Transferring FSMO roles

Discussion in 'Active Directory' started by JPenrose, Feb 15, 2005.

  1. JPenrose

    JPenrose Guest

    I'm building some new Windows Server 2003 Standard servers which I plan on
    promoting to Domain Controllers. These new servers, in the end, will be the
    only two DCs in my upgraded 2K3 domain (Win2K now).

    I want to trasfer all of the FSMO roles from the existing DCs to the two new
    machines.

    Is there a specific order in which I need to do this?

    Thx,
    J
     
    JPenrose, Feb 15, 2005
    #1
    1. Advertisements

  2. JPenrose

    Don Wilwol Guest

    Don Wilwol, Feb 15, 2005
    #2
    1. Advertisements

  3. JPenrose

    JPenrose Guest

    Thanks Don,

    I'll be transferring all the roles concurrently so it looks pretty academic.

    J
     
    JPenrose, Feb 15, 2005
    #3
  4. Hi J,

    Keep in mind about taking care of GC and DNS as well. And the
    Infrastructure Master should only run on a GC if every DC in the Domain
    is a GC. Since you only have two DCs in a singe domain (if I read your
    post correctly) then I'd recommend making every DC also a GC.

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    WebSite: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Feb 15, 2005
    #4
  5. JPenrose

    Don Wilwol Guest

    Don Wilwol, Feb 16, 2005
    #5
  6. Please note that this is only pertinent if dealing with multiple domains as
    when in a single domain / forest environment there is no 'phantom objects'
    problem.......

    When dealing with a single domain / forest it is generally a very good idea
    to make all Domain Controllers also Global Catalog Servers. If and when a
    second domain or tree is added to the forest then and only then do you need
    to worry about the Domain Controller that holds the FSMO Role of
    infrastructure being a GC as well....

    --
    Cary W. Shultz
    Roanoke, VA 24014
    Microsoft Active Directory MVP

    http://www.activedirectory-win2000.com
    http://www.grouppolicy-win2000.com
     
    Cary Shultz [A.D. MVP], Feb 17, 2005
    #6
  7. .... but only in the additional domain. The prior domain will still be
    fine as long as every DC in that domain is also GC. Therefore you also
    need to worry if additional DCs are introduced to an existing domain.

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    WebSite: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Feb 20, 2005
    #7
  8. JPenrose

    Todd J Heron Guest

    "... but only in the additional domain. The prior domain will still be fine
    as long as every DC in that domain is also GC."

    Ulf, everything I have ever read concerning not placing the GC role on the
    Infrastructure Master in a multi-domain forest did not make a caveat
    indicating it was fine to keep the GC role on the IM in the prior forest
    domain. Do you have a URL link stating this if so I will need to make some
    adjustments to my notes!
     
    Todd J Heron, Feb 20, 2005
    #8
  9. Hello Todd,

    This is one of the most misunderstood rumors, and it's just based on
    misleading wording.

    The infrastructure masters job is to compare objects of the local
    domain against objects in other domains of the same forest. If the
    server holding the infrastructure master is also a global catalog it
    won't ever see any differences, since the global catalog holds a
    partitial copy of every object in the forest itself. Therefor the
    infrastructure master won't do anything in its domain. However if every
    DC in the Domain is also global catalog server there's no job for the
    IM since the GC already knows about the objects of other domains. So if
    you look at the job the IM has to do, it's pretty clear that it may
    reside on a GC if it's a single domain forest (no need to pull updates
    from other domains). It's also pretty clear that it may reside on a GC
    if it's in a multiple domain forest but every DC in the domain where
    the IM runs on the GC are also GCs (no need to pull updates since the
    GC knows everything).

    So the following infrastructure is a valid configuration:

    Rootdomain:
    R-DC1 (GC + IM)
    R-DC2 (GC)

    Other domain:
    O-DC1 (GC)
    O-DC2 (IM)
    O-DC3-x (might or might not be GC, does not matter)

    The Rootdomain does not need to pull updates since the GCs know
    everything, the other domain has the IM running on a non-GC so it pulls
    the updates and replicates them to other DCs.

    The following KB states that correctly:
    http://support.microsoft.com/kb/223346/EN-US/

    --
    Gruesse - Sincerely,

    Ulf B. Simon-Weidner

    MVP-Book "Windows XP - Die Expertentipps": http://tinyurl.com/44zcz
    Weblog: http://msmvps.org/UlfBSimonWeidner
    WebSite: http://www.windowsserverfaq.org
     
    Ulf B. Simon-Weidner [MVP], Feb 20, 2005
    #9
  10. JPenrose

    Todd J Heron Guest

    Added to my notes!
     
    Todd J Heron, Feb 20, 2005
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.