Flexible single master operation (FSMO, F is sometimes floating), or just single master operation or operations master, is a feature of Microsoft's Active Directory (AD).

FSMOs are specialised domain controller (DC) tasks, used where standard data transfer and update methods are inadequate. AD normally relies on multiple peer DCs, each with a copy of the AD database, being synchronised by multi-master replication . The tasks which are not suited to multi-master replication, and are viable only with a single-master database, are:

One only in each AD forest

• Schema Master that manages modifications to the AD schema and its replication to other DCs.
• Domain Naming Master that manages adding, removing, and some modification operations for domains.

One only in each domain

• Relative ID Master that allocates security RIDs to DCs to assign to new AD security principals (users, groups or computer objects). It also manages objects moving between domains.
• Infrastructure Master that maintains SIDs, GUIDs, and DNs for objects referenced across domains. Most commonly it updates user and group links.
• PDC Emulator that emulates a Windows NT Primary Domain Controller. It is also the favored DC for other DCs in replicating and confirming password information.

FSMO roles can be easily moved between DCs using the AD snap-ins to the MMC or using ntdsutil, hence the use of the word flexible in the name.

Some may include domain controllers holding a global catalog (GC) in this group as well. Certain FSMO roles depend on the GC. For example, an infrastructure master must not be a domain controller with a global catalog in a multi-domain forest (but should be close to a GC), while the domain naming master shouldt be a DC with a GC.

By default AD assigns all operations master roles to the first AD DC created. This is not a satisfactory position. Microsoft recommends the careful division of FSMO roles, with standby (not active!) operations masters for each role - in the event of an unrecoverable failure other DCs can seize the lost roles. Further the PDC emulator and the RID master should be on the same DC, if possible. The schema master and domain naming master should also be on the same DC.

Other subsidiary roles exist for AD Sites. They must have a licensing server, although it does not have to be a DC. Sites also need at least two bridgehead servers (primary and backup), through which replication data from other sites is managed.

It seems that the term FSMO is being depreciated in favour of operations masters.