Solved

Trasfering FSMO roles

Posted on 2016-11-09
8
115 Views
Last Modified: 2016-11-16
Hello,

We have Win SRV 2008 NON R2 32 bit that currently has the FSMO roles, along with our roles such as DHCP and Radius.  

We are want to decommission this 32bit server and transfer all roles to Win SRV 2008 R2 64bit.  The stuff I find on moving the roles are for moving roles between servers that are 64bit architecture.  Being that we are going from 32bit to 64bit is there anything special or something i need to take into mind before moving FSMO roles?  Also does it matter what roles I move first such as DHCP, Radius, or FSMO?

Below is the article I plan on using to transfer the roles.  If anyone has a better one please share.
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx

Thanks
0
Comment
Question by:ozzalot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 13

Assisted Solution

by:Dustin Saunders
Dustin Saunders earned 62 total points
ID: 41880685
It shouldn't matter what order you move the FSMO in.  So long as you move all 5 you should be just fine, and that's the same article I've used to do it dozens of times.

After you've completed the FSMO move, just look for any errors in the event logs related and run a DCDiag before retiring the old domain controller, but moving FSMO is extremely straightforward.
1
 
LVL 7

Accepted Solution

by:
Andy earned 252 total points
ID: 41880689
HI,

As long as this is a single domain and there are no other roles installed there's nothing else to do.
Make sure replication has complete between the old and new DC's before you start (repladm).
If you use DNS make sure it's replicated/configured  before you remove DNS from the old DC
Also, if you use DHCP, make sure any required scopes are moved across.
Same for any file and print services.
0
 

Author Comment

by:ozzalot
ID: 41880764
Thank you both for your replies.  One last question before transferring the FSMO roles.  The article talks about making sure the new DC is not a global catalog.  The current DC with the FSMO roles is not a GC.  We have a DC's in sister companies with a one way trust established and also using conditional forwarders.  

Would this be considered a multi-domain/forest?
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 62 total points
ID: 41880832
The article also says:  If your environment is a multi-domain/forest - is it?  If not, IGNORE it.  If it's not multi-domain/forest, then make all DCs GCs (at the end of the day you only want 2 per site AT MOST.

FSMO roles don't care about bit level.  DHCP doesn't care about bit level.  Radius I haven't used in well over a decade, but I don't THINK it cares about bit level.
0
 
LVL 81

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 62 total points
ID: 41880864
AD doesn't care at all about bit level.  ALL domain controllers should have GC enabled. When you transfer the DHCP you will want to modify the DNS settings to point to the new servers ip address, remember until the machines update their ip address they will still point to the older dhcp settings
1
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 62 total points
ID: 41881297
Rule of thumb is that you need a GC at every AD site to ensure faster logons.  In locations with large number of users, you could have more than one GC which gives your redundancy.  With respect to moving FSMO to a DC that should not be a GC, this is a recommendation but it will work if the new DC is a GC.  Just remember that a domain needs at least one GC and it is recommended to have at least one GC for each AD site.
0
 
LVL 7

Assisted Solution

by:Andy
Andy earned 252 total points
ID: 41881710
Regarding this:

We have a DC's in sister companies with a one way trust established and also using conditional forwarders.

If the two domains have the same root i.e.
company1.contoso.com
company2.contoso.com
This is a single forest with 2 domains

If you're setup is like this:
company.contoso.com
company.fabrikam.com

This is 2 forests with single domains in each.
Just ensure that you check your trust after you migrate, it should be fine but best to check.
And ensure you can get to resources in the trusting domain from the trusted domain.
This is just for completeness in your post migration checks.
1
 

Author Closing Comment

by:ozzalot
ID: 41890356
I am going on vacation and I've been extremely busy so I didn't make any server changes to avoid any problems while I am away.  Thank you all for your replies.  I will pick this up when I come back.
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Here's a look at newsworthy articles and community happenings during the last month.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question