FSMO role Question

I think I know the answer to this, but my boss is questioning that answer so I wanted to check for sure. Currently we're running AD2003 - yeah, I know. In that environment I have each of the FSMO roles assigned to one of two DC.'s. We will probably be upgrading to 2008 or 2012 soon and we're establishing a second data center that will also function as a DR site. So, my question is, as a part of DR does any version of AD support having any one FSMO role living on more than one DC at the same time, or does any kind of replication exist so that if a DC died that was hosting a role that role can automatically be transferred to another DC?
LVL 28
jhyieslaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sean Plemons Kelly, CISSPInformation Systems Security EngineerCommented:
If a DC died during the transfer, it is possible to seize the FSMO roles without a proper transfer.
Joseph MoodyBlogger and wearer of all hats.Commented:
DCs keep their FSMO role unless you transfer manually or seize them (and remove the dead DC from the domain correctly).

But don't let this bother you - the FSMO roles are not incredibly important to keep up 24/7 (PDC emulator may be your exception). That is why automated role transfer doesn't exist natively - simply isn't needed.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
it_saigeDeveloperCommented:
Active Directory does not natively support *FSMO* failover.  This is because there is no immediate impact if the holder of any of the FSMO roles goes down (save for single DC domains).

Without looking into any Microsoft materials, the primary reason why this may be a non-factor is because all DC's are, inherently, writable.  As such all DC's can act as an authority when clients make requests to them.

The biggest concern is replication.

-saige-
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Kash2nd Line EngineerCommented:
might not be related.

we have a customer who utilizes replication so they have a replica servers in our DC.
they also have a 100MB Pipe to our DC and VLANs configured accordingly

In case of problem with primary the replica kicks in and the downtime is literally 5 minutes or even less in most case.
Lee W, MVPTechnology and Business Process AdvisorCommented:
Replicating DCs is dangerous and should be avoided.  As others have said, the nature of AD and the function of the FSMO roles don't require it if you have more than one DC.  FSMO role holders, depending on the size of the environment and number of AD objects, can go WEEKS OR MONTHS with the FSMO master down (stay within the tombstone life of the domain, default 60 days).  Else you simply seize the roles.
DLeaverCommented:
For DR environments we do either one of the following:-

- Provision a DC in the DR site that is always on and is ready to serve requests in the event of an invocation, set up as another AD site.  As mentioned above if a disaster occurs in the Production environment and the primary DC is dead you would seize the FSMO roles.  This is the preferred method as there is no reconfiguration of the AD element after invocation.

- Do a straight synchronisation of data to the DR site using Zerto/Veeam/Doubletake or if you own the kit in the DR location maybe storage replication with SRM.  In the event of invocation then the environment is re-ip addressed etc and powered on.  There is obviously an impact to re-ip addressing so depending on your RTO this isn't preferred, especially if you have other AD sites that will remain active after DR invocation...
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.