is processed on the PDC emulator.
In native mode
Password changes performed by other DCs in the domain are replicated
preferentially to the PDC emulator.
Account lockout is processed on the PDC emulator.
Authentication failures that occur at a given DC in a domain because of an
incorrect password are forwarded to the PDC emulator before a bad password
failure message is reported to the user.
Time synchronization between DCs
Editing or creation of Group Policy Objects (GPO) is always done from the
GPO copy found in the PDC Emulator's SYSVOL share, unless configured not
to do so by the administrator.

What happens when PDC emulator is down?


If the PDC master is down or offline is effects network users. User will not able to
handle password changes, account lockout, time sync, etc. Therefore, when the PDC
emulator master is not available, you may need to immediately seize the role.

What is difference between Seizing and transfer of roles?


The difference between transfer and seize is that, seizing is used when the source DC
is down or offline. Seizing means forcing a DC to be take the control of the role if the
original DC is down or offline. While in case of transfer both the source and
destination DC should be online. Transferring is graceful method of assigning roles.
What is seizing of roles?
Seizing means forcing a DC to be assigning a role to new DC if the original DC is
down or offline.

What are two methods of transferring Domain level roles?


Method - I
Active Directory Users and Computers snap-in

Method - II ntdsutil.exe is command line tools use to transfer or seize operation


master roles

What are two methods of transferring Forest level roles?


Method - I
Schema master: Active Directory schema snap-in
Domain naming master: Active directory domains and trust

Method - II
Ntdsutil.exe is command line tools use to transfer or seize operation master roles

Which command is used to view domain naming master role?


Dsquery server hasfsmo name

How to view Schema Master Role?


Dsquery server hasfsmo schema