6.1.5 FSMO Roles

References: SID, RID, RID Allocation, RID Master role in interdomain move, PDC Emulator role, Infrastructure role

Functions: RoleObject, GetRoleScope

Glossary terms: FSMO role, NC replica, DC, SID

LDAP attributes: fSMORoleOwner

LDAP classes: nTDSDSA

A FSMO role is defined as a set of objects that can be updated in only one NC replica at any given time. The DC that hosts this NC replica is the owner for that FSMO role.

Each FSMO role is represented by an object in the directory. The function RoleObject (section specifies the object for a given FSMO role type and NC. This object is an element of the FSMO role and contains the fSMORoleOwner attribute, which references the nTDSDSA object of the DC that owns the role. The function GetRoleScope defined in [MS-DRSR] section identifies the set of objects that comprise each FSMO role. These objects must be updated only on the DC that currently owns the FSMO role.