Looks like you might be a bit hesitant to restart these servers. First, don't be. 95% of the time, you can restart a windows server without issues (there are certain exceptions to this).
First, you have to do this after hours. I don't know if any of these servers are also the exchange server. Best practices dictate to have one server contain all FSMO roles and then adprep and dcpromo a second server in the domain. This way all active directory structures replicate to the second server. This way you can shut the PDC with the FSMO roles and the second server will still take care of the authentication. To answer your question: In this set up, you don't have to worry about FMSO roles being transferred to any other server. They are only transferred when you manually tell Windows server to do it via Domain sites and services or NTDSUtil through the command line. When people log into the domain, remeber, they are logging INTO The domain and not to any specific server. When someone logs in, the first server acting as a Domain Controller will take care of the request. When you make a change to one server (add a user, change user rights, etc).. it is up to the DC with the FSMO roles to make that change and then replicate them to other servers. I would go ahead and do your updates. When you restart the server people might not be able to log into the domain (if the second DC is not getting replication from the DC with the FSMO roles) - however, if the secondary DC has active directory replicated - Then you can restart one server and not worry about authentication. There is one small caveat - DNS. If both servers are not DNS servers (only the primary is the DNS server) it might take an unusual long time for machines to authenticate with the second server. I hope this helps a little.
If you want to do its during the business hrs. restart the server1 then transfer the fsmo roles from server2 to server1 and restart the server2.Also make sure that you have atleast one GC available . It won't affect users in any way uless you restart both dc at the same time.
What mboppe just said is not a viable option. Not only do you need to transfer the FMSO roles, but also the global catalog. The replication itself can take a while (anywhere between 1 to 4 hours). If you have the time then no problem..
It really does not matter which one you reboot first (I've been doing this for a LONG time) - However, you DO want to preferrably turn on server 1 first then 2. The whole process will take about 12 minutes (depending on the speed of the server and how many services you are running on them). You have a 95% chance of things coming back exactly as they are after the restart - Unless the update screwed something up. If this happens uninstall the update and restart the servers. They will restart the way they were before. Feel free to send me an email if you are really this concerned with this. I can assure you, you won't have much downtime.
