FSMO, or Flexible Single Master Operations, is a set of roles that are assigned to one or more Domain Controllers (DCs) that perform a single master operation. These roles exist because Active Directory (AD) is designed as a multi-master replication system. All domain controllers in this system (with the exception of Read-Only Domain Controllers (RODCs) have a writable copy of the AD database.
There are certain directory operations that require a single authoritative master. The DCs that are assigned these roles perform these specific roles are known as operations masters. The DC that holds the specific role will ensure consistency and mitigate the potential for conflicting entries in the database.
The five operations master roles in AD are as follows:
- Schema Master
- Domain Naming Master
- RID Master
- PDC Emulator
- Infrastructure Master
The first two roles, Schema Master and Domain Naming Master are found once per forest, regardless of how many domains are members of the forest. The other three roles exist once per every domain in the forest. Therefore, if a forest contained three domains, there would be three RID Masters, three PDC Emulators, and three Infrastructure Masters.
When you create the AD instance, the first domain controller in the root domain will hold all of these roles by default. As you add child domains, the first domain controller in each child domain will hold the three domain roles by default. After more DCs are added to the domain, the roles can be moved around freely.