Windows 7 / Getting Started

Optimizing the Placement of Operations Masters

When you create the forest root domain with its first domain controller, all five operations master roles are performed by the domain controller. As you add domain controllers to the domain, you can transfer the operations master role assignments to other domain controllers to balance the load among domain controllers or optimize placement of a single master operation. The best practices for the placement of operations master roles are as follows:

  • Co-locate the schema master and domain naming master: The schema master and domain naming master roles should be placed on a single domain controller that is a GC server. These roles are rarely used, and the domain controller hosting them should be tightly secured. The domain naming master must be hosted on a GC server, because when a new domain is added the master must ensure that there is no object of any type with the same name as the new domain. The GC's partial replica contains the name of every object in the forest. The load of these operations master roles is very light unless schema modifications are being made.
  • Co-locate the RID master and PDC Emulator roles: Place the RID and PDC Emulator roles on a single domain controller. If the load mandates that the roles be placed on two separate domain controllers, those two systems should be physically well connected and have explicit connection objects created in Active Directory so that they are direct replication partners. They should also be direct replication partners with domain controllers that you have selected as standby operations masters.
  • Place the infrastructure master on a DC that is not a GC: The infrastructure master should be placed on a domain controller that is not a GC server but is physically well connected to a GC server. The infrastructure master should have explicit connection objects in Active Directory to that GC server so that they are direct replication partners. The infrastructure master can be placed on the same domain controller that acts as the RID master and PDC emulator.
  • Have a failover plan: In following sections, you learn to transfer single operations master roles between domain controllers, which is necessary if there is lengthy planned or unplanned downtime of an operations master. Determine, in advance, a plan for transferring operations roles to other DCs in the event that one operations master is offline.

Identifying Operations Masters

To implement your role placement plan, you must know which DCs are currently performing single master operations roles. Each role is exposed in an Active Directory administrative tool as well as in other user interface and command-line tools. To identify the current master for each role, use the following tools:

  • PDC Emulator: The Active Directory Users And Computers snap-in Right-click the domain and choose Operations Masters. Click the PDC tab.
  • RID Master: The Active Directory Users And Computers snap-in Right-click the domain and choose Operations Masters. Click the RID tab.
  • Infrastructure Master: The Active Directory Users And Computers snap-in Right-click the domain and choose Operations Masters. Click the Infrastructure tab.
  • Domain Naming: The Active Directory Domains And Trusts snap-in Right-click the root node of the snap-in (Active Directory Domains And Trusts) and choose Operations Master.
  • Schema Master: The Active Directory Schema snap-in Right-click the root node of the snap-in (Active Directory Schema) and choose Operations Master.
Note:
You must register the Active Directory Schema snap-in before you can create a custom Microsoft Management Console (MMC) with the snap-in. At a command prompt, type regsvr32 schmmgmt.dll.

You can also use several other tools to identify operations masters, including the following commands:

  • NTDSUtil Type the following series of commands in Command Prompt to list the operations master roles of a domain controller: 
    ntdsutil
roles
connections
connect to server DomainControllerFQDN
quit
select operation target
list roles for connected server
quit
quit
quit
  • DCDiag Type the following command to list the operations master roles of a domain controller:
    dcdiag /test:knowsofroleholders /v
  • NetDom Type the following command to list the operations master roles of a domain controller:
    netdom query fsmo
[Previous] [Contents] [Next]

In this tutorial:

  1. Administering Domain Controllers
  2. Deploying Domain Controllers
  3. Unattended Installation Options and Answer Files
  4. Installing a New Windows Server 2008 R2
  5. Installing Additional Domain Controllers in a Domain
  6. Installing an Additional Domain Controller
  7. Installing a New Windows Server 2008 Child Domain
  8. Staging the Installation of an RODC
  9. Installing AD DS from Media
  10. Managing Operations Masters
  11. Domain-Wide Operations Master Roles
  12. Optimizing the Placement of Operations Masters
  13. Transferring Operations Master Roles
  14. Seizing Operations Master Roles
  15. Configuring DFS Replication of SYSVOL
  16. Understanding Migration Stages