Domain Controller

A domain controller in Active Directory is a Windows Server which hosts all services and protocols within a given domain. Each domain controller may only service a single domain but roles within the same domain are usually distributed across a few different domain controllers.

Flexible Single-Master Operation (FSMO) Roles

Although Active Directory follows a multi-master model, some functions and services are still best managed by a single domain controller in order to avoid unnecessary complexity. These functions are grouped together into Flexible Single-Master Operation (FSMO, pronounced "fizmo") roles which are then assigned to specific domain controllers. There are five such roles:

By default, all of the FSMO roles are assigned to the first domain controller in the forest and they can be subsequently transferred to other servers.

Schema Master

There is only one Schema Master domain controller in a forest and it is the sole controller which is allowed to make changes to the Active Directory Schema. If there is no domain controller with this role, then it is not possible to make changes to the schema.

One can view who the Schema Master is with the following PowerShell command:

Get-ADForest | Select SchemaMaster

Domain Naming Master

As with the Schema Master, there is a single Domain Naming Master for the entire forest and it is the domain controller responsible for add and removing domains to and from the forest. The Domain Naming Master is the only DC allowed to add or remove domains and application partitions.

One can view the Domain Naming Master with the following PowerShell command:

Get-ADForest | Select DomainNamingMaster

Infrastructure Master