Placing Operations Masters

When you create the forest root domain with its first domain controller, all five operations master roles are performed by the domain controller.  As you add domain controllers to the domain, you can transfer the operations master role assignments to other domain controllers to balance the load among domain controllers or to optimize placement of a single master operation.  The best practices for the  placement of operations master roles are as follows:

  • Co-locate the schema master and domain naming master – The schema master and domain naming master roles should be placed on a single domain controller that is a GC server.  These roles are rarely used, and the domain controller hosting them should be tightly secured.  The domain naming master must be hosted on a GC server because when a new domain is added, the master must ensure that there is no object of any type with the same name as the new domain.  The GC’s partial replica contains the name of every object in the forest.  The load of these operations master roles is very light unless schema modifications are being made.
  • Co-locate the RID master and PDC Emulator roles – Place the RID and PDC Emulator roles on a single domain controller.  If the load mandates that the roles be placed on two separate domain controllers, those two systems should be physically well connected and have explicit connection objects created in Active Directory so that they are direct replication partners.  They should also be direct replication partners with domain controllers that you have selected as standby operations masters.
  • Place the infrastructure master on a DC that is not a GC – The infrastructure master should be placed on a domain controller that is not a GC server but is physically well connected to a GC server.  The infrastructure master should have explicit connection objects in Active Directory to that GC server so that they are direct replication partners.  The infrastructure master can be placed on the same domain controller that acts as the RID master and PDC Emulator.

*The infrastructure master can be placed on the same domain controller that acts as the RID master and PDC emulator.

*It doesn’t matter if they’re all GCs – If all DCs in a domain are GC servers – which indeed is a best practices recommendation, “Sites and Replication” – you do not need to worry about which DC is the infrastructure master.  When all DCs are GCs, all DCs have up-to-date information about every object in the forest, which eliminates the need for the infrastructure master role.

by: Dan Holme, Nelson Ruest, and Danielle Ruest

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s