Solved

Physical and virtual domain controllers

Posted on 2011-09-22
11
414 Views
Last Modified: 2012-05-12
Hi experts

I have three domain controllers at the moment: a 2003 box, holding the FSMO roles, and two 2008 machines.

I want to transfer the roles to one of my 2008 DCs, however I'm not sure which one to choose, since one is a physical server, and the other is virtualised (Hyper-V).

Looking for some opinions on which would be the best choice please. I'm leaning towards virtual, as its easier to backup and restore.

Cheers
0
Comment
Question by:failed
11 Comments
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36579260
THere is no problem with running FSMO roles on physical box or virtual machines. You need to only evaluate which one is more stable and available. Because you need to restore that DC after crash. More reasonable is to place them on a virtual server because it's very fast and simple in restore.

How to transfer FSMO roles you can find on my blog at
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-gui/
http://kpytko.wordpress.com/2011/08/26/transferring-fsmo-roles-from-command-line/

But remember, do regurarly System State backup of each of your DCs. That's the only supported solution in DC/AD recovery process. Do not use snapshots of your virtual DC! It leads to problems like USN rolback and other.

Regards,
Krzysztof
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 36579271
They are FMSO roles, so it doesn't matter too much; FMSO roles can always be transferred or seized if necessary. Be sure your virtualized DC does NOT have the time sync with its host enabled.
0
 

Author Comment

by:failed
ID: 36579284
Thanks for the info; has anyone transferred the roles during working hours? Is it safe to do it, or should it wait until no ones on the network?

Cheers
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36579297
Yes, it's safe and it's transparent process. It takes a while and they are ready to server their functionality. That process do not require a reboot. Don't worry, it's safe :)

But if you're aware of that you may do a system state backup of your DCs and transfer them after business hours.

Regards,
Krzysztof
0
 
LVL 37

Expert Comment

by:Neil Russell
ID: 36579454
Thing to remember is that after you transfer ALL the roles, your primary time source will have moved so you need to set the server you moved the roles TO to sync its time with an outside source.

http://technet.microsoft.com/en-us/library/cc784800(WS.10).aspx
0
 

Author Comment

by:failed
ID: 36579517
OK, one more question; I want to set up a forest trust, and I'm not sure if that has to be set up on the primary DC, or whether its ok to configure it on a different dc...or does the dc not matter?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36579527
Doesn't matter :) AD works in multi-master replication topology, so it's not matter on which DC you will do that :)

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36579529
Oh, one more importatn thing. Before you establish forest trust, you need to have routing between those 2 networks and at lest conditional forwarders/Stub zone fot DNS name resolution process

Krzysztof
0
 

Author Comment

by:failed
ID: 36579629
We have a site to site VPN, so routing is OK, but I haven't configured DNS. Do I configure DNS before or after the trust is established?
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36579675
Yes, whole AD relies on DNS. You may wish to follow with one of my guides.

Conditional Forwarders
 Configuring-conditional-forwarde.pdf

Stub zone
 Configuring-Stub-zone.pdf

Krzysztof
0
 
LVL 7

Expert Comment

by:ComputerBeast
ID: 36580090
Hi all,

Yes you need to configure DNS first.

Refer to the article for the complete description:

http://araihan.wordpress.com/2009/08/05/how-to-create-an-external-trust-between-two-domains/

Thank you
Anil
0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This article explains how to install and use the NTBackup utility that comes with Windows Server.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question