From LedHed's Wiki
Revision as of 00:38, 9 September 2013 by Ledhed (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Overview

FSMO Roles are critical components of Active Directory.
They can only exist on a single Domain Controller at any given time.

So the question often arises "Where should we place the FSMO's".
The answers vary from admin to admin.

In my experience (ranging from small mom & pop businesses to large scale Enterprise) there are only 2 feasible answers to this question.

  1. Place all the FSMO's on a single DC.
  2. Place the Schema Master and Domain Naming Master roles on one DC, and the remaining Roles, on another.


All your eggs in one basket

This approach makes sense in small environments. For example, you run a version of SBS (which only allows one DC). Or you're in a small single forest environment.
You may be asking yourself "Why wouldn't you want to distribute these critical roles?"
The answer is simple: It creates unnecessary complexity. FSMO roles are critical but they can be seized in the event of a catastrophe.


Split between 2 Domain Controllers

This approach can makes sense in larger environments. For example, If you do have a catastrophic failure of a FSMO role holder, then you only have to seize a small portion of the roles. I consider this a valid reason, but not one that is very practical as the time savings is probably measured in seconds.

Another example is for load balancing. The PDC Emulator role is probably the most CPU intensive role, so the argument could be made that placing it on its own DC could improve performance.


References

http://blogs.technet.com/b/bpuhl/archive/2005/12/07/415761.aspx