Introduction to the Windows Server 2016-fsmo operations master role

FSMO Five operations master roles

1. Forest-wide operations master roles (two types):

Schema master role: schema master

Domain naming master role: Domains naming master

2. Domain-wide operations master roles (three):

Domain-wide operations master:

RID master role: RID Master

PDC Impersonation master role: PDC Emulator

Infrastructure master role: Infrastructure Master

The PS. Forest-wide master role must be unique, and domain-scoped master roles must also be unique.

Schema master:

Used to define all domain object properties; The owner of the schema master is the domain controller responsible for updating and modifying the forest schema, and there can be only one schema master role in the forest. The default schema master role owner is the first domain controller in the forest. The schema master is only used when you need to make changes to the schema, which are generally planned beforehand, so the schema master allows for a short time offline, and if the domain controller for all of your schema master roles fails, you can wait for the repair to come back online.

Domain naming master (realm naming master):

If you add a new domain within a domain forest, the domain naming master must determine the legitimacy of the domain name, that is, the owner of the domain naming master is responsible for adding or changing the server to the forest namespace, such as adding and removing domains in the forest. You can also have only one domain naming master role in the forest, and the default domain naming master role owner is the first domain controller in the forest.

RID Masters (RID master):

There is one RID master role in each domain that is used to manage the RID pool. When a new object is created in the domain, the domain controller must assign a unique security identifier (SID) to the object whose SID is comprised of the domain SID and rid, but the rids are not generated by the domain controller itself, and are distributed uniformly by the RID master. When the rid of a domain controller is less than 50%, the DC requests the RID master to obtain a new set of RIDs. (a set of RIDs is 500, the maximum number of domain objects supported by the RID role is 1073741823 and can be viewed through dcdiag/v.) Another role is to confirm the uniqueness of the domain object through RID master when accessing and migrating domain objects across domains.

PDC emulation host (PDC Emulator):

The PDC emulation host is used to emulate the primary domain controller of Windows NT and is compatible with the lower version of the domain controller; the PDC of the forest root domain is the authoritative time source for the entire forests, can be used for synchronization and time proofing, etc. to prevent duplicate application of Group Policy; Active Directory database priority replication rights;

Infrastructure master (Infrastructure Master):

The infrastructure master is primarily responsible for updating references to cross-domain objects. The infrastructure master role compares its data to the global catalog's data, and the global catalog accepts periodic updates of objects in all domains through replication, thus keeping the global catalog's data always up to date.

Attention:

Tanvirine: The infrastructure master can be deployed on any domain controller in the domain, regardless of whether the domain controller hosts the global catalog.

multidomain Forest: If no domain controller is hosting the global catalog in the specified domain in a multidomain forest, the infrastructure master must be deployed on a domain controller that does not host the global catalog.

Introduction to the Windows Server 2016-fsmo operations master role