There are five flexible single master operations roles in the Active Directory infrastructure. Each of them perform specific Active Directory tasks that other domain controllers in the infrastructure are not permitted to perform. These five FSMO roles are divided into two categories based on their operation boundaries:
|
Forest level |
Domain level |
|
Schema operations master |
The primary domain controller (PDC) emulator operations master |
|
Domain-naming operations master |
The relative identifier (RID) operations master |
| N/A |
The infrastructure operations master |
When we create the first Active Directory forest and the first Active Directory domain, all these FSMO roles will be installed in the domain's first domain controller (obviously; there's no other place). A majority of the Active Directory infrastructures leave the default configuration as it is, even though they keep adding domain controllers. Keeping them in one domain controller is not a failure, but if you want to get best out of it, there are certain guidelines to follow.
However, there are many different reasons that can have a negative impact on FSMO role placements, such as size of the organization, network topology, and infrastructure resources. We are going to look into these as well, so we know both sides of the story.