FSMO roles always been one of the hottest subject in pretty much in any interview and the functionality is curtail for any network administrator to understand. Before we even mentioned about FSMO roles, let's ask these questions and try to understand the concept and see the need for FSMO roles (Operation Masters)Single master replication model, compare to multi master replication model. In single master replication model the active directory .DIT databases is read and write for the PDC (Primary domain Controller). The BDC (Backup domain controller) has only read copy of .DIT database (Active directory data base)
Now MultiMate replication model is, all domain controllers have read and write copy of the .DIT database. Client can register its own records to any available DC/GC in multi-master replication model. So obviously there is redundancy available to the clients. If you remember the concept of DNS and its integration with AD (Active directory).Multi master replication model is good. However some certain task still needed to be handled by specific DC's, therefore the Operations Masters (FSMO) was born.
First DC called sometimes root DC will inherit all FSMO roles.
- DNS (Domain naming master)
- Schema Master
- PDC Emulator
- RID master
- Infrastructure master
Now, if we have 12 domains how many FSMO roles we have (Consider one forest). The answers is going to be 38FSMO roles, 36 (each domain) + two of the forest wide roles.
Now we have following DC's and we will distribute the FSMO roles.
Keep Schema master and Domain naming master on the same DC (easy administration). We could keep them separate as well; I don't see a reason doing it. We will make sure the DC has both roles is a Global catalog server as well.
PDC Emulator and RID Master are being kept on the same domain controller. We need to offload the GC role from this domain controller, (GC are being used heavily)
Infrastructure Master Role can be held by a domain controller hosting the Global Catalog in two circumstances: when there is only one domain in your forest or when every single domain controller in your forest also hosts the Global Catalog.
MCITP (EMA), MCITP (SA),
MCSE 2003 M+ S+ MCDST
Security Project+ Server+