Share via

which operation masters roles must be put in the first domain controllers?

Anonymous
2024-04-22T11:54:10+00:00
  1. which operation masters roles must be put in the first domain controllers which operation masters must not put into other domain controllers?
  2. Is below assignment of operation masters roles the best practice and most secured design of assignment of roles among domain controllers?

Windows for business | Windows Server | Directory services | Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2024-04-22T13:25:21+00:00

    Hello 2AI,

    Thank you for posting in Microsoft Community forum.

    1. which operation masters roles must be put in the first domain controllers which operation masters must not put into other domain controllers?
    A1: If all the DCs are read-writable domain controllers (RWDC), and they are running and online, Schema master and domain naming master had better be put in the first domain controller of the forest root domain.
    Usually, we put all the five FSMO roles on the first Domain Controller in the forest root domain.

    2. Is below assignment of operation masters roles the best practice and most secured design of assignment of roles among domain controllers?

    A2: You can view the detailed information in the following link.

    Flexible Single-Master Operation (FSMO) placement and optimization on AD DCs - Windows Server | Microsoft Learn

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    0 comments
  2. Anonymous
    2024-04-24T02:30:00+00:00

    Does it mean need to create at least 8 VM ?

    parent organization forest first domain: 2 VM for all operation masters domain servers

    resources forest join parent organization forest: 1 VM resources forest domain server

    1 VM client computer join resources forest domain server and hold Exchange server, SQL server , file servers

    second new domain join parent organization forest and build trust with first domain: 2 VM for all operation masters domain servers

    restricted access forest join second new domain: 1 VM restricted access forest domain server

    1 VM client computer join restricted access forest domain server

    0 comments
  3. Anonymous
    2024-04-24T07:22:25+00:00

    Hello 2AI,

    Good day!

    Does it mean need to create at least 8 VM ?

    A: You can create VM depends on your needs.

    In one forest, you need at least one forest with one domain with only one domain controller.

    In one forest, you can set up one forest with one domain or multiple domains, you can set up one domain controller or multiple domain controllers in one domain.

    In one domain or one forest, you can set up one client or more clients, there may be no client machine in one domain if you do not need it.

    For Exchange server, SQL server and file servers, you can set different roles on different servers if you need them.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments