Best Practices for Operation Masters Roles:
There are five operation master roles in active Directory and you need proper planning and implement in multi domain environment.
When you installed the root (first) domain controller in your network then all the operation master roles are located on this single domain Controller.
But if you have some more resources then following is best design for your network, that you add Schema role, domain naming role on one domain on Forest and PDC role, RID role and infrastructure roles on other domain. Also remember that Schema Master Role and Domain naming role are Forest base, while PDC, RID and Infrastructure are domain base.
One reason for keeping the domain naming role and GC on same server is those domain naming roles only identify a duplicate name for domain name if it is GC as well.
The advantage of having PDC and RID on system is that PDC actually create some addition objects and we may need addition RID/SID for that, and in case PDC will provide the extra RIDs/SIDs.
How to Transfer Operation Master Roles to other Domain ControllerServer:
Domain Naming Operation Master Role and Schema Master Role are Forest level Roles and you can find Domain Naming Role in active Directory from Administrative Tool=>Active Directory Domains and Trusts.
How To Transfer the Domain Naming and Schema Master Role to other Domain Controller:
You can Transfer the Domain Naming Role to domain control by following procedure:
- First right click on Active Directory domains and Trusts click on “Change Active Directory Domain Controller” and select the Domain Controller where you want to transfer Domain Naming Role and click on OK.
- After creating connection to other Domain you can transfer the Domain naming Role to other Domain Controller. Right click on Active Directory Domains and Trusts and choose the “Operation Master”
Click on change and as a result you will successfully transfer this Role to Other Domain.
For Schema master role you need to follow same above steps. For Schema Master Role location and detail you can visit Schema Master Role
How to Transfer the Infrastructure, RID Master and PDC Emulator Roles to other Domain Controller:
You can find the Infrastructure, RID Master and PDC Emulator Roles in Active Directory from Server manager and then by right clicking on Operation masters.
You can Transfer these roles to other domain controller by same above method that is first you need to create a connection to other domain controller where you want to transfer Role. And open operation master roles and click on change to change Role to other Domain Controller.
Transfer Operation Master Roles by Command Line:
You can Also Transfer the Operation Master Roles using Command Line instead of using GUI. For Operation Master Roles transferring you can use the tool called ntdsutil. In command prompt type the ntdsutil, select roles by types “roles” for creating a connection type “connection” then specify the DC where you want to transfer the role by typing “Connect to server <server name>”
After creating connection you can run different following commands to transfer Operation Master Roles:
Transfer infrastructure master
Transfer PDC
Transfer RID Master
Transfer Schema Master
In large network you can check the operation master roles location by following commands:
Dsquery server –hasfsmo pdc (for finding DC having PDC )
Dsquery server –hasfsmo schema (For Checking Schema master role location)
Netdom query fsmo
