5 fsmo roles

The operations master roles, also known as flexible single master operations (FSMO)
roles, perform specific tasks within a domain. The five FSMO roles are:

 Schema Master
 Domain naming Master
 Infrastructure Master
 Relative ID (RID) Master
 PDC Emulator

In every forest, there is a single Schema and Domain naming Master which are

discussed in the Forest section of the tutorial.

In each domain, there is 1 Infrastructure Master, 1 RID Master, and 1 PDC
Emulator. At any given time, there can only be one DC performing the functions of
each role.

Therefore, a single DC could be running all five FSMO roles, however, there can be
no more than five servers in a single-domain environment that run the roles.

For additional domains, each domain will contain its own Infrastructure Master, RID
Master, and PDC Emulator.

The RID Master provisions RIDs to each DC in a domain.

New objects in a domain, such as a user or computer object, receive a

unique security identifier (SID). The SID includes a domain identifier, which is
unique to each domain, and a specific RID for each object. Combining the two
ensures that every object in the domain has a unique identifier, but contains both the
domain SID and the RID.

The PDC Emulator controls authentication within a domain, whether Kerberos

v5 or NTLM. When a user changes their password, the change is processed by the
PDC Emulator.

Finally, the Infrastructure Master synchronizes objects with the global catalog

servers.
The infrastructure Master will compare its data to a global catalog server’s data and
receive the data not found in its database from the global catalog server. If all DCs in
a domain are also global catalog servers, then all DCs will have up-to-date
information, assuming that replication is functional. In such a scenario, the location
of the Infrastructure Master role is irrelevant since it doesn’t have any real work to
do.