Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Moving FSMO Roles

Posted on 2016-10-12
5
Medium Priority
?
268 Views
Last Modified: 2016-10-28
Hello All,

How to move FSMO roles from windows server 2008 R2 to windows server 2012 R2? we have almost 5 ADC and 6 RODC the reason i am asking this question here i would like to know what will be expecting errors or any downtime?

before i get start with ntdsutil or any other method i would like to chose the safest way to prevent upcoming problems.

Note: we have 3 roles on one server and 2 roles on another server.

Regards
Abdul..
0
Comment
Question by:Abdul Wahid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 7

Expert Comment

by:No More
ID: 41841225
First at all run Netdom query FSMO  in command line to find out exactly which server has FMSO roles
(good to check twice and write it down)

There are few options NtdsUtil or you can use AD sites and AD users and computer (snap-ins) to seize FSMO roles

Definitely join those 2012 r2 servers to domain, as domain controllers so you can seize those roles

Downtime  - depends if you have many shares, roaming profiles and if you have some other roles on those servers like ADCS etc,

Best way is to write it down what server roles and data need to be moved to new servers and then plan it, but you shouldn't have any serious downtime, are those RODC used for VPN connections ?
1
 
LVL 16

Accepted Solution

by:
Todd Nelson earned 2000 total points
ID: 41841345
Moving FSMO roles is essentially a non-event.

Use this article for moving Active Directory FSMO roles ... http://trunkofmemorie.blogspot.co.uk/2012/12/how-to-change-fsmo-roles-in-windows-2012.html

You should never have to use ntdsutil to move FSMO roles unless one of your domain controllers crashed and is not receoverable--even with RODCs.

This article will help you to understand the best placement of each role ... https://support.microsoft.com/en-us/kb/223346
0
 
LVL 6

Expert Comment

by:Niten Kumar
ID: 41841362
The first thing to do before you move any FSMO roles is best check on AD Health and Replication.  To check the replication and DC health dcdiag and repadmin command line utilities should be used.  

1.  Run dcdiag /q on each domain controller  (shouldn't get any failed tests here)
2.  Run Repadmin /replsum on any of the domain controllers (shouldn't get any errors here)
3.  Repadmin /showrepl  (should be all successful)

Then use netdom to verify the current fsmo role holder.  (Command:  netdom query fsmo)

You can transfer roles using GUI and there is no need to use ntdsutil here.
1
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 41841436
Just to only extend thread. If you wish you might also read articles on my blog which explains transferring FSMO roles operation in variety of ways.

For Windows Server 2012/2012R2 DCs or Windows client at least with PowerShell version 3.0
http://kpytko.pl/active-directory-domain-services/transferring-fsmo-roles-with-powershell/

Using management consoles
http://kpytko.pl/active-directory-domain-services/transferring-fsmo-roles-from-gui/

and the least convenient way but possible in command-line with ntdsutil
http://kpytko.pl/active-directory-domain-services/transferring-fsmo-roles-from-command-line/

Of course, you cannot transfer FSMO role to RODC, target DC(s) must be writeable DC. During transferring FSMO role, there is short break but mostly invisible to the clients in the network. However, this is good practice to do that during maintenance windows or out of business hours.

When you transfer PDC Emulator role, please advertise new time server in your domain. To do that, follow this article at http://kpytko.pl/active-directory-domain-services/advertising-new-time-server-in-domain-environment/

I hope this would help you in the action.

Regards,
Krzysztof
1

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question