?
Solved

2003 Domains - secondary domain controllers - any roles?

Posted on 2012-04-01
5
Medium Priority
?
508 Views
Last Modified: 2012-08-13
If I create a second DC in a 2003 Windows domain does the second DC have any of the FSMO roles at all by default? If not is there any reason to move any of the roles off the first DC to the second DC? Is there a best practice around that?
0
Comment
Question by:lineonecorp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Assisted Solution

by:lruiz52
lruiz52 earned 400 total points
ID: 37794038
Take a look at the links below, they should give you a good understanding of the FSMO roles.

http://windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html

http://support.microsoft.com/kb/223346
0
 

Author Comment

by:lineonecorp
ID: 37794215
Thanks for the quick response.  If I am reading this correctly there seems to be no need in a single forest/single domain network to split the FSMO roles. Is that your understanding and practice?
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 400 total points
ID: 37794268
I see no reason to move your fsmo roles around in such a small environment.  It's generally only suggested in much larger environments to disperse some rolls for performance reasons but with only 2 servers, keep it on the first one.

In addition to the above links, you might want to understand how to transfer/seize your fsmo roles on the second server if something happens to the first one and becomes totally dead or replacing with new hardware.

http://support.microsoft.com/kb/255504
0
 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 400 total points
ID: 37794778
By Default,

   Schema master and Domain naming master are forest wide roles (i.e For a Single forest you will be having one schema master and one domain naming master role).

PDC,RID,IM are domain wide roles (i.e Each domain in a forest has their own PDC,RID, IM)
For eg - If you have 2 domains in a single forest then you will be having 2 PDC,RID,IM for each domain.

By design,

when you install first domain contoller in a forest , all these FSMO roles are installed on that DC. Depending on your convienance you can move the FSMO roles to any of the Domain controller in a domain.



To answer your question.

If I create a second DC in a 2003 Windows domain does the second DC have any of the FSMO roles at all by default?

No. When you create secondary DC there will be no FSMO roles installed , However you can transfer the roles to secondary DC using NTDSUTIL command line.

http://support.microsoft.com/kb/255504

Q- If not is there any reason to move any of the roles off the first DC to the second DC? Is there a best practice around that?

Noarmally FSMO Roles are kept on the domain controller , where the connectivity of the domain controller is faster and connected with High speed Link.

If your Present DC meet above requirement then no need to tranferring it to another DC.

Refer below link to understand this better.
http://support.microsoft.com/kb/223346
0
 

Author Comment

by:lineonecorp
ID: 37798070
Great answers. Thanks.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses
Course of the Month8 days, 17 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question