Configuring Operations Masters


In an Active Directory domain all the domain controllers are equivalent and can perform all the functions. However, in a multidomain environment, where multimaster replication needs to be performed, certain changes cannot be performed on all the domain controllers. For example the schema master changes should not be performed as multimaster replication. Rather these changes must be performed as single master operation.

In Active Directory environment where domain controllers play a single master role are called operations masters. The single master operation roles can be transferred on any domain controller in a domain and are therefore called flexible single master operations (FSMO). At any given time only one role can be assigned/ performed to/by a domain controller.

There are total five types of FSMO roles, out of which three are domain level roles and two are forest wide roles. All the five operations master roles are automatically configured on the first domain controller that is configured in a forest. The domain level operations master roles are configured in each domain and are also assumed by the first domain controller in each of the additional domains created in the forest. These roles are:

The forest wide roles can be implemented on one domain controller per forest. These roles are:

The automatic assignment of roles on the first domain controller in a forest overburdens the first domain controller. To avoid this overburden, you can transfer the operation master roles to other domain controllers in the domain\forest. The placement of each operation master role is important and requires a careful planning.

Placing Operations Masters

Identify Operation Masters

To identify the operation masters that are running on a server, you need to:
  1. Open Active Directory Users and Computers snap-in by clicking Start- >Administrative Tools-> Active Directory Users and Computers.
  2. Right-click the domain name (inscription.com) node and select Operations Masters option from the menu that appears, as shown in Figure 3-26.
Figure 3-26

The Operations Masters dialog box appears displaying the operations masters’ role in each tab of the dialog box, as shown in Figure 3-27.

Figure 3-27

Beside this, you can use the Netdom tool to see the server on which all the five FSMO server roles are installed in just one go.

You need to type netdom query fsmo on the command prompt to see the results, as shown in Figure 3-28.

Figure 3-28

Transfer an Operation Master Role

To transfer an operation master role, you need to take the operations master offline, transfer the role to another domain controller and then bring it online. To transfer the operations master role, you need to:

  1. Open Active Directory Users and Computers snap-in by clicking Start- >Administrative Tools-> Active Directory Users and Computers.
  2. Right-click the domain name (inscription.com) node and select Change Domain Controller option from the menu that appears.The Change Directory Server window appears, as shown in Figure 3-29. The window allows you to select the domain controller on which you want to transfer the role.
  3. Select the domain controller from the list and click OK.
    Figure 3-29
  4. Right-click the domain name (inscription.com) node and select Operations Masters option from the menu that appears.
  5. Click the tab of the role that you want to transfer. For example click on PDC tab.
  6. Click Change. Confirm the transfer by clicking Yes on the confirmation dialog box that appears.The role is successfully transferred.
  7. Click OK and then click Close.
  8. Shut down and Restart the server.