What is Flexible Single Master Operation (FSMO)

1.a.com and 2.a.com are in same domain, where 1.a.com is the forest root domain controller and has two operation masters i.e. 1.Domain Naming Master  2.Schema Master.

The domain naming master allows creation of other domains within the same forest. The group of Enterprise Admin has the permission.

The schema master declares the schema for all the domain controllers in the forest.

The 2.a.com has ADDS database but not these two roles.

By default global catalog is installed in root domain controller and is optional in other domain controllers(Microsoft recommends to Have Global Catalog installed on all DCs.)

The global catalog is used to search between other domain objects in a multi-domain forest. Since the AD database is same in their domain so to search for objects/resources in other domain we need a global catalog server. Hence it is best practice to have all the domain controllers as global catalog server. GC stores only limited information like location, Username

If we do not have a global catalog server then the domain master operations i.e. Infrasture Master is used to fetch the resources in multi-domain.

It used SID of other ADDs which is obtained partially from AD and partially from the RID master.

The RID master gives the SIDs id unique number to every object in an Active Directory Domain.

For e.g. ClientPC is a member of domain “a.com” then if user1 is logged into it. The LSA (Local Security Authority) will give a unique SID where First three blocks are used for resource type(S-15-21) other three blocks are the AD database number and the final block if (500) is the RID (Unique number given to object user1)

So all the objects should get unique RIDs but incase we have multiple DCs in a domain then RID master assigns them a block. So that they never overlaps.

There is another Operation master in Domain via PDC emulator role this Domain controller in a domain is always synchronized with the forest root domain controllers PDC emulator for time synchronization.

Every domain has its DC paired with the forest root Dc’s PDC emulator.

In case a user’s password is changed by the Administrator in a DC and the user is already logged in using the old password then the DC contacts the DC with PDC emulator and terminated that user’s session.

Domain Servers are built to offer services that provide everything live and synchronized and for this it is important to have a seamless network between the devices. 

Hence, we will see same offline features if this network is not reliable.

·        To join a Device/Computer into a domain then we can use offline join using and command “ djoin ” which will create a file in DC and then should be copied and executed in the other computer/service which is to be joined.

·