Solved

Trasfering FSMO roles

Posted on 2016-11-09
8
101 Views
Last Modified: 2016-11-16
Hello,

We have Win SRV 2008 NON R2 32 bit that currently has the FSMO roles, along with our roles such as DHCP and Radius.  

We are want to decommission this 32bit server and transfer all roles to Win SRV 2008 R2 64bit.  The stuff I find on moving the roles are for moving roles between servers that are 64bit architecture.  Being that we are going from 32bit to 64bit is there anything special or something i need to take into mind before moving FSMO roles?  Also does it matter what roles I move first such as DHCP, Radius, or FSMO?

Below is the article I plan on using to transfer the roles.  If anyone has a better one please share.
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx

Thanks
0
Comment
Question by:ozzalot
8 Comments
 
LVL 12

Assisted Solution

by:Dustin Saunders
Dustin Saunders earned 62 total points
ID: 41880685
It shouldn't matter what order you move the FSMO in.  So long as you move all 5 you should be just fine, and that's the same article I've used to do it dozens of times.

After you've completed the FSMO move, just look for any errors in the event logs related and run a DCDiag before retiring the old domain controller, but moving FSMO is extremely straightforward.
1
 
LVL 7

Accepted Solution

by:
Andy earned 252 total points
ID: 41880689
HI,

As long as this is a single domain and there are no other roles installed there's nothing else to do.
Make sure replication has complete between the old and new DC's before you start (repladm).
If you use DNS make sure it's replicated/configured  before you remove DNS from the old DC
Also, if you use DHCP, make sure any required scopes are moved across.
Same for any file and print services.
0
 

Author Comment

by:ozzalot
ID: 41880764
Thank you both for your replies.  One last question before transferring the FSMO roles.  The article talks about making sure the new DC is not a global catalog.  The current DC with the FSMO roles is not a GC.  We have a DC's in sister companies with a one way trust established and also using conditional forwarders.  

Would this be considered a multi-domain/forest?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 62 total points
ID: 41880832
The article also says:  If your environment is a multi-domain/forest - is it?  If not, IGNORE it.  If it's not multi-domain/forest, then make all DCs GCs (at the end of the day you only want 2 per site AT MOST.

FSMO roles don't care about bit level.  DHCP doesn't care about bit level.  Radius I haven't used in well over a decade, but I don't THINK it cares about bit level.
0
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 62 total points
ID: 41880864
AD doesn't care at all about bit level.  ALL domain controllers should have GC enabled. When you transfer the DHCP you will want to modify the DNS settings to point to the new servers ip address, remember until the machines update their ip address they will still point to the older dhcp settings
1
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 62 total points
ID: 41881297
Rule of thumb is that you need a GC at every AD site to ensure faster logons.  In locations with large number of users, you could have more than one GC which gives your redundancy.  With respect to moving FSMO to a DC that should not be a GC, this is a recommendation but it will work if the new DC is a GC.  Just remember that a domain needs at least one GC and it is recommended to have at least one GC for each AD site.
0
 
LVL 7

Assisted Solution

by:Andy
Andy earned 252 total points
ID: 41881710
Regarding this:

We have a DC's in sister companies with a one way trust established and also using conditional forwarders.

If the two domains have the same root i.e.
company1.contoso.com
company2.contoso.com
This is a single forest with 2 domains

If you're setup is like this:
company.contoso.com
company.fabrikam.com

This is 2 forests with single domains in each.
Just ensure that you check your trust after you migrate, it should be fine but best to check.
And ensure you can get to resources in the trusting domain from the trusted domain.
This is just for completeness in your post migration checks.
1
 

Author Closing Comment

by:ozzalot
ID: 41890356
I am going on vacation and I've been extremely busy so I didn't make any server changes to avoid any problems while I am away.  Thank you all for your replies.  I will pick this up when I come back.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question