Exact purpose of FSMO roles

Active Directory
#1

Hello all

I am learning FSMO roles and googled around for a 1-2 hours but still not fully understand purpose of FSMO roles. I have several questions below.

  1. If I have one domain and one DC and I decided to spin up new fresh DC and name it DC02. Those 2 DCs are working together fine and replicating is success. So, in this case does this mean all 5 FSMO roles are installed on just first DC? and not DC02 right? and if first DC(name it DC01) is turned off what will happen? will DC02 take care of everything? and if DC02 will take care of everything why? it doesn’t have all 5 FSMO roles :slight_smile:

  2. If I want to get rid of DC01 and instantly delete it. Everything will be fine right? I think I need to transfer roles to DC02 first before I remove DC01 right?

FSMO is very new to me and everything seems blurry :slight_smile:

#2

Hi @goebbelsx and welcome to the forum.

Interesting questions you are asking.

There are 2 Forest roles (Schema Master and Domain Naming Master) and 3 Domain roles (RID Master, PDC Emulator, and Infrastructure Master). All 5 FSMO roles are assigned to the first DC with the name DC01.

When we create a second DC and name it DC02 this new domain controller will not have the roles assigned as you stated earlier. If the first DC01 server is turned off DC02 will continue to take care of everything until you want to manipulate the roles or try to transfer them.

image

If all the DCs in a domain also host the global catalog, all the DCs have the current data and continue to work.

This video explains FSMO in detail.
Flexible Single Master Operations Roles (FSMO)

If you want to get rid of DC01 without transferring the roles first then you will need to “seize the roles” which tells the DC02 to forget who has the roles and be in charge of them.

1 Like
#3

Thanks for reply

I read somewhere that when DC01 gets turned off for some reason, those 5 FSMO roles gets transferred to DC02 automatically and when DC01 comes back again, those FSMO roles go back to DC01 which I think isn’t right. I have to transfer those roles to DC02 manually in case of DC01 isn’t responsive anymore

Am I correct? so, transferring roles aren’t automatic and needs to be done by hand

#4

That’s correct, you need to manually transfer them.

2 Likes