[Webinar] Learn how to a build a cloud-first strategyRegister Now


Active Directory Schema Master FSMO Role Question

Posted on 2008-09-30
Medium Priority
Last Modified: 2013-12-05
Here's the situation...
Background Info:
- We have an Active Directory Forest that is operating at the Windows 2000 functional level.
- The Forest Root Domain, DOMAIN1.COM, is operating at the Windows 2000 mixed functional level.
- DOMAIN2.COM, is part of the same forest, and is operation at the Windows 2000 native functional level.
- The trust between the domains is a Tree Root transitive trust.
- All the Domain Controllers of DOMAIN1.COM reside in SiteA, and all of the Domain Controllers of DOMAIN2.COM reside in SiteB which are linked.

- Because the administrators of DOMAIN2.COM are migrating to Exchange Server 2007, they require the Schema Master FSMO role to reside on a domain controller that is running Windows Server 2003 SP1.

- Currently, the Schema Master FSMO role resides on a Domain Controller in the DOMAIN1.COM domain which happens to be a Windows 2000 Server.
- Currently, there are no Windows 2003 Server Domain Controllers in the DOMAIN1.COM domain.

- Is there any problem/issue with transferring the Schema Master FSMO role to a Domain Controller in DOMAIN2.COM (obviously running Windows Server 2003), even though DOMAIN1.COM is the Forest Root Domain?
- OR Is there any problem/issue with building a new Windows 2003 Server as a Domain Controller for DOMAIN1.COM in SiteB (Where there are all DOMAIN2.COM Domain Controllers and no DOMAIN1.COM Domain Controllers currently), and transferring the Schema Master FSMO role to that new Domain Controller?
- OR any better suggestions?

Thank you in advance for your help. Please let me know if I'm leaving anything out of the picture, or if you have any other questions.
Question by:magyarka
  • 4
  • 3
LVL 71

Accepted Solution

Chris Dent earned 2000 total points
ID: 22609855

> Is there any problem/issue with transferring the Schema Master FSMO role to a Domain
> Controller in DOMAIN2.COM (obviously running Windows Server 2003), even though DOMAIN1.COM
> is the Forest Root Domain?

That's fine, but remember the schema master is perhaps the most important of all your DCs.

> Is there any problem/issue with building a new Windows 2003 Server as a Domain
> Controller for DOMAIN1.COM in SiteB

I would prefer to keep the Schema master in the root domain, so I would personally prefer that. It's not really necessary though.

Incidentally, you need to raise your forest functional level to at least Windows 2000 as well, mixed mode is not high enough.


Author Comment

ID: 22615490

So, it sounds like you would recommend going with bringing up another DC on DOMAIN1.COM  in SiteB and transfering the Schema Master role to that. There would be no other "gotchas" with that? Why would the forest functional levle need to be at Windows 2000?

LVL 71

Expert Comment

by:Chris Dent
ID: 22615541

Personally, yes, I would rather that. I assume your root domain is moderately empty except for that? Otherwise there's no real problem moving the Schema master around like this.

For the functional level of the forest... It's in the list of requirements for installation of Exchange 2007 :)


Mixed mode is only going to be necessary if you have Windows NT Backup Domain Controllers operating on the network (on any of your domains).

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.


Author Comment

ID: 22615781
Well, the root domain, DOMAIN1.COM, has many users, computers, etc. DOMAIN2.COM also has a fair amount of objects.

Thanks for pointing out the Forest Functional Level requirement!
LVL 71

Expert Comment

by:Chris Dent
ID: 22615801

Hmm then it probably makes little difference where you host the master role. As long as the system hosting it is reliable and frequently backed up.


Author Comment

ID: 22615976
Our forest functional level is already windows 2000. Is there actually a "windows 2000 server" forest functional level?
LVL 71

Expert Comment

by:Chris Dent
ID: 22616016

Might be 2000 Native, I can't check the list unfortunately, it removes the options once you pass it. Mine is running "Windows Server 2003" level and won't give me any options until I introduce DCs running 2008.


Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

865 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question