Solved

2003 Domains - secondary domain controllers - any roles?

Posted on 2012-04-01
5
502 Views
Last Modified: 2012-08-13
If I create a second DC in a 2003 Windows domain does the second DC have any of the FSMO roles at all by default? If not is there any reason to move any of the roles off the first DC to the second DC? Is there a best practice around that?
0
Comment
Question by:lineonecorp
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 17

Assisted Solution

by:lruiz52
lruiz52 earned 100 total points
ID: 37794038
Take a look at the links below, they should give you a good understanding of the FSMO roles.

http://windowsdevcenter.com/pub/a/windows/2004/06/15/fsmo.html

http://support.microsoft.com/kb/223346
0
 

Author Comment

by:lineonecorp
ID: 37794215
Thanks for the quick response.  If I am reading this correctly there seems to be no need in a single forest/single domain network to split the FSMO roles. Is that your understanding and practice?
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 100 total points
ID: 37794268
I see no reason to move your fsmo roles around in such a small environment.  It's generally only suggested in much larger environments to disperse some rolls for performance reasons but with only 2 servers, keep it on the first one.

In addition to the above links, you might want to understand how to transfer/seize your fsmo roles on the second server if something happens to the first one and becomes totally dead or replacing with new hardware.

http://support.microsoft.com/kb/255504
0
 
LVL 10

Accepted Solution

by:
Prashant Girennavar earned 100 total points
ID: 37794778
By Default,

   Schema master and Domain naming master are forest wide roles (i.e For a Single forest you will be having one schema master and one domain naming master role).

PDC,RID,IM are domain wide roles (i.e Each domain in a forest has their own PDC,RID, IM)
For eg - If you have 2 domains in a single forest then you will be having 2 PDC,RID,IM for each domain.

By design,

when you install first domain contoller in a forest , all these FSMO roles are installed on that DC. Depending on your convienance you can move the FSMO roles to any of the Domain controller in a domain.



To answer your question.

If I create a second DC in a 2003 Windows domain does the second DC have any of the FSMO roles at all by default?

No. When you create secondary DC there will be no FSMO roles installed , However you can transfer the roles to secondary DC using NTDSUTIL command line.

http://support.microsoft.com/kb/255504

Q- If not is there any reason to move any of the roles off the first DC to the second DC? Is there a best practice around that?

Noarmally FSMO Roles are kept on the domain controller , where the connectivity of the domain controller is faster and connected with High speed Link.

If your Present DC meet above requirement then no need to tranferring it to another DC.

Refer below link to understand this better.
http://support.microsoft.com/kb/223346
0
 

Author Comment

by:lineonecorp
ID: 37798070
Great answers. Thanks.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question