RID Master FSMO Role


RID Master FSMO Role is a Flexible Single Master Operation and a Domain Controller responsible for processing Relative IDentifier (RID) Pool requests from all Domain Controllers within a given AD DOMAIN.

RID Master FSMO Role is also responsible for removing an object from its AD DOMAIN and putting it in another domain during an object Moddn/Modrdn.

When a Domain Controller creates a Security Principal Object such as a user or group, RID Master FSMO Role attaches a Unique Identifier called the Security Identifier (SID) to the object. This SID consists of a Domain SID (the same for all SIDs created in a domain), and a Relative IDentifier (RID) that is unique for each Security Principal Object SID created in a AD DOMAIN.

Each Windows Domain Controller in a domain is allocated a pool of RIDs that it is allowed to assign to the Security Principal Objects it creates. When a Domain Controller's allocated RID pool falls below a threshold, that Domain Controller issues a request for additional RIDs to the domain's RID Master FSMO Role. The RID Master FSMO Role responds to the request by retrieving RIDs from the domain's unallocated RID pool and assigns them to the pool of the requesting Domain Controller. There is one RID master per domain in a directory.

More Information#

There might be more information for this subject on one of the following: