Active Directory

Active Directory domain controller in a forest is granted five FSMO roles when you run the Dcpromo.exe program and install Active Directory.

There are two FSMO roles that are forest-wide and three that are per domain. If child domains are created, the two forest-wide roles do not change. A forest with two domains would have eight FSMOs; two for the forest and three domain specific FSMO roles in each domain.

The five FSMO roles are:
‧ Schema master - Forest-wide and one per forest.
‧ Domain naming master - Forest-wide and one per forest.
‧ RID master - Domain-specific and one for each domain.
‧ PDC - PDC Emulator is domain-specific and one for each domain.
‧ Infrastructure master - Domain-specific and one for each domain.

DRA (directory replication agent)
NT File Replication Service (NTFRS)

The Lsass.exe process is responsible for management of local security authority domain authentication and Active Directory management. This process handles authentication for both the client and the server, and it also governs the Active Directory engine. The Lsass.exe process is responsible for the following components:
‧ Local Security Authority
‧ Net Logon service
‧ Security Accounts Manager service
‧ LSA Server service
‧ Secure Sockets Layer (SSL)
‧ Kerberos v5 authentication protocol
‧ NTLM authentication protocol