As you may know, Active Directory replicates data in a multi-master model meaning any domain controller can write to the database. To resolve conflicts between multiple servers concurrently writing changes, Active Directory uses a 'last write wins' resolution approach where the configuration is applied from the server that last made changes. Although this offers flexibility from where changes are made it can be an issue with particularly sensitive area's of Active Directory. To avoid issues, Microsoft has allocated 5 roles which write to AD in a Single-Master manner where only one server is allocated the job of writing changes. These are called Flexible Single Master Operation (FSMO) roles. The 5 FSMO roles are:
- Schema Master
- Domain naming master
- RID master
- PDC emulator
- Infrastructure master
Schema Master
The Schema Master is the only server in the domain that's allowed to change the structure (otherwise known as the schema) of the Active Directory database.
Domain Naming Master
The Domain Naming Master is the only server in the Forest which can add or remove domains from the Active Directory database.
RID Master
The RID Master is the only server in the domain which hands out Relative ID's (RIDs). A Relative ID is a unique identifier generated for each security principal (typically a user or group). When it's combined with the domain's unique identifier it creates an ID that is unique across domains.
RID = Security Principal Unique Identifier (typically a user or group)
domain SID = Domain's Unique Identifier
SID = domain SID + RID
PDC Emulator
The Primary Domain Controller (PDC) Emulator handles Time Synchronization and legacy Primary Domain controller functions for backwards compatibility with Windows NT 4.0 and earlier domains.
Infrastructure FSMO Role
The Infrastructure FSMO Role handles references of objects in other domains.
Note: Under certain circumstances you should assign this role to a domain controller that is NOT running as a Global Catalogue server. Please see the microsoft reference below for more details.
References:
https://support.microsoft.com/en-au/help/197132/active-directory-fsmo-roles-in-windows
