Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Transferring FSMO Roles from Win2K3 R2 to Win2K8 R2 DC's

Posted on 2013-11-05
4
Medium Priority
?
625 Views
Last Modified: 2013-11-05
Hi,

We recently upgraded our Schema and installed a Win2K8 R2 domain controller onto our network.

Currently we are at the following levels:
- Domain functional level = Windows Server 2003
- Forest functional level = Windows 2000

My questions are these;
- Are we able to move the FSMO roles at anytime?
- Should we raise any of the levels first?
- Will moving over any of the roles be impacting on the DC's while it is happening?
- Should this be completed outside of business hours?

Ultimately we will be decommissioning all of our 2003 DC's, currently we have #1, 2, 3, and 4 as 2003 DCs and #5 as a 2008 DC.

We would like to deploy some RO domain controllers versus having all writeable DC's as we currently have.

Also, the #5 DC is a physical box and all of the other DC's have been virtualized. If we are looking at deploying RO domain controllers in different geographical locations are there any recommendations on whether or not it should be physical versus virtual?

Thank-you everyone in advance for taking the time to respond back.

ElliTech
0
Comment
Question by:ellitech
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 47

Accepted Solution

by:
Craig Beck earned 1200 total points
ID: 39624667
You can move roles at any time, by simply transferring them.

I would promote all of the 2008 servers to DCs first, then demote the legacy DCs after a bedding-in period, just to make sure you have no issues.

There are certain things you need to consider when migrating to a 2008 domain if you want to raise the functional level.  Some permissions may be altered and you might find that some resources aren't accessible in certain situations especially where you use Everyone or Anonymous users in ACLs.

As always, do this in a scheduled maintenance window as moving roles may have adverse effects!

This provides some useful info...

http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
0
 
LVL 23

Assisted Solution

by:Radhakrishnan R
Radhakrishnan R earned 300 total points
ID: 39624677
Hi,

You need to consider few things;
1) Raise the forest functional level to 2003
2) You can transfer the FSMO roles any time you wish and this won't impact anything
3) Regarding the Read Only DC, i hope you have already performed rodc prep, if so, it's no matter whether it's a physical or virtual both works same way.

I would also sugegst you to configure the NTP server on the new DC where the PDC role has placed.

I hope this helps.
0
 
LVL 47

Assisted Solution

by:Craig Beck
Craig Beck earned 1200 total points
ID: 39624703
2) You can transfer the FSMO roles any time you wish and this won't impact anything
Don't take this for granted... you might transfer a FSMO role to a server which has a problem that you weren't aware of previously.
0
 

Author Closing Comment

by:ellitech
ID: 39624867
Thanks for the feedback, I'll follow the article provided, looks decent enough.

http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

Thanks for taking the time to respond back.

ElliTech
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Learn about cloud computing and its benefits for small business owners.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question