Flexible single master operation

Flexible Single Master Operations ( FSMO ) or operations masters ( master mode ), special tasks, the domain controllers only take within the Active Directory of Microsoft. The tasks can be distributed to different servers, but should any of these roles are played simultaneously by multiple servers.

Flexible Single Master Operations includes the following, roles ':

By default, the first domain controller is assigned all five FSMO roles in a forest. A domain controller in a sub-domain by default gets transferred the three domain-wide features. The forest-wide roles can only domain controllers of the first root domain of the forest to be assigned.

Transfer a role to another domain controller

FSMO roles can of domain controller (DC) domain to be (hence "Flexible " in the name) controller arbitrarily transferred. However, it must be distinguished whether the role is to be transferred or inherited. If the role is passed, both of which are involved domain controller online and get this transfer. The role will be disabled on the source DC and enabled on the target DC. Both domain controllers can remain in the network. In an emergency it is not always the case that both domain controllers are online. In this case, the role will only be accepted. Adopting is a forced transfer of the master, which means that both are not domain controllers involved in the role transfer. This must be carried out as the last action, if it is ensured that the old server, which knows nothing of the forced takeover, never comes back online. For these reasons, Microsoft allows this transmission does not have GUI tools, but only aware of using command line tools, and even there only with many explicit warnings so that the administrator is aware of the step. However, the installation can be used as Beistellserver if previously DCPROMO / forceremoval was (of course without network) made ​​. Such Beistellserver but no one wants to really and truly makes sense only if other data are stored on the server and they are to be incorporated into the network. The best solution, however, is newly set up the server. Then the device can be a domain controller again.

Security Identifier
120864
de