Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Is it worth moving the operation master roles?

Posted on 2011-03-23
4
Medium Priority
?
409 Views
Last Modified: 2012-05-11
Hi

I have a single domain running in windows 2003 AD, theres only one site, one subnet, etc

I currently have two domain controllers, the first is running all roles and both have the Global Catalog.

Both servers are fairly old now and eventually the hardware will be replaced, however in these lean times I am battling to get the budget for two new servers.

I was thinking in the interim that I might run one or two virtual DCs in Hyper-V just to act as backups not to replace these DCs. I've read up on all the warnings etc re virtual DCs, was just thinking in the event of a failure of one of the physical DCs I'd have a little extra security whilst resolving the issue.

My questions are really
is it worth moving some/any of  the operations masters off od DC1 or am I creating risk for no gain?
Is the loss of one role as bad as losing them all?
If I lose it completely am I completely screwed?
If it is worth moving them how should they be placed?
Is it worth having a copy of the GC on the Virtual DCs?

Many Thanks

0
Comment
Question by:timpoynter
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 71

Accepted Solution

by:
Chris Dent earned 668 total points
ID: 35197957

> is it worth moving some/any of  the operations masters off od DC1 or am I creating risk for no gain?

No real harm in doing so, and if you're taking DC1 away it'll save a step later.

> Is the loss of one role as bad as losing them all?

Not really. They do different things, but for the most part you could lose them all and continue quite happily.

> If I lose it completely am I completely screwed?

No, certainly not. Worst case, the current role holder blows up, covering everything with small pieces of metal and plastic: You can still Seize the roles on another DC and life will carry on as normal.

> If it is worth moving them how should they be placed?

In a small single-domain forest, put them all on a single DC and leave it at that. 2 of the roles have no work to do anyway, and the other 3 are very, very low load (insignificant load).

> Is it worth having a copy of the GC on the Virtual DCs?

In a small network it's worth making all DCs into Global Catalogs, whether the DC is physical or virtual.

HTH

Chris
0
 
LVL 6

Assisted Solution

by:nettek0300
nettek0300 earned 668 total points
ID: 35197979
As far as moving the operation roles, it is a relativly easy task as long as the server that hosts the roles is functioning.  If the server was to go down, you would need to seize the roles which can be done, but is a little more difficult.  A google search will provide you with all of the need instructions on how to do both.

As far as setting up a virtual server, you are already running two DC's with the Global Catalog, so if one server fails, it would not be the end of the world.  

You do not specify what type of hardware you have, but since you are running 2003, I would assume that the hardware is no more than 7 or 8 years old.  I wouldn't sweat it and wait for the budget for new hardware.
0
 

Assisted Solution

by:wanderson75
wanderson75 earned 664 total points
ID: 35198001
My questions are really
is it worth moving some/any of  the operations masters off od DC1 or am I creating risk for no gain?

It really depends.  How reliable is the hardware that you're planning to run the Hyper-V on as opposed to the hardware that the physical machine that the DC is currently running on?  I'm assuming you wouldn't be considering it unless you're afraid of the physical box failing.

Is the loss of one role as bad as losing them all?

IIRC, any master role that's lost will still have to be seized.  Although losing one or two means you're doing less work than losing all of them.

If I lose it completely am I completely screwed?

Not if you follow the steps to properly seize the master role and reassign it.  
http://support.microsoft.com/kb/255504


If it is worth moving them how should they be placed?

It depends on the environment.  I have a small environment and have all my roles on my physical DC.  While the virtual only has a copy of the GC.

Is it worth having a copy of the GC on the Virtual DCs?

I have a copy of the GC on both of my machines.  It doesn't hurt to have it.
0
 

Author Closing Comment

by:timpoynter
ID: 35198851
Thanks for the response guys, I went out to lunch and you'd all replied so I felt it only fair to split the points.

I appreaciate your time to help out.

THanks

Tim
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question