In the previous installment of this article, you learned that Windows Server 2003 supports five different FSMO roles. Two of those roles — the Schema Master and the Domain Naming Master — are forest-wide roles.

Having schema updates performed on any domain controller in the forest would result in inconsistencies. The schema master is the one domain controller in the entire forest where changes to the schema can be made. Attempting to perform write operations to the schema from any other domain controllers will result in an error message.

Once modifications are made to the Schema, they are replicated to other domain controllers in the forest. The first server to have Active Directory installed automatically assumes the role of the Schema Master. If necessary, the role can be transferred to another domain controller using the Active Directory Schema snap-in.

The Domain Naming Master is primarily responsible for two tasks: the addition of and removal of domains to the forest. When you run the Active Directory installation wizard to create a new domain or remove an existing one, the Domain Naming Master must be available. If the Domain Naming Master is unavailable, both operations will fail. As with the schema master, the first server with Active Directory installed assumes the role of the Domain Naming Master. The role can be transferred to another domain controller using the Active Directory Domains and Trusts snap-in.

The remaining three Operation Master roles are domain-wide which means each domain must have one domain controller designated in each of these roles. The domain-wide Operation Master roles include the Relative ID (RID) Master, the Primary Domain Controller (PDC) Emulator, and the Infrastructure Master.