Solved

Trasfering FSMO roles

Posted on 2016-11-09
8
77 Views
Last Modified: 2016-11-16
Hello,

We have Win SRV 2008 NON R2 32 bit that currently has the FSMO roles, along with our roles such as DHCP and Radius.  

We are want to decommission this 32bit server and transfer all roles to Win SRV 2008 R2 64bit.  The stuff I find on moving the roles are for moving roles between servers that are 64bit architecture.  Being that we are going from 32bit to 64bit is there anything special or something i need to take into mind before moving FSMO roles?  Also does it matter what roles I move first such as DHCP, Radius, or FSMO?

Below is the article I plan on using to transfer the roles.  If anyone has a better one please share.
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx

Thanks
0
Comment
Question by:ozzalot
8 Comments
 
LVL 12

Assisted Solution

by:Dustin Saunders
Dustin Saunders earned 62 total points
ID: 41880685
It shouldn't matter what order you move the FSMO in.  So long as you move all 5 you should be just fine, and that's the same article I've used to do it dozens of times.

After you've completed the FSMO move, just look for any errors in the event logs related and run a DCDiag before retiring the old domain controller, but moving FSMO is extremely straightforward.
1
 
LVL 6

Accepted Solution

by:
Andy earned 252 total points
ID: 41880689
HI,

As long as this is a single domain and there are no other roles installed there's nothing else to do.
Make sure replication has complete between the old and new DC's before you start (repladm).
If you use DNS make sure it's replicated/configured  before you remove DNS from the old DC
Also, if you use DHCP, make sure any required scopes are moved across.
Same for any file and print services.
0
 

Author Comment

by:ozzalot
ID: 41880764
Thank you both for your replies.  One last question before transferring the FSMO roles.  The article talks about making sure the new DC is not a global catalog.  The current DC with the FSMO roles is not a GC.  We have a DC's in sister companies with a one way trust established and also using conditional forwarders.  

Would this be considered a multi-domain/forest?
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 62 total points
ID: 41880832
The article also says:  If your environment is a multi-domain/forest - is it?  If not, IGNORE it.  If it's not multi-domain/forest, then make all DCs GCs (at the end of the day you only want 2 per site AT MOST.

FSMO roles don't care about bit level.  DHCP doesn't care about bit level.  Radius I haven't used in well over a decade, but I don't THINK it cares about bit level.
0
 
LVL 78

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 62 total points
ID: 41880864
AD doesn't care at all about bit level.  ALL domain controllers should have GC enabled. When you transfer the DHCP you will want to modify the DNS settings to point to the new servers ip address, remember until the machines update their ip address they will still point to the older dhcp settings
1
 
LVL 24

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 62 total points
ID: 41881297
Rule of thumb is that you need a GC at every AD site to ensure faster logons.  In locations with large number of users, you could have more than one GC which gives your redundancy.  With respect to moving FSMO to a DC that should not be a GC, this is a recommendation but it will work if the new DC is a GC.  Just remember that a domain needs at least one GC and it is recommended to have at least one GC for each AD site.
0
 
LVL 6

Assisted Solution

by:Andy
Andy earned 252 total points
ID: 41881710
Regarding this:

We have a DC's in sister companies with a one way trust established and also using conditional forwarders.

If the two domains have the same root i.e.
company1.contoso.com
company2.contoso.com
This is a single forest with 2 domains

If you're setup is like this:
company.contoso.com
company.fabrikam.com

This is 2 forests with single domains in each.
Just ensure that you check your trust after you migrate, it should be fine but best to check.
And ensure you can get to resources in the trusting domain from the trusted domain.
This is just for completeness in your post migration checks.
1
 

Author Closing Comment

by:ozzalot
ID: 41890356
I am going on vacation and I've been extremely busy so I didn't make any server changes to avoid any problems while I am away.  Thank you all for your replies.  I will pick this up when I come back.
0

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now