Solved

Active Directory Schema Master FSMO Role Question

Posted on 2008-09-30
7
708 Views
Last Modified: 2013-12-05
Here's the situation...
Background Info:
- We have an Active Directory Forest that is operating at the Windows 2000 functional level.
- The Forest Root Domain, DOMAIN1.COM, is operating at the Windows 2000 mixed functional level.
- DOMAIN2.COM, is part of the same forest, and is operation at the Windows 2000 native functional level.
- The trust between the domains is a Tree Root transitive trust.
- All the Domain Controllers of DOMAIN1.COM reside in SiteA, and all of the Domain Controllers of DOMAIN2.COM reside in SiteB which are linked.

Requirement:
- Because the administrators of DOMAIN2.COM are migrating to Exchange Server 2007, they require the Schema Master FSMO role to reside on a domain controller that is running Windows Server 2003 SP1.

Problem:
- Currently, the Schema Master FSMO role resides on a Domain Controller in the DOMAIN1.COM domain which happens to be a Windows 2000 Server.
- Currently, there are no Windows 2003 Server Domain Controllers in the DOMAIN1.COM domain.

Question:
- Is there any problem/issue with transferring the Schema Master FSMO role to a Domain Controller in DOMAIN2.COM (obviously running Windows Server 2003), even though DOMAIN1.COM is the Forest Root Domain?
- OR Is there any problem/issue with building a new Windows 2003 Server as a Domain Controller for DOMAIN1.COM in SiteB (Where there are all DOMAIN2.COM Domain Controllers and no DOMAIN1.COM Domain Controllers currently), and transferring the Schema Master FSMO role to that new Domain Controller?
- OR any better suggestions?

Thank you in advance for your help. Please let me know if I'm leaving anything out of the picture, or if you have any other questions.
0
Comment
Question by:magyarka
  • 4
  • 3
7 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 22609855

> Is there any problem/issue with transferring the Schema Master FSMO role to a Domain
> Controller in DOMAIN2.COM (obviously running Windows Server 2003), even though DOMAIN1.COM
> is the Forest Root Domain?

That's fine, but remember the schema master is perhaps the most important of all your DCs.

> Is there any problem/issue with building a new Windows 2003 Server as a Domain
> Controller for DOMAIN1.COM in SiteB

I would prefer to keep the Schema master in the root domain, so I would personally prefer that. It's not really necessary though.

Incidentally, you need to raise your forest functional level to at least Windows 2000 as well, mixed mode is not high enough.

Chris
0
 

Author Comment

by:magyarka
ID: 22615490
Chris,

So, it sounds like you would recommend going with bringing up another DC on DOMAIN1.COM  in SiteB and transfering the Schema Master role to that. There would be no other "gotchas" with that? Why would the forest functional levle need to be at Windows 2000?

Thanks
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22615541

Personally, yes, I would rather that. I assume your root domain is moderately empty except for that? Otherwise there's no real problem moving the Schema master around like this.

For the functional level of the forest... It's in the list of requirements for installation of Exchange 2007 :)

http://technet.microsoft.com/en-us/library/aa996719.aspx

Mixed mode is only going to be necessary if you have Windows NT Backup Domain Controllers operating on the network (on any of your domains).

Chris
0
 

Author Comment

by:magyarka
ID: 22615781
Well, the root domain, DOMAIN1.COM, has many users, computers, etc. DOMAIN2.COM also has a fair amount of objects.

Thanks for pointing out the Forest Functional Level requirement!
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22615801

Hmm then it probably makes little difference where you host the master role. As long as the system hosting it is reliable and frequently backed up.

Chris
0
 

Author Comment

by:magyarka
ID: 22615976
Our forest functional level is already windows 2000. Is there actually a "windows 2000 server" forest functional level?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22616016

Might be 2000 Native, I can't check the list unfortunately, it removes the options once you pass it. Mine is running "Windows Server 2003" level and won't give me any options until I introduce DCs running 2008.

Chris
0

Join & Write a Comment

On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now