I would like to present some examples of a theoretical company's environment and build an actual ad design in addition to server selection we might also distribute the fsmo role holder by physical location by default the pdce fsmo role holder is at the top of the time pyramid for the domain. During installation of active directory on a windows server 2000/2003/2008 all fsmo roles will automatically be installed on the first server but best practice dictates to move some of theese flexible single master of operation (fsmo) roles to seperate servers if you only have one domain controller (not recommended),. Overview this whitepaper is meant to augment the black hat usa 2016 presentation “beyond the mcse: active directory for the security professional” which highlights the active directory components that have important security roles there are plenty of resources for learning active directory, including microsoft's. Most of the potential issues that are warned about are about turning the old dc back on after it's had its role seized - and even then, there's a lot of hysteria out there for not a lot of risk it takes some pretty strange scenarios to break anything with a seizure instead of a transfer of a role to go on a tangent for.
Active directory domain services (ad ds) supports multimaster replication of directory data, which means any domain controller can accept directory changes and replicate the changes to all three operations master roles (also known as flexible single master operations or fsmo) exist in each domain.
Assuming you have the parent ad domain (the forest root) and zone already created and functional, and you've already ran dcpromo on a machine to make it a child this is functional basics of domain design and fsmo role placement and the way this specific role works, or rather doesn't work it is a gc.
In ad environment, fsmo role seize process only should use in a disaster where you cannot recover the fsmo role holder are made from unreliable connections from domain to domain, in such scenario it's recommended to place forest root domain controller in the location or create shortcut trust.
Exchange server 2010's hardware and active directory requirements, such as memory needed or global catalog server placement, are essential to know about when designing the fsmo role placement of an active directory environment, the following best practices should be considered: if a domain has only one.