• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

Transferring FSMO Roles from Win2K3 R2 to Win2K8 R2 DC's

Hi,

We recently upgraded our Schema and installed a Win2K8 R2 domain controller onto our network.

Currently we are at the following levels:
- Domain functional level = Windows Server 2003
- Forest functional level = Windows 2000

My questions are these;
- Are we able to move the FSMO roles at anytime?
- Should we raise any of the levels first?
- Will moving over any of the roles be impacting on the DC's while it is happening?
- Should this be completed outside of business hours?

Ultimately we will be decommissioning all of our 2003 DC's, currently we have #1, 2, 3, and 4 as 2003 DCs and #5 as a 2008 DC.

We would like to deploy some RO domain controllers versus having all writeable DC's as we currently have.

Also, the #5 DC is a physical box and all of the other DC's have been virtualized. If we are looking at deploying RO domain controllers in different geographical locations are there any recommendations on whether or not it should be physical versus virtual?

Thank-you everyone in advance for taking the time to respond back.

ElliTech
0
ellitech
Asked:
ellitech
  • 2
3 Solutions
 
Craig BeckCommented:
You can move roles at any time, by simply transferring them.

I would promote all of the 2008 servers to DCs first, then demote the legacy DCs after a bedding-in period, just to make sure you have no issues.

There are certain things you need to consider when migrating to a 2008 domain if you want to raise the functional level.  Some permissions may be altered and you might find that some resources aren't accessible in certain situations especially where you use Everyone or Anonymous users in ACLs.

As always, do this in a scheduled maintenance window as moving roles may have adverse effects!

This provides some useful info...

http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/
0
 
Radhakrishnan RSenior Technical LeadCommented:
Hi,

You need to consider few things;
1) Raise the forest functional level to 2003
2) You can transfer the FSMO roles any time you wish and this won't impact anything
3) Regarding the Read Only DC, i hope you have already performed rodc prep, if so, it's no matter whether it's a physical or virtual both works same way.

I would also sugegst you to configure the NTP server on the new DC where the PDC role has placed.

I hope this helps.
0
 
Craig BeckCommented:
2) You can transfer the FSMO roles any time you wish and this won't impact anything
Don't take this for granted... you might transfer a FSMO role to a server which has a problem that you weren't aware of previously.
0
 
ellitechAuthor Commented:
Thanks for the feedback, I'll follow the article provided, looks decent enough.

http://kpytko.pl/2011/08/25/adding-first-windows-server-2008-r2-domain-controller-within-windows-2003-network/

Thanks for taking the time to respond back.

ElliTech
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now