+ Reply to Thread
Results 1 to 3 of 3
  1. Senior Member olaHalo's Avatar
    Join Date
    Jul 2012
    Location
    Las Vegas
    Posts
    736
    #1

    Default All 5 Operation Master Roles on the Same Domain Controller?

    Forgive me if I am understanding this wrong, I am only a few months into studying AD.

    Lets say you have simple 1 Forest, 1 Tree, 1 Domain setup.
    On your domain you have 10 Domain Controllers.
    Is it a big deal to have all the Operation Master Roles on single DC?

    Doing a quick search this seems to not be a big deal anymore. Everything I find on it concerns only Server 2003 networks and older.
    Thanks for any help?
    Just trying to gauge its importance.
    Reply With Quote Quote  

  2. SS -->
  3. Learn it, Do it, Know it! Asif Dasl's Avatar
    Join Date
    Aug 2010
    Location
    Ireland
    Posts
    2,061

    Certifications
    MCSA:2008/7 MCITP:EA/SA EDST/EST MCSE'03 SBS'08/'03 MCDST A+ N+ Sec+ Srv+ VCP5-DCV VCA-DCV/Cloud
    #2
    It's easier for me to link to WikiPedia than it is to write it all out! lol It's still relevant, not just for 2003...
    Quote Originally Posted by WikiPedia
    By default AD assigns all operations master roles to the first DC created in a forest. If new domains are created in the forest, the first DC in a new domain holds all of the domain-wide FSMO roles. This is not a satisfactory position. Microsoft recommends the careful division of FSMO roles, with standby DCs ready to take over each role. When a FSMO role is transferred to a different DC, the original FSMO holder and the new FSMO holder communicate to ensure no data is lost during the transfer. If the original FSMO holder experienced an unrecoverable failure, you can force another DC to seize the lost roles; however, there is a risk of data loss because of the lack of communications. If you seize a FSMO role instead of transferring the role, that domain controller can never be allowed to host that FSMO role again, except for the PDC emulator Master operation and the Infrastructure Master Operation. Corruption can occur within Active Directory. FSMO roles can be easily moved between DCs using the AD snap-ins to the MMC or using ntdsutil which is a command line based tool.

    Certain FSMO roles depend on the DC being a Global Catalog (GC) server as well. For example, the Infrastructure Master role must not be housed on a domain controller which also houses a copy of the global catalog in a multi-domain forest (unless all domain controllers in the domain are also global catalog servers), while the Domain Naming Master role should be housed on a DC which is also a GC. When a Forest is initially created, the first Domain Controller is a Global Catalog server by default. The Global Catalog provides several functions. The GC stores object data information, manages queries of these data objects and their attributes as well as provides data to allow network logon.

    The PDC emulator and the RID master should be on the same DC, if possible. The Schema Master and Domain Naming Master should also be on the same DC. To provide fault tolerance, there should be at least 2 domain controllers available within each domain of the Forest. Furthermore, the Infrastructure Master role holder should not also be a Global Catalog Server, as the combination of these two roles on the same host will cause unexpected (and potentially damaging) behaviour in a multi-domain environment.
    Phantoms, tombstones and the infrastructure master
    Reply With Quote Quote  

  4. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    5,819

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #3
    Good summary. Technically, yes, you can do it and it's not a big deal. Having said that, why would you put all your eggs in one basket?
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks