Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

6.1.5.3 RID Master FSMO Role

The RID Master FSMO role owner is the single DC responsible for processing RID pool requests from all DCs within a given domain. It is also responsible for moving an object from one domain to another during an interdomain object move.

When a DC creates a security principal object such as a user or group, it attaches a unique SID to the object. This SID consists of a domain SID (the same for all SIDs created in a domain) and a relative ID (RID) that is unique for each security principal SID created in a domain.

RIDs are allocated from a RID pool that is controlled by the RID Master FSMO. When a new domain is created, the rIDAvailablePool attribute on the RID Manager object is set to a value of 4611686014132421709. This value defines the minimum and maximum RIDs that will be allocated by the RID Master FSMO within the domain. See [MS-DRSR] section 4.1.10.5.12 for details on how this attribute is used by the RID Master FSMO. Each DC in the domain is then allocated a pool of RIDs that it is allowed to assign to the security principals it creates.

When a DC's allocated RID pool falls below a threshold, that DC issues a request for additional RIDs to the domain's RID Master FSMO role owner (see [MS-DRSR] section 4.1.10.4.3, PerformExtendedOpRequestMsg with ulExtendedOp = EXOP_FSMO_RID_REQ_ROLE). The RID Master FSMO role owner responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting DC (see [MS-DRSR] section 4.1.10.5.12, ProcessFsmoRoleRequest with ulExtendedOp = EXOP_FSMO_RID_REQ_ROLE). There is one RID Master FSMO role per domain in a directory.

See section 3.1.1.5 for more information about the RID Master's role in interdomain object move operations.

Show:
© 2015 Microsoft