This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi everyone!
Nowadays (W2K19 servers), what is the best practice for configuring FSMO roles on domain? How should I balance those rules?
C:\Users\Administrator>netdom query fsmo
Schema master ???
Domain naming master ???
PDC ???
RID pool manager ???
Infrastructure master ???
The command completed successfully.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
I put them all on one server but read on here.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/fsmo-placement-and-optimization-on-ad-dcs
--please don't forget to upvote and Accept as answer if the reply is helpful--
Just checking if there's any progress or updates?
--please don't forget to upvote and Accept as answer if the reply is helpful--
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 79%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
Hello,
As DSPatrick mention not need nowadays to split them unless you have performance issue, the other rule will be to ensure that you have at least another domain controller in the same site (AD Site) as the DC holding the FSMO roles
Regards,
Thanks all!
Hi there,
According to Microsoft's recommendation, the Best Practice is to split the FSMO roles between the different domain controllers. The forest-wide FSMO roles should be placed on one DC, and the domain-wide roles on another. If you have only one domain controller, it is recommended you deploy an additional DC.
-In multi-domain environments, place both forest-wide roles on the root controller, which is also a Global Catalog server.
-Place all domain-wide roles on one server with sufficient performance
-If you are using virtualized domain controllers, disable time synchronization of virtual machines with FSMO roles with the host;
-Do not place any other tasks on the domain controllers
Hope carrying out the above steps will help you out.
--If the reply is helpful, please Upvote and Accept it as an answer--