Certain domain and enterprise-wide operations aren't well suited to multi-master updates. In these situations, the operations must be done on a single domain controller in the domain or in the forest. Having a single-master owner defines a well-known target for critical operations, and prevents possible conflicts or latency created by multi-master updates. It means that the relevant FSMO role owner must be online, discoverable, and available on the network by computers that must perform FSMO-dependent operations.
| FSMO Role | Scope | Function and availability requirements |
|---|---|---|
| Schema Master | Enterprise | - Used to introduce manual and programmatic schema updates. It includes those updates that are added by Windows ADPREP /FORESTPREP, by Microsoft Exchange, and by other applications that use Active Directory Domain Services (AD DS).- Must be online when schema updates are performed. |
| Domain Naming Master | Enterprise | - Used to add and to remove domains and application partitions to and from the forest. - Must be online when domains and application partitions in a forest are added or removed. |
| Primary Domain Controller | Domain | - Receives password updates when passwords are changed for the computer and for user accounts that are on replica domain controllers. - Consulted by replica domain controllers that service authentication requests that have mismatched passwords. - Default target domain controller for Group Policy updates. - Target domain controller for legacy applications that perform writable operations and for some admin tools. - Must be online and accessible 24 hours a day, seven days a week. |
| RID | Domain | - Allocates active and standby RID pools to replica domain controllers in the same domain.
|
| Infrastructure Master | Domain Application partition | - Updates cross-domain references and phantoms from the global catalog. For more information, see Phantoms, tombstones, and the infrastructure master
|
- 5 views