?
Solved

Trasfering FSMO roles

Posted on 2016-11-09
8
Medium Priority
?
136 Views
Last Modified: 2016-11-16
Hello,

We have Win SRV 2008 NON R2 32 bit that currently has the FSMO roles, along with our roles such as DHCP and Radius.  

We are want to decommission this 32bit server and transfer all roles to Win SRV 2008 R2 64bit.  The stuff I find on moving the roles are for moving roles between servers that are 64bit architecture.  Being that we are going from 32bit to 64bit is there anything special or something i need to take into mind before moving FSMO roles?  Also does it matter what roles I move first such as DHCP, Radius, or FSMO?

Below is the article I plan on using to transfer the roles.  If anyone has a better one please share.
http://www.elmajdal.net/win2k8/Transferring_FSMO_Roles_in_Windows_Server_2008.aspx

Thanks
0
Comment
Question by:ozzalot
8 Comments
 
LVL 14

Assisted Solution

by:Dustin Saunders
Dustin Saunders earned 248 total points
ID: 41880685
It shouldn't matter what order you move the FSMO in.  So long as you move all 5 you should be just fine, and that's the same article I've used to do it dozens of times.

After you've completed the FSMO move, just look for any errors in the event logs related and run a DCDiag before retiring the old domain controller, but moving FSMO is extremely straightforward.
1
 
LVL 7

Accepted Solution

by:
Andy earned 1008 total points
ID: 41880689
HI,

As long as this is a single domain and there are no other roles installed there's nothing else to do.
Make sure replication has complete between the old and new DC's before you start (repladm).
If you use DNS make sure it's replicated/configured  before you remove DNS from the old DC
Also, if you use DHCP, make sure any required scopes are moved across.
Same for any file and print services.
0
 

Author Comment

by:ozzalot
ID: 41880764
Thank you both for your replies.  One last question before transferring the FSMO roles.  The article talks about making sure the new DC is not a global catalog.  The current DC with the FSMO roles is not a GC.  We have a DC's in sister companies with a one way trust established and also using conditional forwarders.  

Would this be considered a multi-domain/forest?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 97

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 248 total points
ID: 41880832
The article also says:  If your environment is a multi-domain/forest - is it?  If not, IGNORE it.  If it's not multi-domain/forest, then make all DCs GCs (at the end of the day you only want 2 per site AT MOST.

FSMO roles don't care about bit level.  DHCP doesn't care about bit level.  Radius I haven't used in well over a decade, but I don't THINK it cares about bit level.
0
 
LVL 84

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 248 total points
ID: 41880864
AD doesn't care at all about bit level.  ALL domain controllers should have GC enabled. When you transfer the DHCP you will want to modify the DNS settings to point to the new servers ip address, remember until the machines update their ip address they will still point to the older dhcp settings
1
 
LVL 25

Assisted Solution

by:Mohammed Khawaja
Mohammed Khawaja earned 248 total points
ID: 41881297
Rule of thumb is that you need a GC at every AD site to ensure faster logons.  In locations with large number of users, you could have more than one GC which gives your redundancy.  With respect to moving FSMO to a DC that should not be a GC, this is a recommendation but it will work if the new DC is a GC.  Just remember that a domain needs at least one GC and it is recommended to have at least one GC for each AD site.
0
 
LVL 7

Assisted Solution

by:Andy
Andy earned 1008 total points
ID: 41881710
Regarding this:

We have a DC's in sister companies with a one way trust established and also using conditional forwarders.

If the two domains have the same root i.e.
company1.contoso.com
company2.contoso.com
This is a single forest with 2 domains

If you're setup is like this:
company.contoso.com
company.fabrikam.com

This is 2 forests with single domains in each.
Just ensure that you check your trust after you migrate, it should be fine but best to check.
And ensure you can get to resources in the trusting domain from the trusted domain.
This is just for completeness in your post migration checks.
1
 

Author Closing Comment

by:ozzalot
ID: 41890356
I am going on vacation and I've been extremely busy so I didn't make any server changes to avoid any problems while I am away.  Thank you all for your replies.  I will pick this up when I come back.
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question