Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 631
  • Last Modified:

Transferring FSMO Roles from Win2K3 R2 to Win2K8 R2 DC's

Hi,

We recently upgraded our Schema and installed a Win2K8 R2 domain controller onto our network.

Currently we are at the following levels:
- Domain functional level = Windows Server 2003
- Forest functional level = Windows 2000

My questions are these;
- Are we able to move the FSMO roles at anytime?
- Should we raise any of the levels first?
- Will moving over any of the roles be impacting on the DC's while it is happening?
- Should this be completed outside of business hours?

Ultimately we will be decommissioning all of our 2003 DC's, currently we have #1, 2, 3, and 4 as 2003 DCs and #5 as a 2008 DC.

We would like to deploy some RO domain controllers versus having all writeable DC's as we currently have.

Also, the #5 DC is a physical box and all of the other DC's have been virtualized. If we are looking at deploying RO domain controllers in different geographical locations are there any recommendations on whether or not it should be physical versus virtual?

Thank-you everyone in advance for taking the time to respond back.

ElliTech
0
ellitech
Asked:
ellitech
  • 2
3 Solutions
 
Craig BeckCommented:
You can move roles at any time, by simply transferring them.

I would promote all of the 2008 servers to DCs first, then demote the legacy DCs after a bedding-in period, just to make sure you have no issues.

There are certain things you need to consider when migrating to a 2008 domain if you want to raise the functional level.  Some permissions may be altered and you might find that some resources aren't accessible in certain situations especially where you use Everyone or Anonymous users in ACLs.

As always, do this in a scheduled maintenance window as moving roles may have adverse effects!

This provides some useful info...

http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
0
 
Radhakrishnan RITCommented:
Hi,

You need to consider few things;
1) Raise the forest functional level to 2003
2) You can transfer the FSMO roles any time you wish and this won't impact anything
3) Regarding the Read Only DC, i hope you have already performed rodc prep, if so, it's no matter whether it's a physical or virtual both works same way.

I would also sugegst you to configure the NTP server on the new DC where the PDC role has placed.

I hope this helps.
0
 
Craig BeckCommented:
2) You can transfer the FSMO roles any time you wish and this won't impact anything
Don't take this for granted... you might transfer a FSMO role to a server which has a problem that you weren't aware of previously.
0
 
ellitechAuthor Commented:
Thanks for the feedback, I'll follow the article provided, looks decent enough.

http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

Thanks for taking the time to respond back.

ElliTech
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now