<div>
You can enable all roles in one server or mix them. To avoid certain unsupported combinations, enable the Global Catalog in both servers.
</div>


<div>
If a dc fails, then you can seize the roles to the surviving server. Take a look at this document:<br />
<br />
Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller<br />
support.microsoft.com/kb/2<wbr />55504<br />
<br />
Keep in mind that you must take daily system state backups of your DCs.
</div>


<div>
I have setup both servers as GC's. If i have all the roles on one server, and if that were server were to die then i would have to force a seize on all the roles. 
</div>


<div>
There is no possibility to &quot;replicate&quot; FSMO roles between DCs as the only one FSMO role can exist within environment.<br />
There is no problem with that. FSMO roles are not used every day. More, when you have more DCs in your environment and you do not monitor them, you probably would know that FSMO holder is broken after soooooommmeeee time ;)<br />
<br />
FSMO roles can be simply transfer between DCs if necessary or even after hard FSMO holder crash, seized using NTDSUTIL<br />
<br />
However, you can always split them. On one DC leave Schema Master and Domain Naming Master (forest-wide roles) and on another place (RID, PDC Emulator and Unfrastructure Master).<br />
<br />
After you change PDC Emulator master, re-advertise Time Server in your forest<br />
<br />
<i>[...]- after transfer of the PDCEmulator role, configure the NEW PDCEmulator to an external timesource and reconfigure the old PDCEmulator to use the domainhierarchie now. Therefore run on the NEW &quot;w32tm /config /manualpeerlist:PEERS /syncfromflags:manual /reliable:yes /update&quot; where PEERS will be filled with the ip address or server(time.windows.com) and on the OLD one run &quot;w32tm /config /syncfromflags:domhier /reliable:no /update&quot; and stop/start the time service on the old one. All commands run in an elevated command prompt without the quotes. [...]</i><br />
<br />
as extract from MVP blog at<br />
<a href="http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx" rel="ugc">http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx</a><br />
<br />
Regards,<br />
Krzysztof
</div>


<div>
Check that article about seizing FSMO roles on my blog if you're interested at<br />
<a href="http://kpytko.wordpress.com/2011/08/28/seizing-fsmo-roles/" rel="ugc">http://kpytko.wordpress.com/2011/08/28/seizing-fsmo-roles/</a><br />
<br />
Krzysztof
</div>


<div>
Yes i know there is no way to replicate them. I was just wondering what is best practice in a 2 DC environment. I run full backups on the servers every night including system state. However i dont think the system state backup will help on a server that has completely died and cannot be brought back to life. 
</div>


<div>
I agree with Neilsr<br />
<br />
Don't worry about FSMO roles, take care about AD database :) That's the most important!<br />
<br />
Krzysztof
</div>


<div>
Thanks guys. I know when you have exchange installed in your environment, I've read that MS recommends that 2 of the roles do not reside on the &nbsp;same server (I do not remember the exact ones however)
</div>


<div>
The only caveat that you should take care is if you seize a role, dont bring back the old server anymore. This can cause inconsistencies in the AD database or unpredictable results. If a server dies and you seize a role, never bring that server back by restoring a system state backup. Just install ADDS and dcpromo the server to the domain.<br />
<br />
If you turn on Global Catalog on both servers, you can distribute the roles at will.
</div>


<div>
You should not enable Infrastructure Master and the Global Catalog in the same saver. But, there are tree exceptions:<br />
<br />
1) You have only one domain.<br />
2) There's only one domain controller.<br />
3) All your domain controllers are global catalogs.
</div>


<div>
I would guess that with 30 users it is quite obvious that its a single domain with 2 servers and we already know that both are GC so pointless facts really rmrustice....
</div>


<div>
Pointless to us that are aware of how it works. Just explaing him why we recommended that rules.
</div>


<div>
I support what has already been said by some, there is absolutely no point in splitting the FSMO roles across servers if you have a single domain. <b>Only if</b> you have <b>multiple domains</b> and &nbsp;if <b>not all DCs are Global Catalog servers</b> do you need to split the Infrastructure Master Role from the Global Catalog holder. 
</div>


<div>
Hi,<br />
<br />
do you need any further help in this topic? Please, let us know<br />
<br />
Thanks in advance<br />
<br />
Krzysztof
</div>


<div>
All good. Will assign points shortly. Thanks 
</div>


<div>
That's not about points :) Just wanted to know if you need any other help :)<br />
<br />
Krzysztof
</div>


<div>
<div class="content wysiwyg-content">
I have 2 domain controllers setup supporting about 30 users. I want to keep the network as redundant as possible, now i have the 5 roles split between 2 servers.<br />
<br />
Is there a recommendation from Microsoft as to how to split the roles between 2 servers? As in which one should go on which?
</div>
</div>


I have 2 domain controllers setup supporting about 30 users. I want to keep the network as redundant as possible, now i have the 5 roles split between 2 servers.

Is there a recommendation from Microsoft as to how to split the roles between 2 servers? As in which one should go on which?

FSMO Ro es 2 DC's

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.

Active Directory

Windows Server 2003 was based on Windows XP and was released in four editions: Web, Standard, Enterprise and Datacenter. It also had derivative versions for clusters, storage and Microsoft’s Small Business Server. Important upgrades included integrating Internet Information Services (IIS), improvements to Active Directory (AD) and Group Policy (GP), and the migration to Automated System Recovery (ASR).