Solved

Active Directory Schema Master FSMO Role Question

Posted on 2008-09-30
7
713 Views
Last Modified: 2013-12-05
Here's the situation...
Background Info:
- We have an Active Directory Forest that is operating at the Windows 2000 functional level.
- The Forest Root Domain, DOMAIN1.COM, is operating at the Windows 2000 mixed functional level.
- DOMAIN2.COM, is part of the same forest, and is operation at the Windows 2000 native functional level.
- The trust between the domains is a Tree Root transitive trust.
- All the Domain Controllers of DOMAIN1.COM reside in SiteA, and all of the Domain Controllers of DOMAIN2.COM reside in SiteB which are linked.

Requirement:
- Because the administrators of DOMAIN2.COM are migrating to Exchange Server 2007, they require the Schema Master FSMO role to reside on a domain controller that is running Windows Server 2003 SP1.

Problem:
- Currently, the Schema Master FSMO role resides on a Domain Controller in the DOMAIN1.COM domain which happens to be a Windows 2000 Server.
- Currently, there are no Windows 2003 Server Domain Controllers in the DOMAIN1.COM domain.

Question:
- Is there any problem/issue with transferring the Schema Master FSMO role to a Domain Controller in DOMAIN2.COM (obviously running Windows Server 2003), even though DOMAIN1.COM is the Forest Root Domain?
- OR Is there any problem/issue with building a new Windows 2003 Server as a Domain Controller for DOMAIN1.COM in SiteB (Where there are all DOMAIN2.COM Domain Controllers and no DOMAIN1.COM Domain Controllers currently), and transferring the Schema Master FSMO role to that new Domain Controller?
- OR any better suggestions?

Thank you in advance for your help. Please let me know if I'm leaving anything out of the picture, or if you have any other questions.
0
Comment
Question by:magyarka
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 22609855

> Is there any problem/issue with transferring the Schema Master FSMO role to a Domain
> Controller in DOMAIN2.COM (obviously running Windows Server 2003), even though DOMAIN1.COM
> is the Forest Root Domain?

That's fine, but remember the schema master is perhaps the most important of all your DCs.

> Is there any problem/issue with building a new Windows 2003 Server as a Domain
> Controller for DOMAIN1.COM in SiteB

I would prefer to keep the Schema master in the root domain, so I would personally prefer that. It's not really necessary though.

Incidentally, you need to raise your forest functional level to at least Windows 2000 as well, mixed mode is not high enough.

Chris
0
 

Author Comment

by:magyarka
ID: 22615490
Chris,

So, it sounds like you would recommend going with bringing up another DC on DOMAIN1.COM  in SiteB and transfering the Schema Master role to that. There would be no other "gotchas" with that? Why would the forest functional levle need to be at Windows 2000?

Thanks
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22615541

Personally, yes, I would rather that. I assume your root domain is moderately empty except for that? Otherwise there's no real problem moving the Schema master around like this.

For the functional level of the forest... It's in the list of requirements for installation of Exchange 2007 :)

http://technet.microsoft.com/en-us/library/aa996719.aspx

Mixed mode is only going to be necessary if you have Windows NT Backup Domain Controllers operating on the network (on any of your domains).

Chris
0
MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

 

Author Comment

by:magyarka
ID: 22615781
Well, the root domain, DOMAIN1.COM, has many users, computers, etc. DOMAIN2.COM also has a fair amount of objects.

Thanks for pointing out the Forest Functional Level requirement!
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22615801

Hmm then it probably makes little difference where you host the master role. As long as the system hosting it is reliable and frequently backed up.

Chris
0
 

Author Comment

by:magyarka
ID: 22615976
Our forest functional level is already windows 2000. Is there actually a "windows 2000 server" forest functional level?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 22616016

Might be 2000 Native, I can't check the list unfortunately, it removes the options once you pass it. Mine is running "Windows Server 2003" level and won't give me any options until I introduce DCs running 2008.

Chris
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question