Albert Widjaja
asked on
Adding new Domain Controller FSMO role placement best practice in multi location Office.
Hi,
Can someone please suggest me what is the best way to deploy Active Directory domain controller FSMO role in my scenario where all of my users are in the Head office building while all of the servers are running in primary Data Center and Secondary Data Center ?
The layout is as follows:
I just need to know where to put or transfer the FSMO role from the existing old Windows Server 2003 AD physical box from the Head office server room into the various Data Center new VMs.
Thanks in advance.
Can someone please suggest me what is the best way to deploy Active Directory domain controller FSMO role in my scenario where all of my users are in the Head office building while all of the servers are running in primary Data Center and Secondary Data Center ?
The layout is as follows:
Head Office - City 1:
User workstations
AD Site: Head-Office
HO-PRODDC1 (Role: Secondary DNS, DHCP, Global Catalog, …FSMO Role ?...)
HO-PRODDC2 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)
Production DataCenter – City 1:
AD Site: City1-DC1
Exchange Server 2010 – DAG Node 1 (active)
SharePoint Server 2010
DC1-PRODDC1 (Role: Primary DNS, Global Catalog, …FSMO Role ?...)
DC1-PRODDC2 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)
DR DataCenter – City 2:
AD Site: City2-DC2
Exchange Server 2010 – DAG Node 2 (passive)
DC2-RECODC1 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)
DC2-RECODC2 (Role: Secondary DNS, Global Catalog, …FSMO Role ?...)
I just need to know where to put or transfer the FSMO role from the existing old Windows Server 2003 AD physical box from the Head office server room into the various Data Center new VMs.
Thanks in advance.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah I see,
I was worried if I placed the PDC role into the production Data Center Domain Controllers, it would slows down user login time in the head office due to the communication across dark fibre WAN link.
or if I placed the PDC role into the Head Office domain controller in server room, email send and receive would be slower since Exchange must communicate across dark fibre WAN link.
is that true or it doesn't really matter where the FSMO role is running as long as there is DC/Global Catalog in each sites ?
I was worried if I placed the PDC role into the production Data Center Domain Controllers, it would slows down user login time in the head office due to the communication across dark fibre WAN link.
or if I placed the PDC role into the Head Office domain controller in server room, email send and receive would be slower since Exchange must communicate across dark fibre WAN link.
is that true or it doesn't really matter where the FSMO role is running as long as there is DC/Global Catalog in each sites ?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Cool, so I'll implement the solution as follows:
while the head office server room DC just holding the Global Catalog server role. Hopefully no user login issue or email slowness issue arise from the above setup.
Production DataCenter – City 1:
AD Site: City1-DC1
Exchange Server 2010 – DAG Node 1 (active)
SharePoint Server 2010
DC1-PRODDC1 (Role: Primary DNS, Global Catalog, Schema master and Domain master)
DC1-PRODDC2 (Role: Secondary DNS, Global Catalog, RID master, Infrastructure master and PDC emulator)
while the head office server room DC just holding the Global Catalog server role. Hopefully no user login issue or email slowness issue arise from the above setup.
ASKER
Thanks !
ASKER
while the Head office just normal Domain Controllers with Global Catalog only with DNS & DHCP, would that preferable best practice ?
or what's the impact or risk in doing that since no FSMO role is running in the Head Office Domain controllers?