Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win


2003 Domains - secondary domain controllers - any roles?

Posted on 2012-04-01
Medium Priority
Last Modified: 2012-08-13
If I create a second DC in a 2003 Windows domain does the second DC have any of the FSMO roles at all by default? If not is there any reason to move any of the roles off the first DC to the second DC? Is there a best practice around that?
Question by:lineonecorp
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 17

Assisted Solution

lruiz52 earned 400 total points
ID: 37794038
Take a look at the links below, they should give you a good understanding of the FSMO roles.



Author Comment

ID: 37794215
Thanks for the quick response.  If I am reading this correctly there seems to be no need in a single forest/single domain network to split the FSMO roles. Is that your understanding and practice?
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 400 total points
ID: 37794268
I see no reason to move your fsmo roles around in such a small environment.  It's generally only suggested in much larger environments to disperse some rolls for performance reasons but with only 2 servers, keep it on the first one.

In addition to the above links, you might want to understand how to transfer/seize your fsmo roles on the second server if something happens to the first one and becomes totally dead or replacing with new hardware.

LVL 10

Accepted Solution

Prashant Girennavar earned 400 total points
ID: 37794778
By Default,

   Schema master and Domain naming master are forest wide roles (i.e For a Single forest you will be having one schema master and one domain naming master role).

PDC,RID,IM are domain wide roles (i.e Each domain in a forest has their own PDC,RID, IM)
For eg - If you have 2 domains in a single forest then you will be having 2 PDC,RID,IM for each domain.

By design,

when you install first domain contoller in a forest , all these FSMO roles are installed on that DC. Depending on your convienance you can move the FSMO roles to any of the Domain controller in a domain.

To answer your question.

If I create a second DC in a 2003 Windows domain does the second DC have any of the FSMO roles at all by default?

No. When you create secondary DC there will be no FSMO roles installed , However you can transfer the roles to secondary DC using NTDSUTIL command line.


Q- If not is there any reason to move any of the roles off the first DC to the second DC? Is there a best practice around that?

Noarmally FSMO Roles are kept on the domain controller , where the connectivity of the domain controller is faster and connected with High speed Link.

If your Present DC meet above requirement then no need to tranferring it to another DC.

Refer below link to understand this better.

Author Comment

ID: 37798070
Great answers. Thanks.

Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question