Solved

FSMO Roles

Posted on 2013-01-08
14
468 Views
Last Modified: 2013-01-14
I need to move around all 5  FSMO roles between few servers. Can I do the move during the production hours. Will this effect the network or the end users ?
0
Comment
Question by:Lidka
  • 3
  • 3
  • 3
  • +4
14 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38755707
It should not have any affect on the users.  Having said that I don't want to be a hypocrite.  I've always done changes during off hours (per policy where I work usually).

Thanks

Mike
0
 
LVL 25

Expert Comment

by:Tony Giangreco
ID: 38755708
We have tried doing this in Windows 2003 & 2008 server environments. We had a problem during production hours on the 2003 server. In theory, it should be ok, but we made a decision to do all future role moves after production hours to be safe.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38755948
Transferring FSMO's is 5 Minute procedure but the change is big in Nature even if something breaks there may be major impact on domain ...However doing so will not affect end user under normal circumstances still such activities should be performed off Hours
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 38755965
Agree with the above, it SHOULD be safe and transparent... HOWEVER, why risk it?

Another point - WHY are you doing this... why do you "need to move around all 5  FSMO roles between few servers."?  Once, I understand... maybe even twice.  But why a "few"?  And how many is a few?  I would suspect you could face other problems that aren't really FSMO problems but rather are problems because the roles are typically on the first DC built that is also a Global Catalog (that can cause issues) and if you haven't verified AD is healthy, if you start making changes and don't have healthy DCs on the network, you end up with problems.  (RUN DCDIAG First to ensure everything is good!)
0
 

Author Comment

by:Lidka
ID: 38756032
I have now all 5 roles on one server - server 1,
I will move

schema and domain naming to server 2
infrastructure to server 3 and I will turn off the GC on server 3

So the PDC and Rid will stay unattached on server 1
0
 
LVL 18

Expert Comment

by:Sushil Sonawane
ID: 38756057
As you mention plan is right because Infrastructure and GC both are not configure on the same server in network.
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38756073
Try to make all your DCs GCs if you can.  That is the best practice.

Thanks

Mike
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38756078
Why create such complex environment ..? When all DC's are GC it doesn't really matters where you are placing the IM role
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 38756084
How many DOMAINS (not domain controllers) do you have?  Are you planning on more?

How large is your environment?
0
 

Author Comment

by:Lidka
ID: 38756093
this is recommended by microsoft so I thought I will follow that and make sure I do not have all roles on one server as I do have now

Schema Master and Domain Naming Master to be on the same machine. This server should also be a GC
PDC Emulator and RID Master to be on the same machine as well. This should be a good machine to handle the load.

Infrastructure Master that do not host GC, but it is in the same side with another server hosting GC.
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 38756132
When people say something is recommended by Microsoft (especially FSMO placement) I find it's USUALLY because their misreading something.  Please tell us where you read this and how many domains and users.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38756147
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 38756162
0
 
LVL 3

Expert Comment

by:mav7469
ID: 38757757
Moving most of the roles should be fine.  However, I agree with everyone else here.  It should be done after hours.

The only issue you will run into the the Schema Role is not one that moves very easily.  I would consider leaving that one on server 1 and move the rest.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question