skip to main |
skip to sidebar
- Place the RID and PDC emulator roles on the same domain controller. Good communication from the PDC to the RID master is desirable as down level clients and applications target the PDC, making it a large consumer of RIDs.
- As a general rule, the infrastructure master should be located on a non global catalog server that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold. Two exceptions to the "do not place the infrastructure master on a global catalog server" rule are:
1. Single domain forest: In a forest that contains a single Active Directory domain, there are no phantoms, and so the infrastructure master has no work to do. The infrastructure master may be placed on any domain controller in the domain, regardless of whether that domain controller hosts the global catalog or not.
2. Multi domain forest: Where every domain controller in a domain holds the global catalog: If every domain controller in a domain that is part of a multi domain forest also hosts the global catalog, there are no phantoms or work for the infrastructure master to do. The infrastructure master may be put on any domain controller in that domain.
- At the forest level, the schema master and domain naming master roles should be placed on the same domain controller as they are rarely used and should be tightly controlled. Additionally, the domain naming master FSMO should also be a global catalog server. Certain operations that use the domain naming master, such as creating grand-child domains, will fail if this is not the case.
Note: If the Schema Master or RID role is seized, it is critical that the original server never be restored and brought back to the forest. To do so may cause Schema corruption and data inconsistency.
- In order to facilitate faster user authentication, the PDC emulator should be placed in a location that includes a large number of users from that domain. In addition, ensure that the location is well connected to other locations to minimize replication latency.
|