Solved

Is it worth moving the operation master roles?

Posted on 2011-03-23
4
365 Views
Last Modified: 2012-05-11
Hi

I have a single domain running in windows 2003 AD, theres only one site, one subnet, etc

I currently have two domain controllers, the first is running all roles and both have the Global Catalog.

Both servers are fairly old now and eventually the hardware will be replaced, however in these lean times I am battling to get the budget for two new servers.

I was thinking in the interim that I might run one or two virtual DCs in Hyper-V just to act as backups not to replace these DCs. I've read up on all the warnings etc re virtual DCs, was just thinking in the event of a failure of one of the physical DCs I'd have a little extra security whilst resolving the issue.

My questions are really
is it worth moving some/any of  the operations masters off od DC1 or am I creating risk for no gain?
Is the loss of one role as bad as losing them all?
If I lose it completely am I completely screwed?
If it is worth moving them how should they be placed?
Is it worth having a copy of the GC on the Virtual DCs?

Many Thanks

0
Comment
Question by:timpoynter
4 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 167 total points
ID: 35197957

> is it worth moving some/any of  the operations masters off od DC1 or am I creating risk for no gain?

No real harm in doing so, and if you're taking DC1 away it'll save a step later.

> Is the loss of one role as bad as losing them all?

Not really. They do different things, but for the most part you could lose them all and continue quite happily.

> If I lose it completely am I completely screwed?

No, certainly not. Worst case, the current role holder blows up, covering everything with small pieces of metal and plastic: You can still Seize the roles on another DC and life will carry on as normal.

> If it is worth moving them how should they be placed?

In a small single-domain forest, put them all on a single DC and leave it at that. 2 of the roles have no work to do anyway, and the other 3 are very, very low load (insignificant load).

> Is it worth having a copy of the GC on the Virtual DCs?

In a small network it's worth making all DCs into Global Catalogs, whether the DC is physical or virtual.

HTH

Chris
0
 
LVL 6

Assisted Solution

by:nettek0300
nettek0300 earned 167 total points
ID: 35197979
As far as moving the operation roles, it is a relativly easy task as long as the server that hosts the roles is functioning.  If the server was to go down, you would need to seize the roles which can be done, but is a little more difficult.  A google search will provide you with all of the need instructions on how to do both.

As far as setting up a virtual server, you are already running two DC's with the Global Catalog, so if one server fails, it would not be the end of the world.  

You do not specify what type of hardware you have, but since you are running 2003, I would assume that the hardware is no more than 7 or 8 years old.  I wouldn't sweat it and wait for the budget for new hardware.
0
 

Assisted Solution

by:wanderson75
wanderson75 earned 166 total points
ID: 35198001
My questions are really
is it worth moving some/any of  the operations masters off od DC1 or am I creating risk for no gain?

It really depends.  How reliable is the hardware that you're planning to run the Hyper-V on as opposed to the hardware that the physical machine that the DC is currently running on?  I'm assuming you wouldn't be considering it unless you're afraid of the physical box failing.

Is the loss of one role as bad as losing them all?

IIRC, any master role that's lost will still have to be seized.  Although losing one or two means you're doing less work than losing all of them.

If I lose it completely am I completely screwed?

Not if you follow the steps to properly seize the master role and reassign it.  
http://support.microsoft.com/kb/255504


If it is worth moving them how should they be placed?

It depends on the environment.  I have a small environment and have all my roles on my physical DC.  While the virtual only has a copy of the GC.

Is it worth having a copy of the GC on the Virtual DCs?

I have a copy of the GC on both of my machines.  It doesn't hurt to have it.
0
 

Author Closing Comment

by:timpoynter
ID: 35198851
Thanks for the response guys, I went out to lunch and you'd all replied so I felt it only fair to split the points.

I appreaciate your time to help out.

THanks

Tim
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

As network administrators; we know how hard it is to track user’s login/logout using security event log (BTW it is harder now in windows 2008 because user name is always “N/A” in the grid), and most of us either get 3rd party tools, or just make our…
Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now