Which Server Role Below Cannot Be Installed On A Domain Controller That Will Be Cloned?

FSMO Roles

Agile Directory is a multi-primary distributed database. This means that any DC can presume the role of a master for some task. These roles are called Flexible Unmarried Chief Operation roles or FSMO ("fizz-moh") roles.

FSMO roles are required for sure disquisitional operations such changing a domain name or modifying the Advertizement design schema. Such changes must be advisedly coordinated across all DCs. One DC is designated as the "chief" for all such disquisitional operations, and all the other DCs must defer to the DC that holds the master role.

If your AD contains merely a unmarried domain then the Chief Domain Controller (PDC) volition typically hold all of the FSMO roles. This is the most common case.

The Seven FSMO Roles

There are seven FSMO roles defined in Active Directory:

The Primary Domain Controller (PDC) emulator role, one per domain. The DC with this role coordinates changes to user passwords and secrets.
The Relative Identifier (RID) Master function, one per domain. The DC with this role allocates RIDs for newly created users and groups.
The Schema Primary role, 1 per wood. The DC with this function coordinates adding new object classes to the AD blueprint schema.
The Domain Naming Primary part, i per forest. The DC with this role coordinates calculation or deleting domains and renaming domains.
The Infrastructure Master office, ane per domain. The DC with this role updates cross-domain references to renamed objects. (The Infrastructure Master part has special rules -- see below.)
The Domain DNS Zone Master role, one per domain. The DC with this role coordinates adding or deleting whatever AD-integrated DNS zones on the DCs with DNS servers that host the domain.
The Forest DNS Zone Master role, 1 per forest. The DC with this function coordinates calculation or deleting the forest-wide records that listing all DNS servers that host AD-integrated DNS zones.

To view which DCs ain the FSMO roles, blazon the console command netdom query fsmo.

Verify that the DCs in your test network own the FSMO roles listed to a higher place and that at to the lowest degree 1 DC has the Global Itemize (GC).

Undocumented: The DNS Zone Master roles

Many AD books and websites depict five FSMO roles. There are actually seven. The 2 extra hidden roles are the Domain DNS Zone Master role and the Forest DNS Zone Main function. These two roles are not well documented and there is no way to display or transfer them without using advanced tools such as ADSIEdit.

U-Movement will automatically display the buying of these hidden roles, and information technology will offer to move them along with the other well-documented roles when you drift AD to a new reckoner.

The Infrastructure Master role is special

The Infrastructure Master role has special rules that must be considered when moving the role to another DC. (Don't worry if you do non understand this section. U-Move will automatically check the rules for you during the migration and advise you on how to go along.)

The Infrastructure role should be held past a DC that is not a GC in the same domain. This is considering the GC holds a partial replica of every object in the forest. The Infrastructure Primary office must be held by a DC that is non a GC in the same domain and then that it tin identify and gear up discrepancies between the GC and its own domain objects.

Yous tin safely ignore the Infrastructure Main function if either of the post-obit are truthful.

If all of the DCs in the domain are as well GCs (which is a common configuration for the DCs in the wood root domain), or if none of the DCs in the domain are GCs (which is a common configuration for the DCs in other domains), then the Infrastructure Chief office does non matter.
You tin can disregard the Infrastructure Master role if you lot have enabled the Recycle Bin for the AD forest.

The all/none rule applies simply to the DCs actually running. If, for case, yous are testing AD changes in your lab then you will typically clone only a unmarried DC to run your tests (the PDC) so the Infrastructure Master office does non affair.

If y'all are migrating Advert, U-Move will automatically warn you lot if the Infrastructure Main role is not assigned correctly. The alert message will appear in the Replication Test Report.

For more data

For more data about FSMO roles see Understanding FSMO Roles in Active Directory (petri.co.il) and Active Directory FSMO roles in Windows (Microsoft Docs).