Information Technology Reference
In-Depth Information
in an area where Active Directory objects are created most often, such as near the administrator's
office. This FSMO role must be highly available to other DCs and is ideally placed with the PDC
emulator because the PDC emulator uses the RID master's services frequently. Because the RID
master doles out RIDs to DCs in blocks of 500, temporary downtime might not be noticed.
However, if a DC has exhausted its pool of RIDs, and the RID master is not available, new objects
can't be created. In the event of an RID master failure, moving this role to another server should
be considered only if the original RID master is down permanently.
Infrastructure Master
A temporary interruption of this role's services probably won't be
noticed. This role is most needed when many objects have been moved or renamed. The infra-
structure master role shouldn't be performed by a DC that's also a global catalog server, unless
all servers in the forest have been configured as global catalog servers or there's only one domain
in the forest. However, a global catalog server should be in the same site as the infrastructure
master because there's frequent communication between these two roles. In the event of an infra-
structure master failure, the role can be moved to another DC, if necessary, and returned to the
original server when it's back in service.
The only time the infrastructure master and global catalog can be on the
same DC is when there's only one domain in the forest or all DCs are
configured as global catalog servers. If neither is the case, and the infra-
structure master is also a global catalog server, the infrastructure master
never finds out-of-date data, so it never replicates changes to other DCs
in the domain.
Because of the critical nature of the functions FSMO role holders perform, administrators should
be familiar with two important FSMO management operations: transferring and seizing. These
two functions enable administrators to change the DC performing the FSMO role to make the
Active Directory design more efficient and to recover from server failure. Of course, system
backups should always be part of managing disaster recovery. Chapter 13 covers backup and
restore of Active Directory.
Transferring Operations Master Roles
Transferring an operations master role
means moving the role's function from one server to another while the original server is still in
operation. This transfer is generally done for one of the following reasons:
• The DC performing the role was the first DC in the forest or domain and, therefore, holds
all domain-wide or domain- and forest-wide roles. Unless you have only one DC, distrib-
uting these roles to other servers is suggested.
• The DC performing the role is being moved to a location that isn't well suited for the role.
• The current DC's performance is inadequate because of the resources the FSMO role
requires.
• The current DC is being taken out of service temporarily or permanently.
The five FSMO roles and the MMCs used to transfer them are listed in Table 10-1.
Table 10-1
The MMCs for transferring FSMO roles
FSMO Role
MMC
Schema master
Active Directory Schema
Domain naming master
Active Directory Domains and Trusts
RID master, PDC emulator master, and infrastructure master
Active Directory Users and Computers
Search WWH ::
Custom Search