FSMO roles how to advice needed

I have two DC with FSMO roles assigned as follows

Server "ads00" knows about 5 roles
Schema - CN=NTDS Settings,CN=ADS02,CN=Servers,
Domain - CN=NTDS Settings,CN=ADS00,CN=Servers,
PDC - CN=NTDS Settings,CN=ADS00,CN=Servers,CN=
RID - CN=NTDS Settings,CN=ADS00,CN=Servers,CN=
Infrastructure - CN=NTDS Settings,CN=ADS00,CN=
select operation target:

As you can see the Schema role is assigned to a different DC than the rest.  Is this a good or bad thing.  I can only assume that if ADS00 went down I would go to ADS02 and sieze the ads00 roles and vice versa is ads02 went down.  Or should I just move the Schema role over to ADS00 as well.  Some AD/DC gurus who could provide me with pro's con's would be nice.
ronmerrAsked:
Who is Participating?
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
If you only have one site, then I see no reason to separate the roles.  I also see no problem in separating them... other than the obvious that if a DC fails there is a 100% chance of having to seize at least one role vs. a 50% chance of having to seize all roles.
0
 
Henry_DunnIIIConnect With a Mentor Commented:
Generals recomendations for FSMO roles;

Place the RID and PDC emulator roles on the same domain controller. It is also easier to keep track of FSMO roles if you host them on fewer machines.

As a general rule, the infrastructure master should be located on a nonglobal catalog server that has a direct connection object to some global catalog in the forest, preferably in the same Active Directory site. Because the global catalog server holds a partial replica of every object in the forest, the infrastructure master, if placed on a global catalog server, will never update anything, because it does not contain any references to objects that it does not hold.  There are two exceptions to this rule; 1. in a single domain forest or 2. when every DC (which in a single domain forest, this should be the case) is a global catalog.  

Last, At the forest level, the schema master and domain naming master roles should be placed on the same domain controller as they are rarely used and should be tightly controlled. Additionally, the domain naming master FSMO should also be a global catalog server. Certain operations that use the domain naming master, such as creating grand-child domains, will fail if this is not the case.

With those general recomendations said, with your setup, as simple as it sounds, I would stick to placing them all on 1 server.  The effect of that one server dying would not be immediately detrimental.  There are things that you would not be able to do, but there would be nothing that would be debilitating.  As long as you seized the roles (which should be last ditch), you would be fine.  So my recomendation is to place them all on 1 server.
0
 
Sigurdur HaraldssonSystem AdministratorCommented:
You need 1 Schema master and 1 Domain Naming master in each forest. Then you need 1 of the other three (PDC, RID, Infrastructure) in each domain. It doesn't matter where you place them really. I'd guess that your ADS00 is your first DC and then for some reason you've moved the Schema master role to another one. Normally, you'd have the main roles in a DC in Headquarters but if you only have one domain, it really doesn't matter.
0
 
CGretskiCommented:
PDC gets most load: deals with password changes, account lockouts, all AD changes by legacy/NT systems, etc.
So if your server is overloaded it might be worth moving that role.

If you have multiple sites I'd put it where most of the users are ( or behind a quick WAN link ).
0
 
Glen KnightCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.