none
FSMO Role placement / optimization

    Question

  • Hi folks,

    I would like some advise/pointers on a fairly simple setup please!

    1 AD Domain, 3 domain controllers, 1 of which is on-premises and 2 are VMs in Azure.

    One of the Azure hosted DCs has the RID and PDC Emulator roles and I am concerned that this is not optimal.

    The On-Premises DC servers around 90 users and there is no other site.

    Should I move the FSMO Roles for the RID and PDC to the On-Premises DC for better response etc?

    The WAN link is 50mbps and used for a lot of cloud services, like O365, OneDrive sync, SharePoint online, Skype for Biz etc

    Thanks in advance!
    Richard


    Richard

    Monday, February 20, 2017 1:03 PM

All replies

  • > One of the Azure hosted DCs has the RID and PDC Emulator roles and I am concerned that this is not optimal.
     
    Doesn't matter... FSMO unavailability for a few hours is not an issue, and network traffic resulting from FSMO roles is minimal.
     
    Monday, February 20, 2017 1:49 PM
  • Hi

     MS recommendations are;

    - keep track of FSMO roles if you host them on fewer computers

    - Place roles on domain controllers that are can be accessed by the computers that need access to a given role, especially on networks that are not fully routed. For example, to obtain a current or standby RID pool, or perform pass-through authentication, all DCs need network access to the RID and PDC role holders in their respective domains

    Also for a single domain,you should placed 5 fsmo roles on a DC and if has it should be a physical box(my choice)..

    Also check this ms article; https://support.microsoft.com/en-us/help/223346/fsmo-placement-and-optimization-on-active-directory-domain-controllers


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, February 20, 2017 4:21 PM