Solved

Adding new Domain Controller FSMO role placement best practice in multi location Office.

Posted on 2014-10-21
7
846 Views
Last Modified: 2014-10-23
Hi,

Can someone please suggest me what is the best way to deploy Active Directory domain controller FSMO role in my scenario where all of my users are in the Head office building while all of the servers are running in primary Data Center and Secondary Data Center ?

The layout is as follows:

Head Office - City 1:
User workstations
AD Site: Head-Office
HO-PRODDC1 (Role: Secondary DNS, DHCP, Global Catalog, …FSMO Role ?...)
HO-PRODDC2 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)

Production DataCenter – City 1:
AD Site: City1-DC1
Exchange Server 2010 – DAG Node 1 (active)
SharePoint Server 2010
DC1-PRODDC1 (Role: Primary DNS, Global Catalog, …FSMO Role ?...)
DC1-PRODDC2 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)

DR DataCenter – City 2:
AD Site: City2-DC2
Exchange Server 2010 – DAG Node 2 (passive)
DC2-RECODC1 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)
DC2-RECODC2 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)

I just need to know where to put or transfer the FSMO role from the existing old Windows Server 2003 AD physical box from the Head office server room into the various Data Center new VMs.

Thanks in advance.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 500 total points
ID: 40396175
you're not required to spread them out across different sites
you can keep on one server or split between the 2 servers at the head office
having GC at the remote locations are more critical
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40396178
ok, what about making the two Domain Controller server in the Production City1 Data Center holding all the roles ?

while the Head office just normal Domain Controllers with Global Catalog only with DNS & DHCP, would that preferable best practice ?

or what's the impact or risk in doing that since no FSMO role is running in the Head Office Domain controllers?
0
 
LVL 35

Assisted Solution

by:Seth Simmons
Seth Simmons earned 500 total points
ID: 40396195
it's irrelevant if a domain controller holding fsmo roles also is running network services like dns and dhcp
also irrelevant what site they are in
as long as everyone knows who the correct role holders are and they can contact each other - that is what matters
microsoft does recommend spreading them out in large environments but seems yours isn't that big at all so it shouldn't matter

your schema master is only needed when extending the schema for things like exchange service packs and upgrades, first domain controller of a new windows version.   the domain naming master is needed naming of multiple domains in your forest (if you have it).  infrastructure master manages objects in multiple domains in the forest (again, if you have multiple domains).  the rid master and pdc emulator would be the ones most often used

Active Directory FSMO roles in Windows
https://support2.microsoft.com/kb/197132?wa=wsignin1.0
0
Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40396199
Ah I see,

I was worried if I placed the PDC role into the production Data Center Domain Controllers, it would slows down user login time in the head office due to the communication across dark fibre WAN link.

or if I placed the PDC role into the Head Office domain controller in server room, email send and receive would be slower since Exchange must communicate across dark fibre WAN link.

is that true or it doesn't really matter where the FSMO role is running as long as there is DC/Global Catalog in each sites ?
0
 
LVL 35

Accepted Solution

by:
Seth Simmons earned 500 total points
ID: 40396215
correct
GC is critical for user logons and exchange
0
 
LVL 8

Author Comment

by:Senior IT System Engineer
ID: 40396222
Cool, so I'll implement the solution as follows:

Production DataCenter – City 1:
AD Site: City1-DC1
Exchange Server 2010 – DAG Node 1 (active)
SharePoint Server 2010
DC1-PRODDC1 (Role: Primary DNS, Global Catalog, Schema master and Domain master)
DC1-PRODDC2 (Role: Secondary DNS, Global Catalog, RID master, Infrastructure master and PDC emulator)

while the head office server room DC just holding the Global Catalog server role. Hopefully no user login issue or email slowness issue arise from the above setup.
0
 
LVL 8

Author Closing Comment

by:Senior IT System Engineer
ID: 40398665
Thanks !
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question