Any negative effects of shutting down the FSMO role holder server

We have to do a migration of a vServer to another host in ESX,  we can't migrate without taking down first.
Are there and issues with taking down eh FSMO server for 15 mins while we migrate?
Will this have any negative effect on the network or authentication?

We have another functioning DC on the network
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bartender_1Microsoft Network AdministratorCommented:
Hi wannabecraig,

Here is a list of what the FSMO roles do:

I would consider the chance of you being negatively impacted to be minimal, unless you're doing some significant changes to Active Directory at the same time as moving the server.

If all you want, is for people to be able to authenticate to the network, you need at least 1 global catalog DC available. If you're only going to have the server down for 15 minutes, you should be just fine.

If your uptime is sensitive enough to absolutely require the full availability of your network while you do the transfer, you might consider transferring the FSMO roles to your alternate DC.
See here for instructions on transferring the FSMO roles:

Hope this helps!


DrDave242Senior Support EngineerCommented:
There probably won't be any negative effects, as long as you're not planning on doing anything unusual while it's down (like extending the AD schema, promoting another DC, or adding a new domain to your forest). If things are going to be operating normally while it's down, the PDC Emulator is likely the only role that may cause a problem if it's inaccessible, since it's important during password changes.

Make sure the other DC is a global catalog. Taking down your only GC will definitely affect authentication.

You should consider performing the migration during a maintenance window, just in case something goes wrong. If you have to do it in the middle of a workday, you can transfer the roles to the other DC, perform the migration, and transfer them back. Transferring roles is a very quick operation.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Lee W, MVPTechnology and Business Process AdvisorCommented:
If your AD is healthy and properly configured, the changes of an issue is minimal.  One POSSIBLE problem is Exchange - if Exchange has locked on to the GC on the FSMO holder, it could end up being unavailable for 30 minutes until Exchange finds another GC.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Seth SimmonsSr. Systems AdministratorCommented:
Are there and issues with taking down eh FSMO server for 15 mins while we migrate?


Will this have any negative effect on the network or authentication?

as long as the other domain controller is a global catalog and clients have that domain controller in their list of dns servers, should be fine
wannabecraigAuthor Commented:
There are only about 20 users active when we plan to take it down, most wont be using AD services.
Thanks for all answers, I'm risking it!
AmitIT ArchitectCommented:
Be ready with plan B, You never know when 15 mins can become 15 days to fix an issue. I won't take such approach, best to transfer FSMO role to another DC. also make sure to perform full system state backup too.
I personally have always made it a habit to move a FSMO from a server before maintenance but  I like to be paranoid like that... LOL
Lee W, MVPTechnology and Business Process AdvisorCommented:
If you understand the FSMO roles, you would understand why moving them before maintenance is very nearly pointless.  And you would understand that even 15 days for most environments wouldn't matter.  Heck, many environments could survive 6 months or more with the FSMO roles offline... and I've seen small businesses (in a disarray) where the FSMO roles were on a long dead DC for months).

You should have your DCs on a regular backup schedule and you should also understand the proper way to restore a DC and perform an authoritative restore.... or when to just rebuild and NOT restore.
Your authoritative time source is your PDCe so you could potentially have some time skew issues...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.