Splitting FSMO between sites

We have multiple sites and thinking of splitting the FSMO roles between Sites on DCs. I would appreciate your recommendation.
Site  A has DC1 and DC2 this our mail site where users reside
Site B has DC3 and DC4 this is our remote site where Exchange servers are kept.

I am thinking of placing Domain naming master and schema master one DC #at Site B.
RID,PDC and infrastructure master master goes on DC1 at site A where most of the users.
All the DCs will be checked as GL too.


How to split FSMO roles between sites.
LVL 2
sara2000Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
My first question on seeing this is: Fix something that isn't broken?

What are your aims and objectives of doing this?
2
Mal OsborneAlpha GeekCommented:
Usually, the only reason to split FSMO roles is to share the load across multiple DCs. DCs, however, are usually not "busy", a single DC, holding all FMSO roles,  running on a typical "office PC" can support thousands of users.

Unless you have tens of thousands of users, this really will not improve anything. I would just leave one machine with all 5 roles.

More here:  https://social.technet.microsoft.com/wiki/contents/articles/14355.capacity-planning-for-active-directory-domain-services.aspx
1
Lee W, MVPTechnology and Business Process AdvisorCommented:
There's little point in doing this if you only have a single domain environment.  Why do you want to... because you can?  Just because you can, doesn't mean you should.
1
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

LearnctxEngineerCommented:
I see no scenario where you would bother. Especially when in what sounds like a very small environment you would have 2 roles which are actually relevant to you.

1. RID master.
2. PDC .

Domain Naming Master and Schema master. Are you planning on doing sudden rapid schema updates and creating new domains? If not, there's no big deal here. These roles basically do nothing for the most part in the interim.

Infrastructure master. Have you enabled the AD recycle bin? If so its a dead role for the most part.

So my I would say, you have wasted too much time even thinking about this already and forget trying to move the roles around for some sort of imaginary performance or redundancy gain.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sara2000Author Commented:
I forgot to mention that we are migrating the AD to Windows 2012. We do not have any issue at present. We have all FSMO roles at one site A where most of the users are located.
But our Exchange and most of our production servers are on a small site B (colo) away from Site A.  I thought location for schema master would be and ideal closer to Exchange, but i might be wrong.
We have some application s servers which requires LDAP queries.
We have not enabled AD recycle bin.
Would you recommend RID and PDC closer to Major site A and schema master closer to Exchange?
0
MaheshArchitectCommented:
There is no requirement state that schema master should be near to exchange except during exchange schema modifications
once that done, exchange don't need schema master anymore
All exchange need is Global catalog server near exchange (in same Ad site as exchange preferably in same data center)
Applications do need DC but they also don't look for any FSMO master server specifically, majority of application needs simple R/W DC to handle there day to day LDAP query / authentication tasks
Show me any of your application documentation that need server with FSMO to work with application
Keep all your FSMO roles in single AD site, probably on single server, no matter if its site A OR B
0
LearnctxEngineerCommented:
Would you recommend RID and PDC closer to Major site A and schema master closer to Exchange?

Its all pretty irrelevant. Exchange just needs DC's in its local site. It makes no difference whether any DC has a role in any particular site. FSMO means Flexible Single Master Operation. The key word in this, is Flexible. The idea of the FSMO role is that it can be moved or seized wherever it needs to go at any particular time without negative impact to your environment.

Here is a post from one of the MS guys on FSMO roles. Its ancient, but more than a decade later still completely relevant.

https://blogs.technet.microsoft.com/bpuhl/2005/12/07/what-to-do-with-fsmo-roles/
0
Steve KnightIT ConsultancyCommented:
Agreed with all of above.... spitting is not needed for day to day operations.  I have only ever seen it split up on a huge AD I dealt with and with virtual servers and easily scalable sizing I can't really since it is relevant any more.

If it isn't already having your roles on a virtual DC should make it virtually impossible to fail, but in a DR situation involving a dead physical server you can just seize the roles while getting the server replaced, though unless major OS failure and unable to restore not having the FSMO role holders running won't have much effect, you'd probably leave them alone until 100% sure the server wasn't able to come back online.

Steve
0
ArneLoviusCommented:
Until one reaches scaling limits, I tend to have all FSMO roles on the same (virtual or physical)  DC.

As long as your DCs are just DCs, It also means that you only need to backup a single DC.

If the site that hosts Exchange has better power and security, I might use that site, otherwise, the one where your users are.
0
sara2000Author Commented:
Thank you all for your  contribution. Which play major role on user's log on?
0
MaheshArchitectCommented:
Global Catalog - GC
0
Steve KnightIT ConsultancyCommented:
Have a look at the old document "Learnctx" posted above... describes it well.  Short answer, none of them really matter for day-to-day operations.... try it, take that dc offline for an hour and see if anyone notices.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
FSMO roles in day-to-day operation don't do much except maybe the PDC emulator... The FSMO roles could be offline for days or weeks with no noticeable impact on your network assuming you're not making changes (like upgrading Exchange or adding a DC), depending on your size (small businesses can often go MONTHS without noticing).
0
Craig BeckCommented:
The simple answer to this is just don't. Only transfer or seize roles if you have to.
0
sara2000Author Commented:
Thank you all for the contribution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Exchange

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.