Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.
Course Of The Month
8 days, 8 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
FSMO Roles
Posted on 2013-01-08
I need to move around all 5 FSMO roles between few servers. Can I do the move during the production hours. Will this effect the network or the end users ?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3
3
3- +4
14 Comments
It should not have any affect on the users. Having said that I don't want to be a hypocrite. I've always done changes during off hours (per policy where I work usually).
Thanks
Mike
Thanks
Mike
We have tried doing this in Windows 2003 & 2008 server environments. We had a problem during production hours on the 2003 server. In theory, it should be ok, but we made a decision to do all future role moves after production hours to be safe.
Transferring FSMO's is 5 Minute procedure but the change is big in Nature even if something breaks there may be major impact on domain ...However doing so will not affect end user under normal circumstances still such activities should be performed off Hours
Active today
Agree with the above, it SHOULD be safe and transparent... HOWEVER, why risk it?
Another point - WHY are you doing this... why do you "need to move around all 5 FSMO roles between few servers."? Once, I understand... maybe even twice. But why a "few"? And how many is a few? I would suspect you could face other problems that aren't really FSMO problems but rather are problems because the roles are typically on the first DC built that is also a Global Catalog (that can cause issues) and if you haven't verified AD is healthy, if you start making changes and don't have healthy DCs on the network, you end up with problems. (RUN DCDIAG First to ensure everything is good!)
Another point - WHY are you doing this... why do you "need to move around all 5 FSMO roles between few servers."? Once, I understand... maybe even twice. But why a "few"? And how many is a few? I would suspect you could face other problems that aren't really FSMO problems but rather are problems because the roles are typically on the first DC built that is also a Global Catalog (that can cause issues) and if you haven't verified AD is healthy, if you start making changes and don't have healthy DCs on the network, you end up with problems. (RUN DCDIAG First to ensure everything is good!)
I have now all 5 roles on one server - server 1,
I will move
schema and domain naming to server 2
infrastructure to server 3 and I will turn off the GC on server 3
So the PDC and Rid will stay unattached on server 1
I will move
schema and domain naming to server 2
infrastructure to server 3 and I will turn off the GC on server 3
So the PDC and Rid will stay unattached on server 1
As you mention plan is right because Infrastructure and GC both are not configure on the same server in network.
Why create such complex environment ..? When all DC's are GC it doesn't really matters where you are placing the IM role
Active today
How many DOMAINS (not domain controllers) do you have? Are you planning on more?
How large is your environment?
How large is your environment?
this is recommended by microsoft so I thought I will follow that and make sure I do not have all roles on one server as I do have now
Schema Master and Domain Naming Master to be on the same machine. This server should also be a GC
PDC Emulator and RID Master to be on the same machine as well. This should be a good machine to handle the load.
Infrastructure Master that do not host GC, but it is in the same side with another server hosting GC.
Schema Master and Domain Naming Master to be on the same machine. This server should also be a GC
PDC Emulator and RID Master to be on the same machine as well. This should be a good machine to handle the load.
Infrastructure Master that do not host GC, but it is in the same side with another server hosting GC.
Active today
When people say something is recommended by Microsoft (especially FSMO placement) I find it's USUALLY because their misreading something. Please tell us where you read this and how many domains and users.
I would suggest you to read this too
http://www.petri.co.il/planning_fsmo_roles_in_ad.htm
http://www.sole.dk/how-to-place-fsmo-and-global-catalog-roles-in-active-directory/
http://www.petri.co.il/planning_fsmo_roles_in_ad.htm
http://www.sole.dk/how-to-place-fsmo-and-global-catalog-roles-in-active-directory/
More on making every DC a GC
http://blogs.technet.com/b/askds/archive/2011/09/30/friday-mail-sack-super-slo-mo-edition.aspx#gc
Thanks
Mike
http://blogs.technet.com/b/askds/archive/2011/09/30/friday-mail-sack-super-slo-mo-edition.aspx#gc
Thanks
Mike
Featured Post
Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Suggested Solutions
| Title | # Comments | Views | Activity |
|---|---|---|---|
| Group Policy - Setting deafult Home Page | 3 | 59 | |
| Remote login in windows 7 | 8 | 70 | |
| Trying to start time server on domain controller and it errors out. | 14 | 61 | |
| Can't ping new computer | 17 | 48 |
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s
ManageEngine
webinar, where attendees received a comprehensive look at the ma…
Attackers love to prey on accounts that have privileges.
Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages?
You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses
Course of the Month8 days, 8 hours left to enroll
738 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.