FSMO Roles

Role Purpose Impact of failure
Forest Wide Schema Master 1. Responsible for performing updates to the AD schema

2. It contains the only writable copy of AD schema

3. Once update completes, it will replicate the same to all other DCs in the forest

1. Not possible to update AD schema
Domain Naming Master 1. Responsible for making changes to the forest-wide domain name space

2. Responsible to add/remove domain from forest

1. Can’t add/remove domain

2. Can’t promote or demote DC

Domain Wide PDC

Primary Domain Controller


1. Password update

2. Authentication failure updates

3. Account lockout

4. Time Synchronization for the Domain

5. GPO changes update

1. User/Server manager

2. Can’t change password


Relative Identifier Master

1. Responsible for processing RID pool request in Domain

2. Responsible for object movement

3. RID makes object unique in the domain

1. Only when add/remove more no of objects
Infrastructure Master 1. Responsible for cross domain updates & lookups

2. Responsible for updating an object’s SID & Distinguished Name in a cross-domain object reference

1. It impact only in the multi-domain environment

