FSMO Roles in 2008.

BoomAM

BoomAM

BoomAM

Soldato
Joined
5 Jul 2003
Posts
16,206
Location
Atlanta, USA
Hi,
Can anyone tell me the answer to this:
The existing domain here has, by design of my predecessor, the FSMO roles split between 3 DCs.
Which causes no end of problems for various reasons, and provides no fail over redundancy of any kind.
If I install a new DC in the domain, will it automatically install all the FSMO roles on itself like a 'normal' 2008 domain would and provide FSMO fail over to the rest of the domain, or will it just install the bare essentials?

Effectively what I want to achieve is install 2 new DCs with full FSMO fail over on the domain and demote the 3 'faulty' ones and get rid of them.

Thanks in advance.
 
If a domain is already in place it won't move any of the current fsmo roles automaticly, you need to do it yourself.

just create your two new DC's, transfer the roles then demote your old servers.
 
Last edited:
BoomAM said:
Hi,
Can anyone tell me the answer to this:
The existing domain here has, by design of my predecessor, the FSMO roles split between 3 DCs.
Which causes no end of problems for various reasons, and provides no fail over redundancy of any kind.
If I install a new DC in the domain, will it automatically install all the FSMO roles on itself like a 'normal' 2008 domain would and provide FSMO fail over to the rest of the domain, or will it just install the bare essentials?

Effectively what I want to achieve is install 2 new DCs with full FSMO fail over on the domain and demote the 3 'faulty' ones and get rid of them.

Thanks in advance.
Click to expand...

As long as each domain controller is a global catalogue then your set for redundancy. If you loose the FSMO server you can forcibly take over the roles to a second DC.

There's no need to build new DCs you can transfer the FSMO roles over to a single node in your current config if you like. You cannot have them running on several servers at the same time (without facing issues) as you seem to want to.

I think you need to go back to the drawing board - to me it doesn't sound like the config you have is bad.

Certain roles can be separated, others kept together - it really depends upon your AD scale and config.
 
If the DC fails that holds the roles you can seize them anyway. I wouldn't worry about redundancy for these roles, since you can only put each role on one DC at a time in your domain there's not much you can do about it anyway.
 
As has been said above, but just to clarify it.

FSMO roles are non redundant. Each of the FSMO roles can only be present on one DC at any one time in domain, you can spread them about on as many DC's as you like, but there is only ever one of each role present at any one time.
 
It's fairly normal if you have more than 1 DC in a site to split up the roles, I think :)

We have 2 roles on one DC and 3 on another, works fine.

Just make sure that all DCs are GC if required.
 
DustyMiller said:
FSMO roles are non redundant. Each of the FSMO roles can only be present on one DC at any one time in domain, you can spread them about on as many DC's as you like, but there is only ever one of each role present at any one time.
Click to expand...
Actually, the reason i bring it up is that within the documentation for 2008 R2, it is possible to make the FSMO roles redundant.

At my last job we had two 2008 DCs on the domain, no FSMO config done on them, and they failed over correctly...

So in theory, if i create a new 2008 DC, add it to the domain, transfer the roles, then demote the other, older, DCs, everything, 'should' work correctly should it not?
 
BoomAM, can you point me to the documentation you are viewing regarding redundant FSMO roles?

I'm not aware of any built-in mechanism for FSMO redundancy.

Yes, as stated above, promote, move roles across, make sure new DC is a GC, make sure everything is functioning as it should... happy days.
 
FSMO roles aren't redundant.

BoomAM said:
So in theory, if i create a new 2008 DC, add it to the domain, transfer the roles, then demote the other, older, DCs, everything, 'should' work correctly should it not?
Click to expand...

Sounds good to me.
 
People split them and think this is redundancy, which is incorrect, so it's probable this is what he has read.
 
Yea I don't get it as the clue is in the name = Flexible Single Master Operation

Perhaps they were clustered, which isn't advised.
 
ethos said:
BoomAM, can you point me to the documentation you are viewing regarding redundant FSMO roles?
Click to expand...
I'll dig it out over xmas, iirc it was linked too off something i read on Petri.

Yes, as stated above, promote, move roles across, make sure new DC is a GC, make sure everything is functioning as it should... happy days.
Click to expand...
Right, well i think im going to give it a go over xmas, want to get everything tiptop before the Exch2010 migration in Jan. :)
Such a mess this network, both physically and virtually!:(
 
You'll be fine, I had no problems migrating two 2003 DC's to 2008.

Just make sure you change the DNS entries on anything you've statically assigned. I also migrated DHCP at the same time.
 
Quick question as ive never done this before:
Setting the DCPROMO program to 'last domain controller in domain/remove domain' when im on a subdomain should only remove the subdomain should it not?
 
BoomAM said:
Quick question as ive never done this before:
Setting the DCPROMO program to 'last domain controller in domain/remove domain' when im on a subdomain should only remove the subdomain should it not?
Click to expand...

Yes, a child domain is a domain in its own right.
 
Thanks for the quick reply. :)
Good, thought so, just wanted to check first.
The wording MS use's isnt the best. lol.

Its annoying me at the moment as it keeps failing auth with the parent domain! :(.
 
You must log in or register to reply here.
Back
Top Bottom